diff --git a/shim-0.8.tar.bz2 b/shim-0.8.tar.bz2 deleted file mode 100644 index 3dbba68..0000000 --- a/shim-0.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4cea304dc6f6e5c429f602c42a4dda7b9c64f448a346bae78fb2c6c19c0cd0b3 -size 991166 diff --git a/shim-0.9.tar.bz2 b/shim-0.9.tar.bz2 new file mode 100644 index 0000000..8f7a6a7 --- /dev/null +++ b/shim-0.9.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f524af773af0c8bfce132c9cf1d43c501b479abf2d12fe26d9f419a3d9688ab5 +size 997797 diff --git a/shim-bsc919675-uninstall-shim-protocols.patch b/shim-bsc919675-uninstall-shim-protocols.patch deleted file mode 100644 index a20830e..0000000 --- a/shim-bsc919675-uninstall-shim-protocols.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 4f8bf8c570dadf8044e7f3f260c55e3e22630998 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 3 Mar 2015 16:53:11 +0800 -Subject: [PATCH] Uninstall shim protocols at Exit() - -Shim uninstalls its own protocol at the end of the program. However, -if the loaded binary, e.g. grub2, calls Exit(), the uninstall function -would never be called, i.e. the shim protocol handle existed even if -shim was gone. This already caused crashes on the dell machines with -the following steps: - -1. boot to grub2 and press 'C' for the grub2 shell -2. type "exit" to quit the shell -3. boot to grub2 again and boot an OS - -While grub2 uses the shim protocol to verify the OS image, it may get -the old dead shim handle and crash the system. - -This commit adds uninstall_shim_protocols() to the hooked exit function -and always hook Exit to clean up the protocol handle. - -Signed-off-by: Gary Ching-Pang Lin ---- - replacements.c | 35 ++++++++++++++++++++++++++++------- - replacements.h | 1 + - shim.c | 5 ++++- - 3 files changed, 33 insertions(+), 8 deletions(-) - -diff --git a/replacements.c b/replacements.c -index f7623d9..4d96e57 100644 ---- a/replacements.c -+++ b/replacements.c -@@ -74,6 +74,10 @@ unhook_system_services(void) - return; - - systab->BootServices->Exit = system_exit; -+ -+ if (hook_exit_only) -+ return; -+ - systab->BootServices->LoadImage = system_load_image; - systab->BootServices->StartImage = system_start_image; - systab->BootServices->ExitBootServices = system_exit_boot_services; -@@ -167,10 +171,24 @@ do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, - { - EFI_STATUS status; - unhook_system_services(); -+ uninstall_shim_protocols(); - - status = systab->BootServices->Exit(ImageHandle, ExitStatus, ExitDataSize, ExitData); -- if (EFI_ERROR(status)) -+ if (EFI_ERROR(status)) { -+ EFI_STATUS status2 = install_shim_protocols(); -+ -+ if (EFI_ERROR(status2)) { -+ Print(L"Something has gone seriously wrong: %r\n", -+ status2); -+ Print(L"shim cannot continue, sorry.\n"); -+ systab->BootServices->Stall(5000000); -+ systab->RuntimeServices->ResetSystem( -+ EfiResetShutdown, -+ EFI_SECURITY_VIOLATION, 0, NULL); -+ } -+ - hook_system_services(systab); -+ } - return status; - } - -@@ -182,6 +200,15 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) - - /* We need to hook various calls to make this work... */ - -+ /* we need to hook Exit() so that we can allow users to quit the -+ * bootloader and still e.g. start a new one or run an internal -+ * shell. */ -+ system_exit = systab->BootServices->Exit; -+ systab->BootServices->Exit = do_exit; -+ -+ if (hook_exit_only) -+ return; -+ - /* We need LoadImage() hooked so that fallback.c can load shim - * without having to fake LoadImage as well. This allows it - * to call the system LoadImage(), and have us track the output -@@ -201,10 +228,4 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) - * and b) we can unwrap when we're done. */ - system_exit_boot_services = systab->BootServices->ExitBootServices; - systab->BootServices->ExitBootServices = exit_boot_services; -- -- /* we need to hook Exit() so that we can allow users to quit the -- * bootloader and still e.g. start a new one or run an internal -- * shell. */ -- system_exit = systab->BootServices->Exit; -- systab->BootServices->Exit = do_exit; - } -diff --git a/replacements.h b/replacements.h -index bd09424..928144d 100644 ---- a/replacements.h -+++ b/replacements.h -@@ -37,6 +37,7 @@ typedef enum { - - extern verification_method_t verification_method; - extern int loader_is_participating; -+extern int hook_exit_only; - - extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); - extern void unhook_system_services(void); -diff --git a/shim.c b/shim.c -index d46494a..6fbe427 100644 ---- a/shim.c -+++ b/shim.c -@@ -90,6 +90,7 @@ UINT8 *vendor_dbx; - */ - verification_method_t verification_method; - int loader_is_participating; -+int exit_only; - - #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} - -@@ -2100,6 +2101,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - /* - * Tell the user that we're in insecure mode if necessary - */ -+ hook_exit_only = 1; - if (user_insecure_mode) { - Print(L"Booting in insecure mode\n"); - uefi_call_wrapper(BS->Stall, 1, 2000000); -@@ -2110,11 +2112,12 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - * that anything it boots has performed some - * validation of the next image. - */ -- hook_system_services(systab); -+ hook_exit_only = 0; - loader_is_participating = 0; - } - } - -+ hook_system_services(systab); - efi_status = install_shim_protocols(); - if (EFI_ERROR(efi_status)) - return efi_status; --- -2.1.4 - diff --git a/shim-bsc920515-fix-fallback-buffer-length.patch b/shim-bsc920515-fix-fallback-buffer-length.patch deleted file mode 100644 index 14f15c1..0000000 --- a/shim-bsc920515-fix-fallback-buffer-length.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 8bfaa280dc0fcc67e636f33f5c056d6f08b22ef5 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 25 Feb 2015 18:45:41 +0000 -Subject: [PATCH] Fix length of allocated buffer for boot option comparison. - -The following commit: - - commit 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6 - Author: Gary Ching-Pang Lin - Date: Thu Mar 6 10:57:02 2014 +0800 - - [fallback] Fix the data size for boot option comparison - -corrected the data size used for comparison, but also reduced the -allocation so it doesn't include the trailing UTF16LE '\0\0' at the -end of the string, with the result that the trailer of the buffer -containing the string is overwritten, which OVMF detects as memory -corruption. - -Increase the size of the storage buffer in a few places to correct -this problem. - -Signed-off-by: Richard W.M. Jones -Cc: Laszlo Ersek -Cc: Gary Ching-Pang Lin ---- - fallback.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/fallback.c b/fallback.c -index d10fb62..0c1a413 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -163,7 +163,7 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, - StrLen(label)*2 + 2 + DevicePathSize(hddp) + - StrLen(arguments) * 2; - -- CHAR8 *data = AllocateZeroPool(size); -+ CHAR8 *data = AllocateZeroPool(size + 2); - CHAR8 *cursor = data; - *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; - cursor += sizeof (UINT32); -@@ -234,7 +234,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, - StrLen(label)*2 + 2 + DevicePathSize(dp) + - StrLen(arguments) * 2; - -- CHAR8 *data = AllocateZeroPool(size); -+ CHAR8 *data = AllocateZeroPool(size + 2); - if (!data) - return EFI_OUT_OF_RESOURCES; - CHAR8 *cursor = data; --- -2.1.4 - diff --git a/shim-fix-gnu-efi-30w.patch b/shim-fix-gnu-efi-30w.patch index b8ad5e4..23efcbe 100644 --- a/shim-fix-gnu-efi-30w.patch +++ b/shim-fix-gnu-efi-30w.patch @@ -1,4 +1,4 @@ -From d4e4bf4e1e03eb5685474d240929d3e3b50581f8 Mon Sep 17 00:00:00 2001 +From 7bfd197ba085e84db662decd9efc8ecf8a435ec2 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 25 Sep 2014 18:12:42 +0800 Subject: [PATCH] Adapt the change in gnu-efi-3.0w @@ -11,7 +11,7 @@ Subject: [PATCH] Adapt the change in gnu-efi-3.0w 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h -index 9e56ced..6b3bfbd 100644 +index b77838d..8a53eb7 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -16,12 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @@ -42,24 +42,24 @@ index 9e56ced..6b3bfbd 100644 // #defines from EFI Application Toolkit required to buiild Open SSL // diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index 9719a27..dbd79fb 100644 +index 1769e67..e4f9eb5 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile -@@ -3,6 +3,7 @@ EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLU - +@@ -4,6 +4,7 @@ EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLU CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ - -Wall $(EFI_INCLUDES) + -Wall $(EFI_INCLUDES) \ + -ffreestanding -I$(shell $(CC) -print-file-name=include) +CFLAGS += -DGNU_EFI_USE_EXTERNAL_STDARG ifeq ($(ARCH),x86_64) CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile -index 7990b3c..967e55e 100644 +index 7bedb94..1f2c6d5 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile -@@ -18,6 +18,9 @@ endif +@@ -19,6 +19,9 @@ endif ifeq ($(ARCH),arm) - CFLAGS += -O2 -DTHIRTY_TWO_BIT -ffreestanding -I$(shell $(CC) -print-file-name=include) + CFLAGS += -O2 -DTHIRTY_TWO_BIT endif + +CFLAGS += -DGNU_EFI_USE_EXTERNAL_STDARG @@ -68,10 +68,10 @@ index 7990b3c..967e55e 100644 TARGET = libopenssl.a diff --git a/Makefile b/Makefile -index 332a29b..52fd5b3 100644 +index 83cf374..9cfebc7 100644 --- a/Makefile +++ b/Makefile -@@ -26,6 +26,8 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ +@@ -28,6 +28,8 @@ CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ $(EFI_INCLUDES) @@ -81,5 +81,5 @@ index 332a29b..52fd5b3 100644 CFLAGS += -DOVERRIDE_SECURITY_POLICY endif -- -1.8.4.5 +2.1.4 diff --git a/shim-fix-mokmanager-sections.patch b/shim-fix-mokmanager-sections.patch index 5a7dc62..d35cf68 100644 --- a/shim-fix-mokmanager-sections.patch +++ b/shim-fix-mokmanager-sections.patch @@ -1,26 +1,38 @@ -From 61f1bfea2250c38b6c381a3876b41acf007f4289 Mon Sep 17 00:00:00 2001 +From fa7e46558ebdafeb7b5f4a3b843f309a678d4365 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Mon, 10 Nov 2014 17:19:58 +0800 -Subject: [PATCH 1/2] Fix objcopy parameters to include .rel and .rela +Subject: [PATCH] Fix objcopy parameters to include .rel and .rela -The objcopy parameters -j .rel* and -j .rela* looked like that the -two sections would be in the EFI binary, but it's actually not, and -this caused MokManager.efi crash. +This is a quick hack for the old objcopy. -Remove the asterisks to fix MokManager.efi. +The asterisks support in objcopy was added in 2.24. For the distro +with the older objcopy, some sections would be ignored and this could +crash the program. Signed-off-by: Gary Ching-Pang Lin --- - Makefile | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) + Makefile | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile -index 332a29b..39160c5 100644 +index 412496b..a791bcc 100644 --- a/Makefile +++ b/Makefile -@@ -133,13 +133,13 @@ FORMAT ?= --target efi-app-$(ARCH) +@@ -9,7 +9,6 @@ LD = $(CROSS_COMPILE)ld + OBJCOPY = $(CROSS_COMPILE)objcopy + + ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) +-OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.* //g' | cut -f1-2 -d.` \>= 2.24) + + SUBDIRS = Cryptlib lib + +@@ -142,17 +141,14 @@ endif + FORMAT ?= --target efi-app-$(ARCH) %.efi: %.so +-ifneq ($(OBJCOPY_GTE224),1) +- $(error objcopy >= 2.24 is required) +-endif $(OBJCOPY) -j .text -j .sdata -j .data \ - -j .dynamic -j .dynsym -j .rel* \ - -j .rela* -j .reloc -j .eh_frame \ @@ -35,65 +47,7 @@ index 332a29b..39160c5 100644 + -j .rela -j .reloc -j .eh_frame \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ -j .debug_line -j .debug_str -j .debug_ranges \ - $(FORMAT) $^ $@.debug + -j .note.gnu.build-id \ -- -1.8.4.5 - - -From a0d319c24c064b3275f4dc91cf141336fb7449fa Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 10 Nov 2014 17:31:15 +0800 -Subject: [PATCH 2/2] Add nostdinc to the CFLAGS for lib - -We don't need the headers from the standard include path. - -Signed-off-by: Gary Ching-Pang Lin ---- - lib/Makefile | 2 +- - lib/console.c | 4 ++-- - lib/guid.c | 1 - - 3 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/lib/Makefile b/lib/Makefile -index ebd21a1..3c5101e 100644 ---- a/lib/Makefile -+++ b/lib/Makefile -@@ -4,7 +4,7 @@ LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variab - - EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include - --CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ -+CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic -nostdinc\ - -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \ - $(EFI_INCLUDES) - -diff --git a/lib/console.c b/lib/console.c -index 83ee679..fd8cc5c 100644 ---- a/lib/console.c -+++ b/lib/console.c -@@ -4,8 +4,8 @@ - * - * see COPYING file - */ --#include --#include -+#include -+#include - - #include - #include -diff --git a/lib/guid.c b/lib/guid.c -index 56ec952..c97a7ca 100644 ---- a/lib/guid.c -+++ b/lib/guid.c -@@ -5,7 +5,6 @@ - */ - - #include --#include - - #ifndef BUILD_EFI - /* EFI has %g for this, so it's only needed in platform c */ --- -1.8.4.5 +2.1.4 diff --git a/shim-gcc5.patch b/shim-gcc5.patch deleted file mode 100644 index 9a60734..0000000 --- a/shim-gcc5.patch +++ /dev/null @@ -1,44 +0,0 @@ ---- shim-0.8.orig/Makefile -+++ shim-0.8/Makefile -@@ -21,7 +21,7 @@ EFI_LDS = elf_$(ARCH)_efi.lds - DEFAULT_LOADER := \\\\grub.efi - CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ -- -Werror=sign-compare \ -+ -Werror=sign-compare -std=gnu89 \ - "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ - "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ - $(EFI_INCLUDES) ---- shim-0.8.orig/Cryptlib/Makefile -+++ shim-0.8/Cryptlib/Makefile -@@ -2,7 +2,7 @@ - EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol - - CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \ -- -Wall $(EFI_INCLUDES) -+ -Wall $(EFI_INCLUDES) -std=gnu89 - CFLAGS += -DGNU_EFI_USE_EXTERNAL_STDARG - - ifeq ($(ARCH),x86_64) ---- shim-0.8.orig/Cryptlib/OpenSSL/Makefile -+++ shim-0.8/Cryptlib/OpenSSL/Makefile -@@ -2,7 +2,7 @@ - EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol - - CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ -- -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC -+ -Wall -std=gnu89 $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC - - ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ ---- shim-0.8.orig/lib/Makefile -+++ shim-0.8/lib/Makefile -@@ -5,7 +5,7 @@ LIBFILES = simple_file.o guid.o console. - EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include - - CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic -nostdinc\ -- -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror \ -+ -fshort-wchar -Wall -DBUILD_EFI -fno-builtin -Werror -std=gnu89 \ - $(EFI_INCLUDES) - - ifeq ($(ARCH),x86_64) diff --git a/shim-mokx-support.patch b/shim-mokx-support.patch deleted file mode 100644 index 3d40a61..0000000 --- a/shim-mokx-support.patch +++ /dev/null @@ -1,1919 +0,0 @@ -From 72a6913fa790c6d504f87eefddd1b2b392185b79 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 24 Oct 2013 17:02:08 +0800 -Subject: [PATCH 01/16] Support MOK blacklist - -The new blacklist, MokListX, stores the keys and hashes that are -banned. - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 241 +++++++++++++++++++++++++++++++++++++++++++++++++---------- - shim.c | 3 +- - 2 files changed, 202 insertions(+), 42 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index ee29051..29ea4db 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -738,23 +738,37 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt, - return EFI_SUCCESS; - } - --static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate) -+static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate, -+ BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS efi_status; -+ CHAR16 *db_name; -+ CHAR16 *auth_name; - UINT8 auth[PASSWORD_CRYPT_SIZE]; - UINTN auth_size = PASSWORD_CRYPT_SIZE; - UINT32 attributes; - -+ if (MokX) { -+ db_name = L"MokListX"; -+ auth_name = L"MokXAuth"; -+ } else { -+ db_name = L"MokList"; -+ auth_name = L"MokAuth"; -+ } -+ - if (authenticate) { -- efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth", -+ efi_status = uefi_call_wrapper(RT->GetVariable, 5, auth_name, - &shim_lock_guid, - &attributes, &auth_size, auth); - - if (efi_status != EFI_SUCCESS || - (auth_size != SHA256_DIGEST_SIZE && - auth_size != PASSWORD_CRYPT_SIZE)) { -- console_error(L"Failed to get MokAuth", efi_status); -+ if (MokX) -+ console_error(L"Failed to get MokXAuth", efi_status); -+ else -+ console_error(L"Failed to get MokAuth", efi_status); - return efi_status; - } - -@@ -771,14 +785,14 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate) - - if (!MokNewSize) { - /* Delete MOK */ -- efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokList", -+ efi_status = uefi_call_wrapper(RT->SetVariable, 5, db_name, - &shim_lock_guid, - EFI_VARIABLE_NON_VOLATILE - | EFI_VARIABLE_BOOTSERVICE_ACCESS, - 0, NULL); - } else { - /* Write new MOK */ -- efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokList", -+ efi_status = uefi_call_wrapper(RT->SetVariable, 5, db_name, - &shim_lock_guid, - EFI_VARIABLE_NON_VOLATILE - | EFI_VARIABLE_BOOTSERVICE_ACCESS -@@ -794,17 +808,25 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate) - return EFI_SUCCESS; - } - --static UINTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth) { -+static UINTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth, -+ BOOLEAN MokX) -+{ - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS efi_status; -+ CHAR16 *title; - -- if (list_keys(MokNew, MokNewSize, L"[Enroll MOK]") != EFI_SUCCESS) -+ if (MokX) -+ title = L"[Enroll MOKX]"; -+ else -+ title = L"[Enroll MOK]"; -+ -+ if (list_keys(MokNew, MokNewSize, title) != EFI_SUCCESS) - return 0; - - if (console_yes_no((CHAR16 *[]){L"Enroll the key(s)?", NULL}) == 0) - return 0; - -- efi_status = store_keys(MokNew, MokNewSize, auth); -+ efi_status = store_keys(MokNew, MokNewSize, auth, MokX); - - if (efi_status != EFI_SUCCESS) { - console_notify(L"Failed to enroll keys\n"); -@@ -812,8 +834,13 @@ static UINTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth) { - } - - if (auth) { -- LibDeleteVariable(L"MokNew", &shim_lock_guid); -- LibDeleteVariable(L"MokAuth", &shim_lock_guid); -+ if (MokX) { -+ LibDeleteVariable(L"MokXNew", &shim_lock_guid); -+ LibDeleteVariable(L"MokXAuth", &shim_lock_guid); -+ } else { -+ LibDeleteVariable(L"MokNew", &shim_lock_guid); -+ LibDeleteVariable(L"MokAuth", &shim_lock_guid); -+ } - - console_notify(L"The system must now be rebooted"); - uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, -@@ -825,25 +852,35 @@ static UINTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth) { - return 0; - } - --static INTN mok_reset_prompt () -+static INTN mok_reset_prompt (BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS efi_status; -+ CHAR16 *prompt; - - uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); - -- if (console_yes_no((CHAR16 *[]){L"Erase all stored keys?", NULL }) == 0) -+ if (MokX) -+ prompt = L"Erase all stored keys in MokListX?"; -+ else -+ prompt = L"Erase all stored keys in MokList?"; -+ if (console_yes_no((CHAR16 *[]){prompt, NULL }) == 0) - return 0; - -- efi_status = store_keys(NULL, 0, TRUE); -+ efi_status = store_keys(NULL, 0, TRUE, MokX); - - if (efi_status != EFI_SUCCESS) { - console_notify(L"Failed to erase keys\n"); - return -1; - } - -- LibDeleteVariable(L"MokNew", &shim_lock_guid); -- LibDeleteVariable(L"MokAuth", &shim_lock_guid); -+ if (MokX) { -+ LibDeleteVariable(L"MokXNew", &shim_lock_guid); -+ LibDeleteVariable(L"MokXAuth", &shim_lock_guid); -+ } else { -+ LibDeleteVariable(L"MokNew", &shim_lock_guid); -+ LibDeleteVariable(L"MokAuth", &shim_lock_guid); -+ } - - console_notify(L"The system must now be rebooted"); - uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, -@@ -852,7 +889,8 @@ static INTN mok_reset_prompt () - return -1; - } - --static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num) -+static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num, -+ BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS efi_status; -@@ -861,6 +899,12 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num) - void *Data = NULL, *ptr; - INTN DataSize = 0; - int i; -+ CHAR16 *db_name; -+ -+ if (MokX) -+ db_name = L"MokListX"; -+ else -+ db_name = L"MokList"; - - for (i = 0; i < key_num; i++) { - if (list[i].Mok == NULL) -@@ -898,7 +942,7 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num) - sizeof(EFI_GUID) + list[i].MokSize; - } - -- efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokList", -+ efi_status = uefi_call_wrapper(RT->SetVariable, 5, db_name, - &shim_lock_guid, - EFI_VARIABLE_NON_VOLATILE - | EFI_VARIABLE_BOOTSERVICE_ACCESS, -@@ -914,10 +958,14 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num) - return EFI_SUCCESS; - } - --static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize) -+static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS efi_status; -+ CHAR16 *db_name; -+ CHAR16 *auth_name; -+ CHAR16 *err_str1; -+ CHAR16 *err_str2; - UINT8 auth[PASSWORD_CRYPT_SIZE]; - UINTN auth_size = PASSWORD_CRYPT_SIZE; - UINT32 attributes; -@@ -927,13 +975,24 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize) - INTN mok_num, del_num; - int i, j; - -- efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDelAuth", -+ if (MokX) { -+ db_name = L"MokListX"; -+ auth_name = L"MokXDelAuth"; -+ } else { -+ db_name = L"MokList"; -+ auth_name = L"MokDelAuth"; -+ } -+ -+ efi_status = uefi_call_wrapper(RT->GetVariable, 5, auth_name, - &shim_lock_guid, - &attributes, &auth_size, auth); - - if (efi_status != EFI_SUCCESS || - (auth_size != SHA256_DIGEST_SIZE && auth_size != PASSWORD_CRYPT_SIZE)) { -- console_error(L"Failed to get MokDelAuth", efi_status); -+ if (MokX) -+ console_error(L"Failed to get MokXDelAuth", efi_status); -+ else -+ console_error(L"Failed to get MokDelAuth", efi_status); - return efi_status; - } - -@@ -946,15 +1005,18 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize) - if (efi_status != EFI_SUCCESS) - return EFI_ACCESS_DENIED; - -- efi_status = get_variable_attr (L"MokList", &MokListData, &MokListDataSize, -+ efi_status = get_variable_attr (db_name, &MokListData, &MokListDataSize, - shim_lock_guid, &attributes); - if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { -- console_alertbox((CHAR16 *[]){L"MokList is compromised!", -- L"Erase all keys in MokList!", -- NULL}); -- if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { -- console_notify(L"Failed to erase MokList"); -+ if (MokX) { -+ err_str1 = L"MokListX is compromised!"; -+ err_str2 = L"Erase all keys in MokListX!"; -+ } else { -+ err_str1 = L"MokList is compromised!"; -+ err_str2 = L"Erase all keys in MokList!"; - } -+ console_alertbox((CHAR16 *[]){err_str1, err_str2, NULL}); -+ LibDeleteVariable(db_name, &shim_lock_guid); - return EFI_ACCESS_DENIED; - } - -@@ -982,7 +1044,7 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize) - } - } - -- efi_status = write_back_mok_list(mok, mok_num); -+ efi_status = write_back_mok_list(mok, mok_num, MokX); - - if (MokListData) - FreePool(MokListData); -@@ -994,27 +1056,38 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize) - return efi_status; - } - --static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize) -+static INTN mok_deletion_prompt (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS efi_status; -+ CHAR16 *title; -+ -+ if (MokX) -+ title = L"[Delete MOKX]"; -+ else -+ title = L"[Delete MOK]"; - -- if (list_keys(MokDel, MokDelSize, L"[Delete MOK]") != EFI_SUCCESS) { -+ if (list_keys(MokDel, MokDelSize, title) != EFI_SUCCESS) { - return 0; - } - - if (console_yes_no((CHAR16 *[]){L"Delete the key(s)?", NULL}) == 0) - return 0; - -- efi_status = delete_keys(MokDel, MokDelSize); -+ efi_status = delete_keys(MokDel, MokDelSize, MokX); - - if (efi_status != EFI_SUCCESS) { - console_notify(L"Failed to delete keys"); - return -1; - } - -- LibDeleteVariable(L"MokDel", &shim_lock_guid); -- LibDeleteVariable(L"MokDelAuth", &shim_lock_guid); -+ if (MokX) { -+ LibDeleteVariable(L"MokXDel", &shim_lock_guid); -+ LibDeleteVariable(L"MokXDelAuth", &shim_lock_guid); -+ } else { -+ LibDeleteVariable(L"MokDel", &shim_lock_guid); -+ LibDeleteVariable(L"MokDelAuth", &shim_lock_guid); -+ } - - console_notify(L"The system must now be rebooted"); - uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, -@@ -1477,7 +1550,7 @@ static EFI_STATUS enroll_file (void *data, UINTN datasize, BOOLEAN hash) - goto out; - } - -- mok_enrollment_prompt(mokbuffer, mokbuffersize, FALSE); -+ mok_enrollment_prompt(mokbuffer, mokbuffersize, FALSE, FALSE); - out: - if (mokbuffer) - FreePool(mokbuffer); -@@ -1712,8 +1785,11 @@ static int draw_countdown() - typedef enum { - MOK_CONTINUE_BOOT, - MOK_RESET_MOK, -+ MOK_RESET_MOKX, - MOK_ENROLL_MOK, -+ MOK_ENROLL_MOKX, - MOK_DELETE_MOK, -+ MOK_DELETE_MOKX, - MOK_CHANGE_SB, - MOK_SET_PW, - MOK_CHANGE_DB, -@@ -1726,13 +1802,17 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - void *MokDel, UINTN MokDelSize, - void *MokSB, UINTN MokSBSize, - void *MokPW, UINTN MokPWSize, -- void *MokDB, UINTN MokDBSize) -+ void *MokDB, UINTN MokDBSize, -+ void *MokXNew, UINTN MokXNewSize, -+ void *MokXDel, UINTN MokXDelSize) - { - CHAR16 **menu_strings; - mok_menu_item *menu_item; - int choice = 0; - UINT32 MokAuth = 0; - UINT32 MokDelAuth = 0; -+ UINT32 MokXAuth = 0; -+ UINT32 MokXDelAuth = 0; - UINTN menucount = 3, i = 0; - EFI_STATUS efi_status; - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -@@ -1761,12 +1841,34 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - (auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE)) - MokDelAuth = 1; - -+ efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXAuth", -+ &shim_lock_guid, -+ &attributes, &auth_size, auth); -+ -+ if ((efi_status == EFI_SUCCESS) && -+ (auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE)) -+ MokXAuth = 1; -+ -+ efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXDelAuth", -+ &shim_lock_guid, -+ &attributes, &auth_size, auth); -+ -+ if ((efi_status == EFI_SUCCESS) && -+ (auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE)) -+ MokXDelAuth = 1; -+ - if (MokNew || MokAuth) - menucount++; - - if (MokDel || MokDelAuth) - menucount++; - -+ if (MokXNew || MokXAuth) -+ menucount++; -+ -+ if (MokXDel || MokXDelAuth) -+ menucount++; -+ - if (MokSB) - menucount++; - -@@ -1804,12 +1906,29 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - i++; - } - -- if (MokDel || MokDelAuth) { -+ if (MokDel || MokDelAuth) { - menu_strings[i] = L"Delete MOK"; - menu_item[i] = MOK_DELETE_MOK; - i++; - } - -+ if (MokXNew || MokXAuth) { -+ if (!MokXNew) { -+ menu_strings[i] = L"Reset MOKX"; -+ menu_item[i] = MOK_RESET_MOKX; -+ } else { -+ menu_strings[i] = L"Enroll MOKX"; -+ menu_item[i] = MOK_ENROLL_MOKX; -+ } -+ i++; -+ } -+ -+ if (MokXDel || MokXDelAuth) { -+ menu_strings[i] = L"Delete MOKX"; -+ menu_item[i] = MOK_DELETE_MOKX; -+ i++; -+ } -+ - if (MokSB) { - menu_strings[i] = L"Change Secure Boot state"; - menu_item[i] = MOK_CHANGE_SB; -@@ -1852,13 +1971,22 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - case MOK_CONTINUE_BOOT: - goto out; - case MOK_RESET_MOK: -- mok_reset_prompt(); -+ mok_reset_prompt(FALSE); - break; - case MOK_ENROLL_MOK: -- mok_enrollment_prompt(MokNew, MokNewSize, TRUE); -+ mok_enrollment_prompt(MokNew, MokNewSize, TRUE, FALSE); - break; - case MOK_DELETE_MOK: -- mok_deletion_prompt(MokDel, MokDelSize); -+ mok_deletion_prompt(MokDel, MokDelSize, FALSE); -+ break; -+ case MOK_RESET_MOKX: -+ mok_reset_prompt(TRUE); -+ break; -+ case MOK_ENROLL_MOKX: -+ mok_enrollment_prompt(MokXNew, MokXNewSize, TRUE, TRUE); -+ break; -+ case MOK_DELETE_MOKX: -+ mok_deletion_prompt(MokXDel, MokXDelSize, TRUE); - break; - case MOK_CHANGE_SB: - mok_sb_prompt(MokSB, MokSBSize); -@@ -1892,13 +2020,15 @@ out: - static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -- UINTN MokNewSize = 0, MokDelSize = 0, MokSBSize = 0, MokPWSize = 0, -- MokDBSize = 0; -+ UINTN MokNewSize = 0, MokDelSize = 0, MokSBSize = 0, MokPWSize = 0; -+ UINTN MokDBSize = 0, MokXNewSize = 0, MokXDelSize = 0; - void *MokNew = NULL; - void *MokDel = NULL; - void *MokSB = NULL; - void *MokPW = NULL; - void *MokDB = NULL; -+ void *MokXNew = NULL; -+ void *MokXDel = NULL; - EFI_STATUS status; - - status = get_variable(L"MokNew", (UINT8 **)&MokNew, &MokNewSize, -@@ -1951,8 +2081,29 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - console_error(L"Could not retrieve MokDB", status); - } - -+ status = get_variable(L"MokXNew", (UINT8 **)&MokXNew, &MokXNewSize, -+ shim_lock_guid); -+ if (status == EFI_SUCCESS) { -+ if (LibDeleteVariable(L"MokXNew", &shim_lock_guid) != EFI_SUCCESS) { -+ console_notify(L"Failed to delete MokXNew"); -+ } -+ } else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) { -+ console_error(L"Could not retrieve MokXNew", status); -+ } -+ -+ status = get_variable(L"MokXDel", (UINT8 **)&MokXDel, &MokXDelSize, -+ shim_lock_guid); -+ if (status == EFI_SUCCESS) { -+ if (LibDeleteVariable(L"MokXDel", &shim_lock_guid) != EFI_SUCCESS) { -+ console_notify(L"Failed to delete MokXDel"); -+ } -+ } else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) { -+ console_error(L"Could not retrieve MokXDel", status); -+ } -+ - enter_mok_menu(image_handle, MokNew, MokNewSize, MokDel, MokDelSize, -- MokSB, MokSBSize, MokPW, MokPWSize, MokDB, MokDBSize); -+ MokSB, MokSBSize, MokPW, MokPWSize, MokDB, MokDBSize, -+ MokXNew, MokXNewSize, MokXDel, MokXDelSize); - - if (MokNew) - FreePool (MokNew); -@@ -1969,8 +2120,16 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - if (MokDB) - FreePool (MokDB); - -+ if (MokXNew) -+ FreePool (MokXNew); -+ -+ if (MokXDel) -+ FreePool (MokXDel); -+ - LibDeleteVariable(L"MokAuth", &shim_lock_guid); - LibDeleteVariable(L"MokDelAuth", &shim_lock_guid); -+ LibDeleteVariable(L"MokXAuth", &shim_lock_guid); -+ LibDeleteVariable(L"MokXDelAuth", &shim_lock_guid); - - return EFI_SUCCESS; - } -diff --git a/shim.c b/shim.c -index 8076caa..bab5e92 100644 ---- a/shim.c -+++ b/shim.c -@@ -1779,7 +1779,8 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - - if (check_var(L"MokNew") || check_var(L"MokSB") || - check_var(L"MokPW") || check_var(L"MokAuth") || -- check_var(L"MokDel") || check_var(L"MokDB")) { -+ check_var(L"MokDel") || check_var(L"MokDB") || -+ check_var(L"MokXNew") || check_var(L"MokXDel")) { - efi_status = start_image(image_handle, MOK_MANAGER); - - if (efi_status != EFI_SUCCESS) { --- -1.8.4.5 - - -From 697a7b7d80692ea6ed9b9a73ffde1d742eee8850 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 24 Oct 2013 17:32:31 +0800 -Subject: [PATCH 02/16] MokManager: show the hash list properly - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------- - 1 file changed, 71 insertions(+), 11 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 29ea4db..2441026 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -187,9 +187,16 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { - return NULL; - } - -- list[count].MokSize = CertList->SignatureSize - sizeof(EFI_GUID); -- list[count].Mok = (void *)Cert->SignatureData; - list[count].Type = CertList->SignatureType; -+ if (CompareGuid (&CertList->SignatureType, &CertType) == 0) { -+ list[count].MokSize = CertList->SignatureSize - -+ sizeof(EFI_GUID); -+ list[count].Mok = (void *)Cert->SignatureData; -+ } else { -+ list[count].MokSize = CertList->SignatureListSize - -+ sizeof(EFI_SIGNATURE_LIST); -+ list[count].Mok = (void *)Cert; -+ } - - /* MOK out of bounds? */ - if (list[count].MokSize > (unsigned long)end - -@@ -402,7 +409,7 @@ static void show_x509_info (X509 *X509Cert, UINT8 *hash) - FreePool(text); - } - --static void show_efi_hash (UINT8 *hash) -+static void show_sha256_digest (UINT8 *hash) - { - CHAR16 *text[5]; - POOL_PRINT hash_string1; -@@ -433,16 +440,68 @@ static void show_efi_hash (UINT8 *hash) - FreePool(hash_string2.str); - } - --static void show_mok_info (void *Mok, UINTN MokSize) -+static void show_efi_hash (void *Mok, UINTN MokSize) -+{ -+ UINTN sig_size; -+ UINTN hash_num; -+ UINT8 *hash; -+ CHAR16 **menu_strings; -+ int key_num = 0; -+ int i; -+ -+ sig_size = SHA256_DIGEST_SIZE + sizeof(EFI_GUID); -+ if ((MokSize % sig_size) != 0) { -+ console_errorbox(L"Corrupted Hash List"); -+ return; -+ } -+ hash_num = MokSize / sig_size; -+ -+ if (hash_num == 1) { -+ hash = (UINT8 *)Mok + sizeof(EFI_GUID); -+ show_sha256_digest(hash); -+ return; -+ } -+ -+ menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (hash_num + 2)); -+ if (!menu_strings) { -+ console_errorbox(L"Out of Resources"); -+ return; -+ } -+ for (i=0; i= hash_num) -+ break; -+ -+ hash = (UINT8 *)Mok + sig_size*key_num + sizeof(EFI_GUID); -+ show_sha256_digest(hash); -+ } -+ -+ for (i=0; menu_strings[i] != NULL; i++) -+ FreePool(menu_strings[i]); -+ -+ FreePool(menu_strings); -+} -+ -+static void show_mok_info (EFI_GUID Type, void *Mok, UINTN MokSize) - { - EFI_STATUS efi_status; - UINT8 hash[SHA1_DIGEST_SIZE]; - X509 *X509Cert; -+ EFI_GUID CertType = X509_GUID; -+ EFI_GUID HashType = EFI_CERT_SHA256_GUID; - - if (!Mok || MokSize == 0) - return; - -- if (MokSize != SHA256_DIGEST_SIZE) { -+ if (CompareGuid (&Type, &CertType) == 0) { - efi_status = get_sha1sum(Mok, MokSize, hash); - - if (efi_status != EFI_SUCCESS) { -@@ -458,8 +517,8 @@ static void show_mok_info (void *Mok, UINTN MokSize) - console_notify(L"Not a valid X509 certificate"); - return; - } -- } else { -- show_efi_hash(Mok); -+ } else if (CompareGuid (&Type, &HashType) == 0) { -+ show_efi_hash(Mok, MokSize); - } - } - -@@ -467,7 +526,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - { - INTN MokNum = 0; - MokListNode *keys = NULL; -- INTN key_num = 0; -+ int key_num = 0; - CHAR16 **menu_strings; - int i; - -@@ -503,10 +562,11 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - key_num = console_select((CHAR16 *[]){ title, NULL }, - menu_strings, 0); - -- if (key_num < 0) -+ if (key_num < 0 || key_num >= MokNum) - break; -- else if (key_num < MokNum) -- show_mok_info(keys[key_num].Mok, keys[key_num].MokSize); -+ -+ show_mok_info(keys[key_num].Type, keys[key_num].Mok, -+ keys[key_num].MokSize); - } - - for (i=0; menu_strings[i] != NULL; i++) --- -1.8.4.5 - - -From 22b51db7daa834f8746ce3bc4e6670f21ea2311b Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Fri, 25 Oct 2013 16:54:25 +0800 -Subject: [PATCH 03/16] MokManager: delete the hash properly - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----- - 1 file changed, 114 insertions(+), 10 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 2441026..59df4a6 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -1018,9 +1018,116 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num, - return EFI_SUCCESS; - } - -+static void delete_cert (void *key, UINT32 key_size, -+ MokListNode *mok, INTN mok_num) -+{ -+ EFI_GUID CertType = X509_GUID; -+ int i; -+ -+ for (i = 0; i < mok_num; i++) { -+ if (CompareGuid(&(mok[i].Type), &CertType) != 0) -+ continue; -+ -+ if (mok[i].MokSize == key_size && -+ CompareMem(key, mok[i].Mok, key_size) == 0) { -+ /* Remove the key */ -+ mok[i].Mok = NULL; -+ mok[i].MokSize = 0; -+ } -+ } -+} -+ -+static int match_hash (UINT8 *hash, UINT32 hash_size, -+ void *hash_list, UINT32 list_num) -+{ -+ UINT8 *ptr; -+ int i; -+ -+ ptr = hash_list + sizeof(EFI_GUID); -+ for (i = 0; i < list_num; i++) { -+ if (CompareMem(hash, ptr, hash_size) == 0) -+ return i; -+ ptr += hash_size + sizeof(EFI_GUID); -+ } -+ -+ return -1; -+} -+ -+static void mem_move (void *dest, void *src, UINTN size) -+{ -+ UINT8 *d, *s; -+ int i; -+ -+ d = (UINT8 *)dest; -+ s = (UINT8 *)src; -+ for (i = 0; i < size; i++) -+ d[i] = s[i]; -+} -+ -+static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, -+ MokListNode *mok, INTN mok_num) -+{ -+ EFI_GUID HashType = EFI_CERT_SHA256_GUID; -+ UINT32 sig_size; -+ int i, del_ind; -+ void *start, *end; -+ UINT32 remain; -+ -+ sig_size = hash_size + sizeof(EFI_GUID); -+ -+ for (i = 0; i < mok_num; i++) { -+ if ((CompareGuid(&(mok[i].Type), &HashType) != 0) || -+ (mok[i].MokSize < sig_size)) -+ continue; -+ -+ del_ind = match_hash(hash, hash_size, mok[i].Mok, -+ mok[i].MokSize); -+ if (del_ind < 0) -+ continue; -+ /* Remove the hash */ -+ if (sig_size == mok[i].MokSize) { -+ mok[i].Mok = NULL; -+ mok[i].MokSize = 0; -+ } else { -+ start = mok[i].Mok + del_ind * sig_size; -+ end = start + sig_size; -+ remain = mok[i].MokSize - (del_ind + 1)*sig_size; -+ -+ mem_move(start, end, remain); -+ mok[i].MokSize -= sig_size; -+ } -+ } -+} -+ -+static void delete_hash_list (void *hash_list, UINT32 list_size, -+ MokListNode *mok, INTN mok_num) -+{ -+ UINT32 hash_size; -+ UINT32 hash_num; -+ UINT32 sig_size; -+ UINT8 *hash; -+ int i; -+ -+ hash_size = SHA256_DIGEST_SIZE; -+ sig_size = hash_size + sizeof(EFI_GUID); -+ if (list_size < sig_size) -+ return; -+ -+ hash_num = list_size / sig_size; -+ -+ hash = hash_list + sizeof(EFI_GUID); -+ -+ for (i = 0; i < hash_num; i++) { -+ delete_hash_in_list (hash, hash_size, mok, mok_num); -+ hash += sig_size; -+ } -+} -+ - static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -+ EFI_GUID CertType = X509_GUID; -+ EFI_GUID HashType = EFI_CERT_SHA256_GUID; - EFI_STATUS efi_status; - CHAR16 *db_name; - CHAR16 *auth_name; -@@ -1033,7 +1140,7 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - UINTN MokListDataSize = 0; - MokListNode *mok, *del_key; - INTN mok_num, del_num; -- int i, j; -+ int i; - - if (MokX) { - db_name = L"MokListX"; -@@ -1092,15 +1199,12 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - - /* Search and destroy */ - for (i = 0; i < del_num; i++) { -- UINT32 key_size = del_key[i].MokSize; -- void *key = del_key[i].Mok; -- for (j = 0; j < mok_num; j++) { -- if (mok[j].MokSize == key_size && -- CompareMem(key, mok[j].Mok, key_size) == 0) { -- /* Remove the key */ -- mok[j].Mok = NULL; -- mok[j].MokSize = 0; -- } -+ if (CompareGuid(&(del_key[i].Type), &CertType) == 0) { -+ delete_cert(del_key[i].Mok, del_key[i].MokSize, -+ mok, mok_num); -+ } else if (CompareGuid(&(del_key[i].Type), &HashType) == 0) { -+ delete_hash_list(del_key[i].Mok, del_key[i].MokSize, -+ mok, mok_num); - } - } - --- -1.8.4.5 - - -From 3c4c4f8e2b41a127aad6c7e967138639ed162ed1 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Fri, 25 Oct 2013 17:05:10 +0800 -Subject: [PATCH 04/16] MokManager: Match all hashes in the list - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 24 ++++++++++++++---------- - 1 file changed, 14 insertions(+), 10 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 59df4a6..31cc06a 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -1037,14 +1037,14 @@ static void delete_cert (void *key, UINT32 key_size, - } - } - --static int match_hash (UINT8 *hash, UINT32 hash_size, -+static int match_hash (UINT8 *hash, UINT32 hash_size, int start, - void *hash_list, UINT32 list_num) - { - UINT8 *ptr; - int i; - - ptr = hash_list + sizeof(EFI_GUID); -- for (i = 0; i < list_num; i++) { -+ for (i = start; i < list_num; i++) { - if (CompareMem(hash, ptr, hash_size) == 0) - return i; - ptr += hash_size + sizeof(EFI_GUID); -@@ -1080,21 +1080,25 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, - (mok[i].MokSize < sig_size)) - continue; - -- del_ind = match_hash(hash, hash_size, mok[i].Mok, -+ del_ind = match_hash(hash, hash_size, 0, mok[i].Mok, - mok[i].MokSize); -- if (del_ind < 0) -- continue; -- /* Remove the hash */ -- if (sig_size == mok[i].MokSize) { -- mok[i].Mok = NULL; -- mok[i].MokSize = 0; -- } else { -+ while (del_ind >= 0) { -+ /* Remove the hash */ -+ if (sig_size == mok[i].MokSize) { -+ mok[i].Mok = NULL; -+ mok[i].MokSize = 0; -+ break; -+ } -+ - start = mok[i].Mok + del_ind * sig_size; - end = start + sig_size; - remain = mok[i].MokSize - (del_ind + 1)*sig_size; - - mem_move(start, end, remain); - mok[i].MokSize -= sig_size; -+ -+ del_ind = match_hash(hash, hash_size, del_ind, -+ mok[i].Mok, mok[i].MokSize); - } - } - } --- -1.8.4.5 - - -From 2b5292ad76908cbfeba28f9b212a421b1efc50d9 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Fri, 25 Oct 2013 18:30:48 +0800 -Subject: [PATCH 05/16] MokManager: Write the hash list properly - -also return to the previous entry in the list - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 30 +++++++++++++++++++----------- - 1 file changed, 19 insertions(+), 11 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 31cc06a..56839cc 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -470,12 +470,12 @@ static void show_efi_hash (void *Mok, UINTN MokSize) - for (i=0; i= hash_num) - break; -@@ -560,7 +560,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - - while (key_num < MokNum) { - key_num = console_select((CHAR16 *[]){ title, NULL }, -- menu_strings, 0); -+ menu_strings, key_num); - - if (key_num < 0 || key_num >= MokNum) - break; -@@ -953,6 +953,7 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num, - BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -+ EFI_GUID CertType = X509_GUID; - EFI_STATUS efi_status; - EFI_SIGNATURE_LIST *CertList; - EFI_SIGNATURE_DATA *CertData; -@@ -989,17 +990,24 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num, - sizeof(EFI_SIGNATURE_LIST)); - - CertList->SignatureType = list[i].Type; -- CertList->SignatureListSize = list[i].MokSize + -- sizeof(EFI_SIGNATURE_LIST) + -- sizeof(EFI_SIGNATURE_DATA) - 1; - CertList->SignatureHeaderSize = 0; -- CertList->SignatureSize = list[i].MokSize + sizeof(EFI_GUID); - -- CertData->SignatureOwner = shim_lock_guid; -- CopyMem(CertData->SignatureData, list[i].Mok, list[i].MokSize); -+ if (CompareGuid(&(list[i].Type), &CertType) == 0) { -+ CertList->SignatureListSize = list[i].MokSize + -+ sizeof(EFI_SIGNATURE_LIST) + -+ sizeof(EFI_GUID); -+ CertList->SignatureSize = list[i].MokSize + sizeof(EFI_GUID); - -- ptr = (uint8_t *)ptr + sizeof(EFI_SIGNATURE_LIST) + -- sizeof(EFI_GUID) + list[i].MokSize; -+ CertData->SignatureOwner = shim_lock_guid; -+ CopyMem(CertData->SignatureData, list[i].Mok, list[i].MokSize); -+ } else { -+ CertList->SignatureListSize = list[i].MokSize + -+ sizeof(EFI_SIGNATURE_LIST); -+ CertList->SignatureSize = SHA256_DIGEST_SIZE + sizeof(EFI_GUID); -+ -+ CopyMem(CertData, list[i].Mok, list[i].MokSize); -+ } -+ ptr = (uint8_t *)ptr + CertList->SignatureListSize; - } - - efi_status = uefi_call_wrapper(RT->SetVariable, 5, db_name, --- -1.8.4.5 - - -From 41d29504d597daffde481349e6bc4a6521819941 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 28 Oct 2013 15:08:40 +0800 -Subject: [PATCH 06/16] Copy the MOK blacklist to a RT variable - -Signed-off-by: Gary Ching-Pang Lin ---- - shim.c | 29 +++++++++++++++++++++++++++++ - 1 file changed, 29 insertions(+) - -diff --git a/shim.c b/shim.c -index bab5e92..8eef64d 100644 ---- a/shim.c -+++ b/shim.c -@@ -1749,6 +1749,33 @@ EFI_STATUS mirror_mok_list() - } - - /* -+ * Copy the boot-services only MokListX variable to the runtime-accessible -+ * MokListXRT variable. It's not marked NV, so the OS can't modify it. -+ */ -+EFI_STATUS mirror_mok_list_x() -+{ -+ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; -+ EFI_STATUS efi_status; -+ UINT8 *Data = NULL; -+ UINTN DataSize = 0; -+ -+ efi_status = get_variable(L"MokListX", &Data, &DataSize, shim_lock_guid); -+ if (efi_status != EFI_SUCCESS) -+ return efi_status; -+ -+ efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListXRT", -+ &shim_lock_guid, -+ EFI_VARIABLE_BOOTSERVICE_ACCESS -+ | EFI_VARIABLE_RUNTIME_ACCESS, -+ DataSize, Data); -+ if (efi_status != EFI_SUCCESS) { -+ console_error(L"Failed to set MokListRT", efi_status); -+ } -+ -+ return efi_status; -+} -+ -+/* - * Check if a variable exists - */ - static BOOLEAN check_var(CHAR16 *varname) -@@ -2093,6 +2120,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - */ - efi_status = mirror_mok_list(); - -+ efi_status = mirror_mok_list_x(); -+ - /* - * Create the runtime MokIgnoreDB variable so the kernel can make - * use of it --- -1.8.4.5 - - -From d424bdcdead0add27c1c1fbd80ba2b8acb7e558f Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 4 Nov 2013 14:45:33 +0800 -Subject: [PATCH 07/16] Verify the EFI images with MOK blacklist - -Signed-off-by: Gary Ching-Pang Lin ---- - shim.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/shim.c b/shim.c -index 8eef64d..2c05886 100644 ---- a/shim.c -+++ b/shim.c -@@ -518,6 +518,7 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert, - UINT8 *sha256hash, UINT8 *sha1hash) - { - EFI_GUID secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID; -+ EFI_GUID shim_var = SHIM_LOCK_GUID; - EFI_SIGNATURE_LIST *dbx = (EFI_SIGNATURE_LIST *)vendor_dbx; - - if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha256hash, -@@ -541,6 +542,14 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert, - if (cert && check_db_cert(L"dbx", secure_var, cert, sha256hash) == - DATA_FOUND) - return EFI_ACCESS_DENIED; -+ if (check_db_hash(L"MokListX", shim_var, sha256hash, SHA256_DIGEST_SIZE, -+ EFI_CERT_SHA256_GUID) == DATA_FOUND) { -+ return EFI_ACCESS_DENIED; -+ } -+ if (cert && check_db_cert(L"MokListX", shim_var, cert, sha256hash) == -+ DATA_FOUND) { -+ return EFI_ACCESS_DENIED; -+ } - - return EFI_SUCCESS; - } --- -1.8.4.5 - - -From 7767893c145fa3d00b1019547716b1fdfa8d1c53 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 11 Feb 2014 14:11:15 +0800 -Subject: [PATCH 08/16] Make shim to check MokXAuth for MOKX reset - -Signed-off-by: Gary Ching-Pang Lin ---- - shim.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/shim.c b/shim.c -index 2c05886..d46494a 100644 ---- a/shim.c -+++ b/shim.c -@@ -1816,7 +1816,8 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - if (check_var(L"MokNew") || check_var(L"MokSB") || - check_var(L"MokPW") || check_var(L"MokAuth") || - check_var(L"MokDel") || check_var(L"MokDB") || -- check_var(L"MokXNew") || check_var(L"MokXDel")) { -+ check_var(L"MokXNew") || check_var(L"MokXDel") || -+ check_var(L"MokXAuth")) { - efi_status = start_image(image_handle, MOK_MANAGER); - - if (efi_status != EFI_SUCCESS) { --- -1.8.4.5 - - -From 195edc629f9d316071f108a6e9390d86329b0e5f Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 13 Feb 2014 15:05:45 +0800 -Subject: [PATCH 09/16] MokManager: calculate the variable size correctly - -MokSize of the hash signature list includes the owner GUID, -so we should not add the 16bytes compensation. - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/MokManager.c b/MokManager.c -index 56839cc..af38405 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -971,7 +971,9 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num, - if (list[i].Mok == NULL) - continue; - -- DataSize += sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID); -+ DataSize += sizeof(EFI_SIGNATURE_LIST); -+ if (CompareGuid(&(list[i].Type), &CertType) == 0) -+ DataSize += sizeof(EFI_GUID); - DataSize += list[i].MokSize; - } - --- -1.8.4.5 - - -From b5bdd25de7cfda1b6b23780b947d979abfae0782 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 17 Feb 2014 17:49:55 +0800 -Subject: [PATCH 10/16] MokManager: fix the hash list counting in delete - -match_hash() requests the number of keys in a list and it was -mistakenly replaced with the size of the Mok node. This would -made MokManager to remove the whole Mok node instead of one -hash. - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index af38405..5901f65 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -1079,6 +1079,7 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, - { - EFI_GUID HashType = EFI_CERT_SHA256_GUID; - UINT32 sig_size; -+ UINT32 list_num; - int i, del_ind; - void *start, *end; - UINT32 remain; -@@ -1090,8 +1091,10 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, - (mok[i].MokSize < sig_size)) - continue; - -+ list_num = mok[i].MokSize / sig_size; -+ - del_ind = match_hash(hash, hash_size, 0, mok[i].Mok, -- mok[i].MokSize); -+ list_num); - while (del_ind >= 0) { - /* Remove the hash */ - if (sig_size == mok[i].MokSize) { -@@ -1106,9 +1109,10 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, - - mem_move(start, end, remain); - mok[i].MokSize -= sig_size; -+ list_num--; - - del_ind = match_hash(hash, hash_size, del_ind, -- mok[i].Mok, mok[i].MokSize); -+ mok[i].Mok, list_num); - } - } - } --- -1.8.4.5 - - -From a660b38e1bfafab7cfe6699a01e672aba40e7a36 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 3 Apr 2014 18:26:37 +0800 -Subject: [PATCH 11/16] MokManager: Support SHA1 hash in MOK - -Add SHA1 hash support and amend the code to make it easier to support -other SHA digests. ---- - MokManager.c | 121 ++++++++++++++++++++++++++++++++++++----------------------- - 1 file changed, 75 insertions(+), 46 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 5901f65..4ab54ed 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -93,11 +93,53 @@ done: - return status; - } - -+static BOOLEAN is_sha_hash (EFI_GUID Type) -+{ -+ EFI_GUID Sha1 = EFI_CERT_SHA1_GUID; -+ EFI_GUID Sha256 = EFI_CERT_SHA256_GUID; -+ -+ if (CompareGuid(&Type, &Sha1) == 0) -+ return TRUE; -+ else if (CompareGuid(&Type, &Sha256) == 0) -+ return TRUE; -+ -+ return FALSE; -+} -+ -+static UINT32 sha_size (EFI_GUID Type) -+{ -+ EFI_GUID Sha1 = EFI_CERT_SHA1_GUID; -+ EFI_GUID Sha256 = EFI_CERT_SHA256_GUID; -+ -+ if (CompareGuid(&Type, &Sha1) == 0) -+ return SHA1_DIGEST_SIZE; -+ else if (CompareGuid(&Type, &Sha256) == 0) -+ return SHA256_DIGEST_SIZE; -+ -+ return 0; -+} -+ -+static BOOLEAN is_valid_siglist (EFI_GUID Type, UINT32 SigSize) -+{ -+ EFI_GUID CertType = X509_GUID; -+ UINT32 hash_sig_size; -+ -+ if (CompareGuid (&Type, &CertType) == 0 && SigSize != 0) -+ return TRUE; -+ -+ if (!is_sha_hash (Type)) -+ return FALSE; -+ -+ hash_sig_size = sha_size (Type) + sizeof(EFI_GUID); -+ if (SigSize != hash_sig_size) -+ return FALSE; -+ -+ return TRUE; -+} -+ - static UINT32 count_keys(void *Data, UINTN DataSize) - { - EFI_SIGNATURE_LIST *CertList = Data; -- EFI_GUID CertType = X509_GUID; -- EFI_GUID HashType = EFI_CERT_SHA256_GUID; - UINTN dbsize = DataSize; - UINT32 MokNum = 0; - void *end = Data + DataSize; -@@ -112,18 +154,7 @@ static UINT32 count_keys(void *Data, UINTN DataSize) - return 0; - } - -- if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && -- (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { -- console_notify(L"Doesn't look like a key or hash"); -- dbsize -= CertList->SignatureListSize; -- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + -- CertList->SignatureListSize); -- continue; -- } -- -- if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && -- (CertList->SignatureSize != 48)) { -- console_notify(L"Doesn't look like a valid hash"); -+ if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) { - dbsize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + - CertList->SignatureListSize); -@@ -144,7 +175,6 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { - EFI_SIGNATURE_LIST *CertList = Data; - EFI_SIGNATURE_DATA *Cert; - EFI_GUID CertType = X509_GUID; -- EFI_GUID HashType = EFI_CERT_SHA256_GUID; - UINTN dbsize = DataSize; - UINTN count = 0; - void *end = Data + DataSize; -@@ -162,16 +192,7 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { - FreePool(list); - return NULL; - } -- if ((CompareGuid (&CertList->SignatureType, &CertType) != 0) && -- (CompareGuid (&CertList->SignatureType, &HashType) != 0)) { -- dbsize -= CertList->SignatureListSize; -- CertList = (EFI_SIGNATURE_LIST *)((UINT8 *) CertList + -- CertList->SignatureListSize); -- continue; -- } -- -- if ((CompareGuid (&CertList->SignatureType, &HashType) == 0) && -- (CertList->SignatureSize != 48)) { -+ if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) { - dbsize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *)((UINT8 *) CertList + - CertList->SignatureListSize); -@@ -409,22 +430,34 @@ static void show_x509_info (X509 *X509Cert, UINT8 *hash) - FreePool(text); - } - --static void show_sha256_digest (UINT8 *hash) -+static void show_sha_digest (EFI_GUID Type, UINT8 *hash) - { -+ EFI_GUID Sha1 = EFI_CERT_SHA1_GUID; -+ EFI_GUID Sha256 = EFI_CERT_SHA256_GUID; - CHAR16 *text[5]; - POOL_PRINT hash_string1; - POOL_PRINT hash_string2; - int i; -+ int length; -+ -+ if (CompareGuid(&Type, &Sha1) == 0) { -+ length = SHA1_DIGEST_SIZE; -+ text[0] = L"SHA1 hash"; -+ } else if (CompareGuid(&Type, &Sha256) == 0) { -+ length = SHA256_DIGEST_SIZE; -+ text[0] = L"SHA256 hash"; -+ } else { -+ return; -+ } - - ZeroMem(&hash_string1, sizeof(hash_string1)); - ZeroMem(&hash_string2, sizeof(hash_string2)); - -- text[0] = L"SHA256 hash"; - text[1] = L""; - -- for (i=0; i<16; i++) -+ for (i=0; iSignatureListSize = list[i].MokSize + - sizeof(EFI_SIGNATURE_LIST); -- CertList->SignatureSize = SHA256_DIGEST_SIZE + sizeof(EFI_GUID); -+ CertList->SignatureSize = sha_size(list[i].Type) + sizeof(EFI_GUID); - - CopyMem(CertData, list[i].Mok, list[i].MokSize); - } -@@ -1077,7 +1109,6 @@ static void mem_move (void *dest, void *src, UINTN size) - static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, - MokListNode *mok, INTN mok_num) - { -- EFI_GUID HashType = EFI_CERT_SHA256_GUID; - UINT32 sig_size; - UINT32 list_num; - int i, del_ind; -@@ -1087,8 +1118,7 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, - sig_size = hash_size + sizeof(EFI_GUID); - - for (i = 0; i < mok_num; i++) { -- if ((CompareGuid(&(mok[i].Type), &HashType) != 0) || -- (mok[i].MokSize < sig_size)) -+ if (!is_sha_hash(mok[i].Type) || (mok[i].MokSize < sig_size)) - continue; - - list_num = mok[i].MokSize / sig_size; -@@ -1117,7 +1147,7 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, - } - } - --static void delete_hash_list (void *hash_list, UINT32 list_size, -+static void delete_hash_list (EFI_GUID Type, void *hash_list, UINT32 list_size, - MokListNode *mok, INTN mok_num) - { - UINT32 hash_size; -@@ -1126,7 +1156,7 @@ static void delete_hash_list (void *hash_list, UINT32 list_size, - UINT8 *hash; - int i; - -- hash_size = SHA256_DIGEST_SIZE; -+ hash_size = sha_size (Type); - sig_size = hash_size + sizeof(EFI_GUID); - if (list_size < sig_size) - return; -@@ -1145,7 +1175,6 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_GUID CertType = X509_GUID; -- EFI_GUID HashType = EFI_CERT_SHA256_GUID; - EFI_STATUS efi_status; - CHAR16 *db_name; - CHAR16 *auth_name; -@@ -1220,9 +1249,9 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - if (CompareGuid(&(del_key[i].Type), &CertType) == 0) { - delete_cert(del_key[i].Mok, del_key[i].MokSize, - mok, mok_num); -- } else if (CompareGuid(&(del_key[i].Type), &HashType) == 0) { -- delete_hash_list(del_key[i].Mok, del_key[i].MokSize, -- mok, mok_num); -+ } else if (is_sha_hash(del_key[i].Type)) { -+ delete_hash_list(del_key[i].Type, del_key[i].Mok, -+ del_key[i].MokSize, mok, mok_num); - } - } - --- -1.8.4.5 - - -From 66098cc304ae505d20dc6b6cbdcf8861cd11a9fc Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Wed, 9 Apr 2014 16:49:25 +0800 -Subject: [PATCH 12/16] MokManager: fix the return value and type - -There are some functions that the return value and the type -didn't match. - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 4ab54ed..78d831e 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -565,7 +565,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - if (KeyListSize < (sizeof(EFI_SIGNATURE_LIST) + - sizeof(EFI_SIGNATURE_DATA))) { - console_notify(L"No MOK keys found"); -- return 0; -+ return EFI_NOT_FOUND; - } - - MokNum = count_keys(KeyList, KeyListSize); -@@ -575,7 +575,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - - if (!keys) { - console_notify(L"Failed to construct key list"); -- return 0; -+ return EFI_ABORTED; - } - - menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (MokNum + 2)); -@@ -900,7 +900,7 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate, - return EFI_SUCCESS; - } - --static UINTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth, -+static INTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth, - BOOLEAN MokX) - { - EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; --- -1.8.4.5 - - -From 3d4fb965556a4a0508d8bc5570203ae210ed9836 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 10 Apr 2014 14:39:43 +0800 -Subject: [PATCH 13/16] MokManager: Add more key list safe checks - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 56 insertions(+), 6 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 78d831e..1a67a39 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -154,6 +154,12 @@ static UINT32 count_keys(void *Data, UINTN DataSize) - return 0; - } - -+ if (CertList->SignatureListSize == 0 || -+ CertList->SignatureListSize <= CertList->SignatureSize) { -+ console_errorbox(L"Corrupted signature list"); -+ return 0; -+ } -+ - if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) { - dbsize -= CertList->SignatureListSize; - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + -@@ -569,12 +575,13 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - } - - MokNum = count_keys(KeyList, KeyListSize); -- if (MokNum == 0) -- return 0; -+ if (MokNum == 0) { -+ console_errorbox(L"Invalid key list"); -+ return EFI_ABORTED; -+ } - keys = build_mok_list(MokNum, KeyList, KeyListSize); -- - if (!keys) { -- console_notify(L"Failed to construct key list"); -+ console_errorbox(L"Failed to construct key list"); - return EFI_ABORTED; - } - -@@ -1221,7 +1228,13 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - - efi_status = get_variable_attr (db_name, &MokListData, &MokListDataSize, - shim_lock_guid, &attributes); -- if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { -+ if (efi_status != EFI_SUCCESS) { -+ if (MokX) -+ console_errorbox(L"Failed to retrieve MokListX"); -+ else -+ console_errorbox(L"Failed to retrieve MokList"); -+ return EFI_ABORTED; -+ } else if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { - if (MokX) { - err_str1 = L"MokListX is compromised!"; - err_str2 = L"Erase all keys in MokListX!"; -@@ -1230,7 +1243,11 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - err_str2 = L"Erase all keys in MokList!"; - } - console_alertbox((CHAR16 *[]){err_str1, err_str2, NULL}); -- LibDeleteVariable(db_name, &shim_lock_guid); -+ uefi_call_wrapper(RT->SetVariable, 5, db_name, -+ &shim_lock_guid, -+ EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ 0, NULL); - return EFI_ACCESS_DENIED; - } - -@@ -1240,9 +1257,41 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - - /* Construct lists */ - mok_num = count_keys(MokListData, MokListDataSize); -+ if (mok_num == 0) { -+ if (MokX) { -+ err_str1 = L"Failed to construct the key list of MokListX"; -+ err_str2 = L"Reset MokListX!"; -+ } else { -+ err_str1 = L"Failed to construct the key list of MokList"; -+ err_str2 = L"Reset MokList!"; -+ } -+ console_alertbox((CHAR16 *[]){err_str1, err_str2, NULL}); -+ uefi_call_wrapper(RT->SetVariable, 5, db_name, -+ &shim_lock_guid, -+ EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ 0, NULL); -+ efi_status = EFI_ABORTED; -+ goto error; -+ } - mok = build_mok_list(mok_num, MokListData, MokListDataSize); -+ if (!mok) { -+ console_errorbox(L"Failed to construct key list"); -+ efi_status = EFI_ABORTED; -+ goto error; -+ } - del_num = count_keys(MokDel, MokDelSize); -+ if (del_num == 0) { -+ console_errorbox(L"Invalid key delete list"); -+ efi_status = EFI_ABORTED; -+ goto error; -+ } - del_key = build_mok_list(del_num, MokDel, MokDelSize); -+ if (!del_key) { -+ console_errorbox(L"Failed to construct key list"); -+ efi_status = EFI_ABORTED; -+ goto error; -+ } - - /* Search and destroy */ - for (i = 0; i < del_num; i++) { -@@ -1257,6 +1306,7 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - - efi_status = write_back_mok_list(mok, mok_num, MokX); - -+error: - if (MokListData) - FreePool(MokListData); - if (mok) --- -1.8.4.5 - - -From 8d5456736bae63490a528f6ac12f677bc770cf41 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 10 Apr 2014 15:29:14 +0800 -Subject: [PATCH 14/16] MokManager: Support SHA224, SHA384, and SHA512 - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 40 +++++++++++++++++++++++++++++++++++++--- - 1 file changed, 37 insertions(+), 3 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 1a67a39..9607d2f 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -25,6 +25,9 @@ - #define EFI_VARIABLE_APPEND_WRITE 0x00000040 - - EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; -+EFI_GUID EFI_CERT_SHA224_GUID = { 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} }; -+EFI_GUID EFI_CERT_SHA384_GUID = { 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} }; -+EFI_GUID EFI_CERT_SHA512_GUID = { 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} }; - - #define CERT_STRING L"Select an X509 certificate to enroll:\n\n" - #define HASH_STRING L"Select a file to trust:\n\n" -@@ -96,12 +99,21 @@ done: - static BOOLEAN is_sha_hash (EFI_GUID Type) - { - EFI_GUID Sha1 = EFI_CERT_SHA1_GUID; -+ EFI_GUID Sha224 = EFI_CERT_SHA224_GUID; - EFI_GUID Sha256 = EFI_CERT_SHA256_GUID; -+ EFI_GUID Sha384 = EFI_CERT_SHA384_GUID; -+ EFI_GUID Sha512 = EFI_CERT_SHA512_GUID; - - if (CompareGuid(&Type, &Sha1) == 0) - return TRUE; -+ else if (CompareGuid(&Type, &Sha224) == 0) -+ return TRUE; - else if (CompareGuid(&Type, &Sha256) == 0) - return TRUE; -+ else if (CompareGuid(&Type, &Sha384) == 0) -+ return TRUE; -+ else if (CompareGuid(&Type, &Sha512) == 0) -+ return TRUE; - - return FALSE; - } -@@ -109,12 +121,21 @@ static BOOLEAN is_sha_hash (EFI_GUID Type) - static UINT32 sha_size (EFI_GUID Type) - { - EFI_GUID Sha1 = EFI_CERT_SHA1_GUID; -+ EFI_GUID Sha224 = EFI_CERT_SHA224_GUID; - EFI_GUID Sha256 = EFI_CERT_SHA256_GUID; -+ EFI_GUID Sha384 = EFI_CERT_SHA384_GUID; -+ EFI_GUID Sha512 = EFI_CERT_SHA512_GUID; - - if (CompareGuid(&Type, &Sha1) == 0) - return SHA1_DIGEST_SIZE; -+ else if (CompareGuid(&Type, &Sha224) == 0) -+ return SHA224_DIGEST_LENGTH; - else if (CompareGuid(&Type, &Sha256) == 0) - return SHA256_DIGEST_SIZE; -+ else if (CompareGuid(&Type, &Sha384) == 0) -+ return SHA384_DIGEST_LENGTH; -+ else if (CompareGuid(&Type, &Sha512) == 0) -+ return SHA512_DIGEST_LENGTH; - - return 0; - } -@@ -439,7 +460,10 @@ static void show_x509_info (X509 *X509Cert, UINT8 *hash) - static void show_sha_digest (EFI_GUID Type, UINT8 *hash) - { - EFI_GUID Sha1 = EFI_CERT_SHA1_GUID; -+ EFI_GUID Sha224 = EFI_CERT_SHA224_GUID; - EFI_GUID Sha256 = EFI_CERT_SHA256_GUID; -+ EFI_GUID Sha384 = EFI_CERT_SHA384_GUID; -+ EFI_GUID Sha512 = EFI_CERT_SHA512_GUID; - CHAR16 *text[5]; - POOL_PRINT hash_string1; - POOL_PRINT hash_string2; -@@ -449,9 +473,18 @@ static void show_sha_digest (EFI_GUID Type, UINT8 *hash) - if (CompareGuid(&Type, &Sha1) == 0) { - length = SHA1_DIGEST_SIZE; - text[0] = L"SHA1 hash"; -+ } else if (CompareGuid(&Type, &Sha224) == 0) { -+ length = SHA224_DIGEST_LENGTH; -+ text[0] = L"SHA224 hash"; - } else if (CompareGuid(&Type, &Sha256) == 0) { - length = SHA256_DIGEST_SIZE; - text[0] = L"SHA256 hash"; -+ } else if (CompareGuid(&Type, &Sha384) == 0) { -+ length = SHA384_DIGEST_LENGTH; -+ text[0] = L"SHA384 hash"; -+ } else if (CompareGuid(&Type, &Sha512) == 0) { -+ length = SHA512_DIGEST_LENGTH; -+ text[0] = L"SHA512 hash"; - } else { - return; - } -@@ -1113,7 +1146,7 @@ static void mem_move (void *dest, void *src, UINTN size) - d[i] = s[i]; - } - --static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, -+static void delete_hash_in_list (EFI_GUID Type, UINT8 *hash, UINT32 hash_size, - MokListNode *mok, INTN mok_num) - { - UINT32 sig_size; -@@ -1125,7 +1158,8 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, - sig_size = hash_size + sizeof(EFI_GUID); - - for (i = 0; i < mok_num; i++) { -- if (!is_sha_hash(mok[i].Type) || (mok[i].MokSize < sig_size)) -+ if ((CompareGuid(&(mok[i].Type), &Type) != 0) || -+ (mok[i].MokSize < sig_size)) - continue; - - list_num = mok[i].MokSize / sig_size; -@@ -1173,7 +1207,7 @@ static void delete_hash_list (EFI_GUID Type, void *hash_list, UINT32 list_size, - hash = hash_list + sizeof(EFI_GUID); - - for (i = 0; i < hash_num; i++) { -- delete_hash_in_list (hash, hash_size, mok, mok_num); -+ delete_hash_in_list (Type, hash, hash_size, mok, mok_num); - hash += sig_size; - } - } --- -1.8.4.5 - - -From 2d0e330fb06a7d26810f86dcfdb59b045d444b51 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 10 Apr 2014 15:55:35 +0800 -Subject: [PATCH 15/16] MokManager: Discard the list contains an invalid - signature - -Signed-off-by: Gary Ching-Pang Lin ---- - MokManager.c | 15 +++++---------- - 1 file changed, 5 insertions(+), 10 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 9607d2f..046f779 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -182,10 +182,8 @@ static UINT32 count_keys(void *Data, UINTN DataSize) - } - - if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) { -- dbsize -= CertList->SignatureListSize; -- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + -- CertList->SignatureListSize); -- continue; -+ console_errorbox(L"Invalid signature list found"); -+ return 0; - } - - MokNum++; -@@ -219,12 +217,9 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { - FreePool(list); - return NULL; - } -- if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) { -- dbsize -= CertList->SignatureListSize; -- CertList = (EFI_SIGNATURE_LIST *)((UINT8 *) CertList + -- CertList->SignatureListSize); -- continue; -- } -+ -+ /* Omit the signature check here since we already did it -+ in count_keys() */ - - Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) + - sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); --- -1.8.4.5 - - -From 658c3ac8ea38ac057f21278c9d10ba8aae28b0a5 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 28 Oct 2014 11:21:51 +0800 -Subject: [PATCH 16/16] MokManager: fix comparison between signed and unsigned - integer - -Patch from Johannes Segitz ---- - MokManager.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 046f779..442ab8f 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -513,8 +513,8 @@ static void show_efi_hash (EFI_GUID Type, void *Mok, UINTN MokSize) - UINTN hash_num; - UINT8 *hash; - CHAR16 **menu_strings; -- int key_num = 0; -- int i; -+ UINTN key_num = 0; -+ UINTN i; - - sig_size = sha_size(Type) + sizeof(EFI_GUID); - if ((MokSize % sig_size) != 0) { -@@ -592,7 +592,7 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title) - { - INTN MokNum = 0; - MokListNode *keys = NULL; -- int key_num = 0; -+ UINT32 key_num = 0; - CHAR16 **menu_strings; - int i; - -@@ -1118,7 +1118,7 @@ static int match_hash (UINT8 *hash, UINT32 hash_size, int start, - void *hash_list, UINT32 list_num) - { - UINT8 *ptr; -- int i; -+ UINTN i; - - ptr = hash_list + sizeof(EFI_GUID); - for (i = start; i < list_num; i++) { -@@ -1133,7 +1133,7 @@ static int match_hash (UINT8 *hash, UINT32 hash_size, int start, - static void mem_move (void *dest, void *src, UINTN size) - { - UINT8 *d, *s; -- int i; -+ UINTN i; - - d = (UINT8 *)dest; - s = (UINT8 *)src; -@@ -1190,7 +1190,7 @@ static void delete_hash_list (EFI_GUID Type, void *hash_list, UINT32 list_size, - UINT32 hash_num; - UINT32 sig_size; - UINT8 *hash; -- int i; -+ UINT32 i; - - hash_size = sha_size (Type); - sig_size = hash_size + sizeof(EFI_GUID); --- -1.8.4.5 - diff --git a/shim-opensuse-cert-prompt.patch b/shim-opensuse-cert-prompt.patch index 3477d3c..327dd86 100644 --- a/shim-opensuse-cert-prompt.patch +++ b/shim-opensuse-cert-prompt.patch @@ -1,4 +1,4 @@ -From eeeb5117c7d30eef6ec8a09f884d6e6872e41638 Mon Sep 17 00:00:00 2001 +From 83b991190b82da422cff4e357e045ff993ecaa9d Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 18 Feb 2014 17:29:19 +0800 Subject: [PATCH 1/3] Show the build-in certificate prompt @@ -17,22 +17,22 @@ again after reboot. The state will store in use_openSUSE_cert, a volatile RT variable. --- - shim.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 74 insertions(+), 2 deletions(-) + shim.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 75 insertions(+), 2 deletions(-) diff --git a/shim.c b/shim.c -index 6fbe427..112a141 100644 +index 4c6bdc5..4e8ed3a 100644 --- a/shim.c +++ b/shim.c @@ -91,6 +91,7 @@ UINT8 *vendor_dbx; + */ verification_method_t verification_method; int loader_is_participating; - int exit_only; +BOOLEAN use_builtin_cert; #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} -@@ -955,7 +956,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, +@@ -959,7 +960,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, if (status == EFI_SUCCESS) return status; @@ -41,7 +41,7 @@ index 6fbe427..112a141 100644 /* * Check against the shim build key */ -@@ -1709,7 +1710,7 @@ EFI_STATUS mirror_mok_list() +@@ -1730,7 +1731,7 @@ EFI_STATUS mirror_mok_list() if (efi_status != EFI_SUCCESS) DataSize = 0; @@ -50,8 +50,8 @@ index 6fbe427..112a141 100644 FullDataSize = DataSize + sizeof (*CertList) + sizeof (EFI_GUID) -@@ -2058,6 +2059,75 @@ uninstall_shim_protocols(void) - &shim_lock_guid, &shim_lock_interface); +@@ -2140,6 +2141,75 @@ shim_fini(void) + setup_console(0); } +#define VENDOR_VERIFY L"openSUSE_Verify" @@ -123,23 +123,24 @@ index 6fbe427..112a141 100644 + return 0; +} + - EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - { - EFI_STATUS efi_status; -@@ -2114,6 +2184,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) - */ - hook_exit_only = 0; - loader_is_participating = 0; -+ if (builtin_cert_prompt() != 0) -+ return EFI_ABORTED; - } - } + extern EFI_STATUS + efi_main(EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab); +@@ -2228,6 +2298,9 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) + */ + check_mok_sb(); + ++ if (secure_mode() && (builtin_cert_prompt() != 0)) ++ return EFI_ABORTED; ++ + efi_status = shim_init(); + if (EFI_ERROR(efi_status)) { + Print(L"Something has gone seriously wrong: %r\n", efi_status); -- 2.1.4 -From 869b4633b647c00d13bdf9c2ad554e5d5b8b9670 Mon Sep 17 00:00:00 2001 +From bde21fc34f6c1293a4233e704d9890a14f4bff19 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 20 Feb 2014 16:57:08 +0800 Subject: [PATCH 2/3] Support revoking the openSUSE cert @@ -155,10 +156,10 @@ will show up with an additional option to clear openSUSE_Verify 2 files changed, 60 insertions(+), 3 deletions(-) diff --git a/MokManager.c b/MokManager.c -index 442ab8f..7277968 100644 +index ee6dffb..68d4099 100644 --- a/MokManager.c +++ b/MokManager.c -@@ -1731,6 +1731,33 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { +@@ -1729,6 +1729,33 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { return -1; } @@ -192,7 +193,7 @@ index 442ab8f..7277968 100644 static BOOLEAN verify_certificate(UINT8 *cert, UINTN size) { X509 *X509Cert; -@@ -2083,6 +2110,7 @@ typedef enum { +@@ -2081,6 +2108,7 @@ typedef enum { MOK_CHANGE_SB, MOK_SET_PW, MOK_CHANGE_DB, @@ -200,7 +201,7 @@ index 442ab8f..7277968 100644 MOK_KEY_ENROLL, MOK_HASH_ENROLL } mok_menu_item; -@@ -2094,7 +2122,8 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, +@@ -2092,7 +2120,8 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, void *MokPW, UINTN MokPWSize, void *MokDB, UINTN MokDBSize, void *MokXNew, UINTN MokXNewSize, @@ -210,7 +211,7 @@ index 442ab8f..7277968 100644 { CHAR16 **menu_strings; mok_menu_item *menu_item; -@@ -2168,6 +2197,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, +@@ -2166,6 +2195,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, if (MokDB) menucount++; @@ -220,7 +221,7 @@ index 442ab8f..7277968 100644 menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1)); if (!menu_strings) -@@ -2237,6 +2269,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, +@@ -2235,6 +2267,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, i++; } @@ -233,7 +234,7 @@ index 442ab8f..7277968 100644 menu_strings[i] = L"Enroll key from disk"; menu_item[i] = MOK_KEY_ENROLL; i++; -@@ -2287,6 +2325,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, +@@ -2285,6 +2323,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, case MOK_CHANGE_DB: mok_db_prompt(MokDB, MokDBSize); break; @@ -243,7 +244,7 @@ index 442ab8f..7277968 100644 case MOK_KEY_ENROLL: mok_key_enroll(); break; -@@ -2312,6 +2353,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2310,6 +2351,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; UINTN MokNewSize = 0, MokDelSize = 0, MokSBSize = 0, MokPWSize = 0; UINTN MokDBSize = 0, MokXNewSize = 0, MokXDelSize = 0; @@ -251,7 +252,7 @@ index 442ab8f..7277968 100644 void *MokNew = NULL; void *MokDel = NULL; void *MokSB = NULL; -@@ -2319,6 +2361,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2317,6 +2359,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) void *MokDB = NULL; void *MokXNew = NULL; void *MokXDel = NULL; @@ -259,7 +260,7 @@ index 442ab8f..7277968 100644 EFI_STATUS status; status = get_variable(L"MokNew", (UINT8 **)&MokNew, &MokNewSize, -@@ -2391,9 +2434,20 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2389,9 +2432,20 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) console_error(L"Could not retrieve MokXDel", status); } @@ -281,7 +282,7 @@ index 442ab8f..7277968 100644 if (MokNew) FreePool (MokNew); -@@ -2416,6 +2470,9 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -2414,6 +2468,9 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) if (MokXDel) FreePool (MokXDel); @@ -292,10 +293,10 @@ index 442ab8f..7277968 100644 LibDeleteVariable(L"MokDelAuth", &shim_lock_guid); LibDeleteVariable(L"MokXAuth", &shim_lock_guid); diff --git a/shim.c b/shim.c -index 112a141..9ffac1f 100644 +index 4e8ed3a..8848e6a 100644 --- a/shim.c +++ b/shim.c -@@ -1819,7 +1819,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -1840,7 +1840,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) check_var(L"MokPW") || check_var(L"MokAuth") || check_var(L"MokDel") || check_var(L"MokDB") || check_var(L"MokXNew") || check_var(L"MokXDel") || @@ -308,7 +309,7 @@ index 112a141..9ffac1f 100644 2.1.4 -From 8d8ccfdebdd01601548d662ad8a43371d307e2f1 Mon Sep 17 00:00:00 2001 +From 3d22ec8e64253ec7edc4133d6122539f006c792e Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Fri, 7 Mar 2014 16:17:20 +0800 Subject: [PATCH 3/3] Delete openSUSE_Verify the right way @@ -321,10 +322,10 @@ LibDeleteVariable only works on the runtime variables. 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/MokManager.c b/MokManager.c -index 7277968..b5d2454 100644 +index 68d4099..c7f2b65 100644 --- a/MokManager.c +++ b/MokManager.c -@@ -1745,7 +1745,10 @@ static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { +@@ -1743,7 +1743,10 @@ static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { if (status != EFI_SUCCESS) return -1; diff --git a/shim-update-cryptlib.patch b/shim-update-cryptlib.patch deleted file mode 100644 index b240055..0000000 --- a/shim-update-cryptlib.patch +++ /dev/null @@ -1,270145 +0,0 @@ -From 50d85313be40ac311591407a0025c4527d5c4a01 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 31 Mar 2015 12:14:06 +0800 -Subject: [PATCH] Update Cryptlib and openssl - -Update Cryptlib to r16559 and openssl to 0.9.8zf ---- - Cryptlib/Include/openssl/aes.h | 106 +- - Cryptlib/Include/openssl/asn1.h | 1841 +++--- - Cryptlib/Include/openssl/asn1_mac.h | 959 ++-- - Cryptlib/Include/openssl/asn1t.h | 1093 ++-- - Cryptlib/Include/openssl/bio.h | 1106 ++-- - Cryptlib/Include/openssl/blowfish.h | 81 +- - Cryptlib/Include/openssl/bn.h | 1243 +++-- - Cryptlib/Include/openssl/buffer.h | 67 +- - Cryptlib/Include/openssl/cast.h | 64 +- - Cryptlib/Include/openssl/comp.h | 89 +- - Cryptlib/Include/openssl/conf.h | 235 +- - Cryptlib/Include/openssl/conf_api.h | 26 +- - Cryptlib/Include/openssl/crypto.h | 768 +-- - Cryptlib/Include/openssl/des.h | 308 +- - Cryptlib/Include/openssl/des_old.h | 655 ++- - Cryptlib/Include/openssl/dh.h | 286 +- - Cryptlib/Include/openssl/dsa.h | 414 +- - Cryptlib/Include/openssl/dso.h | 512 +- - Cryptlib/Include/openssl/dtls1.h | 351 +- - Cryptlib/Include/openssl/e_os2.h | 355 +- - Cryptlib/Include/openssl/ebcdic.h | 12 +- - Cryptlib/Include/openssl/ec.h | 586 +- - Cryptlib/Include/openssl/ecdh.h | 54 +- - Cryptlib/Include/openssl/ecdsa.h | 120 +- - Cryptlib/Include/openssl/engine.h | 1126 ++-- - Cryptlib/Include/openssl/err.h | 427 +- - Cryptlib/Include/openssl/evp.h | 1493 ++--- - Cryptlib/Include/openssl/hmac.h | 59 +- - Cryptlib/Include/openssl/idea.h | 56 +- - Cryptlib/Include/openssl/krb5_asn.h | 268 +- - Cryptlib/Include/openssl/kssl.h | 184 +- - Cryptlib/Include/openssl/lhash.h | 213 +- - Cryptlib/Include/openssl/md2.h | 47 +- - Cryptlib/Include/openssl/md4.h | 69 +- - Cryptlib/Include/openssl/md5.h | 67 +- - Cryptlib/Include/openssl/obj_mac.h | 7139 ++++++++++++------------ - Cryptlib/Include/openssl/objects.h | 1732 +++--- - Cryptlib/Include/openssl/ocsp.h | 635 +-- - Cryptlib/Include/openssl/opensslv.h | 56 +- - Cryptlib/Include/openssl/ossl_typ.h | 94 +- - Cryptlib/Include/openssl/pem.h | 1196 ++-- - Cryptlib/Include/openssl/pem2.h | 2 +- - Cryptlib/Include/openssl/pkcs12.h | 352 +- - Cryptlib/Include/openssl/pkcs7.h | 574 +- - Cryptlib/Include/openssl/pq_compat.h | 152 +- - Cryptlib/Include/openssl/pqueue.h | 37 +- - Cryptlib/Include/openssl/rand.h | 143 +- - Cryptlib/Include/openssl/rc2.h | 64 +- - Cryptlib/Include/openssl/rc4.h | 38 +- - Cryptlib/Include/openssl/ripemd.h | 66 +- - Cryptlib/Include/openssl/rsa.h | 725 +-- - Cryptlib/Include/openssl/safestack.h | 3840 ++++++------- - Cryptlib/Include/openssl/sha.h | 196 +- - Cryptlib/Include/openssl/ssl.h | 3565 ++++++------ - Cryptlib/Include/openssl/ssl2.h | 355 +- - Cryptlib/Include/openssl/ssl23.h | 33 +- - Cryptlib/Include/openssl/ssl3.h | 926 +-- - Cryptlib/Include/openssl/stack.h | 70 +- - Cryptlib/Include/openssl/store.h | 819 +-- - Cryptlib/Include/openssl/symhacks.h | 639 +-- - Cryptlib/Include/openssl/tls1.h | 614 +- - Cryptlib/Include/openssl/tmdiff.h | 46 +- - Cryptlib/Include/openssl/txt_db.h | 71 +- - Cryptlib/Include/openssl/ui.h | 373 +- - Cryptlib/Include/openssl/ui_compat.h | 33 +- - Cryptlib/Include/openssl/x509.h | 1897 +++---- - Cryptlib/Include/openssl/x509_vfy.h | 654 +-- - Cryptlib/Include/openssl/x509v3.h | 959 ++-- - Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 133 +- - Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 184 +- - Cryptlib/OpenSSL/crypto/aes/aes_core.c | 538 +- - Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 150 +- - Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 18 +- - Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 454 +- - Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 13 +- - Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 50 +- - Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 365 +- - Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 331 +- - Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 97 +- - Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 444 +- - Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 378 +- - Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 66 +- - Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 88 +- - Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 213 +- - Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 353 +- - Cryptlib/OpenSSL/crypto/asn1/a_hdr.c | 103 +- - Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 168 +- - Cryptlib/OpenSSL/crypto/asn1/a_int.c | 718 +-- - Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 553 +- - Cryptlib/OpenSSL/crypto/asn1/a_meth.c | 46 +- - Cryptlib/OpenSSL/crypto/asn1/a_object.c | 603 +- - Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 28 +- - Cryptlib/OpenSSL/crypto/asn1/a_print.c | 126 +- - Cryptlib/OpenSSL/crypto/asn1/a_set.c | 320 +- - Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 347 +- - Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 917 +-- - Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 330 +- - Cryptlib/OpenSSL/crypto/asn1/a_time.c | 172 +- - Cryptlib/OpenSSL/crypto/asn1/a_type.c | 134 +- - Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 433 +- - Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 294 +- - Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 241 +- - Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 510 +- - Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 1469 +++-- - Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 721 ++- - Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 685 ++- - Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 1360 ++--- - Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 149 +- - Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 193 +- - Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 172 +- - Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 120 +- - Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 262 +- - Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 274 +- - Cryptlib/OpenSSL/crypto/asn1/f_int.c | 294 +- - Cryptlib/OpenSSL/crypto/asn1/f_string.c | 281 +- - Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 49 +- - Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 46 +- - Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 496 +- - Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 23 +- - Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 115 +- - Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 257 +- - Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 32 +- - Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 65 +- - Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 111 +- - Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 1408 +++-- - Cryptlib/OpenSSL/crypto/asn1/t_req.c | 389 +- - Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 104 +- - Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 847 +-- - Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 93 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 2325 ++++---- - Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 1151 ++-- - Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 375 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 561 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 7 +- - Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 342 +- - Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 111 +- - Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 82 +- - Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 111 +- - Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 114 +- - Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 17 +- - Cryptlib/OpenSSL/crypto/asn1/x_info.c | 89 +- - Cryptlib/OpenSSL/crypto/asn1/x_long.c | 180 +- - Cryptlib/OpenSSL/crypto/asn1/x_name.c | 355 +- - Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 150 +- - Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 831 ++- - Cryptlib/OpenSSL/crypto/asn1/x_req.c | 51 +- - Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 16 +- - Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 27 +- - Cryptlib/OpenSSL/crypto/asn1/x_val.c | 16 +- - Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 207 +- - Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 153 +- - Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c | 128 +- - Cryptlib/OpenSSL/crypto/bf/bf_ecb.c | 62 +- - Cryptlib/OpenSSL/crypto/bf/bf_enc.c | 434 +- - Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c | 106 +- - Cryptlib/OpenSSL/crypto/bf/bf_skey.c | 98 +- - Cryptlib/OpenSSL/crypto/bio/b_dump.c | 203 +- - Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 863 +-- - Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 322 +- - Cryptlib/OpenSSL/crypto/bio/bf_null.c | 206 +- - Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 147 +- - Cryptlib/OpenSSL/crypto/bio/bio_err.c | 161 +- - Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 844 ++- - Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 1476 +++-- - Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 1205 ++-- - Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 323 +- - Cryptlib/OpenSSL/crypto/bio/bss_file.c | 694 ++- - Cryptlib/OpenSSL/crypto/bio/bss_log.c | 596 +- - Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 447 +- - Cryptlib/OpenSSL/crypto/bio/bss_null.c | 139 +- - Cryptlib/OpenSSL/crypto/bn/bn_add.c | 430 +- - Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 1564 +++--- - Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 478 +- - Cryptlib/OpenSSL/crypto/bn/bn_const.c | 807 +-- - Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 592 +- - Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 85 +- - Cryptlib/OpenSSL/crypto/bn/bn_div.c | 1163 ++-- - Cryptlib/OpenSSL/crypto/bn/bn_err.c | 152 +- - Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 1720 +++--- - Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 365 +- - Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 1119 ++-- - Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 2147 +++---- - Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 246 +- - Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 1351 ++--- - Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 353 +- - Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 1197 ++-- - Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 130 +- - Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 2004 ++++--- - Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 1437 ++--- - Cryptlib/OpenSSL/crypto/bn/bn_opt.c | 39 +- - Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 745 +-- - Cryptlib/OpenSSL/crypto/bn/bn_print.c | 489 +- - Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 316 +- - Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 329 +- - Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 283 +- - Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 369 +- - Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 678 +-- - Cryptlib/OpenSSL/crypto/bn/bn_word.c | 319 +- - Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 334 +- - Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 48 +- - Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 90 +- - Cryptlib/OpenSSL/crypto/buffer/buffer.c | 228 +- - Cryptlib/OpenSSL/crypto/cast/c_cfb64.c | 126 +- - Cryptlib/OpenSSL/crypto/cast/c_ecb.c | 44 +- - Cryptlib/OpenSSL/crypto/cast/c_enc.c | 276 +- - Cryptlib/OpenSSL/crypto/cast/c_ofb64.c | 104 +- - Cryptlib/OpenSSL/crypto/cast/c_skey.c | 207 +- - Cryptlib/OpenSSL/crypto/comp/c_rle.c | 91 +- - Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 1315 +++-- - Cryptlib/OpenSSL/crypto/comp/comp_err.c | 50 +- - Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 104 +- - Cryptlib/OpenSSL/crypto/conf/conf_api.c | 411 +- - Cryptlib/OpenSSL/crypto/conf/conf_def.c | 1180 ++-- - Cryptlib/OpenSSL/crypto/conf/conf_err.c | 112 +- - Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 550 +- - Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 22 +- - Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 867 ++- - Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 68 +- - Cryptlib/OpenSSL/crypto/constant_time_locl.h | 211 + - Cryptlib/OpenSSL/crypto/cpt_err.c | 57 +- - Cryptlib/OpenSSL/crypto/cryptlib.c | 761 +-- - Cryptlib/OpenSSL/crypto/cversion.c | 79 +- - Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 97 +- - Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 14 +- - Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 363 +- - Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 127 +- - Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 244 +- - Cryptlib/OpenSSL/crypto/des/des_enc.c | 633 ++- - Cryptlib/OpenSSL/crypto/des/des_lib.c | 70 +- - Cryptlib/OpenSSL/crypto/des/des_old.c | 446 +- - Cryptlib/OpenSSL/crypto/des/des_old2.c | 36 +- - Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 53 +- - Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 42 +- - Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 250 +- - Cryptlib/OpenSSL/crypto/des/enc_read.c | 294 +- - Cryptlib/OpenSSL/crypto/des/enc_writ.c | 172 +- - Cryptlib/OpenSSL/crypto/des/fcrypt.c | 265 +- - Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 127 +- - Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 126 +- - Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 105 +- - Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 146 +- - Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 124 +- - Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 136 +- - Cryptlib/OpenSSL/crypto/des/rand_key.c | 19 +- - Cryptlib/OpenSSL/crypto/des/read2pwd.c | 54 +- - Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 72 +- - Cryptlib/OpenSSL/crypto/des/set_key.c | 634 ++- - Cryptlib/OpenSSL/crypto/des/str2key.c | 192 +- - Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 279 +- - Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 34 +- - Cryptlib/OpenSSL/crypto/dh/dh_check.c | 143 +- - Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 29 +- - Cryptlib/OpenSSL/crypto/dh/dh_err.c | 66 +- - Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 190 +- - Cryptlib/OpenSSL/crypto/dh/dh_key.c | 317 +- - Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 290 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c | 233 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c | 81 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_err.c | 90 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c | 538 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_key.c | 120 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c | 378 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c | 615 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c | 49 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c | 54 +- - Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c | 31 +- - Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 480 +- - Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 529 +- - Cryptlib/OpenSSL/crypto/dso/dso_err.c | 145 +- - Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 687 ++- - Cryptlib/OpenSSL/crypto/dso/dso_null.c | 46 +- - Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 24 +- - Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 800 +-- - Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 1064 ++-- - Cryptlib/OpenSSL/crypto/dyn_lck.c | 526 +- - Cryptlib/OpenSSL/crypto/ebcdic.c | 343 +- - Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 632 ++- - Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c | 1713 +++--- - Cryptlib/OpenSSL/crypto/ec/ec_asn1.c | 2361 ++++---- - Cryptlib/OpenSSL/crypto/ec/ec_check.c | 115 +- - Cryptlib/OpenSSL/crypto/ec/ec_curve.c | 2087 +++---- - Cryptlib/OpenSSL/crypto/ec/ec_cvt.c | 139 +- - Cryptlib/OpenSSL/crypto/ec/ec_err.c | 366 +- - Cryptlib/OpenSSL/crypto/ec/ec_key.c | 684 ++- - Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 1875 +++---- - Cryptlib/OpenSSL/crypto/ec/ec_mult.c | 1569 +++--- - Cryptlib/OpenSSL/crypto/ec/ec_print.c | 216 +- - Cryptlib/OpenSSL/crypto/ec/ecp_mont.c | 455 +- - Cryptlib/OpenSSL/crypto/ec/ecp_nist.c | 287 +- - Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c | 3200 +++++------ - Cryptlib/OpenSSL/crypto/ecdh/ech_err.c | 46 +- - Cryptlib/OpenSSL/crypto/ecdh/ech_key.c | 17 +- - Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 240 +- - Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c | 232 +- - Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 6 +- - Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 60 +- - Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 257 +- - Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 719 ++- - Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 62 +- - Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 64 +- - Cryptlib/OpenSSL/crypto/engine/eng_all.c | 112 +- - Cryptlib/OpenSSL/crypto/engine/eng_cnf.c | 331 +- - Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c | 1667 +++--- - Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c | 620 +- - Cryptlib/OpenSSL/crypto/engine/eng_dyn.c | 922 +-- - Cryptlib/OpenSSL/crypto/engine/eng_err.c | 198 +- - Cryptlib/OpenSSL/crypto/engine/eng_fat.c | 146 +- - Cryptlib/OpenSSL/crypto/engine/eng_init.c | 171 +- - Cryptlib/OpenSSL/crypto/engine/eng_lib.c | 421 +- - Cryptlib/OpenSSL/crypto/engine/eng_list.c | 614 +- - Cryptlib/OpenSSL/crypto/engine/eng_openssl.c | 494 +- - Cryptlib/OpenSSL/crypto/engine/eng_padlock.c | 1902 +++---- - Cryptlib/OpenSSL/crypto/engine/eng_pkey.c | 226 +- - Cryptlib/OpenSSL/crypto/engine/eng_table.c | 440 +- - Cryptlib/OpenSSL/crypto/engine/tb_cipher.c | 124 +- - Cryptlib/OpenSSL/crypto/engine/tb_dh.c | 84 +- - Cryptlib/OpenSSL/crypto/engine/tb_digest.c | 124 +- - Cryptlib/OpenSSL/crypto/engine/tb_dsa.c | 84 +- - Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c | 84 +- - Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c | 84 +- - Cryptlib/OpenSSL/crypto/engine/tb_rand.c | 84 +- - Cryptlib/OpenSSL/crypto/engine/tb_rsa.c | 84 +- - Cryptlib/OpenSSL/crypto/engine/tb_store.c | 84 +- - Cryptlib/OpenSSL/crypto/err/err.c | 504 +- - Cryptlib/OpenSSL/crypto/err/err_all.c | 140 +- - Cryptlib/OpenSSL/crypto/err/err_bio.c | 27 +- - Cryptlib/OpenSSL/crypto/err/err_def.c | 798 +-- - Cryptlib/OpenSSL/crypto/err/err_prn.c | 181 +- - Cryptlib/OpenSSL/crypto/err/err_str.c | 310 +- - Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 1006 ++-- - Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 678 +-- - Cryptlib/OpenSSL/crypto/evp/bio_md.c | 329 +- - Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 971 ++-- - Cryptlib/OpenSSL/crypto/evp/c_all.c | 44 +- - Cryptlib/OpenSSL/crypto/evp/c_allc.c | 274 +- - Cryptlib/OpenSSL/crypto/evp/c_alld.c | 72 +- - Cryptlib/OpenSSL/crypto/evp/dig_eng.c | 120 +- - Cryptlib/OpenSSL/crypto/evp/digest.c | 562 +- - Cryptlib/OpenSSL/crypto/evp/e_aes.c | 96 +- - Cryptlib/OpenSSL/crypto/evp/e_bf.c | 47 +- - Cryptlib/OpenSSL/crypto/evp/e_cast.c | 51 +- - Cryptlib/OpenSSL/crypto/evp/e_des.c | 181 +- - Cryptlib/OpenSSL/crypto/evp/e_des3.c | 311 +- - Cryptlib/OpenSSL/crypto/evp/e_idea.c | 87 +- - Cryptlib/OpenSSL/crypto/evp/e_null.c | 72 +- - Cryptlib/OpenSSL/crypto/evp/e_old.c | 129 +- - Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 292 +- - Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 122 +- - Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 102 +- - Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 99 +- - Cryptlib/OpenSSL/crypto/evp/enc_min.c | 557 +- - Cryptlib/OpenSSL/crypto/evp/encode.c | 696 +-- - Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 22 +- - Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 95 +- - Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 646 ++- - Cryptlib/OpenSSL/crypto/evp/evp_err.c | 236 +- - Cryptlib/OpenSSL/crypto/evp/evp_key.c | 207 +- - Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 317 +- - Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 163 +- - Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 1252 ++--- - Cryptlib/OpenSSL/crypto/evp/m_dss.c | 65 +- - Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 79 +- - Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 65 +- - Cryptlib/OpenSSL/crypto/evp/m_md2.c | 77 +- - Cryptlib/OpenSSL/crypto/evp/m_md4.c | 77 +- - Cryptlib/OpenSSL/crypto/evp/m_md5.c | 79 +- - Cryptlib/OpenSSL/crypto/evp/m_null.c | 65 +- - Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 77 +- - Cryptlib/OpenSSL/crypto/evp/m_sha.c | 75 +- - Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 279 +- - Cryptlib/OpenSSL/crypto/evp/names.c | 112 +- - Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 162 +- - Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 326 +- - Cryptlib/OpenSSL/crypto/evp/p_dec.c | 40 +- - Cryptlib/OpenSSL/crypto/evp/p_enc.c | 41 +- - Cryptlib/OpenSSL/crypto/evp/p_lib.c | 619 +- - Cryptlib/OpenSSL/crypto/evp/p_open.c | 109 +- - Cryptlib/OpenSSL/crypto/evp/p_seal.c | 87 +- - Cryptlib/OpenSSL/crypto/evp/p_sign.c | 116 +- - Cryptlib/OpenSSL/crypto/evp/p_verify.c | 97 +- - Cryptlib/OpenSSL/crypto/ex_data.c | 845 +-- - Cryptlib/OpenSSL/crypto/fips_err.c | 2 +- - Cryptlib/OpenSSL/crypto/hmac/hmac.c | 202 +- - Cryptlib/OpenSSL/crypto/idea/i_cbc.c | 209 +- - Cryptlib/OpenSSL/crypto/idea/i_cfb64.c | 127 +- - Cryptlib/OpenSSL/crypto/idea/i_ecb.c | 51 +- - Cryptlib/OpenSSL/crypto/idea/i_ofb64.c | 105 +- - Cryptlib/OpenSSL/crypto/idea/i_skey.c | 196 +- - Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 95 +- - Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 322 +- - Cryptlib/OpenSSL/crypto/lhash/lhash.c | 675 ++- - Cryptlib/OpenSSL/crypto/md2/md2_dgst.c | 305 +- - Cryptlib/OpenSSL/crypto/md2/md2_one.c | 64 +- - Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 230 +- - Cryptlib/OpenSSL/crypto/md4/md4_one.c | 61 +- - Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 264 +- - Cryptlib/OpenSSL/crypto/md5/md5_one.c | 61 +- - Cryptlib/OpenSSL/crypto/mem.c | 693 +-- - Cryptlib/OpenSSL/crypto/mem_clr.c | 32 +- - Cryptlib/OpenSSL/crypto/mem_dbg.c | 1230 ++-- - Cryptlib/OpenSSL/crypto/o_dir.c | 25 +- - Cryptlib/OpenSSL/crypto/o_init.c | 69 +- - Cryptlib/OpenSSL/crypto/o_str.c | 75 +- - Cryptlib/OpenSSL/crypto/o_time.c | 288 +- - Cryptlib/OpenSSL/crypto/objects/o_names.c | 610 +- - Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 1281 +++-- - Cryptlib/OpenSSL/crypto/objects/obj_err.c | 54 +- - Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 127 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 97 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 539 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 141 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 812 +-- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 715 ++- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 397 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 428 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 365 +- - Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 727 ++- - Cryptlib/OpenSSL/crypto/pem/pem_all.c | 471 +- - Cryptlib/OpenSSL/crypto/pem/pem_err.c | 123 +- - Cryptlib/OpenSSL/crypto/pem/pem_info.c | 586 +- - Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 1314 ++--- - Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 42 +- - Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 259 +- - Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 168 +- - Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 250 +- - Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 71 +- - Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 8 +- - Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 10 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 245 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 56 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 114 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 110 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 519 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 207 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 56 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 256 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 427 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 207 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 268 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 16 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 66 +- - Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 107 +- - Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 145 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 147 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 134 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 2105 ++++--- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 973 ++-- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 90 +- - Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 879 +-- - Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 199 +- - Cryptlib/OpenSSL/crypto/pqueue/pqueue.c | 324 +- - Cryptlib/OpenSSL/crypto/rand/md_rand.c | 809 ++- - Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 358 +- - Cryptlib/OpenSSL/crypto/rand/rand_eng.c | 143 +- - Cryptlib/OpenSSL/crypto/rand/rand_err.c | 79 +- - Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 285 +- - Cryptlib/OpenSSL/crypto/rand/rand_nw.c | 110 +- - Cryptlib/OpenSSL/crypto/rand/rand_os2.c | 74 +- - Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 384 +- - Cryptlib/OpenSSL/crypto/rand/rand_win.c | 1226 ++-- - Cryptlib/OpenSSL/crypto/rand/randfile.c | 383 +- - Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c | 334 +- - Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c | 48 +- - Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c | 181 +- - Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c | 127 +- - Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c | 105 +- - Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 491 +- - Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c | 24 +- - Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 163 +- - Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c | 477 +- - Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c | 39 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 79 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 281 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 64 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 1517 +++-- - Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c | 456 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 226 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 328 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 288 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 64 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 122 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 429 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 367 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 347 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 158 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 383 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 161 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 198 +- - Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 377 +- - Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 35 +- - Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 30 +- - Cryptlib/OpenSSL/crypto/sha/sha256.c | 619 +- - Cryptlib/OpenSSL/crypto/sha/sha512.c | 1013 ++-- - Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 25 +- - Cryptlib/OpenSSL/crypto/sha/sha_one.c | 35 +- - Cryptlib/OpenSSL/crypto/stack/stack.c | 544 +- - Cryptlib/OpenSSL/crypto/store/str_err.c | 321 +- - Cryptlib/OpenSSL/crypto/store/str_lib.c | 3083 +++++----- - Cryptlib/OpenSSL/crypto/store/str_mem.c | 552 +- - Cryptlib/OpenSSL/crypto/store/str_meth.c | 378 +- - Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 589 +- - Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 20 +- - Cryptlib/OpenSSL/crypto/ui/ui_err.c | 75 +- - Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 1448 +++-- - Cryptlib/OpenSSL/crypto/ui/ui_util.c | 62 +- - Cryptlib/OpenSSL/crypto/uid.c | 35 +- - Cryptlib/OpenSSL/crypto/x509/by_dir.c | 547 +- - Cryptlib/OpenSSL/crypto/x509/by_file.c | 405 +- - Cryptlib/OpenSSL/crypto/x509/x509_att.c | 463 +- - Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 601 +- - Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 82 +- - Cryptlib/OpenSSL/crypto/x509/x509_def.c | 39 +- - Cryptlib/OpenSSL/crypto/x509/x509_err.c | 188 +- - Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 163 +- - Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 904 ++- - Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 278 +- - Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 89 +- - Cryptlib/OpenSSL/crypto/x509/x509_req.c | 383 +- - Cryptlib/OpenSSL/crypto/x509/x509_set.c | 147 +- - Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 321 +- - Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 212 +- - Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 356 +- - Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 2592 +++++---- - Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 554 +- - Cryptlib/OpenSSL/crypto/x509/x509cset.c | 179 +- - Cryptlib/OpenSSL/crypto/x509/x509name.c | 574 +- - Cryptlib/OpenSSL/crypto/x509/x509rset.c | 40 +- - Cryptlib/OpenSSL/crypto/x509/x509spki.c | 92 +- - Cryptlib/OpenSSL/crypto/x509/x509type.c | 112 +- - Cryptlib/OpenSSL/crypto/x509/x_all.c | 595 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 361 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 116 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 172 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 243 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 160 +- - Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 1090 ++-- - Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 1860 +++--- - Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 255 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 13 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 926 ++- - Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 1198 ++-- - Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 100 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 137 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 740 +-- - Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 664 +-- - Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 151 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 59 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 125 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 44 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 93 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 237 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 57 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 370 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 252 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 322 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 523 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 17 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 113 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 58 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 142 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 311 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 951 ++-- - Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 144 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 271 +- - Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 1325 ++--- - Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 310 +- - Cryptlib/OpenSSL/e_os.h | 988 ++-- - Cryptlib/OpenSSL/update.sh | 3 +- - Cryptlib/Pk/CryptAuthenticode.c | 20 +- - Cryptlib/Pk/CryptPkcs7Verify.c | 29 +- - Cryptlib/Pk/CryptX509.c | 78 +- - 571 files changed, 116388 insertions(+), 113878 deletions(-) - create mode 100644 Cryptlib/OpenSSL/crypto/constant_time_locl.h - -diff --git a/Cryptlib/Include/openssl/aes.h b/Cryptlib/Include/openssl/aes.h -index 450f2b4..83c13c9 100644 ---- a/Cryptlib/Include/openssl/aes.h -+++ b/Cryptlib/Include/openssl/aes.h -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -50,25 +50,27 @@ - */ - - #ifndef HEADER_AES_H --#define HEADER_AES_H -+# define HEADER_AES_H - --#include -+# include - --#ifdef OPENSSL_NO_AES --#error AES is disabled. --#endif -+# ifdef OPENSSL_NO_AES -+# error AES is disabled. -+# endif - --#define AES_ENCRYPT 1 --#define AES_DECRYPT 0 -+# define AES_ENCRYPT 1 -+# define AES_DECRYPT 0 - --/* Because array size can't be a const in C, the following two are macros. -- Both sizes are in bytes. */ --#define AES_MAXNR 14 --#define AES_BLOCK_SIZE 16 -+/* -+ * Because array size can't be a const in C, the following two are macros. -+ * Both sizes are in bytes. -+ */ -+# define AES_MAXNR 14 -+# define AES_BLOCK_SIZE 16 - --#ifdef OPENSSL_FIPS --#define FIPS_AES_SIZE_T int --#endif -+# ifdef OPENSSL_FIPS -+# define FIPS_AES_SIZE_T int -+# endif - - #ifdef __cplusplus - extern "C" { -@@ -76,11 +78,11 @@ extern "C" { - - /* This should be a hidden type, but EVP requires that the size be known */ - struct aes_key_st { --#ifdef AES_LONG -- unsigned long rd_key[4 *(AES_MAXNR + 1)]; --#else -- unsigned int rd_key[4 *(AES_MAXNR + 1)]; --#endif -+# ifdef AES_LONG -+ unsigned long rd_key[4 * (AES_MAXNR + 1)]; -+# else -+ unsigned int rd_key[4 * (AES_MAXNR + 1)]; -+# endif - int rounds; - }; - typedef struct aes_key_st AES_KEY; -@@ -88,61 +90,61 @@ typedef struct aes_key_st AES_KEY; - const char *AES_options(void); - - int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -- AES_KEY *key); -+ AES_KEY *key); - int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -- AES_KEY *key); -+ AES_KEY *key); - - void AES_encrypt(const unsigned char *in, unsigned char *out, -- const AES_KEY *key); -+ const AES_KEY *key); - void AES_decrypt(const unsigned char *in, unsigned char *out, -- const AES_KEY *key); -+ const AES_KEY *key); - - void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, -- const AES_KEY *key, const int enc); -+ const AES_KEY *key, const int enc); - void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, const int enc); -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, const int enc); - void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, int *num, const int enc); -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, int *num, const int enc); - void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, int *num, const int enc); -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, int *num, const int enc); - void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, int *num, const int enc); --void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, -- const int nbits,const AES_KEY *key, -- unsigned char *ivec,const int enc); -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, int *num, const int enc); -+void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out, -+ const int nbits, const AES_KEY *key, -+ unsigned char *ivec, const int enc); - void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, int *num); -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, int *num); - void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char ivec[AES_BLOCK_SIZE], -- unsigned char ecount_buf[AES_BLOCK_SIZE], -- unsigned int *num); -+ const unsigned long length, const AES_KEY *key, -+ unsigned char ivec[AES_BLOCK_SIZE], -+ unsigned char ecount_buf[AES_BLOCK_SIZE], -+ unsigned int *num); - - /* For IGE, see also http://www.links.org/files/openssl-ige.pdf */ - /* NB: the IV is _two_ blocks long */ - void AES_ige_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, const int enc); -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, const int enc); - /* NB: the IV is _four_ blocks long */ - void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- const AES_KEY *key2, const unsigned char *ivec, -- const int enc); -+ const unsigned long length, const AES_KEY *key, -+ const AES_KEY *key2, const unsigned char *ivec, -+ const int enc); - - int AES_wrap_key(AES_KEY *key, const unsigned char *iv, -- unsigned char *out, -- const unsigned char *in, unsigned int inlen); -+ unsigned char *out, -+ const unsigned char *in, unsigned int inlen); - int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, -- unsigned char *out, -- const unsigned char *in, unsigned int inlen); -+ unsigned char *out, -+ const unsigned char *in, unsigned int inlen); - - #ifdef __cplusplus - } - #endif - --#endif /* !HEADER_AES_H */ -+#endif /* !HEADER_AES_H */ -diff --git a/Cryptlib/Include/openssl/asn1.h b/Cryptlib/Include/openssl/asn1.h -index d9d5443..47e3e02 100644 ---- a/Cryptlib/Include/openssl/asn1.h -+++ b/Cryptlib/Include/openssl/asn1.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,236 +57,236 @@ - */ - - #ifndef HEADER_ASN1_H --#define HEADER_ASN1_H -+# define HEADER_ASN1_H - --#include --#include --#ifndef OPENSSL_NO_BIO --#include --#endif --#include --#include -+# include -+# include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# include -+# include - --#include -+# include - --#include --#ifndef OPENSSL_NO_DEPRECATED --#include --#endif -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif - --#ifdef OPENSSL_BUILD_SHLIBCRYPTO --# undef OPENSSL_EXTERN --# define OPENSSL_EXTERN OPENSSL_EXPORT --#endif -+# ifdef OPENSSL_BUILD_SHLIBCRYPTO -+# undef OPENSSL_EXTERN -+# define OPENSSL_EXTERN OPENSSL_EXPORT -+# endif - - #ifdef __cplusplus - extern "C" { - #endif - --#define V_ASN1_UNIVERSAL 0x00 --#define V_ASN1_APPLICATION 0x40 --#define V_ASN1_CONTEXT_SPECIFIC 0x80 --#define V_ASN1_PRIVATE 0xc0 -- --#define V_ASN1_CONSTRUCTED 0x20 --#define V_ASN1_PRIMITIVE_TAG 0x1f --#define V_ASN1_PRIMATIVE_TAG 0x1f -- --#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ --#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ --#define V_ASN1_ANY -4 /* used in ASN1 template code */ -- --#define V_ASN1_NEG 0x100 /* negative flag */ -- --#define V_ASN1_UNDEF -1 --#define V_ASN1_EOC 0 --#define V_ASN1_BOOLEAN 1 /**/ --#define V_ASN1_INTEGER 2 --#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) --#define V_ASN1_BIT_STRING 3 --#define V_ASN1_OCTET_STRING 4 --#define V_ASN1_NULL 5 --#define V_ASN1_OBJECT 6 --#define V_ASN1_OBJECT_DESCRIPTOR 7 --#define V_ASN1_EXTERNAL 8 --#define V_ASN1_REAL 9 --#define V_ASN1_ENUMERATED 10 --#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) --#define V_ASN1_UTF8STRING 12 --#define V_ASN1_SEQUENCE 16 --#define V_ASN1_SET 17 --#define V_ASN1_NUMERICSTRING 18 /**/ --#define V_ASN1_PRINTABLESTRING 19 --#define V_ASN1_T61STRING 20 --#define V_ASN1_TELETEXSTRING 20 /* alias */ --#define V_ASN1_VIDEOTEXSTRING 21 /**/ --#define V_ASN1_IA5STRING 22 --#define V_ASN1_UTCTIME 23 --#define V_ASN1_GENERALIZEDTIME 24 /**/ --#define V_ASN1_GRAPHICSTRING 25 /**/ --#define V_ASN1_ISO64STRING 26 /**/ --#define V_ASN1_VISIBLESTRING 26 /* alias */ --#define V_ASN1_GENERALSTRING 27 /**/ --#define V_ASN1_UNIVERSALSTRING 28 /**/ --#define V_ASN1_BMPSTRING 30 -- -+# define V_ASN1_UNIVERSAL 0x00 -+# define V_ASN1_APPLICATION 0x40 -+# define V_ASN1_CONTEXT_SPECIFIC 0x80 -+# define V_ASN1_PRIVATE 0xc0 -+ -+# define V_ASN1_CONSTRUCTED 0x20 -+# define V_ASN1_PRIMITIVE_TAG 0x1f -+# define V_ASN1_PRIMATIVE_TAG 0x1f -+ -+# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ -+# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ -+# define V_ASN1_ANY -4/* used in ASN1 template code */ -+ -+# define V_ASN1_NEG 0x100/* negative flag */ -+ -+# define V_ASN1_UNDEF -1 -+# define V_ASN1_EOC 0 -+# define V_ASN1_BOOLEAN 1 /**/ -+# define V_ASN1_INTEGER 2 -+# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) -+# define V_ASN1_BIT_STRING 3 -+# define V_ASN1_OCTET_STRING 4 -+# define V_ASN1_NULL 5 -+# define V_ASN1_OBJECT 6 -+# define V_ASN1_OBJECT_DESCRIPTOR 7 -+# define V_ASN1_EXTERNAL 8 -+# define V_ASN1_REAL 9 -+# define V_ASN1_ENUMERATED 10 -+# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) -+# define V_ASN1_UTF8STRING 12 -+# define V_ASN1_SEQUENCE 16 -+# define V_ASN1_SET 17 -+# define V_ASN1_NUMERICSTRING 18 /**/ -+# define V_ASN1_PRINTABLESTRING 19 -+# define V_ASN1_T61STRING 20 -+# define V_ASN1_TELETEXSTRING 20/* alias */ -+# define V_ASN1_VIDEOTEXSTRING 21 /**/ -+# define V_ASN1_IA5STRING 22 -+# define V_ASN1_UTCTIME 23 -+# define V_ASN1_GENERALIZEDTIME 24 /**/ -+# define V_ASN1_GRAPHICSTRING 25 /**/ -+# define V_ASN1_ISO64STRING 26 /**/ -+# define V_ASN1_VISIBLESTRING 26/* alias */ -+# define V_ASN1_GENERALSTRING 27 /**/ -+# define V_ASN1_UNIVERSALSTRING 28 /**/ -+# define V_ASN1_BMPSTRING 30 - /* For use with d2i_ASN1_type_bytes() */ --#define B_ASN1_NUMERICSTRING 0x0001 --#define B_ASN1_PRINTABLESTRING 0x0002 --#define B_ASN1_T61STRING 0x0004 --#define B_ASN1_TELETEXSTRING 0x0004 --#define B_ASN1_VIDEOTEXSTRING 0x0008 --#define B_ASN1_IA5STRING 0x0010 --#define B_ASN1_GRAPHICSTRING 0x0020 --#define B_ASN1_ISO64STRING 0x0040 --#define B_ASN1_VISIBLESTRING 0x0040 --#define B_ASN1_GENERALSTRING 0x0080 --#define B_ASN1_UNIVERSALSTRING 0x0100 --#define B_ASN1_OCTET_STRING 0x0200 --#define B_ASN1_BIT_STRING 0x0400 --#define B_ASN1_BMPSTRING 0x0800 --#define B_ASN1_UNKNOWN 0x1000 --#define B_ASN1_UTF8STRING 0x2000 --#define B_ASN1_UTCTIME 0x4000 --#define B_ASN1_GENERALIZEDTIME 0x8000 --#define B_ASN1_SEQUENCE 0x10000 -- -+# define B_ASN1_NUMERICSTRING 0x0001 -+# define B_ASN1_PRINTABLESTRING 0x0002 -+# define B_ASN1_T61STRING 0x0004 -+# define B_ASN1_TELETEXSTRING 0x0004 -+# define B_ASN1_VIDEOTEXSTRING 0x0008 -+# define B_ASN1_IA5STRING 0x0010 -+# define B_ASN1_GRAPHICSTRING 0x0020 -+# define B_ASN1_ISO64STRING 0x0040 -+# define B_ASN1_VISIBLESTRING 0x0040 -+# define B_ASN1_GENERALSTRING 0x0080 -+# define B_ASN1_UNIVERSALSTRING 0x0100 -+# define B_ASN1_OCTET_STRING 0x0200 -+# define B_ASN1_BIT_STRING 0x0400 -+# define B_ASN1_BMPSTRING 0x0800 -+# define B_ASN1_UNKNOWN 0x1000 -+# define B_ASN1_UTF8STRING 0x2000 -+# define B_ASN1_UTCTIME 0x4000 -+# define B_ASN1_GENERALIZEDTIME 0x8000 -+# define B_ASN1_SEQUENCE 0x10000 - /* For use with ASN1_mbstring_copy() */ --#define MBSTRING_FLAG 0x1000 --#define MBSTRING_UTF8 (MBSTRING_FLAG) --#define MBSTRING_ASC (MBSTRING_FLAG|1) --#define MBSTRING_BMP (MBSTRING_FLAG|2) --#define MBSTRING_UNIV (MBSTRING_FLAG|4) -- --#define SMIME_OLDMIME 0x400 --#define SMIME_CRLFEOL 0x800 --#define SMIME_STREAM 0x1000 -- --struct X509_algor_st; -+# define MBSTRING_FLAG 0x1000 -+# define MBSTRING_UTF8 (MBSTRING_FLAG) -+# define MBSTRING_ASC (MBSTRING_FLAG|1) -+# define MBSTRING_BMP (MBSTRING_FLAG|2) -+# define MBSTRING_UNIV (MBSTRING_FLAG|4) -+# define SMIME_OLDMIME 0x400 -+# define SMIME_CRLFEOL 0x800 -+# define SMIME_STREAM 0x1000 -+ struct X509_algor_st; - DECLARE_STACK_OF(X509_ALGOR) - --#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ --#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ -- --/* We MUST make sure that, except for constness, asn1_ctx_st and -- asn1_const_ctx are exactly the same. Fortunately, as soon as -- the old ASN1 parsing macros are gone, we can throw this away -- as well... */ --typedef struct asn1_ctx_st -- { -- unsigned char *p;/* work char pointer */ -- int eos; /* end of sequence read for indefinite encoding */ -- int error; /* error code to use when returning an error */ -- int inf; /* constructed if 0x20, indefinite is 0x21 */ -- int tag; /* tag from last 'get object' */ -- int xclass; /* class from last 'get object' */ -- long slen; /* length of last 'get object' */ -- unsigned char *max; /* largest value of p allowed */ -- unsigned char *q;/* temporary variable */ -- unsigned char **pp;/* variable */ -- int line; /* used in error processing */ -- } ASN1_CTX; -- --typedef struct asn1_const_ctx_st -- { -- const unsigned char *p;/* work char pointer */ -- int eos; /* end of sequence read for indefinite encoding */ -- int error; /* error code to use when returning an error */ -- int inf; /* constructed if 0x20, indefinite is 0x21 */ -- int tag; /* tag from last 'get object' */ -- int xclass; /* class from last 'get object' */ -- long slen; /* length of last 'get object' */ -- const unsigned char *max; /* largest value of p allowed */ -- const unsigned char *q;/* temporary variable */ -- const unsigned char **pp;/* variable */ -- int line; /* used in error processing */ -- } ASN1_const_CTX; -- --/* These are used internally in the ASN1_OBJECT to keep track of -- * whether the names and data need to be free()ed */ --#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ --#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ --#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ --#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ --typedef struct asn1_object_st -- { -- const char *sn,*ln; -- int nid; -- int length; -- unsigned char *data; -- int flags; /* Should we free this one */ -- } ASN1_OBJECT; -- --#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ --/* This indicates that the ASN1_STRING is not a real value but just a place -- * holder for the location where indefinite length constructed data should -- * be inserted in the memory buffer -+# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ -+# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */ -+ -+/* -+ * We MUST make sure that, except for constness, asn1_ctx_st and -+ * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1 -+ * parsing macros are gone, we can throw this away as well... -+ */ -+typedef struct asn1_ctx_st { -+ unsigned char *p; /* work char pointer */ -+ int eos; /* end of sequence read for indefinite -+ * encoding */ -+ int error; /* error code to use when returning an error */ -+ int inf; /* constructed if 0x20, indefinite is 0x21 */ -+ int tag; /* tag from last 'get object' */ -+ int xclass; /* class from last 'get object' */ -+ long slen; /* length of last 'get object' */ -+ unsigned char *max; /* largest value of p allowed */ -+ unsigned char *q; /* temporary variable */ -+ unsigned char **pp; /* variable */ -+ int line; /* used in error processing */ -+} ASN1_CTX; -+ -+typedef struct asn1_const_ctx_st { -+ const unsigned char *p; /* work char pointer */ -+ int eos; /* end of sequence read for indefinite -+ * encoding */ -+ int error; /* error code to use when returning an error */ -+ int inf; /* constructed if 0x20, indefinite is 0x21 */ -+ int tag; /* tag from last 'get object' */ -+ int xclass; /* class from last 'get object' */ -+ long slen; /* length of last 'get object' */ -+ const unsigned char *max; /* largest value of p allowed */ -+ const unsigned char *q; /* temporary variable */ -+ const unsigned char **pp; /* variable */ -+ int line; /* used in error processing */ -+} ASN1_const_CTX; -+ -+/* -+ * These are used internally in the ASN1_OBJECT to keep track of whether the -+ * names and data need to be free()ed -+ */ -+# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ -+# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ -+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ -+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ -+typedef struct asn1_object_st { -+ const char *sn, *ln; -+ int nid; -+ int length; -+ unsigned char *data; -+ int flags; /* Should we free this one */ -+} ASN1_OBJECT; -+ -+# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ -+/* -+ * This indicates that the ASN1_STRING is not a real value but just a place -+ * holder for the location where indefinite length constructed data should be -+ * inserted in the memory buffer - */ --#define ASN1_STRING_FLAG_NDEF 0x010 -+# define ASN1_STRING_FLAG_NDEF 0x010 - --/* This flag is used by the CMS code to indicate that a string is not -- * complete and is a place holder for content when it had all been -- * accessed. The flag will be reset when content has been written to it. -+/* -+ * This flag is used by the CMS code to indicate that a string is not -+ * complete and is a place holder for content when it had all been accessed. -+ * The flag will be reset when content has been written to it. - */ --#define ASN1_STRING_FLAG_CONT 0x020 -+# define ASN1_STRING_FLAG_CONT 0x020 - - /* This is the base type that holds just about everything :-) */ --typedef struct asn1_string_st -- { -- int length; -- int type; -- unsigned char *data; -- /* The value of the following field depends on the type being -- * held. It is mostly being used for BIT_STRING so if the -- * input data has a non-zero 'unused bits' value, it will be -- * handled correctly */ -- long flags; -- } ASN1_STRING; -- --/* ASN1_ENCODING structure: this is used to save the received -- * encoding of an ASN1 type. This is useful to get round -- * problems with invalid encodings which can break signatures. -+typedef struct asn1_string_st { -+ int length; -+ int type; -+ unsigned char *data; -+ /* -+ * The value of the following field depends on the type being held. It -+ * is mostly being used for BIT_STRING so if the input data has a -+ * non-zero 'unused bits' value, it will be handled correctly -+ */ -+ long flags; -+} ASN1_STRING; -+ -+/* -+ * ASN1_ENCODING structure: this is used to save the received encoding of an -+ * ASN1 type. This is useful to get round problems with invalid encodings -+ * which can break signatures. - */ - --typedef struct ASN1_ENCODING_st -- { -- unsigned char *enc; /* DER encoding */ -- long len; /* Length of encoding */ -- int modified; /* set to 1 if 'enc' is invalid */ -- } ASN1_ENCODING; -+typedef struct ASN1_ENCODING_st { -+ unsigned char *enc; /* DER encoding */ -+ long len; /* Length of encoding */ -+ int modified; /* set to 1 if 'enc' is invalid */ -+} ASN1_ENCODING; - - /* Used with ASN1 LONG type: if a long is set to this it is omitted */ --#define ASN1_LONG_UNDEF 0x7fffffffL -+# define ASN1_LONG_UNDEF 0x7fffffffL - --#define STABLE_FLAGS_MALLOC 0x01 --#define STABLE_NO_MASK 0x02 --#define DIRSTRING_TYPE \ -+# define STABLE_FLAGS_MALLOC 0x01 -+# define STABLE_NO_MASK 0x02 -+# define DIRSTRING_TYPE \ - (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) --#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) -+# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) - - typedef struct asn1_string_table_st { -- int nid; -- long minsize; -- long maxsize; -- unsigned long mask; -- unsigned long flags; -+ int nid; -+ long minsize; -+ long maxsize; -+ unsigned long mask; -+ unsigned long flags; - } ASN1_STRING_TABLE; - - DECLARE_STACK_OF(ASN1_STRING_TABLE) - - /* size limits: this stuff is taken straight from RFC2459 */ - --#define ub_name 32768 --#define ub_common_name 64 --#define ub_locality_name 128 --#define ub_state_name 128 --#define ub_organization_name 64 --#define ub_organization_unit_name 64 --#define ub_title 64 --#define ub_email_address 128 -- --/* Declarations for template structures: for full definitions -- * see asn1t.h -+# define ub_name 32768 -+# define ub_common_name 64 -+# define ub_locality_name 128 -+# define ub_state_name 128 -+# define ub_organization_name 64 -+# define ub_organization_unit_name 64 -+# define ub_title 64 -+# define ub_email_address 128 -+ -+/* -+ * Declarations for template structures: for full definitions see asn1t.h - */ - typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; - typedef struct ASN1_ITEM_st ASN1_ITEM; -@@ -296,64 +296,65 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; - - /* Declare ASN1 functions: the implement macro in in asn1t.h */ - --#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) -+# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) - --#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ -- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) -+# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ -+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) - --#define DECLARE_ASN1_FUNCTIONS_name(type, name) \ -- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ -- DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) -+# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ -+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ -+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) - --#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ -- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ -- DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) -+# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ -+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ -+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) - --#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ -- type *d2i_##name(type **a, const unsigned char **in, long len); \ -- int i2d_##name(type *a, unsigned char **out); \ -- DECLARE_ASN1_ITEM(itname) -+# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ -+ type *d2i_##name(type **a, const unsigned char **in, long len); \ -+ int i2d_##name(type *a, unsigned char **out); \ -+ DECLARE_ASN1_ITEM(itname) - --#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ -- type *d2i_##name(type **a, const unsigned char **in, long len); \ -- int i2d_##name(const type *a, unsigned char **out); \ -- DECLARE_ASN1_ITEM(name) -+# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ -+ type *d2i_##name(type **a, const unsigned char **in, long len); \ -+ int i2d_##name(const type *a, unsigned char **out); \ -+ DECLARE_ASN1_ITEM(name) - --#define DECLARE_ASN1_NDEF_FUNCTION(name) \ -- int i2d_##name##_NDEF(name *a, unsigned char **out); -+# define DECLARE_ASN1_NDEF_FUNCTION(name) \ -+ int i2d_##name##_NDEF(name *a, unsigned char **out); - --#define DECLARE_ASN1_FUNCTIONS_const(name) \ -- DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ -- DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) -+# define DECLARE_ASN1_FUNCTIONS_const(name) \ -+ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ -+ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) - --#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ -- type *name##_new(void); \ -- void name##_free(type *a); -+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ -+ type *name##_new(void); \ -+ void name##_free(type *a); - --#define D2I_OF(type) type *(*)(type **,const unsigned char **,long) --#define I2D_OF(type) int (*)(type *,unsigned char **) --#define I2D_OF_const(type) int (*)(const type *,unsigned char **) -+# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) -+# define I2D_OF(type) int (*)(type *,unsigned char **) -+# define I2D_OF_const(type) int (*)(const type *,unsigned char **) - --#define CHECKED_D2I_OF(type, d2i) \ -+# define CHECKED_D2I_OF(type, d2i) \ - ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) --#define CHECKED_I2D_OF(type, i2d) \ -+# define CHECKED_I2D_OF(type, i2d) \ - ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) --#define CHECKED_NEW_OF(type, xnew) \ -+# define CHECKED_NEW_OF(type, xnew) \ - ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) --#define CHECKED_PTR_OF(type, p) \ -+# define CHECKED_PTR_OF(type, p) \ - ((void*) (1 ? p : (type*)0)) --#define CHECKED_PPTR_OF(type, p) \ -+# define CHECKED_PPTR_OF(type, p) \ - ((void**) (1 ? p : (type**)0)) --#define CHECKED_PTR_OF_TO_CHAR(type, p) \ -+# define CHECKED_PTR_OF_TO_CHAR(type, p) \ - ((char*) (1 ? p : (type*)0)) - --#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) --#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) --#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) -+# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) -+# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) -+# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) - - TYPEDEF_D2I2D_OF(void); - --/* The following macros and typedefs allow an ASN1_ITEM -+/*- -+ * The following macros and typedefs allow an ASN1_ITEM - * to be embedded in a structure and referenced. Since - * the ASN1_ITEM pointers need to be globally accessible - * (possibly from shared libraries) they may exist in -@@ -372,7 +373,7 @@ TYPEDEF_D2I2D_OF(void); - * ... - * ASN1_ITEM_EXP *iptr; - * ... -- * } SOMETHING; -+ * } SOMETHING; - * - * It would be initialised as e.g.: - * -@@ -388,462 +389,465 @@ TYPEDEF_D2I2D_OF(void); - * - */ - --#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION - - /* ASN1_ITEM pointer exported type */ - typedef const ASN1_ITEM ASN1_ITEM_EXP; - - /* Macro to obtain ASN1_ITEM pointer from exported type */ --#define ASN1_ITEM_ptr(iptr) (iptr) -+# define ASN1_ITEM_ptr(iptr) (iptr) - - /* Macro to include ASN1_ITEM pointer from base type */ --#define ASN1_ITEM_ref(iptr) (&(iptr##_it)) -+# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) - --#define ASN1_ITEM_rptr(ref) (&(ref##_it)) -+# define ASN1_ITEM_rptr(ref) (&(ref##_it)) - --#define DECLARE_ASN1_ITEM(name) \ -- OPENSSL_EXTERN const ASN1_ITEM name##_it; -+# define DECLARE_ASN1_ITEM(name) \ -+ OPENSSL_EXTERN const ASN1_ITEM name##_it; - --#else -+# else - --/* Platforms that can't easily handle shared global variables are declared -- * as functions returning ASN1_ITEM pointers. -+/* -+ * Platforms that can't easily handle shared global variables are declared as -+ * functions returning ASN1_ITEM pointers. - */ - - /* ASN1_ITEM pointer exported type */ --typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); -+typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); - - /* Macro to obtain ASN1_ITEM pointer from exported type */ --#define ASN1_ITEM_ptr(iptr) (iptr()) -+# define ASN1_ITEM_ptr(iptr) (iptr()) - - /* Macro to include ASN1_ITEM pointer from base type */ --#define ASN1_ITEM_ref(iptr) (iptr##_it) -+# define ASN1_ITEM_ref(iptr) (iptr##_it) - --#define ASN1_ITEM_rptr(ref) (ref##_it()) -+# define ASN1_ITEM_rptr(ref) (ref##_it()) - --#define DECLARE_ASN1_ITEM(name) \ -- const ASN1_ITEM * name##_it(void); -+# define DECLARE_ASN1_ITEM(name) \ -+ const ASN1_ITEM * name##_it(void); - --#endif -+# endif - - /* Parameters used by ASN1_STRING_print_ex() */ - --/* These determine which characters to escape: -- * RFC2253 special characters, control characters and -- * MSB set characters -+/* -+ * These determine which characters to escape: RFC2253 special characters, -+ * control characters and MSB set characters - */ - --#define ASN1_STRFLGS_ESC_2253 1 --#define ASN1_STRFLGS_ESC_CTRL 2 --#define ASN1_STRFLGS_ESC_MSB 4 -- -+# define ASN1_STRFLGS_ESC_2253 1 -+# define ASN1_STRFLGS_ESC_CTRL 2 -+# define ASN1_STRFLGS_ESC_MSB 4 - --/* This flag determines how we do escaping: normally -- * RC2253 backslash only, set this to use backslash and -- * quote. -+/* -+ * This flag determines how we do escaping: normally RC2253 backslash only, -+ * set this to use backslash and quote. - */ - --#define ASN1_STRFLGS_ESC_QUOTE 8 -- -+# define ASN1_STRFLGS_ESC_QUOTE 8 - - /* These three flags are internal use only. */ - - /* Character is a valid PrintableString character */ --#define CHARTYPE_PRINTABLESTRING 0x10 -+# define CHARTYPE_PRINTABLESTRING 0x10 - /* Character needs escaping if it is the first character */ --#define CHARTYPE_FIRST_ESC_2253 0x20 -+# define CHARTYPE_FIRST_ESC_2253 0x20 - /* Character needs escaping if it is the last character */ --#define CHARTYPE_LAST_ESC_2253 0x40 -+# define CHARTYPE_LAST_ESC_2253 0x40 - --/* NB the internal flags are safely reused below by flags -- * handled at the top level. -+/* -+ * NB the internal flags are safely reused below by flags handled at the top -+ * level. - */ - --/* If this is set we convert all character strings -- * to UTF8 first -+/* -+ * If this is set we convert all character strings to UTF8 first - */ - --#define ASN1_STRFLGS_UTF8_CONVERT 0x10 -+# define ASN1_STRFLGS_UTF8_CONVERT 0x10 - --/* If this is set we don't attempt to interpret content: -- * just assume all strings are 1 byte per character. This -- * will produce some pretty odd looking output! -+/* -+ * If this is set we don't attempt to interpret content: just assume all -+ * strings are 1 byte per character. This will produce some pretty odd -+ * looking output! - */ - --#define ASN1_STRFLGS_IGNORE_TYPE 0x20 -+# define ASN1_STRFLGS_IGNORE_TYPE 0x20 - - /* If this is set we include the string type in the output */ --#define ASN1_STRFLGS_SHOW_TYPE 0x40 -- --/* This determines which strings to display and which to -- * 'dump' (hex dump of content octets or DER encoding). We can -- * only dump non character strings or everything. If we -- * don't dump 'unknown' they are interpreted as character -- * strings with 1 octet per character and are subject to -- * the usual escaping options. -+# define ASN1_STRFLGS_SHOW_TYPE 0x40 -+ -+/* -+ * This determines which strings to display and which to 'dump' (hex dump of -+ * content octets or DER encoding). We can only dump non character strings or -+ * everything. If we don't dump 'unknown' they are interpreted as character -+ * strings with 1 octet per character and are subject to the usual escaping -+ * options. - */ - --#define ASN1_STRFLGS_DUMP_ALL 0x80 --#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 -+# define ASN1_STRFLGS_DUMP_ALL 0x80 -+# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 - --/* These determine what 'dumping' does, we can dump the -- * content octets or the DER encoding: both use the -- * RFC2253 #XXXXX notation. -+/* -+ * These determine what 'dumping' does, we can dump the content octets or the -+ * DER encoding: both use the RFC2253 #XXXXX notation. - */ - --#define ASN1_STRFLGS_DUMP_DER 0x200 -+# define ASN1_STRFLGS_DUMP_DER 0x200 - --/* All the string flags consistent with RFC2253, -- * escaping control characters isn't essential in -- * RFC2253 but it is advisable anyway. -+/* -+ * All the string flags consistent with RFC2253, escaping control characters -+ * isn't essential in RFC2253 but it is advisable anyway. - */ - --#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ -- ASN1_STRFLGS_ESC_CTRL | \ -- ASN1_STRFLGS_ESC_MSB | \ -- ASN1_STRFLGS_UTF8_CONVERT | \ -- ASN1_STRFLGS_DUMP_UNKNOWN | \ -- ASN1_STRFLGS_DUMP_DER) -+# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ -+ ASN1_STRFLGS_ESC_CTRL | \ -+ ASN1_STRFLGS_ESC_MSB | \ -+ ASN1_STRFLGS_UTF8_CONVERT | \ -+ ASN1_STRFLGS_DUMP_UNKNOWN | \ -+ ASN1_STRFLGS_DUMP_DER) - - DECLARE_STACK_OF(ASN1_INTEGER) - DECLARE_ASN1_SET_OF(ASN1_INTEGER) - - DECLARE_STACK_OF(ASN1_GENERALSTRING) - --typedef struct asn1_type_st -- { -- int type; -- union { -- char *ptr; -- ASN1_BOOLEAN boolean; -- ASN1_STRING * asn1_string; -- ASN1_OBJECT * object; -- ASN1_INTEGER * integer; -- ASN1_ENUMERATED * enumerated; -- ASN1_BIT_STRING * bit_string; -- ASN1_OCTET_STRING * octet_string; -- ASN1_PRINTABLESTRING * printablestring; -- ASN1_T61STRING * t61string; -- ASN1_IA5STRING * ia5string; -- ASN1_GENERALSTRING * generalstring; -- ASN1_BMPSTRING * bmpstring; -- ASN1_UNIVERSALSTRING * universalstring; -- ASN1_UTCTIME * utctime; -- ASN1_GENERALIZEDTIME * generalizedtime; -- ASN1_VISIBLESTRING * visiblestring; -- ASN1_UTF8STRING * utf8string; -- /* set and sequence are left complete and still -- * contain the set or sequence bytes */ -- ASN1_STRING * set; -- ASN1_STRING * sequence; -- ASN1_VALUE * asn1_value; -- } value; -- } ASN1_TYPE; -+typedef struct asn1_type_st { -+ int type; -+ union { -+ char *ptr; -+ ASN1_BOOLEAN boolean; -+ ASN1_STRING *asn1_string; -+ ASN1_OBJECT *object; -+ ASN1_INTEGER *integer; -+ ASN1_ENUMERATED *enumerated; -+ ASN1_BIT_STRING *bit_string; -+ ASN1_OCTET_STRING *octet_string; -+ ASN1_PRINTABLESTRING *printablestring; -+ ASN1_T61STRING *t61string; -+ ASN1_IA5STRING *ia5string; -+ ASN1_GENERALSTRING *generalstring; -+ ASN1_BMPSTRING *bmpstring; -+ ASN1_UNIVERSALSTRING *universalstring; -+ ASN1_UTCTIME *utctime; -+ ASN1_GENERALIZEDTIME *generalizedtime; -+ ASN1_VISIBLESTRING *visiblestring; -+ ASN1_UTF8STRING *utf8string; -+ /* -+ * set and sequence are left complete and still contain the set or -+ * sequence bytes -+ */ -+ ASN1_STRING *set; -+ ASN1_STRING *sequence; -+ ASN1_VALUE *asn1_value; -+ } value; -+} ASN1_TYPE; - - DECLARE_STACK_OF(ASN1_TYPE) - DECLARE_ASN1_SET_OF(ASN1_TYPE) - --typedef struct asn1_method_st -- { -- i2d_of_void *i2d; -- d2i_of_void *d2i; -- void *(*create)(void); -- void (*destroy)(void *); -- } ASN1_METHOD; -+typedef struct asn1_method_st { -+ i2d_of_void *i2d; -+ d2i_of_void *d2i; -+ void *(*create) (void); -+ void (*destroy) (void *); -+} ASN1_METHOD; - - /* This is used when parsing some Netscape objects */ --typedef struct asn1_header_st -- { -- ASN1_OCTET_STRING *header; -- void *data; -- ASN1_METHOD *meth; -- } ASN1_HEADER; -+typedef struct asn1_header_st { -+ ASN1_OCTET_STRING *header; -+ void *data; -+ ASN1_METHOD *meth; -+} ASN1_HEADER; - - /* This is used to contain a list of bit names */ - typedef struct BIT_STRING_BITNAME_st { -- int bitnum; -- const char *lname; -- const char *sname; -+ int bitnum; -+ const char *lname; -+ const char *sname; - } BIT_STRING_BITNAME; - -- --#define M_ASN1_STRING_length(x) ((x)->length) --#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) --#define M_ASN1_STRING_type(x) ((x)->type) --#define M_ASN1_STRING_data(x) ((x)->data) -+# define M_ASN1_STRING_length(x) ((x)->length) -+# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) -+# define M_ASN1_STRING_type(x) ((x)->type) -+# define M_ASN1_STRING_data(x) ((x)->data) - - /* Macros for string operations */ --#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ -- ASN1_STRING_type_new(V_ASN1_BIT_STRING) --#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ -- ASN1_STRING_dup((ASN1_STRING *)a) --#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ -- (ASN1_STRING *)a,(ASN1_STRING *)b) --#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -- --#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ -- ASN1_STRING_type_new(V_ASN1_INTEGER) --#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) --#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ -- (ASN1_STRING *)a,(ASN1_STRING *)b) -- --#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ -- ASN1_STRING_type_new(V_ASN1_ENUMERATED) --#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) --#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ -- (ASN1_STRING *)a,(ASN1_STRING *)b) -- --#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ -- ASN1_STRING_type_new(V_ASN1_OCTET_STRING) --#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ -- ASN1_STRING_dup((ASN1_STRING *)a) --#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ -- (ASN1_STRING *)a,(ASN1_STRING *)b) --#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) --#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) --#define M_i2d_ASN1_OCTET_STRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ -- V_ASN1_UNIVERSAL) -- --#define B_ASN1_TIME \ -- B_ASN1_UTCTIME | \ -- B_ASN1_GENERALIZEDTIME -- --#define B_ASN1_PRINTABLE \ -- B_ASN1_NUMERICSTRING| \ -- B_ASN1_PRINTABLESTRING| \ -- B_ASN1_T61STRING| \ -- B_ASN1_IA5STRING| \ -- B_ASN1_BIT_STRING| \ -- B_ASN1_UNIVERSALSTRING|\ -- B_ASN1_BMPSTRING|\ -- B_ASN1_UTF8STRING|\ -- B_ASN1_SEQUENCE|\ -- B_ASN1_UNKNOWN -- --#define B_ASN1_DIRECTORYSTRING \ -- B_ASN1_PRINTABLESTRING| \ -- B_ASN1_TELETEXSTRING|\ -- B_ASN1_BMPSTRING|\ -- B_ASN1_UNIVERSALSTRING|\ -- B_ASN1_UTF8STRING -- --#define B_ASN1_DISPLAYTEXT \ -- B_ASN1_IA5STRING| \ -- B_ASN1_VISIBLESTRING| \ -- B_ASN1_BMPSTRING|\ -- B_ASN1_UTF8STRING -- --#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) --#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -- pp,a->type,V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_PRINTABLE(a,pp,l) \ -- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -- B_ASN1_PRINTABLE) -- --#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) --#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -- pp,a->type,V_ASN1_UNIVERSAL) --#define M_d2i_DIRECTORYSTRING(a,pp,l) \ -- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -- B_ASN1_DIRECTORYSTRING) -- --#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) --#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -- pp,a->type,V_ASN1_UNIVERSAL) --#define M_d2i_DISPLAYTEXT(a,pp,l) \ -- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -- B_ASN1_DISPLAYTEXT) -- --#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ -- ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) --#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ -- V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ -- (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ -- ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) -- --#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ -- ASN1_STRING_type_new(V_ASN1_T61STRING) --#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_ASN1_T61STRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ -- V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_T61STRING(a,pp,l) \ -- (ASN1_T61STRING *)d2i_ASN1_type_bytes\ -- ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) -- --#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ -- ASN1_STRING_type_new(V_ASN1_IA5STRING) --#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_ASN1_IA5STRING_dup(a) \ -- (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) --#define M_i2d_ASN1_IA5STRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ -- V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_IA5STRING(a,pp,l) \ -- (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ -- B_ASN1_IA5STRING) -- --#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ -- ASN1_STRING_type_new(V_ASN1_UTCTIME) --#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) -- --#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ -- ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) --#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ -- (ASN1_STRING *)a) -- --#define M_ASN1_TIME_new() (ASN1_TIME *)\ -- ASN1_STRING_type_new(V_ASN1_UTCTIME) --#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) -- --#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ -- ASN1_STRING_type_new(V_ASN1_GENERALSTRING) --#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_ASN1_GENERALSTRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ -- V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ -- (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ -- ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) -- --#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ -- ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) --#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ -- V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ -- (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ -- ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) -- --#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ -- ASN1_STRING_type_new(V_ASN1_BMPSTRING) --#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_ASN1_BMPSTRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ -- V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_BMPSTRING(a,pp,l) \ -- (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ -- ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) -- --#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ -- ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) --#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_ASN1_VISIBLESTRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ -- V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ -- (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ -- ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) -- --#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ -- ASN1_STRING_type_new(V_ASN1_UTF8STRING) --#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) --#define M_i2d_ASN1_UTF8STRING(a,pp) \ -- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ -- V_ASN1_UNIVERSAL) --#define M_d2i_ASN1_UTF8STRING(a,pp,l) \ -- (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ -- ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) -+# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_BIT_STRING) -+# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ -+ ASN1_STRING_dup((ASN1_STRING *)a) -+# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ -+ (ASN1_STRING *)a,(ASN1_STRING *)b) -+# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -+ -+# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ -+ ASN1_STRING_type_new(V_ASN1_INTEGER) -+# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) -+# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ -+ (ASN1_STRING *)a,(ASN1_STRING *)b) -+ -+# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ -+ ASN1_STRING_type_new(V_ASN1_ENUMERATED) -+# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) -+# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ -+ (ASN1_STRING *)a,(ASN1_STRING *)b) -+ -+# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_OCTET_STRING) -+# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ -+ ASN1_STRING_dup((ASN1_STRING *)a) -+# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ -+ (ASN1_STRING *)a,(ASN1_STRING *)b) -+# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -+# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) -+# define M_i2d_ASN1_OCTET_STRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ -+ V_ASN1_UNIVERSAL) -+ -+# define B_ASN1_TIME \ -+ B_ASN1_UTCTIME | \ -+ B_ASN1_GENERALIZEDTIME -+ -+# define B_ASN1_PRINTABLE \ -+ B_ASN1_NUMERICSTRING| \ -+ B_ASN1_PRINTABLESTRING| \ -+ B_ASN1_T61STRING| \ -+ B_ASN1_IA5STRING| \ -+ B_ASN1_BIT_STRING| \ -+ B_ASN1_UNIVERSALSTRING|\ -+ B_ASN1_BMPSTRING|\ -+ B_ASN1_UTF8STRING|\ -+ B_ASN1_SEQUENCE|\ -+ B_ASN1_UNKNOWN -+ -+# define B_ASN1_DIRECTORYSTRING \ -+ B_ASN1_PRINTABLESTRING| \ -+ B_ASN1_TELETEXSTRING|\ -+ B_ASN1_BMPSTRING|\ -+ B_ASN1_UNIVERSALSTRING|\ -+ B_ASN1_UTF8STRING -+ -+# define B_ASN1_DISPLAYTEXT \ -+ B_ASN1_IA5STRING| \ -+ B_ASN1_VISIBLESTRING| \ -+ B_ASN1_BMPSTRING|\ -+ B_ASN1_UTF8STRING -+ -+# define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) -+# define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -+ pp,a->type,V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_PRINTABLE(a,pp,l) \ -+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -+ B_ASN1_PRINTABLE) -+ -+# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -+# define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -+ pp,a->type,V_ASN1_UNIVERSAL) -+# define M_d2i_DIRECTORYSTRING(a,pp,l) \ -+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -+ B_ASN1_DIRECTORYSTRING) -+ -+# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -+# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ -+ pp,a->type,V_ASN1_UNIVERSAL) -+# define M_d2i_DISPLAYTEXT(a,pp,l) \ -+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ -+ B_ASN1_DISPLAYTEXT) -+ -+# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -+# define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ -+ (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) -+ -+# define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_T61STRING) -+# define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_T61STRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_T61STRING(a,pp,l) \ -+ (ASN1_T61STRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) -+ -+# define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_IA5STRING) -+# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_IA5STRING_dup(a) \ -+ (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) -+# define M_i2d_ASN1_IA5STRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_IA5STRING(a,pp,l) \ -+ (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ -+ B_ASN1_IA5STRING) -+ -+# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ -+ ASN1_STRING_type_new(V_ASN1_UTCTIME) -+# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) -+ -+# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ -+ ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) -+# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ -+ (ASN1_STRING *)a) -+ -+# define M_ASN1_TIME_new() (ASN1_TIME *)\ -+ ASN1_STRING_type_new(V_ASN1_UTCTIME) -+# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) -+ -+# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_GENERALSTRING) -+# define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_GENERALSTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ -+ (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) -+ -+# define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) -+# define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ -+ (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) -+ -+# define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_BMPSTRING) -+# define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_BMPSTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_BMPSTRING(a,pp,l) \ -+ (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) -+ -+# define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ -+ ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -+# define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_VISIBLESTRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ -+ (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) -+ -+# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ -+ ASN1_STRING_type_new(V_ASN1_UTF8STRING) -+# define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -+# define M_i2d_ASN1_UTF8STRING(a,pp) \ -+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ -+ V_ASN1_UNIVERSAL) -+# define M_d2i_ASN1_UTF8STRING(a,pp,l) \ -+ (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ -+ ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) - - /* for the is_set parameter to i2d_ASN1_SET */ --#define IS_SEQUENCE 0 --#define IS_SET 1 -+# define IS_SEQUENCE 0 -+# define IS_SET 1 - - DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) - - int ASN1_TYPE_get(ASN1_TYPE *a); - void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); - int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); - --ASN1_OBJECT * ASN1_OBJECT_new(void ); --void ASN1_OBJECT_free(ASN1_OBJECT *a); --int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); --ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, -- long length); --ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, -- long length); -+ASN1_OBJECT *ASN1_OBJECT_new(void); -+void ASN1_OBJECT_free(ASN1_OBJECT *a); -+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); -+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, -+ long length); -+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, -+ long length); - - DECLARE_ASN1_ITEM(ASN1_OBJECT) - - DECLARE_STACK_OF(ASN1_OBJECT) - DECLARE_ASN1_SET_OF(ASN1_OBJECT) - --ASN1_STRING * ASN1_STRING_new(void); --void ASN1_STRING_free(ASN1_STRING *a); --ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); --ASN1_STRING * ASN1_STRING_type_new(int type ); --int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); -- /* Since this is used to store all sorts of things, via macros, for now, make -- its data void * */ --int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); --void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); -+ASN1_STRING *ASN1_STRING_new(void); -+void ASN1_STRING_free(ASN1_STRING *a); -+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *a); -+ASN1_STRING *ASN1_STRING_type_new(int type); -+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); -+ /* -+ * Since this is used to store all sorts of things, via macros, for now, -+ * make its data void * -+ */ -+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); -+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); - int ASN1_STRING_length(ASN1_STRING *x); - void ASN1_STRING_length_set(ASN1_STRING *x, int n); - int ASN1_STRING_type(ASN1_STRING *x); --unsigned char * ASN1_STRING_data(ASN1_STRING *x); -+unsigned char *ASN1_STRING_data(ASN1_STRING *x); - - DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) --int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); --ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, -- long length); --int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, -- int length ); --int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); --int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); -- --#ifndef OPENSSL_NO_BIO -+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); -+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, -+ const unsigned char **pp, long length); -+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); -+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); -+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); -+ -+# ifndef OPENSSL_NO_BIO - int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, -- BIT_STRING_BITNAME *tbl, int indent); --#endif -+ BIT_STRING_BITNAME *tbl, int indent); -+# endif - int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); - int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, -- BIT_STRING_BITNAME *tbl); -+ BIT_STRING_BITNAME *tbl); - --int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); --int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length); -+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); -+int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); - - DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) --int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); --ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, -- long length); --ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp, -- long length); --ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); -+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); -+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, -+ long length); -+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, -+ long length); -+ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x); - int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); - - DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) - - int ASN1_UTCTIME_check(ASN1_UTCTIME *a); --ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); -+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); - int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); - int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); --#if 0 -+# if 0 - time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); --#endif -+# endif - - int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); --ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); -+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, -+ time_t t); - int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); - - DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) --ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); --int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); --int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); -+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); -+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); -+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, -+ int len); - - DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) - DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) -@@ -868,40 +872,41 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME) - - DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) - --ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); -+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); - int ASN1_TIME_check(ASN1_TIME *t); --ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); -+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME -+ **out); - --int i2d_ASN1_SET(STACK *a, unsigned char **pp, -- i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); --STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length, -- d2i_of_void *d2i, void (*free_func)(void *), -- int ex_tag, int ex_class); -+int i2d_ASN1_SET(STACK * a, unsigned char **pp, -+ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); -+STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length, -+ d2i_of_void *d2i, void (*free_func) (void *), -+ int ex_tag, int ex_class); - --#ifndef OPENSSL_NO_BIO -+# ifndef OPENSSL_NO_BIO - int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); --int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size); -+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); - int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); --int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size); --int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); --int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size); -+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); -+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a); -+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); - int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); --#endif --int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); -+# endif -+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a); - --int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num); --ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, -- const char *sn, const char *ln); -+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); -+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, -+ const char *sn, const char *ln); - - int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); - long ASN1_INTEGER_get(ASN1_INTEGER *a); - ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); --BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn); -+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn); - - int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); - long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); - ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); --BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); -+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); - - /* General */ - /* given a string, return the correct type, max is the maximum length */ -@@ -909,11 +914,11 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int max); - - int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); - ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, -- long length, int Ptag, int Pclass); -+ long length, int Ptag, int Pclass); - unsigned long ASN1_tag2bit(int tag); - /* type is one or more of the B_ASN1_ values. */ --ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp, -- long length,int type); -+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, -+ long length, int type); - - /* PARSING */ - int asn1_Finish(ASN1_CTX *c); -@@ -921,101 +926,103 @@ int asn1_const_Finish(ASN1_const_CTX *c); - - /* SPECIALS */ - int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, -- int *pclass, long omax); --int ASN1_check_infinite_end(unsigned char **p,long len); --int ASN1_const_check_infinite_end(const unsigned char **p,long len); -+ int *pclass, long omax); -+int ASN1_check_infinite_end(unsigned char **p, long len); -+int ASN1_const_check_infinite_end(const unsigned char **p, long len); - void ASN1_put_object(unsigned char **pp, int constructed, int length, -- int tag, int xclass); -+ int tag, int xclass); - int ASN1_put_eoc(unsigned char **pp); - int ASN1_object_size(int constructed, int length, int tag); - - /* Used to implement other functions */ - void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); - --#define ASN1_dup_of(type,i2d,d2i,x) \ -+# define ASN1_dup_of(type,i2d,d2i,x) \ - ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ -- CHECKED_D2I_OF(type, d2i), \ -- CHECKED_PTR_OF_TO_CHAR(type, x))) -+ CHECKED_D2I_OF(type, d2i), \ -+ CHECKED_PTR_OF_TO_CHAR(type, x))) - --#define ASN1_dup_of_const(type,i2d,d2i,x) \ -+# define ASN1_dup_of_const(type,i2d,d2i,x) \ - ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ -- CHECKED_D2I_OF(type, d2i), \ -- CHECKED_PTR_OF_TO_CHAR(const type, x))) -+ CHECKED_D2I_OF(type, d2i), \ -+ CHECKED_PTR_OF_TO_CHAR(const type, x))) - - void *ASN1_item_dup(const ASN1_ITEM *it, void *x); - - /* ASN1 alloc/free macros for when a type is only used internally */ - --#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) --#define M_ASN1_free_of(x, type) \ -- ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) -+# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) -+# define M_ASN1_free_of(x, type) \ -+ ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) - --#ifndef OPENSSL_NO_FP_API --void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); -+# ifndef OPENSSL_NO_FP_API -+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); - --#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ -+# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ - ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ -- CHECKED_D2I_OF(type, d2i), \ -- in, \ -- CHECKED_PPTR_OF(type, x))) -+ CHECKED_D2I_OF(type, d2i), \ -+ in, \ -+ CHECKED_PPTR_OF(type, x))) - - void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); --int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x); -+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); - --#define ASN1_i2d_fp_of(type,i2d,out,x) \ -+# define ASN1_i2d_fp_of(type,i2d,out,x) \ - (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ -- out, \ -- CHECKED_PTR_OF(type, x))) -+ out, \ -+ CHECKED_PTR_OF(type, x))) - --#define ASN1_i2d_fp_of_const(type,i2d,out,x) \ -+# define ASN1_i2d_fp_of_const(type,i2d,out,x) \ - (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ -- out, \ -- CHECKED_PTR_OF(const type, x))) -+ out, \ -+ CHECKED_PTR_OF(const type, x))) - - int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); - int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); --#endif -+# endif - - int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); - --#ifndef OPENSSL_NO_BIO --void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); -+# ifndef OPENSSL_NO_BIO -+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); - --#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ -+# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ - ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ -- CHECKED_D2I_OF(type, d2i), \ -- in, \ -- CHECKED_PPTR_OF(type, x))) -+ CHECKED_D2I_OF(type, d2i), \ -+ in, \ -+ CHECKED_PPTR_OF(type, x))) - - void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); --int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); -+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); - --#define ASN1_i2d_bio_of(type,i2d,out,x) \ -+# define ASN1_i2d_bio_of(type,i2d,out,x) \ - (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ -- out, \ -- CHECKED_PTR_OF(type, x))) -+ out, \ -+ CHECKED_PTR_OF(type, x))) - --#define ASN1_i2d_bio_of_const(type,i2d,out,x) \ -+# define ASN1_i2d_bio_of_const(type,i2d,out,x) \ - (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ -- out, \ -- CHECKED_PTR_OF(const type, x))) -+ out, \ -+ CHECKED_PTR_OF(const type, x))) - - int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); --int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); --int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); --int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); --int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); -+int ASN1_UTCTIME_print(BIO *fp, ASN1_UTCTIME *a); -+int ASN1_GENERALIZEDTIME_print(BIO *fp, ASN1_GENERALIZEDTIME *a); -+int ASN1_TIME_print(BIO *fp, ASN1_TIME *a); -+int ASN1_STRING_print(BIO *bp, ASN1_STRING *v); - int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); --int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent); --int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump); --#endif -+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); -+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, -+ int dump); -+# endif - const char *ASN1_tag2str(int tag); - - /* Used to load and write netscape format cert/key */ --int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); --ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length); --ASN1_HEADER *ASN1_HEADER_new(void ); --void ASN1_HEADER_free(ASN1_HEADER *a); -+int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp); -+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp, -+ long length); -+ASN1_HEADER *ASN1_HEADER_new(void); -+void ASN1_HEADER_free(ASN1_HEADER * a); - - int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); - -@@ -1025,42 +1032,42 @@ ASN1_METHOD *RSAPrivateKey_asn1_meth(void); - ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); - ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); - --int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, -- unsigned char *data, int len); --int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, -- unsigned char *data, int max_len); -+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); -+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len); - int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, -- unsigned char *data, int len); --int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, -- unsigned char *data, int max_len); -+ unsigned char *data, int len); -+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, -+ unsigned char *data, int max_len); - - STACK *ASN1_seq_unpack(const unsigned char *buf, int len, -- d2i_of_void *d2i, void (*free_func)(void *)); --unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, -- unsigned char **buf, int *len ); -+ d2i_of_void *d2i, void (*free_func) (void *)); -+unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d, -+ unsigned char **buf, int *len); - void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); - void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); - ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, -- ASN1_OCTET_STRING **oct); -+ ASN1_OCTET_STRING **oct); - --#define ASN1_pack_string_of(type,obj,i2d,oct) \ -+# define ASN1_pack_string_of(type,obj,i2d,oct) \ - (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ -- CHECKED_I2D_OF(type, i2d), \ -- oct)) -+ CHECKED_I2D_OF(type, i2d), \ -+ oct)) - --ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); -+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, -+ ASN1_OCTET_STRING **oct); - - void ASN1_STRING_set_default_mask(unsigned long mask); - int ASN1_STRING_set_default_mask_asc(const char *p); - unsigned long ASN1_STRING_get_default_mask(void); - int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, -- int inform, unsigned long mask); -+ int inform, unsigned long mask); - int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, -- int inform, unsigned long mask, -- long minsize, long maxsize); -+ int inform, unsigned long mask, -+ long minsize, long maxsize); - --ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, -- const unsigned char *in, int inlen, int inform, int nid); -+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, -+ const unsigned char *in, int inlen, -+ int inform, int nid); - ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); - int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); - void ASN1_STRING_TABLE_cleanup(void); -@@ -1070,27 +1077,29 @@ void ASN1_STRING_TABLE_cleanup(void); - /* Old API compatible functions */ - ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); - void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); --ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); -+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, -+ long len, const ASN1_ITEM *it); - int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); --int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); -+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, -+ const ASN1_ITEM *it); - - void ASN1_add_oid_module(void); - - ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); - ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); - --typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags, -- const ASN1_ITEM *it); -+typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, -+ int flags, const ASN1_ITEM *it); - - int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, -- int ctype_nid, int econt_nid, -- STACK_OF(X509_ALGOR) *mdalgs, -- asn1_output_data_fn *data_fn, -- const ASN1_ITEM *it); -+ int ctype_nid, int econt_nid, -+ STACK_OF(X509_ALGOR) *mdalgs, -+ asn1_output_data_fn * data_fn, const ASN1_ITEM *it); - ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_ASN1_strings(void); -@@ -1098,233 +1107,235 @@ void ERR_load_ASN1_strings(void); - /* Error codes for the ASN1 functions. */ - - /* Function codes. */ --#define ASN1_F_A2D_ASN1_OBJECT 100 --#define ASN1_F_A2I_ASN1_ENUMERATED 101 --#define ASN1_F_A2I_ASN1_INTEGER 102 --#define ASN1_F_A2I_ASN1_STRING 103 --#define ASN1_F_APPEND_EXP 176 --#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 --#define ASN1_F_ASN1_CB 177 --#define ASN1_F_ASN1_CHECK_TLEN 104 --#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 --#define ASN1_F_ASN1_COLLECT 106 --#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 --#define ASN1_F_ASN1_D2I_FP 109 --#define ASN1_F_ASN1_D2I_READ_BIO 107 --#define ASN1_F_ASN1_DIGEST 184 --#define ASN1_F_ASN1_DO_ADB 110 --#define ASN1_F_ASN1_DUP 111 --#define ASN1_F_ASN1_ENUMERATED_SET 112 --#define ASN1_F_ASN1_ENUMERATED_TO_BN 113 --#define ASN1_F_ASN1_EX_C2I 204 --#define ASN1_F_ASN1_FIND_END 190 --#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 --#define ASN1_F_ASN1_GENERATE_V3 178 --#define ASN1_F_ASN1_GET_OBJECT 114 --#define ASN1_F_ASN1_HEADER_NEW 115 --#define ASN1_F_ASN1_I2D_BIO 116 --#define ASN1_F_ASN1_I2D_FP 117 --#define ASN1_F_ASN1_INTEGER_SET 118 --#define ASN1_F_ASN1_INTEGER_TO_BN 119 --#define ASN1_F_ASN1_ITEM_D2I_FP 206 --#define ASN1_F_ASN1_ITEM_DUP 191 --#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 --#define ASN1_F_ASN1_ITEM_EX_D2I 120 --#define ASN1_F_ASN1_ITEM_I2D_BIO 192 --#define ASN1_F_ASN1_ITEM_I2D_FP 193 --#define ASN1_F_ASN1_ITEM_PACK 198 --#define ASN1_F_ASN1_ITEM_SIGN 195 --#define ASN1_F_ASN1_ITEM_UNPACK 199 --#define ASN1_F_ASN1_ITEM_VERIFY 197 --#define ASN1_F_ASN1_MBSTRING_NCOPY 122 --#define ASN1_F_ASN1_OBJECT_NEW 123 --#define ASN1_F_ASN1_OUTPUT_DATA 207 --#define ASN1_F_ASN1_PACK_STRING 124 --#define ASN1_F_ASN1_PCTX_NEW 205 --#define ASN1_F_ASN1_PKCS5_PBE_SET 125 --#define ASN1_F_ASN1_SEQ_PACK 126 --#define ASN1_F_ASN1_SEQ_UNPACK 127 --#define ASN1_F_ASN1_SIGN 128 --#define ASN1_F_ASN1_STR2TYPE 179 --#define ASN1_F_ASN1_STRING_SET 186 --#define ASN1_F_ASN1_STRING_TABLE_ADD 129 --#define ASN1_F_ASN1_STRING_TYPE_NEW 130 --#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 --#define ASN1_F_ASN1_TEMPLATE_NEW 133 --#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 --#define ASN1_F_ASN1_TIME_SET 175 --#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 --#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 --#define ASN1_F_ASN1_UNPACK_STRING 136 --#define ASN1_F_ASN1_UTCTIME_SET 187 --#define ASN1_F_ASN1_VERIFY 137 --#define ASN1_F_B64_READ_ASN1 208 --#define ASN1_F_B64_WRITE_ASN1 209 --#define ASN1_F_BITSTR_CB 180 --#define ASN1_F_BN_TO_ASN1_ENUMERATED 138 --#define ASN1_F_BN_TO_ASN1_INTEGER 139 --#define ASN1_F_C2I_ASN1_BIT_STRING 189 --#define ASN1_F_C2I_ASN1_INTEGER 194 --#define ASN1_F_C2I_ASN1_OBJECT 196 --#define ASN1_F_COLLECT_DATA 140 --#define ASN1_F_D2I_ASN1_BIT_STRING 141 --#define ASN1_F_D2I_ASN1_BOOLEAN 142 --#define ASN1_F_D2I_ASN1_BYTES 143 --#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 --#define ASN1_F_D2I_ASN1_HEADER 145 --#define ASN1_F_D2I_ASN1_INTEGER 146 --#define ASN1_F_D2I_ASN1_OBJECT 147 --#define ASN1_F_D2I_ASN1_SET 148 --#define ASN1_F_D2I_ASN1_TYPE_BYTES 149 --#define ASN1_F_D2I_ASN1_UINTEGER 150 --#define ASN1_F_D2I_ASN1_UTCTIME 151 --#define ASN1_F_D2I_NETSCAPE_RSA 152 --#define ASN1_F_D2I_NETSCAPE_RSA_2 153 --#define ASN1_F_D2I_PRIVATEKEY 154 --#define ASN1_F_D2I_PUBLICKEY 155 --#define ASN1_F_D2I_RSA_NET 200 --#define ASN1_F_D2I_RSA_NET_2 201 --#define ASN1_F_D2I_X509 156 --#define ASN1_F_D2I_X509_CINF 157 --#define ASN1_F_D2I_X509_PKEY 159 --#define ASN1_F_I2D_ASN1_SET 188 --#define ASN1_F_I2D_ASN1_TIME 160 --#define ASN1_F_I2D_DSA_PUBKEY 161 --#define ASN1_F_I2D_EC_PUBKEY 181 --#define ASN1_F_I2D_PRIVATEKEY 163 --#define ASN1_F_I2D_PUBLICKEY 164 --#define ASN1_F_I2D_RSA_NET 162 --#define ASN1_F_I2D_RSA_PUBKEY 165 --#define ASN1_F_LONG_C2I 166 --#define ASN1_F_OID_MODULE_INIT 174 --#define ASN1_F_PARSE_TAGGING 182 --#define ASN1_F_PKCS5_PBE2_SET 167 --#define ASN1_F_PKCS5_PBE_SET 202 --#define ASN1_F_SMIME_READ_ASN1 210 --#define ASN1_F_SMIME_TEXT 211 --#define ASN1_F_X509_CINF_NEW 168 --#define ASN1_F_X509_CRL_ADD0_REVOKED 169 --#define ASN1_F_X509_INFO_NEW 170 --#define ASN1_F_X509_NAME_ENCODE 203 --#define ASN1_F_X509_NAME_EX_D2I 158 --#define ASN1_F_X509_NAME_EX_NEW 171 --#define ASN1_F_X509_NEW 172 --#define ASN1_F_X509_PKEY_NEW 173 -+# define ASN1_F_A2D_ASN1_OBJECT 100 -+# define ASN1_F_A2I_ASN1_ENUMERATED 101 -+# define ASN1_F_A2I_ASN1_INTEGER 102 -+# define ASN1_F_A2I_ASN1_STRING 103 -+# define ASN1_F_APPEND_EXP 176 -+# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 -+# define ASN1_F_ASN1_CB 177 -+# define ASN1_F_ASN1_CHECK_TLEN 104 -+# define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 -+# define ASN1_F_ASN1_COLLECT 106 -+# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 -+# define ASN1_F_ASN1_D2I_FP 109 -+# define ASN1_F_ASN1_D2I_READ_BIO 107 -+# define ASN1_F_ASN1_DIGEST 184 -+# define ASN1_F_ASN1_DO_ADB 110 -+# define ASN1_F_ASN1_DUP 111 -+# define ASN1_F_ASN1_ENUMERATED_SET 112 -+# define ASN1_F_ASN1_ENUMERATED_TO_BN 113 -+# define ASN1_F_ASN1_EX_C2I 204 -+# define ASN1_F_ASN1_FIND_END 190 -+# define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 -+# define ASN1_F_ASN1_GENERATE_V3 178 -+# define ASN1_F_ASN1_GET_OBJECT 114 -+# define ASN1_F_ASN1_HEADER_NEW 115 -+# define ASN1_F_ASN1_I2D_BIO 116 -+# define ASN1_F_ASN1_I2D_FP 117 -+# define ASN1_F_ASN1_INTEGER_SET 118 -+# define ASN1_F_ASN1_INTEGER_TO_BN 119 -+# define ASN1_F_ASN1_ITEM_D2I_FP 206 -+# define ASN1_F_ASN1_ITEM_DUP 191 -+# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 -+# define ASN1_F_ASN1_ITEM_EX_D2I 120 -+# define ASN1_F_ASN1_ITEM_I2D_BIO 192 -+# define ASN1_F_ASN1_ITEM_I2D_FP 193 -+# define ASN1_F_ASN1_ITEM_PACK 198 -+# define ASN1_F_ASN1_ITEM_SIGN 195 -+# define ASN1_F_ASN1_ITEM_UNPACK 199 -+# define ASN1_F_ASN1_ITEM_VERIFY 197 -+# define ASN1_F_ASN1_MBSTRING_NCOPY 122 -+# define ASN1_F_ASN1_OBJECT_NEW 123 -+# define ASN1_F_ASN1_OUTPUT_DATA 207 -+# define ASN1_F_ASN1_PACK_STRING 124 -+# define ASN1_F_ASN1_PCTX_NEW 205 -+# define ASN1_F_ASN1_PKCS5_PBE_SET 125 -+# define ASN1_F_ASN1_SEQ_PACK 126 -+# define ASN1_F_ASN1_SEQ_UNPACK 127 -+# define ASN1_F_ASN1_SIGN 128 -+# define ASN1_F_ASN1_STR2TYPE 179 -+# define ASN1_F_ASN1_STRING_SET 186 -+# define ASN1_F_ASN1_STRING_TABLE_ADD 129 -+# define ASN1_F_ASN1_STRING_TYPE_NEW 130 -+# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 -+# define ASN1_F_ASN1_TEMPLATE_NEW 133 -+# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 -+# define ASN1_F_ASN1_TIME_SET 175 -+# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 -+# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 -+# define ASN1_F_ASN1_UNPACK_STRING 136 -+# define ASN1_F_ASN1_UTCTIME_SET 187 -+# define ASN1_F_ASN1_VERIFY 137 -+# define ASN1_F_B64_READ_ASN1 208 -+# define ASN1_F_B64_WRITE_ASN1 209 -+# define ASN1_F_BITSTR_CB 180 -+# define ASN1_F_BN_TO_ASN1_ENUMERATED 138 -+# define ASN1_F_BN_TO_ASN1_INTEGER 139 -+# define ASN1_F_C2I_ASN1_BIT_STRING 189 -+# define ASN1_F_C2I_ASN1_INTEGER 194 -+# define ASN1_F_C2I_ASN1_OBJECT 196 -+# define ASN1_F_COLLECT_DATA 140 -+# define ASN1_F_D2I_ASN1_BIT_STRING 141 -+# define ASN1_F_D2I_ASN1_BOOLEAN 142 -+# define ASN1_F_D2I_ASN1_BYTES 143 -+# define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 -+# define ASN1_F_D2I_ASN1_HEADER 145 -+# define ASN1_F_D2I_ASN1_INTEGER 146 -+# define ASN1_F_D2I_ASN1_OBJECT 147 -+# define ASN1_F_D2I_ASN1_SET 148 -+# define ASN1_F_D2I_ASN1_TYPE_BYTES 149 -+# define ASN1_F_D2I_ASN1_UINTEGER 150 -+# define ASN1_F_D2I_ASN1_UTCTIME 151 -+# define ASN1_F_D2I_NETSCAPE_RSA 152 -+# define ASN1_F_D2I_NETSCAPE_RSA_2 153 -+# define ASN1_F_D2I_PRIVATEKEY 154 -+# define ASN1_F_D2I_PUBLICKEY 155 -+# define ASN1_F_D2I_RSA_NET 200 -+# define ASN1_F_D2I_RSA_NET_2 201 -+# define ASN1_F_D2I_X509 156 -+# define ASN1_F_D2I_X509_CINF 157 -+# define ASN1_F_D2I_X509_PKEY 159 -+# define ASN1_F_I2D_ASN1_SET 188 -+# define ASN1_F_I2D_ASN1_TIME 160 -+# define ASN1_F_I2D_DSA_PUBKEY 161 -+# define ASN1_F_I2D_EC_PUBKEY 181 -+# define ASN1_F_I2D_PRIVATEKEY 163 -+# define ASN1_F_I2D_PUBLICKEY 164 -+# define ASN1_F_I2D_RSA_NET 162 -+# define ASN1_F_I2D_RSA_PUBKEY 165 -+# define ASN1_F_LONG_C2I 166 -+# define ASN1_F_OID_MODULE_INIT 174 -+# define ASN1_F_PARSE_TAGGING 182 -+# define ASN1_F_PKCS5_PBE2_SET 167 -+# define ASN1_F_PKCS5_PBE_SET 202 -+# define ASN1_F_SMIME_READ_ASN1 210 -+# define ASN1_F_SMIME_TEXT 211 -+# define ASN1_F_X509_CINF_NEW 168 -+# define ASN1_F_X509_CRL_ADD0_REVOKED 169 -+# define ASN1_F_X509_INFO_NEW 170 -+# define ASN1_F_X509_NAME_ENCODE 203 -+# define ASN1_F_X509_NAME_EX_D2I 158 -+# define ASN1_F_X509_NAME_EX_NEW 171 -+# define ASN1_F_X509_NEW 172 -+# define ASN1_F_X509_PKEY_NEW 173 - - /* Reason codes. */ --#define ASN1_R_ADDING_OBJECT 171 --#define ASN1_R_ASN1_PARSE_ERROR 198 --#define ASN1_R_ASN1_SIG_PARSE_ERROR 199 --#define ASN1_R_AUX_ERROR 100 --#define ASN1_R_BAD_CLASS 101 --#define ASN1_R_BAD_OBJECT_HEADER 102 --#define ASN1_R_BAD_PASSWORD_READ 103 --#define ASN1_R_BAD_TAG 104 --#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 --#define ASN1_R_BN_LIB 105 --#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 --#define ASN1_R_BUFFER_TOO_SMALL 107 --#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 --#define ASN1_R_DATA_IS_WRONG 109 --#define ASN1_R_DECODE_ERROR 110 --#define ASN1_R_DECODING_ERROR 111 --#define ASN1_R_DEPTH_EXCEEDED 174 --#define ASN1_R_ENCODE_ERROR 112 --#define ASN1_R_ERROR_GETTING_TIME 173 --#define ASN1_R_ERROR_LOADING_SECTION 172 --#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 --#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 --#define ASN1_R_EXPECTING_AN_INTEGER 115 --#define ASN1_R_EXPECTING_AN_OBJECT 116 --#define ASN1_R_EXPECTING_A_BOOLEAN 117 --#define ASN1_R_EXPECTING_A_TIME 118 --#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 --#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 --#define ASN1_R_FIELD_MISSING 121 --#define ASN1_R_FIRST_NUM_TOO_LARGE 122 --#define ASN1_R_HEADER_TOO_LONG 123 --#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 --#define ASN1_R_ILLEGAL_BOOLEAN 176 --#define ASN1_R_ILLEGAL_CHARACTERS 124 --#define ASN1_R_ILLEGAL_FORMAT 177 --#define ASN1_R_ILLEGAL_HEX 178 --#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 --#define ASN1_R_ILLEGAL_INTEGER 180 --#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 --#define ASN1_R_ILLEGAL_NULL 125 --#define ASN1_R_ILLEGAL_NULL_VALUE 182 --#define ASN1_R_ILLEGAL_OBJECT 183 --#define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 --#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 --#define ASN1_R_ILLEGAL_TAGGED_ANY 127 --#define ASN1_R_ILLEGAL_TIME_VALUE 184 --#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 --#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 --#define ASN1_R_INVALID_BMPSTRING_LENGTH 129 --#define ASN1_R_INVALID_DIGIT 130 --#define ASN1_R_INVALID_MIME_TYPE 200 --#define ASN1_R_INVALID_MODIFIER 186 --#define ASN1_R_INVALID_NUMBER 187 --#define ASN1_R_INVALID_OBJECT_ENCODING 212 --#define ASN1_R_INVALID_SEPARATOR 131 --#define ASN1_R_INVALID_TIME_FORMAT 132 --#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 --#define ASN1_R_INVALID_UTF8STRING 134 --#define ASN1_R_IV_TOO_LARGE 135 --#define ASN1_R_LENGTH_ERROR 136 --#define ASN1_R_LIST_ERROR 188 --#define ASN1_R_MIME_NO_CONTENT_TYPE 201 --#define ASN1_R_MIME_PARSE_ERROR 202 --#define ASN1_R_MIME_SIG_PARSE_ERROR 203 --#define ASN1_R_MISSING_EOC 137 --#define ASN1_R_MISSING_SECOND_NUMBER 138 --#define ASN1_R_MISSING_VALUE 189 --#define ASN1_R_MSTRING_NOT_UNIVERSAL 139 --#define ASN1_R_MSTRING_WRONG_TAG 140 --#define ASN1_R_NESTED_ASN1_STRING 197 --#define ASN1_R_NON_HEX_CHARACTERS 141 --#define ASN1_R_NOT_ASCII_FORMAT 190 --#define ASN1_R_NOT_ENOUGH_DATA 142 --#define ASN1_R_NO_CONTENT_TYPE 204 --#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 --#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 --#define ASN1_R_NO_MULTIPART_BOUNDARY 206 --#define ASN1_R_NO_SIG_CONTENT_TYPE 207 --#define ASN1_R_NULL_IS_WRONG_LENGTH 144 --#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 --#define ASN1_R_ODD_NUMBER_OF_CHARS 145 --#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 --#define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 --#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 --#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 --#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 --#define ASN1_R_SHORT_LINE 150 --#define ASN1_R_SIG_INVALID_MIME_TYPE 208 --#define ASN1_R_STREAMING_NOT_SUPPORTED 209 --#define ASN1_R_STRING_TOO_LONG 151 --#define ASN1_R_STRING_TOO_SHORT 152 --#define ASN1_R_TAG_VALUE_TOO_HIGH 153 --#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 --#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 --#define ASN1_R_TOO_LONG 155 --#define ASN1_R_TYPE_NOT_CONSTRUCTED 156 --#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 --#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 --#define ASN1_R_UNEXPECTED_EOC 159 --#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 --#define ASN1_R_UNKNOWN_FORMAT 160 --#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 --#define ASN1_R_UNKNOWN_OBJECT_TYPE 162 --#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 --#define ASN1_R_UNKNOWN_TAG 194 --#define ASN1_R_UNKOWN_FORMAT 195 --#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 --#define ASN1_R_UNSUPPORTED_CIPHER 165 --#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 --#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 --#define ASN1_R_UNSUPPORTED_TYPE 196 --#define ASN1_R_WRONG_TAG 168 --#define ASN1_R_WRONG_TYPE 169 -+# define ASN1_R_ADDING_OBJECT 171 -+# define ASN1_R_ASN1_PARSE_ERROR 198 -+# define ASN1_R_ASN1_SIG_PARSE_ERROR 199 -+# define ASN1_R_AUX_ERROR 100 -+# define ASN1_R_BAD_CLASS 101 -+# define ASN1_R_BAD_OBJECT_HEADER 102 -+# define ASN1_R_BAD_PASSWORD_READ 103 -+# define ASN1_R_BAD_TAG 104 -+# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 -+# define ASN1_R_BN_LIB 105 -+# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 -+# define ASN1_R_BUFFER_TOO_SMALL 107 -+# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 -+# define ASN1_R_DATA_IS_WRONG 109 -+# define ASN1_R_DECODE_ERROR 110 -+# define ASN1_R_DECODING_ERROR 111 -+# define ASN1_R_DEPTH_EXCEEDED 174 -+# define ASN1_R_ENCODE_ERROR 112 -+# define ASN1_R_ERROR_GETTING_TIME 173 -+# define ASN1_R_ERROR_LOADING_SECTION 172 -+# define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 -+# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 -+# define ASN1_R_EXPECTING_AN_INTEGER 115 -+# define ASN1_R_EXPECTING_AN_OBJECT 116 -+# define ASN1_R_EXPECTING_A_BOOLEAN 117 -+# define ASN1_R_EXPECTING_A_TIME 118 -+# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 -+# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 -+# define ASN1_R_FIELD_MISSING 121 -+# define ASN1_R_FIRST_NUM_TOO_LARGE 122 -+# define ASN1_R_HEADER_TOO_LONG 123 -+# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 -+# define ASN1_R_ILLEGAL_BOOLEAN 176 -+# define ASN1_R_ILLEGAL_CHARACTERS 124 -+# define ASN1_R_ILLEGAL_FORMAT 177 -+# define ASN1_R_ILLEGAL_HEX 178 -+# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 -+# define ASN1_R_ILLEGAL_INTEGER 180 -+# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 -+# define ASN1_R_ILLEGAL_NULL 125 -+# define ASN1_R_ILLEGAL_NULL_VALUE 182 -+# define ASN1_R_ILLEGAL_OBJECT 183 -+# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 -+# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 -+# define ASN1_R_ILLEGAL_TAGGED_ANY 127 -+# define ASN1_R_ILLEGAL_TIME_VALUE 184 -+# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 -+# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 -+# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 -+# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 -+# define ASN1_R_INVALID_DIGIT 130 -+# define ASN1_R_INVALID_MIME_TYPE 200 -+# define ASN1_R_INVALID_MODIFIER 186 -+# define ASN1_R_INVALID_NUMBER 187 -+# define ASN1_R_INVALID_OBJECT_ENCODING 212 -+# define ASN1_R_INVALID_SEPARATOR 131 -+# define ASN1_R_INVALID_TIME_FORMAT 132 -+# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 -+# define ASN1_R_INVALID_UTF8STRING 134 -+# define ASN1_R_IV_TOO_LARGE 135 -+# define ASN1_R_LENGTH_ERROR 136 -+# define ASN1_R_LIST_ERROR 188 -+# define ASN1_R_MIME_NO_CONTENT_TYPE 201 -+# define ASN1_R_MIME_PARSE_ERROR 202 -+# define ASN1_R_MIME_SIG_PARSE_ERROR 203 -+# define ASN1_R_MISSING_EOC 137 -+# define ASN1_R_MISSING_SECOND_NUMBER 138 -+# define ASN1_R_MISSING_VALUE 189 -+# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 -+# define ASN1_R_MSTRING_WRONG_TAG 140 -+# define ASN1_R_NESTED_ASN1_STRING 197 -+# define ASN1_R_NON_HEX_CHARACTERS 141 -+# define ASN1_R_NOT_ASCII_FORMAT 190 -+# define ASN1_R_NOT_ENOUGH_DATA 142 -+# define ASN1_R_NO_CONTENT_TYPE 204 -+# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 -+# define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 -+# define ASN1_R_NO_MULTIPART_BOUNDARY 206 -+# define ASN1_R_NO_SIG_CONTENT_TYPE 207 -+# define ASN1_R_NULL_IS_WRONG_LENGTH 144 -+# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 -+# define ASN1_R_ODD_NUMBER_OF_CHARS 145 -+# define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 -+# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 -+# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 -+# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 -+# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 -+# define ASN1_R_SHORT_LINE 150 -+# define ASN1_R_SIG_INVALID_MIME_TYPE 208 -+# define ASN1_R_STREAMING_NOT_SUPPORTED 209 -+# define ASN1_R_STRING_TOO_LONG 151 -+# define ASN1_R_STRING_TOO_SHORT 152 -+# define ASN1_R_TAG_VALUE_TOO_HIGH 153 -+# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 -+# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 -+# define ASN1_R_TOO_LONG 155 -+# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 -+# define ASN1_R_TYPE_NOT_PRIMITIVE 218 -+# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 -+# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 -+# define ASN1_R_UNEXPECTED_EOC 159 -+# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 -+# define ASN1_R_UNKNOWN_FORMAT 160 -+# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 -+# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 -+# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 -+# define ASN1_R_UNKNOWN_TAG 194 -+# define ASN1_R_UNKOWN_FORMAT 195 -+# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 -+# define ASN1_R_UNSUPPORTED_CIPHER 165 -+# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 -+# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 -+# define ASN1_R_UNSUPPORTED_TYPE 196 -+# define ASN1_R_WRONG_TAG 168 -+# define ASN1_R_WRONG_TYPE 169 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/asn1_mac.h b/Cryptlib/Include/openssl/asn1_mac.h -index d958ca6..4aa6af8 100644 ---- a/Cryptlib/Include/openssl/asn1_mac.h -+++ b/Cryptlib/Include/openssl/asn1_mac.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,513 +57,514 @@ - */ - - #ifndef HEADER_ASN1_MAC_H --#define HEADER_ASN1_MAC_H -+# define HEADER_ASN1_MAC_H - --#include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#ifndef ASN1_MAC_ERR_LIB --#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 --#endif -- --#define ASN1_MAC_H_err(f,r,line) \ -- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) -- --#define M_ASN1_D2I_vars(a,type,func) \ -- ASN1_const_CTX c; \ -- type ret=NULL; \ -- \ -- c.pp=(const unsigned char **)pp; \ -- c.q= *(const unsigned char **)pp; \ -- c.error=ERR_R_NESTED_ASN1_ERROR; \ -- if ((a == NULL) || ((*a) == NULL)) \ -- { if ((ret=(type)func()) == NULL) \ -- { c.line=__LINE__; goto err; } } \ -- else ret=(*a); -- --#define M_ASN1_D2I_Init() \ -- c.p= *(const unsigned char **)pp; \ -- c.max=(length == 0)?0:(c.p+length); -- --#define M_ASN1_D2I_Finish_2(a) \ -- if (!asn1_const_Finish(&c)) \ -- { c.line=__LINE__; goto err; } \ -- *(const unsigned char **)pp=c.p; \ -- if (a != NULL) (*a)=ret; \ -- return(ret); -- --#define M_ASN1_D2I_Finish(a,func,e) \ -- M_ASN1_D2I_Finish_2(a); \ -+# ifndef ASN1_MAC_ERR_LIB -+# define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 -+# endif -+ -+# define ASN1_MAC_H_err(f,r,line) \ -+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) -+ -+# define M_ASN1_D2I_vars(a,type,func) \ -+ ASN1_const_CTX c; \ -+ type ret=NULL; \ -+ \ -+ c.pp=(const unsigned char **)pp; \ -+ c.q= *(const unsigned char **)pp; \ -+ c.error=ERR_R_NESTED_ASN1_ERROR; \ -+ if ((a == NULL) || ((*a) == NULL)) \ -+ { if ((ret=(type)func()) == NULL) \ -+ { c.line=__LINE__; goto err; } } \ -+ else ret=(*a); -+ -+# define M_ASN1_D2I_Init() \ -+ c.p= *(const unsigned char **)pp; \ -+ c.max=(length == 0)?0:(c.p+length); -+ -+# define M_ASN1_D2I_Finish_2(a) \ -+ if (!asn1_const_Finish(&c)) \ -+ { c.line=__LINE__; goto err; } \ -+ *(const unsigned char **)pp=c.p; \ -+ if (a != NULL) (*a)=ret; \ -+ return(ret); -+ -+# define M_ASN1_D2I_Finish(a,func,e) \ -+ M_ASN1_D2I_Finish_2(a); \ - err:\ -- ASN1_MAC_H_err((e),c.error,c.line); \ -- asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ -- return(NULL) -- --#define M_ASN1_D2I_start_sequence() \ -- if (!asn1_GetSequence(&c,&length)) \ -- { c.line=__LINE__; goto err; } -+ ASN1_MAC_H_err((e),c.error,c.line); \ -+ asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ -+ return(NULL) -+ -+# define M_ASN1_D2I_start_sequence() \ -+ if (!asn1_GetSequence(&c,&length)) \ -+ { c.line=__LINE__; goto err; } - /* Begin reading ASN1 without a surrounding sequence */ --#define M_ASN1_D2I_begin() \ -- c.slen = length; -+# define M_ASN1_D2I_begin() \ -+ c.slen = length; - - /* End reading ASN1 with no check on length */ --#define M_ASN1_D2I_Finish_nolen(a, func, e) \ -- *pp=c.p; \ -- if (a != NULL) (*a)=ret; \ -- return(ret); \ -+# define M_ASN1_D2I_Finish_nolen(a, func, e) \ -+ *pp=c.p; \ -+ if (a != NULL) (*a)=ret; \ -+ return(ret); \ - err:\ -- ASN1_MAC_H_err((e),c.error,c.line); \ -- asn1_add_error(*pp,(int)(c.q- *pp)); \ -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ -- return(NULL) -+ ASN1_MAC_H_err((e),c.error,c.line); \ -+ asn1_add_error(*pp,(int)(c.q- *pp)); \ -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ -+ return(NULL) - --#define M_ASN1_D2I_end_sequence() \ -- (((c.inf&1) == 0)?(c.slen <= 0): \ -- (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) -+# define M_ASN1_D2I_end_sequence() \ -+ (((c.inf&1) == 0)?(c.slen <= 0): \ -+ (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) - - /* Don't use this with d2i_ASN1_BOOLEAN() */ --#define M_ASN1_D2I_get(b, func) \ -- c.q=c.p; \ -- if (func(&(b),&c.p,c.slen) == NULL) \ -- {c.line=__LINE__; goto err; } \ -- c.slen-=(c.p-c.q); -+# define M_ASN1_D2I_get(b, func) \ -+ c.q=c.p; \ -+ if (func(&(b),&c.p,c.slen) == NULL) \ -+ {c.line=__LINE__; goto err; } \ -+ c.slen-=(c.p-c.q); - - /* Don't use this with d2i_ASN1_BOOLEAN() */ --#define M_ASN1_D2I_get_x(type,b,func) \ -- c.q=c.p; \ -- if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ -- {c.line=__LINE__; goto err; } \ -- c.slen-=(c.p-c.q); -+# define M_ASN1_D2I_get_x(type,b,func) \ -+ c.q=c.p; \ -+ if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ -+ {c.line=__LINE__; goto err; } \ -+ c.slen-=(c.p-c.q); - - /* use this instead () */ --#define M_ASN1_D2I_get_int(b,func) \ -- c.q=c.p; \ -- if (func(&(b),&c.p,c.slen) < 0) \ -- {c.line=__LINE__; goto err; } \ -- c.slen-=(c.p-c.q); -- --#define M_ASN1_D2I_get_opt(b,func,type) \ -- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ -- == (V_ASN1_UNIVERSAL|(type)))) \ -- { \ -- M_ASN1_D2I_get(b,func); \ -- } -- --#define M_ASN1_D2I_get_imp(b,func, type) \ -- M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ -- c.q=c.p; \ -- if (func(&(b),&c.p,c.slen) == NULL) \ -- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ -- c.slen-=(c.p-c.q);\ -- M_ASN1_next_prev=_tmp; -- --#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ -- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ -- (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ -- { \ -- unsigned char _tmp = M_ASN1_next; \ -- M_ASN1_D2I_get_imp(b,func, type);\ -- } -- --#define M_ASN1_D2I_get_set(r,func,free_func) \ -- M_ASN1_D2I_get_imp_set(r,func,free_func, \ -- V_ASN1_SET,V_ASN1_UNIVERSAL); -- --#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ -- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ -- V_ASN1_SET,V_ASN1_UNIVERSAL); -- --#define M_ASN1_D2I_get_set_opt(r,func,free_func) \ -- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ -- { M_ASN1_D2I_get_set(r,func,free_func); } -- --#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ -- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ -- { M_ASN1_D2I_get_set_type(type,r,func,free_func); } -- --#define M_ASN1_I2D_len_SET_opt(a,f) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- M_ASN1_I2D_len_SET(a,f); -- --#define M_ASN1_I2D_put_SET_opt(a,f) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- M_ASN1_I2D_put_SET(a,f); -- --#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- M_ASN1_I2D_put_SEQUENCE(a,f); -- --#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ -- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -- M_ASN1_I2D_put_SEQUENCE_type(type,a,f); -- --#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ -- if ((c.slen != 0) && \ -- (M_ASN1_next == \ -- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ -- { \ -- M_ASN1_D2I_get_imp_set(b,func,free_func,\ -- tag,V_ASN1_CONTEXT_SPECIFIC); \ -- } -- --#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ -- if ((c.slen != 0) && \ -- (M_ASN1_next == \ -- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ -- { \ -- M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ -- tag,V_ASN1_CONTEXT_SPECIFIC); \ -- } -- --#define M_ASN1_D2I_get_seq(r,func,free_func) \ -- M_ASN1_D2I_get_imp_set(r,func,free_func,\ -- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); -- --#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ -- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ -- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) -- --#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ -- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ -- { M_ASN1_D2I_get_seq(r,func,free_func); } -- --#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ -- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ -- { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } -- --#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ -- M_ASN1_D2I_get_imp_set(r,func,free_func,\ -- x,V_ASN1_CONTEXT_SPECIFIC); -- --#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ -- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ -- x,V_ASN1_CONTEXT_SPECIFIC); -- --#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ -- c.q=c.p; \ -- if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ -- (void (*)())free_func,a,b) == NULL) \ -- { c.line=__LINE__; goto err; } \ -- c.slen-=(c.p-c.q); -- --#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ -- c.q=c.p; \ -- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ -- free_func,a,b) == NULL) \ -- { c.line=__LINE__; goto err; } \ -- c.slen-=(c.p-c.q); -- --#define M_ASN1_D2I_get_set_strings(r,func,a,b) \ -- c.q=c.p; \ -- if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ -- { c.line=__LINE__; goto err; } \ -- c.slen-=(c.p-c.q); -- --#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ -- if ((c.slen != 0L) && (M_ASN1_next == \ -- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -- { \ -- int Tinf,Ttag,Tclass; \ -- long Tlen; \ -- \ -- c.q=c.p; \ -- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -- if (Tinf & 0x80) \ -- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -- c.line=__LINE__; goto err; } \ -- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -- Tlen = c.slen - (c.p - c.q) - 2; \ -- if (func(&(r),&c.p,Tlen) == NULL) \ -- { c.line=__LINE__; goto err; } \ -- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -- Tlen = c.slen - (c.p - c.q); \ -- if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ -- { c.error=ERR_R_MISSING_ASN1_EOS; \ -- c.line=__LINE__; goto err; } \ -- }\ -- c.slen-=(c.p-c.q); \ -- } -- --#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ -- if ((c.slen != 0) && (M_ASN1_next == \ -- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -- { \ -- int Tinf,Ttag,Tclass; \ -- long Tlen; \ -- \ -- c.q=c.p; \ -- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -- if (Tinf & 0x80) \ -- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -- c.line=__LINE__; goto err; } \ -- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -- Tlen = c.slen - (c.p - c.q) - 2; \ -- if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ -- (void (*)())free_func, \ -- b,V_ASN1_UNIVERSAL) == NULL) \ -- { c.line=__LINE__; goto err; } \ -- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -- Tlen = c.slen - (c.p - c.q); \ -- if(!ASN1_check_infinite_end(&c.p, Tlen)) \ -- { c.error=ERR_R_MISSING_ASN1_EOS; \ -- c.line=__LINE__; goto err; } \ -- }\ -- c.slen-=(c.p-c.q); \ -- } -- --#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ -- if ((c.slen != 0) && (M_ASN1_next == \ -- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -- { \ -- int Tinf,Ttag,Tclass; \ -- long Tlen; \ -- \ -- c.q=c.p; \ -- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -- if (Tinf & 0x80) \ -- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -- c.line=__LINE__; goto err; } \ -- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -- Tlen = c.slen - (c.p - c.q) - 2; \ -- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ -- free_func,b,V_ASN1_UNIVERSAL) == NULL) \ -- { c.line=__LINE__; goto err; } \ -- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -- Tlen = c.slen - (c.p - c.q); \ -- if(!ASN1_check_infinite_end(&c.p, Tlen)) \ -- { c.error=ERR_R_MISSING_ASN1_EOS; \ -- c.line=__LINE__; goto err; } \ -- }\ -- c.slen-=(c.p-c.q); \ -- } -+# define M_ASN1_D2I_get_int(b,func) \ -+ c.q=c.p; \ -+ if (func(&(b),&c.p,c.slen) < 0) \ -+ {c.line=__LINE__; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+# define M_ASN1_D2I_get_opt(b,func,type) \ -+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ -+ == (V_ASN1_UNIVERSAL|(type)))) \ -+ { \ -+ M_ASN1_D2I_get(b,func); \ -+ } -+ -+# define M_ASN1_D2I_get_imp(b,func, type) \ -+ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ -+ c.q=c.p; \ -+ if (func(&(b),&c.p,c.slen) == NULL) \ -+ {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ -+ c.slen-=(c.p-c.q);\ -+ M_ASN1_next_prev=_tmp; -+ -+# define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ -+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ -+ (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ -+ { \ -+ unsigned char _tmp = M_ASN1_next; \ -+ M_ASN1_D2I_get_imp(b,func, type);\ -+ } -+ -+# define M_ASN1_D2I_get_set(r,func,free_func) \ -+ M_ASN1_D2I_get_imp_set(r,func,free_func, \ -+ V_ASN1_SET,V_ASN1_UNIVERSAL); -+ -+# define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ -+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ -+ V_ASN1_SET,V_ASN1_UNIVERSAL); -+ -+# define M_ASN1_D2I_get_set_opt(r,func,free_func) \ -+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -+ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ -+ { M_ASN1_D2I_get_set(r,func,free_func); } -+ -+# define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ -+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -+ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ -+ { M_ASN1_D2I_get_set_type(type,r,func,free_func); } -+ -+# define M_ASN1_I2D_len_SET_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_len_SET(a,f); -+ -+# define M_ASN1_I2D_put_SET_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_put_SET(a,f); -+ -+# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_put_SEQUENCE(a,f); -+ -+# define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ M_ASN1_I2D_put_SEQUENCE_type(type,a,f); -+ -+# define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ -+ if ((c.slen != 0) && \ -+ (M_ASN1_next == \ -+ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ -+ { \ -+ M_ASN1_D2I_get_imp_set(b,func,free_func,\ -+ tag,V_ASN1_CONTEXT_SPECIFIC); \ -+ } -+ -+# define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ -+ if ((c.slen != 0) && \ -+ (M_ASN1_next == \ -+ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ -+ { \ -+ M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ -+ tag,V_ASN1_CONTEXT_SPECIFIC); \ -+ } -+ -+# define M_ASN1_D2I_get_seq(r,func,free_func) \ -+ M_ASN1_D2I_get_imp_set(r,func,free_func,\ -+ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); -+ -+# define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ -+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ -+ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) -+ -+# define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ -+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -+ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ -+ { M_ASN1_D2I_get_seq(r,func,free_func); } -+ -+# define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ -+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ -+ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ -+ { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } -+ -+# define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ -+ M_ASN1_D2I_get_imp_set(r,func,free_func,\ -+ x,V_ASN1_CONTEXT_SPECIFIC); -+ -+# define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ -+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ -+ x,V_ASN1_CONTEXT_SPECIFIC); -+ -+# define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ -+ c.q=c.p; \ -+ if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ -+ (void (*)())free_func,a,b) == NULL) \ -+ { c.line=__LINE__; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ -+ c.q=c.p; \ -+ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ -+ free_func,a,b) == NULL) \ -+ { c.line=__LINE__; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+# define M_ASN1_D2I_get_set_strings(r,func,a,b) \ -+ c.q=c.p; \ -+ if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ -+ { c.line=__LINE__; goto err; } \ -+ c.slen-=(c.p-c.q); -+ -+# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ -+ if ((c.slen != 0L) && (M_ASN1_next == \ -+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -+ { \ -+ int Tinf,Ttag,Tclass; \ -+ long Tlen; \ -+ \ -+ c.q=c.p; \ -+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -+ if (Tinf & 0x80) \ -+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -+ c.line=__LINE__; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -+ Tlen = c.slen - (c.p - c.q) - 2; \ -+ if (func(&(r),&c.p,Tlen) == NULL) \ -+ { c.line=__LINE__; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -+ Tlen = c.slen - (c.p - c.q); \ -+ if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ -+ { c.error=ERR_R_MISSING_ASN1_EOS; \ -+ c.line=__LINE__; goto err; } \ -+ }\ -+ c.slen-=(c.p-c.q); \ -+ } -+ -+# define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ -+ if ((c.slen != 0) && (M_ASN1_next == \ -+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -+ { \ -+ int Tinf,Ttag,Tclass; \ -+ long Tlen; \ -+ \ -+ c.q=c.p; \ -+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -+ if (Tinf & 0x80) \ -+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -+ c.line=__LINE__; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -+ Tlen = c.slen - (c.p - c.q) - 2; \ -+ if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ -+ (void (*)())free_func, \ -+ b,V_ASN1_UNIVERSAL) == NULL) \ -+ { c.line=__LINE__; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -+ Tlen = c.slen - (c.p - c.q); \ -+ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ -+ { c.error=ERR_R_MISSING_ASN1_EOS; \ -+ c.line=__LINE__; goto err; } \ -+ }\ -+ c.slen-=(c.p-c.q); \ -+ } -+ -+# define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ -+ if ((c.slen != 0) && (M_ASN1_next == \ -+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ -+ { \ -+ int Tinf,Ttag,Tclass; \ -+ long Tlen; \ -+ \ -+ c.q=c.p; \ -+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ -+ if (Tinf & 0x80) \ -+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ -+ c.line=__LINE__; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ -+ Tlen = c.slen - (c.p - c.q) - 2; \ -+ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ -+ free_func,b,V_ASN1_UNIVERSAL) == NULL) \ -+ { c.line=__LINE__; goto err; } \ -+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ -+ Tlen = c.slen - (c.p - c.q); \ -+ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ -+ { c.error=ERR_R_MISSING_ASN1_EOS; \ -+ c.line=__LINE__; goto err; } \ -+ }\ -+ c.slen-=(c.p-c.q); \ -+ } - - /* New macros */ --#define M_ASN1_New_Malloc(ret,type) \ -- if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ -- { c.line=__LINE__; goto err2; } -- --#define M_ASN1_New(arg,func) \ -- if (((arg)=func()) == NULL) return(NULL) -- --#define M_ASN1_New_Error(a) \ --/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ -- return(NULL);*/ \ -- err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ -- return(NULL) -- -- --/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, -- some macros that use ASN1_const_CTX still insist on writing in the input -- stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. -- Please? -- Richard Levitte */ --#define M_ASN1_next (*((unsigned char *)(c.p))) --#define M_ASN1_next_prev (*((unsigned char *)(c.q))) -+# define M_ASN1_New_Malloc(ret,type) \ -+ if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ -+ { c.line=__LINE__; goto err2; } -+ -+# define M_ASN1_New(arg,func) \ -+ if (((arg)=func()) == NULL) return(NULL) -+ -+# define M_ASN1_New_Error(a) \ -+/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ -+ return(NULL);*/ \ -+ err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ -+ return(NULL) -+ -+/* -+ * BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some -+ * macros that use ASN1_const_CTX still insist on writing in the input -+ * stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? -- -+ * Richard Levitte -+ */ -+# define M_ASN1_next (*((unsigned char *)(c.p))) -+# define M_ASN1_next_prev (*((unsigned char *)(c.q))) - - /*************************************************/ - --#define M_ASN1_I2D_vars(a) int r=0,ret=0; \ -- unsigned char *p; \ -- if (a == NULL) return(0) -+# define M_ASN1_I2D_vars(a) int r=0,ret=0; \ -+ unsigned char *p; \ -+ if (a == NULL) return(0) - - /* Length Macros */ --#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) --#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) -- --#define M_ASN1_I2D_len_SET(a,f) \ -- ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); -- --#define M_ASN1_I2D_len_SET_type(type,a,f) \ -- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ -- V_ASN1_UNIVERSAL,IS_SET); -- --#define M_ASN1_I2D_len_SEQUENCE(a,f) \ -- ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ -- IS_SEQUENCE); -- --#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ -- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ -- V_ASN1_UNIVERSAL,IS_SEQUENCE) -- --#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- M_ASN1_I2D_len_SEQUENCE(a,f); -- --#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ -- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -- M_ASN1_I2D_len_SEQUENCE_type(type,a,f); -- --#define M_ASN1_I2D_len_IMP_SET(a,f,x) \ -- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); -- --#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ -- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -- V_ASN1_CONTEXT_SPECIFIC,IS_SET); -- --#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -- IS_SET); -- --#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ -- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -- V_ASN1_CONTEXT_SPECIFIC,IS_SET); -- --#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ -- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -- IS_SEQUENCE); -- --#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -- IS_SEQUENCE); -- --#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ -- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -- V_ASN1_CONTEXT_SPECIFIC, \ -- IS_SEQUENCE); -- --#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ -- if (a != NULL)\ -- { \ -- v=f(a,NULL); \ -- ret+=ASN1_object_size(1,v,mtag); \ -- } -- --#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ -- if ((a != NULL) && (sk_num(a) != 0))\ -- { \ -- v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ -- ret+=ASN1_object_size(1,v,mtag); \ -- } -- --#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ -- if ((a != NULL) && (sk_num(a) != 0))\ -- { \ -- v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ -- IS_SEQUENCE); \ -- ret+=ASN1_object_size(1,v,mtag); \ -- } -- --#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ -- if ((a != NULL) && (sk_##type##_num(a) != 0))\ -- { \ -- v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ -- V_ASN1_UNIVERSAL, \ -- IS_SEQUENCE); \ -- ret+=ASN1_object_size(1,v,mtag); \ -- } -+# define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) -+# define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) -+ -+# define M_ASN1_I2D_len_SET(a,f) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); -+ -+# define M_ASN1_I2D_len_SET_type(type,a,f) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ -+ V_ASN1_UNIVERSAL,IS_SET); -+ -+# define M_ASN1_I2D_len_SEQUENCE(a,f) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE); -+ -+# define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ -+ V_ASN1_UNIVERSAL,IS_SEQUENCE) -+ -+# define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_len_SEQUENCE(a,f); -+ -+# define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ M_ASN1_I2D_len_SEQUENCE_type(type,a,f); -+ -+# define M_ASN1_I2D_len_IMP_SET(a,f,x) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); -+ -+# define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC,IS_SET); -+ -+# define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SET); -+ -+# define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC,IS_SET); -+ -+# define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); -+ -+# define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); -+ -+# define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); -+ -+# define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ -+ if (a != NULL)\ -+ { \ -+ v=f(a,NULL); \ -+ ret+=ASN1_object_size(1,v,mtag); \ -+ } -+ -+# define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_num(a) != 0))\ -+ { \ -+ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ -+ ret+=ASN1_object_size(1,v,mtag); \ -+ } -+ -+# define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_num(a) != 0))\ -+ { \ -+ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE); \ -+ ret+=ASN1_object_size(1,v,mtag); \ -+ } -+ -+# define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0))\ -+ { \ -+ v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ -+ V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE); \ -+ ret+=ASN1_object_size(1,v,mtag); \ -+ } - - /* Put Macros */ --#define M_ASN1_I2D_put(a,f) f(a,&p) -- --#define M_ASN1_I2D_put_IMP_opt(a,f,t) \ -- if (a != NULL) \ -- { \ -- unsigned char *q=p; \ -- f(a,&p); \ -- *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ -- } -- --#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ -- V_ASN1_UNIVERSAL,IS_SET) --#define M_ASN1_I2D_put_SET_type(type,a,f) \ -+# define M_ASN1_I2D_put(a,f) f(a,&p) -+ -+# define M_ASN1_I2D_put_IMP_opt(a,f,t) \ -+ if (a != NULL) \ -+ { \ -+ unsigned char *q=p; \ -+ f(a,&p); \ -+ *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ -+ } -+ -+# define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ -+ V_ASN1_UNIVERSAL,IS_SET) -+# define M_ASN1_I2D_put_SET_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) --#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ -- V_ASN1_CONTEXT_SPECIFIC,IS_SET) --#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ -+# define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ -+ V_ASN1_CONTEXT_SPECIFIC,IS_SET) -+# define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ - i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) --#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ -- V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) -+# define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ -+ V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) - --#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ -- V_ASN1_UNIVERSAL,IS_SEQUENCE) -+# define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ -+ V_ASN1_UNIVERSAL,IS_SEQUENCE) - --#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ -+# define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ -- IS_SEQUENCE) -- --#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- M_ASN1_I2D_put_SEQUENCE(a,f); -- --#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -- IS_SET); } -- --#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ -- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ -- V_ASN1_CONTEXT_SPECIFIC, \ -- IS_SET); } -- --#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -- IS_SEQUENCE); } -- --#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ -- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ -- V_ASN1_CONTEXT_SPECIFIC, \ -- IS_SEQUENCE); } -- --#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ -- if (a != NULL) \ -- { \ -- ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ -- f(a,&p); \ -- } -- --#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- { \ -- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -- i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ -- } -- --#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ -- if ((a != NULL) && (sk_num(a) != 0)) \ -- { \ -- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -- i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ -- } -- --#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ -- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -- { \ -- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -- i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ -- IS_SEQUENCE); \ -- } -- --#define M_ASN1_I2D_seq_total() \ -- r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ -- if (pp == NULL) return(r); \ -- p= *pp; \ -- ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) -- --#define M_ASN1_I2D_INF_seq_start(tag,ctx) \ -- *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ -- *(p++)=0x80 -- --#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 -- --#define M_ASN1_I2D_finish() *pp=p; \ -- return(r); -+ IS_SEQUENCE) -+ -+# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ M_ASN1_I2D_put_SEQUENCE(a,f); -+ -+# define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SET); } -+ -+# define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SET); } -+ -+# define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); } -+ -+# define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ -+ V_ASN1_CONTEXT_SPECIFIC, \ -+ IS_SEQUENCE); } -+ -+# define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ -+ if (a != NULL) \ -+ { \ -+ ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ -+ f(a,&p); \ -+ } -+ -+# define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ { \ -+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -+ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ -+ } -+ -+# define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_num(a) != 0)) \ -+ { \ -+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -+ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ -+ } -+ -+# define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ -+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ -+ { \ -+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ -+ i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ -+ IS_SEQUENCE); \ -+ } -+ -+# define M_ASN1_I2D_seq_total() \ -+ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ -+ if (pp == NULL) return(r); \ -+ p= *pp; \ -+ ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) -+ -+# define M_ASN1_I2D_INF_seq_start(tag,ctx) \ -+ *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ -+ *(p++)=0x80 -+ -+# define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 -+ -+# define M_ASN1_I2D_finish() *pp=p; \ -+ return(r); - - int asn1_GetSequence(ASN1_const_CTX *c, long *length); --void asn1_add_error(const unsigned char *address,int offset); -+void asn1_add_error(const unsigned char *address, int offset); - #ifdef __cplusplus - } - #endif -diff --git a/Cryptlib/Include/openssl/asn1t.h b/Cryptlib/Include/openssl/asn1t.h -index ac14f94..0a868ac 100644 ---- a/Cryptlib/Include/openssl/asn1t.h -+++ b/Cryptlib/Include/openssl/asn1t.h -@@ -1,6 +1,7 @@ - /* asn1t.h */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,16 +57,16 @@ - * - */ - #ifndef HEADER_ASN1T_H --#define HEADER_ASN1T_H -+# define HEADER_ASN1T_H - --#include --#include --#include -+# include -+# include -+# include - --#ifdef OPENSSL_BUILD_SHLIBCRYPTO --# undef OPENSSL_EXTERN --# define OPENSSL_EXTERN OPENSSL_EXPORT --#endif -+# ifdef OPENSSL_BUILD_SHLIBCRYPTO -+# undef OPENSSL_EXTERN -+# define OPENSSL_EXTERN OPENSSL_EXPORT -+# endif - - /* ASN1 template defines, structures and functions */ - -@@ -73,505 +74,502 @@ - extern "C" { - #endif - -- --#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION - - /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ --#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) -- -+# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) - - /* Macros for start and end of ASN1_ITEM definition */ - --#define ASN1_ITEM_start(itname) \ -- OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { -+# define ASN1_ITEM_start(itname) \ -+ OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { - --#define ASN1_ITEM_end(itname) \ -- }; -+# define ASN1_ITEM_end(itname) \ -+ }; - --#else -+# else - - /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ --#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr())) -- -+# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr())) - - /* Macros for start and end of ASN1_ITEM definition */ - --#define ASN1_ITEM_start(itname) \ -- const ASN1_ITEM * itname##_it(void) \ -- { \ -- static const ASN1_ITEM local_it = { -- --#define ASN1_ITEM_end(itname) \ -- }; \ -- return &local_it; \ -- } -+# define ASN1_ITEM_start(itname) \ -+ const ASN1_ITEM * itname##_it(void) \ -+ { \ -+ static const ASN1_ITEM local_it = { - --#endif -+# define ASN1_ITEM_end(itname) \ -+ }; \ -+ return &local_it; \ -+ } - -+# endif - - /* Macros to aid ASN1 template writing */ - --#define ASN1_ITEM_TEMPLATE(tname) \ -- static const ASN1_TEMPLATE tname##_item_tt -- --#define ASN1_ITEM_TEMPLATE_END(tname) \ -- ;\ -- ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_PRIMITIVE,\ -- -1,\ -- &tname##_item_tt,\ -- 0,\ -- NULL,\ -- 0,\ -- #tname \ -- ASN1_ITEM_end(tname) -- -+# define ASN1_ITEM_TEMPLATE(tname) \ -+ static const ASN1_TEMPLATE tname##_item_tt -+ -+# define ASN1_ITEM_TEMPLATE_END(tname) \ -+ ;\ -+ ASN1_ITEM_start(tname) \ -+ ASN1_ITYPE_PRIMITIVE,\ -+ -1,\ -+ &tname##_item_tt,\ -+ 0,\ -+ NULL,\ -+ 0,\ -+ #tname \ -+ ASN1_ITEM_end(tname) - - /* This is a ASN1 type which just embeds a template */ -- --/* This pair helps declare a SEQUENCE. We can do: -+ -+/*- -+ * This pair helps declare a SEQUENCE. We can do: - * -- * ASN1_SEQUENCE(stname) = { -- * ... SEQUENCE components ... -- * } ASN1_SEQUENCE_END(stname) -+ * ASN1_SEQUENCE(stname) = { -+ * ... SEQUENCE components ... -+ * } ASN1_SEQUENCE_END(stname) - * -- * This will produce an ASN1_ITEM called stname_it -- * for a structure called stname. -+ * This will produce an ASN1_ITEM called stname_it -+ * for a structure called stname. - * -- * If you want the same structure but a different -- * name then use: -+ * If you want the same structure but a different -+ * name then use: - * -- * ASN1_SEQUENCE(itname) = { -- * ... SEQUENCE components ... -- * } ASN1_SEQUENCE_END_name(stname, itname) -+ * ASN1_SEQUENCE(itname) = { -+ * ... SEQUENCE components ... -+ * } ASN1_SEQUENCE_END_name(stname, itname) - * -- * This will create an item called itname_it using -- * a structure called stname. -+ * This will create an item called itname_it using -+ * a structure called stname. - */ - --#define ASN1_SEQUENCE(tname) \ -- static const ASN1_TEMPLATE tname##_seq_tt[] -- --#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) -- --#define ASN1_SEQUENCE_END_name(stname, tname) \ -- ;\ -- ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_SEQUENCE,\ -- V_ASN1_SEQUENCE,\ -- tname##_seq_tt,\ -- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -- NULL,\ -- sizeof(stname),\ -- #stname \ -- ASN1_ITEM_end(tname) -- --#define ASN1_NDEF_SEQUENCE(tname) \ -- ASN1_SEQUENCE(tname) -- --#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ -- ASN1_SEQUENCE_cb(tname, cb) -- --#define ASN1_SEQUENCE_cb(tname, cb) \ -- static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ -- ASN1_SEQUENCE(tname) -- --#define ASN1_BROKEN_SEQUENCE(tname) \ -- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ -- ASN1_SEQUENCE(tname) -- --#define ASN1_SEQUENCE_ref(tname, cb, lck) \ -- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ -- ASN1_SEQUENCE(tname) -- --#define ASN1_SEQUENCE_enc(tname, enc, cb) \ -- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ -- ASN1_SEQUENCE(tname) -- --#define ASN1_NDEF_SEQUENCE_END(tname) \ -- ;\ -- ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_NDEF_SEQUENCE,\ -- V_ASN1_SEQUENCE,\ -- tname##_seq_tt,\ -- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -- NULL,\ -- sizeof(tname),\ -- #tname \ -- ASN1_ITEM_end(tname) -- --#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) -- --#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) -- --#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) -- --#define ASN1_SEQUENCE_END_ref(stname, tname) \ -- ;\ -- ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_SEQUENCE,\ -- V_ASN1_SEQUENCE,\ -- tname##_seq_tt,\ -- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -- &tname##_aux,\ -- sizeof(stname),\ -- #stname \ -- ASN1_ITEM_end(tname) -- -- --/* This pair helps declare a CHOICE type. We can do: -+# define ASN1_SEQUENCE(tname) \ -+ static const ASN1_TEMPLATE tname##_seq_tt[] -+ -+# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) -+ -+# define ASN1_SEQUENCE_END_name(stname, tname) \ -+ ;\ -+ ASN1_ITEM_start(tname) \ -+ ASN1_ITYPE_SEQUENCE,\ -+ V_ASN1_SEQUENCE,\ -+ tname##_seq_tt,\ -+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -+ NULL,\ -+ sizeof(stname),\ -+ #stname \ -+ ASN1_ITEM_end(tname) -+ -+# define ASN1_NDEF_SEQUENCE(tname) \ -+ ASN1_SEQUENCE(tname) -+ -+# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ -+ ASN1_SEQUENCE_cb(tname, cb) -+ -+# define ASN1_SEQUENCE_cb(tname, cb) \ -+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ -+ ASN1_SEQUENCE(tname) -+ -+# define ASN1_BROKEN_SEQUENCE(tname) \ -+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ -+ ASN1_SEQUENCE(tname) -+ -+# define ASN1_SEQUENCE_ref(tname, cb, lck) \ -+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ -+ ASN1_SEQUENCE(tname) -+ -+# define ASN1_SEQUENCE_enc(tname, enc, cb) \ -+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ -+ ASN1_SEQUENCE(tname) -+ -+# define ASN1_NDEF_SEQUENCE_END(tname) \ -+ ;\ -+ ASN1_ITEM_start(tname) \ -+ ASN1_ITYPE_NDEF_SEQUENCE,\ -+ V_ASN1_SEQUENCE,\ -+ tname##_seq_tt,\ -+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -+ NULL,\ -+ sizeof(tname),\ -+ #tname \ -+ ASN1_ITEM_end(tname) -+ -+# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) -+ -+# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) -+ -+# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) -+ -+# define ASN1_SEQUENCE_END_ref(stname, tname) \ -+ ;\ -+ ASN1_ITEM_start(tname) \ -+ ASN1_ITYPE_SEQUENCE,\ -+ V_ASN1_SEQUENCE,\ -+ tname##_seq_tt,\ -+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -+ &tname##_aux,\ -+ sizeof(stname),\ -+ #stname \ -+ ASN1_ITEM_end(tname) -+ -+/*- -+ * This pair helps declare a CHOICE type. We can do: - * -- * ASN1_CHOICE(chname) = { -- * ... CHOICE options ... -- * ASN1_CHOICE_END(chname) -+ * ASN1_CHOICE(chname) = { -+ * ... CHOICE options ... -+ * ASN1_CHOICE_END(chname) - * -- * This will produce an ASN1_ITEM called chname_it -- * for a structure called chname. The structure -- * definition must look like this: -- * typedef struct { -- * int type; -- * union { -- * ASN1_SOMETHING *opt1; -- * ASN1_SOMEOTHER *opt2; -- * } value; -- * } chname; -- * -- * the name of the selector must be 'type'. -- * to use an alternative selector name use the -+ * This will produce an ASN1_ITEM called chname_it -+ * for a structure called chname. The structure -+ * definition must look like this: -+ * typedef struct { -+ * int type; -+ * union { -+ * ASN1_SOMETHING *opt1; -+ * ASN1_SOMEOTHER *opt2; -+ * } value; -+ * } chname; -+ * -+ * the name of the selector must be 'type'. -+ * to use an alternative selector name use the - * ASN1_CHOICE_END_selector() version. - */ - --#define ASN1_CHOICE(tname) \ -- static const ASN1_TEMPLATE tname##_ch_tt[] -- --#define ASN1_CHOICE_cb(tname, cb) \ -- static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ -- ASN1_CHOICE(tname) -- --#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) -- --#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) -- --#define ASN1_CHOICE_END_selector(stname, tname, selname) \ -- ;\ -- ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_CHOICE,\ -- offsetof(stname,selname) ,\ -- tname##_ch_tt,\ -- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ -- NULL,\ -- sizeof(stname),\ -- #stname \ -- ASN1_ITEM_end(tname) -- --#define ASN1_CHOICE_END_cb(stname, tname, selname) \ -- ;\ -- ASN1_ITEM_start(tname) \ -- ASN1_ITYPE_CHOICE,\ -- offsetof(stname,selname) ,\ -- tname##_ch_tt,\ -- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ -- &tname##_aux,\ -- sizeof(stname),\ -- #stname \ -- ASN1_ITEM_end(tname) -+# define ASN1_CHOICE(tname) \ -+ static const ASN1_TEMPLATE tname##_ch_tt[] -+ -+# define ASN1_CHOICE_cb(tname, cb) \ -+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ -+ ASN1_CHOICE(tname) -+ -+# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) -+ -+# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) -+ -+# define ASN1_CHOICE_END_selector(stname, tname, selname) \ -+ ;\ -+ ASN1_ITEM_start(tname) \ -+ ASN1_ITYPE_CHOICE,\ -+ offsetof(stname,selname) ,\ -+ tname##_ch_tt,\ -+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ -+ NULL,\ -+ sizeof(stname),\ -+ #stname \ -+ ASN1_ITEM_end(tname) -+ -+# define ASN1_CHOICE_END_cb(stname, tname, selname) \ -+ ;\ -+ ASN1_ITEM_start(tname) \ -+ ASN1_ITYPE_CHOICE,\ -+ offsetof(stname,selname) ,\ -+ tname##_ch_tt,\ -+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ -+ &tname##_aux,\ -+ sizeof(stname),\ -+ #stname \ -+ ASN1_ITEM_end(tname) - - /* This helps with the template wrapper form of ASN1_ITEM */ - --#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ -- (flags), (tag), 0,\ -- #name, ASN1_ITEM_ref(type) } -+# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ -+ (flags), (tag), 0,\ -+ #name, ASN1_ITEM_ref(type) } - - /* These help with SEQUENCE or CHOICE components */ - - /* used to declare other types */ - --#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ -- (flags), (tag), offsetof(stname, field),\ -- #field, ASN1_ITEM_ref(type) } -+# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ -+ (flags), (tag), offsetof(stname, field),\ -+ #field, ASN1_ITEM_ref(type) } - - /* used when the structure is combined with the parent */ - --#define ASN1_EX_COMBINE(flags, tag, type) { \ -- (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } -+# define ASN1_EX_COMBINE(flags, tag, type) { \ -+ (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } - - /* implicit and explicit helper macros */ - --#define ASN1_IMP_EX(stname, field, type, tag, ex) \ -- ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) -+# define ASN1_IMP_EX(stname, field, type, tag, ex) \ -+ ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) - --#define ASN1_EXP_EX(stname, field, type, tag, ex) \ -- ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) -+# define ASN1_EXP_EX(stname, field, type, tag, ex) \ -+ ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) - - /* Any defined by macros: the field used is in the table itself */ - --#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION --#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } --#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } --#else --#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } --#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } --#endif -+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -+# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } -+# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } -+# else -+# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } -+# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } -+# endif - /* Plain simple type */ --#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) -+# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) - - /* OPTIONAL simple type */ --#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) -+# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) - - /* IMPLICIT tagged simple type */ --#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) -+# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) - - /* IMPLICIT tagged OPTIONAL simple type */ --#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) -+# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) - - /* Same as above but EXPLICIT */ - --#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) --#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) -+# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) -+# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) - - /* SEQUENCE OF type */ --#define ASN1_SEQUENCE_OF(stname, field, type) \ -- ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) -+# define ASN1_SEQUENCE_OF(stname, field, type) \ -+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) - - /* OPTIONAL SEQUENCE OF */ --#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ -- ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) -+# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ -+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) - - /* Same as above but for SET OF */ - --#define ASN1_SET_OF(stname, field, type) \ -- ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) -+# define ASN1_SET_OF(stname, field, type) \ -+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) - --#define ASN1_SET_OF_OPT(stname, field, type) \ -- ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) -+# define ASN1_SET_OF_OPT(stname, field, type) \ -+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) - - /* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ - --#define ASN1_IMP_SET_OF(stname, field, type, tag) \ -- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) -+# define ASN1_IMP_SET_OF(stname, field, type, tag) \ -+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) - --#define ASN1_EXP_SET_OF(stname, field, type, tag) \ -- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) -+# define ASN1_EXP_SET_OF(stname, field, type, tag) \ -+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) - --#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ -- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) -+# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ -+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) - --#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ -- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) -+# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ -+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) - --#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ -- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) -+# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ -+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) - --#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ -- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) -+# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ -+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) - --#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ -- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) -+# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ -+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) - --#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ -- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) -+# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ -+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) - - /* EXPLICIT using indefinite length constructed form */ --#define ASN1_NDEF_EXP(stname, field, type, tag) \ -- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) -+# define ASN1_NDEF_EXP(stname, field, type, tag) \ -+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) - - /* EXPLICIT OPTIONAL using indefinite length constructed form */ --#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ -- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) -+# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ -+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) - - /* Macros for the ASN1_ADB structure */ - --#define ASN1_ADB(name) \ -- static const ASN1_ADB_TABLE name##_adbtbl[] -- --#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -- --#define ASN1_ADB_END(name, flags, field, app_table, def, none) \ -- ;\ -- static const ASN1_ADB name##_adb = {\ -- flags,\ -- offsetof(name, field),\ -- app_table,\ -- name##_adbtbl,\ -- sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ -- def,\ -- none\ -- } -- --#else -- --#define ASN1_ADB_END(name, flags, field, app_table, def, none) \ -- ;\ -- static const ASN1_ITEM *name##_adb(void) \ -- { \ -- static const ASN1_ADB internal_adb = \ -- {\ -- flags,\ -- offsetof(name, field),\ -- app_table,\ -- name##_adbtbl,\ -- sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ -- def,\ -- none\ -- }; \ -- return (const ASN1_ITEM *) &internal_adb; \ -- } \ -- void dummy_function(void) -- --#endif -- --#define ADB_ENTRY(val, template) {val, template} -+# define ASN1_ADB(name) \ -+ static const ASN1_ADB_TABLE name##_adbtbl[] -+ -+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -+ -+# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ -+ ;\ -+ static const ASN1_ADB name##_adb = {\ -+ flags,\ -+ offsetof(name, field),\ -+ app_table,\ -+ name##_adbtbl,\ -+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ -+ def,\ -+ none\ -+ } - --#define ASN1_ADB_TEMPLATE(name) \ -- static const ASN1_TEMPLATE name##_tt -+# else - --/* This is the ASN1 template structure that defines -- * a wrapper round the actual type. It determines the -- * actual position of the field in the value structure, -- * various flags such as OPTIONAL and the field name. -+# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ -+ ;\ -+ static const ASN1_ITEM *name##_adb(void) \ -+ { \ -+ static const ASN1_ADB internal_adb = \ -+ {\ -+ flags,\ -+ offsetof(name, field),\ -+ app_table,\ -+ name##_adbtbl,\ -+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ -+ def,\ -+ none\ -+ }; \ -+ return (const ASN1_ITEM *) &internal_adb; \ -+ } \ -+ void dummy_function(void) -+ -+# endif -+ -+# define ADB_ENTRY(val, template) {val, template} -+ -+# define ASN1_ADB_TEMPLATE(name) \ -+ static const ASN1_TEMPLATE name##_tt -+ -+/* -+ * This is the ASN1 template structure that defines a wrapper round the -+ * actual type. It determines the actual position of the field in the value -+ * structure, various flags such as OPTIONAL and the field name. - */ - - struct ASN1_TEMPLATE_st { --unsigned long flags; /* Various flags */ --long tag; /* tag, not used if no tagging */ --unsigned long offset; /* Offset of this field in structure */ --#ifndef NO_ASN1_FIELD_NAMES --const char *field_name; /* Field name */ --#endif --ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ -+ unsigned long flags; /* Various flags */ -+ long tag; /* tag, not used if no tagging */ -+ unsigned long offset; /* Offset of this field in structure */ -+# ifndef NO_ASN1_FIELD_NAMES -+ const char *field_name; /* Field name */ -+# endif -+ ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ - }; - - /* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ - --#define ASN1_TEMPLATE_item(t) (t->item_ptr) --#define ASN1_TEMPLATE_adb(t) (t->item_ptr) -+# define ASN1_TEMPLATE_item(t) (t->item_ptr) -+# define ASN1_TEMPLATE_adb(t) (t->item_ptr) - - typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; - typedef struct ASN1_ADB_st ASN1_ADB; - - struct ASN1_ADB_st { -- unsigned long flags; /* Various flags */ -- unsigned long offset; /* Offset of selector field */ -- STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ -- const ASN1_ADB_TABLE *tbl; /* Table of possible types */ -- long tblcount; /* Number of entries in tbl */ -- const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ -- const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ -+ unsigned long flags; /* Various flags */ -+ unsigned long offset; /* Offset of selector field */ -+ STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ -+ const ASN1_ADB_TABLE *tbl; /* Table of possible types */ -+ long tblcount; /* Number of entries in tbl */ -+ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ -+ const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ - }; - - struct ASN1_ADB_TABLE_st { -- long value; /* NID for an object or value for an int */ -- const ASN1_TEMPLATE tt; /* item for this value */ -+ long value; /* NID for an object or value for an int */ -+ const ASN1_TEMPLATE tt; /* item for this value */ - }; - - /* template flags */ - - /* Field is optional */ --#define ASN1_TFLG_OPTIONAL (0x1) -+# define ASN1_TFLG_OPTIONAL (0x1) - - /* Field is a SET OF */ --#define ASN1_TFLG_SET_OF (0x1 << 1) -+# define ASN1_TFLG_SET_OF (0x1 << 1) - - /* Field is a SEQUENCE OF */ --#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) -+# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) - --/* Special case: this refers to a SET OF that -- * will be sorted into DER order when encoded *and* -- * the corresponding STACK will be modified to match -- * the new order. -+/* -+ * Special case: this refers to a SET OF that will be sorted into DER order -+ * when encoded *and* the corresponding STACK will be modified to match the -+ * new order. - */ --#define ASN1_TFLG_SET_ORDER (0x3 << 1) -+# define ASN1_TFLG_SET_ORDER (0x3 << 1) - - /* Mask for SET OF or SEQUENCE OF */ --#define ASN1_TFLG_SK_MASK (0x3 << 1) -+# define ASN1_TFLG_SK_MASK (0x3 << 1) - --/* These flags mean the tag should be taken from the -- * tag field. If EXPLICIT then the underlying type -- * is used for the inner tag. -+/* -+ * These flags mean the tag should be taken from the tag field. If EXPLICIT -+ * then the underlying type is used for the inner tag. - */ - - /* IMPLICIT tagging */ --#define ASN1_TFLG_IMPTAG (0x1 << 3) -- -+# define ASN1_TFLG_IMPTAG (0x1 << 3) - - /* EXPLICIT tagging, inner tag from underlying type */ --#define ASN1_TFLG_EXPTAG (0x2 << 3) -+# define ASN1_TFLG_EXPTAG (0x2 << 3) - --#define ASN1_TFLG_TAG_MASK (0x3 << 3) -+# define ASN1_TFLG_TAG_MASK (0x3 << 3) - - /* context specific IMPLICIT */ --#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT -+# define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT - - /* context specific EXPLICIT */ --#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT -+# define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT - --/* If tagging is in force these determine the -- * type of tag to use. Otherwise the tag is -- * determined by the underlying type. These -- * values reflect the actual octet format. -+/* -+ * If tagging is in force these determine the type of tag to use. Otherwise -+ * the tag is determined by the underlying type. These values reflect the -+ * actual octet format. - */ - --/* Universal tag */ --#define ASN1_TFLG_UNIVERSAL (0x0<<6) --/* Application tag */ --#define ASN1_TFLG_APPLICATION (0x1<<6) --/* Context specific tag */ --#define ASN1_TFLG_CONTEXT (0x2<<6) --/* Private tag */ --#define ASN1_TFLG_PRIVATE (0x3<<6) -+/* Universal tag */ -+# define ASN1_TFLG_UNIVERSAL (0x0<<6) -+/* Application tag */ -+# define ASN1_TFLG_APPLICATION (0x1<<6) -+/* Context specific tag */ -+# define ASN1_TFLG_CONTEXT (0x2<<6) -+/* Private tag */ -+# define ASN1_TFLG_PRIVATE (0x3<<6) - --#define ASN1_TFLG_TAG_CLASS (0x3<<6) -+# define ASN1_TFLG_TAG_CLASS (0x3<<6) - --/* These are for ANY DEFINED BY type. In this case -- * the 'item' field points to an ASN1_ADB structure -- * which contains a table of values to decode the -+/* -+ * These are for ANY DEFINED BY type. In this case the 'item' field points to -+ * an ASN1_ADB structure which contains a table of values to decode the - * relevant type - */ - --#define ASN1_TFLG_ADB_MASK (0x3<<8) -+# define ASN1_TFLG_ADB_MASK (0x3<<8) - --#define ASN1_TFLG_ADB_OID (0x1<<8) -+# define ASN1_TFLG_ADB_OID (0x1<<8) - --#define ASN1_TFLG_ADB_INT (0x1<<9) -+# define ASN1_TFLG_ADB_INT (0x1<<9) - --/* This flag means a parent structure is passed -- * instead of the field: this is useful is a -- * SEQUENCE is being combined with a CHOICE for -- * example. Since this means the structure and -- * item name will differ we need to use the -+/* -+ * This flag means a parent structure is passed instead of the field: this is -+ * useful is a SEQUENCE is being combined with a CHOICE for example. Since -+ * this means the structure and item name will differ we need to use the - * ASN1_CHOICE_END_name() macro for example. - */ - --#define ASN1_TFLG_COMBINE (0x1<<10) -+# define ASN1_TFLG_COMBINE (0x1<<10) - --/* This flag when present in a SEQUENCE OF, SET OF -- * or EXPLICIT causes indefinite length constructed -- * encoding to be used if required. -+/* -+ * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes -+ * indefinite length constructed encoding to be used if required. - */ - --#define ASN1_TFLG_NDEF (0x1<<11) -+# define ASN1_TFLG_NDEF (0x1<<11) - - /* This is the actual ASN1 item itself */ - - struct ASN1_ITEM_st { --char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ --long utype; /* underlying type */ --const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ --long tcount; /* Number of templates if SEQUENCE or CHOICE */ --const void *funcs; /* functions that handle this type */ --long size; /* Structure size (usually)*/ --#ifndef NO_ASN1_FIELD_NAMES --const char *sname; /* Structure name */ --#endif -+ char itype; /* The item type, primitive, SEQUENCE, CHOICE -+ * or extern */ -+ long utype; /* underlying type */ -+ const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains -+ * the contents */ -+ long tcount; /* Number of templates if SEQUENCE or CHOICE */ -+ const void *funcs; /* functions that handle this type */ -+ long size; /* Structure size (usually) */ -+# ifndef NO_ASN1_FIELD_NAMES -+ const char *sname; /* Structure name */ -+# endif - }; - --/* These are values for the itype field and -+/*- -+ * These are values for the itype field and - * determine how the type is interpreted. - * - * For PRIMITIVE types the underlying type - * determines the behaviour if items is NULL. - * -- * Otherwise templates must contain a single -+ * Otherwise templates must contain a single - * template and the type is treated in the - * same way as the type specified in the template. - * -@@ -585,7 +583,7 @@ const char *sname; /* Structure name */ - * selector. - * - * The 'funcs' field is used for application -- * specific functions. -+ * specific functions. - * - * For COMPAT types the funcs field gives a - * set of functions that handle this type, this -@@ -609,237 +607,240 @@ const char *sname; /* Structure name */ - * - */ - --#define ASN1_ITYPE_PRIMITIVE 0x0 -+# define ASN1_ITYPE_PRIMITIVE 0x0 - --#define ASN1_ITYPE_SEQUENCE 0x1 -+# define ASN1_ITYPE_SEQUENCE 0x1 - --#define ASN1_ITYPE_CHOICE 0x2 -+# define ASN1_ITYPE_CHOICE 0x2 - --#define ASN1_ITYPE_COMPAT 0x3 -+# define ASN1_ITYPE_COMPAT 0x3 - --#define ASN1_ITYPE_EXTERN 0x4 -+# define ASN1_ITYPE_EXTERN 0x4 - --#define ASN1_ITYPE_MSTRING 0x5 -+# define ASN1_ITYPE_MSTRING 0x5 - --#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 -+# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 - --/* Cache for ASN1 tag and length, so we -- * don't keep re-reading it for things -+/* -+ * Cache for ASN1 tag and length, so we don't keep re-reading it for things - * like CHOICE - */ - --struct ASN1_TLC_st{ -- char valid; /* Values below are valid */ -- int ret; /* return value */ -- long plen; /* length */ -- int ptag; /* class value */ -- int pclass; /* class value */ -- int hdrlen; /* header length */ -+struct ASN1_TLC_st { -+ char valid; /* Values below are valid */ -+ int ret; /* return value */ -+ long plen; /* length */ -+ int ptag; /* class value */ -+ int pclass; /* class value */ -+ int hdrlen; /* header length */ - }; - - /* Typedefs for ASN1 function pointers */ - --typedef ASN1_VALUE * ASN1_new_func(void); -+typedef ASN1_VALUE *ASN1_new_func(void); - typedef void ASN1_free_func(ASN1_VALUE *a); --typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length); --typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in); -+typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in, -+ long length); -+typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in); - --typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx); -+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, -+ const ASN1_ITEM *it, int tag, int aclass, char opt, -+ ASN1_TLC *ctx); - --typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); -+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, -+ const ASN1_ITEM *it, int tag, int aclass); - typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); - typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); - --typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); --typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); -+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, -+ int *putype, const ASN1_ITEM *it); -+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, -+ int len, int utype, char *free_cont, -+ const ASN1_ITEM *it); - - typedef struct ASN1_COMPAT_FUNCS_st { -- ASN1_new_func *asn1_new; -- ASN1_free_func *asn1_free; -- ASN1_d2i_func *asn1_d2i; -- ASN1_i2d_func *asn1_i2d; -+ ASN1_new_func *asn1_new; -+ ASN1_free_func *asn1_free; -+ ASN1_d2i_func *asn1_d2i; -+ ASN1_i2d_func *asn1_i2d; - } ASN1_COMPAT_FUNCS; - - typedef struct ASN1_EXTERN_FUNCS_st { -- void *app_data; -- ASN1_ex_new_func *asn1_ex_new; -- ASN1_ex_free_func *asn1_ex_free; -- ASN1_ex_free_func *asn1_ex_clear; -- ASN1_ex_d2i *asn1_ex_d2i; -- ASN1_ex_i2d *asn1_ex_i2d; -+ void *app_data; -+ ASN1_ex_new_func *asn1_ex_new; -+ ASN1_ex_free_func *asn1_ex_free; -+ ASN1_ex_free_func *asn1_ex_clear; -+ ASN1_ex_d2i *asn1_ex_d2i; -+ ASN1_ex_i2d *asn1_ex_i2d; - } ASN1_EXTERN_FUNCS; - - typedef struct ASN1_PRIMITIVE_FUNCS_st { -- void *app_data; -- unsigned long flags; -- ASN1_ex_new_func *prim_new; -- ASN1_ex_free_func *prim_free; -- ASN1_ex_free_func *prim_clear; -- ASN1_primitive_c2i *prim_c2i; -- ASN1_primitive_i2c *prim_i2c; -+ void *app_data; -+ unsigned long flags; -+ ASN1_ex_new_func *prim_new; -+ ASN1_ex_free_func *prim_free; -+ ASN1_ex_free_func *prim_clear; -+ ASN1_primitive_c2i *prim_c2i; -+ ASN1_primitive_i2c *prim_i2c; - } ASN1_PRIMITIVE_FUNCS; - --/* This is the ASN1_AUX structure: it handles various -- * miscellaneous requirements. For example the use of -- * reference counts and an informational callback. -- * -- * The "informational callback" is called at various -- * points during the ASN1 encoding and decoding. It can -- * be used to provide minor customisation of the structures -- * used. This is most useful where the supplied routines -- * *almost* do the right thing but need some extra help -- * at a few points. If the callback returns zero then -- * it is assumed a fatal error has occurred and the -- * main operation should be abandoned. -- * -- * If major changes in the default behaviour are required -- * then an external type is more appropriate. -+/* -+ * This is the ASN1_AUX structure: it handles various miscellaneous -+ * requirements. For example the use of reference counts and an informational -+ * callback. The "informational callback" is called at various points during -+ * the ASN1 encoding and decoding. It can be used to provide minor -+ * customisation of the structures used. This is most useful where the -+ * supplied routines *almost* do the right thing but need some extra help at -+ * a few points. If the callback returns zero then it is assumed a fatal -+ * error has occurred and the main operation should be abandoned. If major -+ * changes in the default behaviour are required then an external type is -+ * more appropriate. - */ - - typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it); - - typedef struct ASN1_AUX_st { -- void *app_data; -- int flags; -- int ref_offset; /* Offset of reference value */ -- int ref_lock; /* Lock type to use */ -- ASN1_aux_cb *asn1_cb; -- int enc_offset; /* Offset of ASN1_ENCODING structure */ -+ void *app_data; -+ int flags; -+ int ref_offset; /* Offset of reference value */ -+ int ref_lock; /* Lock type to use */ -+ ASN1_aux_cb *asn1_cb; -+ int enc_offset; /* Offset of ASN1_ENCODING structure */ - } ASN1_AUX; - - /* Flags in ASN1_AUX */ - - /* Use a reference count */ --#define ASN1_AFLG_REFCOUNT 1 -+# define ASN1_AFLG_REFCOUNT 1 - /* Save the encoding of structure (useful for signatures) */ --#define ASN1_AFLG_ENCODING 2 -+# define ASN1_AFLG_ENCODING 2 - /* The Sequence length is invalid */ --#define ASN1_AFLG_BROKEN 4 -+# define ASN1_AFLG_BROKEN 4 - - /* operation values for asn1_cb */ - --#define ASN1_OP_NEW_PRE 0 --#define ASN1_OP_NEW_POST 1 --#define ASN1_OP_FREE_PRE 2 --#define ASN1_OP_FREE_POST 3 --#define ASN1_OP_D2I_PRE 4 --#define ASN1_OP_D2I_POST 5 --#define ASN1_OP_I2D_PRE 6 --#define ASN1_OP_I2D_POST 7 -+# define ASN1_OP_NEW_PRE 0 -+# define ASN1_OP_NEW_POST 1 -+# define ASN1_OP_FREE_PRE 2 -+# define ASN1_OP_FREE_POST 3 -+# define ASN1_OP_D2I_PRE 4 -+# define ASN1_OP_D2I_POST 5 -+# define ASN1_OP_I2D_PRE 6 -+# define ASN1_OP_I2D_POST 7 - - /* Macro to implement a primitive type */ --#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) --#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ -- ASN1_ITEM_start(itname) \ -- ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ -- ASN1_ITEM_end(itname) -+# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) -+# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ -+ ASN1_ITEM_start(itname) \ -+ ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ -+ ASN1_ITEM_end(itname) - - /* Macro to implement a multi string type */ --#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ -- ASN1_ITEM_start(itname) \ -- ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ -- ASN1_ITEM_end(itname) -+# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ -+ ASN1_ITEM_start(itname) \ -+ ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ -+ ASN1_ITEM_end(itname) - - /* Macro to implement an ASN1_ITEM in terms of old style funcs */ - --#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) -- --#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ -- static const ASN1_COMPAT_FUNCS sname##_ff = { \ -- (ASN1_new_func *)sname##_new, \ -- (ASN1_free_func *)sname##_free, \ -- (ASN1_d2i_func *)d2i_##sname, \ -- (ASN1_i2d_func *)i2d_##sname, \ -- }; \ -- ASN1_ITEM_start(sname) \ -- ASN1_ITYPE_COMPAT, \ -- tag, \ -- NULL, \ -- 0, \ -- &sname##_ff, \ -- 0, \ -- #sname \ -- ASN1_ITEM_end(sname) -- --#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ -- ASN1_ITEM_start(sname) \ -- ASN1_ITYPE_EXTERN, \ -- tag, \ -- NULL, \ -- 0, \ -- &fptrs, \ -- 0, \ -- #sname \ -- ASN1_ITEM_end(sname) -+# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) -+ -+# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ -+ static const ASN1_COMPAT_FUNCS sname##_ff = { \ -+ (ASN1_new_func *)sname##_new, \ -+ (ASN1_free_func *)sname##_free, \ -+ (ASN1_d2i_func *)d2i_##sname, \ -+ (ASN1_i2d_func *)i2d_##sname, \ -+ }; \ -+ ASN1_ITEM_start(sname) \ -+ ASN1_ITYPE_COMPAT, \ -+ tag, \ -+ NULL, \ -+ 0, \ -+ &sname##_ff, \ -+ 0, \ -+ #sname \ -+ ASN1_ITEM_end(sname) -+ -+# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ -+ ASN1_ITEM_start(sname) \ -+ ASN1_ITYPE_EXTERN, \ -+ tag, \ -+ NULL, \ -+ 0, \ -+ &fptrs, \ -+ 0, \ -+ #sname \ -+ ASN1_ITEM_end(sname) - - /* Macro to implement standard functions in terms of ASN1_ITEM structures */ - --#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) -- --#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) -- --#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ -- IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) -- --#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ -- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) -- --#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ -- stname *fname##_new(void) \ -- { \ -- return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ -- } \ -- void fname##_free(stname *a) \ -- { \ -- ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ -- } -- --#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ -- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ -- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) -- --#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ -- stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ -- { \ -- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ -- } \ -- int i2d_##fname(stname *a, unsigned char **out) \ -- { \ -- return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ -- } -- --#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ -- int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ -- { \ -- return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ -- } -- --/* This includes evil casts to remove const: they will go away when full -- * ASN1 constification is done. -+# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) -+ -+# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) -+ -+# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ -+ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) -+ -+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ -+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) -+ -+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ -+ stname *fname##_new(void) \ -+ { \ -+ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ -+ } \ -+ void fname##_free(stname *a) \ -+ { \ -+ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ -+ } -+ -+# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ -+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ -+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) -+ -+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ -+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ -+ { \ -+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ -+ } \ -+ int i2d_##fname(stname *a, unsigned char **out) \ -+ { \ -+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ -+ } -+ -+# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ -+ int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ -+ { \ -+ return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ -+ } -+ -+/* -+ * This includes evil casts to remove const: they will go away when full ASN1 -+ * constification is done. - */ --#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ -- stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ -- { \ -- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ -- } \ -- int i2d_##fname(const stname *a, unsigned char **out) \ -- { \ -- return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ -- } -- --#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ -- stname * stname##_dup(stname *x) \ -+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ -+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ -+ { \ -+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ -+ } \ -+ int i2d_##fname(const stname *a, unsigned char **out) \ -+ { \ -+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ -+ } -+ -+# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ -+ stname * stname##_dup(stname *x) \ - { \ - return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ - } - --#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ -- IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) -+# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ -+ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) - --#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ -- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ -- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) -+# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ -+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ -+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) - - /* external definitions for primitive types */ - -@@ -862,30 +863,40 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); - - void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); --int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt); --int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx); -- --int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); --int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt); -+int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, -+ const ASN1_TEMPLATE *tt); -+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, -+ const ASN1_ITEM *it, int tag, int aclass, char opt, -+ ASN1_TLC *ctx); -+ -+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, -+ const ASN1_ITEM *it, int tag, int aclass); -+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, -+ const ASN1_TEMPLATE *tt); - void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); - --int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); --int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); -+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, -+ const ASN1_ITEM *it); -+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -+ int utype, char *free_cont, const ASN1_ITEM *it); - - int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); --int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); -+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, -+ const ASN1_ITEM *it); - --ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - --const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); -+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, -+ int nullerr); - - int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); - - void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); - void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); --int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); --int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); -+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, -+ const ASN1_ITEM *it); -+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, -+ const ASN1_ITEM *it); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h -index 03bd3b2..9d29b36 100644 ---- a/Cryptlib/Include/openssl/bio.h -+++ b/Cryptlib/Include/openssl/bio.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,515 +57,528 @@ - */ - - #ifndef HEADER_BIO_H --#define HEADER_BIO_H -+# define HEADER_BIO_H - --#include -+# include - --#ifndef OPENSSL_NO_FP_API --# include --#endif --#include -+# ifndef OPENSSL_NO_FP_API -+# include -+# endif -+# include - --#include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - - /* These are the 'types' of BIOs */ --#define BIO_TYPE_NONE 0 --#define BIO_TYPE_MEM (1|0x0400) --#define BIO_TYPE_FILE (2|0x0400) -- --#define BIO_TYPE_FD (4|0x0400|0x0100) --#define BIO_TYPE_SOCKET (5|0x0400|0x0100) --#define BIO_TYPE_NULL (6|0x0400) --#define BIO_TYPE_SSL (7|0x0200) --#define BIO_TYPE_MD (8|0x0200) /* passive filter */ --#define BIO_TYPE_BUFFER (9|0x0200) /* filter */ --#define BIO_TYPE_CIPHER (10|0x0200) /* filter */ --#define BIO_TYPE_BASE64 (11|0x0200) /* filter */ --#define BIO_TYPE_CONNECT (12|0x0400|0x0100) /* socket - connect */ --#define BIO_TYPE_ACCEPT (13|0x0400|0x0100) /* socket for accept */ --#define BIO_TYPE_PROXY_CLIENT (14|0x0200) /* client proxy BIO */ --#define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */ --#define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */ --#define BIO_TYPE_NULL_FILTER (17|0x0200) --#define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ --#define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ --#define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ --#define BIO_TYPE_DGRAM (21|0x0400|0x0100) --#define BIO_TYPE_COMP (23|0x0200) /* filter */ -- --#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ --#define BIO_TYPE_FILTER 0x0200 --#define BIO_TYPE_SOURCE_SINK 0x0400 -- --/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free. -- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */ --#define BIO_NOCLOSE 0x00 --#define BIO_CLOSE 0x01 -- --/* These are used in the following macros and are passed to -- * BIO_ctrl() */ --#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */ --#define BIO_CTRL_EOF 2 /* opt - are we at the eof */ --#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ --#define BIO_CTRL_SET 4 /* man - set the 'IO' type */ --#define BIO_CTRL_GET 5 /* man - get the 'IO' type */ --#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ --#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ --#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ --#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ --#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ --#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */ --#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */ --#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */ -+# define BIO_TYPE_NONE 0 -+# define BIO_TYPE_MEM (1|0x0400) -+# define BIO_TYPE_FILE (2|0x0400) -+ -+# define BIO_TYPE_FD (4|0x0400|0x0100) -+# define BIO_TYPE_SOCKET (5|0x0400|0x0100) -+# define BIO_TYPE_NULL (6|0x0400) -+# define BIO_TYPE_SSL (7|0x0200) -+# define BIO_TYPE_MD (8|0x0200)/* passive filter */ -+# define BIO_TYPE_BUFFER (9|0x0200)/* filter */ -+# define BIO_TYPE_CIPHER (10|0x0200)/* filter */ -+# define BIO_TYPE_BASE64 (11|0x0200)/* filter */ -+# define BIO_TYPE_CONNECT (12|0x0400|0x0100)/* socket - connect */ -+# define BIO_TYPE_ACCEPT (13|0x0400|0x0100)/* socket for accept */ -+# define BIO_TYPE_PROXY_CLIENT (14|0x0200)/* client proxy BIO */ -+# define BIO_TYPE_PROXY_SERVER (15|0x0200)/* server proxy BIO */ -+# define BIO_TYPE_NBIO_TEST (16|0x0200)/* server proxy BIO */ -+# define BIO_TYPE_NULL_FILTER (17|0x0200) -+# define BIO_TYPE_BER (18|0x0200)/* BER -> bin filter */ -+# define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */ -+# define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */ -+# define BIO_TYPE_DGRAM (21|0x0400|0x0100) -+# define BIO_TYPE_COMP (23|0x0200)/* filter */ -+ -+# define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */ -+# define BIO_TYPE_FILTER 0x0200 -+# define BIO_TYPE_SOURCE_SINK 0x0400 -+ -+/* -+ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. -+ * BIO_set_fp(in,stdin,BIO_NOCLOSE); -+ */ -+# define BIO_NOCLOSE 0x00 -+# define BIO_CLOSE 0x01 -+ -+/* -+ * These are used in the following macros and are passed to BIO_ctrl() -+ */ -+# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ -+# define BIO_CTRL_EOF 2/* opt - are we at the eof */ -+# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ -+# define BIO_CTRL_SET 4/* man - set the 'IO' type */ -+# define BIO_CTRL_GET 5/* man - get the 'IO' type */ -+# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ -+# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ -+# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ -+# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ -+# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ -+# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ -+# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ -+# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ - /* callback is int cb(BIO *bio,state,ret); */ --#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */ --#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */ -+# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ -+# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ - --#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ -+# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ - - /* dgram BIO stuff */ --#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ --#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally -- * connected socket to be -- * passed in */ --#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ --#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ --#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ --#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ -- --#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ --#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */ -- -+# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ -+# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected -+ * socket to be passed in */ -+# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ -+# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ -+# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ -+# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ -+ -+# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ -+# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ -+ - /* #ifdef IP_MTU_DISCOVER */ --#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ -+# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ - /* #endif */ - --#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ --#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 --#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ --#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for -- * MTU. want to use this -- * if asking the kernel -- * fails */ -+# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ -+# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 -+# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ -+# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. -+ * want to use this if asking -+ * the kernel fails */ - --#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU -- * was exceed in the -- * previous write -- * operation */ -+# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was -+ * exceed in the previous write -+ * operation */ - --#define BIO_CTRL_DGRAM_GET_PEER 46 --#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ -+# define BIO_CTRL_DGRAM_GET_PEER 46 -+# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ - --#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to -- * adjust socket timeouts */ -+# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout -+ * to * adjust socket timeouts */ - - /* modifiers */ --#define BIO_FP_READ 0x02 --#define BIO_FP_WRITE 0x04 --#define BIO_FP_APPEND 0x08 --#define BIO_FP_TEXT 0x10 -- --#define BIO_FLAGS_READ 0x01 --#define BIO_FLAGS_WRITE 0x02 --#define BIO_FLAGS_IO_SPECIAL 0x04 --#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) --#define BIO_FLAGS_SHOULD_RETRY 0x08 --#ifndef BIO_FLAGS_UPLINK --/* "UPLINK" flag denotes file descriptors provided by application. -- It defaults to 0, as most platforms don't require UPLINK interface. */ --#define BIO_FLAGS_UPLINK 0 --#endif -+# define BIO_FP_READ 0x02 -+# define BIO_FP_WRITE 0x04 -+# define BIO_FP_APPEND 0x08 -+# define BIO_FP_TEXT 0x10 -+ -+# define BIO_FLAGS_READ 0x01 -+# define BIO_FLAGS_WRITE 0x02 -+# define BIO_FLAGS_IO_SPECIAL 0x04 -+# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) -+# define BIO_FLAGS_SHOULD_RETRY 0x08 -+# ifndef BIO_FLAGS_UPLINK -+/* -+ * "UPLINK" flag denotes file descriptors provided by application. It -+ * defaults to 0, as most platforms don't require UPLINK interface. -+ */ -+# define BIO_FLAGS_UPLINK 0 -+# endif - - /* Used in BIO_gethostbyname() */ --#define BIO_GHBN_CTRL_HITS 1 --#define BIO_GHBN_CTRL_MISSES 2 --#define BIO_GHBN_CTRL_CACHE_SIZE 3 --#define BIO_GHBN_CTRL_GET_ENTRY 4 --#define BIO_GHBN_CTRL_FLUSH 5 -+# define BIO_GHBN_CTRL_HITS 1 -+# define BIO_GHBN_CTRL_MISSES 2 -+# define BIO_GHBN_CTRL_CACHE_SIZE 3 -+# define BIO_GHBN_CTRL_GET_ENTRY 4 -+# define BIO_GHBN_CTRL_FLUSH 5 - - /* Mostly used in the SSL BIO */ --/* Not used anymore -+/*- -+ * Not used anymore - * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 - * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 -- * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 -+ * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 - */ - --#define BIO_FLAGS_BASE64_NO_NL 0x100 -+# define BIO_FLAGS_BASE64_NO_NL 0x100 - --/* This is used with memory BIOs: it means we shouldn't free up or change the -+/* -+ * This is used with memory BIOs: it means we shouldn't free up or change the - * data in any way. - */ --#define BIO_FLAGS_MEM_RDONLY 0x200 -+# define BIO_FLAGS_MEM_RDONLY 0x200 - - typedef struct bio_st BIO; - - void BIO_set_flags(BIO *b, int flags); --int BIO_test_flags(const BIO *b, int flags); -+int BIO_test_flags(const BIO *b, int flags); - void BIO_clear_flags(BIO *b, int flags); - --#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) --#define BIO_set_retry_special(b) \ -- BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) --#define BIO_set_retry_read(b) \ -- BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) --#define BIO_set_retry_write(b) \ -- BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) -+# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) -+# define BIO_set_retry_special(b) \ -+ BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) -+# define BIO_set_retry_read(b) \ -+ BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) -+# define BIO_set_retry_write(b) \ -+ BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) - - /* These are normally used internally in BIOs */ --#define BIO_clear_retry_flags(b) \ -- BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) --#define BIO_get_retry_flags(b) \ -- BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) -+# define BIO_clear_retry_flags(b) \ -+ BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) -+# define BIO_get_retry_flags(b) \ -+ BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) - - /* These should be used by the application to tell why we should retry */ --#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) --#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) --#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) --#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) --#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) -- --/* The next three are used in conjunction with the -- * BIO_should_io_special() condition. After this returns true, -- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO -- * stack and return the 'reason' for the special and the offending BIO. -- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */ --/* Returned from the SSL bio when the certificate retrieval code had an error */ --#define BIO_RR_SSL_X509_LOOKUP 0x01 -+# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) -+# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) -+# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) -+# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) -+# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) -+ -+/* -+ * The next three are used in conjunction with the BIO_should_io_special() -+ * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int -+ * *reason); will walk the BIO stack and return the 'reason' for the special -+ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return -+ * the code. -+ */ -+/* -+ * Returned from the SSL bio when the certificate retrieval code had an error -+ */ -+# define BIO_RR_SSL_X509_LOOKUP 0x01 - /* Returned from the connect BIO when a connect would have blocked */ --#define BIO_RR_CONNECT 0x02 -+# define BIO_RR_CONNECT 0x02 - /* Returned from the accept BIO when an accept would have blocked */ --#define BIO_RR_ACCEPT 0x03 -+# define BIO_RR_ACCEPT 0x03 - - /* These are passed by the BIO callback */ --#define BIO_CB_FREE 0x01 --#define BIO_CB_READ 0x02 --#define BIO_CB_WRITE 0x03 --#define BIO_CB_PUTS 0x04 --#define BIO_CB_GETS 0x05 --#define BIO_CB_CTRL 0x06 -- --/* The callback is called before and after the underling operation, -- * The BIO_CB_RETURN flag indicates if it is after the call */ --#define BIO_CB_RETURN 0x80 --#define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) --#define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) --#define BIO_cb_post(a) ((a)&BIO_CB_RETURN) -- --long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long); --void BIO_set_callback(BIO *b, -- long (*callback)(struct bio_st *,int,const char *,int, long,long)); -+# define BIO_CB_FREE 0x01 -+# define BIO_CB_READ 0x02 -+# define BIO_CB_WRITE 0x03 -+# define BIO_CB_PUTS 0x04 -+# define BIO_CB_GETS 0x05 -+# define BIO_CB_CTRL 0x06 -+ -+/* -+ * The callback is called before and after the underling operation, The -+ * BIO_CB_RETURN flag indicates if it is after the call -+ */ -+# define BIO_CB_RETURN 0x80 -+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) -+# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) -+# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) -+ -+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *, -+ int, long, long); -+void BIO_set_callback(BIO *b, -+ long (*callback) (struct bio_st *, int, const char *, -+ int, long, long)); - char *BIO_get_callback_arg(const BIO *b); - void BIO_set_callback_arg(BIO *b, char *arg); - --const char * BIO_method_name(const BIO *b); -+const char *BIO_method_name(const BIO *b); - int BIO_method_type(const BIO *b); - --typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); -- --#ifndef OPENSSL_SYS_WIN16 --typedef struct bio_method_st -- { -- int type; -- const char *name; -- int (*bwrite)(BIO *, const char *, int); -- int (*bread)(BIO *, char *, int); -- int (*bputs)(BIO *, const char *); -- int (*bgets)(BIO *, char *, int); -- long (*ctrl)(BIO *, int, long, void *); -- int (*create)(BIO *); -- int (*destroy)(BIO *); -- long (*callback_ctrl)(BIO *, int, bio_info_cb *); -- } BIO_METHOD; --#else --typedef struct bio_method_st -- { -- int type; -- const char *name; -- int (_far *bwrite)(); -- int (_far *bread)(); -- int (_far *bputs)(); -- int (_far *bgets)(); -- long (_far *ctrl)(); -- int (_far *create)(); -- int (_far *destroy)(); -- long (_far *callback_ctrl)(); -- } BIO_METHOD; --#endif -+typedef void bio_info_cb (struct bio_st *, int, const char *, int, long, -+ long); -+ -+# ifndef OPENSSL_SYS_WIN16 -+typedef struct bio_method_st { -+ int type; -+ const char *name; -+ int (*bwrite) (BIO *, const char *, int); -+ int (*bread) (BIO *, char *, int); -+ int (*bputs) (BIO *, const char *); -+ int (*bgets) (BIO *, char *, int); -+ long (*ctrl) (BIO *, int, long, void *); -+ int (*create) (BIO *); -+ int (*destroy) (BIO *); -+ long (*callback_ctrl) (BIO *, int, bio_info_cb *); -+} BIO_METHOD; -+# else -+typedef struct bio_method_st { -+ int type; -+ const char *name; -+ int (_far * bwrite) (); -+ int (_far * bread) (); -+ int (_far * bputs) (); -+ int (_far * bgets) (); -+ long (_far * ctrl) (); -+ int (_far * create) (); -+ int (_far * destroy) (); -+ long (_far * callback_ctrl) (); -+} BIO_METHOD; -+# endif - --struct bio_st -- { -- BIO_METHOD *method; -- /* bio, mode, argp, argi, argl, ret */ -- long (*callback)(struct bio_st *,int,const char *,int, long,long); -- char *cb_arg; /* first argument for the callback */ -- -- int init; -- int shutdown; -- int flags; /* extra storage */ -- int retry_reason; -- int num; -- void *ptr; -- struct bio_st *next_bio; /* used by filter BIOs */ -- struct bio_st *prev_bio; /* used by filter BIOs */ -- int references; -- unsigned long num_read; -- unsigned long num_write; -- -- CRYPTO_EX_DATA ex_data; -- }; -+struct bio_st { -+ BIO_METHOD *method; -+ /* bio, mode, argp, argi, argl, ret */ -+ long (*callback) (struct bio_st *, int, const char *, int, long, long); -+ char *cb_arg; /* first argument for the callback */ -+ int init; -+ int shutdown; -+ int flags; /* extra storage */ -+ int retry_reason; -+ int num; -+ void *ptr; -+ struct bio_st *next_bio; /* used by filter BIOs */ -+ struct bio_st *prev_bio; /* used by filter BIOs */ -+ int references; -+ unsigned long num_read; -+ unsigned long num_write; -+ CRYPTO_EX_DATA ex_data; -+}; - - DECLARE_STACK_OF(BIO) - --typedef struct bio_f_buffer_ctx_struct -- { -- /* Buffers are setup like this: -- * -- * <---------------------- size -----------------------> -- * +---------------------------------------------------+ -- * | consumed | remaining | free space | -- * +---------------------------------------------------+ -- * <-- off --><------- len -------> -- */ -- -- /* BIO *bio; */ /* this is now in the BIO struct */ -- int ibuf_size; /* how big is the input buffer */ -- int obuf_size; /* how big is the output buffer */ -- -- char *ibuf; /* the char array */ -- int ibuf_len; /* how many bytes are in it */ -- int ibuf_off; /* write/read offset */ -- -- char *obuf; /* the char array */ -- int obuf_len; /* how many bytes are in it */ -- int obuf_off; /* write/read offset */ -- } BIO_F_BUFFER_CTX; -+typedef struct bio_f_buffer_ctx_struct { -+ /*- -+ * Buffers are setup like this: -+ * -+ * <---------------------- size -----------------------> -+ * +---------------------------------------------------+ -+ * | consumed | remaining | free space | -+ * +---------------------------------------------------+ -+ * <-- off --><------- len -------> -+ */ -+ /*- BIO *bio; *//* -+ * this is now in the BIO struct -+ */ -+ int ibuf_size; /* how big is the input buffer */ -+ int obuf_size; /* how big is the output buffer */ -+ char *ibuf; /* the char array */ -+ int ibuf_len; /* how many bytes are in it */ -+ int ibuf_off; /* write/read offset */ -+ char *obuf; /* the char array */ -+ int obuf_len; /* how many bytes are in it */ -+ int obuf_off; /* write/read offset */ -+} BIO_F_BUFFER_CTX; - - /* connect BIO stuff */ --#define BIO_CONN_S_BEFORE 1 --#define BIO_CONN_S_GET_IP 2 --#define BIO_CONN_S_GET_PORT 3 --#define BIO_CONN_S_CREATE_SOCKET 4 --#define BIO_CONN_S_CONNECT 5 --#define BIO_CONN_S_OK 6 --#define BIO_CONN_S_BLOCKED_CONNECT 7 --#define BIO_CONN_S_NBIO 8 --/*#define BIO_CONN_get_param_hostname BIO_ctrl */ -- --#define BIO_C_SET_CONNECT 100 --#define BIO_C_DO_STATE_MACHINE 101 --#define BIO_C_SET_NBIO 102 --#define BIO_C_SET_PROXY_PARAM 103 --#define BIO_C_SET_FD 104 --#define BIO_C_GET_FD 105 --#define BIO_C_SET_FILE_PTR 106 --#define BIO_C_GET_FILE_PTR 107 --#define BIO_C_SET_FILENAME 108 --#define BIO_C_SET_SSL 109 --#define BIO_C_GET_SSL 110 --#define BIO_C_SET_MD 111 --#define BIO_C_GET_MD 112 --#define BIO_C_GET_CIPHER_STATUS 113 --#define BIO_C_SET_BUF_MEM 114 --#define BIO_C_GET_BUF_MEM_PTR 115 --#define BIO_C_GET_BUFF_NUM_LINES 116 --#define BIO_C_SET_BUFF_SIZE 117 --#define BIO_C_SET_ACCEPT 118 --#define BIO_C_SSL_MODE 119 --#define BIO_C_GET_MD_CTX 120 --#define BIO_C_GET_PROXY_PARAM 121 --#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */ --#define BIO_C_GET_CONNECT 123 --#define BIO_C_GET_ACCEPT 124 --#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 --#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 --#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 --#define BIO_C_FILE_SEEK 128 --#define BIO_C_GET_CIPHER_CTX 129 --#define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/ --#define BIO_C_SET_BIND_MODE 131 --#define BIO_C_GET_BIND_MODE 132 --#define BIO_C_FILE_TELL 133 --#define BIO_C_GET_SOCKS 134 --#define BIO_C_SET_SOCKS 135 -- --#define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ --#define BIO_C_GET_WRITE_BUF_SIZE 137 --#define BIO_C_MAKE_BIO_PAIR 138 --#define BIO_C_DESTROY_BIO_PAIR 139 --#define BIO_C_GET_WRITE_GUARANTEE 140 --#define BIO_C_GET_READ_REQUEST 141 --#define BIO_C_SHUTDOWN_WR 142 --#define BIO_C_NREAD0 143 --#define BIO_C_NREAD 144 --#define BIO_C_NWRITE0 145 --#define BIO_C_NWRITE 146 --#define BIO_C_RESET_READ_REQUEST 147 --#define BIO_C_SET_MD_CTX 148 -- -- --#define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) --#define BIO_get_app_data(s) BIO_get_ex_data(s,0) -+# define BIO_CONN_S_BEFORE 1 -+# define BIO_CONN_S_GET_IP 2 -+# define BIO_CONN_S_GET_PORT 3 -+# define BIO_CONN_S_CREATE_SOCKET 4 -+# define BIO_CONN_S_CONNECT 5 -+# define BIO_CONN_S_OK 6 -+# define BIO_CONN_S_BLOCKED_CONNECT 7 -+# define BIO_CONN_S_NBIO 8 -+/* -+ * #define BIO_CONN_get_param_hostname BIO_ctrl -+ */ - --/* BIO_s_connect() and BIO_s_socks4a_connect() */ --#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) --#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) --#define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) --#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) --#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) --#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) --#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) --#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) -+# define BIO_C_SET_CONNECT 100 -+# define BIO_C_DO_STATE_MACHINE 101 -+# define BIO_C_SET_NBIO 102 -+# define BIO_C_SET_PROXY_PARAM 103 -+# define BIO_C_SET_FD 104 -+# define BIO_C_GET_FD 105 -+# define BIO_C_SET_FILE_PTR 106 -+# define BIO_C_GET_FILE_PTR 107 -+# define BIO_C_SET_FILENAME 108 -+# define BIO_C_SET_SSL 109 -+# define BIO_C_GET_SSL 110 -+# define BIO_C_SET_MD 111 -+# define BIO_C_GET_MD 112 -+# define BIO_C_GET_CIPHER_STATUS 113 -+# define BIO_C_SET_BUF_MEM 114 -+# define BIO_C_GET_BUF_MEM_PTR 115 -+# define BIO_C_GET_BUFF_NUM_LINES 116 -+# define BIO_C_SET_BUFF_SIZE 117 -+# define BIO_C_SET_ACCEPT 118 -+# define BIO_C_SSL_MODE 119 -+# define BIO_C_GET_MD_CTX 120 -+# define BIO_C_GET_PROXY_PARAM 121 -+# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ -+# define BIO_C_GET_CONNECT 123 -+# define BIO_C_GET_ACCEPT 124 -+# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 -+# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 -+# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 -+# define BIO_C_FILE_SEEK 128 -+# define BIO_C_GET_CIPHER_CTX 129 -+# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input -+ * value */ -+# define BIO_C_SET_BIND_MODE 131 -+# define BIO_C_GET_BIND_MODE 132 -+# define BIO_C_FILE_TELL 133 -+# define BIO_C_GET_SOCKS 134 -+# define BIO_C_SET_SOCKS 135 -+ -+# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ -+# define BIO_C_GET_WRITE_BUF_SIZE 137 -+# define BIO_C_MAKE_BIO_PAIR 138 -+# define BIO_C_DESTROY_BIO_PAIR 139 -+# define BIO_C_GET_WRITE_GUARANTEE 140 -+# define BIO_C_GET_READ_REQUEST 141 -+# define BIO_C_SHUTDOWN_WR 142 -+# define BIO_C_NREAD0 143 -+# define BIO_C_NREAD 144 -+# define BIO_C_NWRITE0 145 -+# define BIO_C_NWRITE 146 -+# define BIO_C_RESET_READ_REQUEST 147 -+# define BIO_C_SET_MD_CTX 148 -+ -+# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) -+# define BIO_get_app_data(s) BIO_get_ex_data(s,0) - -+/* BIO_s_connect() and BIO_s_socks4a_connect() */ -+# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) -+# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) -+# define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) -+# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) -+# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) -+# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) -+# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -+# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) - --#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) -+# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) - - /* BIO_s_accept_socket() */ --#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) --#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) --/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ --#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) --#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) -- --#define BIO_BIND_NORMAL 0 --#define BIO_BIND_REUSEADDR_IF_UNUSED 1 --#define BIO_BIND_REUSEADDR 2 --#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) --#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) -- --#define BIO_do_connect(b) BIO_do_handshake(b) --#define BIO_do_accept(b) BIO_do_handshake(b) --#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) -+# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) -+# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) -+/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ -+# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) -+# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) -+ -+# define BIO_BIND_NORMAL 0 -+# define BIO_BIND_REUSEADDR_IF_UNUSED 1 -+# define BIO_BIND_REUSEADDR 2 -+# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -+# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) -+ -+# define BIO_do_connect(b) BIO_do_handshake(b) -+# define BIO_do_accept(b) BIO_do_handshake(b) -+# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) - - /* BIO_s_proxy_client() */ --#define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) --#define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) -+# define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) -+# define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) - /* BIO_set_nbio(b,n) */ --#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) -+# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) - /* BIO *BIO_get_filter_bio(BIO *bio); */ --#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) --#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) --#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) -+# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) -+# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) -+# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) - --#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) --#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) --#define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) --#define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) -+# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) -+# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) -+# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) -+# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) - --#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) --#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) -+# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) -+# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) - --#define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) --#define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) -+# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) -+# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) - --#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) --#define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) -+# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) -+# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) - --/* name is cast to lose const, but might be better to route through a function -- so we can do it safely */ --#ifdef CONST_STRICT --/* If you are wondering why this isn't defined, its because CONST_STRICT is -+/* -+ * name is cast to lose const, but might be better to route through a -+ * function so we can do it safely -+ */ -+# ifdef CONST_STRICT -+/* -+ * If you are wondering why this isn't defined, its because CONST_STRICT is - * purely a compile-time kludge to allow const to be checked. - */ --int BIO_read_filename(BIO *b,const char *name); --#else --#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ -- BIO_CLOSE|BIO_FP_READ,(char *)name) --#endif --#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ -- BIO_CLOSE|BIO_FP_WRITE,name) --#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ -- BIO_CLOSE|BIO_FP_APPEND,name) --#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ -- BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) -- --/* WARNING WARNING, this ups the reference count on the read bio of the -- * SSL structure. This is because the ssl read BIO is now pointed to by -- * the next_bio field in the bio. So when you free the BIO, make sure -- * you are doing a BIO_free_all() to catch the underlying BIO. */ --#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) --#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) --#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) --#define BIO_set_ssl_renegotiate_bytes(b,num) \ -- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); --#define BIO_get_num_renegotiates(b) \ -- BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); --#define BIO_set_ssl_renegotiate_timeout(b,seconds) \ -- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); -+int BIO_read_filename(BIO *b, const char *name); -+# else -+# define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ -+ BIO_CLOSE|BIO_FP_READ,(char *)name) -+# endif -+# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ -+ BIO_CLOSE|BIO_FP_WRITE,name) -+# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ -+ BIO_CLOSE|BIO_FP_APPEND,name) -+# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ -+ BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) -+ -+/* -+ * WARNING WARNING, this ups the reference count on the read bio of the SSL -+ * structure. This is because the ssl read BIO is now pointed to by the -+ * next_bio field in the bio. So when you free the BIO, make sure you are -+ * doing a BIO_free_all() to catch the underlying BIO. -+ */ -+# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) -+# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) -+# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) -+# define BIO_set_ssl_renegotiate_bytes(b,num) \ -+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); -+# define BIO_get_num_renegotiates(b) \ -+ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); -+# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ -+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); - - /* defined in evp.h */ --/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ -+/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ - --#define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) --#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) --#define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) --#define BIO_set_mem_eof_return(b,v) \ -- BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) -+# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) -+# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) -+# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) -+# define BIO_set_mem_eof_return(b,v) \ -+ BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) - - /* For the BIO_f_buffer() type */ --#define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) --#define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) --#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) --#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) --#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) -+# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) -+# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) -+# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) -+# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) -+# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) - - /* Don't use the next one unless you know what you are doing :-) */ --#define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) -- --#define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) --#define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) --#define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) --#define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) --#define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) --#define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) -+# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) -+ -+# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) -+# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) -+# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) -+# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) -+# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) -+# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) - /* ...pending macros have inappropriate return type */ - size_t BIO_ctrl_pending(BIO *b); - size_t BIO_ctrl_wpending(BIO *b); --#define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) --#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ -- cbp) --#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) -+# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) -+# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ -+ cbp) -+# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) - - /* For the BIO_f_buffer() type */ --#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) -+# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) - - /* For BIO_s_bio() */ --#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) --#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) --#define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) --#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) --#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) -+# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) -+# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) -+# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) -+# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) -+# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) - /* macros with inappropriate type -- but ...pending macros use int too: */ --#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) --#define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) -+# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) -+# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) - size_t BIO_ctrl_get_write_guarantee(BIO *b); - size_t BIO_ctrl_get_read_request(BIO *b); - int BIO_ctrl_reset_read_request(BIO *b); - - /* ctrl macros for dgram */ --#define BIO_ctrl_dgram_connect(b,peer) \ -+# define BIO_ctrl_dgram_connect(b,peer) \ - (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) --#define BIO_ctrl_set_connected(b, state, peer) \ -+# define BIO_ctrl_set_connected(b, state, peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) --#define BIO_dgram_recv_timedout(b) \ -+# define BIO_dgram_recv_timedout(b) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) --#define BIO_dgram_send_timedout(b) \ -+# define BIO_dgram_send_timedout(b) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) --#define BIO_dgram_get_peer(b,peer) \ -+# define BIO_dgram_get_peer(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) --#define BIO_dgram_set_peer(b,peer) \ -+# define BIO_dgram_set_peer(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) - - /* These two aren't currently implemented */ - /* int BIO_get_ex_num(BIO *bio); */ - /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ --int BIO_set_ex_data(BIO *bio,int idx,void *data); --void *BIO_get_ex_data(BIO *bio,int idx); -+int BIO_set_ex_data(BIO *bio, int idx, void *data); -+void *BIO_get_ex_data(BIO *bio, int idx); - int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - unsigned long BIO_number_read(BIO *bio); - unsigned long BIO_number_written(BIO *bio); - -@@ -574,52 +587,54 @@ unsigned long BIO_number_written(BIO *bio); - BIO_METHOD *BIO_s_file_internal(void); - BIO *BIO_new_file_internal(char *filename, char *mode); - BIO *BIO_new_fp_internal(FILE *stream, int close_flag); --# define BIO_s_file BIO_s_file_internal --# define BIO_new_file BIO_new_file_internal --# define BIO_new_fp BIO_new_fp_internal --# else /* FP_API */ --BIO_METHOD *BIO_s_file(void ); -+# define BIO_s_file BIO_s_file_internal -+# define BIO_new_file BIO_new_file_internal -+# define BIO_new_fp BIO_new_fp_internal -+# else /* FP_API */ -+BIO_METHOD *BIO_s_file(void); - BIO *BIO_new_file(const char *filename, const char *mode); - BIO *BIO_new_fp(FILE *stream, int close_flag); --# define BIO_s_file_internal BIO_s_file --# define BIO_new_file_internal BIO_new_file --# define BIO_new_fp_internal BIO_s_file --# endif /* FP_API */ -+# define BIO_s_file_internal BIO_s_file -+# define BIO_new_file_internal BIO_new_file -+# define BIO_new_fp_internal BIO_s_file -+# endif /* FP_API */ - # endif --BIO * BIO_new(BIO_METHOD *type); --int BIO_set(BIO *a,BIO_METHOD *type); --int BIO_free(BIO *a); --void BIO_vfree(BIO *a); --int BIO_read(BIO *b, void *data, int len); --int BIO_gets(BIO *bp,char *buf, int size); --int BIO_write(BIO *b, const void *data, int len); --int BIO_puts(BIO *bp,const char *buf); --int BIO_indent(BIO *b,int indent,int max); --long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); --long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); --char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); --long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg); --BIO * BIO_push(BIO *b,BIO *append); --BIO * BIO_pop(BIO *b); --void BIO_free_all(BIO *a); --BIO * BIO_find_type(BIO *b,int bio_type); --BIO * BIO_next(BIO *b); --BIO * BIO_get_retry_BIO(BIO *bio, int *reason); --int BIO_get_retry_reason(BIO *bio); --BIO * BIO_dup_chain(BIO *in); -+BIO *BIO_new(BIO_METHOD *type); -+int BIO_set(BIO *a, BIO_METHOD *type); -+int BIO_free(BIO *a); -+void BIO_vfree(BIO *a); -+int BIO_read(BIO *b, void *data, int len); -+int BIO_gets(BIO *bp, char *buf, int size); -+int BIO_write(BIO *b, const void *data, int len); -+int BIO_puts(BIO *bp, const char *buf); -+int BIO_indent(BIO *b, int indent, int max); -+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); -+long BIO_callback_ctrl(BIO *b, int cmd, -+ void (*fp) (struct bio_st *, int, const char *, int, -+ long, long)); -+char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); -+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); -+BIO *BIO_push(BIO *b, BIO *append); -+BIO *BIO_pop(BIO *b); -+void BIO_free_all(BIO *a); -+BIO *BIO_find_type(BIO *b, int bio_type); -+BIO *BIO_next(BIO *b); -+BIO *BIO_get_retry_BIO(BIO *bio, int *reason); -+int BIO_get_retry_reason(BIO *bio); -+BIO *BIO_dup_chain(BIO *in); - - int BIO_nread0(BIO *bio, char **buf); - int BIO_nread(BIO *bio, char **buf, int num); - int BIO_nwrite0(BIO *bio, char **buf); - int BIO_nwrite(BIO *bio, char **buf, int num); - --#ifndef OPENSSL_SYS_WIN16 --long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, -- long argl,long ret); --#else --long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, -- long argl,long ret); --#endif -+# ifndef OPENSSL_SYS_WIN16 -+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, -+ long argl, long ret); -+# else -+long _far _loadds BIO_debug_callback(BIO *bio, int cmd, const char *argp, -+ int argi, long argl, long ret); -+# endif - - BIO_METHOD *BIO_s_mem(void); - BIO *BIO_new_mem_buf(void *buf, int len); -@@ -627,20 +642,20 @@ BIO_METHOD *BIO_s_socket(void); - BIO_METHOD *BIO_s_connect(void); - BIO_METHOD *BIO_s_accept(void); - BIO_METHOD *BIO_s_fd(void); --#ifndef OPENSSL_SYS_OS2 -+# ifndef OPENSSL_SYS_OS2 - BIO_METHOD *BIO_s_log(void); --#endif -+# endif - BIO_METHOD *BIO_s_bio(void); - BIO_METHOD *BIO_s_null(void); - BIO_METHOD *BIO_f_null(void); - BIO_METHOD *BIO_f_buffer(void); --#ifdef OPENSSL_SYS_VMS -+# ifdef OPENSSL_SYS_VMS - BIO_METHOD *BIO_f_linebuffer(void); --#endif -+# endif - BIO_METHOD *BIO_f_nbio_test(void); --#ifndef OPENSSL_NO_DGRAM -+# ifndef OPENSSL_NO_DGRAM - BIO_METHOD *BIO_s_datagram(void); --#endif -+# endif - - /* BIO_METHOD *BIO_f_ber(void); */ - -@@ -650,18 +665,19 @@ int BIO_dgram_non_fatal_error(int error); - - int BIO_fd_should_retry(int i); - int BIO_fd_non_fatal_error(int error); --int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), -- void *u, const char *s, int len); --int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), -- void *u, const char *s, int len, int indent); --int BIO_dump(BIO *b,const char *bytes,int len); --int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); --#ifndef OPENSSL_NO_FP_API -+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), -+ void *u, const char *s, int len); -+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), -+ void *u, const char *s, int len, int indent); -+int BIO_dump(BIO *b, const char *bytes, int len); -+int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); -+# ifndef OPENSSL_NO_FP_API - int BIO_dump_fp(FILE *fp, const char *s, int len); - int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); --#endif -+# endif - struct hostent *BIO_gethostbyname(const char *name); --/* We might want a thread-safe interface too: -+/*- -+ * We might want a thread-safe interface too: - * struct hostent *BIO_gethostbyname_r(const char *name, - * struct hostent *result, void *buffer, size_t buflen); - * or something similar (caller allocates a struct hostent, -@@ -671,14 +687,14 @@ struct hostent *BIO_gethostbyname(const char *name); - */ - int BIO_sock_error(int sock); - int BIO_socket_ioctl(int fd, long type, void *arg); --int BIO_socket_nbio(int fd,int mode); -+int BIO_socket_nbio(int fd, int mode); - int BIO_get_port(const char *str, unsigned short *port_ptr); - int BIO_get_host_ip(const char *str, unsigned char *ip); --int BIO_get_accept_socket(char *host_port,int mode); --int BIO_accept(int sock,char **ip_port); --int BIO_sock_init(void ); -+int BIO_get_accept_socket(char *host_port, int mode); -+int BIO_accept(int sock, char **ip_port); -+int BIO_sock_init(void); - void BIO_sock_cleanup(void); --int BIO_set_tcp_ndelay(int sock,int turn_on); -+int BIO_set_tcp_ndelay(int sock, int turn_on); - - BIO *BIO_new_socket(int sock, int close_flag); - BIO *BIO_new_dgram(int fd, int close_flag); -@@ -687,33 +703,37 @@ BIO *BIO_new_connect(char *host_port); - BIO *BIO_new_accept(char *host_port); - - int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, -- BIO **bio2, size_t writebuf2); --/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. -- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. -- * Size 0 uses default value. -+ BIO **bio2, size_t writebuf2); -+/* -+ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. -+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default -+ * value. - */ - - void BIO_copy_next_retry(BIO *b); - --/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ -+/* -+ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); -+ */ - --#ifdef __GNUC__ -+# ifdef __GNUC__ - # define __bio_h__attr__ __attribute__ --#else -+# else - # define __bio_h__attr__(x) --#endif -+# endif - int BIO_printf(BIO *bio, const char *format, ...) -- __bio_h__attr__((__format__(__printf__,2,3))); -+__bio_h__attr__((__format__(__printf__, 2, 3))); - int BIO_vprintf(BIO *bio, const char *format, va_list args) -- __bio_h__attr__((__format__(__printf__,2,0))); -+__bio_h__attr__((__format__(__printf__, 2, 0))); - int BIO_snprintf(char *buf, size_t n, const char *format, ...) -- __bio_h__attr__((__format__(__printf__,3,4))); -+__bio_h__attr__((__format__(__printf__, 3, 4))); - int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) -- __bio_h__attr__((__format__(__printf__,3,0))); --#undef __bio_h__attr__ -+__bio_h__attr__((__format__(__printf__, 3, 0))); -+# undef __bio_h__attr__ - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_BIO_strings(void); -@@ -721,69 +741,69 @@ void ERR_load_BIO_strings(void); - /* Error codes for the BIO functions. */ - - /* Function codes. */ --#define BIO_F_ACPT_STATE 100 --#define BIO_F_BIO_ACCEPT 101 --#define BIO_F_BIO_BER_GET_HEADER 102 --#define BIO_F_BIO_CALLBACK_CTRL 131 --#define BIO_F_BIO_CTRL 103 --#define BIO_F_BIO_GETHOSTBYNAME 120 --#define BIO_F_BIO_GETS 104 --#define BIO_F_BIO_GET_ACCEPT_SOCKET 105 --#define BIO_F_BIO_GET_HOST_IP 106 --#define BIO_F_BIO_GET_PORT 107 --#define BIO_F_BIO_MAKE_PAIR 121 --#define BIO_F_BIO_NEW 108 --#define BIO_F_BIO_NEW_FILE 109 --#define BIO_F_BIO_NEW_MEM_BUF 126 --#define BIO_F_BIO_NREAD 123 --#define BIO_F_BIO_NREAD0 124 --#define BIO_F_BIO_NWRITE 125 --#define BIO_F_BIO_NWRITE0 122 --#define BIO_F_BIO_PUTS 110 --#define BIO_F_BIO_READ 111 --#define BIO_F_BIO_SOCK_INIT 112 --#define BIO_F_BIO_WRITE 113 --#define BIO_F_BUFFER_CTRL 114 --#define BIO_F_CONN_CTRL 127 --#define BIO_F_CONN_STATE 115 --#define BIO_F_FILE_CTRL 116 --#define BIO_F_FILE_READ 130 --#define BIO_F_LINEBUFFER_CTRL 129 --#define BIO_F_MEM_READ 128 --#define BIO_F_MEM_WRITE 117 --#define BIO_F_SSL_NEW 118 --#define BIO_F_WSASTARTUP 119 -+# define BIO_F_ACPT_STATE 100 -+# define BIO_F_BIO_ACCEPT 101 -+# define BIO_F_BIO_BER_GET_HEADER 102 -+# define BIO_F_BIO_CALLBACK_CTRL 131 -+# define BIO_F_BIO_CTRL 103 -+# define BIO_F_BIO_GETHOSTBYNAME 120 -+# define BIO_F_BIO_GETS 104 -+# define BIO_F_BIO_GET_ACCEPT_SOCKET 105 -+# define BIO_F_BIO_GET_HOST_IP 106 -+# define BIO_F_BIO_GET_PORT 107 -+# define BIO_F_BIO_MAKE_PAIR 121 -+# define BIO_F_BIO_NEW 108 -+# define BIO_F_BIO_NEW_FILE 109 -+# define BIO_F_BIO_NEW_MEM_BUF 126 -+# define BIO_F_BIO_NREAD 123 -+# define BIO_F_BIO_NREAD0 124 -+# define BIO_F_BIO_NWRITE 125 -+# define BIO_F_BIO_NWRITE0 122 -+# define BIO_F_BIO_PUTS 110 -+# define BIO_F_BIO_READ 111 -+# define BIO_F_BIO_SOCK_INIT 112 -+# define BIO_F_BIO_WRITE 113 -+# define BIO_F_BUFFER_CTRL 114 -+# define BIO_F_CONN_CTRL 127 -+# define BIO_F_CONN_STATE 115 -+# define BIO_F_FILE_CTRL 116 -+# define BIO_F_FILE_READ 130 -+# define BIO_F_LINEBUFFER_CTRL 129 -+# define BIO_F_MEM_READ 128 -+# define BIO_F_MEM_WRITE 117 -+# define BIO_F_SSL_NEW 118 -+# define BIO_F_WSASTARTUP 119 - - /* Reason codes. */ --#define BIO_R_ACCEPT_ERROR 100 --#define BIO_R_BAD_FOPEN_MODE 101 --#define BIO_R_BAD_HOSTNAME_LOOKUP 102 --#define BIO_R_BROKEN_PIPE 124 --#define BIO_R_CONNECT_ERROR 103 --#define BIO_R_EOF_ON_MEMORY_BIO 127 --#define BIO_R_ERROR_SETTING_NBIO 104 --#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 --#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 --#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 --#define BIO_R_INVALID_ARGUMENT 125 --#define BIO_R_INVALID_IP_ADDRESS 108 --#define BIO_R_IN_USE 123 --#define BIO_R_KEEPALIVE 109 --#define BIO_R_NBIO_CONNECT_ERROR 110 --#define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 --#define BIO_R_NO_HOSTNAME_SPECIFIED 112 --#define BIO_R_NO_PORT_DEFINED 113 --#define BIO_R_NO_PORT_SPECIFIED 114 --#define BIO_R_NO_SUCH_FILE 128 --#define BIO_R_NULL_PARAMETER 115 --#define BIO_R_TAG_MISMATCH 116 --#define BIO_R_UNABLE_TO_BIND_SOCKET 117 --#define BIO_R_UNABLE_TO_CREATE_SOCKET 118 --#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 --#define BIO_R_UNINITIALIZED 120 --#define BIO_R_UNSUPPORTED_METHOD 121 --#define BIO_R_WRITE_TO_READ_ONLY_BIO 126 --#define BIO_R_WSASTARTUP 122 -+# define BIO_R_ACCEPT_ERROR 100 -+# define BIO_R_BAD_FOPEN_MODE 101 -+# define BIO_R_BAD_HOSTNAME_LOOKUP 102 -+# define BIO_R_BROKEN_PIPE 124 -+# define BIO_R_CONNECT_ERROR 103 -+# define BIO_R_EOF_ON_MEMORY_BIO 127 -+# define BIO_R_ERROR_SETTING_NBIO 104 -+# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 -+# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 -+# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 -+# define BIO_R_INVALID_ARGUMENT 125 -+# define BIO_R_INVALID_IP_ADDRESS 108 -+# define BIO_R_IN_USE 123 -+# define BIO_R_KEEPALIVE 109 -+# define BIO_R_NBIO_CONNECT_ERROR 110 -+# define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 -+# define BIO_R_NO_HOSTNAME_SPECIFIED 112 -+# define BIO_R_NO_PORT_DEFINED 113 -+# define BIO_R_NO_PORT_SPECIFIED 114 -+# define BIO_R_NO_SUCH_FILE 128 -+# define BIO_R_NULL_PARAMETER 115 -+# define BIO_R_TAG_MISMATCH 116 -+# define BIO_R_UNABLE_TO_BIND_SOCKET 117 -+# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 -+# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 -+# define BIO_R_UNINITIALIZED 120 -+# define BIO_R_UNSUPPORTED_METHOD 121 -+# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 -+# define BIO_R_WSASTARTUP 122 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/blowfish.h b/Cryptlib/Include/openssl/blowfish.h -index d24ffcc..db19b9a 100644 ---- a/Cryptlib/Include/openssl/blowfish.h -+++ b/Cryptlib/Include/openssl/blowfish.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,69 +57,70 @@ - */ - - #ifndef HEADER_BLOWFISH_H --#define HEADER_BLOWFISH_H -+# define HEADER_BLOWFISH_H - --#include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#ifdef OPENSSL_NO_BF --#error BF is disabled. --#endif -+# ifdef OPENSSL_NO_BF -+# error BF is disabled. -+# endif - --#define BF_ENCRYPT 1 --#define BF_DECRYPT 0 -+# define BF_ENCRYPT 1 -+# define BF_DECRYPT 0 - --/* -+/*- - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! BF_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ - --#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) --#define BF_LONG unsigned long --#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) --#define BF_LONG unsigned long --#define BF_LONG_LOG2 3 -+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -+# define BF_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define BF_LONG unsigned long -+# define BF_LONG_LOG2 3 - /* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... -- * -+ * - */ --#else --#define BF_LONG unsigned int --#endif -+# else -+# define BF_LONG unsigned int -+# endif - --#define BF_ROUNDS 16 --#define BF_BLOCK 8 -+# define BF_ROUNDS 16 -+# define BF_BLOCK 8 - --typedef struct bf_key_st -- { -- BF_LONG P[BF_ROUNDS+2]; -- BF_LONG S[4*256]; -- } BF_KEY; -+typedef struct bf_key_st { -+ BF_LONG P[BF_ROUNDS + 2]; -+ BF_LONG S[4 * 256]; -+} BF_KEY; - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); --#endif -+# endif - void BF_set_key(BF_KEY *key, int len, const unsigned char *data); - --void BF_encrypt(BF_LONG *data,const BF_KEY *key); --void BF_decrypt(BF_LONG *data,const BF_KEY *key); -+void BF_encrypt(BF_LONG *data, const BF_KEY *key); -+void BF_decrypt(BF_LONG *data, const BF_KEY *key); - - void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, -- const BF_KEY *key, int enc); -+ const BF_KEY *key, int enc); - void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, -- const BF_KEY *schedule, unsigned char *ivec, int enc); --void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, -- const BF_KEY *schedule, unsigned char *ivec, int *num, int enc); --void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, -- const BF_KEY *schedule, unsigned char *ivec, int *num); -+ const BF_KEY *schedule, unsigned char *ivec, int enc); -+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, const BF_KEY *schedule, -+ unsigned char *ivec, int *num, int enc); -+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, const BF_KEY *schedule, -+ unsigned char *ivec, int *num); - const char *BF_options(void); - - #ifdef __cplusplus -diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h -index 688a4e7..6dc2d75 100644 ---- a/Cryptlib/Include/openssl/bn.h -+++ b/Cryptlib/Include/openssl/bn.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,214 +58,226 @@ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -- * Portions of the attached software ("Contribution") are developed by -+ * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the Eric Young open source - * license provided above. - * -- * The binary polynomial arithmetic software is originally written by -+ * The binary polynomial arithmetic software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - - #ifndef HEADER_BN_H --#define HEADER_BN_H -+# define HEADER_BN_H - --#include --#ifndef OPENSSL_NO_FP_API --#include /* FILE */ --#endif --#include -+# include -+# ifndef OPENSSL_NO_FP_API -+# include /* FILE */ -+# endif -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --/* These preprocessor symbols control various aspects of the bignum headers and -- * library code. They're not defined by any "normal" configuration, as they are -- * intended for development and testing purposes. NB: defining all three can be -- * useful for debugging application code as well as openssl itself. -- * -- * BN_DEBUG - turn on various debugging alterations to the bignum code -- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up -+/* -+ * These preprocessor symbols control various aspects of the bignum headers -+ * and library code. They're not defined by any "normal" configuration, as -+ * they are intended for development and testing purposes. NB: defining all -+ * three can be useful for debugging application code as well as openssl -+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum -+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up - * mismanagement of bignum internals. You must also define BN_DEBUG. - */ - /* #define BN_DEBUG */ - /* #define BN_DEBUG_RAND */ - --#define BN_MUL_COMBA --#define BN_SQR_COMBA --#define BN_RECURSION -- --/* This next option uses the C libraries (2 word)/(1 word) function. -- * If it is not defined, I use my C version (which is slower). -- * The reason for this flag is that when the particular C compiler -- * library routine is used, and the library is linked with a different -- * compiler, the library is missing. This mostly happens when the -- * library is built with gcc and then linked using normal cc. This would -- * be a common occurrence because gcc normally produces code that is -- * 2 times faster than system compilers for the big number stuff. -- * For machines with only one compiler (or shared libraries), this should -- * be on. Again this in only really a problem on machines -- * using "long long's", are 32bit, and are not using my assembler code. */ --#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ -+# define BN_MUL_COMBA -+# define BN_SQR_COMBA -+# define BN_RECURSION -+ -+/* -+ * This next option uses the C libraries (2 word)/(1 word) function. If it is -+ * not defined, I use my C version (which is slower). The reason for this -+ * flag is that when the particular C compiler library routine is used, and -+ * the library is linked with a different compiler, the library is missing. -+ * This mostly happens when the library is built with gcc and then linked -+ * using normal cc. This would be a common occurrence because gcc normally -+ * produces code that is 2 times faster than system compilers for the big -+ * number stuff. For machines with only one compiler (or shared libraries), -+ * this should be on. Again this in only really a problem on machines using -+ * "long long's", are 32bit, and are not using my assembler code. -+ */ -+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) --# ifndef BN_DIV2W --# define BN_DIV2W -+# ifndef BN_DIV2W -+# define BN_DIV2W -+# endif - # endif --#endif -- --/* assuming long is 64bit - this is the DEC Alpha -- * unsigned long long is only 64 bits :-(, don't define -- * BN_LLONG for the DEC Alpha */ --#ifdef SIXTY_FOUR_BIT_LONG --#define BN_ULLONG unsigned long long --#define BN_ULONG unsigned long --#define BN_LONG long --#define BN_BITS 128 --#define BN_BYTES 8 --#define BN_BITS2 64 --#define BN_BITS4 32 --#define BN_MASK (0xffffffffffffffffffffffffffffffffLL) --#define BN_MASK2 (0xffffffffffffffffL) --#define BN_MASK2l (0xffffffffL) --#define BN_MASK2h (0xffffffff00000000L) --#define BN_MASK2h1 (0xffffffff80000000L) --#define BN_TBIT (0x8000000000000000L) --#define BN_DEC_CONV (10000000000000000000UL) --#define BN_DEC_FMT1 "%lu" --#define BN_DEC_FMT2 "%019lu" --#define BN_DEC_NUM 19 --#endif - --/* This is where the long long data type is 64 bits, but long is 32. -- * For machines where there are 64bit registers, this is the mode to use. -- * IRIX, on R4000 and above should use this mode, along with the relevant -- * assembler code :-). Do NOT define BN_LLONG. -+/* -+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only -+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha - */ --#ifdef SIXTY_FOUR_BIT --#undef BN_LLONG --#undef BN_ULLONG --#define BN_ULONG unsigned long long --#define BN_LONG long long --#define BN_BITS 128 --#define BN_BYTES 8 --#define BN_BITS2 64 --#define BN_BITS4 32 --#define BN_MASK2 (0xffffffffffffffffLL) --#define BN_MASK2l (0xffffffffL) --#define BN_MASK2h (0xffffffff00000000LL) --#define BN_MASK2h1 (0xffffffff80000000LL) --#define BN_TBIT (0x8000000000000000LL) --#define BN_DEC_CONV (10000000000000000000ULL) --#define BN_DEC_FMT1 "%llu" --#define BN_DEC_FMT2 "%019llu" --#define BN_DEC_NUM 19 --#endif -+# ifdef SIXTY_FOUR_BIT_LONG -+# define BN_ULLONG unsigned long long -+# define BN_ULONG unsigned long -+# define BN_LONG long -+# define BN_BITS 128 -+# define BN_BYTES 8 -+# define BN_BITS2 64 -+# define BN_BITS4 32 -+# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) -+# define BN_MASK2 (0xffffffffffffffffL) -+# define BN_MASK2l (0xffffffffL) -+# define BN_MASK2h (0xffffffff00000000L) -+# define BN_MASK2h1 (0xffffffff80000000L) -+# define BN_TBIT (0x8000000000000000L) -+# define BN_DEC_CONV (10000000000000000000UL) -+# define BN_DEC_FMT1 "%lu" -+# define BN_DEC_FMT2 "%019lu" -+# define BN_DEC_NUM 19 -+# endif - --#ifdef THIRTY_TWO_BIT --#ifdef BN_LLONG --# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) --# define BN_ULLONG unsigned __int64 --# else --# define BN_ULLONG unsigned long long -+/* -+ * This is where the long long data type is 64 bits, but long is 32. For -+ * machines where there are 64bit registers, this is the mode to use. IRIX, -+ * on R4000 and above should use this mode, along with the relevant assembler -+ * code :-). Do NOT define BN_LLONG. -+ */ -+# ifdef SIXTY_FOUR_BIT -+# undef BN_LLONG -+# undef BN_ULLONG -+# define BN_ULONG unsigned long long -+# define BN_LONG long long -+# define BN_BITS 128 -+# define BN_BYTES 8 -+# define BN_BITS2 64 -+# define BN_BITS4 32 -+# define BN_MASK2 (0xffffffffffffffffLL) -+# define BN_MASK2l (0xffffffffL) -+# define BN_MASK2h (0xffffffff00000000LL) -+# define BN_MASK2h1 (0xffffffff80000000LL) -+# define BN_TBIT (0x8000000000000000LL) -+# define BN_DEC_CONV (10000000000000000000ULL) -+# define BN_DEC_FMT1 "%llu" -+# define BN_DEC_FMT2 "%019llu" -+# define BN_DEC_NUM 19 - # endif --#endif --#define BN_ULONG unsigned long --#define BN_LONG long --#define BN_BITS 64 --#define BN_BYTES 4 --#define BN_BITS2 32 --#define BN_BITS4 16 --#ifdef OPENSSL_SYS_WIN32 -+ -+# ifdef THIRTY_TWO_BIT -+# ifdef BN_LLONG -+# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) -+# define BN_ULLONG unsigned __int64 -+# else -+# define BN_ULLONG unsigned long long -+# endif -+# endif -+# define BN_ULONG unsigned long -+# define BN_LONG long -+# define BN_BITS 64 -+# define BN_BYTES 4 -+# define BN_BITS2 32 -+# define BN_BITS4 16 -+# ifdef OPENSSL_SYS_WIN32 - /* VC++ doesn't like the LL suffix */ --#define BN_MASK (0xffffffffffffffffL) --#else --#define BN_MASK (0xffffffffffffffffLL) --#endif --#define BN_MASK2 (0xffffffffL) --#define BN_MASK2l (0xffff) --#define BN_MASK2h1 (0xffff8000L) --#define BN_MASK2h (0xffff0000L) --#define BN_TBIT (0x80000000L) --#define BN_DEC_CONV (1000000000L) --#define BN_DEC_FMT1 "%lu" --#define BN_DEC_FMT2 "%09lu" --#define BN_DEC_NUM 9 --#endif -+# define BN_MASK (0xffffffffffffffffL) -+# else -+# define BN_MASK (0xffffffffffffffffLL) -+# endif -+# define BN_MASK2 (0xffffffffL) -+# define BN_MASK2l (0xffff) -+# define BN_MASK2h1 (0xffff8000L) -+# define BN_MASK2h (0xffff0000L) -+# define BN_TBIT (0x80000000L) -+# define BN_DEC_CONV (1000000000L) -+# define BN_DEC_FMT1 "%lu" -+# define BN_DEC_FMT2 "%09lu" -+# define BN_DEC_NUM 9 -+# endif - --#ifdef SIXTEEN_BIT --#ifndef BN_DIV2W --#define BN_DIV2W --#endif --#define BN_ULLONG unsigned long --#define BN_ULONG unsigned short --#define BN_LONG short --#define BN_BITS 32 --#define BN_BYTES 2 --#define BN_BITS2 16 --#define BN_BITS4 8 --#define BN_MASK (0xffffffff) --#define BN_MASK2 (0xffff) --#define BN_MASK2l (0xff) --#define BN_MASK2h1 (0xff80) --#define BN_MASK2h (0xff00) --#define BN_TBIT (0x8000) --#define BN_DEC_CONV (100000) --#define BN_DEC_FMT1 "%u" --#define BN_DEC_FMT2 "%05u" --#define BN_DEC_NUM 5 --#endif -+# ifdef SIXTEEN_BIT -+# ifndef BN_DIV2W -+# define BN_DIV2W -+# endif -+# define BN_ULLONG unsigned long -+# define BN_ULONG unsigned short -+# define BN_LONG short -+# define BN_BITS 32 -+# define BN_BYTES 2 -+# define BN_BITS2 16 -+# define BN_BITS4 8 -+# define BN_MASK (0xffffffff) -+# define BN_MASK2 (0xffff) -+# define BN_MASK2l (0xff) -+# define BN_MASK2h1 (0xff80) -+# define BN_MASK2h (0xff00) -+# define BN_TBIT (0x8000) -+# define BN_DEC_CONV (100000) -+# define BN_DEC_FMT1 "%u" -+# define BN_DEC_FMT2 "%05u" -+# define BN_DEC_NUM 5 -+# endif - --#ifdef EIGHT_BIT --#ifndef BN_DIV2W --#define BN_DIV2W --#endif --#define BN_ULLONG unsigned short --#define BN_ULONG unsigned char --#define BN_LONG char --#define BN_BITS 16 --#define BN_BYTES 1 --#define BN_BITS2 8 --#define BN_BITS4 4 --#define BN_MASK (0xffff) --#define BN_MASK2 (0xff) --#define BN_MASK2l (0xf) --#define BN_MASK2h1 (0xf8) --#define BN_MASK2h (0xf0) --#define BN_TBIT (0x80) --#define BN_DEC_CONV (100) --#define BN_DEC_FMT1 "%u" --#define BN_DEC_FMT2 "%02u" --#define BN_DEC_NUM 2 --#endif -+# ifdef EIGHT_BIT -+# ifndef BN_DIV2W -+# define BN_DIV2W -+# endif -+# define BN_ULLONG unsigned short -+# define BN_ULONG unsigned char -+# define BN_LONG char -+# define BN_BITS 16 -+# define BN_BYTES 1 -+# define BN_BITS2 8 -+# define BN_BITS4 4 -+# define BN_MASK (0xffff) -+# define BN_MASK2 (0xff) -+# define BN_MASK2l (0xf) -+# define BN_MASK2h1 (0xf8) -+# define BN_MASK2h (0xf0) -+# define BN_TBIT (0x80) -+# define BN_DEC_CONV (100) -+# define BN_DEC_FMT1 "%u" -+# define BN_DEC_FMT2 "%02u" -+# define BN_DEC_NUM 2 -+# endif - --#define BN_DEFAULT_BITS 1280 -+# define BN_DEFAULT_BITS 1280 - --#define BN_FLG_MALLOCED 0x01 --#define BN_FLG_STATIC_DATA 0x02 --#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, -- * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, -- * BN_div() will call BN_div_no_branch, -- * BN_mod_inverse() will call BN_mod_inverse_no_branch. -- */ -+# define BN_FLG_MALLOCED 0x01 -+# define BN_FLG_STATIC_DATA 0x02 - --#ifndef OPENSSL_NO_DEPRECATED --#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ -- /* avoid leaking exponent information through timings -- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ --#endif -+/* -+ * avoid leaking exponent information through timing, -+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, -+ * BN_div() will call BN_div_no_branch, -+ * BN_mod_inverse() will call BN_mod_inverse_no_branch. -+ */ -+# define BN_FLG_CONSTTIME 0x04 -+ -+# ifdef OPENSSL_NO_DEPRECATED -+/* deprecated name for the flag */ -+# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME -+/* -+ * avoid leaking exponent information through timings -+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) -+ */ -+# endif - --#ifndef OPENSSL_NO_DEPRECATED --#define BN_FLG_FREE 0x8000 /* used for debuging */ --#endif --#define BN_set_flags(b,n) ((b)->flags|=(n)) --#define BN_get_flags(b,n) ((b)->flags&(n)) -+# ifndef OPENSSL_NO_DEPRECATED -+# define BN_FLG_FREE 0x8000 -+ /* used for debuging */ -+# endif -+# define BN_set_flags(b,n) ((b)->flags|=(n)) -+# define BN_get_flags(b,n) ((b)->flags&(n)) - --/* get a clone of a BIGNUM with changed flags, for *temporary* use only -- * (the two BIGNUMs cannot not be used in parallel!) */ --#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ -+/* -+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the -+ * two BIGNUMs cannot not be used in parallel!) -+ */ -+# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ - (dest)->top=(b)->top, \ - (dest)->dmax=(b)->dmax, \ - (dest)->neg=(b)->neg, \ -@@ -275,7 +287,7 @@ extern "C" { - | (n))) - - /* Already declared in ossl_typ.h */ --#if 0 -+# if 0 - typedef struct bignum_st BIGNUM; - /* Used for temp variables (declaration hidden in bn_lcl.h) */ - typedef struct bignum_ctx BN_CTX; -@@ -283,84 +295,84 @@ typedef struct bn_blinding_st BN_BLINDING; - typedef struct bn_mont_ctx_st BN_MONT_CTX; - typedef struct bn_recp_ctx_st BN_RECP_CTX; - typedef struct bn_gencb_st BN_GENCB; --#endif -+# endif - --struct bignum_st -- { -- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ -- int top; /* Index of last used d +1. */ -- /* The next are internal book keeping for bn_expand. */ -- int dmax; /* Size of the d array. */ -- int neg; /* one if the number is negative */ -- int flags; -- }; -+struct bignum_st { -+ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit -+ * chunks. */ -+ int top; /* Index of last used d +1. */ -+ /* The next are internal book keeping for bn_expand. */ -+ int dmax; /* Size of the d array. */ -+ int neg; /* one if the number is negative */ -+ int flags; -+}; - - /* Used for montgomery multiplication */ --struct bn_mont_ctx_st -- { -- int ri; /* number of bits in R */ -- BIGNUM RR; /* used to convert to montgomery form */ -- BIGNUM N; /* The modulus */ -- BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 -- * (Ni is only stored for bignum algorithm) */ --#if 0 -- /* OpenSSL 0.9.9 preview: */ -- BN_ULONG n0[2];/* least significant word(s) of Ni */ --#else -- BN_ULONG n0; /* least significant word of Ni */ --#endif -- int flags; -- }; -+struct bn_mont_ctx_st { -+ int ri; /* number of bits in R */ -+ BIGNUM RR; /* used to convert to montgomery form */ -+ BIGNUM N; /* The modulus */ -+ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only -+ * stored for bignum algorithm) */ -+# if 0 -+ /* OpenSSL 0.9.9 preview: */ -+ BN_ULONG n0[2]; /* least significant word(s) of Ni */ -+# else -+ BN_ULONG n0; /* least significant word of Ni */ -+# endif -+ int flags; -+}; - --/* Used for reciprocal division/mod functions -- * It cannot be shared between threads -+/* -+ * Used for reciprocal division/mod functions It cannot be shared between -+ * threads - */ --struct bn_recp_ctx_st -- { -- BIGNUM N; /* the divisor */ -- BIGNUM Nr; /* the reciprocal */ -- int num_bits; -- int shift; -- int flags; -- }; -+struct bn_recp_ctx_st { -+ BIGNUM N; /* the divisor */ -+ BIGNUM Nr; /* the reciprocal */ -+ int num_bits; -+ int shift; -+ int flags; -+}; - - /* Used for slow "generation" functions. */ --struct bn_gencb_st -- { -- unsigned int ver; /* To handle binary (in)compatibility */ -- void *arg; /* callback-specific data */ -- union -- { -- /* if(ver==1) - handles old style callbacks */ -- void (*cb_1)(int, int, void *); -- /* if(ver==2) - new callback style */ -- int (*cb_2)(int, int, BN_GENCB *); -- } cb; -- }; -+struct bn_gencb_st { -+ unsigned int ver; /* To handle binary (in)compatibility */ -+ void *arg; /* callback-specific data */ -+ union { -+ /* if(ver==1) - handles old style callbacks */ -+ void (*cb_1) (int, int, void *); -+ /* if(ver==2) - new callback style */ -+ int (*cb_2) (int, int, BN_GENCB *); -+ } cb; -+}; - /* Wrapper function to make using BN_GENCB easier, */ - int BN_GENCB_call(BN_GENCB *cb, int a, int b); - /* Macro to populate a BN_GENCB structure with an "old"-style callback */ --#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ -- BN_GENCB *tmp_gencb = (gencb); \ -- tmp_gencb->ver = 1; \ -- tmp_gencb->arg = (cb_arg); \ -- tmp_gencb->cb.cb_1 = (callback); } -+# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ -+ BN_GENCB *tmp_gencb = (gencb); \ -+ tmp_gencb->ver = 1; \ -+ tmp_gencb->arg = (cb_arg); \ -+ tmp_gencb->cb.cb_1 = (callback); } - /* Macro to populate a BN_GENCB structure with a "new"-style callback */ --#define BN_GENCB_set(gencb, callback, cb_arg) { \ -- BN_GENCB *tmp_gencb = (gencb); \ -- tmp_gencb->ver = 2; \ -- tmp_gencb->arg = (cb_arg); \ -- tmp_gencb->cb.cb_2 = (callback); } -- --#define BN_prime_checks 0 /* default: select number of iterations -- based on the size of the number */ -- --/* number of Miller-Rabin iterations for an error rate of less than 2^-80 -- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook -- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; -- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates -- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ --#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ -+# define BN_GENCB_set(gencb, callback, cb_arg) { \ -+ BN_GENCB *tmp_gencb = (gencb); \ -+ tmp_gencb->ver = 2; \ -+ tmp_gencb->arg = (cb_arg); \ -+ tmp_gencb->cb.cb_2 = (callback); } -+ -+# define BN_prime_checks 0 /* default: select number of iterations based -+ * on the size of the number */ -+ -+/* -+ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for -+ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of -+ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; -+ * original paper: Damgaard, Landrock, Pomerance: Average case error -+ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) -+ * 177-194) -+ */ -+# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ -@@ -373,281 +385,311 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) - --#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) - - /* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ --#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ -- (((w) == 0) && ((a)->top == 0))) --#define BN_is_zero(a) ((a)->top == 0) --#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) --#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) --#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) -- --#define BN_one(a) (BN_set_word((a),1)) --#define BN_zero_ex(a) \ -- do { \ -- BIGNUM *_tmp_bn = (a); \ -- _tmp_bn->top = 0; \ -- _tmp_bn->neg = 0; \ -- } while(0) --#ifdef OPENSSL_NO_DEPRECATED --#define BN_zero(a) BN_zero_ex(a) --#else --#define BN_zero(a) (BN_set_word((a),0)) --#endif -+# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ -+ (((w) == 0) && ((a)->top == 0))) -+# define BN_is_zero(a) ((a)->top == 0) -+# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -+# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) -+# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) -+ -+# define BN_one(a) (BN_set_word((a),1)) -+# define BN_zero_ex(a) \ -+ do { \ -+ BIGNUM *_tmp_bn = (a); \ -+ _tmp_bn->top = 0; \ -+ _tmp_bn->neg = 0; \ -+ } while(0) -+# ifdef OPENSSL_NO_DEPRECATED -+# define BN_zero(a) BN_zero_ex(a) -+# else -+# define BN_zero(a) (BN_set_word((a),0)) -+# endif - - const BIGNUM *BN_value_one(void); --char * BN_options(void); -+char *BN_options(void); - BN_CTX *BN_CTX_new(void); --#ifndef OPENSSL_NO_DEPRECATED --void BN_CTX_init(BN_CTX *c); --#endif --void BN_CTX_free(BN_CTX *c); --void BN_CTX_start(BN_CTX *ctx); -+# ifndef OPENSSL_NO_DEPRECATED -+void BN_CTX_init(BN_CTX *c); -+# endif -+void BN_CTX_free(BN_CTX *c); -+void BN_CTX_start(BN_CTX *ctx); - BIGNUM *BN_CTX_get(BN_CTX *ctx); --void BN_CTX_end(BN_CTX *ctx); --int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); --int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); --int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); --int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); --int BN_num_bits(const BIGNUM *a); --int BN_num_bits_word(BN_ULONG); -+void BN_CTX_end(BN_CTX *ctx); -+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); -+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); -+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); -+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); -+int BN_num_bits(const BIGNUM *a); -+int BN_num_bits_word(BN_ULONG); - BIGNUM *BN_new(void); --void BN_init(BIGNUM *); --void BN_clear_free(BIGNUM *a); -+void BN_init(BIGNUM *); -+void BN_clear_free(BIGNUM *a); - BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); --void BN_swap(BIGNUM *a, BIGNUM *b); --BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); --int BN_bn2bin(const BIGNUM *a, unsigned char *to); --BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); --int BN_bn2mpi(const BIGNUM *a, unsigned char *to); --int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); --int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); --int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); --int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); --int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); --int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); -+void BN_swap(BIGNUM *a, BIGNUM *b); -+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); -+int BN_bn2bin(const BIGNUM *a, unsigned char *to); -+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); -+int BN_bn2mpi(const BIGNUM *a, unsigned char *to); -+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); - /** BN_set_negative sets sign of a BIGNUM - * \param b pointer to the BIGNUM object -- * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise -+ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise - */ --void BN_set_negative(BIGNUM *b, int n); -+void BN_set_negative(BIGNUM *b, int n); - /** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object - * \return 1 if a < 0 and 0 otherwise - */ --#define BN_is_negative(a) ((a)->neg != 0) -- --int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, -- BN_CTX *ctx); --#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) --int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); --int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); --int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); --int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); --int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); --int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -- const BIGNUM *m, BN_CTX *ctx); --int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); --int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); --int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); --int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); --int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); -+# define BN_is_negative(a) ((a)->neg != 0) -+ -+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, -+ BN_CTX *ctx); -+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) -+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); -+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -+ BN_CTX *ctx); -+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *m); -+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -+ BN_CTX *ctx); -+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *m); -+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -+ BN_CTX *ctx); -+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); -+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, -+ BN_CTX *ctx); -+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); - - BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); - BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); --int BN_mul_word(BIGNUM *a, BN_ULONG w); --int BN_add_word(BIGNUM *a, BN_ULONG w); --int BN_sub_word(BIGNUM *a, BN_ULONG w); --int BN_set_word(BIGNUM *a, BN_ULONG w); -+int BN_mul_word(BIGNUM *a, BN_ULONG w); -+int BN_add_word(BIGNUM *a, BN_ULONG w); -+int BN_sub_word(BIGNUM *a, BN_ULONG w); -+int BN_set_word(BIGNUM *a, BN_ULONG w); - BN_ULONG BN_get_word(const BIGNUM *a); - --int BN_cmp(const BIGNUM *a, const BIGNUM *b); --void BN_free(BIGNUM *a); --int BN_is_bit_set(const BIGNUM *a, int n); --int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); --int BN_lshift1(BIGNUM *r, const BIGNUM *a); --int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); -- --int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m,BN_CTX *ctx); --int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+int BN_cmp(const BIGNUM *a, const BIGNUM *b); -+void BN_free(BIGNUM *a); -+int BN_is_bit_set(const BIGNUM *a, int n); -+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); -+int BN_lshift1(BIGNUM *r, const BIGNUM *a); -+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+ -+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx); -+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); --int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); --int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, -- const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, -- BN_CTX *ctx,BN_MONT_CTX *m_ctx); --int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m,BN_CTX *ctx); -- --int BN_mask_bits(BIGNUM *a,int n); --#ifndef OPENSSL_NO_FP_API --int BN_print_fp(FILE *fp, const BIGNUM *a); --#endif --#ifdef HEADER_BIO_H --int BN_print(BIO *fp, const BIGNUM *a); --#else --int BN_print(void *fp, const BIGNUM *a); --#endif --int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); --int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); --int BN_rshift1(BIGNUM *r, const BIGNUM *a); --void BN_clear(BIGNUM *a); -+ const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *in_mont); -+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, -+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, -+ BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx); -+ -+int BN_mask_bits(BIGNUM *a, int n); -+# ifndef OPENSSL_NO_FP_API -+int BN_print_fp(FILE *fp, const BIGNUM *a); -+# endif -+# ifdef HEADER_BIO_H -+int BN_print(BIO *fp, const BIGNUM *a); -+# else -+int BN_print(void *fp, const BIGNUM *a); -+# endif -+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); -+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); -+int BN_rshift1(BIGNUM *r, const BIGNUM *a); -+void BN_clear(BIGNUM *a); - BIGNUM *BN_dup(const BIGNUM *a); --int BN_ucmp(const BIGNUM *a, const BIGNUM *b); --int BN_set_bit(BIGNUM *a, int n); --int BN_clear_bit(BIGNUM *a, int n); --char * BN_bn2hex(const BIGNUM *a); --char * BN_bn2dec(const BIGNUM *a); --int BN_hex2bn(BIGNUM **a, const char *str); --int BN_dec2bn(BIGNUM **a, const char *str); --int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); --int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ -+int BN_ucmp(const BIGNUM *a, const BIGNUM *b); -+int BN_set_bit(BIGNUM *a, int n); -+int BN_clear_bit(BIGNUM *a, int n); -+char *BN_bn2hex(const BIGNUM *a); -+char *BN_bn2dec(const BIGNUM *a); -+int BN_hex2bn(BIGNUM **a, const char *str); -+int BN_dec2bn(BIGNUM **a, const char *str); -+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns -+ * -2 for -+ * error */ - BIGNUM *BN_mod_inverse(BIGNUM *ret, -- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); -+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); - BIGNUM *BN_mod_sqrt(BIGNUM *ret, -- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); -+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); - --void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); -+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); - - /* Deprecated versions */ --#ifndef OPENSSL_NO_DEPRECATED --BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, -- const BIGNUM *add, const BIGNUM *rem, -- void (*callback)(int,int,void *),void *cb_arg); --int BN_is_prime(const BIGNUM *p,int nchecks, -- void (*callback)(int,int,void *), -- BN_CTX *ctx,void *cb_arg); --int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, -- void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, -- int do_trial_division); --#endif /* !defined(OPENSSL_NO_DEPRECATED) */ -+# ifndef OPENSSL_NO_DEPRECATED -+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, -+ const BIGNUM *add, const BIGNUM *rem, -+ void (*callback) (int, int, void *), void *cb_arg); -+int BN_is_prime(const BIGNUM *p, int nchecks, -+ void (*callback) (int, int, void *), -+ BN_CTX *ctx, void *cb_arg); -+int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, -+ void (*callback) (int, int, void *), BN_CTX *ctx, -+ void *cb_arg, int do_trial_division); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - - /* Newer versions */ --int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, -- const BIGNUM *rem, BN_GENCB *cb); --int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); --int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, -- int do_trial_division, BN_GENCB *cb); -+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, -+ const BIGNUM *rem, BN_GENCB *cb); -+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); -+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, -+ int do_trial_division, BN_GENCB *cb); - - int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); - - int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, -- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, -- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); --int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, -- BIGNUM *Xp1, BIGNUM *Xp2, -- const BIGNUM *Xp, -- const BIGNUM *e, BN_CTX *ctx, -- BN_GENCB *cb); -- --BN_MONT_CTX *BN_MONT_CTX_new(void ); -+ const BIGNUM *Xp, const BIGNUM *Xp1, -+ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, -+ BN_GENCB *cb); -+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, -+ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, -+ BN_CTX *ctx, BN_GENCB *cb); -+ -+BN_MONT_CTX *BN_MONT_CTX_new(void); - void BN_MONT_CTX_init(BN_MONT_CTX *ctx); --int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -- BN_MONT_CTX *mont, BN_CTX *ctx); --#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ -- (r),(a),&((mont)->RR),(mont),(ctx)) --int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, -- BN_MONT_CTX *mont, BN_CTX *ctx); -+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ BN_MONT_CTX *mont, BN_CTX *ctx); -+# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ -+ (r),(a),&((mont)->RR),(mont),(ctx)) -+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, -+ BN_MONT_CTX *mont, BN_CTX *ctx); - void BN_MONT_CTX_free(BN_MONT_CTX *mont); --int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); --BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); -+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); -+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); - BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, -- const BIGNUM *mod, BN_CTX *ctx); -+ const BIGNUM *mod, BN_CTX *ctx); - - /* BN_BLINDING flags */ --#define BN_BLINDING_NO_UPDATE 0x00000001 --#define BN_BLINDING_NO_RECREATE 0x00000002 -+# define BN_BLINDING_NO_UPDATE 0x00000001 -+# define BN_BLINDING_NO_RECREATE 0x00000002 - --BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod); -+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); - void BN_BLINDING_free(BN_BLINDING *b); --int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); -+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); - int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); - int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); - int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); --int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); -+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, -+ BN_CTX *); - unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); - void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); - unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); - void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); - BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, -- const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, -- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), -- BN_MONT_CTX *m_ctx); -- --#ifndef OPENSSL_NO_DEPRECATED --void BN_set_params(int mul,int high,int low,int mont); --int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ --#endif -+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, -+ int (*bn_mod_exp) (BIGNUM *r, -+ const BIGNUM *a, -+ const BIGNUM *p, -+ const BIGNUM *m, -+ BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx), -+ BN_MONT_CTX *m_ctx); -+ -+# ifndef OPENSSL_NO_DEPRECATED -+void BN_set_params(int mul, int high, int low, int mont); -+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ -+# endif - --void BN_RECP_CTX_init(BN_RECP_CTX *recp); -+void BN_RECP_CTX_init(BN_RECP_CTX *recp); - BN_RECP_CTX *BN_RECP_CTX_new(void); --void BN_RECP_CTX_free(BN_RECP_CTX *recp); --int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); --int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, -- BN_RECP_CTX *recp,BN_CTX *ctx); --int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx); --int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, -- BN_RECP_CTX *recp, BN_CTX *ctx); -- --/* Functions for arithmetic over binary polynomials represented by BIGNUMs. -- * -+void BN_RECP_CTX_free(BN_RECP_CTX *recp); -+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); -+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, -+ BN_RECP_CTX *recp, BN_CTX *ctx); -+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx); -+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, -+ BN_RECP_CTX *recp, BN_CTX *ctx); -+ -+/* -+ * Functions for arithmetic over binary polynomials represented by BIGNUMs. - * The BIGNUM::neg property of BIGNUMs representing binary polynomials is -- * ignored. -- * -- * Note that input arguments are not const so that their bit arrays can -- * be expanded to the appropriate size if needed. -+ * ignored. Note that input arguments are not const so that their bit arrays -+ * can be expanded to the appropriate size if needed. - */ - --int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ --#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) --int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ --int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -- const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ --int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- BN_CTX *ctx); /* r = (a * a) mod p */ --int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, -- BN_CTX *ctx); /* r = (1 / b) mod p */ --int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -- const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ --int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -- const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ --int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- BN_CTX *ctx); /* r = sqrt(a) mod p */ --int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- BN_CTX *ctx); /* r^2 + r = a mod p */ --#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) --/* Some functions allow for representation of the irreducible polynomials -+/* -+ * r = a + b -+ */ -+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -+# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) -+/* -+ * r=a mod p -+ */ -+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); -+/* r = (a * b) mod p */ -+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *p, BN_CTX *ctx); -+/* r = (a * a) mod p */ -+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+/* r = (1 / b) mod p */ -+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); -+/* r = (a / b) mod p */ -+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *p, BN_CTX *ctx); -+/* r = (a ^ b) mod p */ -+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *p, BN_CTX *ctx); -+/* r = sqrt(a) mod p */ -+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ BN_CTX *ctx); -+/* r^2 + r = a mod p */ -+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ BN_CTX *ctx); -+# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) -+/*- -+ * Some functions allow for representation of the irreducible polynomials - * as an unsigned int[], say p. The irreducible f(t) is then of the form: - * t^p[0] + t^p[1] + ... + t^p[k] - * where m = p[0] > p[1] > ... > p[k] = 0. - */ --int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); -- /* r = a mod p */ --int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -- const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */ --int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], -- BN_CTX *ctx); /* r = (a * a) mod p */ --int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], -- BN_CTX *ctx); /* r = (1 / b) mod p */ --int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -- const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */ --int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -- const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ --int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, -- const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ --int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, -- const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ --int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); --int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); -- --/* faster mod functions for the 'NIST primes' -- * 0 <= a < p^2 */ -+/* r = a mod p */ -+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); -+/* r = (a * b) mod p */ -+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const unsigned int p[], BN_CTX *ctx); -+/* r = (a * a) mod p */ -+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], -+ BN_CTX *ctx); -+/* r = (1 / b) mod p */ -+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], -+ BN_CTX *ctx); -+/* r = (a / b) mod p */ -+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const unsigned int p[], BN_CTX *ctx); -+/* r = (a ^ b) mod p */ -+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const unsigned int p[], BN_CTX *ctx); -+/* r = sqrt(a) mod p */ -+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, -+ const unsigned int p[], BN_CTX *ctx); -+/* r^2 + r = a mod p */ -+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, -+ const unsigned int p[], BN_CTX *ctx); -+int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); -+int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); -+ -+/* -+ * faster mod functions for the 'NIST primes' 0 <= a < p^2 -+ */ - int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); - int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); - int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -@@ -662,15 +704,16 @@ const BIGNUM *BN_get0_nist_prime_521(void); - - /* library internal functions */ - --#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ -- (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) --#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) -+# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ -+ (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) -+# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) - BIGNUM *bn_expand2(BIGNUM *a, int words); --#ifndef OPENSSL_NO_DEPRECATED -+# ifndef OPENSSL_NO_DEPRECATED - BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ --#endif -+# endif - --/* Bignum consistency macros -+/*- -+ * Bignum consistency macros - * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from - * bignum data after direct manipulations on the data. There is also an - * "internal" macro, bn_check_top(), for verifying that there are no leading -@@ -698,84 +741,87 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ - * coverage for openssl's own code. - */ - --#ifdef BN_DEBUG -+# ifdef BN_DEBUG - - /* We only need assert() when debugging */ --#include -+# include - --#ifdef BN_DEBUG_RAND -+# ifdef BN_DEBUG_RAND - /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ --#ifndef RAND_pseudo_bytes --int RAND_pseudo_bytes(unsigned char *buf,int num); --#define BN_DEBUG_TRIX --#endif --#define bn_pollute(a) \ -- do { \ -- const BIGNUM *_bnum1 = (a); \ -- if(_bnum1->top < _bnum1->dmax) { \ -- unsigned char _tmp_char; \ -- /* We cast away const without the compiler knowing, any \ -- * *genuinely* constant variables that aren't mutable \ -- * wouldn't be constructed with top!=dmax. */ \ -- BN_ULONG *_not_const; \ -- memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ -- RAND_pseudo_bytes(&_tmp_char, 1); \ -- memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ -- (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ -- } \ -- } while(0) --#ifdef BN_DEBUG_TRIX --#undef RAND_pseudo_bytes --#endif --#else --#define bn_pollute(a) --#endif --#define bn_check_top(a) \ -- do { \ -- const BIGNUM *_bnum2 = (a); \ -- if (_bnum2 != NULL) { \ -- assert((_bnum2->top == 0) || \ -- (_bnum2->d[_bnum2->top - 1] != 0)); \ -- bn_pollute(_bnum2); \ -- } \ -- } while(0) -- --#define bn_fix_top(a) bn_check_top(a) -- --#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) --#define bn_wcheck_size(bn, words) \ -- do { \ -- const BIGNUM *_bnum2 = (bn); \ -- assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ -- } while(0) -- --#else /* !BN_DEBUG */ -- --#define bn_pollute(a) --#define bn_check_top(a) --#define bn_fix_top(a) bn_correct_top(a) --#define bn_check_size(bn, bits) --#define bn_wcheck_size(bn, words) -+# ifndef RAND_pseudo_bytes -+int RAND_pseudo_bytes(unsigned char *buf, int num); -+# define BN_DEBUG_TRIX -+# endif -+# define bn_pollute(a) \ -+ do { \ -+ const BIGNUM *_bnum1 = (a); \ -+ if(_bnum1->top < _bnum1->dmax) { \ -+ unsigned char _tmp_char; \ -+ /* We cast away const without the compiler knowing, any \ -+ * *genuinely* constant variables that aren't mutable \ -+ * wouldn't be constructed with top!=dmax. */ \ -+ BN_ULONG *_not_const; \ -+ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ -+ RAND_pseudo_bytes(&_tmp_char, 1); \ -+ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ -+ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ -+ } \ -+ } while(0) -+# ifdef BN_DEBUG_TRIX -+# undef RAND_pseudo_bytes -+# endif -+# else -+# define bn_pollute(a) -+# endif -+# define bn_check_top(a) \ -+ do { \ -+ const BIGNUM *_bnum2 = (a); \ -+ if (_bnum2 != NULL) { \ -+ assert((_bnum2->top == 0) || \ -+ (_bnum2->d[_bnum2->top - 1] != 0)); \ -+ bn_pollute(_bnum2); \ -+ } \ -+ } while(0) -+ -+# define bn_fix_top(a) bn_check_top(a) -+ -+# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -+# define bn_wcheck_size(bn, words) \ -+ do { \ -+ const BIGNUM *_bnum2 = (bn); \ -+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ -+ } while(0) -+ -+# else /* !BN_DEBUG */ -+ -+# define bn_pollute(a) -+# define bn_check_top(a) -+# define bn_fix_top(a) bn_correct_top(a) -+# define bn_check_size(bn, bits) -+# define bn_wcheck_size(bn, words) - --#endif -+# endif - --#define bn_correct_top(a) \ -+# define bn_correct_top(a) \ - { \ - BN_ULONG *ftl; \ -- if ((a)->top > 0) \ -- { \ -- for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ -- if (*(ftl--)) break; \ -- } \ -- bn_pollute(a); \ -- } -- --BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -+ if ((a)->top > 0) \ -+ { \ -+ for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ -+ if (*(ftl--)) break; \ -+ } \ -+ bn_pollute(a); \ -+ } -+ -+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, -+ BN_ULONG w); - BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); --void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); - BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); --BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); --BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); -+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -+ int num); -+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -+ int num); - - /* Primes from RFC 2409 */ - BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); -@@ -789,10 +835,11 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); - BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); - BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); - --int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); -+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_BN_strings(void); -@@ -800,65 +847,65 @@ void ERR_load_BN_strings(void); - /* Error codes for the BN functions. */ - - /* Function codes. */ --#define BN_F_BNRAND 127 --#define BN_F_BN_BLINDING_CONVERT_EX 100 --#define BN_F_BN_BLINDING_CREATE_PARAM 128 --#define BN_F_BN_BLINDING_INVERT_EX 101 --#define BN_F_BN_BLINDING_NEW 102 --#define BN_F_BN_BLINDING_UPDATE 103 --#define BN_F_BN_BN2DEC 104 --#define BN_F_BN_BN2HEX 105 --#define BN_F_BN_CTX_GET 116 --#define BN_F_BN_CTX_NEW 106 --#define BN_F_BN_CTX_START 129 --#define BN_F_BN_DIV 107 --#define BN_F_BN_DIV_NO_BRANCH 138 --#define BN_F_BN_DIV_RECP 130 --#define BN_F_BN_EXP 123 --#define BN_F_BN_EXPAND2 108 --#define BN_F_BN_EXPAND_INTERNAL 120 --#define BN_F_BN_GF2M_MOD 131 --#define BN_F_BN_GF2M_MOD_EXP 132 --#define BN_F_BN_GF2M_MOD_MUL 133 --#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 --#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 --#define BN_F_BN_GF2M_MOD_SQR 136 --#define BN_F_BN_GF2M_MOD_SQRT 137 --#define BN_F_BN_MOD_EXP2_MONT 118 --#define BN_F_BN_MOD_EXP_MONT 109 --#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 --#define BN_F_BN_MOD_EXP_MONT_WORD 117 --#define BN_F_BN_MOD_EXP_RECP 125 --#define BN_F_BN_MOD_EXP_SIMPLE 126 --#define BN_F_BN_MOD_INVERSE 110 --#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 --#define BN_F_BN_MOD_LSHIFT_QUICK 119 --#define BN_F_BN_MOD_MUL_RECIPROCAL 111 --#define BN_F_BN_MOD_SQRT 121 --#define BN_F_BN_MPI2BN 112 --#define BN_F_BN_NEW 113 --#define BN_F_BN_RAND 114 --#define BN_F_BN_RAND_RANGE 122 --#define BN_F_BN_USUB 115 -+# define BN_F_BNRAND 127 -+# define BN_F_BN_BLINDING_CONVERT_EX 100 -+# define BN_F_BN_BLINDING_CREATE_PARAM 128 -+# define BN_F_BN_BLINDING_INVERT_EX 101 -+# define BN_F_BN_BLINDING_NEW 102 -+# define BN_F_BN_BLINDING_UPDATE 103 -+# define BN_F_BN_BN2DEC 104 -+# define BN_F_BN_BN2HEX 105 -+# define BN_F_BN_CTX_GET 116 -+# define BN_F_BN_CTX_NEW 106 -+# define BN_F_BN_CTX_START 129 -+# define BN_F_BN_DIV 107 -+# define BN_F_BN_DIV_NO_BRANCH 138 -+# define BN_F_BN_DIV_RECP 130 -+# define BN_F_BN_EXP 123 -+# define BN_F_BN_EXPAND2 108 -+# define BN_F_BN_EXPAND_INTERNAL 120 -+# define BN_F_BN_GF2M_MOD 131 -+# define BN_F_BN_GF2M_MOD_EXP 132 -+# define BN_F_BN_GF2M_MOD_MUL 133 -+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 -+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 -+# define BN_F_BN_GF2M_MOD_SQR 136 -+# define BN_F_BN_GF2M_MOD_SQRT 137 -+# define BN_F_BN_MOD_EXP2_MONT 118 -+# define BN_F_BN_MOD_EXP_MONT 109 -+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 -+# define BN_F_BN_MOD_EXP_MONT_WORD 117 -+# define BN_F_BN_MOD_EXP_RECP 125 -+# define BN_F_BN_MOD_EXP_SIMPLE 126 -+# define BN_F_BN_MOD_INVERSE 110 -+# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 -+# define BN_F_BN_MOD_LSHIFT_QUICK 119 -+# define BN_F_BN_MOD_MUL_RECIPROCAL 111 -+# define BN_F_BN_MOD_SQRT 121 -+# define BN_F_BN_MPI2BN 112 -+# define BN_F_BN_NEW 113 -+# define BN_F_BN_RAND 114 -+# define BN_F_BN_RAND_RANGE 122 -+# define BN_F_BN_USUB 115 - - /* Reason codes. */ --#define BN_R_ARG2_LT_ARG3 100 --#define BN_R_BAD_RECIPROCAL 101 --#define BN_R_BIGNUM_TOO_LONG 114 --#define BN_R_CALLED_WITH_EVEN_MODULUS 102 --#define BN_R_DIV_BY_ZERO 103 --#define BN_R_ENCODING_ERROR 104 --#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 --#define BN_R_INPUT_NOT_REDUCED 110 --#define BN_R_INVALID_LENGTH 106 --#define BN_R_INVALID_RANGE 115 --#define BN_R_NOT_A_SQUARE 111 --#define BN_R_NOT_INITIALIZED 107 --#define BN_R_NO_INVERSE 108 --#define BN_R_NO_SOLUTION 116 --#define BN_R_P_IS_NOT_PRIME 112 --#define BN_R_TOO_MANY_ITERATIONS 113 --#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 -+# define BN_R_ARG2_LT_ARG3 100 -+# define BN_R_BAD_RECIPROCAL 101 -+# define BN_R_BIGNUM_TOO_LONG 114 -+# define BN_R_CALLED_WITH_EVEN_MODULUS 102 -+# define BN_R_DIV_BY_ZERO 103 -+# define BN_R_ENCODING_ERROR 104 -+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 -+# define BN_R_INPUT_NOT_REDUCED 110 -+# define BN_R_INVALID_LENGTH 106 -+# define BN_R_INVALID_RANGE 115 -+# define BN_R_NOT_A_SQUARE 111 -+# define BN_R_NOT_INITIALIZED 107 -+# define BN_R_NO_INVERSE 108 -+# define BN_R_NO_SOLUTION 116 -+# define BN_R_P_IS_NOT_PRIME 112 -+# define BN_R_TOO_MANY_ITERATIONS 113 -+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/buffer.h b/Cryptlib/Include/openssl/buffer.h -index 1db9607..910832f 100644 ---- a/Cryptlib/Include/openssl/buffer.h -+++ b/Cryptlib/Include/openssl/buffer.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,45 +57,44 @@ - */ - - #ifndef HEADER_BUFFER_H --#define HEADER_BUFFER_H -+# define HEADER_BUFFER_H - --#include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#include -+# include - --#if !defined(NO_SYS_TYPES_H) --#include --#endif -+# if !defined(NO_SYS_TYPES_H) -+# include -+# endif - - /* Already declared in ossl_typ.h */ - /* typedef struct buf_mem_st BUF_MEM; */ - --struct buf_mem_st -- { -- int length; /* current number of bytes */ -- char *data; -- int max; /* size of buffer */ -- }; -+struct buf_mem_st { -+ int length; /* current number of bytes */ -+ char *data; -+ int max; /* size of buffer */ -+}; - - BUF_MEM *BUF_MEM_new(void); --void BUF_MEM_free(BUF_MEM *a); --int BUF_MEM_grow(BUF_MEM *str, int len); --int BUF_MEM_grow_clean(BUF_MEM *str, int len); --char * BUF_strdup(const char *str); --char * BUF_strndup(const char *str, size_t siz); --void * BUF_memdup(const void *data, size_t siz); -+void BUF_MEM_free(BUF_MEM *a); -+int BUF_MEM_grow(BUF_MEM *str, int len); -+int BUF_MEM_grow_clean(BUF_MEM *str, int len); -+char *BUF_strdup(const char *str); -+char *BUF_strndup(const char *str, size_t siz); -+void *BUF_memdup(const void *data, size_t siz); - - /* safe string functions */ --size_t BUF_strlcpy(char *dst,const char *src,size_t siz); --size_t BUF_strlcat(char *dst,const char *src,size_t siz); -- -+size_t BUF_strlcpy(char *dst, const char *src, size_t siz); -+size_t BUF_strlcat(char *dst, const char *src, size_t siz); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_BUF_strings(void); -@@ -103,12 +102,12 @@ void ERR_load_BUF_strings(void); - /* Error codes for the BUF functions. */ - - /* Function codes. */ --#define BUF_F_BUF_MEMDUP 103 --#define BUF_F_BUF_MEM_GROW 100 --#define BUF_F_BUF_MEM_GROW_CLEAN 105 --#define BUF_F_BUF_MEM_NEW 101 --#define BUF_F_BUF_STRDUP 102 --#define BUF_F_BUF_STRNDUP 104 -+# define BUF_F_BUF_MEMDUP 103 -+# define BUF_F_BUF_MEM_GROW 100 -+# define BUF_F_BUF_MEM_GROW_CLEAN 105 -+# define BUF_F_BUF_MEM_NEW 101 -+# define BUF_F_BUF_STRDUP 102 -+# define BUF_F_BUF_STRNDUP 104 - - /* Reason codes. */ - -diff --git a/Cryptlib/Include/openssl/cast.h b/Cryptlib/Include/openssl/cast.h -index 6e0cd31..46c97cd 100644 ---- a/Cryptlib/Include/openssl/cast.h -+++ b/Cryptlib/Include/openssl/cast.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,48 +57,48 @@ - */ - - #ifndef HEADER_CAST_H --#define HEADER_CAST_H -+# define HEADER_CAST_H - - #ifdef __cplusplus - extern "C" { - #endif - --#include -+# include - --#ifdef OPENSSL_NO_CAST --#error CAST is disabled. --#endif -+# ifdef OPENSSL_NO_CAST -+# error CAST is disabled. -+# endif - --#define CAST_ENCRYPT 1 --#define CAST_DECRYPT 0 -+# define CAST_ENCRYPT 1 -+# define CAST_DECRYPT 0 - --#define CAST_LONG unsigned long -+# define CAST_LONG unsigned long - --#define CAST_BLOCK 8 --#define CAST_KEY_LENGTH 16 -+# define CAST_BLOCK 8 -+# define CAST_KEY_LENGTH 16 - --typedef struct cast_key_st -- { -- CAST_LONG data[32]; -- int short_key; /* Use reduced rounds for short key */ -- } CAST_KEY; -+typedef struct cast_key_st { -+ CAST_LONG data[32]; -+ int short_key; /* Use reduced rounds for short key */ -+} CAST_KEY; - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); --#endif -+# endif - void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); --void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, -- int enc); -+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, -+ const CAST_KEY *key, int enc); - void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); - void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); --void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, -- const CAST_KEY *ks, unsigned char *iv, int enc); -+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, -+ long length, const CAST_KEY *ks, unsigned char *iv, -+ int enc); - void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, const CAST_KEY *schedule, unsigned char *ivec, -- int *num, int enc); --void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, const CAST_KEY *schedule, unsigned char *ivec, -- int *num); -+ long length, const CAST_KEY *schedule, -+ unsigned char *ivec, int *num, int enc); -+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, const CAST_KEY *schedule, -+ unsigned char *ivec, int *num); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/comp.h b/Cryptlib/Include/openssl/comp.h -index 4b405c7..406c428 100644 ---- a/Cryptlib/Include/openssl/comp.h -+++ b/Cryptlib/Include/openssl/comp.h -@@ -1,8 +1,8 @@ - - #ifndef HEADER_COMP_H --#define HEADER_COMP_H -+# define HEADER_COMP_H - --#include -+# include - - #ifdef __cplusplus - extern "C" { -@@ -10,53 +10,52 @@ extern "C" { - - typedef struct comp_ctx_st COMP_CTX; - --typedef struct comp_method_st -- { -- int type; /* NID for compression library */ -- const char *name; /* A text string to identify the library */ -- int (*init)(COMP_CTX *ctx); -- void (*finish)(COMP_CTX *ctx); -- int (*compress)(COMP_CTX *ctx, -- unsigned char *out, unsigned int olen, -- unsigned char *in, unsigned int ilen); -- int (*expand)(COMP_CTX *ctx, -- unsigned char *out, unsigned int olen, -- unsigned char *in, unsigned int ilen); -- /* The following two do NOTHING, but are kept for backward compatibility */ -- long (*ctrl)(void); -- long (*callback_ctrl)(void); -- } COMP_METHOD; -- --struct comp_ctx_st -- { -- COMP_METHOD *meth; -- unsigned long compress_in; -- unsigned long compress_out; -- unsigned long expand_in; -- unsigned long expand_out; -- -- CRYPTO_EX_DATA ex_data; -- }; -+typedef struct comp_method_st { -+ int type; /* NID for compression library */ -+ const char *name; /* A text string to identify the library */ -+ int (*init) (COMP_CTX *ctx); -+ void (*finish) (COMP_CTX *ctx); -+ int (*compress) (COMP_CTX *ctx, -+ unsigned char *out, unsigned int olen, -+ unsigned char *in, unsigned int ilen); -+ int (*expand) (COMP_CTX *ctx, -+ unsigned char *out, unsigned int olen, -+ unsigned char *in, unsigned int ilen); -+ /* -+ * The following two do NOTHING, but are kept for backward compatibility -+ */ -+ long (*ctrl) (void); -+ long (*callback_ctrl) (void); -+} COMP_METHOD; - -+struct comp_ctx_st { -+ COMP_METHOD *meth; -+ unsigned long compress_in; -+ unsigned long compress_out; -+ unsigned long expand_in; -+ unsigned long expand_out; -+ CRYPTO_EX_DATA ex_data; -+}; - - COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); - void COMP_CTX_free(COMP_CTX *ctx); - int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, -- unsigned char *in, int ilen); -+ unsigned char *in, int ilen); - int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, -- unsigned char *in, int ilen); --COMP_METHOD *COMP_rle(void ); --COMP_METHOD *COMP_zlib(void ); -+ unsigned char *in, int ilen); -+COMP_METHOD *COMP_rle(void); -+COMP_METHOD *COMP_zlib(void); - void COMP_zlib_cleanup(void); - --#ifdef HEADER_BIO_H --#ifdef ZLIB -+# ifdef HEADER_BIO_H -+# ifdef ZLIB - BIO_METHOD *BIO_f_zlib(void); --#endif --#endif -+# endif -+# endif - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_COMP_strings(void); -@@ -64,15 +63,15 @@ void ERR_load_COMP_strings(void); - /* Error codes for the COMP functions. */ - - /* Function codes. */ --#define COMP_F_BIO_ZLIB_FLUSH 99 --#define COMP_F_BIO_ZLIB_NEW 100 --#define COMP_F_BIO_ZLIB_READ 101 --#define COMP_F_BIO_ZLIB_WRITE 102 -+# define COMP_F_BIO_ZLIB_FLUSH 99 -+# define COMP_F_BIO_ZLIB_NEW 100 -+# define COMP_F_BIO_ZLIB_READ 101 -+# define COMP_F_BIO_ZLIB_WRITE 102 - - /* Reason codes. */ --#define COMP_R_ZLIB_DEFLATE_ERROR 99 --#define COMP_R_ZLIB_INFLATE_ERROR 100 --#define COMP_R_ZLIB_NOT_SUPPORTED 101 -+# define COMP_R_ZLIB_DEFLATE_ERROR 99 -+# define COMP_R_ZLIB_INFLATE_ERROR 100 -+# define COMP_R_ZLIB_NOT_SUPPORTED 101 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/conf.h b/Cryptlib/Include/openssl/conf.h -index 8aa06bc..0cdadaf 100644 ---- a/Cryptlib/Include/openssl/conf.h -+++ b/Cryptlib/Include/openssl/conf.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,26 +57,25 @@ - */ - - #ifndef HEADER_CONF_H --#define HEADER_CONF_H -+# define HEADER_CONF_H - --#include --#include --#include --#include --#include -+# include -+# include -+# include -+# include -+# include - --#include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct -- { -- char *section; -- char *name; -- char *value; -- } CONF_VALUE; -+typedef struct { -+ char *section; -+ char *name; -+ char *value; -+} CONF_VALUE; - - DECLARE_STACK_OF(CONF_VALUE) - DECLARE_STACK_OF(CONF_MODULE) -@@ -86,19 +85,18 @@ struct conf_st; - struct conf_method_st; - typedef struct conf_method_st CONF_METHOD; - --struct conf_method_st -- { -- const char *name; -- CONF *(*create)(CONF_METHOD *meth); -- int (*init)(CONF *conf); -- int (*destroy)(CONF *conf); -- int (*destroy_data)(CONF *conf); -- int (*load_bio)(CONF *conf, BIO *bp, long *eline); -- int (*dump)(const CONF *conf, BIO *bp); -- int (*is_number)(const CONF *conf, char c); -- int (*to_int)(const CONF *conf, char c); -- int (*load)(CONF *conf, const char *name, long *eline); -- }; -+struct conf_method_st { -+ const char *name; -+ CONF *(*create) (CONF_METHOD *meth); -+ int (*init) (CONF *conf); -+ int (*destroy) (CONF *conf); -+ int (*destroy_data) (CONF *conf); -+ int (*load_bio) (CONF *conf, BIO *bp, long *eline); -+ int (*dump) (const CONF *conf, BIO *bp); -+ int (*is_number) (const CONF *conf, char c); -+ int (*to_int) (const CONF *conf, char c); -+ int (*load) (CONF *conf, const char *name, long *eline); -+}; - - /* Module definitions */ - -@@ -106,26 +104,26 @@ typedef struct conf_imodule_st CONF_IMODULE; - typedef struct conf_module_st CONF_MODULE; - - /* DSO module function typedefs */ --typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); --typedef void conf_finish_func(CONF_IMODULE *md); -+typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); -+typedef void conf_finish_func (CONF_IMODULE *md); - --#define CONF_MFLAGS_IGNORE_ERRORS 0x1 --#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 --#define CONF_MFLAGS_SILENT 0x4 --#define CONF_MFLAGS_NO_DSO 0x8 --#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 --#define CONF_MFLAGS_DEFAULT_SECTION 0x20 -+# define CONF_MFLAGS_IGNORE_ERRORS 0x1 -+# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 -+# define CONF_MFLAGS_SILENT 0x4 -+# define CONF_MFLAGS_NO_DSO 0x8 -+# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 -+# define CONF_MFLAGS_DEFAULT_SECTION 0x20 - - int CONF_set_default_method(CONF_METHOD *meth); --void CONF_set_nconf(CONF *conf,LHASH *hash); --LHASH *CONF_load(LHASH *conf,const char *file,long *eline); --#ifndef OPENSSL_NO_FP_API --LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline); --#endif --LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline); --STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section); --char *CONF_get_string(LHASH *conf,const char *group,const char *name); --long CONF_get_number(LHASH *conf,const char *group,const char *name); -+void CONF_set_nconf(CONF *conf, LHASH *hash); -+LHASH *CONF_load(LHASH *conf, const char *file, long *eline); -+# ifndef OPENSSL_NO_FP_API -+LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline); -+# endif -+LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline); -+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section); -+char *CONF_get_string(LHASH *conf, const char *group, const char *name); -+long CONF_get_number(LHASH *conf, const char *group, const char *name); - void CONF_free(LHASH *conf); - int CONF_dump_fp(LHASH *conf, FILE *out); - int CONF_dump_bio(LHASH *conf, BIO *out); -@@ -133,55 +131,58 @@ int CONF_dump_bio(LHASH *conf, BIO *out); - void OPENSSL_config(const char *config_name); - void OPENSSL_no_config(void); - --/* New conf code. The semantics are different from the functions above. -- If that wasn't the case, the above functions would have been replaced */ -+/* -+ * New conf code. The semantics are different from the functions above. If -+ * that wasn't the case, the above functions would have been replaced -+ */ - --struct conf_st -- { -- CONF_METHOD *meth; -- void *meth_data; -- LHASH *data; -- }; -+struct conf_st { -+ CONF_METHOD *meth; -+ void *meth_data; -+ LHASH *data; -+}; - - CONF *NCONF_new(CONF_METHOD *meth); - CONF_METHOD *NCONF_default(void); - CONF_METHOD *NCONF_WIN32(void); --#if 0 /* Just to give you an idea of what I have in mind */ -+# if 0 /* Just to give you an idea of what I have in -+ * mind */ - CONF_METHOD *NCONF_XML(void); --#endif -+# endif - void NCONF_free(CONF *conf); - void NCONF_free_data(CONF *conf); - --int NCONF_load(CONF *conf,const char *file,long *eline); --#ifndef OPENSSL_NO_FP_API --int NCONF_load_fp(CONF *conf, FILE *fp,long *eline); --#endif --int NCONF_load_bio(CONF *conf, BIO *bp,long *eline); --STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section); --char *NCONF_get_string(const CONF *conf,const char *group,const char *name); --int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, -- long *result); -+int NCONF_load(CONF *conf, const char *file, long *eline); -+# ifndef OPENSSL_NO_FP_API -+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); -+# endif -+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); -+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, -+ const char *section); -+char *NCONF_get_string(const CONF *conf, const char *group, const char *name); -+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, -+ long *result); - int NCONF_dump_fp(const CONF *conf, FILE *out); - int NCONF_dump_bio(const CONF *conf, BIO *out); - --#if 0 /* The following function has no error checking, -- and should therefore be avoided */ --long NCONF_get_number(CONF *conf,char *group,char *name); --#else --#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) --#endif -- -+# if 0 /* The following function has no error -+ * checking, and should therefore be avoided */ -+long NCONF_get_number(CONF *conf, char *group, char *name); -+# else -+# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) -+# endif -+ - /* Module functions */ - - int CONF_modules_load(const CONF *cnf, const char *appname, -- unsigned long flags); -+ unsigned long flags); - int CONF_modules_load_file(const char *filename, const char *appname, -- unsigned long flags); -+ unsigned long flags); - void CONF_modules_unload(int all); - void CONF_modules_finish(void); - void CONF_modules_free(void); - int CONF_module_add(const char *name, conf_init_func *ifunc, -- conf_finish_func *ffunc); -+ conf_finish_func *ffunc); - - const char *CONF_imodule_get_name(const CONF_IMODULE *md); - const char *CONF_imodule_get_value(const CONF_IMODULE *md); -@@ -196,12 +197,14 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); - char *CONF_get1_default_config_file(void); - - int CONF_parse_list(const char *list, int sep, int nospc, -- int (*list_cb)(const char *elem, int len, void *usr), void *arg); -+ int (*list_cb) (const char *elem, int len, void *usr), -+ void *arg); - - void OPENSSL_load_builtin_modules(void); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_CONF_strings(void); -@@ -209,44 +212,44 @@ void ERR_load_CONF_strings(void); - /* Error codes for the CONF functions. */ - - /* Function codes. */ --#define CONF_F_CONF_DUMP_FP 104 --#define CONF_F_CONF_LOAD 100 --#define CONF_F_CONF_LOAD_BIO 102 --#define CONF_F_CONF_LOAD_FP 103 --#define CONF_F_CONF_MODULES_LOAD 116 --#define CONF_F_DEF_LOAD 120 --#define CONF_F_DEF_LOAD_BIO 121 --#define CONF_F_MODULE_INIT 115 --#define CONF_F_MODULE_LOAD_DSO 117 --#define CONF_F_MODULE_RUN 118 --#define CONF_F_NCONF_DUMP_BIO 105 --#define CONF_F_NCONF_DUMP_FP 106 --#define CONF_F_NCONF_GET_NUMBER 107 --#define CONF_F_NCONF_GET_NUMBER_E 112 --#define CONF_F_NCONF_GET_SECTION 108 --#define CONF_F_NCONF_GET_STRING 109 --#define CONF_F_NCONF_LOAD 113 --#define CONF_F_NCONF_LOAD_BIO 110 --#define CONF_F_NCONF_LOAD_FP 114 --#define CONF_F_NCONF_NEW 111 --#define CONF_F_STR_COPY 101 -+# define CONF_F_CONF_DUMP_FP 104 -+# define CONF_F_CONF_LOAD 100 -+# define CONF_F_CONF_LOAD_BIO 102 -+# define CONF_F_CONF_LOAD_FP 103 -+# define CONF_F_CONF_MODULES_LOAD 116 -+# define CONF_F_DEF_LOAD 120 -+# define CONF_F_DEF_LOAD_BIO 121 -+# define CONF_F_MODULE_INIT 115 -+# define CONF_F_MODULE_LOAD_DSO 117 -+# define CONF_F_MODULE_RUN 118 -+# define CONF_F_NCONF_DUMP_BIO 105 -+# define CONF_F_NCONF_DUMP_FP 106 -+# define CONF_F_NCONF_GET_NUMBER 107 -+# define CONF_F_NCONF_GET_NUMBER_E 112 -+# define CONF_F_NCONF_GET_SECTION 108 -+# define CONF_F_NCONF_GET_STRING 109 -+# define CONF_F_NCONF_LOAD 113 -+# define CONF_F_NCONF_LOAD_BIO 110 -+# define CONF_F_NCONF_LOAD_FP 114 -+# define CONF_F_NCONF_NEW 111 -+# define CONF_F_STR_COPY 101 - - /* Reason codes. */ --#define CONF_R_ERROR_LOADING_DSO 110 --#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 --#define CONF_R_MISSING_EQUAL_SIGN 101 --#define CONF_R_MISSING_FINISH_FUNCTION 111 --#define CONF_R_MISSING_INIT_FUNCTION 112 --#define CONF_R_MODULE_INITIALIZATION_ERROR 109 --#define CONF_R_NO_CLOSE_BRACE 102 --#define CONF_R_NO_CONF 105 --#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 --#define CONF_R_NO_SECTION 107 --#define CONF_R_NO_SUCH_FILE 114 --#define CONF_R_NO_VALUE 108 --#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 --#define CONF_R_UNKNOWN_MODULE_NAME 113 --#define CONF_R_VARIABLE_HAS_NO_VALUE 104 -+# define CONF_R_ERROR_LOADING_DSO 110 -+# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 -+# define CONF_R_MISSING_EQUAL_SIGN 101 -+# define CONF_R_MISSING_FINISH_FUNCTION 111 -+# define CONF_R_MISSING_INIT_FUNCTION 112 -+# define CONF_R_MODULE_INITIALIZATION_ERROR 109 -+# define CONF_R_NO_CLOSE_BRACE 102 -+# define CONF_R_NO_CONF 105 -+# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 -+# define CONF_R_NO_SECTION 107 -+# define CONF_R_NO_SUCH_FILE 114 -+# define CONF_R_NO_VALUE 108 -+# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 -+# define CONF_R_UNKNOWN_MODULE_NAME 113 -+# define CONF_R_VARIABLE_HAS_NO_VALUE 104 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/conf_api.h b/Cryptlib/Include/openssl/conf_api.h -index 87a954a..e478f7d 100644 ---- a/Cryptlib/Include/openssl/conf_api.h -+++ b/Cryptlib/Include/openssl/conf_api.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,10 +57,10 @@ - */ - - #ifndef HEADER_CONF_API_H --#define HEADER_CONF_API_H -+# define HEADER_CONF_API_H - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { -@@ -72,12 +72,13 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); - CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); - /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ - STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, -- const char *section); -+ const char *section); - - int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); - char *_CONF_get_string(const CONF *conf, const char *section, -- const char *name); --long _CONF_get_number(const CONF *conf, const char *section, const char *name); -+ const char *name); -+long _CONF_get_number(const CONF *conf, const char *section, -+ const char *name); - - int _CONF_new_data(CONF *conf); - void _CONF_free_data(CONF *conf); -@@ -86,4 +87,3 @@ void _CONF_free_data(CONF *conf); - } - #endif - #endif -- -diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h -index ac0c949..748330f 100644 ---- a/Cryptlib/Include/openssl/crypto.h -+++ b/Cryptlib/Include/openssl/crypto.h -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,21 +58,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -87,10 +87,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -102,7 +102,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -110,272 +110,284 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECDH support in OpenSSL originally developed by -+ * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - - #ifndef HEADER_CRYPTO_H --#define HEADER_CRYPTO_H -+# define HEADER_CRYPTO_H - --#include -+# include - --#include -+# include - --#ifndef OPENSSL_NO_FP_API --#include --#endif -+# ifndef OPENSSL_NO_FP_API -+# include -+# endif - --#include --#include --#include --#include -+# include -+# include -+# include -+# include - --#ifdef CHARSET_EBCDIC --#include --#endif -+# ifdef CHARSET_EBCDIC -+# include -+# endif - --/* Resolve problems on some operating systems with symbol names that clash -- one way or another */ --#include -+/* -+ * Resolve problems on some operating systems with symbol names that clash -+ * one way or another -+ */ -+# include - - #ifdef __cplusplus - extern "C" { - #endif - - /* Backward compatibility to SSLeay */ --/* This is more to be used to check the correct DLL is being used -- * in the MS world. */ --#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER --#define SSLEAY_VERSION 0 --/* #define SSLEAY_OPTIONS 1 no longer supported */ --#define SSLEAY_CFLAGS 2 --#define SSLEAY_BUILT_ON 3 --#define SSLEAY_PLATFORM 4 --#define SSLEAY_DIR 5 -+/* -+ * This is more to be used to check the correct DLL is being used in the MS -+ * world. -+ */ -+# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -+# define SSLEAY_VERSION 0 -+/* #define SSLEAY_OPTIONS 1 no longer supported */ -+# define SSLEAY_CFLAGS 2 -+# define SSLEAY_BUILT_ON 3 -+# define SSLEAY_PLATFORM 4 -+# define SSLEAY_DIR 5 - - /* Already declared in ossl_typ.h */ --#if 0 -+# if 0 - typedef struct crypto_ex_data_st CRYPTO_EX_DATA; - /* Called when a new object is created */ --typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -- int idx, long argl, void *argp); -+typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp); - /* Called when an object is free()ed */ --typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -- int idx, long argl, void *argp); -+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp); - /* Called when we need to dup an object */ --typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, -- int idx, long argl, void *argp); --#endif -+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, -+ void *from_d, int idx, long argl, void *argp); -+# endif - - /* A generic structure to pass assorted data in a expandable way */ --typedef struct openssl_item_st -- { -- int code; -- void *value; /* Not used for flag attributes */ -- size_t value_size; /* Max size of value for output, length for input */ -- size_t *value_length; /* Returned length of value for output */ -- } OPENSSL_ITEM; -- -- --/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock -+typedef struct openssl_item_st { -+ int code; -+ void *value; /* Not used for flag attributes */ -+ size_t value_size; /* Max size of value for output, length for -+ * input */ -+ size_t *value_length; /* Returned length of value for output */ -+} OPENSSL_ITEM; -+ -+/* -+ * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock - * names in cryptlib.c - */ - --#define CRYPTO_LOCK_ERR 1 --#define CRYPTO_LOCK_EX_DATA 2 --#define CRYPTO_LOCK_X509 3 --#define CRYPTO_LOCK_X509_INFO 4 --#define CRYPTO_LOCK_X509_PKEY 5 --#define CRYPTO_LOCK_X509_CRL 6 --#define CRYPTO_LOCK_X509_REQ 7 --#define CRYPTO_LOCK_DSA 8 --#define CRYPTO_LOCK_RSA 9 --#define CRYPTO_LOCK_EVP_PKEY 10 --#define CRYPTO_LOCK_X509_STORE 11 --#define CRYPTO_LOCK_SSL_CTX 12 --#define CRYPTO_LOCK_SSL_CERT 13 --#define CRYPTO_LOCK_SSL_SESSION 14 --#define CRYPTO_LOCK_SSL_SESS_CERT 15 --#define CRYPTO_LOCK_SSL 16 --#define CRYPTO_LOCK_SSL_METHOD 17 --#define CRYPTO_LOCK_RAND 18 --#define CRYPTO_LOCK_RAND2 19 --#define CRYPTO_LOCK_MALLOC 20 --#define CRYPTO_LOCK_BIO 21 --#define CRYPTO_LOCK_GETHOSTBYNAME 22 --#define CRYPTO_LOCK_GETSERVBYNAME 23 --#define CRYPTO_LOCK_READDIR 24 --#define CRYPTO_LOCK_RSA_BLINDING 25 --#define CRYPTO_LOCK_DH 26 --#define CRYPTO_LOCK_MALLOC2 27 --#define CRYPTO_LOCK_DSO 28 --#define CRYPTO_LOCK_DYNLOCK 29 --#define CRYPTO_LOCK_ENGINE 30 --#define CRYPTO_LOCK_UI 31 --#define CRYPTO_LOCK_ECDSA 32 --#define CRYPTO_LOCK_EC 33 --#define CRYPTO_LOCK_ECDH 34 --#define CRYPTO_LOCK_BN 35 --#define CRYPTO_LOCK_EC_PRE_COMP 36 --#define CRYPTO_LOCK_STORE 37 --#define CRYPTO_LOCK_COMP 38 --#ifndef OPENSSL_FIPS --#define CRYPTO_NUM_LOCKS 39 --#else --#define CRYPTO_LOCK_FIPS 39 --#define CRYPTO_LOCK_FIPS2 40 --#define CRYPTO_NUM_LOCKS 41 --#endif -+# define CRYPTO_LOCK_ERR 1 -+# define CRYPTO_LOCK_EX_DATA 2 -+# define CRYPTO_LOCK_X509 3 -+# define CRYPTO_LOCK_X509_INFO 4 -+# define CRYPTO_LOCK_X509_PKEY 5 -+# define CRYPTO_LOCK_X509_CRL 6 -+# define CRYPTO_LOCK_X509_REQ 7 -+# define CRYPTO_LOCK_DSA 8 -+# define CRYPTO_LOCK_RSA 9 -+# define CRYPTO_LOCK_EVP_PKEY 10 -+# define CRYPTO_LOCK_X509_STORE 11 -+# define CRYPTO_LOCK_SSL_CTX 12 -+# define CRYPTO_LOCK_SSL_CERT 13 -+# define CRYPTO_LOCK_SSL_SESSION 14 -+# define CRYPTO_LOCK_SSL_SESS_CERT 15 -+# define CRYPTO_LOCK_SSL 16 -+# define CRYPTO_LOCK_SSL_METHOD 17 -+# define CRYPTO_LOCK_RAND 18 -+# define CRYPTO_LOCK_RAND2 19 -+# define CRYPTO_LOCK_MALLOC 20 -+# define CRYPTO_LOCK_BIO 21 -+# define CRYPTO_LOCK_GETHOSTBYNAME 22 -+# define CRYPTO_LOCK_GETSERVBYNAME 23 -+# define CRYPTO_LOCK_READDIR 24 -+# define CRYPTO_LOCK_RSA_BLINDING 25 -+# define CRYPTO_LOCK_DH 26 -+# define CRYPTO_LOCK_MALLOC2 27 -+# define CRYPTO_LOCK_DSO 28 -+# define CRYPTO_LOCK_DYNLOCK 29 -+# define CRYPTO_LOCK_ENGINE 30 -+# define CRYPTO_LOCK_UI 31 -+# define CRYPTO_LOCK_ECDSA 32 -+# define CRYPTO_LOCK_EC 33 -+# define CRYPTO_LOCK_ECDH 34 -+# define CRYPTO_LOCK_BN 35 -+# define CRYPTO_LOCK_EC_PRE_COMP 36 -+# define CRYPTO_LOCK_STORE 37 -+# define CRYPTO_LOCK_COMP 38 -+# ifndef OPENSSL_FIPS -+# define CRYPTO_NUM_LOCKS 39 -+# else -+# define CRYPTO_LOCK_FIPS 39 -+# define CRYPTO_LOCK_FIPS2 40 -+# define CRYPTO_NUM_LOCKS 41 -+# endif - --#define CRYPTO_LOCK 1 --#define CRYPTO_UNLOCK 2 --#define CRYPTO_READ 4 --#define CRYPTO_WRITE 8 -- --#ifndef OPENSSL_NO_LOCKING --#ifndef CRYPTO_w_lock --#define CRYPTO_w_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) --#define CRYPTO_w_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) --#define CRYPTO_r_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) --#define CRYPTO_r_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) --#define CRYPTO_add(addr,amount,type) \ -- CRYPTO_add_lock(addr,amount,type,NULL,0) --#endif --#else --#define CRYPTO_w_lock(a) --#define CRYPTO_w_unlock(a) --#define CRYPTO_r_lock(a) --#define CRYPTO_r_unlock(a) --#define CRYPTO_add(a,b,c) ((*(a))+=(b)) --#endif -+# define CRYPTO_LOCK 1 -+# define CRYPTO_UNLOCK 2 -+# define CRYPTO_READ 4 -+# define CRYPTO_WRITE 8 -+ -+# ifndef OPENSSL_NO_LOCKING -+# ifndef CRYPTO_w_lock -+# define CRYPTO_w_lock(type) \ -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) -+# define CRYPTO_w_unlock(type) \ -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) -+# define CRYPTO_r_lock(type) \ -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) -+# define CRYPTO_r_unlock(type) \ -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) -+# define CRYPTO_add(addr,amount,type) \ -+ CRYPTO_add_lock(addr,amount,type,NULL,0) -+# endif -+# else -+# define CRYPTO_w_lock(a) -+# define CRYPTO_w_unlock(a) -+# define CRYPTO_r_lock(a) -+# define CRYPTO_r_unlock(a) -+# define CRYPTO_add(a,b,c) ((*(a))+=(b)) -+# endif - --/* Some applications as well as some parts of OpenSSL need to allocate -- and deallocate locks in a dynamic fashion. The following typedef -- makes this possible in a type-safe manner. */ -+/* -+ * Some applications as well as some parts of OpenSSL need to allocate and -+ * deallocate locks in a dynamic fashion. The following typedef makes this -+ * possible in a type-safe manner. -+ */ - /* struct CRYPTO_dynlock_value has to be defined by the application. */ --typedef struct -- { -- int references; -- struct CRYPTO_dynlock_value *data; -- } CRYPTO_dynlock; -- -- --/* The following can be used to detect memory leaks in the SSLeay library. -- * It used, it turns on malloc checking */ -+typedef struct { -+ int references; -+ struct CRYPTO_dynlock_value *data; -+} CRYPTO_dynlock; -+ -+/* -+ * The following can be used to detect memory leaks in the SSLeay library. It -+ * used, it turns on malloc checking -+ */ - --#define CRYPTO_MEM_CHECK_OFF 0x0 /* an enume */ --#define CRYPTO_MEM_CHECK_ON 0x1 /* a bit */ --#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* a bit */ --#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* an enume */ -+# define CRYPTO_MEM_CHECK_OFF 0x0/* an enume */ -+# define CRYPTO_MEM_CHECK_ON 0x1/* a bit */ -+# define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */ -+# define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */ - --/* The following are bit values to turn on or off options connected to the -- * malloc checking functionality */ -+/* -+ * The following are bit values to turn on or off options connected to the -+ * malloc checking functionality -+ */ - - /* Adds time to the memory checking information */ --#define V_CRYPTO_MDEBUG_TIME 0x1 /* a bit */ -+# define V_CRYPTO_MDEBUG_TIME 0x1/* a bit */ - /* Adds thread number to the memory checking information */ --#define V_CRYPTO_MDEBUG_THREAD 0x2 /* a bit */ -- --#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) -+# define V_CRYPTO_MDEBUG_THREAD 0x2/* a bit */ - -+# define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) - - /* predec of the BIO type */ - typedef struct bio_st BIO_dummy; - --struct crypto_ex_data_st -- { -- STACK *sk; -- int dummy; /* gcc is screwing up this data structure :-( */ -- }; -+struct crypto_ex_data_st { -+ STACK *sk; -+ /* gcc is screwing up this data structure :-( */ -+ int dummy; -+}; - --/* This stuff is basically class callback functions -- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ -+/* -+ * This stuff is basically class callback functions The current classes are -+ * SSL_CTX, SSL, SSL_SESSION, and a few more -+ */ - --typedef struct crypto_ex_data_func_st -- { -- long argl; /* Arbitary long */ -- void *argp; /* Arbitary void * */ -- CRYPTO_EX_new *new_func; -- CRYPTO_EX_free *free_func; -- CRYPTO_EX_dup *dup_func; -- } CRYPTO_EX_DATA_FUNCS; -+typedef struct crypto_ex_data_func_st { -+ long argl; /* Arbitary long */ -+ void *argp; /* Arbitary void * */ -+ CRYPTO_EX_new *new_func; -+ CRYPTO_EX_free *free_func; -+ CRYPTO_EX_dup *dup_func; -+} CRYPTO_EX_DATA_FUNCS; - - DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) - --/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA -+/* -+ * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA - * entry. - */ - --#define CRYPTO_EX_INDEX_BIO 0 --#define CRYPTO_EX_INDEX_SSL 1 --#define CRYPTO_EX_INDEX_SSL_CTX 2 --#define CRYPTO_EX_INDEX_SSL_SESSION 3 --#define CRYPTO_EX_INDEX_X509_STORE 4 --#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 --#define CRYPTO_EX_INDEX_RSA 6 --#define CRYPTO_EX_INDEX_DSA 7 --#define CRYPTO_EX_INDEX_DH 8 --#define CRYPTO_EX_INDEX_ENGINE 9 --#define CRYPTO_EX_INDEX_X509 10 --#define CRYPTO_EX_INDEX_UI 11 --#define CRYPTO_EX_INDEX_ECDSA 12 --#define CRYPTO_EX_INDEX_ECDH 13 --#define CRYPTO_EX_INDEX_COMP 14 --#define CRYPTO_EX_INDEX_STORE 15 -- --/* Dynamically assigned indexes start from this value (don't use directly, use -- * via CRYPTO_ex_data_new_class). */ --#define CRYPTO_EX_INDEX_USER 100 -- -- --/* This is the default callbacks, but we can have others as well: -- * this is needed in Win32 where the application malloc and the -- * library malloc may not be the same. -+# define CRYPTO_EX_INDEX_BIO 0 -+# define CRYPTO_EX_INDEX_SSL 1 -+# define CRYPTO_EX_INDEX_SSL_CTX 2 -+# define CRYPTO_EX_INDEX_SSL_SESSION 3 -+# define CRYPTO_EX_INDEX_X509_STORE 4 -+# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -+# define CRYPTO_EX_INDEX_RSA 6 -+# define CRYPTO_EX_INDEX_DSA 7 -+# define CRYPTO_EX_INDEX_DH 8 -+# define CRYPTO_EX_INDEX_ENGINE 9 -+# define CRYPTO_EX_INDEX_X509 10 -+# define CRYPTO_EX_INDEX_UI 11 -+# define CRYPTO_EX_INDEX_ECDSA 12 -+# define CRYPTO_EX_INDEX_ECDH 13 -+# define CRYPTO_EX_INDEX_COMP 14 -+# define CRYPTO_EX_INDEX_STORE 15 -+ -+/* -+ * Dynamically assigned indexes start from this value (don't use directly, -+ * use via CRYPTO_ex_data_new_class). -+ */ -+# define CRYPTO_EX_INDEX_USER 100 -+ -+/* -+ * This is the default callbacks, but we can have others as well: this is -+ * needed in Win32 where the application malloc and the library malloc may -+ * not be the same. - */ --#define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ -- malloc, realloc, free) -+# define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ -+ malloc, realloc, free) - --#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD --# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ --# define CRYPTO_MDEBUG -+# if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD -+# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ -+# define CRYPTO_MDEBUG -+# endif - # endif --#endif - --/* Set standard debugging functions (not done by default -- * unless CRYPTO_MDEBUG is defined) */ -+/* -+ * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG -+ * is defined) -+ */ - void CRYPTO_malloc_debug_init(void); - - int CRYPTO_mem_ctrl(int mode); - int CRYPTO_is_mem_check_on(void); - - /* for applications */ --#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) --#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) -+# define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) -+# define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) - - /* for library-internal use */ --#define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) --#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) --#define is_MemCheck_on() CRYPTO_is_mem_check_on() -- --#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) --#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) --#define OPENSSL_realloc(addr,num) \ -- CRYPTO_realloc((char *)addr,(int)num,NULL,0) --#define OPENSSL_realloc_clean(addr,old_num,num) \ -- CRYPTO_realloc_clean(addr,old_num,num,NULL,0) --#define OPENSSL_remalloc(addr,num) \ -- CRYPTO_remalloc((char **)addr,(int)num,NULL,0) --#define OPENSSL_freeFunc CRYPTO_free --#define OPENSSL_free(addr) CRYPTO_free(addr) -- --#define OPENSSL_malloc_locked(num) \ -- CRYPTO_malloc_locked((int)num,NULL,0) --#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) -- -+# define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) -+# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) -+# define is_MemCheck_on() CRYPTO_is_mem_check_on() -+ -+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) -+# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) -+# define OPENSSL_realloc(addr,num) \ -+ CRYPTO_realloc((char *)addr,(int)num,NULL,0) -+# define OPENSSL_realloc_clean(addr,old_num,num) \ -+ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) -+# define OPENSSL_remalloc(addr,num) \ -+ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) -+# define OPENSSL_freeFunc CRYPTO_free -+# define OPENSSL_free(addr) CRYPTO_free(addr) -+ -+# define OPENSSL_malloc_locked(num) \ -+ CRYPTO_malloc_locked((int)num,NULL,0) -+# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) - - const char *SSLeay_version(int type); - unsigned long SSLeay(void); -@@ -383,7 +395,7 @@ unsigned long SSLeay(void); - int OPENSSL_issetugid(void); - - /* An opaque type representing an implementation of "ex_data" support */ --typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; -+typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; - /* Return an opaque pointer to the current "ex_data" implementation */ - const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); - /* Sets the "ex_data" implementation to be used (if it's not too late) */ -@@ -392,118 +404,155 @@ int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); - int CRYPTO_ex_data_new_class(void); - /* Within a given class, get/register a new index */ - int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, -- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -- CRYPTO_EX_free *free_func); --/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given -- * class (invokes whatever per-class callbacks are applicable) */ -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+/* -+ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a -+ * given class (invokes whatever per-class callbacks are applicable) -+ */ - int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); - int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -- CRYPTO_EX_DATA *from); -+ CRYPTO_EX_DATA *from); - void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); --/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index -- * (relative to the class type involved) */ -+/* -+ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular -+ * index (relative to the class type involved) -+ */ - int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); --void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx); --/* This function cleans up all "ex_data" state. It mustn't be called under -- * potential race-conditions. */ -+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); -+/* -+ * This function cleans up all "ex_data" state. It mustn't be called under -+ * potential race-conditions. -+ */ - void CRYPTO_cleanup_all_ex_data(void); - - int CRYPTO_get_new_lockid(char *name); - --int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ --void CRYPTO_lock(int mode, int type,const char *file,int line); --void CRYPTO_set_locking_callback(void (*func)(int mode,int type, -- const char *file,int line)); --void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, -- int line); --void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, -- const char *file, int line)); --int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, -- const char *file,int line); --void CRYPTO_set_id_callback(unsigned long (*func)(void)); --unsigned long (*CRYPTO_get_id_callback(void))(void); -+int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ -+void CRYPTO_lock(int mode, int type, const char *file, int line); -+void CRYPTO_set_locking_callback(void (*func) (int mode, int type, -+ const char *file, int line)); -+void (*CRYPTO_get_locking_callback(void)) (int mode, int type, -+ const char *file, int line); -+void CRYPTO_set_add_lock_callback(int (*func) -+ (int *num, int mount, int type, -+ const char *file, int line)); -+int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, -+ const char *file, int line); -+void CRYPTO_set_id_callback(unsigned long (*func) (void)); -+unsigned long (*CRYPTO_get_id_callback(void)) (void); - unsigned long CRYPTO_thread_id(void); - const char *CRYPTO_get_lock_name(int type); --int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, -- int line); -+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, -+ int line); - --void int_CRYPTO_set_do_dynlock_callback( -- void (*do_dynlock_cb)(int mode, int type, const char *file, int line)); -+void int_CRYPTO_set_do_dynlock_callback(void (*do_dynlock_cb) -+ (int mode, int type, -+ const char *file, int line)); - - int CRYPTO_get_new_dynlockid(void); - void CRYPTO_destroy_dynlockid(int i); - struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); --void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line)); --void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)); --void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line)); --struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line); --void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line); --void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line); -- --/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- -- * call the latter last if you need different functions */ --int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *)); --int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *)); --int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int), -- void *(*r)(void *,size_t,const char *,int), -- void (*f)(void *)); --int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int), -- void (*free_func)(void *)); --int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), -- void (*r)(void *,void *,int,const char *,int,int), -- void (*f)(void *,int), -- void (*so)(long), -- long (*go)(void)); --void CRYPTO_set_mem_info_functions( -- int (*push_info_fn)(const char *info, const char *file, int line), -- int (*pop_info_fn)(void), -- int (*remove_all_info_fn)(void)); --void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); --void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); --void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), -- void *(**r)(void *, size_t,const char *,int), -- void (**f)(void *)); --void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), -- void (**f)(void *)); --void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), -- void (**r)(void *,void *,int,const char *,int,int), -- void (**f)(void *,int), -- void (**so)(long), -- long (**go)(void)); -+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value -+ *(*dyn_create_function) (const char -+ *file, -+ int line)); -+void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) -+ (int mode, -+ struct CRYPTO_dynlock_value *l, -+ const char *file, int line)); -+void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) -+ (struct CRYPTO_dynlock_value *l, -+ const char *file, int line)); -+struct CRYPTO_dynlock_value -+*(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line); -+void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, -+ struct CRYPTO_dynlock_value -+ *l, const char *file, -+ int line); -+void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value -+ *l, const char *file, -+ int line); -+ -+/* -+ * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call -+ * the latter last if you need different functions -+ */ -+int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), -+ void (*f) (void *)); -+int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), -+ void (*free_func) (void *)); -+int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), -+ void *(*r) (void *, size_t, const char *, -+ int), void (*f) (void *)); -+int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), -+ void (*free_func) (void *)); -+int CRYPTO_set_mem_debug_functions(void (*m) -+ (void *, int, const char *, int, int), -+ void (*r) (void *, void *, int, -+ const char *, int, int), -+ void (*f) (void *, int), void (*so) (long), -+ long (*go) (void)); -+void CRYPTO_set_mem_info_functions(int (*push_info_fn) -+ (const char *info, const char *file, -+ int line), int (*pop_info_fn) (void), -+ int (*remove_all_info_fn) (void)); -+void CRYPTO_get_mem_functions(void *(**m) (size_t), -+ void *(**r) (void *, size_t), -+ void (**f) (void *)); -+void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), -+ void (**f) (void *)); -+void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), -+ void *(**r) (void *, size_t, const char *, -+ int), void (**f) (void *)); -+void CRYPTO_get_locked_mem_ex_functions(void -+ *(**m) (size_t, const char *, int), -+ void (**f) (void *)); -+void CRYPTO_get_mem_debug_functions(void (**m) -+ (void *, int, const char *, int, int), -+ void (**r) (void *, void *, int, -+ const char *, int, int), -+ void (**f) (void *, int), -+ void (**so) (long), long (**go) (void)); - - void *CRYPTO_malloc_locked(int num, const char *file, int line); - void CRYPTO_free_locked(void *); - void *CRYPTO_malloc(int num, const char *file, int line); - char *CRYPTO_strdup(const char *str, const char *file, int line); - void CRYPTO_free(void *); --void *CRYPTO_realloc(void *addr,int num, const char *file, int line); --void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, -- int line); --void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); -+void *CRYPTO_realloc(void *addr, int num, const char *file, int line); -+void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, -+ int line); -+void *CRYPTO_remalloc(void *addr, int num, const char *file, int line); - - void OPENSSL_cleanse(void *ptr, size_t len); - - void CRYPTO_set_mem_debug_options(long bits); - long CRYPTO_get_mem_debug_options(void); - --#define CRYPTO_push_info(info) \ -+# define CRYPTO_push_info(info) \ - CRYPTO_push_info_(info, NULL, 0); - int CRYPTO_push_info_(const char *info, const char *file, int line); - int CRYPTO_pop_info(void); - int CRYPTO_remove_all_info(void); - -- --/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; -- * used as default in CRYPTO_MDEBUG compilations): */ --/* The last argument has the following significance: -+/* -+ * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; -+ * used as default in CRYPTO_MDEBUG compilations): -+ */ -+/*- -+ * The last argument has the following significance: - * -- * 0: called before the actual memory allocation has taken place -- * 1: called after the actual memory allocation has taken place -+ * 0: called before the actual memory allocation has taken place -+ * 1: called after the actual memory allocation has taken place - */ --void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); --void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); --void CRYPTO_dbg_free(void *addr,int before_p); --/* Tell the debugging code about options. By default, the following values -+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, -+ int before_p); -+void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file, -+ int line, int before_p); -+void CRYPTO_dbg_free(void *addr, int before_p); -+/*- -+ * Tell the debugging code about options. By default, the following values - * apply: - * - * 0: Clear all options. -@@ -518,88 +567,93 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line); - int CRYPTO_dbg_pop_info(void); - int CRYPTO_dbg_remove_all_info(void); - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - void CRYPTO_mem_leaks_fp(FILE *); --#endif -+# endif - void CRYPTO_mem_leaks(struct bio_st *bio); - /* unsigned long order, char *file, int line, int num_bytes, char *addr */ --typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); -+typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int, -+ void *); - void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); - - /* die if we have to */ --void OpenSSLDie(const char *file,int line,const char *assertion); --#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) -+void OpenSSLDie(const char *file, int line, const char *assertion); -+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) - - unsigned long *OPENSSL_ia32cap_loc(void); --#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) -+# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) - int OPENSSL_isservice(void); - --#ifdef OPENSSL_FIPS --#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ -- alg " previous FIPS forbidden algorithm error ignored"); -- --#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ -- #alg " Algorithm forbidden in FIPS mode"); -- --#ifdef OPENSSL_FIPS_STRICT --#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) --#else --#define FIPS_BAD_ALGORITHM(alg) \ -- { \ -- FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ -- ERR_add_error_data(2, "Algorithm=", #alg); \ -- return 0; \ -- } --#endif -+# ifdef OPENSSL_FIPS -+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ -+ alg " previous FIPS forbidden algorithm error ignored"); - --/* Low level digest API blocking macro */ -+# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ -+ #alg " Algorithm forbidden in FIPS mode"); - --#define FIPS_NON_FIPS_MD_Init(alg) \ -- int alg##_Init(alg##_CTX *c) \ -- { \ -- if (FIPS_mode()) \ -- FIPS_BAD_ALGORITHM(alg) \ -- return private_##alg##_Init(c); \ -- } \ -- int private_##alg##_Init(alg##_CTX *c) -+# ifdef OPENSSL_FIPS_STRICT -+# define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) -+# else -+# define FIPS_BAD_ALGORITHM(alg) \ -+ { \ -+ FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ -+ ERR_add_error_data(2, "Algorithm=", #alg); \ -+ return 0; \ -+ } -+# endif - --/* For ciphers the API often varies from cipher to cipher and each needs to -+/* Low level digest API blocking macro */ -+ -+# define FIPS_NON_FIPS_MD_Init(alg) \ -+ int alg##_Init(alg##_CTX *c) \ -+ { \ -+ if (FIPS_mode()) \ -+ FIPS_BAD_ALGORITHM(alg) \ -+ return private_##alg##_Init(c); \ -+ } \ -+ int private_##alg##_Init(alg##_CTX *c) -+ -+/* -+ * For ciphers the API often varies from cipher to cipher and each needs to - * be treated as a special case. Variable key length ciphers (Blowfish, RC4, - * CAST) however are very similar and can use a blocking macro. - */ - --#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ -- void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ -- { \ -- if (FIPS_mode()) \ -- FIPS_BAD_ABORT(alg) \ -- private_##alg##_set_key(key, len, data); \ -- } \ -- void private_##alg##_set_key(alg##_KEY *key, int len, \ -- const unsigned char *data) -+# define FIPS_NON_FIPS_VCIPHER_Init(alg) \ -+ void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ -+ { \ -+ if (FIPS_mode()) \ -+ FIPS_BAD_ABORT(alg) \ -+ private_##alg##_set_key(key, len, data); \ -+ } \ -+ void private_##alg##_set_key(alg##_KEY *key, int len, \ -+ const unsigned char *data) - --#else -+# else - --#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ -- void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) -+# define FIPS_NON_FIPS_VCIPHER_Init(alg) \ -+ void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) - --#define FIPS_NON_FIPS_MD_Init(alg) \ -- int alg##_Init(alg##_CTX *c) -+# define FIPS_NON_FIPS_MD_Init(alg) \ -+ int alg##_Init(alg##_CTX *c) - --#endif /* def OPENSSL_FIPS */ -+# endif /* def OPENSSL_FIPS */ - --#define OPENSSL_HAVE_INIT 1 -+# define OPENSSL_HAVE_INIT 1 - void OPENSSL_init(void); - --/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It -- * takes an amount of time dependent on |len|, but independent of the contents -- * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a -- * defined order as the return value when a != b is undefined, other than to be -- * non-zero. */ -+/* -+ * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. -+ * It takes an amount of time dependent on |len|, but independent of the -+ * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements -+ * into a defined order as the return value when a != b is undefined, other -+ * than to be non-zero. -+ */ - int CRYPTO_memcmp(const void *a, const void *b, size_t len); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_CRYPTO_strings(void); -@@ -607,18 +661,18 @@ void ERR_load_CRYPTO_strings(void); - /* Error codes for the CRYPTO functions. */ - - /* Function codes. */ --#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 --#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 --#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 --#define CRYPTO_F_CRYPTO_SET_EX_DATA 102 --#define CRYPTO_F_DEF_ADD_INDEX 104 --#define CRYPTO_F_DEF_GET_CLASS 105 --#define CRYPTO_F_INT_DUP_EX_DATA 106 --#define CRYPTO_F_INT_FREE_EX_DATA 107 --#define CRYPTO_F_INT_NEW_EX_DATA 108 -+# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 -+# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 -+# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 -+# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 -+# define CRYPTO_F_DEF_ADD_INDEX 104 -+# define CRYPTO_F_DEF_GET_CLASS 105 -+# define CRYPTO_F_INT_DUP_EX_DATA 106 -+# define CRYPTO_F_INT_FREE_EX_DATA 107 -+# define CRYPTO_F_INT_NEW_EX_DATA 108 - - /* Reason codes. */ --#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 -+# define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/des.h b/Cryptlib/Include/openssl/des.h -index 92b6663..fe02e34 100644 ---- a/Cryptlib/Include/openssl/des.h -+++ b/Cryptlib/Include/openssl/des.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,19 +57,19 @@ - */ - - #ifndef HEADER_NEW_DES_H --#define HEADER_NEW_DES_H -+# define HEADER_NEW_DES_H - --#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, -- DES_LONG (via openssl/opensslconf.h */ -+# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG -+ * (via openssl/opensslconf.h */ - --#ifdef OPENSSL_NO_DES --#error DES is disabled. --#endif -+# ifdef OPENSSL_NO_DES -+# error DES is disabled. -+# endif - --#ifdef OPENSSL_BUILD_SHLIBCRYPTO --# undef OPENSSL_EXTERN --# define OPENSSL_EXTERN OPENSSL_EXPORT --#endif -+# ifdef OPENSSL_BUILD_SHLIBCRYPTO -+# undef OPENSSL_EXTERN -+# define OPENSSL_EXTERN OPENSSL_EXPORT -+# endif - - #ifdef __cplusplus - extern "C" { -@@ -77,166 +77,174 @@ extern "C" { - - typedef unsigned char DES_cblock[8]; - typedef /* const */ unsigned char const_DES_cblock[8]; --/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * -- * and const_DES_cblock * are incompatible pointer types. */ -- --typedef struct DES_ks -- { -- union -- { -- DES_cblock cblock; -- /* make sure things are correct size on machines with -- * 8 byte longs */ -- DES_LONG deslong[2]; -- } ks[16]; -- } DES_key_schedule; -- --#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT --# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT --# define OPENSSL_ENABLE_OLD_DES_SUPPORT -+/* -+ * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and -+ * const_DES_cblock * are incompatible pointer types. -+ */ -+ -+typedef struct DES_ks { -+ union { -+ DES_cblock cblock; -+ /* -+ * make sure things are correct size on machines with 8 byte longs -+ */ -+ DES_LONG deslong[2]; -+ } ks[16]; -+} DES_key_schedule; -+ -+# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT -+# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT -+# define OPENSSL_ENABLE_OLD_DES_SUPPORT -+# endif - # endif --#endif - --#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT --# include --#endif -+# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT -+# include -+# endif - --#define DES_KEY_SZ (sizeof(DES_cblock)) --#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) -+# define DES_KEY_SZ (sizeof(DES_cblock)) -+# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) - --#define DES_ENCRYPT 1 --#define DES_DECRYPT 0 -+# define DES_ENCRYPT 1 -+# define DES_DECRYPT 0 - --#define DES_CBC_MODE 0 --#define DES_PCBC_MODE 1 -+# define DES_CBC_MODE 0 -+# define DES_PCBC_MODE 1 - --#define DES_ecb2_encrypt(i,o,k1,k2,e) \ -- DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) -+# define DES_ecb2_encrypt(i,o,k1,k2,e) \ -+ DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - --#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ -- DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) -+# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ -+ DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - --#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ -- DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) -+# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ -+ DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - --#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ -- DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -+# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ -+ DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - --OPENSSL_DECLARE_GLOBAL(int,DES_check_key); /* defaults to false */ --#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) --OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ --#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) -+OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ -+# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) -+OPENSSL_DECLARE_GLOBAL(int, DES_rw_mode); /* defaults to DES_PCBC_MODE */ -+# define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) - - const char *DES_options(void); - void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, -- DES_key_schedule *ks1,DES_key_schedule *ks2, -- DES_key_schedule *ks3, int enc); --DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, -- long length,DES_key_schedule *schedule, -- const_DES_cblock *ivec); -+ DES_key_schedule *ks1, DES_key_schedule *ks2, -+ DES_key_schedule *ks3, int enc); -+DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, -+ long length, DES_key_schedule *schedule, -+ const_DES_cblock *ivec); - /* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ --void DES_cbc_encrypt(const unsigned char *input,unsigned char *output, -- long length,DES_key_schedule *schedule,DES_cblock *ivec, -- int enc); --void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output, -- long length,DES_key_schedule *schedule,DES_cblock *ivec, -- int enc); --void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output, -- long length,DES_key_schedule *schedule,DES_cblock *ivec, -- const_DES_cblock *inw,const_DES_cblock *outw,int enc); --void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits, -- long length,DES_key_schedule *schedule,DES_cblock *ivec, -- int enc); --void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output, -- DES_key_schedule *ks,int enc); -- --/* This is the DES encryption function that gets called by just about -- every other DES routine in the library. You should not use this -- function except to implement 'modes' of DES. I say this because the -- functions that call this routine do the conversion from 'char *' to -- long, and this needs to be done to make sure 'non-aligned' memory -- access do not occur. The characters are loaded 'little endian'. -- Data is a pointer to 2 unsigned long's and ks is the -- DES_key_schedule to use. enc, is non zero specifies encryption, -- zero if decryption. */ --void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc); -- --/* This functions is the same as DES_encrypt1() except that the DES -- initial permutation (IP) and final permutation (FP) have been left -- out. As for DES_encrypt1(), you should not use this function. -- It is used by the routines in the library that implement triple DES. -- IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same -- as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */ --void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc); -+void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int enc); -+void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int enc); -+void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, const_DES_cblock *inw, -+ const_DES_cblock *outw, int enc); -+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int enc); -+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, -+ DES_key_schedule *ks, int enc); -+ -+/* -+ * This is the DES encryption function that gets called by just about every -+ * other DES routine in the library. You should not use this function except -+ * to implement 'modes' of DES. I say this because the functions that call -+ * this routine do the conversion from 'char *' to long, and this needs to be -+ * done to make sure 'non-aligned' memory access do not occur. The -+ * characters are loaded 'little endian'. Data is a pointer to 2 unsigned -+ * long's and ks is the DES_key_schedule to use. enc, is non zero specifies -+ * encryption, zero if decryption. -+ */ -+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); -+ -+/* -+ * This functions is the same as DES_encrypt1() except that the DES initial -+ * permutation (IP) and final permutation (FP) have been left out. As for -+ * DES_encrypt1(), you should not use this function. It is used by the -+ * routines in the library that implement triple DES. IP() DES_encrypt2() -+ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() -+ * DES_encrypt1() DES_encrypt1() except faster :-). -+ */ -+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); - - void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, -- DES_key_schedule *ks2, DES_key_schedule *ks3); -+ DES_key_schedule *ks2, DES_key_schedule *ks3); - void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, -- DES_key_schedule *ks2, DES_key_schedule *ks3); --void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, -- long length, -- DES_key_schedule *ks1,DES_key_schedule *ks2, -- DES_key_schedule *ks3,DES_cblock *ivec,int enc); --void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out, -- long length, -- DES_key_schedule *ks1,DES_key_schedule *ks2, -- DES_key_schedule *ks3, -- DES_cblock *ivec1,DES_cblock *ivec2, -- int enc); --void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, -- long length,DES_key_schedule *ks1, -- DES_key_schedule *ks2,DES_key_schedule *ks3, -- DES_cblock *ivec,int *num,int enc); --void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, -- int numbits,long length,DES_key_schedule *ks1, -- DES_key_schedule *ks2,DES_key_schedule *ks3, -- DES_cblock *ivec,int enc); --void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, -- long length,DES_key_schedule *ks1, -- DES_key_schedule *ks2,DES_key_schedule *ks3, -- DES_cblock *ivec,int *num); --#if 0 --void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, -- DES_cblock *out_white); --#endif -+ DES_key_schedule *ks2, DES_key_schedule *ks3); -+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, -+ long length, -+ DES_key_schedule *ks1, DES_key_schedule *ks2, -+ DES_key_schedule *ks3, DES_cblock *ivec, int enc); -+void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, -+ long length, -+ DES_key_schedule *ks1, DES_key_schedule *ks2, -+ DES_key_schedule *ks3, -+ DES_cblock *ivec1, DES_cblock *ivec2, int enc); -+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int *num, int enc); -+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, -+ int numbits, long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int enc); -+void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int *num); -+# if 0 -+void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white, -+ DES_cblock *out_white); -+# endif - --int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, -- DES_cblock *iv); --int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched, -- DES_cblock *iv); --char *DES_fcrypt(const char *buf,const char *salt, char *ret); --char *DES_crypt(const char *buf,const char *salt); --void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits, -- long length,DES_key_schedule *schedule,DES_cblock *ivec); --void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output, -- long length,DES_key_schedule *schedule,DES_cblock *ivec, -- int enc); --DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[], -- long length,int out_count,DES_cblock *seed); -+int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, -+ DES_cblock *iv); -+int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, -+ DES_cblock *iv); -+char *DES_fcrypt(const char *buf, const char *salt, char *ret); -+char *DES_crypt(const char *buf, const char *salt); -+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec); -+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int enc); -+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], -+ long length, int out_count, DES_cblock *seed); - int DES_random_key(DES_cblock *ret); - void DES_set_odd_parity(DES_cblock *key); - int DES_check_key_parity(const_DES_cblock *key); - int DES_is_weak_key(const_DES_cblock *key); --/* DES_set_key (= set_key = DES_key_sched = key_sched) calls -+/* -+ * DES_set_key (= set_key = DES_key_sched = key_sched) calls - * DES_set_key_checked if global variable DES_check_key is set, -- * DES_set_key_unchecked otherwise. */ --int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule); --int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); --int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); --void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule); --void DES_string_to_key(const char *str,DES_cblock *key); --void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); --void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, -- DES_key_schedule *schedule,DES_cblock *ivec,int *num, -- int enc); --void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length, -- DES_key_schedule *schedule,DES_cblock *ivec,int *num); -+ * DES_set_key_unchecked otherwise. -+ */ -+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); -+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); -+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); -+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); -+void DES_string_to_key(const char *str, DES_cblock *key); -+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); -+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int *num, int enc); -+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int *num); - - int DES_read_password(DES_cblock *key, const char *prompt, int verify); --int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, -- int verify); -+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, -+ const char *prompt, int verify); - --#define DES_fixup_key_parity DES_set_odd_parity -+# define DES_fixup_key_parity DES_set_odd_parity - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/des_old.h b/Cryptlib/Include/openssl/des_old.h -index 2b2c372..f1e1e2c 100644 ---- a/Cryptlib/Include/openssl/des_old.h -+++ b/Cryptlib/Include/openssl/des_old.h -@@ -1,6 +1,7 @@ - /* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ - --/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -+/*- -+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * The function names in here are deprecated and are only present to - * provide an interface compatible with openssl 0.9.6 and older as -@@ -31,8 +32,9 @@ - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -@@ -42,7 +44,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -89,333 +91,382 @@ - */ - - #ifndef HEADER_DES_H --#define HEADER_DES_H -+# define HEADER_DES_H - --#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ -+# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ - --#ifdef OPENSSL_NO_DES --#error DES is disabled. --#endif -+# ifdef OPENSSL_NO_DES -+# error DES is disabled. -+# endif - --#ifndef HEADER_NEW_DES_H --#error You must include des.h, not des_old.h directly. --#endif -+# ifndef HEADER_NEW_DES_H -+# error You must include des.h, not des_old.h directly. -+# endif - --#ifdef _KERBEROS_DES_H --#error replaces . --#endif -+# ifdef _KERBEROS_DES_H -+# error replaces . -+# endif - --#include -+# include - --#ifdef OPENSSL_BUILD_SHLIBCRYPTO --# undef OPENSSL_EXTERN --# define OPENSSL_EXTERN OPENSSL_EXPORT --#endif -+# ifdef OPENSSL_BUILD_SHLIBCRYPTO -+# undef OPENSSL_EXTERN -+# define OPENSSL_EXTERN OPENSSL_EXPORT -+# endif - - #ifdef __cplusplus - extern "C" { - #endif - --#ifdef _ --#undef _ --#endif -+# ifdef _ -+# undef _ -+# endif - - typedef unsigned char _ossl_old_des_cblock[8]; --typedef struct _ossl_old_des_ks_struct -- { -- union { -- _ossl_old_des_cblock _; -- /* make sure things are correct size on machines with -- * 8 byte longs */ -- DES_LONG pad[2]; -- } ks; -- } _ossl_old_des_key_schedule[16]; -- --#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY --#define des_cblock DES_cblock --#define const_des_cblock const_DES_cblock --#define des_key_schedule DES_key_schedule --#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ -- DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) --#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ -- DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) --#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ -- DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) --#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ -- DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) --#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ -- DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) --#define des_options()\ -- DES_options() --#define des_cbc_cksum(i,o,l,k,iv)\ -- DES_cbc_cksum((i),(o),(l),&(k),(iv)) --#define des_cbc_encrypt(i,o,l,k,iv,e)\ -- DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) --#define des_ncbc_encrypt(i,o,l,k,iv,e)\ -- DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) --#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ -- DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) --#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ -- DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) --#define des_ecb_encrypt(i,o,k,e)\ -- DES_ecb_encrypt((i),(o),&(k),(e)) --#define des_encrypt1(d,k,e)\ -- DES_encrypt1((d),&(k),(e)) --#define des_encrypt2(d,k,e)\ -- DES_encrypt2((d),&(k),(e)) --#define des_encrypt3(d,k1,k2,k3)\ -- DES_encrypt3((d),&(k1),&(k2),&(k3)) --#define des_decrypt3(d,k1,k2,k3)\ -- DES_decrypt3((d),&(k1),&(k2),&(k3)) --#define des_xwhite_in2out(k,i,o)\ -- DES_xwhite_in2out((k),(i),(o)) --#define des_enc_read(f,b,l,k,iv)\ -- DES_enc_read((f),(b),(l),&(k),(iv)) --#define des_enc_write(f,b,l,k,iv)\ -- DES_enc_write((f),(b),(l),&(k),(iv)) --#define des_fcrypt(b,s,r)\ -- DES_fcrypt((b),(s),(r)) --#if 0 --#define des_crypt(b,s)\ -- DES_crypt((b),(s)) --#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) --#define crypt(b,s)\ -- DES_crypt((b),(s)) --#endif --#endif --#define des_ofb_encrypt(i,o,n,l,k,iv)\ -- DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) --#define des_pcbc_encrypt(i,o,l,k,iv,e)\ -- DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) --#define des_quad_cksum(i,o,l,c,s)\ -- DES_quad_cksum((i),(o),(l),(c),(s)) --#define des_random_seed(k)\ -- _ossl_096_des_random_seed((k)) --#define des_random_key(r)\ -- DES_random_key((r)) --#define des_read_password(k,p,v) \ -- DES_read_password((k),(p),(v)) --#define des_read_2passwords(k1,k2,p,v) \ -- DES_read_2passwords((k1),(k2),(p),(v)) --#define des_set_odd_parity(k)\ -- DES_set_odd_parity((k)) --#define des_check_key_parity(k)\ -- DES_check_key_parity((k)) --#define des_is_weak_key(k)\ -- DES_is_weak_key((k)) --#define des_set_key(k,ks)\ -- DES_set_key((k),&(ks)) --#define des_key_sched(k,ks)\ -- DES_key_sched((k),&(ks)) --#define des_set_key_checked(k,ks)\ -- DES_set_key_checked((k),&(ks)) --#define des_set_key_unchecked(k,ks)\ -- DES_set_key_unchecked((k),&(ks)) --#define des_string_to_key(s,k)\ -- DES_string_to_key((s),(k)) --#define des_string_to_2keys(s,k1,k2)\ -- DES_string_to_2keys((s),(k1),(k2)) --#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ -- DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) --#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ -- DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) -- -- --#define des_ecb2_encrypt(i,o,k1,k2,e) \ -- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) -- --#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ -- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) -- --#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ -- des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) -- --#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ -- des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -- --#define des_check_key DES_check_key --#define des_rw_mode DES_rw_mode --#else /* libdes compatibility */ --/* Map all symbol names to _ossl_old_des_* form, so we avoid all -- clashes with libdes */ --#define des_cblock _ossl_old_des_cblock --#define des_key_schedule _ossl_old_des_key_schedule --#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ -- _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) --#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ -- _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) --#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ -- _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) --#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ -- _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) --#define des_options()\ -- _ossl_old_des_options() --#define des_cbc_cksum(i,o,l,k,iv)\ -- _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) --#define des_cbc_encrypt(i,o,l,k,iv,e)\ -- _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) --#define des_ncbc_encrypt(i,o,l,k,iv,e)\ -- _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) --#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ -- _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) --#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ -- _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) --#define des_ecb_encrypt(i,o,k,e)\ -- _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) --#define des_encrypt(d,k,e)\ -- _ossl_old_des_encrypt((d),(k),(e)) --#define des_encrypt2(d,k,e)\ -- _ossl_old_des_encrypt2((d),(k),(e)) --#define des_encrypt3(d,k1,k2,k3)\ -- _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) --#define des_decrypt3(d,k1,k2,k3)\ -- _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) --#define des_xwhite_in2out(k,i,o)\ -- _ossl_old_des_xwhite_in2out((k),(i),(o)) --#define des_enc_read(f,b,l,k,iv)\ -- _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) --#define des_enc_write(f,b,l,k,iv)\ -- _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) --#define des_fcrypt(b,s,r)\ -- _ossl_old_des_fcrypt((b),(s),(r)) --#define des_crypt(b,s)\ -- _ossl_old_des_crypt((b),(s)) --#if 0 --#define crypt(b,s)\ -- _ossl_old_crypt((b),(s)) --#endif --#define des_ofb_encrypt(i,o,n,l,k,iv)\ -- _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) --#define des_pcbc_encrypt(i,o,l,k,iv,e)\ -- _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) --#define des_quad_cksum(i,o,l,c,s)\ -- _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) --#define des_random_seed(k)\ -- _ossl_old_des_random_seed((k)) --#define des_random_key(r)\ -- _ossl_old_des_random_key((r)) --#define des_read_password(k,p,v) \ -- _ossl_old_des_read_password((k),(p),(v)) --#define des_read_2passwords(k1,k2,p,v) \ -- _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) --#define des_set_odd_parity(k)\ -- _ossl_old_des_set_odd_parity((k)) --#define des_is_weak_key(k)\ -- _ossl_old_des_is_weak_key((k)) --#define des_set_key(k,ks)\ -- _ossl_old_des_set_key((k),(ks)) --#define des_key_sched(k,ks)\ -- _ossl_old_des_key_sched((k),(ks)) --#define des_string_to_key(s,k)\ -- _ossl_old_des_string_to_key((s),(k)) --#define des_string_to_2keys(s,k1,k2)\ -- _ossl_old_des_string_to_2keys((s),(k1),(k2)) --#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ -- _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) --#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ -- _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) -- -- --#define des_ecb2_encrypt(i,o,k1,k2,e) \ -- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) -- --#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ -- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) -- --#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ -- des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) -- --#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ -- des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -- --#define des_check_key DES_check_key --#define des_rw_mode DES_rw_mode --#endif -+typedef struct _ossl_old_des_ks_struct { -+ union { -+ _ossl_old_des_cblock _; -+ /* -+ * make sure things are correct size on machines with 8 byte longs -+ */ -+ DES_LONG pad[2]; -+ } ks; -+} _ossl_old_des_key_schedule[16]; -+ -+# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY -+# define des_cblock DES_cblock -+# define const_des_cblock const_DES_cblock -+# define des_key_schedule DES_key_schedule -+# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ -+ DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) -+# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ -+ DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) -+# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ -+ DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) -+# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ -+ DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) -+# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ -+ DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) -+# define des_options()\ -+ DES_options() -+# define des_cbc_cksum(i,o,l,k,iv)\ -+ DES_cbc_cksum((i),(o),(l),&(k),(iv)) -+# define des_cbc_encrypt(i,o,l,k,iv,e)\ -+ DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) -+# define des_ncbc_encrypt(i,o,l,k,iv,e)\ -+ DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) -+# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ -+ DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) -+# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ -+ DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) -+# define des_ecb_encrypt(i,o,k,e)\ -+ DES_ecb_encrypt((i),(o),&(k),(e)) -+# define des_encrypt1(d,k,e)\ -+ DES_encrypt1((d),&(k),(e)) -+# define des_encrypt2(d,k,e)\ -+ DES_encrypt2((d),&(k),(e)) -+# define des_encrypt3(d,k1,k2,k3)\ -+ DES_encrypt3((d),&(k1),&(k2),&(k3)) -+# define des_decrypt3(d,k1,k2,k3)\ -+ DES_decrypt3((d),&(k1),&(k2),&(k3)) -+# define des_xwhite_in2out(k,i,o)\ -+ DES_xwhite_in2out((k),(i),(o)) -+# define des_enc_read(f,b,l,k,iv)\ -+ DES_enc_read((f),(b),(l),&(k),(iv)) -+# define des_enc_write(f,b,l,k,iv)\ -+ DES_enc_write((f),(b),(l),&(k),(iv)) -+# define des_fcrypt(b,s,r)\ -+ DES_fcrypt((b),(s),(r)) -+# if 0 -+# define des_crypt(b,s)\ -+ DES_crypt((b),(s)) -+# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) -+# define crypt(b,s)\ -+ DES_crypt((b),(s)) -+# endif -+# endif -+# define des_ofb_encrypt(i,o,n,l,k,iv)\ -+ DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) -+# define des_pcbc_encrypt(i,o,l,k,iv,e)\ -+ DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) -+# define des_quad_cksum(i,o,l,c,s)\ -+ DES_quad_cksum((i),(o),(l),(c),(s)) -+# define des_random_seed(k)\ -+ _ossl_096_des_random_seed((k)) -+# define des_random_key(r)\ -+ DES_random_key((r)) -+# define des_read_password(k,p,v) \ -+ DES_read_password((k),(p),(v)) -+# define des_read_2passwords(k1,k2,p,v) \ -+ DES_read_2passwords((k1),(k2),(p),(v)) -+# define des_set_odd_parity(k)\ -+ DES_set_odd_parity((k)) -+# define des_check_key_parity(k)\ -+ DES_check_key_parity((k)) -+# define des_is_weak_key(k)\ -+ DES_is_weak_key((k)) -+# define des_set_key(k,ks)\ -+ DES_set_key((k),&(ks)) -+# define des_key_sched(k,ks)\ -+ DES_key_sched((k),&(ks)) -+# define des_set_key_checked(k,ks)\ -+ DES_set_key_checked((k),&(ks)) -+# define des_set_key_unchecked(k,ks)\ -+ DES_set_key_unchecked((k),&(ks)) -+# define des_string_to_key(s,k)\ -+ DES_string_to_key((s),(k)) -+# define des_string_to_2keys(s,k1,k2)\ -+ DES_string_to_2keys((s),(k1),(k2)) -+# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ -+ DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) -+# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ -+ DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) -+ -+# define des_ecb2_encrypt(i,o,k1,k2,e) \ -+ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) -+ -+# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ -+ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) -+ -+# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ -+ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) -+ -+# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ -+ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -+ -+# define des_check_key DES_check_key -+# define des_rw_mode DES_rw_mode -+# else /* libdes compatibility */ -+/* -+ * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with -+ * libdes -+ */ -+# define des_cblock _ossl_old_des_cblock -+# define des_key_schedule _ossl_old_des_key_schedule -+# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ -+ _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) -+# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ -+ _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) -+# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ -+ _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) -+# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ -+ _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) -+# define des_options()\ -+ _ossl_old_des_options() -+# define des_cbc_cksum(i,o,l,k,iv)\ -+ _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) -+# define des_cbc_encrypt(i,o,l,k,iv,e)\ -+ _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) -+# define des_ncbc_encrypt(i,o,l,k,iv,e)\ -+ _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) -+# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ -+ _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) -+# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ -+ _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) -+# define des_ecb_encrypt(i,o,k,e)\ -+ _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) -+# define des_encrypt(d,k,e)\ -+ _ossl_old_des_encrypt((d),(k),(e)) -+# define des_encrypt2(d,k,e)\ -+ _ossl_old_des_encrypt2((d),(k),(e)) -+# define des_encrypt3(d,k1,k2,k3)\ -+ _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) -+# define des_decrypt3(d,k1,k2,k3)\ -+ _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) -+# define des_xwhite_in2out(k,i,o)\ -+ _ossl_old_des_xwhite_in2out((k),(i),(o)) -+# define des_enc_read(f,b,l,k,iv)\ -+ _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) -+# define des_enc_write(f,b,l,k,iv)\ -+ _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) -+# define des_fcrypt(b,s,r)\ -+ _ossl_old_des_fcrypt((b),(s),(r)) -+# define des_crypt(b,s)\ -+ _ossl_old_des_crypt((b),(s)) -+# if 0 -+# define crypt(b,s)\ -+ _ossl_old_crypt((b),(s)) -+# endif -+# define des_ofb_encrypt(i,o,n,l,k,iv)\ -+ _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) -+# define des_pcbc_encrypt(i,o,l,k,iv,e)\ -+ _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) -+# define des_quad_cksum(i,o,l,c,s)\ -+ _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) -+# define des_random_seed(k)\ -+ _ossl_old_des_random_seed((k)) -+# define des_random_key(r)\ -+ _ossl_old_des_random_key((r)) -+# define des_read_password(k,p,v) \ -+ _ossl_old_des_read_password((k),(p),(v)) -+# define des_read_2passwords(k1,k2,p,v) \ -+ _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) -+# define des_set_odd_parity(k)\ -+ _ossl_old_des_set_odd_parity((k)) -+# define des_is_weak_key(k)\ -+ _ossl_old_des_is_weak_key((k)) -+# define des_set_key(k,ks)\ -+ _ossl_old_des_set_key((k),(ks)) -+# define des_key_sched(k,ks)\ -+ _ossl_old_des_key_sched((k),(ks)) -+# define des_string_to_key(s,k)\ -+ _ossl_old_des_string_to_key((s),(k)) -+# define des_string_to_2keys(s,k1,k2)\ -+ _ossl_old_des_string_to_2keys((s),(k1),(k2)) -+# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ -+ _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) -+# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ -+ _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) -+ -+# define des_ecb2_encrypt(i,o,k1,k2,e) \ -+ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) -+ -+# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ -+ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) -+ -+# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ -+ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) -+ -+# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ -+ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -+ -+# define des_check_key DES_check_key -+# define des_rw_mode DES_rw_mode -+# endif - - const char *_ossl_old_des_options(void); --void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, -- _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2, -- _ossl_old_des_key_schedule ks3, int enc); --DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, -- long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); --void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, -- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); --void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, -- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); --void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, -- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec, -- _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc); --void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, -- long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); --void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, -- _ossl_old_des_key_schedule ks,int enc); --void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); --void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); -+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, -+ _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3, int enc); -+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec); -+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc); -+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc); -+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, -+ _ossl_old_des_cblock *inw, -+ _ossl_old_des_cblock *outw, int enc); -+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, -+ int numbits, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc); -+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, -+ _ossl_old_des_key_schedule ks, int enc); -+void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks, -+ int enc); -+void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks, -+ int enc); - void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, -- _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3); - void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, -- _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); --void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, -- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, -- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc); -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3); -+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int enc); - void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, -- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, -- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc); -+ long length, -+ _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int *num, -+ int enc); - void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, -- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, -- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); --#if 0 --void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), -- _ossl_old_des_cblock (*out_white)); --#endif -- --int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, -- _ossl_old_des_cblock *iv); --int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, -- _ossl_old_des_cblock *iv); --char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret); --char *_ossl_old_des_crypt(const char *buf,const char *salt); --#if !defined(PERL5) && !defined(NeXT) --char *_ossl_old_crypt(const char *buf,const char *salt); --#endif --void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, -- int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); --void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, -- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); --DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, -- long length,int out_count,_ossl_old_des_cblock *seed); -+ long length, -+ _ossl_old_des_key_schedule ks1, -+ _ossl_old_des_key_schedule ks2, -+ _ossl_old_des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int *num); -+# if 0 -+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), -+ _ossl_old_des_cblock (*in_white), -+ _ossl_old_des_cblock (*out_white)); -+# endif -+ -+int _ossl_old_des_enc_read(int fd, char *buf, int len, -+ _ossl_old_des_key_schedule sched, -+ _ossl_old_des_cblock *iv); -+int _ossl_old_des_enc_write(int fd, char *buf, int len, -+ _ossl_old_des_key_schedule sched, -+ _ossl_old_des_cblock *iv); -+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret); -+char *_ossl_old_des_crypt(const char *buf, const char *salt); -+# if !defined(PERL5) && !defined(NeXT) -+char *_ossl_old_crypt(const char *buf, const char *salt); -+# endif -+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, -+ int numbits, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec); -+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc); -+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ int out_count, _ossl_old_des_cblock *seed); - void _ossl_old_des_random_seed(_ossl_old_des_cblock key); - void _ossl_old_des_random_key(_ossl_old_des_cblock ret); --int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify); --int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2, -- const char *prompt,int verify); -+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, -+ int verify); -+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, -+ _ossl_old_des_cblock *key2, -+ const char *prompt, int verify); - void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); - int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); --int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); --int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); --void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key); --void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2); --void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, -- _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc); --void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, -- _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num); -+int _ossl_old_des_set_key(_ossl_old_des_cblock *key, -+ _ossl_old_des_key_schedule schedule); -+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, -+ _ossl_old_des_key_schedule schedule); -+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key); -+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, -+ _ossl_old_des_cblock *key2); -+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int *num, -+ int enc); -+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, -+ _ossl_old_des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int *num); - - void _ossl_096_des_random_seed(des_cblock *key); - --/* The following definitions provide compatibility with the MIT Kerberos -- * library. The _ossl_old_des_key_schedule structure is not binary compatible. */ -+/* -+ * The following definitions provide compatibility with the MIT Kerberos -+ * library. The _ossl_old_des_key_schedule structure is not binary -+ * compatible. -+ */ - --#define _KERBEROS_DES_H -+# define _KERBEROS_DES_H - --#define KRBDES_ENCRYPT DES_ENCRYPT --#define KRBDES_DECRYPT DES_DECRYPT -+# define KRBDES_ENCRYPT DES_ENCRYPT -+# define KRBDES_DECRYPT DES_DECRYPT - --#ifdef KERBEROS -+# ifdef KERBEROS - # define ENCRYPT DES_ENCRYPT - # define DECRYPT DES_DECRYPT --#endif -+# endif - --#ifndef NCOMPAT -+# ifndef NCOMPAT - # define C_Block des_cblock - # define Key_schedule des_key_schedule - # define KEY_SZ DES_KEY_SZ -@@ -432,15 +483,15 @@ void _ossl_096_des_random_seed(des_cblock *key); - # define cbc_cksum des_cbc_cksum - # define quad_cksum des_quad_cksum - # define check_parity des_check_key_parity --#endif -+# endif - --#define des_fixup_key_parity DES_fixup_key_parity -+# define des_fixup_key_parity DES_fixup_key_parity - - #ifdef __cplusplus - } - #endif - - /* for DES_read_pw_string et al */ --#include -+# include - - #endif -diff --git a/Cryptlib/Include/openssl/dh.h b/Cryptlib/Include/openssl/dh.h -index 10475ac..10d9f78 100644 ---- a/Cryptlib/Include/openssl/dh.h -+++ b/Cryptlib/Include/openssl/dh.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,36 +57,39 @@ - */ - - #ifndef HEADER_DH_H --#define HEADER_DH_H -+# define HEADER_DH_H - --#include -+# include - --#ifdef OPENSSL_NO_DH --#error DH is disabled. --#endif -+# ifdef OPENSSL_NO_DH -+# error DH is disabled. -+# endif - --#ifndef OPENSSL_NO_BIO --#include --#endif --#include --#ifndef OPENSSL_NO_DEPRECATED --#include --#endif -- --#ifndef OPENSSL_DH_MAX_MODULUS_BITS --# define OPENSSL_DH_MAX_MODULUS_BITS 10000 --#endif -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif -+ -+# ifndef OPENSSL_DH_MAX_MODULUS_BITS -+# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -+# endif - --#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 - --#define DH_FLAG_CACHE_MONT_P 0x01 --#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH -- * implementation now uses constant time -- * modular exponentiation for secret exponents -- * by default. This flag causes the -- * faster variable sliding window method to -- * be used for all exponents. -- */ -+# define DH_FLAG_CACHE_MONT_P 0x01 -+ -+/* -+ * new with 0.9.7h; the built-in DH -+ * implementation now uses constant time -+ * modular exponentiation for secret exponents -+ * by default. This flag causes the -+ * faster variable sliding window method to -+ * be used for all exponents. -+ */ -+# define DH_FLAG_NO_EXP_CONSTTIME 0x02 - - #ifdef __cplusplus - extern "C" { -@@ -96,124 +99,127 @@ extern "C" { - /* typedef struct dh_st DH; */ - /* typedef struct dh_method DH_METHOD; */ - --struct dh_method -- { -- const char *name; -- /* Methods here */ -- int (*generate_key)(DH *dh); -- int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); -- int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); /* Can be null */ -- -- int (*init)(DH *dh); -- int (*finish)(DH *dh); -- int flags; -- char *app_data; -- /* If this is non-NULL, it will be used to generate parameters */ -- int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); -- }; -- --struct dh_st -- { -- /* This first argument is used to pick up errors when -- * a DH is passed instead of a EVP_PKEY */ -- int pad; -- int version; -- BIGNUM *p; -- BIGNUM *g; -- long length; /* optional */ -- BIGNUM *pub_key; /* g^x */ -- BIGNUM *priv_key; /* x */ -- -- int flags; -- BN_MONT_CTX *method_mont_p; -- /* Place holders if we want to do X9.42 DH */ -- BIGNUM *q; -- BIGNUM *j; -- unsigned char *seed; -- int seedlen; -- BIGNUM *counter; -- -- int references; -- CRYPTO_EX_DATA ex_data; -- const DH_METHOD *meth; -- ENGINE *engine; -- }; -- --#define DH_GENERATOR_2 2 --/* #define DH_GENERATOR_3 3 */ --#define DH_GENERATOR_5 5 -+struct dh_method { -+ const char *name; -+ /* Methods here */ -+ int (*generate_key) (DH *dh); -+ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); -+ /* Can be null */ -+ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, -+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx); -+ int (*init) (DH *dh); -+ int (*finish) (DH *dh); -+ int flags; -+ char *app_data; -+ /* If this is non-NULL, it will be used to generate parameters */ -+ int (*generate_params) (DH *dh, int prime_len, int generator, -+ BN_GENCB *cb); -+}; -+ -+struct dh_st { -+ /* -+ * This first argument is used to pick up errors when a DH is passed -+ * instead of a EVP_PKEY -+ */ -+ int pad; -+ int version; -+ BIGNUM *p; -+ BIGNUM *g; -+ long length; /* optional */ -+ BIGNUM *pub_key; /* g^x */ -+ BIGNUM *priv_key; /* x */ -+ int flags; -+ BN_MONT_CTX *method_mont_p; -+ /* Place holders if we want to do X9.42 DH */ -+ BIGNUM *q; -+ BIGNUM *j; -+ unsigned char *seed; -+ int seedlen; -+ BIGNUM *counter; -+ int references; -+ CRYPTO_EX_DATA ex_data; -+ const DH_METHOD *meth; -+ ENGINE *engine; -+}; -+ -+# define DH_GENERATOR_2 2 -+/* #define DH_GENERATOR_3 3 */ -+# define DH_GENERATOR_5 5 - - /* DH_check error codes */ --#define DH_CHECK_P_NOT_PRIME 0x01 --#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 --#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 --#define DH_NOT_SUITABLE_GENERATOR 0x08 -+# define DH_CHECK_P_NOT_PRIME 0x01 -+# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 -+# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 -+# define DH_NOT_SUITABLE_GENERATOR 0x08 - - /* DH_check_pub_key error codes */ --#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 --#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 -+# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 -+# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 - --/* primes p where (p-1)/2 is prime too are called "safe"; we define -- this for backward compatibility: */ --#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -+/* -+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for -+ * backward compatibility: -+ */ -+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME - --#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) --#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ -- (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) --#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ -- (unsigned char *)(x)) --#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) --#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) -+# define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) -+# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ -+ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -+# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ -+ (unsigned char *)(x)) -+# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) -+# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) - - const DH_METHOD *DH_OpenSSL(void); - --#ifdef OPENSSL_FIPS --DH * FIPS_dh_new(void); --void FIPS_dh_free(DH *dh); --#endif -+# ifdef OPENSSL_FIPS -+DH *FIPS_dh_new(void); -+void FIPS_dh_free(DH *dh); -+# endif - - void DH_set_default_method(const DH_METHOD *meth); - const DH_METHOD *DH_get_default_method(void); - int DH_set_method(DH *dh, const DH_METHOD *meth); - DH *DH_new_method(ENGINE *engine); - --DH * DH_new(void); --void DH_free(DH *dh); --int DH_up_ref(DH *dh); --int DH_size(const DH *dh); -+DH *DH_new(void); -+void DH_free(DH *dh); -+int DH_up_ref(DH *dh); -+int DH_size(const DH *dh); - int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - int DH_set_ex_data(DH *d, int idx, void *arg); - void *DH_get_ex_data(DH *d, int idx); - - /* Deprecated version */ --#ifndef OPENSSL_NO_DEPRECATED --DH * DH_generate_parameters(int prime_len,int generator, -- void (*callback)(int,int,void *),void *cb_arg); --#endif /* !defined(OPENSSL_NO_DEPRECATED) */ -+# ifndef OPENSSL_NO_DEPRECATED -+DH *DH_generate_parameters(int prime_len, int generator, -+ void (*callback) (int, int, void *), void *cb_arg); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - - /* New version */ --int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); -- --int DH_check(const DH *dh,int *codes); --int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); --int DH_generate_key(DH *dh); --int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); --DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); --int i2d_DHparams(const DH *a,unsigned char **pp); --#ifndef OPENSSL_NO_FP_API --int DHparams_print_fp(FILE *fp, const DH *x); --#endif --#ifndef OPENSSL_NO_BIO --int DHparams_print(BIO *bp, const DH *x); --#else --int DHparams_print(char *bp, const DH *x); --#endif -+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, -+ BN_GENCB *cb); -+ -+int DH_check(const DH *dh, int *codes); -+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); -+int DH_generate_key(DH *dh); -+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); -+int i2d_DHparams(const DH *a, unsigned char **pp); -+# ifndef OPENSSL_NO_FP_API -+int DHparams_print_fp(FILE *fp, const DH *x); -+# endif -+# ifndef OPENSSL_NO_BIO -+int DHparams_print(BIO *bp, const DH *x); -+# else -+int DHparams_print(char *bp, const DH *x); -+# endif - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_DH_strings(void); -@@ -221,23 +227,23 @@ void ERR_load_DH_strings(void); - /* Error codes for the DH functions. */ - - /* Function codes. */ --#define DH_F_COMPUTE_KEY 102 --#define DH_F_DHPARAMS_PRINT 100 --#define DH_F_DHPARAMS_PRINT_FP 101 --#define DH_F_DH_BUILTIN_GENPARAMS 106 --#define DH_F_DH_COMPUTE_KEY 107 --#define DH_F_DH_GENERATE_KEY 108 --#define DH_F_DH_GENERATE_PARAMETERS 109 --#define DH_F_DH_NEW_METHOD 105 --#define DH_F_GENERATE_KEY 103 --#define DH_F_GENERATE_PARAMETERS 104 -+# define DH_F_COMPUTE_KEY 102 -+# define DH_F_DHPARAMS_PRINT 100 -+# define DH_F_DHPARAMS_PRINT_FP 101 -+# define DH_F_DH_BUILTIN_GENPARAMS 106 -+# define DH_F_DH_COMPUTE_KEY 107 -+# define DH_F_DH_GENERATE_KEY 108 -+# define DH_F_DH_GENERATE_PARAMETERS 109 -+# define DH_F_DH_NEW_METHOD 105 -+# define DH_F_GENERATE_KEY 103 -+# define DH_F_GENERATE_PARAMETERS 104 - - /* Reason codes. */ --#define DH_R_BAD_GENERATOR 101 --#define DH_R_INVALID_PUBKEY 102 --#define DH_R_KEY_SIZE_TOO_SMALL 104 --#define DH_R_MODULUS_TOO_LARGE 103 --#define DH_R_NO_PRIVATE_VALUE 100 -+# define DH_R_BAD_GENERATOR 101 -+# define DH_R_INVALID_PUBKEY 102 -+# define DH_R_KEY_SIZE_TOO_SMALL 104 -+# define DH_R_MODULUS_TOO_LARGE 103 -+# define DH_R_NO_PRIVATE_VALUE 100 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/dsa.h b/Cryptlib/Include/openssl/dsa.h -index 702c50d..8f7b5de 100644 ---- a/Cryptlib/Include/openssl/dsa.h -+++ b/Cryptlib/Include/openssl/dsa.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,60 +63,61 @@ - * stylistic vision for SSLeay :-) */ - - #ifndef HEADER_DSA_H --#define HEADER_DSA_H -+# define HEADER_DSA_H - --#include -+# include - --#ifdef OPENSSL_NO_DSA --#error DSA is disabled. --#endif -+# ifdef OPENSSL_NO_DSA -+# error DSA is disabled. -+# endif - --#ifndef OPENSSL_NO_BIO --#include --#endif --#include --#include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# include -+# include - --#ifndef OPENSSL_NO_DEPRECATED --#include --#ifndef OPENSSL_NO_DH --# include --#endif --#endif -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# ifndef OPENSSL_NO_DH -+# include -+# endif -+# endif - --#ifndef OPENSSL_DSA_MAX_MODULUS_BITS --# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 --#endif -+# ifndef OPENSSL_DSA_MAX_MODULUS_BITS -+# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 -+# endif -+ -+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 -+ -+# define DSA_FLAG_CACHE_MONT_P 0x01 -+/* -+ * new with 0.9.7h; the built-in DSA implementation now uses constant time -+ * modular exponentiation for secret exponents by default. This flag causes -+ * the faster variable sliding window method to be used for all exponents. -+ */ -+# define DSA_FLAG_NO_EXP_CONSTTIME 0x02 - --#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 -- --#define DSA_FLAG_CACHE_MONT_P 0x01 --#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA -- * implementation now uses constant time -- * modular exponentiation for secret exponents -- * by default. This flag causes the -- * faster variable sliding window method to -- * be used for all exponents. -- */ -- --/* If this flag is set the DSA method is FIPS compliant and can be used -- * in FIPS mode. This is set in the validated module method. If an -- * application sets this flag in its own methods it is its reposibility -- * to ensure the result is compliant. -+/* -+ * If this flag is set the DSA method is FIPS compliant and can be used in -+ * FIPS mode. This is set in the validated module method. If an application -+ * sets this flag in its own methods it is its reposibility to ensure the -+ * result is compliant. - */ - --#define DSA_FLAG_FIPS_METHOD 0x0400 -+# define DSA_FLAG_FIPS_METHOD 0x0400 - --/* If this flag is set the operations normally disabled in FIPS mode are -+/* -+ * If this flag is set the operations normally disabled in FIPS mode are - * permitted it is then the applications responsibility to ensure that the - * usage is compliant. - */ - --#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 -+# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 - --#ifdef OPENSSL_FIPS --#define FIPS_DSA_SIZE_T int --#endif -+# ifdef OPENSSL_FIPS -+# define FIPS_DSA_SIZE_T int -+# endif - - #ifdef __cplusplus - extern "C" { -@@ -126,162 +127,163 @@ extern "C" { - /* typedef struct dsa_st DSA; */ - /* typedef struct dsa_method DSA_METHOD; */ - --typedef struct DSA_SIG_st -- { -- BIGNUM *r; -- BIGNUM *s; -- } DSA_SIG; -- --struct dsa_method -- { -- const char *name; -- DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); -- int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -- BIGNUM **rp); -- int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, -- DSA_SIG *sig, DSA *dsa); -- int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, -- BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *in_mont); -- int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); /* Can be null */ -- int (*init)(DSA *dsa); -- int (*finish)(DSA *dsa); -- int flags; -- char *app_data; -- /* If this is non-NULL, it is used to generate DSA parameters */ -- int (*dsa_paramgen)(DSA *dsa, int bits, -- unsigned char *seed, int seed_len, -- int *counter_ret, unsigned long *h_ret, -- BN_GENCB *cb); -- /* If this is non-NULL, it is used to generate DSA keys */ -- int (*dsa_keygen)(DSA *dsa); -- }; -- --struct dsa_st -- { -- /* This first variable is used to pick up errors where -- * a DSA is passed instead of of a EVP_PKEY */ -- int pad; -- long version; -- int write_params; -- BIGNUM *p; -- BIGNUM *q; /* == 20 */ -- BIGNUM *g; -- -- BIGNUM *pub_key; /* y public key */ -- BIGNUM *priv_key; /* x private key */ -- -- BIGNUM *kinv; /* Signing pre-calc */ -- BIGNUM *r; /* Signing pre-calc */ -- -- int flags; -- /* Normally used to cache montgomery values */ -- BN_MONT_CTX *method_mont_p; -- int references; -- CRYPTO_EX_DATA ex_data; -- const DSA_METHOD *meth; -- /* functional reference if 'meth' is ENGINE-provided */ -- ENGINE *engine; -- }; -- --#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) --#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ -- (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) --#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ -- (unsigned char *)(x)) --#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) --#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) -- -- --DSA_SIG * DSA_SIG_new(void); --void DSA_SIG_free(DSA_SIG *a); --int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); --DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); -- --DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); --int DSA_do_verify(const unsigned char *dgst,int dgst_len, -- DSA_SIG *sig,DSA *dsa); -+typedef struct DSA_SIG_st { -+ BIGNUM *r; -+ BIGNUM *s; -+} DSA_SIG; -+ -+struct dsa_method { -+ const char *name; -+ DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); -+ int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp); -+ int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, -+ DSA_SIG *sig, DSA *dsa); -+ int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, -+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *in_mont); -+ /* Can be null */ -+ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ int (*init) (DSA *dsa); -+ int (*finish) (DSA *dsa); -+ int flags; -+ char *app_data; -+ /* If this is non-NULL, it is used to generate DSA parameters */ -+ int (*dsa_paramgen) (DSA *dsa, int bits, -+ unsigned char *seed, int seed_len, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb); -+ /* If this is non-NULL, it is used to generate DSA keys */ -+ int (*dsa_keygen) (DSA *dsa); -+}; -+ -+struct dsa_st { -+ /* -+ * This first variable is used to pick up errors where a DSA is passed -+ * instead of of a EVP_PKEY -+ */ -+ int pad; -+ long version; -+ int write_params; -+ BIGNUM *p; -+ BIGNUM *q; /* == 20 */ -+ BIGNUM *g; -+ BIGNUM *pub_key; /* y public key */ -+ BIGNUM *priv_key; /* x private key */ -+ BIGNUM *kinv; /* Signing pre-calc */ -+ BIGNUM *r; /* Signing pre-calc */ -+ int flags; -+ /* Normally used to cache montgomery values */ -+ BN_MONT_CTX *method_mont_p; -+ int references; -+ CRYPTO_EX_DATA ex_data; -+ const DSA_METHOD *meth; -+ /* functional reference if 'meth' is ENGINE-provided */ -+ ENGINE *engine; -+}; -+ -+# define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) -+# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ -+ (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) -+# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ -+ (unsigned char *)(x)) -+# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) -+# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) -+ -+DSA_SIG *DSA_SIG_new(void); -+void DSA_SIG_free(DSA_SIG *a); -+int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); -+DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); -+ -+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -+int DSA_do_verify(const unsigned char *dgst, int dgst_len, -+ DSA_SIG *sig, DSA *dsa); - - const DSA_METHOD *DSA_OpenSSL(void); - --void DSA_set_default_method(const DSA_METHOD *); -+void DSA_set_default_method(const DSA_METHOD *); - const DSA_METHOD *DSA_get_default_method(void); --int DSA_set_method(DSA *dsa, const DSA_METHOD *); -+int DSA_set_method(DSA *dsa, const DSA_METHOD *); - --#ifdef OPENSSL_FIPS --DSA * FIPS_dsa_new(void); --void FIPS_dsa_free (DSA *r); --#endif -+# ifdef OPENSSL_FIPS -+DSA *FIPS_dsa_new(void); -+void FIPS_dsa_free(DSA *r); -+# endif - --DSA * DSA_new(void); --DSA * DSA_new_method(ENGINE *engine); --void DSA_free (DSA *r); -+DSA *DSA_new(void); -+DSA *DSA_new_method(ENGINE *engine); -+void DSA_free(DSA *r); - /* "up" the DSA object's reference count */ --int DSA_up_ref(DSA *r); --int DSA_size(const DSA *); -- /* next 4 return -1 on error */ --int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); --int DSA_sign(int type,const unsigned char *dgst,int dlen, -- unsigned char *sig, unsigned int *siglen, DSA *dsa); --int DSA_verify(int type,const unsigned char *dgst,int dgst_len, -- const unsigned char *sigbuf, int siglen, DSA *dsa); -+int DSA_up_ref(DSA *r); -+int DSA_size(const DSA *); -+ /* next 4 return -1 on error */ -+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); -+int DSA_sign(int type, const unsigned char *dgst, int dlen, -+ unsigned char *sig, unsigned int *siglen, DSA *dsa); -+int DSA_verify(int type, const unsigned char *dgst, int dgst_len, -+ const unsigned char *sigbuf, int siglen, DSA *dsa); - int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - int DSA_set_ex_data(DSA *d, int idx, void *arg); - void *DSA_get_ex_data(DSA *d, int idx); - --DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); --DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); --DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); -+DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); -+DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); -+DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); - - /* Deprecated version */ --#ifndef OPENSSL_NO_DEPRECATED --DSA * DSA_generate_parameters(int bits, -- unsigned char *seed,int seed_len, -- int *counter_ret, unsigned long *h_ret,void -- (*callback)(int, int, void *),void *cb_arg); --#endif /* !defined(OPENSSL_NO_DEPRECATED) */ -+# ifndef OPENSSL_NO_DEPRECATED -+DSA *DSA_generate_parameters(int bits, -+ unsigned char *seed, int seed_len, -+ int *counter_ret, unsigned long *h_ret, void -+ (*callback) (int, int, void *), void *cb_arg); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - - /* New version */ --int DSA_generate_parameters_ex(DSA *dsa, int bits, -- unsigned char *seed,int seed_len, -- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -- --int DSA_generate_key(DSA *a); --int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); --int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); --int i2d_DSAparams(const DSA *a,unsigned char **pp); -- --#ifndef OPENSSL_NO_BIO --int DSAparams_print(BIO *bp, const DSA *x); --int DSA_print(BIO *bp, const DSA *x, int off); --#endif --#ifndef OPENSSL_NO_FP_API --int DSAparams_print_fp(FILE *fp, const DSA *x); --int DSA_print_fp(FILE *bp, const DSA *x, int off); --#endif -- --#define DSS_prime_checks 50 --/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: -- * 50 rounds of Rabin-Miller */ --#define DSA_is_prime(n, callback, cb_arg) \ -- BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) -+int DSA_generate_parameters_ex(DSA *dsa, int bits, -+ unsigned char *seed, int seed_len, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb); -+ -+int DSA_generate_key(DSA *a); -+int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); -+int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); -+int i2d_DSAparams(const DSA *a, unsigned char **pp); -+ -+# ifndef OPENSSL_NO_BIO -+int DSAparams_print(BIO *bp, const DSA *x); -+int DSA_print(BIO *bp, const DSA *x, int off); -+# endif -+# ifndef OPENSSL_NO_FP_API -+int DSAparams_print_fp(FILE *fp, const DSA *x); -+int DSA_print_fp(FILE *bp, const DSA *x, int off); -+# endif -+ -+# define DSS_prime_checks 50 -+/* -+ * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of -+ * Rabin-Miller -+ */ -+# define DSA_is_prime(n, callback, cb_arg) \ -+ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) - --#ifndef OPENSSL_NO_DH --/* Convert DSA structure (key or just parameters) into DH structure -- * (be careful to avoid small subgroup attacks when using this!) */ -+# ifndef OPENSSL_NO_DH -+/* -+ * Convert DSA structure (key or just parameters) into DH structure (be -+ * careful to avoid small subgroup attacks when using this!) -+ */ - DH *DSA_dup_DH(const DSA *r); --#endif -+# endif - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); - int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); --#endif -+# endif - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_DSA_strings(void); -@@ -289,34 +291,34 @@ void ERR_load_DSA_strings(void); - /* Error codes for the DSA functions. */ - - /* Function codes. */ --#define DSA_F_D2I_DSA_SIG 110 --#define DSA_F_DSAPARAMS_PRINT 100 --#define DSA_F_DSAPARAMS_PRINT_FP 101 --#define DSA_F_DSA_BUILTIN_KEYGEN 119 --#define DSA_F_DSA_BUILTIN_PARAMGEN 118 --#define DSA_F_DSA_DO_SIGN 112 --#define DSA_F_DSA_DO_VERIFY 113 --#define DSA_F_DSA_GENERATE_PARAMETERS 117 --#define DSA_F_DSA_NEW_METHOD 103 --#define DSA_F_DSA_PRINT 104 --#define DSA_F_DSA_PRINT_FP 105 --#define DSA_F_DSA_SET_DEFAULT_METHOD 115 --#define DSA_F_DSA_SET_METHOD 116 --#define DSA_F_DSA_SIGN 106 --#define DSA_F_DSA_SIGN_SETUP 107 --#define DSA_F_DSA_SIG_NEW 109 --#define DSA_F_DSA_VERIFY 108 --#define DSA_F_I2D_DSA_SIG 111 --#define DSA_F_SIG_CB 114 -+# define DSA_F_D2I_DSA_SIG 110 -+# define DSA_F_DSAPARAMS_PRINT 100 -+# define DSA_F_DSAPARAMS_PRINT_FP 101 -+# define DSA_F_DSA_BUILTIN_KEYGEN 119 -+# define DSA_F_DSA_BUILTIN_PARAMGEN 118 -+# define DSA_F_DSA_DO_SIGN 112 -+# define DSA_F_DSA_DO_VERIFY 113 -+# define DSA_F_DSA_GENERATE_PARAMETERS 117 -+# define DSA_F_DSA_NEW_METHOD 103 -+# define DSA_F_DSA_PRINT 104 -+# define DSA_F_DSA_PRINT_FP 105 -+# define DSA_F_DSA_SET_DEFAULT_METHOD 115 -+# define DSA_F_DSA_SET_METHOD 116 -+# define DSA_F_DSA_SIGN 106 -+# define DSA_F_DSA_SIGN_SETUP 107 -+# define DSA_F_DSA_SIG_NEW 109 -+# define DSA_F_DSA_VERIFY 108 -+# define DSA_F_I2D_DSA_SIG 111 -+# define DSA_F_SIG_CB 114 - - /* Reason codes. */ --#define DSA_R_BAD_Q_VALUE 102 --#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 --#define DSA_R_KEY_SIZE_TOO_SMALL 106 --#define DSA_R_MISSING_PARAMETERS 101 --#define DSA_R_MODULUS_TOO_LARGE 103 --#define DSA_R_NON_FIPS_METHOD 104 --#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 -+# define DSA_R_BAD_Q_VALUE 102 -+# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 -+# define DSA_R_KEY_SIZE_TOO_SMALL 106 -+# define DSA_R_MISSING_PARAMETERS 101 -+# define DSA_R_MODULUS_TOO_LARGE 103 -+# define DSA_R_NON_FIPS_METHOD 104 -+# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/dso.h b/Cryptlib/Include/openssl/dso.h -index 3e51913..277427d 100644 ---- a/Cryptlib/Include/openssl/dso.h -+++ b/Cryptlib/Include/openssl/dso.h -@@ -1,6 +1,7 @@ - /* dso.h -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,212 +58,244 @@ - */ - - #ifndef HEADER_DSO_H --#define HEADER_DSO_H -+# define HEADER_DSO_H - --#include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - - /* These values are used as commands to DSO_ctrl() */ --#define DSO_CTRL_GET_FLAGS 1 --#define DSO_CTRL_SET_FLAGS 2 --#define DSO_CTRL_OR_FLAGS 3 -+# define DSO_CTRL_GET_FLAGS 1 -+# define DSO_CTRL_SET_FLAGS 2 -+# define DSO_CTRL_OR_FLAGS 3 - --/* By default, DSO_load() will translate the provided filename into a form -+/* -+ * By default, DSO_load() will translate the provided filename into a form - * typical for the platform (more specifically the DSO_METHOD) using the - * dso_name_converter function of the method. Eg. win32 will transform "blah" - * into "blah.dll", and dlfcn will transform it into "libblah.so". The -- * behaviour can be overriden by setting the name_converter callback in the DSO -- * object (using DSO_set_name_converter()). This callback could even utilise -- * the DSO_METHOD's converter too if it only wants to override behaviour for -- * one or two possible DSO methods. However, the following flag can be set in a -- * DSO to prevent *any* native name-translation at all - eg. if the caller has -- * prompted the user for a path to a driver library so the filename should be -- * interpreted as-is. */ --#define DSO_FLAG_NO_NAME_TRANSLATION 0x01 --/* An extra flag to give if only the extension should be added as -- * translation. This is obviously only of importance on Unix and -- * other operating systems where the translation also may prefix -- * the name with something, like 'lib', and ignored everywhere else. -- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used -- * at the same time. */ --#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 -- --/* The following flag controls the translation of symbol names to upper -- * case. This is currently only being implemented for OpenVMS. -+ * behaviour can be overriden by setting the name_converter callback in the -+ * DSO object (using DSO_set_name_converter()). This callback could even -+ * utilise the DSO_METHOD's converter too if it only wants to override -+ * behaviour for one or two possible DSO methods. However, the following flag -+ * can be set in a DSO to prevent *any* native name-translation at all - eg. -+ * if the caller has prompted the user for a path to a driver library so the -+ * filename should be interpreted as-is. -+ */ -+# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 -+/* -+ * An extra flag to give if only the extension should be added as -+ * translation. This is obviously only of importance on Unix and other -+ * operating systems where the translation also may prefix the name with -+ * something, like 'lib', and ignored everywhere else. This flag is also -+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. - */ --#define DSO_FLAG_UPCASE_SYMBOL 0x10 -+# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 - --/* This flag loads the library with public symbols. -- * Meaning: The exported symbols of this library are public -- * to all libraries loaded after this library. -- * At the moment only implemented in unix. -+/* -+ * The following flag controls the translation of symbol names to upper case. -+ * This is currently only being implemented for OpenVMS. - */ --#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 -+# define DSO_FLAG_UPCASE_SYMBOL 0x10 - -+/* -+ * This flag loads the library with public symbols. Meaning: The exported -+ * symbols of this library are public to all libraries loaded after this -+ * library. At the moment only implemented in unix. -+ */ -+# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 - --typedef void (*DSO_FUNC_TYPE)(void); -+typedef void (*DSO_FUNC_TYPE) (void); - - typedef struct dso_st DSO; - --/* The function prototype used for method functions (or caller-provided -- * callbacks) that transform filenames. They are passed a DSO structure pointer -- * (or NULL if they are to be used independantly of a DSO object) and a -- * filename to transform. They should either return NULL (if there is an error -- * condition) or a newly allocated string containing the transformed form that -- * the caller will need to free with OPENSSL_free() when done. */ --typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); --/* The function prototype used for method functions (or caller-provided -- * callbacks) that merge two file specifications. They are passed a -- * DSO structure pointer (or NULL if they are to be used independantly of -- * a DSO object) and two file specifications to merge. They should -- * either return NULL (if there is an error condition) or a newly allocated -- * string containing the result of merging that the caller will need -- * to free with OPENSSL_free() when done. -- * Here, merging means that bits and pieces are taken from each of the -- * file specifications and added together in whatever fashion that is -- * sensible for the DSO method in question. The only rule that really -- * applies is that if the two specification contain pieces of the same -- * type, the copy from the first string takes priority. One could see -- * it as the first specification is the one given by the user and the -- * second being a bunch of defaults to add on if they're missing in the -- * first. */ --typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *); -- --typedef struct dso_meth_st -- { -- const char *name; -- /* Loads a shared library, NB: new DSO_METHODs must ensure that a -- * successful load populates the loaded_filename field, and likewise a -- * successful unload OPENSSL_frees and NULLs it out. */ -- int (*dso_load)(DSO *dso); -- /* Unloads a shared library */ -- int (*dso_unload)(DSO *dso); -- /* Binds a variable */ -- void *(*dso_bind_var)(DSO *dso, const char *symname); -- /* Binds a function - assumes a return type of DSO_FUNC_TYPE. -- * This should be cast to the real function prototype by the -- * caller. Platforms that don't have compatible representations -- * for different prototypes (this is possible within ANSI C) -- * are highly unlikely to have shared libraries at all, let -- * alone a DSO_METHOD implemented for them. */ -- DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname); -- -+/* -+ * The function prototype used for method functions (or caller-provided -+ * callbacks) that transform filenames. They are passed a DSO structure -+ * pointer (or NULL if they are to be used independantly of a DSO object) and -+ * a filename to transform. They should either return NULL (if there is an -+ * error condition) or a newly allocated string containing the transformed -+ * form that the caller will need to free with OPENSSL_free() when done. -+ */ -+typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); -+/* -+ * The function prototype used for method functions (or caller-provided -+ * callbacks) that merge two file specifications. They are passed a DSO -+ * structure pointer (or NULL if they are to be used independantly of a DSO -+ * object) and two file specifications to merge. They should either return -+ * NULL (if there is an error condition) or a newly allocated string -+ * containing the result of merging that the caller will need to free with -+ * OPENSSL_free() when done. Here, merging means that bits and pieces are -+ * taken from each of the file specifications and added together in whatever -+ * fashion that is sensible for the DSO method in question. The only rule -+ * that really applies is that if the two specification contain pieces of the -+ * same type, the copy from the first string takes priority. One could see -+ * it as the first specification is the one given by the user and the second -+ * being a bunch of defaults to add on if they're missing in the first. -+ */ -+typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); -+ -+typedef struct dso_meth_st { -+ const char *name; -+ /* -+ * Loads a shared library, NB: new DSO_METHODs must ensure that a -+ * successful load populates the loaded_filename field, and likewise a -+ * successful unload OPENSSL_frees and NULLs it out. -+ */ -+ int (*dso_load) (DSO *dso); -+ /* Unloads a shared library */ -+ int (*dso_unload) (DSO *dso); -+ /* Binds a variable */ -+ void *(*dso_bind_var) (DSO *dso, const char *symname); -+ /* -+ * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should -+ * be cast to the real function prototype by the caller. Platforms that -+ * don't have compatible representations for different prototypes (this -+ * is possible within ANSI C) are highly unlikely to have shared -+ * libraries at all, let alone a DSO_METHOD implemented for them. -+ */ -+ DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); - /* I don't think this would actually be used in any circumstances. */ --#if 0 -- /* Unbinds a variable */ -- int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr); -- /* Unbinds a function */ -- int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); --#endif -- /* The generic (yuck) "ctrl()" function. NB: Negative return -- * values (rather than zero) indicate errors. */ -- long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg); -- /* The default DSO_METHOD-specific function for converting filenames to -- * a canonical native form. */ -- DSO_NAME_CONVERTER_FUNC dso_name_converter; -- /* The default DSO_METHOD-specific function for converting filenames to -- * a canonical native form. */ -- DSO_MERGER_FUNC dso_merger; -- -- /* [De]Initialisation handlers. */ -- int (*init)(DSO *dso); -- int (*finish)(DSO *dso); -- } DSO_METHOD; -+# if 0 -+ /* Unbinds a variable */ -+ int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr); -+ /* Unbinds a function */ -+ int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -+# endif -+ /* -+ * The generic (yuck) "ctrl()" function. NB: Negative return values -+ * (rather than zero) indicate errors. -+ */ -+ long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); -+ /* -+ * The default DSO_METHOD-specific function for converting filenames to a -+ * canonical native form. -+ */ -+ DSO_NAME_CONVERTER_FUNC dso_name_converter; -+ /* -+ * The default DSO_METHOD-specific function for converting filenames to a -+ * canonical native form. -+ */ -+ DSO_MERGER_FUNC dso_merger; -+ /* [De]Initialisation handlers. */ -+ int (*init) (DSO *dso); -+ int (*finish) (DSO *dso); -+} DSO_METHOD; - - /**********************************************************************/ - /* The low-level handle type used to refer to a loaded shared library */ - --struct dso_st -- { -- DSO_METHOD *meth; -- /* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS -- * doesn't use anything but will need to cache the filename -- * for use in the dso_bind handler. All in all, let each -- * method control its own destiny. "Handles" and such go in -- * a STACK. */ -- STACK *meth_data; -- int references; -- int flags; -- /* For use by applications etc ... use this for your bits'n'pieces, -- * don't touch meth_data! */ -- CRYPTO_EX_DATA ex_data; -- /* If this callback function pointer is set to non-NULL, then it will -- * be used in DSO_load() in place of meth->dso_name_converter. NB: This -- * should normally set using DSO_set_name_converter(). */ -- DSO_NAME_CONVERTER_FUNC name_converter; -- /* If this callback function pointer is set to non-NULL, then it will -- * be used in DSO_load() in place of meth->dso_merger. NB: This -- * should normally set using DSO_set_merger(). */ -- DSO_MERGER_FUNC merger; -- /* This is populated with (a copy of) the platform-independant -- * filename used for this DSO. */ -- char *filename; -- /* This is populated with (a copy of) the translated filename by which -- * the DSO was actually loaded. It is NULL iff the DSO is not currently -- * loaded. NB: This is here because the filename translation process -- * may involve a callback being invoked more than once not only to -- * convert to a platform-specific form, but also to try different -- * filenames in the process of trying to perform a load. As such, this -- * variable can be used to indicate (a) whether this DSO structure -- * corresponds to a loaded library or not, and (b) the filename with -- * which it was actually loaded. */ -- char *loaded_filename; -- }; -- -- --DSO * DSO_new(void); --DSO * DSO_new_method(DSO_METHOD *method); --int DSO_free(DSO *dso); --int DSO_flags(DSO *dso); --int DSO_up_ref(DSO *dso); --long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); -- --/* This function sets the DSO's name_converter callback. If it is non-NULL, -+struct dso_st { -+ DSO_METHOD *meth; -+ /* -+ * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use -+ * anything but will need to cache the filename for use in the dso_bind -+ * handler. All in all, let each method control its own destiny. -+ * "Handles" and such go in a STACK. -+ */ -+ STACK *meth_data; -+ int references; -+ int flags; -+ /* -+ * For use by applications etc ... use this for your bits'n'pieces, don't -+ * touch meth_data! -+ */ -+ CRYPTO_EX_DATA ex_data; -+ /* -+ * If this callback function pointer is set to non-NULL, then it will be -+ * used in DSO_load() in place of meth->dso_name_converter. NB: This -+ * should normally set using DSO_set_name_converter(). -+ */ -+ DSO_NAME_CONVERTER_FUNC name_converter; -+ /* -+ * If this callback function pointer is set to non-NULL, then it will be -+ * used in DSO_load() in place of meth->dso_merger. NB: This should -+ * normally set using DSO_set_merger(). -+ */ -+ DSO_MERGER_FUNC merger; -+ /* -+ * This is populated with (a copy of) the platform-independant filename -+ * used for this DSO. -+ */ -+ char *filename; -+ /* -+ * This is populated with (a copy of) the translated filename by which -+ * the DSO was actually loaded. It is NULL iff the DSO is not currently -+ * loaded. NB: This is here because the filename translation process may -+ * involve a callback being invoked more than once not only to convert to -+ * a platform-specific form, but also to try different filenames in the -+ * process of trying to perform a load. As such, this variable can be -+ * used to indicate (a) whether this DSO structure corresponds to a -+ * loaded library or not, and (b) the filename with which it was actually -+ * loaded. -+ */ -+ char *loaded_filename; -+}; -+ -+DSO *DSO_new(void); -+DSO *DSO_new_method(DSO_METHOD *method); -+int DSO_free(DSO *dso); -+int DSO_flags(DSO *dso); -+int DSO_up_ref(DSO *dso); -+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); -+ -+/* -+ * This function sets the DSO's name_converter callback. If it is non-NULL, - * then it will be used instead of the associated DSO_METHOD's function. If - * oldcb is non-NULL then it is set to the function pointer value being -- * replaced. Return value is non-zero for success. */ --int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, -- DSO_NAME_CONVERTER_FUNC *oldcb); --/* These functions can be used to get/set the platform-independant filename -- * used for a DSO. NB: set will fail if the DSO is already loaded. */ -+ * replaced. Return value is non-zero for success. -+ */ -+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, -+ DSO_NAME_CONVERTER_FUNC *oldcb); -+/* -+ * These functions can be used to get/set the platform-independant filename -+ * used for a DSO. NB: set will fail if the DSO is already loaded. -+ */ - const char *DSO_get_filename(DSO *dso); --int DSO_set_filename(DSO *dso, const char *filename); --/* This function will invoke the DSO's name_converter callback to translate a -+int DSO_set_filename(DSO *dso, const char *filename); -+/* -+ * This function will invoke the DSO's name_converter callback to translate a - * filename, or if the callback isn't set it will instead use the DSO_METHOD's - * converter. If "filename" is NULL, the "filename" in the DSO itself will be - * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is - * simply duplicated. NB: This function is usually called from within a -- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that -- * caller-created DSO_METHODs can do the same thing. A non-NULL return value -- * will need to be OPENSSL_free()'d. */ --char *DSO_convert_filename(DSO *dso, const char *filename); --/* This function will invoke the DSO's merger callback to merge two file -+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so -+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return -+ * value will need to be OPENSSL_free()'d. -+ */ -+char *DSO_convert_filename(DSO *dso, const char *filename); -+/* -+ * This function will invoke the DSO's merger callback to merge two file - * specifications, or if the callback isn't set it will instead use the - * DSO_METHOD's merger. A non-NULL return value will need to be -- * OPENSSL_free()'d. */ --char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); --/* If the DSO is currently loaded, this returns the filename that it was loaded -- * under, otherwise it returns NULL. So it is also useful as a test as to -- * whether the DSO is currently loaded. NB: This will not necessarily return -- * the same value as DSO_convert_filename(dso, dso->filename), because the -- * DSO_METHOD's load function may have tried a variety of filenames (with -+ * OPENSSL_free()'d. -+ */ -+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); -+/* -+ * If the DSO is currently loaded, this returns the filename that it was -+ * loaded under, otherwise it returns NULL. So it is also useful as a test as -+ * to whether the DSO is currently loaded. NB: This will not necessarily -+ * return the same value as DSO_convert_filename(dso, dso->filename), because -+ * the DSO_METHOD's load function may have tried a variety of filenames (with - * and/or without the aid of the converters) before settling on the one it -- * actually loaded. */ -+ * actually loaded. -+ */ - const char *DSO_get_loaded_filename(DSO *dso); - --void DSO_set_default_method(DSO_METHOD *meth); -+void DSO_set_default_method(DSO_METHOD *meth); - DSO_METHOD *DSO_get_default_method(void); - DSO_METHOD *DSO_get_method(DSO *dso); - DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); - --/* The all-singing all-dancing load function, you normally pass NULL -- * for the first and third parameters. Use DSO_up and DSO_free for -- * subsequent reference count handling. Any flags passed in will be set -- * in the constructed DSO after its init() function but before the -- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */ -+/* -+ * The all-singing all-dancing load function, you normally pass NULL for the -+ * first and third parameters. Use DSO_up and DSO_free for subsequent -+ * reference count handling. Any flags passed in will be set in the -+ * constructed DSO after its init() function but before the load operation. -+ * If 'dso' is non-NULL, 'flags' is ignored. -+ */ - DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); - - /* This function binds to a variable inside a shared library. */ -@@ -271,23 +304,31 @@ void *DSO_bind_var(DSO *dso, const char *symname); - /* This function binds to a function inside a shared library. */ - DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); - --/* This method is the default, but will beg, borrow, or steal whatever -- * method should be the default on any particular platform (including -- * DSO_METH_null() if necessary). */ -+/* -+ * This method is the default, but will beg, borrow, or steal whatever method -+ * should be the default on any particular platform (including -+ * DSO_METH_null() if necessary). -+ */ - DSO_METHOD *DSO_METHOD_openssl(void); - --/* This method is defined for all platforms - if a platform has no -- * DSO support then this will be the only method! */ -+/* -+ * This method is defined for all platforms - if a platform has no DSO -+ * support then this will be the only method! -+ */ - DSO_METHOD *DSO_METHOD_null(void); - --/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions -- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into -- * this method. If not, this method will return NULL. */ -+/* -+ * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen, -+ * dlclose, dlsym, etc) will be used and incorporated into this method. If -+ * not, this method will return NULL. -+ */ - DSO_METHOD *DSO_METHOD_dlfcn(void); - --/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, -- * shl_unload, shl_findsym, etc) will be used and incorporated into -- * this method. If not, this method will return NULL. */ -+/* -+ * If DSO_DL is defined, the standard dl.h-style functions (shl_load, -+ * shl_unload, shl_findsym, etc) will be used and incorporated into this -+ * method. If not, this method will return NULL. -+ */ - DSO_METHOD *DSO_METHOD_dl(void); - - /* If WIN32 is defined, use DLLs. If not, return NULL. */ -@@ -297,7 +338,8 @@ DSO_METHOD *DSO_METHOD_win32(void); - DSO_METHOD *DSO_METHOD_vms(void); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_DSO_strings(void); -@@ -305,62 +347,62 @@ void ERR_load_DSO_strings(void); - /* Error codes for the DSO functions. */ - - /* Function codes. */ --#define DSO_F_DLFCN_BIND_FUNC 100 --#define DSO_F_DLFCN_BIND_VAR 101 --#define DSO_F_DLFCN_LOAD 102 --#define DSO_F_DLFCN_MERGER 130 --#define DSO_F_DLFCN_NAME_CONVERTER 123 --#define DSO_F_DLFCN_UNLOAD 103 --#define DSO_F_DL_BIND_FUNC 104 --#define DSO_F_DL_BIND_VAR 105 --#define DSO_F_DL_LOAD 106 --#define DSO_F_DL_MERGER 131 --#define DSO_F_DL_NAME_CONVERTER 124 --#define DSO_F_DL_UNLOAD 107 --#define DSO_F_DSO_BIND_FUNC 108 --#define DSO_F_DSO_BIND_VAR 109 --#define DSO_F_DSO_CONVERT_FILENAME 126 --#define DSO_F_DSO_CTRL 110 --#define DSO_F_DSO_FREE 111 --#define DSO_F_DSO_GET_FILENAME 127 --#define DSO_F_DSO_GET_LOADED_FILENAME 128 --#define DSO_F_DSO_LOAD 112 --#define DSO_F_DSO_MERGE 132 --#define DSO_F_DSO_NEW_METHOD 113 --#define DSO_F_DSO_SET_FILENAME 129 --#define DSO_F_DSO_SET_NAME_CONVERTER 122 --#define DSO_F_DSO_UP_REF 114 --#define DSO_F_VMS_BIND_SYM 115 --#define DSO_F_VMS_LOAD 116 --#define DSO_F_VMS_MERGER 133 --#define DSO_F_VMS_UNLOAD 117 --#define DSO_F_WIN32_BIND_FUNC 118 --#define DSO_F_WIN32_BIND_VAR 119 --#define DSO_F_WIN32_JOINER 135 --#define DSO_F_WIN32_LOAD 120 --#define DSO_F_WIN32_MERGER 134 --#define DSO_F_WIN32_NAME_CONVERTER 125 --#define DSO_F_WIN32_SPLITTER 136 --#define DSO_F_WIN32_UNLOAD 121 -+# define DSO_F_DLFCN_BIND_FUNC 100 -+# define DSO_F_DLFCN_BIND_VAR 101 -+# define DSO_F_DLFCN_LOAD 102 -+# define DSO_F_DLFCN_MERGER 130 -+# define DSO_F_DLFCN_NAME_CONVERTER 123 -+# define DSO_F_DLFCN_UNLOAD 103 -+# define DSO_F_DL_BIND_FUNC 104 -+# define DSO_F_DL_BIND_VAR 105 -+# define DSO_F_DL_LOAD 106 -+# define DSO_F_DL_MERGER 131 -+# define DSO_F_DL_NAME_CONVERTER 124 -+# define DSO_F_DL_UNLOAD 107 -+# define DSO_F_DSO_BIND_FUNC 108 -+# define DSO_F_DSO_BIND_VAR 109 -+# define DSO_F_DSO_CONVERT_FILENAME 126 -+# define DSO_F_DSO_CTRL 110 -+# define DSO_F_DSO_FREE 111 -+# define DSO_F_DSO_GET_FILENAME 127 -+# define DSO_F_DSO_GET_LOADED_FILENAME 128 -+# define DSO_F_DSO_LOAD 112 -+# define DSO_F_DSO_MERGE 132 -+# define DSO_F_DSO_NEW_METHOD 113 -+# define DSO_F_DSO_SET_FILENAME 129 -+# define DSO_F_DSO_SET_NAME_CONVERTER 122 -+# define DSO_F_DSO_UP_REF 114 -+# define DSO_F_VMS_BIND_SYM 115 -+# define DSO_F_VMS_LOAD 116 -+# define DSO_F_VMS_MERGER 133 -+# define DSO_F_VMS_UNLOAD 117 -+# define DSO_F_WIN32_BIND_FUNC 118 -+# define DSO_F_WIN32_BIND_VAR 119 -+# define DSO_F_WIN32_JOINER 135 -+# define DSO_F_WIN32_LOAD 120 -+# define DSO_F_WIN32_MERGER 134 -+# define DSO_F_WIN32_NAME_CONVERTER 125 -+# define DSO_F_WIN32_SPLITTER 136 -+# define DSO_F_WIN32_UNLOAD 121 - - /* Reason codes. */ --#define DSO_R_CTRL_FAILED 100 --#define DSO_R_DSO_ALREADY_LOADED 110 --#define DSO_R_EMPTY_FILE_STRUCTURE 113 --#define DSO_R_FAILURE 114 --#define DSO_R_FILENAME_TOO_BIG 101 --#define DSO_R_FINISH_FAILED 102 --#define DSO_R_INCORRECT_FILE_SYNTAX 115 --#define DSO_R_LOAD_FAILED 103 --#define DSO_R_NAME_TRANSLATION_FAILED 109 --#define DSO_R_NO_FILENAME 111 --#define DSO_R_NO_FILE_SPECIFICATION 116 --#define DSO_R_NULL_HANDLE 104 --#define DSO_R_SET_FILENAME_FAILED 112 --#define DSO_R_STACK_ERROR 105 --#define DSO_R_SYM_FAILURE 106 --#define DSO_R_UNLOAD_FAILED 107 --#define DSO_R_UNSUPPORTED 108 -+# define DSO_R_CTRL_FAILED 100 -+# define DSO_R_DSO_ALREADY_LOADED 110 -+# define DSO_R_EMPTY_FILE_STRUCTURE 113 -+# define DSO_R_FAILURE 114 -+# define DSO_R_FILENAME_TOO_BIG 101 -+# define DSO_R_FINISH_FAILED 102 -+# define DSO_R_INCORRECT_FILE_SYNTAX 115 -+# define DSO_R_LOAD_FAILED 103 -+# define DSO_R_NAME_TRANSLATION_FAILED 109 -+# define DSO_R_NO_FILENAME 111 -+# define DSO_R_NO_FILE_SPECIFICATION 116 -+# define DSO_R_NULL_HANDLE 104 -+# define DSO_R_SET_FILENAME_FAILED 112 -+# define DSO_R_STACK_ERROR 105 -+# define DSO_R_SYM_FAILURE 106 -+# define DSO_R_UNLOAD_FAILED 107 -+# define DSO_R_UNSUPPORTED 108 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/dtls1.h b/Cryptlib/Include/openssl/dtls1.h -index 697ff6e..7d6e6db 100644 ---- a/Cryptlib/Include/openssl/dtls1.h -+++ b/Cryptlib/Include/openssl/dtls1.h -@@ -1,7 +1,7 @@ - /* ssl/dtls1.h */ --/* -+/* - * DTLS implementation written by Nagendra Modadugu -- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ - /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -@@ -11,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,209 +57,180 @@ - * - */ - --#ifndef HEADER_DTLS1_H --#define HEADER_DTLS1_H -+#ifndef HEADER_DTLS1_H -+# define HEADER_DTLS1_H - --#include --#include --#ifdef OPENSSL_SYS_VMS --#include --#include --#endif --#ifdef OPENSSL_SYS_WIN32 -+# include -+# include -+# ifdef OPENSSL_SYS_VMS -+# include -+# include -+# endif -+# ifdef OPENSSL_SYS_WIN32 - /* Needed for struct timeval */ --#include --#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) --#include --#else --#include --#endif -+# include -+# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) -+# include -+# else -+# include -+# endif - - #ifdef __cplusplus - extern "C" { - #endif - --#define DTLS1_VERSION 0xFEFF --#define DTLS1_BAD_VER 0x0100 -+# define DTLS1_VERSION 0xFEFF -+# define DTLS_MAX_VERSION DTLS1_VERSION -+ -+# define DTLS1_BAD_VER 0x0100 - --#if 0 -+# if 0 - /* this alert description is not specified anywhere... */ --#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 --#endif -+# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 -+# endif - - /* lengths of messages */ --#define DTLS1_COOKIE_LENGTH 256 -- --#define DTLS1_RT_HEADER_LENGTH 13 -- --#define DTLS1_HM_HEADER_LENGTH 12 -- --#define DTLS1_HM_BAD_FRAGMENT -2 --#define DTLS1_HM_FRAGMENT_RETRY -3 -- --#define DTLS1_CCS_HEADER_LENGTH 1 -- --#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE --#define DTLS1_AL_HEADER_LENGTH 7 --#else --#define DTLS1_AL_HEADER_LENGTH 2 --#endif -- -- --typedef struct dtls1_bitmap_st -- { -- PQ_64BIT map; -- unsigned long length; /* sizeof the bitmap in bits */ -- PQ_64BIT max_seq_num; /* max record number seen so far */ -- } DTLS1_BITMAP; -- --struct dtls1_retransmit_state -- { -- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ -- const EVP_MD *write_hash; /* used for mac generation */ --#ifndef OPENSSL_NO_COMP -- COMP_CTX *compress; /* compression */ --#else -- char *compress; --#endif -- SSL_SESSION *session; -- unsigned short epoch; -- }; -- --struct hm_header_st -- { -- unsigned char type; -- unsigned long msg_len; -- unsigned short seq; -- unsigned long frag_off; -- unsigned long frag_len; -- unsigned int is_ccs; -- struct dtls1_retransmit_state saved_retransmit_state; -- }; -- --struct ccs_header_st -- { -- unsigned char type; -- unsigned short seq; -- }; -- --struct dtls1_timeout_st -- { -- /* Number of read timeouts so far */ -- unsigned int read_timeouts; -- -- /* Number of write timeouts so far */ -- unsigned int write_timeouts; -- -- /* Number of alerts received so far */ -- unsigned int num_alerts; -- }; -- --typedef struct record_pqueue_st -- { -- unsigned short epoch; -- pqueue q; -- } record_pqueue; -- --typedef struct hm_fragment_st -- { -- struct hm_header_st msg_header; -- unsigned char *fragment; -- unsigned char *reassembly; -- } hm_fragment; -- --typedef struct dtls1_state_st -- { -- unsigned int send_cookie; -- unsigned char cookie[DTLS1_COOKIE_LENGTH]; -- unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; -- unsigned int cookie_len; -- -- /* -- * The current data and handshake epoch. This is initially -- * undefined, and starts at zero once the initial handshake is -- * completed -- */ -- unsigned short r_epoch; -- unsigned short w_epoch; -- -- /* records being received in the current epoch */ -- DTLS1_BITMAP bitmap; -- -- /* renegotiation starts a new set of sequence numbers */ -- DTLS1_BITMAP next_bitmap; -- -- /* handshake message numbers */ -- unsigned short handshake_write_seq; -- unsigned short next_handshake_write_seq; -- -- unsigned short handshake_read_seq; -- -- /* save last sequence number for retransmissions */ -- unsigned char last_write_sequence[8]; -- -- /* Received handshake records (processed and unprocessed) */ -- record_pqueue unprocessed_rcds; -- record_pqueue processed_rcds; -- -- /* Buffered handshake messages */ -- pqueue buffered_messages; -- -- /* Buffered (sent) handshake records */ -- pqueue sent_messages; -- -- /* Buffered application records. -- * Only for records between CCS and Finished -- * to prevent either protocol violation or -- * unnecessary message loss. -- */ -- record_pqueue buffered_app_data; -- -- /* Is set when listening for new connections with dtls1_listen() */ -- unsigned int listen; -- -- unsigned int mtu; /* max DTLS packet size */ -- -- struct hm_header_st w_msg_hdr; -- struct hm_header_st r_msg_hdr; -- -- struct dtls1_timeout_st timeout; -- -- /* Indicates when the last handshake msg sent will timeout */ -- struct timeval next_timeout; -- -- /* Timeout duration */ -- unsigned short timeout_duration; -- -- /* storage for Alert/Handshake protocol data received but not -- * yet processed by ssl3_read_bytes: */ -- unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; -- unsigned int alert_fragment_len; -- unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; -- unsigned int handshake_fragment_len; -- -- unsigned int retransmitting; -- unsigned int change_cipher_spec_ok; -- -- } DTLS1_STATE; -- --typedef struct dtls1_record_data_st -- { -- unsigned char *packet; -- unsigned int packet_length; -- SSL3_BUFFER rbuf; -- SSL3_RECORD rrec; -- } DTLS1_RECORD_DATA; -- -+# define DTLS1_COOKIE_LENGTH 256 -+ -+# define DTLS1_RT_HEADER_LENGTH 13 -+ -+# define DTLS1_HM_HEADER_LENGTH 12 -+ -+# define DTLS1_HM_BAD_FRAGMENT -2 -+# define DTLS1_HM_FRAGMENT_RETRY -3 -+ -+# define DTLS1_CCS_HEADER_LENGTH 1 -+ -+# ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -+# define DTLS1_AL_HEADER_LENGTH 7 -+# else -+# define DTLS1_AL_HEADER_LENGTH 2 -+# endif -+ -+typedef struct dtls1_bitmap_st { -+ PQ_64BIT map; -+ unsigned long length; /* sizeof the bitmap in bits */ -+ PQ_64BIT max_seq_num; /* max record number seen so far */ -+} DTLS1_BITMAP; -+ -+struct dtls1_retransmit_state { -+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ -+ const EVP_MD *write_hash; /* used for mac generation */ -+# ifndef OPENSSL_NO_COMP -+ COMP_CTX *compress; /* compression */ -+# else -+ char *compress; -+# endif -+ SSL_SESSION *session; -+ unsigned short epoch; -+}; -+ -+struct hm_header_st { -+ unsigned char type; -+ unsigned long msg_len; -+ unsigned short seq; -+ unsigned long frag_off; -+ unsigned long frag_len; -+ unsigned int is_ccs; -+ struct dtls1_retransmit_state saved_retransmit_state; -+}; -+ -+struct ccs_header_st { -+ unsigned char type; -+ unsigned short seq; -+}; -+ -+struct dtls1_timeout_st { -+ /* Number of read timeouts so far */ -+ unsigned int read_timeouts; -+ /* Number of write timeouts so far */ -+ unsigned int write_timeouts; -+ /* Number of alerts received so far */ -+ unsigned int num_alerts; -+}; -+ -+typedef struct record_pqueue_st { -+ unsigned short epoch; -+ pqueue q; -+} record_pqueue; -+ -+typedef struct hm_fragment_st { -+ struct hm_header_st msg_header; -+ unsigned char *fragment; -+ unsigned char *reassembly; -+} hm_fragment; -+ -+typedef struct dtls1_state_st { -+ unsigned int send_cookie; -+ unsigned char cookie[DTLS1_COOKIE_LENGTH]; -+ unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; -+ unsigned int cookie_len; -+ /* -+ * The current data and handshake epoch. This is initially -+ * undefined, and starts at zero once the initial handshake is -+ * completed -+ */ -+ unsigned short r_epoch; -+ unsigned short w_epoch; -+ /* records being received in the current epoch */ -+ DTLS1_BITMAP bitmap; -+ /* renegotiation starts a new set of sequence numbers */ -+ DTLS1_BITMAP next_bitmap; -+ /* handshake message numbers */ -+ unsigned short handshake_write_seq; -+ unsigned short next_handshake_write_seq; -+ unsigned short handshake_read_seq; -+ /* save last sequence number for retransmissions */ -+ unsigned char last_write_sequence[8]; -+ /* Received handshake records (processed and unprocessed) */ -+ record_pqueue unprocessed_rcds; -+ record_pqueue processed_rcds; -+ /* Buffered handshake messages */ -+ pqueue buffered_messages; -+ /* Buffered (sent) handshake records */ -+ pqueue sent_messages; -+ /* -+ * Buffered application records. Only for records between CCS and -+ * Finished to prevent either protocol violation or unnecessary message -+ * loss. -+ */ -+ record_pqueue buffered_app_data; -+ /* Is set when listening for new connections with dtls1_listen() */ -+ unsigned int listen; -+ unsigned int mtu; /* max DTLS packet size */ -+ struct hm_header_st w_msg_hdr; -+ struct hm_header_st r_msg_hdr; -+ struct dtls1_timeout_st timeout; -+ /* Indicates when the last handshake msg sent will timeout */ -+ struct timeval next_timeout; -+ /* Timeout duration */ -+ unsigned short timeout_duration; -+ /* -+ * storage for Alert/Handshake protocol data received but not yet -+ * processed by ssl3_read_bytes: -+ */ -+ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; -+ unsigned int alert_fragment_len; -+ unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; -+ unsigned int handshake_fragment_len; -+ unsigned int retransmitting; -+ unsigned int change_cipher_spec_ok; -+} DTLS1_STATE; -+ -+typedef struct dtls1_record_data_st { -+ unsigned char *packet; -+ unsigned int packet_length; -+ SSL3_BUFFER rbuf; -+ SSL3_RECORD rrec; -+} DTLS1_RECORD_DATA; - - /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ --#define DTLS1_TMO_READ_COUNT 2 --#define DTLS1_TMO_WRITE_COUNT 2 -+# define DTLS1_TMO_READ_COUNT 2 -+# define DTLS1_TMO_WRITE_COUNT 2 - --#define DTLS1_TMO_ALERT_COUNT 12 -+# define DTLS1_TMO_ALERT_COUNT 12 - - #ifdef __cplusplus - } - #endif - #endif -- -diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h -index 9da0b65..c9f2543 100644 ---- a/Cryptlib/Include/openssl/e_os2.h -+++ b/Cryptlib/Include/openssl/e_os2.h -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +56,7 @@ - #include - - #ifndef HEADER_E_OS2_H --#define HEADER_E_OS2_H -+# define HEADER_E_OS2_H - - #ifdef __cplusplus - extern "C" { -@@ -68,210 +68,217 @@ extern "C" { - * However, if none is defined, Unix is assumed. - **/ - --#define OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_UNIX - --/* ----------------------- Macintosh, before MacOS X ----------------------- */ --#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_MACINTOSH_CLASSIC --#endif -+/* ---------------------- Macintosh, before MacOS X ----------------------- */ -+# if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_MACINTOSH_CLASSIC -+# endif - --/* ----------------------- NetWare ----------------------------------------- */ --#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_NETWARE --#endif -+/* ---------------------- NetWare ----------------------------------------- */ -+# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_NETWARE -+# endif - --/* ---------------------- Microsoft operating systems ---------------------- */ -+/* --------------------- Microsoft operating systems ---------------------- */ - --/* Note that MSDOS actually denotes 32-bit environments running on top of -- MS-DOS, such as DJGPP one. */ --#if defined(OPENSSL_SYSNAME_MSDOS) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_MSDOS --#endif -+/* -+ * Note that MSDOS actually denotes 32-bit environments running on top of -+ * MS-DOS, such as DJGPP one. -+ */ -+# if defined(OPENSSL_SYSNAME_MSDOS) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_MSDOS -+# endif - --/* For 32 bit environment, there seems to be the CygWin environment and then -- all the others that try to do the same thing Microsoft does... */ --#if defined(OPENSSL_SYSNAME_UWIN) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_WIN32_UWIN --#else --# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) -+/* -+ * For 32 bit environment, there seems to be the CygWin environment and then -+ * all the others that try to do the same thing Microsoft does... -+ */ -+# if defined(OPENSSL_SYSNAME_UWIN) - # undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_WIN32_CYGWIN -+# define OPENSSL_SYS_WIN32_UWIN - # else --# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_WIN32 --# endif --# if defined(OPENSSL_SYSNAME_WINNT) -+# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) - # undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_WINNT --# endif --# if defined(OPENSSL_SYSNAME_WINCE) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_WINCE -+# define OPENSSL_SYS_WIN32_CYGWIN -+# else -+# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_WIN32 -+# endif -+# if defined(OPENSSL_SYSNAME_WINNT) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_WINNT -+# endif -+# if defined(OPENSSL_SYSNAME_WINCE) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_WINCE -+# endif - # endif - # endif --#endif - - /* Anything that tries to look like Microsoft is "Windows" */ --#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_WINDOWS --# ifndef OPENSSL_SYS_MSDOS --# define OPENSSL_SYS_MSDOS -+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_WINDOWS -+# ifndef OPENSSL_SYS_MSDOS -+# define OPENSSL_SYS_MSDOS -+# endif - # endif --#endif - --/* DLL settings. This part is a bit tough, because it's up to the application -- implementor how he or she will link the application, so it requires some -- macro to be used. */ --#ifdef OPENSSL_SYS_WINDOWS --# ifndef OPENSSL_OPT_WINDLL --# if defined(_WINDLL) /* This is used when building OpenSSL to indicate that -- DLL linkage should be used */ --# define OPENSSL_OPT_WINDLL -+/* -+ * DLL settings. This part is a bit tough, because it's up to the -+ * application implementor how he or she will link the application, so it -+ * requires some macro to be used. -+ */ -+# ifdef OPENSSL_SYS_WINDOWS -+# ifndef OPENSSL_OPT_WINDLL -+# if defined(_WINDLL) /* This is used when building OpenSSL to -+ * indicate that DLL linkage should be used */ -+# define OPENSSL_OPT_WINDLL -+# endif - # endif - # endif --#endif - --/* -------------------------------- OpenVMS -------------------------------- */ --#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_VMS --# if defined(__DECC) --# define OPENSSL_SYS_VMS_DECC --# elif defined(__DECCXX) --# define OPENSSL_SYS_VMS_DECC --# define OPENSSL_SYS_VMS_DECCXX --# else --# define OPENSSL_SYS_VMS_NODECC -+/* ------------------------------- OpenVMS -------------------------------- */ -+# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_VMS -+# if defined(__DECC) -+# define OPENSSL_SYS_VMS_DECC -+# elif defined(__DECCXX) -+# define OPENSSL_SYS_VMS_DECC -+# define OPENSSL_SYS_VMS_DECCXX -+# else -+# define OPENSSL_SYS_VMS_NODECC -+# endif - # endif --#endif - --/* --------------------------------- OS/2 ---------------------------------- */ --#if defined(__EMX__) || defined(__OS2__) --# undef OPENSSL_SYS_UNIX --# define OPENSSL_SYS_OS2 --#endif -- --/* --------------------------------- Unix ---------------------------------- */ --#ifdef OPENSSL_SYS_UNIX --# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) --# define OPENSSL_SYS_LINUX --# endif --# ifdef OPENSSL_SYSNAME_MPE --# define OPENSSL_SYS_MPE --# endif --# ifdef OPENSSL_SYSNAME_SNI --# define OPENSSL_SYS_SNI --# endif --# ifdef OPENSSL_SYSNAME_ULTRASPARC --# define OPENSSL_SYS_ULTRASPARC --# endif --# ifdef OPENSSL_SYSNAME_NEWS4 --# define OPENSSL_SYS_NEWS4 --# endif --# ifdef OPENSSL_SYSNAME_MACOSX --# define OPENSSL_SYS_MACOSX --# endif --# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY --# define OPENSSL_SYS_MACOSX_RHAPSODY --# define OPENSSL_SYS_MACOSX --# endif --# ifdef OPENSSL_SYSNAME_SUNOS --# define OPENSSL_SYS_SUNOS --#endif --# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) --# define OPENSSL_SYS_CRAY -+/* -------------------------------- OS/2 ---------------------------------- */ -+# if defined(__EMX__) || defined(__OS2__) -+# undef OPENSSL_SYS_UNIX -+# define OPENSSL_SYS_OS2 - # endif --# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) --# define OPENSSL_SYS_AIX -+ -+/* -------------------------------- Unix ---------------------------------- */ -+# ifdef OPENSSL_SYS_UNIX -+# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) -+# define OPENSSL_SYS_LINUX -+# endif -+# ifdef OPENSSL_SYSNAME_MPE -+# define OPENSSL_SYS_MPE -+# endif -+# ifdef OPENSSL_SYSNAME_SNI -+# define OPENSSL_SYS_SNI -+# endif -+# ifdef OPENSSL_SYSNAME_ULTRASPARC -+# define OPENSSL_SYS_ULTRASPARC -+# endif -+# ifdef OPENSSL_SYSNAME_NEWS4 -+# define OPENSSL_SYS_NEWS4 -+# endif -+# ifdef OPENSSL_SYSNAME_MACOSX -+# define OPENSSL_SYS_MACOSX -+# endif -+# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY -+# define OPENSSL_SYS_MACOSX_RHAPSODY -+# define OPENSSL_SYS_MACOSX -+# endif -+# ifdef OPENSSL_SYSNAME_SUNOS -+# define OPENSSL_SYS_SUNOS -+# endif -+# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) -+# define OPENSSL_SYS_CRAY -+# endif -+# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) -+# define OPENSSL_SYS_AIX -+# endif - # endif --#endif - --/* --------------------------------- VOS ----------------------------------- */ --#ifdef OPENSSL_SYSNAME_VOS --# define OPENSSL_SYS_VOS --#endif -+/* -------------------------------- VOS ----------------------------------- */ -+# ifdef OPENSSL_SYSNAME_VOS -+# define OPENSSL_SYS_VOS -+# endif - --/* ------------------------------- VxWorks --------------------------------- */ --#ifdef OPENSSL_SYSNAME_VXWORKS --# define OPENSSL_SYS_VXWORKS --#endif -+/* ------------------------------ VxWorks --------------------------------- */ -+# ifdef OPENSSL_SYSNAME_VXWORKS -+# define OPENSSL_SYS_VXWORKS -+# endif - - /** - * That's it for OS-specific stuff - *****************************************************************************/ - -- - /* Specials for I/O an exit */ --#ifdef OPENSSL_SYS_MSDOS --# define OPENSSL_UNISTD_IO --# define OPENSSL_DECLARE_EXIT extern void exit(int); --#else --# define OPENSSL_UNISTD_IO OPENSSL_UNISTD --# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ --#endif -- --/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare -- certain global symbols that, with some compilers under VMS, have to be -- defined and declared explicitely with globaldef and globalref. -- Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare -- DLL exports and imports for compilers under Win32. These are a little -- more complicated to use. Basically, for any library that exports some -- global variables, the following code must be present in the header file -- that declares them, before OPENSSL_EXTERN is used: -- -- #ifdef SOME_BUILD_FLAG_MACRO -- # undef OPENSSL_EXTERN -- # define OPENSSL_EXTERN OPENSSL_EXPORT -- #endif -- -- The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL -- have some generally sensible values, and for OPENSSL_EXTERN to have the -- value OPENSSL_IMPORT. --*/ -+# ifdef OPENSSL_SYS_MSDOS -+# define OPENSSL_UNISTD_IO -+# define OPENSSL_DECLARE_EXIT extern void exit(int); -+# else -+# define OPENSSL_UNISTD_IO OPENSSL_UNISTD -+# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ -+# endif - --#if defined(OPENSSL_SYS_VMS_NODECC) --# define OPENSSL_EXPORT globalref --# define OPENSSL_IMPORT globalref --# define OPENSSL_GLOBAL globaldef --#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) --# define OPENSSL_EXPORT extern __declspec(dllexport) --# define OPENSSL_IMPORT extern __declspec(dllimport) --# define OPENSSL_GLOBAL --#else --# define OPENSSL_EXPORT extern --# define OPENSSL_IMPORT extern --# define OPENSSL_GLOBAL --#endif --#define OPENSSL_EXTERN OPENSSL_IMPORT -+/*- -+ * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare -+ * certain global symbols that, with some compilers under VMS, have to be -+ * defined and declared explicitely with globaldef and globalref. -+ * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare -+ * DLL exports and imports for compilers under Win32. These are a little -+ * more complicated to use. Basically, for any library that exports some -+ * global variables, the following code must be present in the header file -+ * that declares them, before OPENSSL_EXTERN is used: -+ * -+ * #ifdef SOME_BUILD_FLAG_MACRO -+ * # undef OPENSSL_EXTERN -+ * # define OPENSSL_EXTERN OPENSSL_EXPORT -+ * #endif -+ * -+ * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL -+ * have some generally sensible values, and for OPENSSL_EXTERN to have the -+ * value OPENSSL_IMPORT. -+ */ - --/* Macros to allow global variables to be reached through function calls when -- required (if a shared library version requvres it, for example. -- The way it's done allows definitions like this: -+# if defined(OPENSSL_SYS_VMS_NODECC) -+# define OPENSSL_EXPORT globalref -+# define OPENSSL_IMPORT globalref -+# define OPENSSL_GLOBAL globaldef -+# elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) -+# define OPENSSL_EXPORT extern __declspec(dllexport) -+# define OPENSSL_IMPORT extern __declspec(dllimport) -+# define OPENSSL_GLOBAL -+# else -+# define OPENSSL_EXPORT extern -+# define OPENSSL_IMPORT extern -+# define OPENSSL_GLOBAL -+# endif -+# define OPENSSL_EXTERN OPENSSL_IMPORT - -- // in foobar.c -- OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0; -- // in foobar.h -- OPENSSL_DECLARE_GLOBAL(int,foobar); -- #define foobar OPENSSL_GLOBAL_REF(foobar) --*/ --#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION --# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \ -- extern type _hide_##name; \ -- type *_shadow_##name(void) { return &_hide_##name; } \ -- static type _hide_##name --# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) --# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) --#else --# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name --# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name --# define OPENSSL_GLOBAL_REF(name) _shadow_##name --#endif -+/*- -+ * Macros to allow global variables to be reached through function calls when -+ * required (if a shared library version requires it, for example. -+ * The way it's done allows definitions like this: -+ * -+ * // in foobar.c -+ * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) -+ * // in foobar.h -+ * OPENSSL_DECLARE_GLOBAL(int,foobar); -+ * #define foobar OPENSSL_GLOBAL_REF(foobar) -+ */ -+# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION -+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \ -+ extern type _hide_##name; \ -+ type *_shadow_##name(void) { return &_hide_##name; } \ -+ static type _hide_##name -+# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) -+# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) -+# else -+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name -+# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name -+# define OPENSSL_GLOBAL_REF(name) _shadow_##name -+# endif - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ebcdic.h b/Cryptlib/Include/openssl/ebcdic.h -index 6d65afc..fc72ecf 100644 ---- a/Cryptlib/Include/openssl/ebcdic.h -+++ b/Cryptlib/Include/openssl/ebcdic.h -@@ -1,15 +1,15 @@ - /* crypto/ebcdic.h */ - - #ifndef HEADER_EBCDIC_H --#define HEADER_EBCDIC_H -+# define HEADER_EBCDIC_H - --#include -+# include - - /* Avoid name clashes with other applications */ --#define os_toascii _openssl_os_toascii --#define os_toebcdic _openssl_os_toebcdic --#define ebcdic2ascii _openssl_ebcdic2ascii --#define ascii2ebcdic _openssl_ascii2ebcdic -+# define os_toascii _openssl_os_toascii -+# define os_toebcdic _openssl_os_toebcdic -+# define ebcdic2ascii _openssl_ebcdic2ascii -+# define ascii2ebcdic _openssl_ascii2ebcdic - - extern const unsigned char os_toascii[256]; - extern const unsigned char os_toebcdic[256]; -diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h -index 367307f..08adf1f 100644 ---- a/Cryptlib/Include/openssl/ec.h -+++ b/Cryptlib/Include/openssl/ec.h -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,81 +58,79 @@ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -- * Portions of the attached software ("Contribution") are developed by -+ * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * -- * The elliptic curve binary polynomial software is originally written by -+ * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - - #ifndef HEADER_EC_H --#define HEADER_EC_H -+# define HEADER_EC_H - --#include -+# include - --#ifdef OPENSSL_NO_EC --#error EC is disabled. --#endif -+# ifdef OPENSSL_NO_EC -+# error EC is disabled. -+# endif - --#include --#include --#ifndef OPENSSL_NO_DEPRECATED --#include --#endif -+# include -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif - --#ifdef __cplusplus -+# ifdef __cplusplus - extern "C" { --#elif defined(__SUNPRO_C) --# if __SUNPRO_C >= 0x520 --# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -+# elif defined(__SUNPRO_C) -+# if __SUNPRO_C >= 0x520 -+# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -+# endif - # endif --#endif -- - --#ifndef OPENSSL_ECC_MAX_FIELD_BITS --# define OPENSSL_ECC_MAX_FIELD_BITS 661 --#endif -+# ifndef OPENSSL_ECC_MAX_FIELD_BITS -+# define OPENSSL_ECC_MAX_FIELD_BITS 661 -+# endif - - typedef enum { -- /* values as defined in X9.62 (ECDSA) and elsewhere */ -- POINT_CONVERSION_COMPRESSED = 2, -- POINT_CONVERSION_UNCOMPRESSED = 4, -- POINT_CONVERSION_HYBRID = 6 -+ /* values as defined in X9.62 (ECDSA) and elsewhere */ -+ POINT_CONVERSION_COMPRESSED = 2, -+ POINT_CONVERSION_UNCOMPRESSED = 4, -+ POINT_CONVERSION_HYBRID = 6 - } point_conversion_form_t; - -- - typedef struct ec_method_st EC_METHOD; - - typedef struct ec_group_st -- /* -- EC_METHOD *meth; -- -- field definition -- -- curve coefficients -- -- optional generator with associated information (order, cofactor) -- -- optional extra data (precomputed table for fast computation of multiples of generator) -- -- ASN1 stuff -- */ -- EC_GROUP; -+ /*- -+ EC_METHOD *meth; -+ -- field definition -+ -- curve coefficients -+ -- optional generator with associated information (order, cofactor) -+ -- optional extra data (precomputed table for fast computation of multiples of generator) -+ -- ASN1 stuff -+ */ -+ EC_GROUP; - - typedef struct ec_point_st EC_POINT; - -- --/* EC_METHODs for curves over GF(p). -- * EC_GFp_simple_method provides the basis for the optimized methods. -+/* -+ * EC_METHODs for curves over GF(p). EC_GFp_simple_method provides the basis -+ * for the optimized methods. - */ - const EC_METHOD *EC_GFp_simple_method(void); - const EC_METHOD *EC_GFp_mont_method(void); - const EC_METHOD *EC_GFp_nist_method(void); - --/* EC_METHOD for curves over GF(2^m). -+/* -+ * EC_METHOD for curves over GF(2^m). - */ - const EC_METHOD *EC_GF2m_simple_method(void); - -- - EC_GROUP *EC_GROUP_new(const EC_METHOD *); - void EC_GROUP_free(EC_GROUP *); - void EC_GROUP_clear_free(EC_GROUP *); -@@ -142,7 +140,8 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *); - const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); - int EC_METHOD_get_field_type(const EC_METHOD *); - --int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); -+int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, -+ const BIGNUM *order, const BIGNUM *cofactor); - const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); - int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); - int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); -@@ -160,43 +159,56 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); - size_t EC_GROUP_get_seed_len(const EC_GROUP *); - size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); - --int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); --int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); --int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); --int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); -+int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *); -+int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, -+ BN_CTX *); -+int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *); -+int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, -+ BN_CTX *); - - /* returns the number of bits needed to represent a field element */ - int EC_GROUP_get_degree(const EC_GROUP *); - - /* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ - int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); --/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the -- * elliptic curve is not zero, 0 otherwise */ -+/* -+ * EC_GROUP_check_discriminant() returns 1 if the discriminant of the -+ * elliptic curve is not zero, 0 otherwise -+ */ - int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); - - /* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ - int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); - --/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() -- * after choosing an appropriate EC_METHOD */ --EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); --EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -+/* -+ * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after -+ * choosing an appropriate EC_METHOD -+ */ -+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *); -+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *); - --/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure -- * specified by a curve name (in form of a NID) */ -+/* -+ * EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a -+ * curve name (in form of a NID) -+ */ - EC_GROUP *EC_GROUP_new_by_curve_name(int nid); - /* handling of internal curves */ --typedef struct { -- int nid; -- const char *comment; -- } EC_builtin_curve; --/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number -- * of all available curves or zero if a error occurred. -- * In case r ist not zero nitems EC_builtin_curve structures -- * are filled with the data of the first nitems internal groups */ -+typedef struct { -+ int nid; -+ const char *comment; -+} EC_builtin_curve; -+/* -+ * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all -+ * available curves or zero if a error occurred. In case r ist not zero -+ * nitems EC_builtin_curve structures are filled with the data of the first -+ * nitems internal groups -+ */ - size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); - -- - /* EC_POINT functions */ - - EC_POINT *EC_POINT_new(const EC_GROUP *); -@@ -204,101 +216,118 @@ void EC_POINT_free(EC_POINT *); - void EC_POINT_clear_free(EC_POINT *); - int EC_POINT_copy(EC_POINT *, const EC_POINT *); - EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); -- -+ - const EC_METHOD *EC_POINT_method_of(const EC_POINT *); - - int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *); - int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, -- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); --int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, -- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); -+ const BIGNUM *x, const BIGNUM *y, -+ const BIGNUM *z, BN_CTX *); -+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, -+ const EC_POINT *, BIGNUM *x, -+ BIGNUM *y, BIGNUM *z, BN_CTX *); - int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, -- const BIGNUM *x, const BIGNUM *y, BN_CTX *); -+ const BIGNUM *x, const BIGNUM *y, -+ BN_CTX *); - int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, -- BIGNUM *x, BIGNUM *y, BN_CTX *); -+ BIGNUM *x, BIGNUM *y, BN_CTX *); - int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, -- const BIGNUM *x, int y_bit, BN_CTX *); -+ const BIGNUM *x, int y_bit, -+ BN_CTX *); - - int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, -- const BIGNUM *x, const BIGNUM *y, BN_CTX *); -+ const BIGNUM *x, const BIGNUM *y, -+ BN_CTX *); - int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, -- BIGNUM *x, BIGNUM *y, BN_CTX *); -+ BIGNUM *x, BIGNUM *y, BN_CTX *); - int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, -- const BIGNUM *x, int y_bit, BN_CTX *); -+ const BIGNUM *x, int y_bit, -+ BN_CTX *); - --size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, -- unsigned char *buf, size_t len, BN_CTX *); --int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, -- const unsigned char *buf, size_t len, BN_CTX *); -+size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, -+ point_conversion_form_t form, unsigned char *buf, -+ size_t len, BN_CTX *); -+int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, const unsigned char *buf, -+ size_t len, BN_CTX *); - - /* other interfaces to point2oct/oct2point: */ - BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, -- point_conversion_form_t form, BIGNUM *, BN_CTX *); -+ point_conversion_form_t form, BIGNUM *, BN_CTX *); - EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, -- EC_POINT *, BN_CTX *); -+ EC_POINT *, BN_CTX *); - char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, -- point_conversion_form_t form, BN_CTX *); -+ point_conversion_form_t form, BN_CTX *); - EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, -- EC_POINT *, BN_CTX *); -+ EC_POINT *, BN_CTX *); - --int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); -+int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, -+ const EC_POINT *b, BN_CTX *); - int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); - int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); - - int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); - int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); --int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); -+int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, -+ BN_CTX *); - - int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); --int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); -- -+int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], -+ BN_CTX *); - --int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); --int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); -+int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, -+ const EC_POINT *[], const BIGNUM *[], BN_CTX *); -+int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, -+ const EC_POINT *, const BIGNUM *, BN_CTX *); - --/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ -+/* -+ * EC_GROUP_precompute_mult() stores multiples of generator for faster point -+ * multiplication -+ */ - int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); --/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ -+/* -+ * EC_GROUP_have_precompute_mult() reports whether such precomputation has -+ * been done -+ */ - int EC_GROUP_have_precompute_mult(const EC_GROUP *); - -- -- - /* ASN1 stuff */ - --/* EC_GROUP_get_basis_type() returns the NID of the basis type -- * used to represent the field elements */ -+/* -+ * EC_GROUP_get_basis_type() returns the NID of the basis type used to -+ * represent the field elements -+ */ - int EC_GROUP_get_basis_type(const EC_GROUP *); - int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); --int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, -- unsigned int *k2, unsigned int *k3); -+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, -+ unsigned int *k2, unsigned int *k3); - --#define OPENSSL_EC_NAMED_CURVE 0x001 -+# define OPENSSL_EC_NAMED_CURVE 0x001 - - typedef struct ecpk_parameters_st ECPKPARAMETERS; - - EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); - int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); - --#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) --#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) --#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ -+# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) -+# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) -+# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ - (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) --#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ -- (unsigned char *)(x)) -+# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ -+ (unsigned char *)(x)) - --#ifndef OPENSSL_NO_BIO --int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); --#endif --#ifndef OPENSSL_NO_FP_API --int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); --#endif -+# ifndef OPENSSL_NO_BIO -+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); -+# endif -+# ifndef OPENSSL_NO_FP_API -+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); -+# endif - - /* the EC_KEY stuff */ - typedef struct ec_key_st EC_KEY; - - /* some values for the encoding_flag */ --#define EC_PKEY_NO_PARAMETERS 0x001 --#define EC_PKEY_NO_PUBKEY 0x002 -+# define EC_PKEY_NO_PARAMETERS 0x001 -+# define EC_PKEY_NO_PUBKEY 0x002 - - EC_KEY *EC_KEY_new(void); - EC_KEY *EC_KEY_new_by_curve_name(int nid); -@@ -319,8 +348,10 @@ void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); - point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); - void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); - /* functions to set/get method specific data */ --void *EC_KEY_get_key_method_data(EC_KEY *, -- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); -+void *EC_KEY_get_key_method_data(EC_KEY *, -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)); - /** Sets the key method data of an EC_KEY object, if none has yet been set. - * \param key EC_KEY object - * \param data opaque data to install. -@@ -330,7 +361,9 @@ void *EC_KEY_get_key_method_data(EC_KEY *, - * \return the previously set data pointer, or NULL if |data| was inserted. - */ - void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, -- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)); - /* wrapper functions for the underlying EC_GROUP object */ - void EC_KEY_set_asn1_flag(EC_KEY *, int); - int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); -@@ -346,32 +379,35 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); - /* de- and encoding functions for EC parameters */ - EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); - int i2d_ECParameters(EC_KEY *a, unsigned char **out); --/* de- and encoding functions for EC public key -- * (octet string, not DER -- hence 'o2i' and 'i2o') */ -+/* -+ * de- and encoding functions for EC public key (octet string, not DER -- -+ * hence 'o2i' and 'i2o') -+ */ - EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); - int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); - --#ifndef OPENSSL_NO_BIO --int ECParameters_print(BIO *bp, const EC_KEY *x); --int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); --#endif --#ifndef OPENSSL_NO_FP_API --int ECParameters_print_fp(FILE *fp, const EC_KEY *x); --int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); --#endif -+# ifndef OPENSSL_NO_BIO -+int ECParameters_print(BIO *bp, const EC_KEY *x); -+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); -+# endif -+# ifndef OPENSSL_NO_FP_API -+int ECParameters_print_fp(FILE *fp, const EC_KEY *x); -+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); -+# endif - --#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) -+# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) - --#ifndef __cplusplus --#if defined(__SUNPRO_C) --# if __SUNPRO_C >= 0x520 --# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -+# ifndef __cplusplus -+# if defined(__SUNPRO_C) -+# if __SUNPRO_C >= 0x520 -+# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -+# endif - # endif - # endif --#endif - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_EC_strings(void); -@@ -379,154 +415,154 @@ void ERR_load_EC_strings(void); - /* Error codes for the EC functions. */ - - /* Function codes. */ --#define EC_F_COMPUTE_WNAF 143 --#define EC_F_D2I_ECPARAMETERS 144 --#define EC_F_D2I_ECPKPARAMETERS 145 --#define EC_F_D2I_ECPRIVATEKEY 146 --#define EC_F_ECPARAMETERS_PRINT 147 --#define EC_F_ECPARAMETERS_PRINT_FP 148 --#define EC_F_ECPKPARAMETERS_PRINT 149 --#define EC_F_ECPKPARAMETERS_PRINT_FP 150 --#define EC_F_ECP_NIST_MOD_192 203 --#define EC_F_ECP_NIST_MOD_224 204 --#define EC_F_ECP_NIST_MOD_256 205 --#define EC_F_ECP_NIST_MOD_521 206 --#define EC_F_EC_ASN1_GROUP2CURVE 153 --#define EC_F_EC_ASN1_GROUP2FIELDID 154 --#define EC_F_EC_ASN1_GROUP2PARAMETERS 155 --#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 --#define EC_F_EC_ASN1_PARAMETERS2GROUP 157 --#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 --#define EC_F_EC_EX_DATA_SET_DATA 211 --#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 --#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 --#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 --#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 --#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 --#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 --#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 --#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 --#define EC_F_EC_GFP_MONT_FIELD_DECODE 133 --#define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 --#define EC_F_EC_GFP_MONT_FIELD_MUL 131 --#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 --#define EC_F_EC_GFP_MONT_FIELD_SQR 132 --#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 --#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 --#define EC_F_EC_GFP_NIST_FIELD_MUL 200 --#define EC_F_EC_GFP_NIST_FIELD_SQR 201 --#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 --#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 --#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 --#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 --#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 --#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 --#define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 --#define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 --#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 --#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 --#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 --#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 --#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 --#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 --#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 --#define EC_F_EC_GROUP_CHECK 170 --#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 --#define EC_F_EC_GROUP_COPY 106 --#define EC_F_EC_GROUP_GET0_GENERATOR 139 --#define EC_F_EC_GROUP_GET_COFACTOR 140 --#define EC_F_EC_GROUP_GET_CURVE_GF2M 172 --#define EC_F_EC_GROUP_GET_CURVE_GFP 130 --#define EC_F_EC_GROUP_GET_DEGREE 173 --#define EC_F_EC_GROUP_GET_ORDER 141 --#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 --#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 --#define EC_F_EC_GROUP_NEW 108 --#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 --#define EC_F_EC_GROUP_NEW_FROM_DATA 175 --#define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 --#define EC_F_EC_GROUP_SET_CURVE_GF2M 176 --#define EC_F_EC_GROUP_SET_CURVE_GFP 109 --#define EC_F_EC_GROUP_SET_EXTRA_DATA 110 --#define EC_F_EC_GROUP_SET_GENERATOR 111 --#define EC_F_EC_KEY_CHECK_KEY 177 --#define EC_F_EC_KEY_COPY 178 --#define EC_F_EC_KEY_GENERATE_KEY 179 --#define EC_F_EC_KEY_NEW 182 --#define EC_F_EC_KEY_PRINT 180 --#define EC_F_EC_KEY_PRINT_FP 181 --#define EC_F_EC_POINTS_MAKE_AFFINE 136 --#define EC_F_EC_POINTS_MUL 138 --#define EC_F_EC_POINT_ADD 112 --#define EC_F_EC_POINT_CMP 113 --#define EC_F_EC_POINT_COPY 114 --#define EC_F_EC_POINT_DBL 115 --#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 --#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 --#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 --#define EC_F_EC_POINT_INVERT 210 --#define EC_F_EC_POINT_IS_AT_INFINITY 118 --#define EC_F_EC_POINT_IS_ON_CURVE 119 --#define EC_F_EC_POINT_MAKE_AFFINE 120 --#define EC_F_EC_POINT_MUL 184 --#define EC_F_EC_POINT_NEW 121 --#define EC_F_EC_POINT_OCT2POINT 122 --#define EC_F_EC_POINT_POINT2OCT 123 --#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 --#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 --#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 --#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 --#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 --#define EC_F_EC_POINT_SET_TO_INFINITY 127 --#define EC_F_EC_PRE_COMP_DUP 207 --#define EC_F_EC_PRE_COMP_NEW 196 --#define EC_F_EC_WNAF_MUL 187 --#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 --#define EC_F_I2D_ECPARAMETERS 190 --#define EC_F_I2D_ECPKPARAMETERS 191 --#define EC_F_I2D_ECPRIVATEKEY 192 --#define EC_F_I2O_ECPUBLICKEY 151 --#define EC_F_O2I_ECPUBLICKEY 152 -+# define EC_F_COMPUTE_WNAF 143 -+# define EC_F_D2I_ECPARAMETERS 144 -+# define EC_F_D2I_ECPKPARAMETERS 145 -+# define EC_F_D2I_ECPRIVATEKEY 146 -+# define EC_F_ECPARAMETERS_PRINT 147 -+# define EC_F_ECPARAMETERS_PRINT_FP 148 -+# define EC_F_ECPKPARAMETERS_PRINT 149 -+# define EC_F_ECPKPARAMETERS_PRINT_FP 150 -+# define EC_F_ECP_NIST_MOD_192 203 -+# define EC_F_ECP_NIST_MOD_224 204 -+# define EC_F_ECP_NIST_MOD_256 205 -+# define EC_F_ECP_NIST_MOD_521 206 -+# define EC_F_EC_ASN1_GROUP2CURVE 153 -+# define EC_F_EC_ASN1_GROUP2FIELDID 154 -+# define EC_F_EC_ASN1_GROUP2PARAMETERS 155 -+# define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 -+# define EC_F_EC_ASN1_PARAMETERS2GROUP 157 -+# define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 -+# define EC_F_EC_EX_DATA_SET_DATA 211 -+# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 -+# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 -+# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 -+# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 -+# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 -+# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 -+# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 -+# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 -+# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 -+# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 -+# define EC_F_EC_GFP_MONT_FIELD_MUL 131 -+# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 -+# define EC_F_EC_GFP_MONT_FIELD_SQR 132 -+# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 -+# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 -+# define EC_F_EC_GFP_NIST_FIELD_MUL 200 -+# define EC_F_EC_GFP_NIST_FIELD_SQR 201 -+# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 -+# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 -+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 -+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 -+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 -+# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 -+# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 -+# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 -+# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 -+# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 -+# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 -+# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 -+# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 -+# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 -+# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 -+# define EC_F_EC_GROUP_CHECK 170 -+# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 -+# define EC_F_EC_GROUP_COPY 106 -+# define EC_F_EC_GROUP_GET0_GENERATOR 139 -+# define EC_F_EC_GROUP_GET_COFACTOR 140 -+# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 -+# define EC_F_EC_GROUP_GET_CURVE_GFP 130 -+# define EC_F_EC_GROUP_GET_DEGREE 173 -+# define EC_F_EC_GROUP_GET_ORDER 141 -+# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 -+# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 -+# define EC_F_EC_GROUP_NEW 108 -+# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 -+# define EC_F_EC_GROUP_NEW_FROM_DATA 175 -+# define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 -+# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 -+# define EC_F_EC_GROUP_SET_CURVE_GFP 109 -+# define EC_F_EC_GROUP_SET_EXTRA_DATA 110 -+# define EC_F_EC_GROUP_SET_GENERATOR 111 -+# define EC_F_EC_KEY_CHECK_KEY 177 -+# define EC_F_EC_KEY_COPY 178 -+# define EC_F_EC_KEY_GENERATE_KEY 179 -+# define EC_F_EC_KEY_NEW 182 -+# define EC_F_EC_KEY_PRINT 180 -+# define EC_F_EC_KEY_PRINT_FP 181 -+# define EC_F_EC_POINTS_MAKE_AFFINE 136 -+# define EC_F_EC_POINTS_MUL 138 -+# define EC_F_EC_POINT_ADD 112 -+# define EC_F_EC_POINT_CMP 113 -+# define EC_F_EC_POINT_COPY 114 -+# define EC_F_EC_POINT_DBL 115 -+# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 -+# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 -+# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 -+# define EC_F_EC_POINT_INVERT 210 -+# define EC_F_EC_POINT_IS_AT_INFINITY 118 -+# define EC_F_EC_POINT_IS_ON_CURVE 119 -+# define EC_F_EC_POINT_MAKE_AFFINE 120 -+# define EC_F_EC_POINT_MUL 184 -+# define EC_F_EC_POINT_NEW 121 -+# define EC_F_EC_POINT_OCT2POINT 122 -+# define EC_F_EC_POINT_POINT2OCT 123 -+# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 -+# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 -+# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 -+# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 -+# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 -+# define EC_F_EC_POINT_SET_TO_INFINITY 127 -+# define EC_F_EC_PRE_COMP_DUP 207 -+# define EC_F_EC_PRE_COMP_NEW 196 -+# define EC_F_EC_WNAF_MUL 187 -+# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 -+# define EC_F_I2D_ECPARAMETERS 190 -+# define EC_F_I2D_ECPKPARAMETERS 191 -+# define EC_F_I2D_ECPRIVATEKEY 192 -+# define EC_F_I2O_ECPUBLICKEY 151 -+# define EC_F_O2I_ECPUBLICKEY 152 - - /* Reason codes. */ --#define EC_R_ASN1_ERROR 115 --#define EC_R_ASN1_UNKNOWN_FIELD 116 --#define EC_R_BUFFER_TOO_SMALL 100 --#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 --#define EC_R_DISCRIMINANT_IS_ZERO 118 --#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 --#define EC_R_FIELD_TOO_LARGE 138 --#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 --#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 --#define EC_R_INCOMPATIBLE_OBJECTS 101 --#define EC_R_INVALID_ARGUMENT 112 --#define EC_R_INVALID_COMPRESSED_POINT 110 --#define EC_R_INVALID_COMPRESSION_BIT 109 --#define EC_R_INVALID_ENCODING 102 --#define EC_R_INVALID_FIELD 103 --#define EC_R_INVALID_FORM 104 --#define EC_R_INVALID_GROUP_ORDER 122 --#define EC_R_INVALID_PENTANOMIAL_BASIS 132 --#define EC_R_INVALID_PRIVATE_KEY 123 --#define EC_R_INVALID_TRINOMIAL_BASIS 137 --#define EC_R_MISSING_PARAMETERS 124 --#define EC_R_MISSING_PRIVATE_KEY 125 --#define EC_R_NOT_A_NIST_PRIME 135 --#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 --#define EC_R_NOT_IMPLEMENTED 126 --#define EC_R_NOT_INITIALIZED 111 --#define EC_R_NO_FIELD_MOD 133 --#define EC_R_PASSED_NULL_PARAMETER 134 --#define EC_R_PKPARAMETERS2GROUP_FAILURE 127 --#define EC_R_POINT_AT_INFINITY 106 --#define EC_R_POINT_IS_NOT_ON_CURVE 107 --#define EC_R_SLOT_FULL 108 --#define EC_R_UNDEFINED_GENERATOR 113 --#define EC_R_UNDEFINED_ORDER 128 --#define EC_R_UNKNOWN_GROUP 129 --#define EC_R_UNKNOWN_ORDER 114 --#define EC_R_UNSUPPORTED_FIELD 131 --#define EC_R_WRONG_ORDER 130 -+# define EC_R_ASN1_ERROR 115 -+# define EC_R_ASN1_UNKNOWN_FIELD 116 -+# define EC_R_BUFFER_TOO_SMALL 100 -+# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 -+# define EC_R_DISCRIMINANT_IS_ZERO 118 -+# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 -+# define EC_R_FIELD_TOO_LARGE 138 -+# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 -+# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 -+# define EC_R_INCOMPATIBLE_OBJECTS 101 -+# define EC_R_INVALID_ARGUMENT 112 -+# define EC_R_INVALID_COMPRESSED_POINT 110 -+# define EC_R_INVALID_COMPRESSION_BIT 109 -+# define EC_R_INVALID_ENCODING 102 -+# define EC_R_INVALID_FIELD 103 -+# define EC_R_INVALID_FORM 104 -+# define EC_R_INVALID_GROUP_ORDER 122 -+# define EC_R_INVALID_PENTANOMIAL_BASIS 132 -+# define EC_R_INVALID_PRIVATE_KEY 123 -+# define EC_R_INVALID_TRINOMIAL_BASIS 137 -+# define EC_R_MISSING_PARAMETERS 124 -+# define EC_R_MISSING_PRIVATE_KEY 125 -+# define EC_R_NOT_A_NIST_PRIME 135 -+# define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 -+# define EC_R_NOT_IMPLEMENTED 126 -+# define EC_R_NOT_INITIALIZED 111 -+# define EC_R_NO_FIELD_MOD 133 -+# define EC_R_PASSED_NULL_PARAMETER 134 -+# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 -+# define EC_R_POINT_AT_INFINITY 106 -+# define EC_R_POINT_IS_NOT_ON_CURVE 107 -+# define EC_R_SLOT_FULL 108 -+# define EC_R_UNDEFINED_GENERATOR 113 -+# define EC_R_UNDEFINED_ORDER 128 -+# define EC_R_UNKNOWN_GROUP 129 -+# define EC_R_UNKNOWN_ORDER 114 -+# define EC_R_UNSUPPORTED_FIELD 131 -+# define EC_R_WRONG_ORDER 130 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ecdh.h b/Cryptlib/Include/openssl/ecdh.h -index b4b58ee..eb4047d 100644 ---- a/Cryptlib/Include/openssl/ecdh.h -+++ b/Cryptlib/Include/openssl/ecdh.h -@@ -21,7 +21,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -67,19 +67,19 @@ - * - */ - #ifndef HEADER_ECDH_H --#define HEADER_ECDH_H -+# define HEADER_ECDH_H - --#include -+# include - --#ifdef OPENSSL_NO_ECDH --#error ECDH is disabled. --#endif -+# ifdef OPENSSL_NO_ECDH -+# error ECDH is disabled. -+# endif - --#include --#include --#ifndef OPENSSL_NO_DEPRECATED --#include --#endif -+# include -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif - - #ifdef __cplusplus - extern "C" { -@@ -87,21 +87,23 @@ extern "C" { - - const ECDH_METHOD *ECDH_OpenSSL(void); - --void ECDH_set_default_method(const ECDH_METHOD *); -+void ECDH_set_default_method(const ECDH_METHOD *); - const ECDH_METHOD *ECDH_get_default_method(void); --int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); -- --int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, -- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); -+int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); - --int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new -- *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); --int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); --void *ECDH_get_ex_data(EC_KEY *d, int idx); -+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, -+ EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, -+ void *out, size_t *outlen)); - -+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new -+ *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); -+void *ECDH_get_ex_data(EC_KEY *d, int idx); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_ECDH_strings(void); -@@ -109,13 +111,13 @@ void ERR_load_ECDH_strings(void); - /* Error codes for the ECDH functions. */ - - /* Function codes. */ --#define ECDH_F_ECDH_COMPUTE_KEY 100 --#define ECDH_F_ECDH_DATA_NEW_METHOD 101 -+# define ECDH_F_ECDH_COMPUTE_KEY 100 -+# define ECDH_F_ECDH_DATA_NEW_METHOD 101 - - /* Reason codes. */ --#define ECDH_R_KDF_FAILED 102 --#define ECDH_R_NO_PRIVATE_VALUE 100 --#define ECDH_R_POINT_ARITHMETIC_FAILURE 101 -+# define ECDH_R_KDF_FAILED 102 -+# define ECDH_R_NO_PRIVATE_VALUE 100 -+# define ECDH_R_POINT_ARITHMETIC_FAILURE 101 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ecdsa.h b/Cryptlib/Include/openssl/ecdsa.h -index f20c8ee..48dd988 100644 ---- a/Cryptlib/Include/openssl/ecdsa.h -+++ b/Cryptlib/Include/openssl/ecdsa.h -@@ -11,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,29 +57,28 @@ - * - */ - #ifndef HEADER_ECDSA_H --#define HEADER_ECDSA_H -+# define HEADER_ECDSA_H - --#include -+# include - --#ifdef OPENSSL_NO_ECDSA --#error ECDSA is disabled. --#endif -+# ifdef OPENSSL_NO_ECDSA -+# error ECDSA is disabled. -+# endif - --#include --#include --#ifndef OPENSSL_NO_DEPRECATED --#include --#endif -+# include -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct ECDSA_SIG_st -- { -- BIGNUM *r; -- BIGNUM *s; -- } ECDSA_SIG; -+typedef struct ECDSA_SIG_st { -+ BIGNUM *r; -+ BIGNUM *s; -+} ECDSA_SIG; - - /** ECDSA_SIG *ECDSA_SIG_new(void) - * allocates and initialize a ECDSA_SIG structure -@@ -91,20 +90,20 @@ ECDSA_SIG *ECDSA_SIG_new(void); - * frees a ECDSA_SIG structure - * \param a pointer to the ECDSA_SIG structure - */ --void ECDSA_SIG_free(ECDSA_SIG *a); -+void ECDSA_SIG_free(ECDSA_SIG *a); - - /** i2d_ECDSA_SIG - * DER encode content of ECDSA_SIG object (note: this function modifies *pp - * (*pp += length of the DER encoded signature)). - * \param a pointer to the ECDSA_SIG object - * \param pp pointer to a unsigned char pointer for the output or NULL -- * \return the length of the DER encoded ECDSA_SIG object or 0 -+ * \return the length of the DER encoded ECDSA_SIG object or 0 - */ --int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); -+int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); - - /** d2i_ECDSA_SIG - * decodes a DER encoded ECDSA signature (note: this function changes *pp -- * (*pp += len)). -+ * (*pp += len)). - * \param v pointer to ECDSA_SIG pointer (may be NULL) - * \param pp buffer with the DER encoded signature - * \param len bufferlength -@@ -120,7 +119,8 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len); - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL - */ --ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); -+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, -+ EC_KEY *eckey); - - /** ECDSA_do_sign_ex - * computes ECDSA signature of a given hash value using the supplied -@@ -128,13 +128,14 @@ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param kinv optional pointer to a pre-computed inverse k -- * \param rp optional pointer to the pre-computed rp value (see -+ * \param rp optional pointer to the pre-computed rp value (see - * ECDSA_sign_setup - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL - */ --ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, -- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, -+ const BIGNUM *kinv, const BIGNUM *rp, -+ EC_KEY *eckey); - - /** ECDSA_do_verify - * verifies that the supplied signature is a valid ECDSA -@@ -145,8 +146,8 @@ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, - * \param eckey pointer to the EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error - */ --int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, -- const ECDSA_SIG *sig, EC_KEY* eckey); -+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey); - - const ECDSA_METHOD *ECDSA_OpenSSL(void); - -@@ -154,7 +155,7 @@ const ECDSA_METHOD *ECDSA_OpenSSL(void); - * sets the default ECDSA method - * \param meth the new default ECDSA_METHOD - */ --void ECDSA_set_default_method(const ECDSA_METHOD *meth); -+void ECDSA_set_default_method(const ECDSA_METHOD *meth); - - /** ECDSA_get_default_method - * returns the default ECDSA method -@@ -166,27 +167,26 @@ const ECDSA_METHOD *ECDSA_get_default_method(void); - * sets method to be used for the ECDSA operations - * \param eckey pointer to the EC_KEY object - * \param meth pointer to the new method -- * \return 1 on success and 0 otherwise -+ * \return 1 on success and 0 otherwise - */ --int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); -+int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); - - /** ECDSA_size - * returns the maximum length of the DER encoded signature - * \param eckey pointer to a EC_KEY object - * \return numbers of bytes required for the DER encoded signature - */ --int ECDSA_size(const EC_KEY *eckey); -+int ECDSA_size(const EC_KEY *eckey); - - /** ECDSA_sign_setup -- * precompute parts of the signing operation. -+ * precompute parts of the signing operation. - * \param eckey pointer to the EC_KEY object containing a private EC key - * \param ctx pointer to a BN_CTX object (may be NULL) - * \param kinv pointer to a BIGNUM pointer for the inverse of k - * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator - * \return 1 on success and 0 otherwise - */ --int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, -- BIGNUM **rp); -+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); - - /** ECDSA_sign - * computes ECDSA signature of a given hash value using the supplied -@@ -199,9 +199,8 @@ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise - */ --int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, -- unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -- -+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, -+ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); - - /** ECDSA_sign_ex - * computes ECDSA signature of a given hash value using the supplied -@@ -212,38 +211,39 @@ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param kinv optional pointer to a pre-computed inverse k -- * \param rp optional pointer to the pre-computed rp value (see -+ * \param rp optional pointer to the pre-computed rp value (see - * ECDSA_sign_setup - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise - */ --int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, -- unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, -- const BIGNUM *rp, EC_KEY *eckey); -+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, -+ unsigned char *sig, unsigned int *siglen, -+ const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); - - /** ECDSA_verify - * verifies that the given signature is valid ECDSA signature - * of the supplied hash value using the specified public key. - * \param type this parameter is ignored -- * \param dgst pointer to the hash value -+ * \param dgst pointer to the hash value - * \param dgstlen length of the hash value - * \param sig pointer to the DER encoded signature - * \param siglen length of the DER encoded signature - * \param eckey pointer to the EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error - */ --int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, -- const unsigned char *sig, int siglen, EC_KEY *eckey); -+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, -+ const unsigned char *sig, int siglen, EC_KEY *eckey); - - /* the standard ex_data functions */ --int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new -- *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); --int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); --void *ECDSA_get_ex_data(EC_KEY *d, int idx); -- -+int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new -+ *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); -+void *ECDSA_get_ex_data(EC_KEY *d, int idx); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_ECDSA_strings(void); -@@ -251,19 +251,19 @@ void ERR_load_ECDSA_strings(void); - /* Error codes for the ECDSA functions. */ - - /* Function codes. */ --#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 --#define ECDSA_F_ECDSA_DO_SIGN 101 --#define ECDSA_F_ECDSA_DO_VERIFY 102 --#define ECDSA_F_ECDSA_SIGN_SETUP 103 -+# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 -+# define ECDSA_F_ECDSA_DO_SIGN 101 -+# define ECDSA_F_ECDSA_DO_VERIFY 102 -+# define ECDSA_F_ECDSA_SIGN_SETUP 103 - - /* Reason codes. */ --#define ECDSA_R_BAD_SIGNATURE 100 --#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 --#define ECDSA_R_ERR_EC_LIB 102 --#define ECDSA_R_MISSING_PARAMETERS 103 --#define ECDSA_R_NEED_NEW_SETUP_VALUES 106 --#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 --#define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 -+# define ECDSA_R_BAD_SIGNATURE 100 -+# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 -+# define ECDSA_R_ERR_EC_LIB 102 -+# define ECDSA_R_MISSING_PARAMETERS 103 -+# define ECDSA_R_NEED_NEW_SETUP_VALUES 106 -+# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 -+# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h -index b4e0444..335b78f 100644 ---- a/Cryptlib/Include/openssl/engine.h -+++ b/Cryptlib/Include/openssl/engine.h -@@ -1,6 +1,7 @@ - /* openssl/engine.h */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,233 +58,285 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECDH support in OpenSSL originally developed by -+ * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - - #ifndef HEADER_ENGINE_H --#define HEADER_ENGINE_H -- --#include -- --#ifdef OPENSSL_NO_ENGINE --#error ENGINE is disabled. --#endif -- --#ifndef OPENSSL_NO_DEPRECATED --#include --#ifndef OPENSSL_NO_RSA --#include --#endif --#ifndef OPENSSL_NO_DSA --#include --#endif --#ifndef OPENSSL_NO_DH --#include --#endif --#ifndef OPENSSL_NO_ECDH --#include --#endif --#ifndef OPENSSL_NO_ECDSA --#include --#endif --#include --#include --#include --#include --#endif -- --#include -- --#include --#include -+# define HEADER_ENGINE_H -+ -+# include -+ -+# ifdef OPENSSL_NO_ENGINE -+# error ENGINE is disabled. -+# endif -+ -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+# ifndef OPENSSL_NO_DSA -+# include -+# endif -+# ifndef OPENSSL_NO_DH -+# include -+# endif -+# ifndef OPENSSL_NO_ECDH -+# include -+# endif -+# ifndef OPENSSL_NO_ECDSA -+# include -+# endif -+# include -+# include -+# include -+# include -+# endif -+ -+# include -+ -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --/* These flags are used to control combinations of algorithm (methods) -- * by bitwise "OR"ing. */ --#define ENGINE_METHOD_RSA (unsigned int)0x0001 --#define ENGINE_METHOD_DSA (unsigned int)0x0002 --#define ENGINE_METHOD_DH (unsigned int)0x0004 --#define ENGINE_METHOD_RAND (unsigned int)0x0008 --#define ENGINE_METHOD_ECDH (unsigned int)0x0010 --#define ENGINE_METHOD_ECDSA (unsigned int)0x0020 --#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 --#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 --#define ENGINE_METHOD_STORE (unsigned int)0x0100 -+/* -+ * These flags are used to control combinations of algorithm (methods) by -+ * bitwise "OR"ing. -+ */ -+# define ENGINE_METHOD_RSA (unsigned int)0x0001 -+# define ENGINE_METHOD_DSA (unsigned int)0x0002 -+# define ENGINE_METHOD_DH (unsigned int)0x0004 -+# define ENGINE_METHOD_RAND (unsigned int)0x0008 -+# define ENGINE_METHOD_ECDH (unsigned int)0x0010 -+# define ENGINE_METHOD_ECDSA (unsigned int)0x0020 -+# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 -+# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 -+# define ENGINE_METHOD_STORE (unsigned int)0x0100 - /* Obvious all-or-nothing cases. */ --#define ENGINE_METHOD_ALL (unsigned int)0xFFFF --#define ENGINE_METHOD_NONE (unsigned int)0x0000 -- --/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used -- * internally to control registration of ENGINE implementations, and can be set -- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to -- * initialise registered ENGINEs if they are not already initialised. */ --#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 -+# define ENGINE_METHOD_ALL (unsigned int)0xFFFF -+# define ENGINE_METHOD_NONE (unsigned int)0x0000 -+ -+/* -+ * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used -+ * internally to control registration of ENGINE implementations, and can be -+ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to -+ * initialise registered ENGINEs if they are not already initialised. -+ */ -+# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 - - /* ENGINE flags that can be set by ENGINE_set_flags(). */ --/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */ -- --/* This flag is for ENGINEs that wish to handle the various 'CMD'-related -- * control commands on their own. Without this flag, ENGINE_ctrl() handles these -- * control commands on behalf of the ENGINE using their "cmd_defns" data. */ --#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 -- --/* This flag is for ENGINEs who return new duplicate structures when found via -- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl() -- * commands are called in sequence as part of some stateful process like -- * key-generation setup and execution), it can set this flag - then each attempt -- * to obtain the ENGINE will result in it being copied into a new structure. -- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments -- * the existing ENGINE's structural reference count. */ --#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 -- --/* ENGINEs can support their own command types, and these flags are used in -- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each -- * command expects. Currently only numeric and string input is supported. If a -- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options, -- * then it is regarded as an "internal" control command - and not for use in -- * config setting situations. As such, they're not available to the -- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to -- * this list of 'command types' should be reflected carefully in -- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */ -+/* Not used */ -+/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ -+ -+/* -+ * This flag is for ENGINEs that wish to handle the various 'CMD'-related -+ * control commands on their own. Without this flag, ENGINE_ctrl() handles -+ * these control commands on behalf of the ENGINE using their "cmd_defns" -+ * data. -+ */ -+# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 -+ -+/* -+ * This flag is for ENGINEs who return new duplicate structures when found -+ * via "ENGINE_by_id()". When an ENGINE must store state (eg. if -+ * ENGINE_ctrl() commands are called in sequence as part of some stateful -+ * process like key-generation setup and execution), it can set this flag - -+ * then each attempt to obtain the ENGINE will result in it being copied into -+ * a new structure. Normally, ENGINEs don't declare this flag so -+ * ENGINE_by_id() just increments the existing ENGINE's structural reference -+ * count. -+ */ -+# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 -+ -+/* -+ * ENGINEs can support their own command types, and these flags are used in -+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input -+ * each command expects. Currently only numeric and string input is -+ * supported. If a control command supports none of the _NUMERIC, _STRING, or -+ * _NO_INPUT options, then it is regarded as an "internal" control command - -+ * and not for use in config setting situations. As such, they're not -+ * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() -+ * access. Changes to this list of 'command types' should be reflected -+ * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). -+ */ - - /* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ --#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 --/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to -- * ENGINE_ctrl) */ --#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 --/* Indicates that the control command takes *no* input. Ie. the control command -- * is unparameterised. */ --#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 --/* Indicates that the control command is internal. This control command won't -+# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 -+/* -+ * accepts string input (cast from 'void*' to 'const char *', 4th parameter -+ * to ENGINE_ctrl) -+ */ -+# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 -+/* -+ * Indicates that the control command takes *no* input. Ie. the control -+ * command is unparameterised. -+ */ -+# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 -+/* -+ * Indicates that the control command is internal. This control command won't - * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() -- * function. */ --#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 -- --/* NB: These 3 control commands are deprecated and should not be used. ENGINEs -- * relying on these commands should compile conditional support for -- * compatibility (eg. if these symbols are defined) but should also migrate the -- * same functionality to their own ENGINE-specific control functions that can be -- * "discovered" by calling applications. The fact these control commands -- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the -- * fact that application code can find and use them without requiring per-ENGINE -- * hacking. */ -- --/* These flags are used to tell the ctrl function what should be done. -- * All command numbers are shared between all engines, even if some don't -- * make sense to some engines. In such a case, they do nothing but return -- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ --#define ENGINE_CTRL_SET_LOGSTREAM 1 --#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 --#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any -- handles/connections etc. */ --#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ --#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used -- when calling the password -- callback and the user -- interface */ --#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given -- a string that represents a -- file name or so */ --#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given -- section in the already loaded -- configuration */ -- --/* These control commands allow an application to deal with an arbitrary engine -- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE -- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands, -- * including ENGINE-specific command types, return zero for an error. -- * -- * An ENGINE can choose to implement these ctrl functions, and can internally -- * manage things however it chooses - it does so by setting the -- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the -- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns -- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl() -- * handler need only implement its own commands - the above "meta" commands will -- * be taken care of. */ -- --/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then -- * all the remaining control commands will return failure, so it is worth -- * checking this first if the caller is trying to "discover" the engine's -- * capabilities and doesn't want errors generated unnecessarily. */ --#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 --/* Returns a positive command number for the first command supported by the -- * engine. Returns zero if no ctrl commands are supported. */ --#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 --/* The 'long' argument specifies a command implemented by the engine, and the -- * return value is the next command supported, or zero if there are no more. */ --#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 --/* The 'void*' argument is a command name (cast from 'const char *'), and the -- * return value is the command that corresponds to it. */ --#define ENGINE_CTRL_GET_CMD_FROM_NAME 13 --/* The next two allow a command to be converted into its corresponding string -- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN -- * case, the return value is the length of the command name (not counting a -- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer -- * large enough, and it will be populated with the name of the command (WITH a -- * trailing EOL). */ --#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 --#define ENGINE_CTRL_GET_NAME_FROM_CMD 15 -+ * function. -+ */ -+# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 -+ -+/* -+ * NB: These 3 control commands are deprecated and should not be used. -+ * ENGINEs relying on these commands should compile conditional support for -+ * compatibility (eg. if these symbols are defined) but should also migrate -+ * the same functionality to their own ENGINE-specific control functions that -+ * can be "discovered" by calling applications. The fact these control -+ * commands wouldn't be "executable" (ie. usable by text-based config) -+ * doesn't change the fact that application code can find and use them -+ * without requiring per-ENGINE hacking. -+ */ -+ -+/* -+ * These flags are used to tell the ctrl function what should be done. All -+ * command numbers are shared between all engines, even if some don't make -+ * sense to some engines. In such a case, they do nothing but return the -+ * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. -+ */ -+# define ENGINE_CTRL_SET_LOGSTREAM 1 -+# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 -+# define ENGINE_CTRL_HUP 3/* Close and reinitialise -+ * any handles/connections -+ * etc. */ -+# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ -+# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used -+ * when calling the password -+ * callback and the user -+ * interface */ -+# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, -+ * given a string that -+ * represents a file name -+ * or so */ -+# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given -+ * section in the already -+ * loaded configuration */ -+ -+/* -+ * These control commands allow an application to deal with an arbitrary -+ * engine in a dynamic way. Warn: Negative return values indicate errors FOR -+ * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other -+ * commands, including ENGINE-specific command types, return zero for an -+ * error. An ENGINE can choose to implement these ctrl functions, and can -+ * internally manage things however it chooses - it does so by setting the -+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise -+ * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the -+ * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's -+ * ctrl() handler need only implement its own commands - the above "meta" -+ * commands will be taken care of. -+ */ -+ -+/* -+ * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", -+ * then all the remaining control commands will return failure, so it is -+ * worth checking this first if the caller is trying to "discover" the -+ * engine's capabilities and doesn't want errors generated unnecessarily. -+ */ -+# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 -+/* -+ * Returns a positive command number for the first command supported by the -+ * engine. Returns zero if no ctrl commands are supported. -+ */ -+# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 -+/* -+ * The 'long' argument specifies a command implemented by the engine, and the -+ * return value is the next command supported, or zero if there are no more. -+ */ -+# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 -+/* -+ * The 'void*' argument is a command name (cast from 'const char *'), and the -+ * return value is the command that corresponds to it. -+ */ -+# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 -+/* -+ * The next two allow a command to be converted into its corresponding string -+ * form. In each case, the 'long' argument supplies the command. In the -+ * NAME_LEN case, the return value is the length of the command name (not -+ * counting a trailing EOL). In the NAME case, the 'void*' argument must be a -+ * string buffer large enough, and it will be populated with the name of the -+ * command (WITH a trailing EOL). -+ */ -+# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 -+# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 - /* The next two are similar but give a "short description" of a command. */ --#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 --#define ENGINE_CTRL_GET_DESC_FROM_CMD 17 --/* With this command, the return value is the OR'd combination of -+# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 -+# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 -+/* -+ * With this command, the return value is the OR'd combination of - * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given -- * engine-specific ctrl command expects. */ --#define ENGINE_CTRL_GET_CMD_FLAGS 18 -+ * engine-specific ctrl command expects. -+ */ -+# define ENGINE_CTRL_GET_CMD_FLAGS 18 - --/* ENGINE implementations should start the numbering of their own control -- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ --#define ENGINE_CMD_BASE 200 -+/* -+ * ENGINE implementations should start the numbering of their own control -+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). -+ */ -+# define ENGINE_CMD_BASE 200 - --/* NB: These 2 nCipher "chil" control commands are deprecated, and their -+/* -+ * NB: These 2 nCipher "chil" control commands are deprecated, and their - * functionality is now available through ENGINE-specific control commands - * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 -- * commands should be migrated to the more general command handling before these -- * are removed. */ -+ * commands should be migrated to the more general command handling before -+ * these are removed. -+ */ - - /* Flags specific to the nCipher "chil" engine */ --#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 -- /* Depending on the value of the (long)i argument, this sets or -- * unsets the SimpleForkCheck flag in the CHIL API to enable or -- * disable checking and workarounds for applications that fork(). -- */ --#define ENGINE_CTRL_CHIL_NO_LOCKING 101 -- /* This prevents the initialisation function from providing mutex -- * callbacks to the nCipher library. */ -- --/* If an ENGINE supports its own specific control commands and wishes the -- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its -- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries -- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that -- * supports the stated commands (ie. the "cmd_num" entries as described by the -- * array). NB: The array must be ordered in increasing order of cmd_num. -- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set -- * to zero and/or cmd_name set to NULL. */ --typedef struct ENGINE_CMD_DEFN_st -- { -- unsigned int cmd_num; /* The command number */ -- const char *cmd_name; /* The command name itself */ -- const char *cmd_desc; /* A short description of the command */ -- unsigned int cmd_flags; /* The input the command expects */ -- } ENGINE_CMD_DEFN; -+# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 -+ /* -+ * Depending on the value of the (long)i argument, this sets or -+ * unsets the SimpleForkCheck flag in the CHIL API to enable or -+ * disable checking and workarounds for applications that fork(). -+ */ -+# define ENGINE_CTRL_CHIL_NO_LOCKING 101 -+ /* -+ * This prevents the initialisation function from providing mutex -+ * callbacks to the nCipher library. -+ */ -+ -+/* -+ * If an ENGINE supports its own specific control commands and wishes the -+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on -+ * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN -+ * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() -+ * handler that supports the stated commands (ie. the "cmd_num" entries as -+ * described by the array). NB: The array must be ordered in increasing order -+ * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element -+ * has cmd_num set to zero and/or cmd_name set to NULL. -+ */ -+typedef struct ENGINE_CMD_DEFN_st { -+ unsigned int cmd_num; /* The command number */ -+ const char *cmd_name; /* The command name itself */ -+ const char *cmd_desc; /* A short description of the command */ -+ unsigned int cmd_flags; /* The input the command expects */ -+} ENGINE_CMD_DEFN; - - /* Generic function pointer */ --typedef int (*ENGINE_GEN_FUNC_PTR)(void); -+typedef int (*ENGINE_GEN_FUNC_PTR) (void); - /* Generic function pointer taking no arguments */ --typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); -+typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); - /* Specific control function pointer */ --typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)); -+typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, -+ void (*f) (void)); - /* Generic load_key function pointer */ --typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, -- UI_METHOD *ui_method, void *callback_data); --typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, -- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, -- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); --/* These callback types are for an ENGINE's handler for cipher and digest logic. -+typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, -+ UI_METHOD *ui_method, -+ void *callback_data); -+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, -+ STACK_OF(X509_NAME) *ca_dn, -+ X509 **pcert, EVP_PKEY **pkey, -+ STACK_OF(X509) **pother, -+ UI_METHOD *ui_method, -+ void *callback_data); -+/*- -+ * These callback types are for an ENGINE's handler for cipher and digest logic. - * These handlers have these prototypes; - * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); - * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); -@@ -293,20 +346,26 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, - * If the framework wants a list of supported 'nid's, it will call; - * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) - */ --/* Returns to a pointer to the array of supported cipher 'nid's. If the second -- * parameter is non-NULL it is set to the size of the returned array. */ --typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int); --typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); -- --/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE -- * structures where the pointers have a "structural reference". This means that -- * their reference is to allowed access to the structure but it does not imply -- * that the structure is functional. To simply increment or decrement the -- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not -- * required when iterating using ENGINE_get_next as it will automatically -- * decrement the structural reference count of the "current" ENGINE and -- * increment the structural reference count of the ENGINE it returns (unless it -- * is NULL). */ -+/* -+ * Returns to a pointer to the array of supported cipher 'nid's. If the -+ * second parameter is non-NULL it is set to the size of the returned array. -+ */ -+typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, -+ const int **, int); -+typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, -+ int); -+ -+/* -+ * STRUCTURE functions ... all of these functions deal with pointers to -+ * ENGINE structures where the pointers have a "structural reference". This -+ * means that their reference is to allowed access to the structure but it -+ * does not imply that the structure is functional. To simply increment or -+ * decrement the structural reference count, use ENGINE_by_id and -+ * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next -+ * as it will automatically decrement the structural reference count of the -+ * "current" ENGINE and increment the structural reference count of the -+ * ENGINE it returns (unless it is NULL). -+ */ - - /* Get the first/last "ENGINE" type available. */ - ENGINE *ENGINE_get_first(void); -@@ -323,40 +382,43 @@ ENGINE *ENGINE_by_id(const char *id); - /* Add all the built-in engines. */ - void ENGINE_load_openssl(void); - void ENGINE_load_dynamic(void); --#ifndef OPENSSL_NO_STATIC_ENGINE -+# ifndef OPENSSL_NO_STATIC_ENGINE - void ENGINE_load_4758cca(void); - void ENGINE_load_aep(void); - void ENGINE_load_atalla(void); - void ENGINE_load_chil(void); - void ENGINE_load_cswift(void); --#ifndef OPENSSL_NO_GMP -+# ifndef OPENSSL_NO_GMP - void ENGINE_load_gmp(void); --#endif -+# endif - void ENGINE_load_nuron(void); - void ENGINE_load_sureware(void); - void ENGINE_load_ubsec(void); --#ifdef OPENSSL_SYS_WIN32 --#ifndef OPENSSL_NO_CAPIENG -+# ifdef OPENSSL_SYS_WIN32 -+# ifndef OPENSSL_NO_CAPIENG - void ENGINE_load_capi(void); --#endif --#endif --#endif -+# endif -+# endif -+# endif - void ENGINE_load_cryptodev(void); - void ENGINE_load_padlock(void); - void ENGINE_load_builtin_engines(void); - --/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation -- * "registry" handling. */ -+/* -+ * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation -+ * "registry" handling. -+ */ - unsigned int ENGINE_get_table_flags(void); - void ENGINE_set_table_flags(unsigned int flags); - --/* Manage registration of ENGINEs per "table". For each type, there are 3 -+/*- Manage registration of ENGINEs per "table". For each type, there are 3 - * functions; - * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) - * ENGINE_unregister_***(e) - unregister the implementation from 'e' - * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list - * Cleanup is automatically registered from each table when required, so -- * ENGINE_cleanup() will reverse any "register" operations. */ -+ * ENGINE_cleanup() will reverse any "register" operations. -+ */ - - int ENGINE_register_RSA(ENGINE *e); - void ENGINE_unregister_RSA(ENGINE *e); -@@ -394,63 +456,77 @@ int ENGINE_register_digests(ENGINE *e); - void ENGINE_unregister_digests(ENGINE *e); - void ENGINE_register_all_digests(void); - --/* These functions register all support from the above categories. Note, use of -- * these functions can result in static linkage of code your application may not -- * need. If you only need a subset of functionality, consider using more -- * selective initialisation. */ -+/* -+ * These functions register all support from the above categories. Note, use -+ * of these functions can result in static linkage of code your application -+ * may not need. If you only need a subset of functionality, consider using -+ * more selective initialisation. -+ */ - int ENGINE_register_complete(ENGINE *e); - int ENGINE_register_all_complete(void); - --/* Send parametrised control commands to the engine. The possibilities to send -- * down an integer, a pointer to data or a function pointer are provided. Any of -- * the parameters may or may not be NULL, depending on the command number. In -- * actuality, this function only requires a structural (rather than functional) -- * reference to an engine, but many control commands may require the engine be -- * functional. The caller should be aware of trying commands that require an -- * operational ENGINE, and only use functional references in such situations. */ --int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); -- --/* This function tests if an ENGINE-specific command is usable as a "setting". -- * Eg. in an application's config file that gets processed through -+/* -+ * Send parametrised control commands to the engine. The possibilities to -+ * send down an integer, a pointer to data or a function pointer are -+ * provided. Any of the parameters may or may not be NULL, depending on the -+ * command number. In actuality, this function only requires a structural -+ * (rather than functional) reference to an engine, but many control commands -+ * may require the engine be functional. The caller should be aware of trying -+ * commands that require an operational ENGINE, and only use functional -+ * references in such situations. -+ */ -+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); -+ -+/* -+ * This function tests if an ENGINE-specific command is usable as a -+ * "setting". Eg. in an application's config file that gets processed through - * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to -- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ -+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). -+ */ - int ENGINE_cmd_is_executable(ENGINE *e, int cmd); - --/* This function works like ENGINE_ctrl() with the exception of taking a -- * command name instead of a command number, and can handle optional commands. -- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to -- * use the cmd_name and cmd_optional. */ -+/* -+ * This function works like ENGINE_ctrl() with the exception of taking a -+ * command name instead of a command number, and can handle optional -+ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation -+ * on how to use the cmd_name and cmd_optional. -+ */ - int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, -- long i, void *p, void (*f)(void), int cmd_optional); -- --/* This function passes a command-name and argument to an ENGINE. The cmd_name -- * is converted to a command number and the control command is called using -- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in -- * which case no control command is called). The command is checked for input -- * flags, and if necessary the argument will be converted to a numeric value. If -- * cmd_optional is non-zero, then if the ENGINE doesn't support the given -- * cmd_name the return value will be success anyway. This function is intended -- * for applications to use so that users (or config files) can supply -- * engine-specific config data to the ENGINE at run-time to control behaviour of -- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl() -- * functions that return data, deal with binary data, or that are otherwise -- * supposed to be used directly through ENGINE_ctrl() in application code. Any -- * "return" data from an ENGINE_ctrl() operation in this function will be lost - -- * the return value is interpreted as failure if the return value is zero, -- * success otherwise, and this function returns a boolean value as a result. In -- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE -- * implementations with parameterisations that work in this scheme, so that -- * compliant ENGINE-based applications can work consistently with the same -- * configuration for the same ENGINE-enabled devices, across applications. */ -+ long i, void *p, void (*f) (void), int cmd_optional); -+ -+/* -+ * This function passes a command-name and argument to an ENGINE. The -+ * cmd_name is converted to a command number and the control command is -+ * called using 'arg' as an argument (unless the ENGINE doesn't support such -+ * a command, in which case no control command is called). The command is -+ * checked for input flags, and if necessary the argument will be converted -+ * to a numeric value. If cmd_optional is non-zero, then if the ENGINE -+ * doesn't support the given cmd_name the return value will be success -+ * anyway. This function is intended for applications to use so that users -+ * (or config files) can supply engine-specific config data to the ENGINE at -+ * run-time to control behaviour of specific engines. As such, it shouldn't -+ * be used for calling ENGINE_ctrl() functions that return data, deal with -+ * binary data, or that are otherwise supposed to be used directly through -+ * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() -+ * operation in this function will be lost - the return value is interpreted -+ * as failure if the return value is zero, success otherwise, and this -+ * function returns a boolean value as a result. In other words, vendors of -+ * 'ENGINE'-enabled devices should write ENGINE implementations with -+ * parameterisations that work in this scheme, so that compliant ENGINE-based -+ * applications can work consistently with the same configuration for the -+ * same ENGINE-enabled devices, across applications. -+ */ - int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, -- int cmd_optional); -- --/* These functions are useful for manufacturing new ENGINE structures. They -- * don't address reference counting at all - one uses them to populate an ENGINE -- * structure with personalised implementations of things prior to using it -- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also -- * here so that the ENGINE structure doesn't have to be exposed and break binary -- * compatibility! */ -+ int cmd_optional); -+ -+/* -+ * These functions are useful for manufacturing new ENGINE structures. They -+ * don't address reference counting at all - one uses them to populate an -+ * ENGINE structure with personalised implementations of things prior to -+ * using it directly or adding it to the builtin ENGINE list in OpenSSL. -+ * These are also here so that the ENGINE structure doesn't have to be -+ * exposed and break binary compatibility! -+ */ - ENGINE *ENGINE_new(void); - int ENGINE_free(ENGINE *e); - int ENGINE_up_ref(ENGINE *e); -@@ -467,30 +543,37 @@ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); - int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); - int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); - int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); --int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); -+int ENGINE_set_load_privkey_function(ENGINE *e, -+ ENGINE_LOAD_KEY_PTR loadpriv_f); - int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); - int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, -- ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); -+ ENGINE_SSL_CLIENT_CERT_PTR -+ loadssl_f); - int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); - int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); - int ENGINE_set_flags(ENGINE *e, int flags); - int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); - /* These functions allow control over any per-structure ENGINE data. */ - int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); - int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); - void *ENGINE_get_ex_data(const ENGINE *e, int idx); - --/* This function cleans up anything that needs it. Eg. the ENGINE_add() function -- * automatically ensures the list cleanup function is registered to be called -- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure -- * ENGINE_cleanup() will clean up after them. */ -+/* -+ * This function cleans up anything that needs it. Eg. the ENGINE_add() -+ * function automatically ensures the list cleanup function is registered to -+ * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_*** -+ * functions ensure ENGINE_cleanup() will clean up after them. -+ */ - void ENGINE_cleanup(void); - --/* These return values from within the ENGINE structure. These can be useful -+/* -+ * These return values from within the ENGINE structure. These can be useful - * with functional references as well as structural references - it depends - * which you obtained. Using the result for functional purposes if you only -- * obtained a structural reference may be problematic! */ -+ * obtained a structural reference may be problematic! -+ */ - const char *ENGINE_get_id(const ENGINE *e); - const char *ENGINE_get_name(const ENGINE *e); - const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); -@@ -506,7 +589,8 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); - ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); - ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); - ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); --ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); -+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE -+ *e); - ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); - ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); - const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); -@@ -514,43 +598,52 @@ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); - const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); - int ENGINE_get_flags(const ENGINE *e); - --/* FUNCTIONAL functions. These functions deal with ENGINE structures -- * that have (or will) be initialised for use. Broadly speaking, the -- * structural functions are useful for iterating the list of available -- * engine types, creating new engine types, and other "list" operations. -- * These functions actually deal with ENGINEs that are to be used. As -- * such these functions can fail (if applicable) when particular -- * engines are unavailable - eg. if a hardware accelerator is not -- * attached or not functioning correctly. Each ENGINE has 2 reference -- * counts; structural and functional. Every time a functional reference -- * is obtained or released, a corresponding structural reference is -- * automatically obtained or released too. */ -- --/* Initialise a engine type for use (or up its reference count if it's -- * already in use). This will fail if the engine is not currently -- * operational and cannot initialise. */ -+/* -+ * FUNCTIONAL functions. These functions deal with ENGINE structures that -+ * have (or will) be initialised for use. Broadly speaking, the structural -+ * functions are useful for iterating the list of available engine types, -+ * creating new engine types, and other "list" operations. These functions -+ * actually deal with ENGINEs that are to be used. As such these functions -+ * can fail (if applicable) when particular engines are unavailable - eg. if -+ * a hardware accelerator is not attached or not functioning correctly. Each -+ * ENGINE has 2 reference counts; structural and functional. Every time a -+ * functional reference is obtained or released, a corresponding structural -+ * reference is automatically obtained or released too. -+ */ -+ -+/* -+ * Initialise a engine type for use (or up its reference count if it's -+ * already in use). This will fail if the engine is not currently operational -+ * and cannot initialise. -+ */ - int ENGINE_init(ENGINE *e); --/* Free a functional reference to a engine type. This does not require -- * a corresponding call to ENGINE_free as it also releases a structural -- * reference. */ -+/* -+ * Free a functional reference to a engine type. This does not require a -+ * corresponding call to ENGINE_free as it also releases a structural -+ * reference. -+ */ - int ENGINE_finish(ENGINE *e); - --/* The following functions handle keys that are stored in some secondary -+/* -+ * The following functions handle keys that are stored in some secondary - * location, handled by the engine. The storage may be on a card or -- * whatever. */ -+ * whatever. -+ */ - EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, -- UI_METHOD *ui_method, void *callback_data); -+ UI_METHOD *ui_method, void *callback_data); - EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, -- UI_METHOD *ui_method, void *callback_data); -+ UI_METHOD *ui_method, void *callback_data); - int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, -- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, -- STACK_OF(X509) **pother, -- UI_METHOD *ui_method, void *callback_data); -- --/* This returns a pointer for the current ENGINE structure that -- * is (by default) performing any RSA operations. The value returned -- * is an incremented reference, so it should be free'd (ENGINE_finish) -- * before it is discarded. */ -+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, -+ EVP_PKEY **ppkey, STACK_OF(X509) **pother, -+ UI_METHOD *ui_method, void *callback_data); -+ -+/* -+ * This returns a pointer for the current ENGINE structure that is (by -+ * default) performing any RSA operations. The value returned is an -+ * incremented reference, so it should be free'd (ENGINE_finish) before it is -+ * discarded. -+ */ - ENGINE *ENGINE_get_default_RSA(void); - /* Same for the other "methods" */ - ENGINE *ENGINE_get_default_DSA(void); -@@ -558,15 +651,19 @@ ENGINE *ENGINE_get_default_ECDH(void); - ENGINE *ENGINE_get_default_ECDSA(void); - ENGINE *ENGINE_get_default_DH(void); - ENGINE *ENGINE_get_default_RAND(void); --/* These functions can be used to get a functional reference to perform -- * ciphering or digesting corresponding to "nid". */ -+/* -+ * These functions can be used to get a functional reference to perform -+ * ciphering or digesting corresponding to "nid". -+ */ - ENGINE *ENGINE_get_cipher_engine(int nid); - ENGINE *ENGINE_get_digest_engine(int nid); - --/* This sets a new default ENGINE structure for performing RSA -- * operations. If the result is non-zero (success) then the ENGINE -- * structure will have had its reference count up'd so the caller -- * should still free their own reference 'e'. */ -+/* -+ * This sets a new default ENGINE structure for performing RSA operations. If -+ * the result is non-zero (success) then the ENGINE structure will have had -+ * its reference count up'd so the caller should still free their own -+ * reference 'e'. -+ */ - int ENGINE_set_default_RSA(ENGINE *e); - int ENGINE_set_default_string(ENGINE *e, const char *def_list); - /* Same for the other "methods" */ -@@ -578,11 +675,13 @@ int ENGINE_set_default_RAND(ENGINE *e); - int ENGINE_set_default_ciphers(ENGINE *e); - int ENGINE_set_default_digests(ENGINE *e); - --/* The combination "set" - the flags are bitwise "OR"d from the -+/* -+ * The combination "set" - the flags are bitwise "OR"d from the - * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" - * function, this function can result in unnecessary static linkage. If your - * application requires only specific functionality, consider using more -- * selective functions. */ -+ * selective functions. -+ */ - int ENGINE_set_default(ENGINE *e, unsigned int flags); - - void ENGINE_add_conf_module(void); -@@ -595,122 +694,137 @@ void ENGINE_add_conf_module(void); - /**************************/ - - /* Binary/behaviour compatibility levels */ --#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 --/* Binary versions older than this are too old for us (whether we're a loader or -- * a loadee) */ --#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 -- --/* When compiling an ENGINE entirely as an external shared library, loadable by -- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure -- * type provides the calling application's (or library's) error functionality -- * and memory management function pointers to the loaded library. These should -- * be used/set in the loaded library code so that the loading application's -- * 'state' will be used/changed in all operations. The 'static_state' pointer -- * allows the loaded library to know if it shares the same static data as the -- * calling application (or library), and thus whether these callbacks need to be -- * set or not. */ --typedef void *(*dyn_MEM_malloc_cb)(size_t); --typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); --typedef void (*dyn_MEM_free_cb)(void *); -+# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 -+/* -+ * Binary versions older than this are too old for us (whether we're a loader -+ * or a loadee) -+ */ -+# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 -+ -+/* -+ * When compiling an ENGINE entirely as an external shared library, loadable -+ * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' -+ * structure type provides the calling application's (or library's) error -+ * functionality and memory management function pointers to the loaded -+ * library. These should be used/set in the loaded library code so that the -+ * loading application's 'state' will be used/changed in all operations. The -+ * 'static_state' pointer allows the loaded library to know if it shares the -+ * same static data as the calling application (or library), and thus whether -+ * these callbacks need to be set or not. -+ */ -+typedef void *(*dyn_MEM_malloc_cb) (size_t); -+typedef void *(*dyn_MEM_realloc_cb) (void *, size_t); -+typedef void (*dyn_MEM_free_cb) (void *); - typedef struct st_dynamic_MEM_fns { -- dyn_MEM_malloc_cb malloc_cb; -- dyn_MEM_realloc_cb realloc_cb; -- dyn_MEM_free_cb free_cb; -- } dynamic_MEM_fns; --/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use -- * these types so we (and any other dependant code) can simplify a bit?? */ --typedef void (*dyn_lock_locking_cb)(int,int,const char *,int); --typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int); --typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( -- const char *,int); --typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *, -- const char *,int); --typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, -- const char *,int); -+ dyn_MEM_malloc_cb malloc_cb; -+ dyn_MEM_realloc_cb realloc_cb; -+ dyn_MEM_free_cb free_cb; -+} dynamic_MEM_fns; -+/* -+ * FIXME: Perhaps the memory and locking code (crypto.h) should declare and -+ * use these types so we (and any other dependant code) can simplify a bit?? -+ */ -+typedef void (*dyn_lock_locking_cb) (int, int, const char *, int); -+typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int); -+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *, -+ int); -+typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *, -+ const char *, int); -+typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *, -+ const char *, int); - typedef struct st_dynamic_LOCK_fns { -- dyn_lock_locking_cb lock_locking_cb; -- dyn_lock_add_lock_cb lock_add_lock_cb; -- dyn_dynlock_create_cb dynlock_create_cb; -- dyn_dynlock_lock_cb dynlock_lock_cb; -- dyn_dynlock_destroy_cb dynlock_destroy_cb; -- } dynamic_LOCK_fns; -+ dyn_lock_locking_cb lock_locking_cb; -+ dyn_lock_add_lock_cb lock_add_lock_cb; -+ dyn_dynlock_create_cb dynlock_create_cb; -+ dyn_dynlock_lock_cb dynlock_lock_cb; -+ dyn_dynlock_destroy_cb dynlock_destroy_cb; -+} dynamic_LOCK_fns; - /* The top-level structure */ - typedef struct st_dynamic_fns { -- void *static_state; -- const ERR_FNS *err_fns; -- const CRYPTO_EX_DATA_IMPL *ex_data_fns; -- dynamic_MEM_fns mem_fns; -- dynamic_LOCK_fns lock_fns; -- } dynamic_fns; -- --/* The version checking function should be of this prototype. NB: The -- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. -- * If this function returns zero, it indicates a (potential) version -+ void *static_state; -+ const ERR_FNS *err_fns; -+ const CRYPTO_EX_DATA_IMPL *ex_data_fns; -+ dynamic_MEM_fns mem_fns; -+ dynamic_LOCK_fns lock_fns; -+} dynamic_fns; -+ -+/* -+ * The version checking function should be of this prototype. NB: The -+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading -+ * code. If this function returns zero, it indicates a (potential) version - * incompatibility and the loaded library doesn't believe it can proceed. - * Otherwise, the returned value is the (latest) version supported by the -- * loading library. The loader may still decide that the loaded code's version -- * is unsatisfactory and could veto the load. The function is expected to -- * be implemented with the symbol name "v_check", and a default implementation -- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ --typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); --#define IMPLEMENT_DYNAMIC_CHECK_FN() \ -- OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ -- if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ -- return 0; } -- --/* This function is passed the ENGINE structure to initialise with its own -+ * loading library. The loader may still decide that the loaded code's -+ * version is unsatisfactory and could veto the load. The function is -+ * expected to be implemented with the symbol name "v_check", and a default -+ * implementation can be fully instantiated with -+ * IMPLEMENT_DYNAMIC_CHECK_FN(). -+ */ -+typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); -+# define IMPLEMENT_DYNAMIC_CHECK_FN() \ -+ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ -+ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ -+ return 0; } -+ -+/* -+ * This function is passed the ENGINE structure to initialise with its own - * function and command settings. It should not adjust the structural or -- * functional reference counts. If this function returns zero, (a) the load will -- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the -- * structure, and (c) the shared library will be unloaded. So implementations -- * should do their own internal cleanup in failure circumstances otherwise they -- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that -- * the loader is looking for. If this is NULL, the shared library can choose to -- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared -- * library must initialise only an ENGINE matching the passed 'id'. The function -- * is expected to be implemented with the symbol name "bind_engine". A standard -- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where -- * the parameter 'fn' is a callback function that populates the ENGINE structure -- * and returns an int value (zero for failure). 'fn' should have prototype; -- * [static] int fn(ENGINE *e, const char *id); */ --typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, -- const dynamic_fns *fns); --#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ -- OPENSSL_EXPORT \ -- int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ -- if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ -- if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ -- fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ -- return 0; \ -- CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ -- CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ -- CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ -- CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ -- CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ -- if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ -- return 0; \ -- if(!ERR_set_implementation(fns->err_fns)) return 0; \ -- skip_cbs: \ -- if(!fn(e,id)) return 0; \ -- return 1; } -- --/* If the loading application (or library) and the loaded ENGINE library share -- * the same static data (eg. they're both dynamically linked to the same -- * libcrypto.so) we need a way to avoid trying to set system callbacks - this -- * would fail, and for the same reason that it's unnecessary to try. If the -- * loaded ENGINE has (or gets from through the loader) its own copy of the -- * libcrypto static data, we will need to set the callbacks. The easiest way to -- * detect this is to have a function that returns a pointer to some static data -- * and let the loading application and loaded ENGINE compare their respective -- * values. */ -+ * functional reference counts. If this function returns zero, (a) the load -+ * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto -+ * the structure, and (c) the shared library will be unloaded. So -+ * implementations should do their own internal cleanup in failure -+ * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, -+ * represents the ENGINE id that the loader is looking for. If this is NULL, -+ * the shared library can choose to return failure or to initialise a -+ * 'default' ENGINE. If non-NULL, the shared library must initialise only an -+ * ENGINE matching the passed 'id'. The function is expected to be -+ * implemented with the symbol name "bind_engine". A standard implementation -+ * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter -+ * 'fn' is a callback function that populates the ENGINE structure and -+ * returns an int value (zero for failure). 'fn' should have prototype; -+ * [static] int fn(ENGINE *e, const char *id); -+ */ -+typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, -+ const dynamic_fns *fns); -+# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ -+ OPENSSL_EXPORT \ -+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ -+ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ -+ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ -+ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ -+ return 0; \ -+ CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ -+ CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ -+ CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ -+ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ -+ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ -+ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ -+ return 0; \ -+ if(!ERR_set_implementation(fns->err_fns)) return 0; \ -+ skip_cbs: \ -+ if(!fn(e,id)) return 0; \ -+ return 1; } -+ -+/* -+ * If the loading application (or library) and the loaded ENGINE library -+ * share the same static data (eg. they're both dynamically linked to the -+ * same libcrypto.so) we need a way to avoid trying to set system callbacks - -+ * this would fail, and for the same reason that it's unnecessary to try. If -+ * the loaded ENGINE has (or gets from through the loader) its own copy of -+ * the libcrypto static data, we will need to set the callbacks. The easiest -+ * way to detect this is to have a function that returns a pointer to some -+ * static data and let the loading application and loaded ENGINE compare -+ * their respective values. -+ */ - void *ENGINE_get_static_state(void); - --#if defined(__OpenBSD__) || defined(__FreeBSD__) -+# if defined(__OpenBSD__) || defined(__FreeBSD__) - void ENGINE_setup_bsd_cryptodev(void); --#endif -+# endif - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_ENGINE_strings(void); -@@ -718,85 +832,85 @@ void ERR_load_ENGINE_strings(void); - /* Error codes for the ENGINE functions. */ - - /* Function codes. */ --#define ENGINE_F_DYNAMIC_CTRL 180 --#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 --#define ENGINE_F_DYNAMIC_LOAD 182 --#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 --#define ENGINE_F_ENGINE_ADD 105 --#define ENGINE_F_ENGINE_BY_ID 106 --#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 --#define ENGINE_F_ENGINE_CTRL 142 --#define ENGINE_F_ENGINE_CTRL_CMD 178 --#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 --#define ENGINE_F_ENGINE_FINISH 107 --#define ENGINE_F_ENGINE_FREE_UTIL 108 --#define ENGINE_F_ENGINE_GET_CIPHER 185 --#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 --#define ENGINE_F_ENGINE_GET_DIGEST 186 --#define ENGINE_F_ENGINE_GET_NEXT 115 --#define ENGINE_F_ENGINE_GET_PREV 116 --#define ENGINE_F_ENGINE_INIT 119 --#define ENGINE_F_ENGINE_LIST_ADD 120 --#define ENGINE_F_ENGINE_LIST_REMOVE 121 --#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 --#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 --#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 --#define ENGINE_F_ENGINE_NEW 122 --#define ENGINE_F_ENGINE_REMOVE 123 --#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 --#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 --#define ENGINE_F_ENGINE_SET_ID 129 --#define ENGINE_F_ENGINE_SET_NAME 130 --#define ENGINE_F_ENGINE_TABLE_REGISTER 184 --#define ENGINE_F_ENGINE_UNLOAD_KEY 152 --#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 --#define ENGINE_F_ENGINE_UP_REF 190 --#define ENGINE_F_INT_CTRL_HELPER 172 --#define ENGINE_F_INT_ENGINE_CONFIGURE 188 --#define ENGINE_F_INT_ENGINE_MODULE_INIT 187 --#define ENGINE_F_LOG_MESSAGE 141 -+# define ENGINE_F_DYNAMIC_CTRL 180 -+# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 -+# define ENGINE_F_DYNAMIC_LOAD 182 -+# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 -+# define ENGINE_F_ENGINE_ADD 105 -+# define ENGINE_F_ENGINE_BY_ID 106 -+# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 -+# define ENGINE_F_ENGINE_CTRL 142 -+# define ENGINE_F_ENGINE_CTRL_CMD 178 -+# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 -+# define ENGINE_F_ENGINE_FINISH 107 -+# define ENGINE_F_ENGINE_FREE_UTIL 108 -+# define ENGINE_F_ENGINE_GET_CIPHER 185 -+# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 -+# define ENGINE_F_ENGINE_GET_DIGEST 186 -+# define ENGINE_F_ENGINE_GET_NEXT 115 -+# define ENGINE_F_ENGINE_GET_PREV 116 -+# define ENGINE_F_ENGINE_INIT 119 -+# define ENGINE_F_ENGINE_LIST_ADD 120 -+# define ENGINE_F_ENGINE_LIST_REMOVE 121 -+# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 -+# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 -+# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 -+# define ENGINE_F_ENGINE_NEW 122 -+# define ENGINE_F_ENGINE_REMOVE 123 -+# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 -+# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 -+# define ENGINE_F_ENGINE_SET_ID 129 -+# define ENGINE_F_ENGINE_SET_NAME 130 -+# define ENGINE_F_ENGINE_TABLE_REGISTER 184 -+# define ENGINE_F_ENGINE_UNLOAD_KEY 152 -+# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 -+# define ENGINE_F_ENGINE_UP_REF 190 -+# define ENGINE_F_INT_CTRL_HELPER 172 -+# define ENGINE_F_INT_ENGINE_CONFIGURE 188 -+# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 -+# define ENGINE_F_LOG_MESSAGE 141 - - /* Reason codes. */ --#define ENGINE_R_ALREADY_LOADED 100 --#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 --#define ENGINE_R_CMD_NOT_EXECUTABLE 134 --#define ENGINE_R_COMMAND_TAKES_INPUT 135 --#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 --#define ENGINE_R_CONFLICTING_ENGINE_ID 103 --#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 --#define ENGINE_R_DH_NOT_IMPLEMENTED 139 --#define ENGINE_R_DSA_NOT_IMPLEMENTED 140 --#define ENGINE_R_DSO_FAILURE 104 --#define ENGINE_R_DSO_NOT_FOUND 132 --#define ENGINE_R_ENGINES_SECTION_ERROR 148 --#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 --#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 --#define ENGINE_R_ENGINE_SECTION_ERROR 149 --#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 --#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 --#define ENGINE_R_FINISH_FAILED 106 --#define ENGINE_R_GET_HANDLE_FAILED 107 --#define ENGINE_R_ID_OR_NAME_MISSING 108 --#define ENGINE_R_INIT_FAILED 109 --#define ENGINE_R_INTERNAL_LIST_ERROR 110 --#define ENGINE_R_INVALID_ARGUMENT 143 --#define ENGINE_R_INVALID_CMD_NAME 137 --#define ENGINE_R_INVALID_CMD_NUMBER 138 --#define ENGINE_R_INVALID_INIT_VALUE 151 --#define ENGINE_R_INVALID_STRING 150 --#define ENGINE_R_NOT_INITIALISED 117 --#define ENGINE_R_NOT_LOADED 112 --#define ENGINE_R_NO_CONTROL_FUNCTION 120 --#define ENGINE_R_NO_INDEX 144 --#define ENGINE_R_NO_LOAD_FUNCTION 125 --#define ENGINE_R_NO_REFERENCE 130 --#define ENGINE_R_NO_SUCH_ENGINE 116 --#define ENGINE_R_NO_UNLOAD_FUNCTION 126 --#define ENGINE_R_PROVIDE_PARAMETERS 113 --#define ENGINE_R_RSA_NOT_IMPLEMENTED 141 --#define ENGINE_R_UNIMPLEMENTED_CIPHER 146 --#define ENGINE_R_UNIMPLEMENTED_DIGEST 147 --#define ENGINE_R_VERSION_INCOMPATIBILITY 145 -+# define ENGINE_R_ALREADY_LOADED 100 -+# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 -+# define ENGINE_R_CMD_NOT_EXECUTABLE 134 -+# define ENGINE_R_COMMAND_TAKES_INPUT 135 -+# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 -+# define ENGINE_R_CONFLICTING_ENGINE_ID 103 -+# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 -+# define ENGINE_R_DH_NOT_IMPLEMENTED 139 -+# define ENGINE_R_DSA_NOT_IMPLEMENTED 140 -+# define ENGINE_R_DSO_FAILURE 104 -+# define ENGINE_R_DSO_NOT_FOUND 132 -+# define ENGINE_R_ENGINES_SECTION_ERROR 148 -+# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 -+# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 -+# define ENGINE_R_ENGINE_SECTION_ERROR 149 -+# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 -+# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 -+# define ENGINE_R_FINISH_FAILED 106 -+# define ENGINE_R_GET_HANDLE_FAILED 107 -+# define ENGINE_R_ID_OR_NAME_MISSING 108 -+# define ENGINE_R_INIT_FAILED 109 -+# define ENGINE_R_INTERNAL_LIST_ERROR 110 -+# define ENGINE_R_INVALID_ARGUMENT 143 -+# define ENGINE_R_INVALID_CMD_NAME 137 -+# define ENGINE_R_INVALID_CMD_NUMBER 138 -+# define ENGINE_R_INVALID_INIT_VALUE 151 -+# define ENGINE_R_INVALID_STRING 150 -+# define ENGINE_R_NOT_INITIALISED 117 -+# define ENGINE_R_NOT_LOADED 112 -+# define ENGINE_R_NO_CONTROL_FUNCTION 120 -+# define ENGINE_R_NO_INDEX 144 -+# define ENGINE_R_NO_LOAD_FUNCTION 125 -+# define ENGINE_R_NO_REFERENCE 130 -+# define ENGINE_R_NO_SUCH_ENGINE 116 -+# define ENGINE_R_NO_UNLOAD_FUNCTION 126 -+# define ENGINE_R_PROVIDE_PARAMETERS 113 -+# define ENGINE_R_RSA_NOT_IMPLEMENTED 141 -+# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 -+# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 -+# define ENGINE_R_VERSION_INCOMPATIBILITY 145 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h -index 73d7733..2a2ecc8 100644 ---- a/Cryptlib/Include/openssl/err.h -+++ b/Cryptlib/Include/openssl/err.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,234 +57,233 @@ - */ - - #ifndef HEADER_ERR_H --#define HEADER_ERR_H -+# define HEADER_ERR_H - --#include -+# include - --#ifndef OPENSSL_NO_FP_API --#include --#include --#endif -+# ifndef OPENSSL_NO_FP_API -+# include -+# include -+# endif - --#include --#ifndef OPENSSL_NO_BIO --#include --#endif --#ifndef OPENSSL_NO_LHASH --#include --#endif -+# include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# ifndef OPENSSL_NO_LHASH -+# include -+# endif - --#ifdef __cplusplus -+#ifdef __cplusplus - extern "C" { - #endif - --#ifndef OPENSSL_NO_ERR --#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) --#else --#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) --#endif -+# ifndef OPENSSL_NO_ERR -+# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) -+# else -+# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) -+# endif - --#include -+# include - --#define ERR_TXT_MALLOCED 0x01 --#define ERR_TXT_STRING 0x02 -+# define ERR_TXT_MALLOCED 0x01 -+# define ERR_TXT_STRING 0x02 - --#define ERR_FLAG_MARK 0x01 -+# define ERR_FLAG_MARK 0x01 - --#define ERR_NUM_ERRORS 16 --typedef struct err_state_st -- { -- unsigned long pid; -- int err_flags[ERR_NUM_ERRORS]; -- unsigned long err_buffer[ERR_NUM_ERRORS]; -- char *err_data[ERR_NUM_ERRORS]; -- int err_data_flags[ERR_NUM_ERRORS]; -- const char *err_file[ERR_NUM_ERRORS]; -- int err_line[ERR_NUM_ERRORS]; -- int top,bottom; -- } ERR_STATE; -+# define ERR_NUM_ERRORS 16 -+typedef struct err_state_st { -+ unsigned long pid; -+ int err_flags[ERR_NUM_ERRORS]; -+ unsigned long err_buffer[ERR_NUM_ERRORS]; -+ char *err_data[ERR_NUM_ERRORS]; -+ int err_data_flags[ERR_NUM_ERRORS]; -+ const char *err_file[ERR_NUM_ERRORS]; -+ int err_line[ERR_NUM_ERRORS]; -+ int top, bottom; -+} ERR_STATE; - - /* library */ --#define ERR_LIB_NONE 1 --#define ERR_LIB_SYS 2 --#define ERR_LIB_BN 3 --#define ERR_LIB_RSA 4 --#define ERR_LIB_DH 5 --#define ERR_LIB_EVP 6 --#define ERR_LIB_BUF 7 --#define ERR_LIB_OBJ 8 --#define ERR_LIB_PEM 9 --#define ERR_LIB_DSA 10 --#define ERR_LIB_X509 11 -+# define ERR_LIB_NONE 1 -+# define ERR_LIB_SYS 2 -+# define ERR_LIB_BN 3 -+# define ERR_LIB_RSA 4 -+# define ERR_LIB_DH 5 -+# define ERR_LIB_EVP 6 -+# define ERR_LIB_BUF 7 -+# define ERR_LIB_OBJ 8 -+# define ERR_LIB_PEM 9 -+# define ERR_LIB_DSA 10 -+# define ERR_LIB_X509 11 - /* #define ERR_LIB_METH 12 */ --#define ERR_LIB_ASN1 13 --#define ERR_LIB_CONF 14 --#define ERR_LIB_CRYPTO 15 --#define ERR_LIB_EC 16 --#define ERR_LIB_SSL 20 -+# define ERR_LIB_ASN1 13 -+# define ERR_LIB_CONF 14 -+# define ERR_LIB_CRYPTO 15 -+# define ERR_LIB_EC 16 -+# define ERR_LIB_SSL 20 - /* #define ERR_LIB_SSL23 21 */ - /* #define ERR_LIB_SSL2 22 */ - /* #define ERR_LIB_SSL3 23 */ - /* #define ERR_LIB_RSAREF 30 */ - /* #define ERR_LIB_PROXY 31 */ --#define ERR_LIB_BIO 32 --#define ERR_LIB_PKCS7 33 --#define ERR_LIB_X509V3 34 --#define ERR_LIB_PKCS12 35 --#define ERR_LIB_RAND 36 --#define ERR_LIB_DSO 37 --#define ERR_LIB_ENGINE 38 --#define ERR_LIB_OCSP 39 --#define ERR_LIB_UI 40 --#define ERR_LIB_COMP 41 --#define ERR_LIB_ECDSA 42 --#define ERR_LIB_ECDH 43 --#define ERR_LIB_STORE 44 --#define ERR_LIB_FIPS 45 --#define ERR_LIB_CMS 46 --#define ERR_LIB_JPAKE 47 -- --#define ERR_LIB_USER 128 -- --#define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) --#define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) --#define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) --#define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) --#define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) --#define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) --#define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) --#define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) --#define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) --#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) --#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) --#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) --#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) --#define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) --#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) --#define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) --#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) --#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) --#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) --#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) --#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) --#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) --#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) --#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) --#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) --#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) --#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) --#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) --#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) --#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) --#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) -- --/* Borland C seems too stupid to be able to shift and do longs in -- * the pre-processor :-( */ --#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ -- ((((unsigned long)f)&0xfffL)*0x1000)| \ -- ((((unsigned long)r)&0xfffL))) --#define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) --#define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) --#define ERR_GET_REASON(l) (int)((l)&0xfffL) --#define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) -- -+# define ERR_LIB_BIO 32 -+# define ERR_LIB_PKCS7 33 -+# define ERR_LIB_X509V3 34 -+# define ERR_LIB_PKCS12 35 -+# define ERR_LIB_RAND 36 -+# define ERR_LIB_DSO 37 -+# define ERR_LIB_ENGINE 38 -+# define ERR_LIB_OCSP 39 -+# define ERR_LIB_UI 40 -+# define ERR_LIB_COMP 41 -+# define ERR_LIB_ECDSA 42 -+# define ERR_LIB_ECDH 43 -+# define ERR_LIB_STORE 44 -+# define ERR_LIB_FIPS 45 -+# define ERR_LIB_CMS 46 -+# define ERR_LIB_JPAKE 47 -+ -+# define ERR_LIB_USER 128 -+ -+# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) -+# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) -+# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) -+# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) -+# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) -+# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) -+# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) -+# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) -+# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) -+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) -+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) -+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) -+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) -+# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) -+# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) -+# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) -+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) -+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) -+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) -+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) -+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) -+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) -+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) -+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) -+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) -+# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) -+# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) -+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) -+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) -+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) -+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) -+ -+/* -+ * Borland C seems too stupid to be able to shift and do longs in the -+ * pre-processor :-( -+ */ -+# define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ -+ ((((unsigned long)f)&0xfffL)*0x1000)| \ -+ ((((unsigned long)r)&0xfffL))) -+# define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) -+# define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) -+# define ERR_GET_REASON(l) (int)((l)&0xfffL) -+# define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) - - /* OS functions */ --#define SYS_F_FOPEN 1 --#define SYS_F_CONNECT 2 --#define SYS_F_GETSERVBYNAME 3 --#define SYS_F_SOCKET 4 --#define SYS_F_IOCTLSOCKET 5 --#define SYS_F_BIND 6 --#define SYS_F_LISTEN 7 --#define SYS_F_ACCEPT 8 --#define SYS_F_WSASTARTUP 9 /* Winsock stuff */ --#define SYS_F_OPENDIR 10 --#define SYS_F_FREAD 11 -- -+# define SYS_F_FOPEN 1 -+# define SYS_F_CONNECT 2 -+# define SYS_F_GETSERVBYNAME 3 -+# define SYS_F_SOCKET 4 -+# define SYS_F_IOCTLSOCKET 5 -+# define SYS_F_BIND 6 -+# define SYS_F_LISTEN 7 -+# define SYS_F_ACCEPT 8 -+# define SYS_F_WSASTARTUP 9/* Winsock stuff */ -+# define SYS_F_OPENDIR 10 -+# define SYS_F_FREAD 11 - - /* reasons */ --#define ERR_R_SYS_LIB ERR_LIB_SYS /* 2 */ --#define ERR_R_BN_LIB ERR_LIB_BN /* 3 */ --#define ERR_R_RSA_LIB ERR_LIB_RSA /* 4 */ --#define ERR_R_DH_LIB ERR_LIB_DH /* 5 */ --#define ERR_R_EVP_LIB ERR_LIB_EVP /* 6 */ --#define ERR_R_BUF_LIB ERR_LIB_BUF /* 7 */ --#define ERR_R_OBJ_LIB ERR_LIB_OBJ /* 8 */ --#define ERR_R_PEM_LIB ERR_LIB_PEM /* 9 */ --#define ERR_R_DSA_LIB ERR_LIB_DSA /* 10 */ --#define ERR_R_X509_LIB ERR_LIB_X509 /* 11 */ --#define ERR_R_ASN1_LIB ERR_LIB_ASN1 /* 13 */ --#define ERR_R_CONF_LIB ERR_LIB_CONF /* 14 */ --#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO /* 15 */ --#define ERR_R_EC_LIB ERR_LIB_EC /* 16 */ --#define ERR_R_SSL_LIB ERR_LIB_SSL /* 20 */ --#define ERR_R_BIO_LIB ERR_LIB_BIO /* 32 */ --#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 /* 33 */ --#define ERR_R_X509V3_LIB ERR_LIB_X509V3 /* 34 */ --#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 /* 35 */ --#define ERR_R_RAND_LIB ERR_LIB_RAND /* 36 */ --#define ERR_R_DSO_LIB ERR_LIB_DSO /* 37 */ --#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE /* 38 */ --#define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ --#define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ --#define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ --#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ --#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ --#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ -- --#define ERR_R_NESTED_ASN1_ERROR 58 --#define ERR_R_BAD_ASN1_OBJECT_HEADER 59 --#define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 --#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 --#define ERR_R_ASN1_LENGTH_MISMATCH 62 --#define ERR_R_MISSING_ASN1_EOS 63 -+# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ -+# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ -+# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ -+# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ -+# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ -+# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ -+# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ -+# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ -+# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ -+# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ -+# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ -+# define ERR_R_CONF_LIB ERR_LIB_CONF/* 14 */ -+# define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO/* 15 */ -+# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ -+# define ERR_R_SSL_LIB ERR_LIB_SSL/* 20 */ -+# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ -+# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ -+# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ -+# define ERR_R_PKCS12_LIB ERR_LIB_PKCS12/* 35 */ -+# define ERR_R_RAND_LIB ERR_LIB_RAND/* 36 */ -+# define ERR_R_DSO_LIB ERR_LIB_DSO/* 37 */ -+# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ -+# define ERR_R_OCSP_LIB ERR_LIB_OCSP/* 39 */ -+# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ -+# define ERR_R_COMP_LIB ERR_LIB_COMP/* 41 */ -+# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ -+# define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ -+# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ -+ -+# define ERR_R_NESTED_ASN1_ERROR 58 -+# define ERR_R_BAD_ASN1_OBJECT_HEADER 59 -+# define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 -+# define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 -+# define ERR_R_ASN1_LENGTH_MISMATCH 62 -+# define ERR_R_MISSING_ASN1_EOS 63 - - /* fatal error */ --#define ERR_R_FATAL 64 --#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) --#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) --#define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) --#define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) --#define ERR_R_DISABLED (5|ERR_R_FATAL) -- --/* 99 is the maximum possible ERR_R_... code, higher values -- * are reserved for the individual libraries */ -- -+# define ERR_R_FATAL 64 -+# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) -+# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) -+# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) -+# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) -+# define ERR_R_DISABLED (5|ERR_R_FATAL) -+ -+/* -+ * 99 is the maximum possible ERR_R_... code, higher values are reserved for -+ * the individual libraries -+ */ - --typedef struct ERR_string_data_st -- { -- unsigned long error; -- const char *string; -- } ERR_STRING_DATA; -+typedef struct ERR_string_data_st { -+ unsigned long error; -+ const char *string; -+} ERR_STRING_DATA; - --void ERR_put_error(int lib, int func,int reason,const char *file,int line); --void ERR_set_error_data(char *data,int flags); -+void ERR_put_error(int lib, int func, int reason, const char *file, int line); -+void ERR_set_error_data(char *data, int flags); - - unsigned long ERR_get_error(void); --unsigned long ERR_get_error_line(const char **file,int *line); --unsigned long ERR_get_error_line_data(const char **file,int *line, -- const char **data, int *flags); -+unsigned long ERR_get_error_line(const char **file, int *line); -+unsigned long ERR_get_error_line_data(const char **file, int *line, -+ const char **data, int *flags); - unsigned long ERR_peek_error(void); --unsigned long ERR_peek_error_line(const char **file,int *line); --unsigned long ERR_peek_error_line_data(const char **file,int *line, -- const char **data,int *flags); -+unsigned long ERR_peek_error_line(const char **file, int *line); -+unsigned long ERR_peek_error_line_data(const char **file, int *line, -+ const char **data, int *flags); - unsigned long ERR_peek_last_error(void); --unsigned long ERR_peek_last_error_line(const char **file,int *line); --unsigned long ERR_peek_last_error_line_data(const char **file,int *line, -- const char **data,int *flags); --void ERR_clear_error(void ); --char *ERR_error_string(unsigned long e,char *buf); -+unsigned long ERR_peek_last_error_line(const char **file, int *line); -+unsigned long ERR_peek_last_error_line_data(const char **file, int *line, -+ const char **data, int *flags); -+void ERR_clear_error(void); -+char *ERR_error_string(unsigned long e, char *buf); - void ERR_error_string_n(unsigned long e, char *buf, size_t len); - const char *ERR_lib_error_string(unsigned long e); - const char *ERR_func_error_string(unsigned long e); - const char *ERR_reason_error_string(unsigned long e); --void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), -- void *u); --#ifndef OPENSSL_NO_FP_API -+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), -+ void *u); -+# ifndef OPENSSL_NO_FP_API - void ERR_print_errors_fp(FILE *fp); --#endif --#ifndef OPENSSL_NO_BIO -+# endif -+# ifndef OPENSSL_NO_BIO - void ERR_print_errors(BIO *bp); - - /* Add EFIAPI for UEFI version. */ -@@ -293,9 +292,9 @@ void EFIAPI ERR_add_error_data(int num, ...); - #else - void ERR_add_error_data(int num, ...); - #endif --#endif --void ERR_load_strings(int lib,ERR_STRING_DATA str[]); --void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); -+# endif -+void ERR_load_strings(int lib, ERR_STRING_DATA str[]); -+void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); - void ERR_load_ERR_strings(void); - void ERR_load_crypto_strings(void); - void ERR_free_strings(void); -@@ -303,33 +302,37 @@ void ERR_free_strings(void); - void ERR_remove_state(unsigned long pid); /* if zero we look it up */ - ERR_STATE *ERR_get_state(void); - --#ifndef OPENSSL_NO_LHASH -+# ifndef OPENSSL_NO_LHASH - LHASH *ERR_get_string_table(void); - LHASH *ERR_get_err_state_table(void); - void ERR_release_err_state_table(LHASH **hash); --#endif -+# endif - - int ERR_get_next_error_library(void); - - int ERR_set_mark(void); - int ERR_pop_to_mark(void); - --#ifdef OPENSSL_FIPS --void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), -- void (*remove_func)(unsigned long pid)); -+# ifdef OPENSSL_FIPS -+void int_ERR_set_state_func(ERR_STATE *(*get_func) (void), -+ void (*remove_func) (unsigned long pid)); - void int_ERR_lib_init(void); --#endif -+# endif - - /* Already defined in ossl_typ.h */ - /* typedef struct st_ERR_FNS ERR_FNS; */ --/* An application can use this function and provide the return value to loaded -- * modules that should use the application's ERR state/functionality */ -+/* -+ * An application can use this function and provide the return value to -+ * loaded modules that should use the application's ERR state/functionality -+ */ - const ERR_FNS *ERR_get_implementation(void); --/* A loaded module should call this function prior to any ERR operations using -- * the application's "ERR_FNS". */ -+/* -+ * A loaded module should call this function prior to any ERR operations -+ * using the application's "ERR_FNS". -+ */ - int ERR_set_implementation(const ERR_FNS *fns); - --#ifdef __cplusplus -+#ifdef __cplusplus - } - #endif - -diff --git a/Cryptlib/Include/openssl/evp.h b/Cryptlib/Include/openssl/evp.h -index 79c0971..df838d0 100644 ---- a/Cryptlib/Include/openssl/evp.h -+++ b/Cryptlib/Include/openssl/evp.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,579 +57,587 @@ - */ - - #ifndef HEADER_ENVELOPE_H --#define HEADER_ENVELOPE_H -- --#ifdef OPENSSL_ALGORITHM_DEFINES --# include --#else --# define OPENSSL_ALGORITHM_DEFINES --# include --# undef OPENSSL_ALGORITHM_DEFINES --#endif -+# define HEADER_ENVELOPE_H -+ -+# ifdef OPENSSL_ALGORITHM_DEFINES -+# include -+# else -+# define OPENSSL_ALGORITHM_DEFINES -+# include -+# undef OPENSSL_ALGORITHM_DEFINES -+# endif - --#include -+# include - --#include -+# include - --#ifndef OPENSSL_NO_BIO --#include --#endif -+# ifndef OPENSSL_NO_BIO -+# include -+# endif - --#ifdef OPENSSL_FIPS --#include --#endif -+# ifdef OPENSSL_FIPS -+# include -+# endif - --/* --#define EVP_RC2_KEY_SIZE 16 --#define EVP_RC4_KEY_SIZE 16 --#define EVP_BLOWFISH_KEY_SIZE 16 --#define EVP_CAST5_KEY_SIZE 16 --#define EVP_RC5_32_12_16_KEY_SIZE 16 -+/*- -+#define EVP_RC2_KEY_SIZE 16 -+#define EVP_RC4_KEY_SIZE 16 -+#define EVP_BLOWFISH_KEY_SIZE 16 -+#define EVP_CAST5_KEY_SIZE 16 -+#define EVP_RC5_32_12_16_KEY_SIZE 16 - */ --#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ --#define EVP_MAX_KEY_LENGTH 32 --#define EVP_MAX_IV_LENGTH 16 --#define EVP_MAX_BLOCK_LENGTH 32 -+# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ -+# define EVP_MAX_KEY_LENGTH 32 -+# define EVP_MAX_IV_LENGTH 16 -+# define EVP_MAX_BLOCK_LENGTH 32 - --#define PKCS5_SALT_LEN 8 -+# define PKCS5_SALT_LEN 8 - /* Default PKCS#5 iteration count */ --#define PKCS5_DEFAULT_ITER 2048 -- --#include -- --#define EVP_PK_RSA 0x0001 --#define EVP_PK_DSA 0x0002 --#define EVP_PK_DH 0x0004 --#define EVP_PK_EC 0x0008 --#define EVP_PKT_SIGN 0x0010 --#define EVP_PKT_ENC 0x0020 --#define EVP_PKT_EXCH 0x0040 --#define EVP_PKS_RSA 0x0100 --#define EVP_PKS_DSA 0x0200 --#define EVP_PKS_EC 0x0400 --#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ -- --#define EVP_PKEY_NONE NID_undef --#define EVP_PKEY_RSA NID_rsaEncryption --#define EVP_PKEY_RSA2 NID_rsa --#define EVP_PKEY_DSA NID_dsa --#define EVP_PKEY_DSA1 NID_dsa_2 --#define EVP_PKEY_DSA2 NID_dsaWithSHA --#define EVP_PKEY_DSA3 NID_dsaWithSHA1 --#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 --#define EVP_PKEY_DH NID_dhKeyAgreement --#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey -- --#ifdef __cplusplus -+# define PKCS5_DEFAULT_ITER 2048 -+ -+# include -+ -+# define EVP_PK_RSA 0x0001 -+# define EVP_PK_DSA 0x0002 -+# define EVP_PK_DH 0x0004 -+# define EVP_PK_EC 0x0008 -+# define EVP_PKT_SIGN 0x0010 -+# define EVP_PKT_ENC 0x0020 -+# define EVP_PKT_EXCH 0x0040 -+# define EVP_PKS_RSA 0x0100 -+# define EVP_PKS_DSA 0x0200 -+# define EVP_PKS_EC 0x0400 -+# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ -+ -+# define EVP_PKEY_NONE NID_undef -+# define EVP_PKEY_RSA NID_rsaEncryption -+# define EVP_PKEY_RSA2 NID_rsa -+# define EVP_PKEY_DSA NID_dsa -+# define EVP_PKEY_DSA1 NID_dsa_2 -+# define EVP_PKEY_DSA2 NID_dsaWithSHA -+# define EVP_PKEY_DSA3 NID_dsaWithSHA1 -+# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 -+# define EVP_PKEY_DH NID_dhKeyAgreement -+# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey -+ -+#ifdef __cplusplus - extern "C" { - #endif - --/* Type needs to be a bit field -- * Sub-type needs to be for variations on the method, as in, can it do -- * arbitrary encryption.... */ --struct evp_pkey_st -- { -- int type; -- int save_type; -- int references; -- union { -- char *ptr; --#ifndef OPENSSL_NO_RSA -- struct rsa_st *rsa; /* RSA */ --#endif --#ifndef OPENSSL_NO_DSA -- struct dsa_st *dsa; /* DSA */ --#endif --#ifndef OPENSSL_NO_DH -- struct dh_st *dh; /* DH */ --#endif --#ifndef OPENSSL_NO_EC -- struct ec_key_st *ec; /* ECC */ --#endif -- } pkey; -- int save_parameters; -- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -- } /* EVP_PKEY */; -- --#define EVP_PKEY_MO_SIGN 0x0001 --#define EVP_PKEY_MO_VERIFY 0x0002 --#define EVP_PKEY_MO_ENCRYPT 0x0004 --#define EVP_PKEY_MO_DECRYPT 0x0008 -- --#if 0 --/* This structure is required to tie the message digest and signing together. -- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or -- * oid, md and pkey. -- * This is required because for various smart-card perform the digest and -- * signing/verification on-board. To handle this case, the specific -- * EVP_MD and EVP_PKEY_METHODs need to be closely associated. -- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. -- * This can either be software or a token to provide the required low level -+/* -+ * Type needs to be a bit field Sub-type needs to be for variations on the -+ * method, as in, can it do arbitrary encryption.... -+ */ -+struct evp_pkey_st { -+ int type; -+ int save_type; -+ int references; -+ union { -+ char *ptr; -+# ifndef OPENSSL_NO_RSA -+ struct rsa_st *rsa; /* RSA */ -+# endif -+# ifndef OPENSSL_NO_DSA -+ struct dsa_st *dsa; /* DSA */ -+# endif -+# ifndef OPENSSL_NO_DH -+ struct dh_st *dh; /* DH */ -+# endif -+# ifndef OPENSSL_NO_EC -+ struct ec_key_st *ec; /* ECC */ -+# endif -+ } pkey; -+ int save_parameters; -+ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -+} /* EVP_PKEY */ ; -+ -+# define EVP_PKEY_MO_SIGN 0x0001 -+# define EVP_PKEY_MO_VERIFY 0x0002 -+# define EVP_PKEY_MO_ENCRYPT 0x0004 -+# define EVP_PKEY_MO_DECRYPT 0x0008 -+ -+# if 0 -+/* -+ * This structure is required to tie the message digest and signing together. -+ * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or oid, md -+ * and pkey. This is required because for various smart-card perform the -+ * digest and signing/verification on-board. To handle this case, the -+ * specific EVP_MD and EVP_PKEY_METHODs need to be closely associated. When a -+ * PKEY is created, it will have a EVP_PKEY_METHOD associated with it. This -+ * can either be software or a token to provide the required low level - * routines. - */ --typedef struct evp_pkey_md_st -- { -- int oid; -- EVP_MD *md; -- EVP_PKEY_METHOD *pkey; -- } EVP_PKEY_MD; -- --#define EVP_rsa_md2() \ -- EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ -- EVP_rsa_pkcs1(),EVP_md2()) --#define EVP_rsa_md5() \ -- EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ -- EVP_rsa_pkcs1(),EVP_md5()) --#define EVP_rsa_sha0() \ -- EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ -- EVP_rsa_pkcs1(),EVP_sha()) --#define EVP_rsa_sha1() \ -- EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ -- EVP_rsa_pkcs1(),EVP_sha1()) --#define EVP_rsa_ripemd160() \ -- EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ -- EVP_rsa_pkcs1(),EVP_ripemd160()) --#define EVP_rsa_mdc2() \ -- EVP_PKEY_MD_add(NID_mdc2WithRSA,\ -- EVP_rsa_octet_string(),EVP_mdc2()) --#define EVP_dsa_sha() \ -- EVP_PKEY_MD_add(NID_dsaWithSHA,\ -- EVP_dsa(),EVP_sha()) --#define EVP_dsa_sha1() \ -- EVP_PKEY_MD_add(NID_dsaWithSHA1,\ -- EVP_dsa(),EVP_sha1()) -- --typedef struct evp_pkey_method_st -- { -- char *name; -- int flags; -- int type; /* RSA, DSA, an SSLeay specific constant */ -- int oid; /* For the pub-key type */ -- int encrypt_oid; /* pub/priv key encryption */ -- -- int (*sign)(); -- int (*verify)(); -- struct { -- int (*set)(); /* get and/or set the underlying type */ -- int (*get)(); -- int (*encrypt)(); -- int (*decrypt)(); -- int (*i2d)(); -- int (*d2i)(); -- int (*dup)(); -- } pub,priv; -- int (*set_asn1_parameters)(); -- int (*get_asn1_parameters)(); -- } EVP_PKEY_METHOD; --#endif -+typedef struct evp_pkey_md_st { -+ int oid; -+ EVP_MD *md; -+ EVP_PKEY_METHOD *pkey; -+} EVP_PKEY_MD; -+ -+# define EVP_rsa_md2() \ -+ EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ -+ EVP_rsa_pkcs1(),EVP_md2()) -+# define EVP_rsa_md5() \ -+ EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ -+ EVP_rsa_pkcs1(),EVP_md5()) -+# define EVP_rsa_sha0() \ -+ EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ -+ EVP_rsa_pkcs1(),EVP_sha()) -+# define EVP_rsa_sha1() \ -+ EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ -+ EVP_rsa_pkcs1(),EVP_sha1()) -+# define EVP_rsa_ripemd160() \ -+ EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ -+ EVP_rsa_pkcs1(),EVP_ripemd160()) -+# define EVP_rsa_mdc2() \ -+ EVP_PKEY_MD_add(NID_mdc2WithRSA,\ -+ EVP_rsa_octet_string(),EVP_mdc2()) -+# define EVP_dsa_sha() \ -+ EVP_PKEY_MD_add(NID_dsaWithSHA,\ -+ EVP_dsa(),EVP_sha()) -+# define EVP_dsa_sha1() \ -+ EVP_PKEY_MD_add(NID_dsaWithSHA1,\ -+ EVP_dsa(),EVP_sha1()) -+ -+typedef struct evp_pkey_method_st { -+ char *name; -+ int flags; -+ int type; /* RSA, DSA, an SSLeay specific constant */ -+ int oid; /* For the pub-key type */ -+ int encrypt_oid; /* pub/priv key encryption */ -+ int (*sign) (); -+ int (*verify) (); -+ struct { -+ int (*set) (); /* get and/or set the underlying type */ -+ int (*get) (); -+ int (*encrypt) (); -+ int (*decrypt) (); -+ int (*i2d) (); -+ int (*d2i) (); -+ int (*dup) (); -+ } pub, priv; -+ int (*set_asn1_parameters) (); -+ int (*get_asn1_parameters) (); -+} EVP_PKEY_METHOD; -+# endif - --#ifndef EVP_MD --struct env_md_st -- { -- int type; -- int pkey_type; -- int md_size; -- unsigned long flags; -- int (*init)(EVP_MD_CTX *ctx); -- int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); -- int (*final)(EVP_MD_CTX *ctx,unsigned char *md); -- int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); -- int (*cleanup)(EVP_MD_CTX *ctx); -- -- /* FIXME: prototype these some day */ -- int (*sign)(int type, const unsigned char *m, unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, void *key); -- int (*verify)(int type, const unsigned char *m, unsigned int m_length, -- const unsigned char *sigbuf, unsigned int siglen, -- void *key); -- int required_pkey_type[5]; /*EVP_PKEY_xxx */ -- int block_size; -- int ctx_size; /* how big does the ctx->md_data need to be */ -- } /* EVP_MD */; -- --typedef int evp_sign_method(int type,const unsigned char *m, -- unsigned int m_length,unsigned char *sigret, -- unsigned int *siglen, void *key); --typedef int evp_verify_method(int type,const unsigned char *m, -- unsigned int m_length,const unsigned char *sigbuf, -- unsigned int siglen, void *key); -- --typedef struct -- { -- EVP_MD_CTX *mctx; -- void *key; -- } EVP_MD_SVCTX; -- --#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single -- * block */ -- --#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ -- --#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ -- --#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} -- --#ifndef OPENSSL_NO_DSA --#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ -- (evp_verify_method *)DSA_verify, \ -- {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ -- EVP_PKEY_DSA4,0} --#else --#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method --#endif -+# ifndef EVP_MD -+struct env_md_st { -+ int type; -+ int pkey_type; -+ int md_size; -+ unsigned long flags; -+ int (*init) (EVP_MD_CTX *ctx); -+ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -+ int (*final) (EVP_MD_CTX *ctx, unsigned char *md); -+ int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); -+ int (*cleanup) (EVP_MD_CTX *ctx); -+ /* FIXME: prototype these some day */ -+ int (*sign) (int type, const unsigned char *m, unsigned int m_length, -+ unsigned char *sigret, unsigned int *siglen, void *key); -+ int (*verify) (int type, const unsigned char *m, unsigned int m_length, -+ const unsigned char *sigbuf, unsigned int siglen, -+ void *key); -+ int required_pkey_type[5]; /* EVP_PKEY_xxx */ -+ int block_size; -+ int ctx_size; /* how big does the ctx->md_data need to be */ -+} /* EVP_MD */ ; -+ -+typedef int evp_sign_method(int type, const unsigned char *m, -+ unsigned int m_length, unsigned char *sigret, -+ unsigned int *siglen, void *key); -+typedef int evp_verify_method(int type, const unsigned char *m, -+ unsigned int m_length, -+ const unsigned char *sigbuf, -+ unsigned int siglen, void *key); -+ -+typedef struct { -+ EVP_MD_CTX *mctx; -+ void *key; -+} EVP_MD_SVCTX; -+ -+/* digest can only handle a single block */ -+# define EVP_MD_FLAG_ONESHOT 0x0001 - --#ifndef OPENSSL_NO_ECDSA --#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ -- (evp_verify_method *)ECDSA_verify, \ -- {EVP_PKEY_EC,0,0,0} --#else --#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method --#endif -+/* Note if suitable for use in FIPS mode */ -+# define EVP_MD_FLAG_FIPS 0x0400 - --#ifndef OPENSSL_NO_RSA --#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ -- (evp_verify_method *)RSA_verify, \ -- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} --#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ -- (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ -- (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ -- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} --#else --#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method --#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method --#endif -+# define EVP_MD_FLAG_SVCTX 0x0800 -+ /* pass EVP_MD_SVCTX to sign/verify */ - --#endif /* !EVP_MD */ -+# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - --struct env_md_ctx_st -- { -- const EVP_MD *digest; -- ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ -- unsigned long flags; -- void *md_data; -- } /* EVP_MD_CTX */; -+# ifndef OPENSSL_NO_DSA -+# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ -+ (evp_verify_method *)DSA_verify, \ -+ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ -+ EVP_PKEY_DSA4,0} -+# else -+# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -+# endif -+ -+# ifndef OPENSSL_NO_ECDSA -+# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ -+ (evp_verify_method *)ECDSA_verify, \ -+ {EVP_PKEY_EC,0,0,0} -+# else -+# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -+# endif -+ -+# ifndef OPENSSL_NO_RSA -+# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ -+ (evp_verify_method *)RSA_verify, \ -+ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -+# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ -+ (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ -+ (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ -+ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -+# else -+# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -+# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -+# endif -+ -+# endif /* !EVP_MD */ -+ -+struct env_md_ctx_st { -+ const EVP_MD *digest; -+ ENGINE *engine; /* functional reference if 'digest' is -+ * ENGINE-provided */ -+ unsigned long flags; -+ void *md_data; -+} /* EVP_MD_CTX */ ; - - /* values for EVP_MD_CTX flags */ - --#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called -- * once only */ --#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been -- * cleaned */ --#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data -- * in EVP_MD_CTX_cleanup */ --#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest -- * in FIPS mode */ -- --#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ --#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ --#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ --#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ --#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ -- ((ctx->flags>>16) &0xFFFF) /* seed length */ --#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ --#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ -- --struct evp_cipher_st -- { -- int nid; -- int block_size; -- int key_len; /* Default value for variable length ciphers */ -- int iv_len; -- unsigned long flags; /* Various flags */ -- int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc); /* init key */ -- int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ -- int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ -- int ctx_size; /* how big ctx->cipher_data needs to be */ -- int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ -- int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ -- int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ -- void *app_data; /* Application data */ -- } /* EVP_CIPHER */; -+# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be -+ * called once only */ -+# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been -+ * cleaned */ -+# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data -+ * in EVP_MD_CTX_cleanup */ -+# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS -+ * digest in FIPS mode */ -+ -+# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ -+# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ -+# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ -+# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ -+# define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ -+ ((ctx->flags>>16) &0xFFFF) /* seed length */ -+# define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF/* salt len same as digest */ -+# define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE/* salt max or auto recovered */ -+ -+struct evp_cipher_st { -+ int nid; -+ int block_size; -+ /* Default value for variable length ciphers */ -+ int key_len; -+ int iv_len; -+ /* Various flags */ -+ unsigned long flags; -+ /* init key */ -+ int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, -+ const unsigned char *iv, int enc); -+ /* encrypt/decrypt data */ -+ int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, unsigned int inl); -+ /* cleanup ctx */ -+ int (*cleanup) (EVP_CIPHER_CTX *); -+ /* how big ctx->cipher_data needs to be */ -+ int ctx_size; -+ /* Populate a ASN1_TYPE with parameters */ -+ int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); -+ /* Get parameters from a ASN1_TYPE */ -+ int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); -+ /* Miscellaneous operations */ -+ int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); -+ /* Application data */ -+ void *app_data; -+} /* EVP_CIPHER */ ; - - /* Values for cipher flags */ - - /* Modes for ciphers */ - --#define EVP_CIPH_STREAM_CIPHER 0x0 --#define EVP_CIPH_ECB_MODE 0x1 --#define EVP_CIPH_CBC_MODE 0x2 --#define EVP_CIPH_CFB_MODE 0x3 --#define EVP_CIPH_OFB_MODE 0x4 --#define EVP_CIPH_MODE 0x7 -+# define EVP_CIPH_STREAM_CIPHER 0x0 -+# define EVP_CIPH_ECB_MODE 0x1 -+# define EVP_CIPH_CBC_MODE 0x2 -+# define EVP_CIPH_CFB_MODE 0x3 -+# define EVP_CIPH_OFB_MODE 0x4 -+# define EVP_CIPH_MODE 0x7 - /* Set if variable length cipher */ --#define EVP_CIPH_VARIABLE_LENGTH 0x8 -+# define EVP_CIPH_VARIABLE_LENGTH 0x8 - /* Set if the iv handling should be done by the cipher itself */ --#define EVP_CIPH_CUSTOM_IV 0x10 -+# define EVP_CIPH_CUSTOM_IV 0x10 - /* Set if the cipher's init() function should be called if key is NULL */ --#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 -+# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 - /* Call ctrl() to init cipher parameters */ --#define EVP_CIPH_CTRL_INIT 0x40 -+# define EVP_CIPH_CTRL_INIT 0x40 - /* Don't use standard key length function */ --#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 -+# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 - /* Don't use standard block padding */ --#define EVP_CIPH_NO_PADDING 0x100 -+# define EVP_CIPH_NO_PADDING 0x100 - /* cipher handles random key generation */ --#define EVP_CIPH_RAND_KEY 0x200 -+# define EVP_CIPH_RAND_KEY 0x200 - /* Note if suitable for use in FIPS mode */ --#define EVP_CIPH_FLAG_FIPS 0x400 -+# define EVP_CIPH_FLAG_FIPS 0x400 - /* Allow non FIPS cipher in FIPS mode */ --#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 -+# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 - /* Allow use default ASN1 get/set iv */ --#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 -+# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 - /* Buffer length in bits not bytes: CFB1 mode only */ --#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 -+# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 - - /* ctrl() values */ - --#define EVP_CTRL_INIT 0x0 --#define EVP_CTRL_SET_KEY_LENGTH 0x1 --#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 --#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 --#define EVP_CTRL_GET_RC5_ROUNDS 0x4 --#define EVP_CTRL_SET_RC5_ROUNDS 0x5 --#define EVP_CTRL_RAND_KEY 0x6 -- --typedef struct evp_cipher_info_st -- { -- const EVP_CIPHER *cipher; -- unsigned char iv[EVP_MAX_IV_LENGTH]; -- } EVP_CIPHER_INFO; -- --struct evp_cipher_ctx_st -- { -- const EVP_CIPHER *cipher; -- ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ -- int encrypt; /* encrypt or decrypt */ -- int buf_len; /* number we have left */ -- -- unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ -- unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ -- unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ -- int num; /* used by cfb/ofb mode */ -- -- void *app_data; /* application stuff */ -- int key_len; /* May change for variable length cipher */ -- unsigned long flags; /* Various flags */ -- void *cipher_data; /* per EVP data */ -- int final_used; -- int block_mask; -- unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ -- } /* EVP_CIPHER_CTX */; -- --typedef struct evp_Encode_Ctx_st -- { -- int num; /* number saved in a partial encode/decode */ -- int length; /* The length is either the output line length -- * (in input bytes) or the shortest input line -- * length that is ok. Once decoding begins, -- * the length is adjusted up each time a longer -- * line is decoded */ -- unsigned char enc_data[80]; /* data to encode */ -- int line_num; /* number read on current line */ -- int expect_nl; -- } EVP_ENCODE_CTX; -+# define EVP_CTRL_INIT 0x0 -+# define EVP_CTRL_SET_KEY_LENGTH 0x1 -+# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 -+# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 -+# define EVP_CTRL_GET_RC5_ROUNDS 0x4 -+# define EVP_CTRL_SET_RC5_ROUNDS 0x5 -+# define EVP_CTRL_RAND_KEY 0x6 -+ -+typedef struct evp_cipher_info_st { -+ const EVP_CIPHER *cipher; -+ unsigned char iv[EVP_MAX_IV_LENGTH]; -+} EVP_CIPHER_INFO; -+ -+struct evp_cipher_ctx_st { -+ const EVP_CIPHER *cipher; -+ ENGINE *engine; /* functional reference if 'cipher' is -+ * ENGINE-provided */ -+ int encrypt; /* encrypt or decrypt */ -+ int buf_len; /* number we have left */ -+ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ -+ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ -+ unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ -+ int num; /* used by cfb/ofb mode */ -+ void *app_data; /* application stuff */ -+ int key_len; /* May change for variable length cipher */ -+ unsigned long flags; /* Various flags */ -+ void *cipher_data; /* per EVP data */ -+ int final_used; -+ int block_mask; -+ unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ -+} /* EVP_CIPHER_CTX */ ; -+ -+typedef struct evp_Encode_Ctx_st { -+ /* number saved in a partial encode/decode */ -+ int num; -+ /* -+ * The length is either the output line length (in input bytes) or the -+ * shortest input line length that is ok. Once decoding begins, the -+ * length is adjusted up each time a longer line is decoded -+ */ -+ int length; -+ /* data to encode */ -+ unsigned char enc_data[80]; -+ /* number read on current line */ -+ int line_num; -+ int expect_nl; -+} EVP_ENCODE_CTX; - - /* Password based encryption function */ --typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, -- ASN1_TYPE *param, const EVP_CIPHER *cipher, -- const EVP_MD *md, int en_de); -- --#ifndef OPENSSL_NO_RSA --#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ -- (char *)(rsa)) --#endif -+typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, -+ int passlen, ASN1_TYPE *param, -+ const EVP_CIPHER *cipher, const EVP_MD *md, -+ int en_de); -+ -+# ifndef OPENSSL_NO_RSA -+# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ -+ (char *)(rsa)) -+# endif - --#ifndef OPENSSL_NO_DSA --#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ -- (char *)(dsa)) --#endif -+# ifndef OPENSSL_NO_DSA -+# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ -+ (char *)(dsa)) -+# endif - --#ifndef OPENSSL_NO_DH --#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ -- (char *)(dh)) --#endif -+# ifndef OPENSSL_NO_DH -+# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ -+ (char *)(dh)) -+# endif - --#ifndef OPENSSL_NO_EC --#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ -+# ifndef OPENSSL_NO_EC -+# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ - (char *)(eckey)) --#endif -+# endif - - /* Add some extra combinations */ --#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) --#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) --#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) --#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) -+# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) -+# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) -+# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) -+# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) - - /* Macros to reduce FIPS dependencies: do NOT use in applications */ --#define M_EVP_MD_size(e) ((e)->md_size) --#define M_EVP_MD_block_size(e) ((e)->block_size) --#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) --#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) --#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) --#define M_EVP_MD_type(e) ((e)->type) --#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) --#define M_EVP_MD_CTX_md(e) ((e)->digest) -+# define M_EVP_MD_size(e) ((e)->md_size) -+# define M_EVP_MD_block_size(e) ((e)->block_size) -+# define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -+# define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) -+# define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) -+# define M_EVP_MD_type(e) ((e)->type) -+# define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) -+# define M_EVP_MD_CTX_md(e) ((e)->digest) - --#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -+# define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) - - int EVP_MD_type(const EVP_MD *md); --#define EVP_MD_nid(e) EVP_MD_type(e) --#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) --int EVP_MD_pkey_type(const EVP_MD *md); -+# define EVP_MD_nid(e) EVP_MD_type(e) -+# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) -+int EVP_MD_pkey_type(const EVP_MD *md); - int EVP_MD_size(const EVP_MD *md); - int EVP_MD_block_size(const EVP_MD *md); - --const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx); --#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) --#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) --#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) -+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); -+# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) -+# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) -+# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) - - int EVP_CIPHER_nid(const EVP_CIPHER *cipher); --#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) -+# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) - int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); - int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); - int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); - unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); --#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) -+# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) - --const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); -+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); --void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); -+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); - void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); --#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -+# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) - unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); --#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) -- --#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) --#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) -- --#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) --#define EVP_SignInit(a,b) EVP_DigestInit(a,b) --#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) --#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) --#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) --#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) --#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) --#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) -- --#ifdef CONST_STRICT --void BIO_set_md(BIO *,const EVP_MD *md); --#else --# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) --#endif --#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) --#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) --#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) --#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) --#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) -+# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) -+ -+# define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) -+# define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) -+ -+# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) -+# define EVP_SignInit(a,b) EVP_DigestInit(a,b) -+# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -+# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) -+# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) -+# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -+# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) -+# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) -+ -+# ifdef CONST_STRICT -+void BIO_set_md(BIO *, const EVP_MD *md); -+# else -+# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) -+# endif -+# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) -+# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) -+# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) -+# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) -+# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) - - int EVP_Cipher(EVP_CIPHER_CTX *c, -- unsigned char *out, -- const unsigned char *in, -- unsigned int inl); -- --#define EVP_add_cipher_alias(n,alias) \ -- OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) --#define EVP_add_digest_alias(n,alias) \ -- OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) --#define EVP_delete_cipher_alias(alias) \ -- OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); --#define EVP_delete_digest_alias(alias) \ -- OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); -- --void EVP_MD_CTX_init(EVP_MD_CTX *ctx); --int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); -+ unsigned char *out, const unsigned char *in, unsigned int inl); -+ -+# define EVP_add_cipher_alias(n,alias) \ -+ OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) -+# define EVP_add_digest_alias(n,alias) \ -+ OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) -+# define EVP_delete_cipher_alias(alias) \ -+ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); -+# define EVP_delete_digest_alias(alias) \ -+ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); -+ -+void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); - EVP_MD_CTX *EVP_MD_CTX_create(void); --void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); --int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); --void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); --void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); --int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); --int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); --int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, -- size_t cnt); --int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); --int EVP_Digest(const void *data, size_t count, -- unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); -- --int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); --int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); --int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); -- --int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); --void EVP_set_pw_prompt(const char *prompt); --char * EVP_get_pw_prompt(void); -- --int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, -- const unsigned char *salt, const unsigned char *data, -- int datal, int count, unsigned char *key,unsigned char *iv); -- --void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); --void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); --int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); -- --int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, -- const unsigned char *key, const unsigned char *iv); --int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key, const unsigned char *iv); --int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -- int *outl, const unsigned char *in, int inl); --int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); --int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -- --int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, -- const unsigned char *key, const unsigned char *iv); --int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key, const unsigned char *iv); --int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -- int *outl, const unsigned char *in, int inl); --int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); --int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -- --int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, -- const unsigned char *key,const unsigned char *iv, -- int enc); --int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key,const unsigned char *iv, -- int enc); --int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -- int *outl, const unsigned char *in, int inl); --int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); --int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -- --int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, -- EVP_PKEY *pkey); -- --int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, -- unsigned int siglen,EVP_PKEY *pkey); -- --int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, -- const unsigned char *ek, int ekl, const unsigned char *iv, -- EVP_PKEY *priv); --int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -- --int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -- unsigned char **ek, int *ekl, unsigned char *iv, -- EVP_PKEY **pubk, int npubk); --int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); -- --void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); --void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, -- const unsigned char *in,int inl); --void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); --int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); -- --void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); --int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, -- const unsigned char *in, int inl); --int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned -- char *out, int *outl); --int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); -+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); -+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); -+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); -+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); -+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -+int EVP_Digest(const void *data, size_t count, -+ unsigned char *md, unsigned int *size, const EVP_MD *type, -+ ENGINE *impl); -+ -+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); -+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -+ -+int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); -+void EVP_set_pw_prompt(const char *prompt); -+char *EVP_get_pw_prompt(void); -+ -+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, -+ const unsigned char *salt, const unsigned char *data, -+ int datal, int count, unsigned char *key, -+ unsigned char *iv); -+ -+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); -+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); -+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); -+ -+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ const unsigned char *key, const unsigned char *iv); -+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv); -+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); -+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -+ -+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ const unsigned char *key, const unsigned char *iv); -+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv); -+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); -+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -+ -+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ const unsigned char *key, const unsigned char *iv, -+ int enc); -+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv, int enc); -+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); -+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -+ -+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, -+ EVP_PKEY *pkey); -+ -+int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, -+ unsigned int siglen, EVP_PKEY *pkey); -+ -+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -+ const unsigned char *ek, int ekl, const unsigned char *iv, -+ EVP_PKEY *priv); -+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -+ -+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -+ unsigned char **ek, int *ekl, unsigned char *iv, -+ EVP_PKEY **pubk, int npubk); -+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -+ -+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); -+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); -+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); -+ -+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); -+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -+ const unsigned char *in, int inl); -+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned -+ char *out, int *outl); -+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); - - void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); - int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); -@@ -640,65 +648,65 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); - int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); - int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); - --#ifndef OPENSSL_NO_BIO -+# ifndef OPENSSL_NO_BIO - BIO_METHOD *BIO_f_md(void); - BIO_METHOD *BIO_f_base64(void); - BIO_METHOD *BIO_f_cipher(void); - BIO_METHOD *BIO_f_reliable(void); --void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k, -- const unsigned char *i, int enc); --#endif -+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, -+ const unsigned char *i, int enc); -+# endif - - const EVP_MD *EVP_md_null(void); --#ifndef OPENSSL_NO_MD2 -+# ifndef OPENSSL_NO_MD2 - const EVP_MD *EVP_md2(void); --#endif --#ifndef OPENSSL_NO_MD4 -+# endif -+# ifndef OPENSSL_NO_MD4 - const EVP_MD *EVP_md4(void); --#endif --#ifndef OPENSSL_NO_MD5 -+# endif -+# ifndef OPENSSL_NO_MD5 - const EVP_MD *EVP_md5(void); --#endif --#ifndef OPENSSL_NO_SHA -+# endif -+# ifndef OPENSSL_NO_SHA - const EVP_MD *EVP_sha(void); - const EVP_MD *EVP_sha1(void); - const EVP_MD *EVP_dss(void); - const EVP_MD *EVP_dss1(void); - const EVP_MD *EVP_ecdsa(void); --#endif --#ifndef OPENSSL_NO_SHA256 -+# endif -+# ifndef OPENSSL_NO_SHA256 - const EVP_MD *EVP_sha224(void); - const EVP_MD *EVP_sha256(void); --#endif --#ifndef OPENSSL_NO_SHA512 -+# endif -+# ifndef OPENSSL_NO_SHA512 - const EVP_MD *EVP_sha384(void); - const EVP_MD *EVP_sha512(void); --#endif --#ifndef OPENSSL_NO_MDC2 -+# endif -+# ifndef OPENSSL_NO_MDC2 - const EVP_MD *EVP_mdc2(void); --#endif --#ifndef OPENSSL_NO_RIPEMD -+# endif -+# ifndef OPENSSL_NO_RIPEMD - const EVP_MD *EVP_ripemd160(void); --#endif --const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ --#ifndef OPENSSL_NO_DES -+# endif -+const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ -+# ifndef OPENSSL_NO_DES - const EVP_CIPHER *EVP_des_ecb(void); - const EVP_CIPHER *EVP_des_ede(void); - const EVP_CIPHER *EVP_des_ede3(void); - const EVP_CIPHER *EVP_des_ede_ecb(void); - const EVP_CIPHER *EVP_des_ede3_ecb(void); - const EVP_CIPHER *EVP_des_cfb64(void); --# define EVP_des_cfb EVP_des_cfb64 -+# define EVP_des_cfb EVP_des_cfb64 - const EVP_CIPHER *EVP_des_cfb1(void); - const EVP_CIPHER *EVP_des_cfb8(void); - const EVP_CIPHER *EVP_des_ede_cfb64(void); --# define EVP_des_ede_cfb EVP_des_ede_cfb64 --#if 0 -+# define EVP_des_ede_cfb EVP_des_ede_cfb64 -+# if 0 - const EVP_CIPHER *EVP_des_ede_cfb1(void); - const EVP_CIPHER *EVP_des_ede_cfb8(void); --#endif -+# endif - const EVP_CIPHER *EVP_des_ede3_cfb64(void); --# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 -+# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 - const EVP_CIPHER *EVP_des_ede3_cfb1(void); - const EVP_CIPHER *EVP_des_ede3_cfb8(void); - const EVP_CIPHER *EVP_des_ofb(void); -@@ -708,137 +716,140 @@ const EVP_CIPHER *EVP_des_cbc(void); - const EVP_CIPHER *EVP_des_ede_cbc(void); - const EVP_CIPHER *EVP_des_ede3_cbc(void); - const EVP_CIPHER *EVP_desx_cbc(void); --/* This should now be supported through the dev_crypto ENGINE. But also, why are -- * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ --#if 0 --# ifdef OPENSSL_OPENBSD_DEV_CRYPTO -+/* -+ * This should now be supported through the dev_crypto ENGINE. But also, why -+ * are rc4 and md5 declarations made here inside a "NO_DES" precompiler -+ * branch? -+ */ -+# if 0 -+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO - const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); - const EVP_CIPHER *EVP_dev_crypto_rc4(void); - const EVP_MD *EVP_dev_crypto_md5(void); -+# endif -+# endif - # endif --#endif --#endif --#ifndef OPENSSL_NO_RC4 -+# ifndef OPENSSL_NO_RC4 - const EVP_CIPHER *EVP_rc4(void); - const EVP_CIPHER *EVP_rc4_40(void); --#endif --#ifndef OPENSSL_NO_IDEA -+# endif -+# ifndef OPENSSL_NO_IDEA - const EVP_CIPHER *EVP_idea_ecb(void); - const EVP_CIPHER *EVP_idea_cfb64(void); --# define EVP_idea_cfb EVP_idea_cfb64 -+# define EVP_idea_cfb EVP_idea_cfb64 - const EVP_CIPHER *EVP_idea_ofb(void); - const EVP_CIPHER *EVP_idea_cbc(void); --#endif --#ifndef OPENSSL_NO_RC2 -+# endif -+# ifndef OPENSSL_NO_RC2 - const EVP_CIPHER *EVP_rc2_ecb(void); - const EVP_CIPHER *EVP_rc2_cbc(void); - const EVP_CIPHER *EVP_rc2_40_cbc(void); - const EVP_CIPHER *EVP_rc2_64_cbc(void); - const EVP_CIPHER *EVP_rc2_cfb64(void); --# define EVP_rc2_cfb EVP_rc2_cfb64 -+# define EVP_rc2_cfb EVP_rc2_cfb64 - const EVP_CIPHER *EVP_rc2_ofb(void); --#endif --#ifndef OPENSSL_NO_BF -+# endif -+# ifndef OPENSSL_NO_BF - const EVP_CIPHER *EVP_bf_ecb(void); - const EVP_CIPHER *EVP_bf_cbc(void); - const EVP_CIPHER *EVP_bf_cfb64(void); --# define EVP_bf_cfb EVP_bf_cfb64 -+# define EVP_bf_cfb EVP_bf_cfb64 - const EVP_CIPHER *EVP_bf_ofb(void); --#endif --#ifndef OPENSSL_NO_CAST -+# endif -+# ifndef OPENSSL_NO_CAST - const EVP_CIPHER *EVP_cast5_ecb(void); - const EVP_CIPHER *EVP_cast5_cbc(void); - const EVP_CIPHER *EVP_cast5_cfb64(void); --# define EVP_cast5_cfb EVP_cast5_cfb64 -+# define EVP_cast5_cfb EVP_cast5_cfb64 - const EVP_CIPHER *EVP_cast5_ofb(void); --#endif --#ifndef OPENSSL_NO_RC5 -+# endif -+# ifndef OPENSSL_NO_RC5 - const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); - const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); - const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); --# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 -+# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 - const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); --#endif --#ifndef OPENSSL_NO_AES -+# endif -+# ifndef OPENSSL_NO_AES - const EVP_CIPHER *EVP_aes_128_ecb(void); - const EVP_CIPHER *EVP_aes_128_cbc(void); - const EVP_CIPHER *EVP_aes_128_cfb1(void); - const EVP_CIPHER *EVP_aes_128_cfb8(void); - const EVP_CIPHER *EVP_aes_128_cfb128(void); --# define EVP_aes_128_cfb EVP_aes_128_cfb128 -+# define EVP_aes_128_cfb EVP_aes_128_cfb128 - const EVP_CIPHER *EVP_aes_128_ofb(void); --#if 0 -+# if 0 - const EVP_CIPHER *EVP_aes_128_ctr(void); --#endif -+# endif - const EVP_CIPHER *EVP_aes_192_ecb(void); - const EVP_CIPHER *EVP_aes_192_cbc(void); - const EVP_CIPHER *EVP_aes_192_cfb1(void); - const EVP_CIPHER *EVP_aes_192_cfb8(void); - const EVP_CIPHER *EVP_aes_192_cfb128(void); --# define EVP_aes_192_cfb EVP_aes_192_cfb128 -+# define EVP_aes_192_cfb EVP_aes_192_cfb128 - const EVP_CIPHER *EVP_aes_192_ofb(void); --#if 0 -+# if 0 - const EVP_CIPHER *EVP_aes_192_ctr(void); --#endif -+# endif - const EVP_CIPHER *EVP_aes_256_ecb(void); - const EVP_CIPHER *EVP_aes_256_cbc(void); - const EVP_CIPHER *EVP_aes_256_cfb1(void); - const EVP_CIPHER *EVP_aes_256_cfb8(void); - const EVP_CIPHER *EVP_aes_256_cfb128(void); --# define EVP_aes_256_cfb EVP_aes_256_cfb128 -+# define EVP_aes_256_cfb EVP_aes_256_cfb128 - const EVP_CIPHER *EVP_aes_256_ofb(void); --#if 0 -+# if 0 - const EVP_CIPHER *EVP_aes_256_ctr(void); --#endif --#endif --#ifndef OPENSSL_NO_CAMELLIA -+# endif -+# endif -+# ifndef OPENSSL_NO_CAMELLIA - const EVP_CIPHER *EVP_camellia_128_ecb(void); - const EVP_CIPHER *EVP_camellia_128_cbc(void); - const EVP_CIPHER *EVP_camellia_128_cfb1(void); - const EVP_CIPHER *EVP_camellia_128_cfb8(void); - const EVP_CIPHER *EVP_camellia_128_cfb128(void); --# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 -+# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 - const EVP_CIPHER *EVP_camellia_128_ofb(void); - const EVP_CIPHER *EVP_camellia_192_ecb(void); - const EVP_CIPHER *EVP_camellia_192_cbc(void); - const EVP_CIPHER *EVP_camellia_192_cfb1(void); - const EVP_CIPHER *EVP_camellia_192_cfb8(void); - const EVP_CIPHER *EVP_camellia_192_cfb128(void); --# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 -+# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 - const EVP_CIPHER *EVP_camellia_192_ofb(void); - const EVP_CIPHER *EVP_camellia_256_ecb(void); - const EVP_CIPHER *EVP_camellia_256_cbc(void); - const EVP_CIPHER *EVP_camellia_256_cfb1(void); - const EVP_CIPHER *EVP_camellia_256_cfb8(void); - const EVP_CIPHER *EVP_camellia_256_cfb128(void); --# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 -+# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 - const EVP_CIPHER *EVP_camellia_256_ofb(void); --#endif -+# endif - --#ifndef OPENSSL_NO_SEED -+# ifndef OPENSSL_NO_SEED - const EVP_CIPHER *EVP_seed_ecb(void); - const EVP_CIPHER *EVP_seed_cbc(void); - const EVP_CIPHER *EVP_seed_cfb128(void); --# define EVP_seed_cfb EVP_seed_cfb128 -+# define EVP_seed_cfb EVP_seed_cfb128 - const EVP_CIPHER *EVP_seed_ofb(void); --#endif -+# endif - - void OPENSSL_add_all_algorithms_noconf(void); - void OPENSSL_add_all_algorithms_conf(void); - --#ifdef OPENSSL_LOAD_CONF --#define OpenSSL_add_all_algorithms() \ -- OPENSSL_add_all_algorithms_conf() --#else --#define OpenSSL_add_all_algorithms() \ -- OPENSSL_add_all_algorithms_noconf() --#endif -+# ifdef OPENSSL_LOAD_CONF -+# define OpenSSL_add_all_algorithms() \ -+ OPENSSL_add_all_algorithms_conf() -+# else -+# define OpenSSL_add_all_algorithms() \ -+ OPENSSL_add_all_algorithms_noconf() -+# endif - - void OpenSSL_add_all_ciphers(void); - void OpenSSL_add_all_digests(void); --#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() --#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() --#define SSLeay_add_all_digests() OpenSSL_add_all_digests() -+# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() -+# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() -+# define SSLeay_add_all_digests() OpenSSL_add_all_digests() - - int EVP_add_cipher(const EVP_CIPHER *cipher); - int EVP_add_digest(const EVP_MD *digest); -@@ -847,54 +858,54 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); - const EVP_MD *EVP_get_digestbyname(const char *name); - void EVP_cleanup(void); - --int EVP_PKEY_decrypt(unsigned char *dec_key, -- const unsigned char *enc_key,int enc_key_len, -- EVP_PKEY *private_key); --int EVP_PKEY_encrypt(unsigned char *enc_key, -- const unsigned char *key,int key_len, -- EVP_PKEY *pub_key); --int EVP_PKEY_type(int type); --int EVP_PKEY_bits(EVP_PKEY *pkey); --int EVP_PKEY_size(EVP_PKEY *pkey); --int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); -- --#ifndef OPENSSL_NO_RSA -+int EVP_PKEY_decrypt(unsigned char *dec_key, -+ const unsigned char *enc_key, int enc_key_len, -+ EVP_PKEY *private_key); -+int EVP_PKEY_encrypt(unsigned char *enc_key, -+ const unsigned char *key, int key_len, -+ EVP_PKEY *pub_key); -+int EVP_PKEY_type(int type); -+int EVP_PKEY_bits(EVP_PKEY *pkey); -+int EVP_PKEY_size(EVP_PKEY *pkey); -+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); -+ -+# ifndef OPENSSL_NO_RSA - struct rsa_st; --int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key); -+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); - struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); --#endif --#ifndef OPENSSL_NO_DSA -+# endif -+# ifndef OPENSSL_NO_DSA - struct dsa_st; --int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key); -+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); - struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); --#endif --#ifndef OPENSSL_NO_DH -+# endif -+# ifndef OPENSSL_NO_DH - struct dh_st; --int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); -+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); - struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); --#endif --#ifndef OPENSSL_NO_EC -+# endif -+# ifndef OPENSSL_NO_EC - struct ec_key_st; --int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key); -+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); - struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); --#endif -+# endif - --EVP_PKEY * EVP_PKEY_new(void); --void EVP_PKEY_free(EVP_PKEY *pkey); -+EVP_PKEY *EVP_PKEY_new(void); -+void EVP_PKEY_free(EVP_PKEY *pkey); - --EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, -- long length); --int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); -+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, -+ long length); -+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); - --EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp, -- long length); --EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, -- long length); --int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, -+ long length); -+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, -+ long length); -+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); - - int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); - int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); --int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); -+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); - int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); - - int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); -@@ -906,48 +917,50 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - - /* These are used by EVP_CIPHER methods */ --int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); --int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); -+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - - /* PKCS5 password based encryption */ - int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, -- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, -- int en_de); -+ ASN1_TYPE *param, const EVP_CIPHER *cipher, -+ const EVP_MD *md, int en_de); - int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, -- const unsigned char *salt, int saltlen, int iter, -- int keylen, unsigned char *out); -+ const unsigned char *salt, int saltlen, int iter, -+ int keylen, unsigned char *out); - int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, -- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, -- int en_de); -+ ASN1_TYPE *param, const EVP_CIPHER *cipher, -+ const EVP_MD *md, int en_de); - - void PKCS5_PBE_add(void); - --int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, -- ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); -+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, -+ ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); - int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, -- EVP_PBE_KEYGEN *keygen); -+ EVP_PBE_KEYGEN *keygen); - void EVP_PBE_cleanup(void); - --#ifdef OPENSSL_FIPS --#ifndef OPENSSL_NO_ENGINE --void int_EVP_MD_set_engine_callbacks( -- int (*eng_md_init)(ENGINE *impl), -- int (*eng_md_fin)(ENGINE *impl), -- int (*eng_md_evp) -- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)); -+# ifdef OPENSSL_FIPS -+# ifndef OPENSSL_NO_ENGINE -+void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl), -+ int (*eng_md_fin) (ENGINE *impl), -+ int (*eng_md_evp) -+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, -+ ENGINE *impl)); - void int_EVP_MD_init_engine_callbacks(void); --void int_EVP_CIPHER_set_engine_callbacks( -- int (*eng_ciph_fin)(ENGINE *impl), -- int (*eng_ciph_evp) -- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)); -+void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl), -+ int (*eng_ciph_evp) -+ (EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER **pciph, -+ ENGINE *impl)); - void int_EVP_CIPHER_init_engine_callbacks(void); --#endif --#endif -+# endif -+# endif - - void EVP_add_alg_module(void); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_EVP_strings(void); -@@ -955,103 +968,103 @@ void ERR_load_EVP_strings(void); - /* Error codes for the EVP functions. */ - - /* Function codes. */ --#define EVP_F_AES_INIT_KEY 133 --#define EVP_F_ALG_MODULE_INIT 138 --#define EVP_F_CAMELLIA_INIT_KEY 159 --#define EVP_F_D2I_PKEY 100 --#define EVP_F_DO_EVP_ENC_ENGINE 140 --#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 --#define EVP_F_DO_EVP_MD_ENGINE 139 --#define EVP_F_DO_EVP_MD_ENGINE_FULL 142 --#define EVP_F_DSAPKEY2PKCS8 134 --#define EVP_F_DSA_PKEY2PKCS8 135 --#define EVP_F_ECDSA_PKEY2PKCS8 129 --#define EVP_F_ECKEY_PKEY2PKCS8 132 --#define EVP_F_EVP_CIPHERINIT 137 --#define EVP_F_EVP_CIPHERINIT_EX 123 --#define EVP_F_EVP_CIPHER_CTX_CTRL 124 --#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 --#define EVP_F_EVP_DECRYPTFINAL_EX 101 --#define EVP_F_EVP_DIGESTINIT 136 --#define EVP_F_EVP_DIGESTINIT_EX 128 --#define EVP_F_EVP_ENCRYPTFINAL_EX 127 --#define EVP_F_EVP_MD_CTX_COPY_EX 110 --#define EVP_F_EVP_OPENINIT 102 --#define EVP_F_EVP_PBE_ALG_ADD 115 --#define EVP_F_EVP_PBE_CIPHERINIT 116 --#define EVP_F_EVP_PKCS82PKEY 111 --#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 --#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 --#define EVP_F_EVP_PKEY_DECRYPT 104 --#define EVP_F_EVP_PKEY_ENCRYPT 105 --#define EVP_F_EVP_PKEY_GET1_DH 119 --#define EVP_F_EVP_PKEY_GET1_DSA 120 --#define EVP_F_EVP_PKEY_GET1_ECDSA 130 --#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 --#define EVP_F_EVP_PKEY_GET1_RSA 121 --#define EVP_F_EVP_PKEY_NEW 106 --#define EVP_F_EVP_RIJNDAEL 126 --#define EVP_F_EVP_SIGNFINAL 107 --#define EVP_F_EVP_VERIFYFINAL 108 --#define EVP_F_PKCS5_PBE_KEYIVGEN 117 --#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 --#define EVP_F_PKCS8_SET_BROKEN 112 --#define EVP_F_RC2_MAGIC_TO_METH 109 --#define EVP_F_RC5_CTRL 125 -+# define EVP_F_AES_INIT_KEY 133 -+# define EVP_F_ALG_MODULE_INIT 138 -+# define EVP_F_CAMELLIA_INIT_KEY 159 -+# define EVP_F_D2I_PKEY 100 -+# define EVP_F_DO_EVP_ENC_ENGINE 140 -+# define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 -+# define EVP_F_DO_EVP_MD_ENGINE 139 -+# define EVP_F_DO_EVP_MD_ENGINE_FULL 142 -+# define EVP_F_DSAPKEY2PKCS8 134 -+# define EVP_F_DSA_PKEY2PKCS8 135 -+# define EVP_F_ECDSA_PKEY2PKCS8 129 -+# define EVP_F_ECKEY_PKEY2PKCS8 132 -+# define EVP_F_EVP_CIPHERINIT 137 -+# define EVP_F_EVP_CIPHERINIT_EX 123 -+# define EVP_F_EVP_CIPHER_CTX_CTRL 124 -+# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -+# define EVP_F_EVP_DECRYPTFINAL_EX 101 -+# define EVP_F_EVP_DIGESTINIT 136 -+# define EVP_F_EVP_DIGESTINIT_EX 128 -+# define EVP_F_EVP_ENCRYPTFINAL_EX 127 -+# define EVP_F_EVP_MD_CTX_COPY_EX 110 -+# define EVP_F_EVP_OPENINIT 102 -+# define EVP_F_EVP_PBE_ALG_ADD 115 -+# define EVP_F_EVP_PBE_CIPHERINIT 116 -+# define EVP_F_EVP_PKCS82PKEY 111 -+# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 -+# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 -+# define EVP_F_EVP_PKEY_DECRYPT 104 -+# define EVP_F_EVP_PKEY_ENCRYPT 105 -+# define EVP_F_EVP_PKEY_GET1_DH 119 -+# define EVP_F_EVP_PKEY_GET1_DSA 120 -+# define EVP_F_EVP_PKEY_GET1_ECDSA 130 -+# define EVP_F_EVP_PKEY_GET1_EC_KEY 131 -+# define EVP_F_EVP_PKEY_GET1_RSA 121 -+# define EVP_F_EVP_PKEY_NEW 106 -+# define EVP_F_EVP_RIJNDAEL 126 -+# define EVP_F_EVP_SIGNFINAL 107 -+# define EVP_F_EVP_VERIFYFINAL 108 -+# define EVP_F_PKCS5_PBE_KEYIVGEN 117 -+# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 -+# define EVP_F_PKCS8_SET_BROKEN 112 -+# define EVP_F_RC2_MAGIC_TO_METH 109 -+# define EVP_F_RC5_CTRL 125 - - /* Reason codes. */ --#define EVP_R_AES_KEY_SETUP_FAILED 143 --#define EVP_R_ASN1_LIB 140 --#define EVP_R_BAD_BLOCK_LENGTH 136 --#define EVP_R_BAD_DECRYPT 100 --#define EVP_R_BAD_KEY_LENGTH 137 --#define EVP_R_BN_DECODE_ERROR 112 --#define EVP_R_BN_PUBKEY_ERROR 113 --#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 --#define EVP_R_CIPHER_PARAMETER_ERROR 122 --#define EVP_R_CTRL_NOT_IMPLEMENTED 132 --#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 --#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 --#define EVP_R_DECODE_ERROR 114 --#define EVP_R_DIFFERENT_KEY_TYPES 101 --#define EVP_R_DISABLED_FOR_FIPS 144 --#define EVP_R_ENCODE_ERROR 115 --#define EVP_R_ERROR_LOADING_SECTION 145 --#define EVP_R_ERROR_SETTING_FIPS_MODE 146 --#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 --#define EVP_R_EXPECTING_AN_RSA_KEY 127 --#define EVP_R_EXPECTING_A_DH_KEY 128 --#define EVP_R_EXPECTING_A_DSA_KEY 129 --#define EVP_R_EXPECTING_A_ECDSA_KEY 141 --#define EVP_R_EXPECTING_A_EC_KEY 142 --#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 --#define EVP_R_INITIALIZATION_ERROR 134 --#define EVP_R_INPUT_NOT_INITIALIZED 111 --#define EVP_R_INVALID_FIPS_MODE 148 --#define EVP_R_INVALID_KEY_LENGTH 130 --#define EVP_R_IV_TOO_LARGE 102 --#define EVP_R_KEYGEN_FAILURE 120 --#define EVP_R_MISSING_PARAMETERS 103 --#define EVP_R_NO_CIPHER_SET 131 --#define EVP_R_NO_DIGEST_SET 139 --#define EVP_R_NO_DSA_PARAMETERS 116 --#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 --#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 --#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 --#define EVP_R_PUBLIC_KEY_NOT_RSA 106 --#define EVP_R_UNKNOWN_OPTION 149 --#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 --#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 --#define EVP_R_UNSUPPORTED_CIPHER 107 --#define EVP_R_UNSUPPORTED_KEYLENGTH 123 --#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 --#define EVP_R_UNSUPPORTED_KEY_SIZE 108 --#define EVP_R_UNSUPPORTED_PRF 125 --#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 --#define EVP_R_UNSUPPORTED_SALT_TYPE 126 --#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 --#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 --#define EVP_R_SEED_KEY_SETUP_FAILED 162 -+# define EVP_R_AES_KEY_SETUP_FAILED 143 -+# define EVP_R_ASN1_LIB 140 -+# define EVP_R_BAD_BLOCK_LENGTH 136 -+# define EVP_R_BAD_DECRYPT 100 -+# define EVP_R_BAD_KEY_LENGTH 137 -+# define EVP_R_BN_DECODE_ERROR 112 -+# define EVP_R_BN_PUBKEY_ERROR 113 -+# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 -+# define EVP_R_CIPHER_PARAMETER_ERROR 122 -+# define EVP_R_CTRL_NOT_IMPLEMENTED 132 -+# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 -+# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 -+# define EVP_R_DECODE_ERROR 114 -+# define EVP_R_DIFFERENT_KEY_TYPES 101 -+# define EVP_R_DISABLED_FOR_FIPS 144 -+# define EVP_R_ENCODE_ERROR 115 -+# define EVP_R_ERROR_LOADING_SECTION 145 -+# define EVP_R_ERROR_SETTING_FIPS_MODE 146 -+# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 -+# define EVP_R_EXPECTING_AN_RSA_KEY 127 -+# define EVP_R_EXPECTING_A_DH_KEY 128 -+# define EVP_R_EXPECTING_A_DSA_KEY 129 -+# define EVP_R_EXPECTING_A_ECDSA_KEY 141 -+# define EVP_R_EXPECTING_A_EC_KEY 142 -+# define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 -+# define EVP_R_INITIALIZATION_ERROR 134 -+# define EVP_R_INPUT_NOT_INITIALIZED 111 -+# define EVP_R_INVALID_FIPS_MODE 148 -+# define EVP_R_INVALID_KEY_LENGTH 130 -+# define EVP_R_IV_TOO_LARGE 102 -+# define EVP_R_KEYGEN_FAILURE 120 -+# define EVP_R_MISSING_PARAMETERS 103 -+# define EVP_R_NO_CIPHER_SET 131 -+# define EVP_R_NO_DIGEST_SET 139 -+# define EVP_R_NO_DSA_PARAMETERS 116 -+# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 -+# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 -+# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 -+# define EVP_R_PUBLIC_KEY_NOT_RSA 106 -+# define EVP_R_UNKNOWN_OPTION 149 -+# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 -+# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 -+# define EVP_R_UNSUPPORTED_CIPHER 107 -+# define EVP_R_UNSUPPORTED_KEYLENGTH 123 -+# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 -+# define EVP_R_UNSUPPORTED_KEY_SIZE 108 -+# define EVP_R_UNSUPPORTED_PRF 125 -+# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 -+# define EVP_R_UNSUPPORTED_SALT_TYPE 126 -+# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 -+# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 -+# define EVP_R_SEED_KEY_SETUP_FAILED 162 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/hmac.h b/Cryptlib/Include/openssl/hmac.h -index fc38ffb..fcc2d0f 100644 ---- a/Cryptlib/Include/openssl/hmac.h -+++ b/Cryptlib/Include/openssl/hmac.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,56 +49,55 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - #ifndef HEADER_HMAC_H --#define HEADER_HMAC_H -+# define HEADER_HMAC_H - --#include -+# include - --#ifdef OPENSSL_NO_HMAC --#error HMAC is disabled. --#endif -+# ifdef OPENSSL_NO_HMAC -+# error HMAC is disabled. -+# endif - --#include -+# include - --#define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */ -+# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct hmac_ctx_st -- { -- const EVP_MD *md; -- EVP_MD_CTX md_ctx; -- EVP_MD_CTX i_ctx; -- EVP_MD_CTX o_ctx; -- unsigned int key_length; -- unsigned char key[HMAC_MAX_MD_CBLOCK]; -- } HMAC_CTX; -- --#define HMAC_size(e) (EVP_MD_size((e)->md)) -+typedef struct hmac_ctx_st { -+ const EVP_MD *md; -+ EVP_MD_CTX md_ctx; -+ EVP_MD_CTX i_ctx; -+ EVP_MD_CTX o_ctx; -+ unsigned int key_length; -+ unsigned char key[HMAC_MAX_MD_CBLOCK]; -+} HMAC_CTX; - -+# define HMAC_size(e) (EVP_MD_size((e)->md)) - - void HMAC_CTX_init(HMAC_CTX *ctx); - void HMAC_CTX_cleanup(HMAC_CTX *ctx); - --#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ -+/* deprecated */ -+# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) - --void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, -- const EVP_MD *md); /* deprecated */ -+/* deprecated */ -+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); - void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, -- const EVP_MD *md, ENGINE *impl); -+ const EVP_MD *md, ENGINE *impl); - void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); - void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); - unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, -- const unsigned char *d, size_t n, unsigned char *md, -- unsigned int *md_len); -+ const unsigned char *d, size_t n, unsigned char *md, -+ unsigned int *md_len); - - void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); - -diff --git a/Cryptlib/Include/openssl/idea.h b/Cryptlib/Include/openssl/idea.h -index a137d4c..60d2d95 100644 ---- a/Cryptlib/Include/openssl/idea.h -+++ b/Cryptlib/Include/openssl/idea.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,44 +57,46 @@ - */ - - #ifndef HEADER_IDEA_H --#define HEADER_IDEA_H -+# define HEADER_IDEA_H - --#include /* IDEA_INT, OPENSSL_NO_IDEA */ -+# include /* IDEA_INT, OPENSSL_NO_IDEA */ - --#ifdef OPENSSL_NO_IDEA --#error IDEA is disabled. --#endif -+# ifdef OPENSSL_NO_IDEA -+# error IDEA is disabled. -+# endif - --#define IDEA_ENCRYPT 1 --#define IDEA_DECRYPT 0 -+# define IDEA_ENCRYPT 1 -+# define IDEA_DECRYPT 0 - --#define IDEA_BLOCK 8 --#define IDEA_KEY_LENGTH 16 -+# define IDEA_BLOCK 8 -+# define IDEA_KEY_LENGTH 16 - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct idea_key_st -- { -- IDEA_INT data[9][6]; -- } IDEA_KEY_SCHEDULE; -+typedef struct idea_key_st { -+ IDEA_INT data[9][6]; -+} IDEA_KEY_SCHEDULE; - - const char *idea_options(void); - void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, -- IDEA_KEY_SCHEDULE *ks); --#ifdef OPENSSL_FIPS --void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); --#endif -+ IDEA_KEY_SCHEDULE *ks); -+# ifdef OPENSSL_FIPS -+void private_idea_set_encrypt_key(const unsigned char *key, -+ IDEA_KEY_SCHEDULE *ks); -+# endif - void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); - void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); - void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, -- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); -+ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, -+ int enc); - void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, -- int *num,int enc); -+ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, -+ int *num, int enc); - void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); -+ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, -+ int *num); - void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/krb5_asn.h b/Cryptlib/Include/openssl/krb5_asn.h -index 41725d0..9cf5a26 100644 ---- a/Cryptlib/Include/openssl/krb5_asn.h -+++ b/Cryptlib/Include/openssl/krb5_asn.h -@@ -1,7 +1,8 @@ - /* krb5_asn.h */ --/* Written by Vern Staats for the OpenSSL project, --** using ocsp/{*.h,*asn*.c} as a starting point --*/ -+/* -+ * Written by Vern Staats for the OpenSSL project, ** -+ * using ocsp/{*.h,*asn*.c} as a starting point -+ */ - - /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -@@ -11,7 +12,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,177 +59,161 @@ - */ - - #ifndef HEADER_KRB5_ASN_H --#define HEADER_KRB5_ASN_H -+# define HEADER_KRB5_ASN_H - - /* --#include --*/ --#include -+ * #include -+ */ -+# include - - #ifdef __cplusplus - extern "C" { - #endif - -+/* -+ * ASN.1 from Kerberos RFC 1510 -+ */ - --/* ASN.1 from Kerberos RFC 1510 --*/ -- --/* EncryptedData ::= SEQUENCE { --** etype[0] INTEGER, -- EncryptionType --** kvno[1] INTEGER OPTIONAL, --** cipher[2] OCTET STRING -- ciphertext --** } --*/ --typedef struct krb5_encdata_st -- { -- ASN1_INTEGER *etype; -- ASN1_INTEGER *kvno; -- ASN1_OCTET_STRING *cipher; -- } KRB5_ENCDATA; -+/*- EncryptedData ::= SEQUENCE { -+ * etype[0] INTEGER, -- EncryptionType -+ * kvno[1] INTEGER OPTIONAL, -+ * cipher[2] OCTET STRING -- ciphertext -+ * } -+ */ -+typedef struct krb5_encdata_st { -+ ASN1_INTEGER *etype; -+ ASN1_INTEGER *kvno; -+ ASN1_OCTET_STRING *cipher; -+} KRB5_ENCDATA; - - DECLARE_STACK_OF(KRB5_ENCDATA) - --/* PrincipalName ::= SEQUENCE { --** name-type[0] INTEGER, --** name-string[1] SEQUENCE OF GeneralString --** } --*/ --typedef struct krb5_princname_st -- { -- ASN1_INTEGER *nametype; -- STACK_OF(ASN1_GENERALSTRING) *namestring; -- } KRB5_PRINCNAME; -+/*- PrincipalName ::= SEQUENCE { -+ * name-type[0] INTEGER, -+ * name-string[1] SEQUENCE OF GeneralString -+ * } -+ */ -+typedef struct krb5_princname_st { -+ ASN1_INTEGER *nametype; -+ STACK_OF(ASN1_GENERALSTRING) *namestring; -+} KRB5_PRINCNAME; - - DECLARE_STACK_OF(KRB5_PRINCNAME) - -- --/* Ticket ::= [APPLICATION 1] SEQUENCE { --** tkt-vno[0] INTEGER, --** realm[1] Realm, --** sname[2] PrincipalName, --** enc-part[3] EncryptedData --** } --*/ --typedef struct krb5_tktbody_st -- { -- ASN1_INTEGER *tktvno; -- ASN1_GENERALSTRING *realm; -- KRB5_PRINCNAME *sname; -- KRB5_ENCDATA *encdata; -- } KRB5_TKTBODY; -+/*- Ticket ::= [APPLICATION 1] SEQUENCE { -+ * tkt-vno[0] INTEGER, -+ * realm[1] Realm, -+ * sname[2] PrincipalName, -+ * enc-part[3] EncryptedData -+ * } -+ */ -+typedef struct krb5_tktbody_st { -+ ASN1_INTEGER *tktvno; -+ ASN1_GENERALSTRING *realm; -+ KRB5_PRINCNAME *sname; -+ KRB5_ENCDATA *encdata; -+} KRB5_TKTBODY; - - typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; - DECLARE_STACK_OF(KRB5_TKTBODY) - -- --/* AP-REQ ::= [APPLICATION 14] SEQUENCE { --** pvno[0] INTEGER, --** msg-type[1] INTEGER, --** ap-options[2] APOptions, --** ticket[3] Ticket, --** authenticator[4] EncryptedData --** } --** --** APOptions ::= BIT STRING { --** reserved(0), use-session-key(1), mutual-required(2) } --*/ --typedef struct krb5_ap_req_st -- { -- ASN1_INTEGER *pvno; -- ASN1_INTEGER *msgtype; -- ASN1_BIT_STRING *apoptions; -- KRB5_TICKET *ticket; -- KRB5_ENCDATA *authenticator; -- } KRB5_APREQBODY; -+/*- AP-REQ ::= [APPLICATION 14] SEQUENCE { -+ * pvno[0] INTEGER, -+ * msg-type[1] INTEGER, -+ * ap-options[2] APOptions, -+ * ticket[3] Ticket, -+ * authenticator[4] EncryptedData -+ * } -+ * -+ * APOptions ::= BIT STRING { -+ * reserved(0), use-session-key(1), mutual-required(2) } -+ */ -+typedef struct krb5_ap_req_st { -+ ASN1_INTEGER *pvno; -+ ASN1_INTEGER *msgtype; -+ ASN1_BIT_STRING *apoptions; -+ KRB5_TICKET *ticket; -+ KRB5_ENCDATA *authenticator; -+} KRB5_APREQBODY; - - typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; - DECLARE_STACK_OF(KRB5_APREQBODY) - -+/* Authenticator Stuff */ - --/* Authenticator Stuff */ -- -- --/* Checksum ::= SEQUENCE { --** cksumtype[0] INTEGER, --** checksum[1] OCTET STRING --** } --*/ --typedef struct krb5_checksum_st -- { -- ASN1_INTEGER *ctype; -- ASN1_OCTET_STRING *checksum; -- } KRB5_CHECKSUM; -+/*- Checksum ::= SEQUENCE { -+ * cksumtype[0] INTEGER, -+ * checksum[1] OCTET STRING -+ * } -+ */ -+typedef struct krb5_checksum_st { -+ ASN1_INTEGER *ctype; -+ ASN1_OCTET_STRING *checksum; -+} KRB5_CHECKSUM; - - DECLARE_STACK_OF(KRB5_CHECKSUM) - -- --/* EncryptionKey ::= SEQUENCE { --** keytype[0] INTEGER, --** keyvalue[1] OCTET STRING --** } --*/ --typedef struct krb5_encryptionkey_st -- { -- ASN1_INTEGER *ktype; -- ASN1_OCTET_STRING *keyvalue; -- } KRB5_ENCKEY; -+/*- EncryptionKey ::= SEQUENCE { -+ * keytype[0] INTEGER, -+ * keyvalue[1] OCTET STRING -+ * } -+ */ -+typedef struct krb5_encryptionkey_st { -+ ASN1_INTEGER *ktype; -+ ASN1_OCTET_STRING *keyvalue; -+} KRB5_ENCKEY; - - DECLARE_STACK_OF(KRB5_ENCKEY) - -- --/* AuthorizationData ::= SEQUENCE OF SEQUENCE { --** ad-type[0] INTEGER, --** ad-data[1] OCTET STRING --** } --*/ --typedef struct krb5_authorization_st -- { -- ASN1_INTEGER *adtype; -- ASN1_OCTET_STRING *addata; -- } KRB5_AUTHDATA; -+/*- AuthorizationData ::= SEQUENCE OF SEQUENCE { -+ * ad-type[0] INTEGER, -+ * ad-data[1] OCTET STRING -+ * } -+ */ -+typedef struct krb5_authorization_st { -+ ASN1_INTEGER *adtype; -+ ASN1_OCTET_STRING *addata; -+} KRB5_AUTHDATA; - - DECLARE_STACK_OF(KRB5_AUTHDATA) - -- --/* -- Unencrypted authenticator --** Authenticator ::= [APPLICATION 2] SEQUENCE { --** authenticator-vno[0] INTEGER, --** crealm[1] Realm, --** cname[2] PrincipalName, --** cksum[3] Checksum OPTIONAL, --** cusec[4] INTEGER, --** ctime[5] KerberosTime, --** subkey[6] EncryptionKey OPTIONAL, --** seq-number[7] INTEGER OPTIONAL, --** authorization-data[8] AuthorizationData OPTIONAL --** } --*/ --typedef struct krb5_authenticator_st -- { -- ASN1_INTEGER *avno; -- ASN1_GENERALSTRING *crealm; -- KRB5_PRINCNAME *cname; -- KRB5_CHECKSUM *cksum; -- ASN1_INTEGER *cusec; -- ASN1_GENERALIZEDTIME *ctime; -- KRB5_ENCKEY *subkey; -- ASN1_INTEGER *seqnum; -- KRB5_AUTHDATA *authorization; -- } KRB5_AUTHENTBODY; -+/*- -- Unencrypted authenticator -+ * Authenticator ::= [APPLICATION 2] SEQUENCE { -+ * authenticator-vno[0] INTEGER, -+ * crealm[1] Realm, -+ * cname[2] PrincipalName, -+ * cksum[3] Checksum OPTIONAL, -+ * cusec[4] INTEGER, -+ * ctime[5] KerberosTime, -+ * subkey[6] EncryptionKey OPTIONAL, -+ * seq-number[7] INTEGER OPTIONAL, -+ * authorization-data[8] AuthorizationData OPTIONAL -+ * } -+ */ -+typedef struct krb5_authenticator_st { -+ ASN1_INTEGER *avno; -+ ASN1_GENERALSTRING *crealm; -+ KRB5_PRINCNAME *cname; -+ KRB5_CHECKSUM *cksum; -+ ASN1_INTEGER *cusec; -+ ASN1_GENERALIZEDTIME *ctime; -+ KRB5_ENCKEY *subkey; -+ ASN1_INTEGER *seqnum; -+ KRB5_AUTHDATA *authorization; -+} KRB5_AUTHENTBODY; - - typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; - DECLARE_STACK_OF(KRB5_AUTHENTBODY) - -- --/* DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = --** type *name##_new(void); --** void name##_free(type *a); --** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = --** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = --** type *d2i_##name(type **a, const unsigned char **in, long len); --** int i2d_##name(type *a, unsigned char **out); --** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it --*/ -+/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = -+ * type *name##_new(void); -+ * void name##_free(type *a); -+ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = -+ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = -+ * type *d2i_##name(type **a, const unsigned char **in, long len); -+ * int i2d_##name(type *a, unsigned char **out); -+ * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it -+ */ - - DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) - DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) -@@ -243,9 +228,9 @@ DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) - DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) - DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) - -- - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -@@ -253,4 +238,3 @@ DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) - } - #endif - #endif -- -diff --git a/Cryptlib/Include/openssl/kssl.h b/Cryptlib/Include/openssl/kssl.h -index a3d20e1..931b4a7 100644 ---- a/Cryptlib/Include/openssl/kssl.h -+++ b/Cryptlib/Include/openssl/kssl.h -@@ -1,6 +1,7 @@ - /* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ --/* Written by Vern Staats for the OpenSSL project 2000. -- * project 2000. -+/* -+ * Written by Vern Staats for the OpenSSL project -+ * 2000. project 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,97 +58,96 @@ - */ - - /* --** 19990701 VRS Started. --*/ -+ ** 19990701 VRS Started. -+ */ - --#ifndef KSSL_H --#define KSSL_H -+#ifndef KSSL_H -+# define KSSL_H - --#include -+# include - --#ifndef OPENSSL_NO_KRB5 -+# ifndef OPENSSL_NO_KRB5 - --#include --#include --#include -+# include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - - /* --** Depending on which KRB5 implementation used, some types from --** the other may be missing. Resolve that here and now --*/ --#ifdef KRB5_HEIMDAL -+ * Depending on which KRB5 implementation used, some types from -+ * the other may be missing. Resolve that here and now -+ */ -+# ifdef KRB5_HEIMDAL - typedef unsigned char krb5_octet; --#define FAR --#else -+# define FAR -+# else - --#ifndef FAR --#define FAR --#endif -+# ifndef FAR -+# define FAR -+# endif - --#endif -+# endif -+ -+/*- -+ * Uncomment this to debug kssl problems or -+ * to trace usage of the Kerberos session key -+ * -+ * #define KSSL_DEBUG -+ */ - --/* Uncomment this to debug kssl problems or --** to trace usage of the Kerberos session key --** --** #define KSSL_DEBUG --*/ -+# ifndef KRB5SVC -+# define KRB5SVC "host" -+# endif - --#ifndef KRB5SVC --#define KRB5SVC "host" --#endif -+# ifndef KRB5KEYTAB -+# define KRB5KEYTAB "/etc/krb5.keytab" -+# endif - --#ifndef KRB5KEYTAB --#define KRB5KEYTAB "/etc/krb5.keytab" --#endif -+# ifndef KRB5SENDAUTH -+# define KRB5SENDAUTH 1 -+# endif - --#ifndef KRB5SENDAUTH --#define KRB5SENDAUTH 1 --#endif -+# ifndef KRB5CHECKAUTH -+# define KRB5CHECKAUTH 1 -+# endif - --#ifndef KRB5CHECKAUTH --#define KRB5CHECKAUTH 1 --#endif -+# ifndef KSSL_CLOCKSKEW -+# define KSSL_CLOCKSKEW 300; -+# endif - --#ifndef KSSL_CLOCKSKEW --#define KSSL_CLOCKSKEW 300; --#endif -+# define KSSL_ERR_MAX 255 -+typedef struct kssl_err_st { -+ int reason; -+ char text[KSSL_ERR_MAX + 1]; -+} KSSL_ERR; - --#define KSSL_ERR_MAX 255 --typedef struct kssl_err_st { -- int reason; -- char text[KSSL_ERR_MAX+1]; -- } KSSL_ERR; -- -- --/* Context for passing --** (1) Kerberos session key to SSL, and --** (2) Config data between application and SSL lib --*/ --typedef struct kssl_ctx_st -- { -- /* used by: disposition: */ -- char *service_name; /* C,S default ok (kssl) */ -- char *service_host; /* C input, REQUIRED */ -- char *client_princ; /* S output from krb5 ticket */ -- char *keytab_file; /* S NULL (/etc/krb5.keytab) */ -- char *cred_cache; /* C NULL (default) */ -- krb5_enctype enctype; -- int length; -- krb5_octet FAR *key; -- } KSSL_CTX; -- --#define KSSL_CLIENT 1 --#define KSSL_SERVER 2 --#define KSSL_SERVICE 3 --#define KSSL_KEYTAB 4 -- --#define KSSL_CTX_OK 0 --#define KSSL_CTX_ERR 1 --#define KSSL_NOMEM 2 -+/*- Context for passing -+ * (1) Kerberos session key to SSL, and -+ * (2) Config data between application and SSL lib -+ */ -+typedef struct kssl_ctx_st { -+ /* used by: disposition: */ -+ char *service_name; /* C,S default ok (kssl) */ -+ char *service_host; /* C input, REQUIRED */ -+ char *client_princ; /* S output from krb5 ticket */ -+ char *keytab_file; /* S NULL (/etc/krb5.keytab) */ -+ char *cred_cache; /* C NULL (default) */ -+ krb5_enctype enctype; -+ int length; -+ krb5_octet FAR *key; -+} KSSL_CTX; -+ -+# define KSSL_CLIENT 1 -+# define KSSL_SERVER 2 -+# define KSSL_SERVICE 3 -+# define KSSL_KEYTAB 4 -+ -+# define KSSL_CTX_OK 0 -+# define KSSL_CTX_ERR 1 -+# define KSSL_NOMEM 2 - - /* Public (for use by applications that use OpenSSL with Kerberos 5 support */ - krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); -@@ -155,25 +155,29 @@ KSSL_CTX *kssl_ctx_new(void); - KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); - void kssl_ctx_show(KSSL_CTX *kssl_ctx); - krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, -- krb5_data *realm, krb5_data *entity, int nentities); --krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, -- krb5_data *authenp, KSSL_ERR *kssl_err); --krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, -- krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); -+ krb5_data *realm, krb5_data *entity, -+ int nentities); -+krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, -+ krb5_data *authenp, KSSL_ERR *kssl_err); -+krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, -+ krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); - krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); --void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); -+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); - void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); --krb5_error_code kssl_build_principal_2(krb5_context context, -- krb5_principal *princ, int rlen, const char *realm, -- int slen, const char *svc, int hlen, const char *host); --krb5_error_code kssl_validate_times(krb5_timestamp atime, -- krb5_ticket_times *ttimes); --krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, -- krb5_timestamp *atimep, KSSL_ERR *kssl_err); --unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); -+krb5_error_code kssl_build_principal_2(krb5_context context, -+ krb5_principal *princ, int rlen, -+ const char *realm, int slen, -+ const char *svc, int hlen, -+ const char *host); -+krb5_error_code kssl_validate_times(krb5_timestamp atime, -+ krb5_ticket_times *ttimes); -+krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, -+ krb5_timestamp *atimep, -+ KSSL_ERR *kssl_err); -+unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); - - #ifdef __cplusplus - } - #endif --#endif /* OPENSSL_NO_KRB5 */ --#endif /* KSSL_H */ -+# endif /* OPENSSL_NO_KRB5 */ -+#endif /* KSSL_H */ -diff --git a/Cryptlib/Include/openssl/lhash.h b/Cryptlib/Include/openssl/lhash.h -index d392d0c..4374be2 100644 ---- a/Cryptlib/Include/openssl/lhash.h -+++ b/Cryptlib/Include/openssl/lhash.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,127 +49,127 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* Header for dynamic hash table routines -- * Author - Eric Young -+/* -+ * Header for dynamic hash table routines Author - Eric Young - */ - - #ifndef HEADER_LHASH_H --#define HEADER_LHASH_H -+# define HEADER_LHASH_H - --#include --#ifndef OPENSSL_NO_FP_API --#include --#endif -+# include -+# ifndef OPENSSL_NO_FP_API -+# include -+# endif - --#ifndef OPENSSL_NO_BIO --#include --#endif -+# ifndef OPENSSL_NO_BIO -+# include -+# endif - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct lhash_node_st -- { -- void *data; -- struct lhash_node_st *next; --#ifndef OPENSSL_NO_HASH_COMP -- unsigned long hash; --#endif -- } LHASH_NODE; -- --typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); --typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); --typedef void (*LHASH_DOALL_FN_TYPE)(void *); --typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); -- --/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. -- * This way, callbacks can be provided to LHASH structures without function -- * pointer casting and the macro-defined callbacks provide per-variable casting -- * before deferring to the underlying type-specific callbacks. NB: It is -- * possible to place a "static" in front of both the DECLARE and IMPLEMENT -- * macros if the functions are strictly internal. */ -+typedef struct lhash_node_st { -+ void *data; -+ struct lhash_node_st *next; -+# ifndef OPENSSL_NO_HASH_COMP -+ unsigned long hash; -+# endif -+} LHASH_NODE; -+ -+typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *); -+typedef unsigned long (*LHASH_HASH_FN_TYPE) (const void *); -+typedef void (*LHASH_DOALL_FN_TYPE) (void *); -+typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *); -+ -+/* -+ * Macros for declaring and implementing type-safe wrappers for LHASH -+ * callbacks. This way, callbacks can be provided to LHASH structures without -+ * function pointer casting and the macro-defined callbacks provide -+ * per-variable casting before deferring to the underlying type-specific -+ * callbacks. NB: It is possible to place a "static" in front of both the -+ * DECLARE and IMPLEMENT macros if the functions are strictly internal. -+ */ - - /* First: "hash" functions */ --#define DECLARE_LHASH_HASH_FN(f_name,o_type) \ -- unsigned long f_name##_LHASH_HASH(const void *); --#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ -- unsigned long f_name##_LHASH_HASH(const void *arg) { \ -- o_type a = (o_type)arg; \ -- return f_name(a); } --#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH -+# define DECLARE_LHASH_HASH_FN(f_name,o_type) \ -+ unsigned long f_name##_LHASH_HASH(const void *); -+# define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ -+ unsigned long f_name##_LHASH_HASH(const void *arg) { \ -+ o_type a = (o_type)arg; \ -+ return f_name(a); } -+# define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH - - /* Second: "compare" functions */ --#define DECLARE_LHASH_COMP_FN(f_name,o_type) \ -- int f_name##_LHASH_COMP(const void *, const void *); --#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ -- int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ -- o_type a = (o_type)arg1; \ -- o_type b = (o_type)arg2; \ -- return f_name(a,b); } --#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP -+# define DECLARE_LHASH_COMP_FN(f_name,o_type) \ -+ int f_name##_LHASH_COMP(const void *, const void *); -+# define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ -+ int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ -+ o_type a = (o_type)arg1; \ -+ o_type b = (o_type)arg2; \ -+ return f_name(a,b); } -+# define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP - - /* Third: "doall" functions */ --#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ -- void f_name##_LHASH_DOALL(void *); --#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ -- void f_name##_LHASH_DOALL(void *arg) { \ -- o_type a = (o_type)arg; \ -- f_name(a); } --#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL -+# define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ -+ void f_name##_LHASH_DOALL(void *); -+# define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ -+ void f_name##_LHASH_DOALL(void *arg) { \ -+ o_type a = (o_type)arg; \ -+ f_name(a); } -+# define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL - - /* Fourth: "doall_arg" functions */ --#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ -- void f_name##_LHASH_DOALL_ARG(void *, void *); --#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ -- void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ -- o_type a = (o_type)arg1; \ -- a_type b = (a_type)arg2; \ -- f_name(a,b); } --#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG -- --typedef struct lhash_st -- { -- LHASH_NODE **b; -- LHASH_COMP_FN_TYPE comp; -- LHASH_HASH_FN_TYPE hash; -- unsigned int num_nodes; -- unsigned int num_alloc_nodes; -- unsigned int p; -- unsigned int pmax; -- unsigned long up_load; /* load times 256 */ -- unsigned long down_load; /* load times 256 */ -- unsigned long num_items; -- -- unsigned long num_expands; -- unsigned long num_expand_reallocs; -- unsigned long num_contracts; -- unsigned long num_contract_reallocs; -- unsigned long num_hash_calls; -- unsigned long num_comp_calls; -- unsigned long num_insert; -- unsigned long num_replace; -- unsigned long num_delete; -- unsigned long num_no_delete; -- unsigned long num_retrieve; -- unsigned long num_retrieve_miss; -- unsigned long num_hash_comps; -- -- int error; -- } LHASH; -- --#define LH_LOAD_MULT 256 -- --/* Indicates a malloc() error in the last call, this is only bad -- * in lh_insert(). */ --#define lh_error(lh) ((lh)->error) -+# define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ -+ void f_name##_LHASH_DOALL_ARG(void *, void *); -+# define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ -+ void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ -+ o_type a = (o_type)arg1; \ -+ a_type b = (a_type)arg2; \ -+ f_name(a,b); } -+# define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG -+ -+typedef struct lhash_st { -+ LHASH_NODE **b; -+ LHASH_COMP_FN_TYPE comp; -+ LHASH_HASH_FN_TYPE hash; -+ unsigned int num_nodes; -+ unsigned int num_alloc_nodes; -+ unsigned int p; -+ unsigned int pmax; -+ unsigned long up_load; /* load times 256 */ -+ unsigned long down_load; /* load times 256 */ -+ unsigned long num_items; -+ unsigned long num_expands; -+ unsigned long num_expand_reallocs; -+ unsigned long num_contracts; -+ unsigned long num_contract_reallocs; -+ unsigned long num_hash_calls; -+ unsigned long num_comp_calls; -+ unsigned long num_insert; -+ unsigned long num_replace; -+ unsigned long num_delete; -+ unsigned long num_no_delete; -+ unsigned long num_retrieve; -+ unsigned long num_retrieve_miss; -+ unsigned long num_hash_comps; -+ int error; -+} LHASH; -+ -+# define LH_LOAD_MULT 256 -+ -+/* -+ * Indicates a malloc() error in the last call, this is only bad in -+ * lh_insert(). -+ */ -+# define lh_error(lh) ((lh)->error) - - LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); - void lh_free(LHASH *lh); -@@ -181,20 +181,19 @@ void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); - unsigned long lh_strhash(const char *c); - unsigned long lh_num_items(const LHASH *lh); - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - void lh_stats(const LHASH *lh, FILE *out); - void lh_node_stats(const LHASH *lh, FILE *out); - void lh_node_usage_stats(const LHASH *lh, FILE *out); --#endif -+# endif - --#ifndef OPENSSL_NO_BIO -+# ifndef OPENSSL_NO_BIO - void lh_stats_bio(const LHASH *lh, BIO *out); - void lh_node_stats_bio(const LHASH *lh, BIO *out); - void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); --#endif -+# endif - #ifdef __cplusplus - } - #endif - - #endif -- -diff --git a/Cryptlib/Include/openssl/md2.h b/Cryptlib/Include/openssl/md2.h -index d59c9f2..b568d3f 100644 ---- a/Cryptlib/Include/openssl/md2.h -+++ b/Cryptlib/Include/openssl/md2.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,37 +57,36 @@ - */ - - #ifndef HEADER_MD2_H --#define HEADER_MD2_H -+# define HEADER_MD2_H - --#include /* OPENSSL_NO_MD2, MD2_INT */ --#ifdef OPENSSL_NO_MD2 --#error MD2 is disabled. --#endif --#include -+# include /* OPENSSL_NO_MD2, MD2_INT */ -+# ifdef OPENSSL_NO_MD2 -+# error MD2 is disabled. -+# endif -+# include - --#define MD2_DIGEST_LENGTH 16 --#define MD2_BLOCK 16 -+# define MD2_DIGEST_LENGTH 16 -+# define MD2_BLOCK 16 - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct MD2state_st -- { -- unsigned int num; -- unsigned char data[MD2_BLOCK]; -- MD2_INT cksm[MD2_BLOCK]; -- MD2_INT state[MD2_BLOCK]; -- } MD2_CTX; -+typedef struct MD2state_st { -+ unsigned int num; -+ unsigned char data[MD2_BLOCK]; -+ MD2_INT cksm[MD2_BLOCK]; -+ MD2_INT state[MD2_BLOCK]; -+} MD2_CTX; - - const char *MD2_options(void); --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - int private_MD2_Init(MD2_CTX *c); --#endif -+# endif - int MD2_Init(MD2_CTX *c); - int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); - int MD2_Final(unsigned char *md, MD2_CTX *c); --unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md); -+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); - #ifdef __cplusplus - } - #endif -diff --git a/Cryptlib/Include/openssl/md4.h b/Cryptlib/Include/openssl/md4.h -index ba1fe4a..a99d20a 100644 ---- a/Cryptlib/Include/openssl/md4.h -+++ b/Cryptlib/Include/openssl/md4.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,57 +57,56 @@ - */ - - #ifndef HEADER_MD4_H --#define HEADER_MD4_H -+# define HEADER_MD4_H - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#ifdef OPENSSL_NO_MD4 --#error MD4 is disabled. --#endif -+# ifdef OPENSSL_NO_MD4 -+# error MD4 is disabled. -+# endif - --/* -+/*- - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! -- * ! MD4_LONG_LOG2 has to be defined along. ! -+ * ! MD4_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ - --#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) --#define MD4_LONG unsigned long --#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) --#define MD4_LONG unsigned long --#define MD4_LONG_LOG2 3 -+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -+# define MD4_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define MD4_LONG unsigned long -+# define MD4_LONG_LOG2 3 - /* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... -- * -+ * - */ --#else --#define MD4_LONG unsigned int --#endif -+# else -+# define MD4_LONG unsigned int -+# endif - --#define MD4_CBLOCK 64 --#define MD4_LBLOCK (MD4_CBLOCK/4) --#define MD4_DIGEST_LENGTH 16 -+# define MD4_CBLOCK 64 -+# define MD4_LBLOCK (MD4_CBLOCK/4) -+# define MD4_DIGEST_LENGTH 16 - --typedef struct MD4state_st -- { -- MD4_LONG A,B,C,D; -- MD4_LONG Nl,Nh; -- MD4_LONG data[MD4_LBLOCK]; -- unsigned int num; -- } MD4_CTX; -+typedef struct MD4state_st { -+ MD4_LONG A, B, C, D; -+ MD4_LONG Nl, Nh; -+ MD4_LONG data[MD4_LBLOCK]; -+ unsigned int num; -+} MD4_CTX; - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - int private_MD4_Init(MD4_CTX *c); --#endif -+# endif - int MD4_Init(MD4_CTX *c); - int MD4_Update(MD4_CTX *c, const void *data, size_t len); - int MD4_Final(unsigned char *md, MD4_CTX *c); -diff --git a/Cryptlib/Include/openssl/md5.h b/Cryptlib/Include/openssl/md5.h -index 0761f84..87a9c9e 100644 ---- a/Cryptlib/Include/openssl/md5.h -+++ b/Cryptlib/Include/openssl/md5.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,57 +57,56 @@ - */ - - #ifndef HEADER_MD5_H --#define HEADER_MD5_H -+# define HEADER_MD5_H - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#ifdef OPENSSL_NO_MD5 --#error MD5 is disabled. --#endif -+# ifdef OPENSSL_NO_MD5 -+# error MD5 is disabled. -+# endif - - /* - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! -- * ! MD5_LONG_LOG2 has to be defined along. ! -+ * ! MD5_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ - --#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) --#define MD5_LONG unsigned long --#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) --#define MD5_LONG unsigned long --#define MD5_LONG_LOG2 3 -+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -+# define MD5_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define MD5_LONG unsigned long -+# define MD5_LONG_LOG2 3 - /* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... -- * -+ * - */ --#else --#define MD5_LONG unsigned int --#endif -+# else -+# define MD5_LONG unsigned int -+# endif - --#define MD5_CBLOCK 64 --#define MD5_LBLOCK (MD5_CBLOCK/4) --#define MD5_DIGEST_LENGTH 16 -+# define MD5_CBLOCK 64 -+# define MD5_LBLOCK (MD5_CBLOCK/4) -+# define MD5_DIGEST_LENGTH 16 - --typedef struct MD5state_st -- { -- MD5_LONG A,B,C,D; -- MD5_LONG Nl,Nh; -- MD5_LONG data[MD5_LBLOCK]; -- unsigned int num; -- } MD5_CTX; -+typedef struct MD5state_st { -+ MD5_LONG A, B, C, D; -+ MD5_LONG Nl, Nh; -+ MD5_LONG data[MD5_LBLOCK]; -+ unsigned int num; -+} MD5_CTX; - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - int private_MD5_Init(MD5_CTX *c); --#endif -+# endif - int MD5_Init(MD5_CTX *c); - int MD5_Update(MD5_CTX *c, const void *data, size_t len); - int MD5_Final(unsigned char *md, MD5_CTX *c); -diff --git a/Cryptlib/Include/openssl/obj_mac.h b/Cryptlib/Include/openssl/obj_mac.h -index 282f11a..ec6c8ea 100644 ---- a/Cryptlib/Include/openssl/obj_mac.h -+++ b/Cryptlib/Include/openssl/obj_mac.h -@@ -1,8 +1,8 @@ - /* crypto/objects/obj_mac.h */ - --/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the -- * following command: -- * perl objects.pl objects.txt obj_mac.num obj_mac.h -+/* -+ * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following -+ * command: perl objects.pl objects.txt obj_mac.num obj_mac.h - */ - - /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -@@ -11,21 +11,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -40,10 +40,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -55,3860 +55,3859 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --#define SN_undef "UNDEF" --#define LN_undef "undefined" --#define NID_undef 0 --#define OBJ_undef 0L -- --#define SN_itu_t "ITU-T" --#define LN_itu_t "itu-t" --#define NID_itu_t 645 --#define OBJ_itu_t 0L -- --#define NID_ccitt 404 --#define OBJ_ccitt OBJ_itu_t -- --#define SN_iso "ISO" --#define LN_iso "iso" --#define NID_iso 181 --#define OBJ_iso 1L -- --#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" --#define LN_joint_iso_itu_t "joint-iso-itu-t" --#define NID_joint_iso_itu_t 646 --#define OBJ_joint_iso_itu_t 2L -- --#define NID_joint_iso_ccitt 393 --#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t -- --#define SN_member_body "member-body" --#define LN_member_body "ISO Member Body" --#define NID_member_body 182 --#define OBJ_member_body OBJ_iso,2L -- --#define SN_identified_organization "identified-organization" --#define NID_identified_organization 676 --#define OBJ_identified_organization OBJ_iso,3L -- --#define SN_hmac_md5 "HMAC-MD5" --#define LN_hmac_md5 "hmac-md5" --#define NID_hmac_md5 780 --#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L -- --#define SN_hmac_sha1 "HMAC-SHA1" --#define LN_hmac_sha1 "hmac-sha1" --#define NID_hmac_sha1 781 --#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L -- --#define SN_certicom_arc "certicom-arc" --#define NID_certicom_arc 677 --#define OBJ_certicom_arc OBJ_identified_organization,132L -+#define SN_undef "UNDEF" -+#define LN_undef "undefined" -+#define NID_undef 0 -+#define OBJ_undef 0L -+ -+#define SN_itu_t "ITU-T" -+#define LN_itu_t "itu-t" -+#define NID_itu_t 645 -+#define OBJ_itu_t 0L -+ -+#define NID_ccitt 404 -+#define OBJ_ccitt OBJ_itu_t -+ -+#define SN_iso "ISO" -+#define LN_iso "iso" -+#define NID_iso 181 -+#define OBJ_iso 1L -+ -+#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" -+#define LN_joint_iso_itu_t "joint-iso-itu-t" -+#define NID_joint_iso_itu_t 646 -+#define OBJ_joint_iso_itu_t 2L -+ -+#define NID_joint_iso_ccitt 393 -+#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t -+ -+#define SN_member_body "member-body" -+#define LN_member_body "ISO Member Body" -+#define NID_member_body 182 -+#define OBJ_member_body OBJ_iso,2L -+ -+#define SN_identified_organization "identified-organization" -+#define NID_identified_organization 676 -+#define OBJ_identified_organization OBJ_iso,3L -+ -+#define SN_hmac_md5 "HMAC-MD5" -+#define LN_hmac_md5 "hmac-md5" -+#define NID_hmac_md5 780 -+#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L -+ -+#define SN_hmac_sha1 "HMAC-SHA1" -+#define LN_hmac_sha1 "hmac-sha1" -+#define NID_hmac_sha1 781 -+#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L - --#define SN_international_organizations "international-organizations" --#define LN_international_organizations "International Organizations" --#define NID_international_organizations 647 --#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L -+#define SN_certicom_arc "certicom-arc" -+#define NID_certicom_arc 677 -+#define OBJ_certicom_arc OBJ_identified_organization,132L - --#define SN_wap "wap" --#define NID_wap 678 --#define OBJ_wap OBJ_international_organizations,43L -+#define SN_international_organizations "international-organizations" -+#define LN_international_organizations "International Organizations" -+#define NID_international_organizations 647 -+#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L - --#define SN_wap_wsg "wap-wsg" --#define NID_wap_wsg 679 --#define OBJ_wap_wsg OBJ_wap,1L -+#define SN_wap "wap" -+#define NID_wap 678 -+#define OBJ_wap OBJ_international_organizations,43L - --#define SN_selected_attribute_types "selected-attribute-types" --#define LN_selected_attribute_types "Selected Attribute Types" --#define NID_selected_attribute_types 394 --#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L -- --#define SN_clearance "clearance" --#define NID_clearance 395 --#define OBJ_clearance OBJ_selected_attribute_types,55L -- --#define SN_ISO_US "ISO-US" --#define LN_ISO_US "ISO US Member Body" --#define NID_ISO_US 183 --#define OBJ_ISO_US OBJ_member_body,840L -- --#define SN_X9_57 "X9-57" --#define LN_X9_57 "X9.57" --#define NID_X9_57 184 --#define OBJ_X9_57 OBJ_ISO_US,10040L -+#define SN_wap_wsg "wap-wsg" -+#define NID_wap_wsg 679 -+#define OBJ_wap_wsg OBJ_wap,1L - --#define SN_X9cm "X9cm" --#define LN_X9cm "X9.57 CM ?" --#define NID_X9cm 185 --#define OBJ_X9cm OBJ_X9_57,4L -+#define SN_selected_attribute_types "selected-attribute-types" -+#define LN_selected_attribute_types "Selected Attribute Types" -+#define NID_selected_attribute_types 394 -+#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L -+ -+#define SN_clearance "clearance" -+#define NID_clearance 395 -+#define OBJ_clearance OBJ_selected_attribute_types,55L -+ -+#define SN_ISO_US "ISO-US" -+#define LN_ISO_US "ISO US Member Body" -+#define NID_ISO_US 183 -+#define OBJ_ISO_US OBJ_member_body,840L -+ -+#define SN_X9_57 "X9-57" -+#define LN_X9_57 "X9.57" -+#define NID_X9_57 184 -+#define OBJ_X9_57 OBJ_ISO_US,10040L - --#define SN_dsa "DSA" --#define LN_dsa "dsaEncryption" --#define NID_dsa 116 --#define OBJ_dsa OBJ_X9cm,1L -- --#define SN_dsaWithSHA1 "DSA-SHA1" --#define LN_dsaWithSHA1 "dsaWithSHA1" --#define NID_dsaWithSHA1 113 --#define OBJ_dsaWithSHA1 OBJ_X9cm,3L -- --#define SN_ansi_X9_62 "ansi-X9-62" --#define LN_ansi_X9_62 "ANSI X9.62" --#define NID_ansi_X9_62 405 --#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L -- --#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L -- --#define SN_X9_62_prime_field "prime-field" --#define NID_X9_62_prime_field 406 --#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L -- --#define SN_X9_62_characteristic_two_field "characteristic-two-field" --#define NID_X9_62_characteristic_two_field 407 --#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L -- --#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" --#define NID_X9_62_id_characteristic_two_basis 680 --#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L -- --#define SN_X9_62_onBasis "onBasis" --#define NID_X9_62_onBasis 681 --#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L -+#define SN_X9cm "X9cm" -+#define LN_X9cm "X9.57 CM ?" -+#define NID_X9cm 185 -+#define OBJ_X9cm OBJ_X9_57,4L - --#define SN_X9_62_tpBasis "tpBasis" --#define NID_X9_62_tpBasis 682 --#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L -+#define SN_dsa "DSA" -+#define LN_dsa "dsaEncryption" -+#define NID_dsa 116 -+#define OBJ_dsa OBJ_X9cm,1L -+ -+#define SN_dsaWithSHA1 "DSA-SHA1" -+#define LN_dsaWithSHA1 "dsaWithSHA1" -+#define NID_dsaWithSHA1 113 -+#define OBJ_dsaWithSHA1 OBJ_X9cm,3L -+ -+#define SN_ansi_X9_62 "ansi-X9-62" -+#define LN_ansi_X9_62 "ANSI X9.62" -+#define NID_ansi_X9_62 405 -+#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L -+ -+#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L -+ -+#define SN_X9_62_prime_field "prime-field" -+#define NID_X9_62_prime_field 406 -+#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L -+ -+#define SN_X9_62_characteristic_two_field "characteristic-two-field" -+#define NID_X9_62_characteristic_two_field 407 -+#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L -+ -+#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" -+#define NID_X9_62_id_characteristic_two_basis 680 -+#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L -+ -+#define SN_X9_62_onBasis "onBasis" -+#define NID_X9_62_onBasis 681 -+#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L - --#define SN_X9_62_ppBasis "ppBasis" --#define NID_X9_62_ppBasis 683 --#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L -+#define SN_X9_62_tpBasis "tpBasis" -+#define NID_X9_62_tpBasis 682 -+#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L - --#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L -+#define SN_X9_62_ppBasis "ppBasis" -+#define NID_X9_62_ppBasis 683 -+#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L - --#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" --#define NID_X9_62_id_ecPublicKey 408 --#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L -+#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L - --#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L -+#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" -+#define NID_X9_62_id_ecPublicKey 408 -+#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L - --#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L -+#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L - --#define SN_X9_62_c2pnb163v1 "c2pnb163v1" --#define NID_X9_62_c2pnb163v1 684 --#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L -+#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L - --#define SN_X9_62_c2pnb163v2 "c2pnb163v2" --#define NID_X9_62_c2pnb163v2 685 --#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L -+#define SN_X9_62_c2pnb163v1 "c2pnb163v1" -+#define NID_X9_62_c2pnb163v1 684 -+#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L - --#define SN_X9_62_c2pnb163v3 "c2pnb163v3" --#define NID_X9_62_c2pnb163v3 686 --#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L -+#define SN_X9_62_c2pnb163v2 "c2pnb163v2" -+#define NID_X9_62_c2pnb163v2 685 -+#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L - --#define SN_X9_62_c2pnb176v1 "c2pnb176v1" --#define NID_X9_62_c2pnb176v1 687 --#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L -+#define SN_X9_62_c2pnb163v3 "c2pnb163v3" -+#define NID_X9_62_c2pnb163v3 686 -+#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L - --#define SN_X9_62_c2tnb191v1 "c2tnb191v1" --#define NID_X9_62_c2tnb191v1 688 --#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L -+#define SN_X9_62_c2pnb176v1 "c2pnb176v1" -+#define NID_X9_62_c2pnb176v1 687 -+#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L - --#define SN_X9_62_c2tnb191v2 "c2tnb191v2" --#define NID_X9_62_c2tnb191v2 689 --#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L -+#define SN_X9_62_c2tnb191v1 "c2tnb191v1" -+#define NID_X9_62_c2tnb191v1 688 -+#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L - --#define SN_X9_62_c2tnb191v3 "c2tnb191v3" --#define NID_X9_62_c2tnb191v3 690 --#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L -+#define SN_X9_62_c2tnb191v2 "c2tnb191v2" -+#define NID_X9_62_c2tnb191v2 689 -+#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L - --#define SN_X9_62_c2onb191v4 "c2onb191v4" --#define NID_X9_62_c2onb191v4 691 --#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L -+#define SN_X9_62_c2tnb191v3 "c2tnb191v3" -+#define NID_X9_62_c2tnb191v3 690 -+#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L - --#define SN_X9_62_c2onb191v5 "c2onb191v5" --#define NID_X9_62_c2onb191v5 692 --#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L -+#define SN_X9_62_c2onb191v4 "c2onb191v4" -+#define NID_X9_62_c2onb191v4 691 -+#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L - --#define SN_X9_62_c2pnb208w1 "c2pnb208w1" --#define NID_X9_62_c2pnb208w1 693 --#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L -+#define SN_X9_62_c2onb191v5 "c2onb191v5" -+#define NID_X9_62_c2onb191v5 692 -+#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L - --#define SN_X9_62_c2tnb239v1 "c2tnb239v1" --#define NID_X9_62_c2tnb239v1 694 --#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L -+#define SN_X9_62_c2pnb208w1 "c2pnb208w1" -+#define NID_X9_62_c2pnb208w1 693 -+#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L - --#define SN_X9_62_c2tnb239v2 "c2tnb239v2" --#define NID_X9_62_c2tnb239v2 695 --#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L -+#define SN_X9_62_c2tnb239v1 "c2tnb239v1" -+#define NID_X9_62_c2tnb239v1 694 -+#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L - --#define SN_X9_62_c2tnb239v3 "c2tnb239v3" --#define NID_X9_62_c2tnb239v3 696 --#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L -+#define SN_X9_62_c2tnb239v2 "c2tnb239v2" -+#define NID_X9_62_c2tnb239v2 695 -+#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L - --#define SN_X9_62_c2onb239v4 "c2onb239v4" --#define NID_X9_62_c2onb239v4 697 --#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L -+#define SN_X9_62_c2tnb239v3 "c2tnb239v3" -+#define NID_X9_62_c2tnb239v3 696 -+#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L - --#define SN_X9_62_c2onb239v5 "c2onb239v5" --#define NID_X9_62_c2onb239v5 698 --#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L -+#define SN_X9_62_c2onb239v4 "c2onb239v4" -+#define NID_X9_62_c2onb239v4 697 -+#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L - --#define SN_X9_62_c2pnb272w1 "c2pnb272w1" --#define NID_X9_62_c2pnb272w1 699 --#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L -+#define SN_X9_62_c2onb239v5 "c2onb239v5" -+#define NID_X9_62_c2onb239v5 698 -+#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L - --#define SN_X9_62_c2pnb304w1 "c2pnb304w1" --#define NID_X9_62_c2pnb304w1 700 --#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L -+#define SN_X9_62_c2pnb272w1 "c2pnb272w1" -+#define NID_X9_62_c2pnb272w1 699 -+#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L - --#define SN_X9_62_c2tnb359v1 "c2tnb359v1" --#define NID_X9_62_c2tnb359v1 701 --#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L -+#define SN_X9_62_c2pnb304w1 "c2pnb304w1" -+#define NID_X9_62_c2pnb304w1 700 -+#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L - --#define SN_X9_62_c2pnb368w1 "c2pnb368w1" --#define NID_X9_62_c2pnb368w1 702 --#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L -+#define SN_X9_62_c2tnb359v1 "c2tnb359v1" -+#define NID_X9_62_c2tnb359v1 701 -+#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L - --#define SN_X9_62_c2tnb431r1 "c2tnb431r1" --#define NID_X9_62_c2tnb431r1 703 --#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L -+#define SN_X9_62_c2pnb368w1 "c2pnb368w1" -+#define NID_X9_62_c2pnb368w1 702 -+#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L - --#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L -+#define SN_X9_62_c2tnb431r1 "c2tnb431r1" -+#define NID_X9_62_c2tnb431r1 703 -+#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L - --#define SN_X9_62_prime192v1 "prime192v1" --#define NID_X9_62_prime192v1 409 --#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L -+#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L - --#define SN_X9_62_prime192v2 "prime192v2" --#define NID_X9_62_prime192v2 410 --#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L -+#define SN_X9_62_prime192v1 "prime192v1" -+#define NID_X9_62_prime192v1 409 -+#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L - --#define SN_X9_62_prime192v3 "prime192v3" --#define NID_X9_62_prime192v3 411 --#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L -+#define SN_X9_62_prime192v2 "prime192v2" -+#define NID_X9_62_prime192v2 410 -+#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L - --#define SN_X9_62_prime239v1 "prime239v1" --#define NID_X9_62_prime239v1 412 --#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L -+#define SN_X9_62_prime192v3 "prime192v3" -+#define NID_X9_62_prime192v3 411 -+#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L - --#define SN_X9_62_prime239v2 "prime239v2" --#define NID_X9_62_prime239v2 413 --#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L -+#define SN_X9_62_prime239v1 "prime239v1" -+#define NID_X9_62_prime239v1 412 -+#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L - --#define SN_X9_62_prime239v3 "prime239v3" --#define NID_X9_62_prime239v3 414 --#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L -+#define SN_X9_62_prime239v2 "prime239v2" -+#define NID_X9_62_prime239v2 413 -+#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L - --#define SN_X9_62_prime256v1 "prime256v1" --#define NID_X9_62_prime256v1 415 --#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L -+#define SN_X9_62_prime239v3 "prime239v3" -+#define NID_X9_62_prime239v3 414 -+#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L - --#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L -+#define SN_X9_62_prime256v1 "prime256v1" -+#define NID_X9_62_prime256v1 415 -+#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L - --#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" --#define NID_ecdsa_with_SHA1 416 --#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L -+#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L - --#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" --#define NID_ecdsa_with_Recommended 791 --#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L -+#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" -+#define NID_ecdsa_with_SHA1 416 -+#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L - --#define SN_ecdsa_with_Specified "ecdsa-with-Specified" --#define NID_ecdsa_with_Specified 792 --#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L -+#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" -+#define NID_ecdsa_with_Recommended 791 -+#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L - --#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" --#define NID_ecdsa_with_SHA224 793 --#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L -+#define SN_ecdsa_with_Specified "ecdsa-with-Specified" -+#define NID_ecdsa_with_Specified 792 -+#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L - --#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" --#define NID_ecdsa_with_SHA256 794 --#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L -+#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" -+#define NID_ecdsa_with_SHA224 793 -+#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L - --#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" --#define NID_ecdsa_with_SHA384 795 --#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L -+#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" -+#define NID_ecdsa_with_SHA256 794 -+#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L - --#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" --#define NID_ecdsa_with_SHA512 796 --#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L -+#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" -+#define NID_ecdsa_with_SHA384 795 -+#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L - --#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L -+#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" -+#define NID_ecdsa_with_SHA512 796 -+#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L - --#define SN_secp112r1 "secp112r1" --#define NID_secp112r1 704 --#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L -+#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L - --#define SN_secp112r2 "secp112r2" --#define NID_secp112r2 705 --#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L -+#define SN_secp112r1 "secp112r1" -+#define NID_secp112r1 704 -+#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L - --#define SN_secp128r1 "secp128r1" --#define NID_secp128r1 706 --#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L -+#define SN_secp112r2 "secp112r2" -+#define NID_secp112r2 705 -+#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L - --#define SN_secp128r2 "secp128r2" --#define NID_secp128r2 707 --#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L -+#define SN_secp128r1 "secp128r1" -+#define NID_secp128r1 706 -+#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L - --#define SN_secp160k1 "secp160k1" --#define NID_secp160k1 708 --#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L -+#define SN_secp128r2 "secp128r2" -+#define NID_secp128r2 707 -+#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L - --#define SN_secp160r1 "secp160r1" --#define NID_secp160r1 709 --#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L -+#define SN_secp160k1 "secp160k1" -+#define NID_secp160k1 708 -+#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L - --#define SN_secp160r2 "secp160r2" --#define NID_secp160r2 710 --#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L -+#define SN_secp160r1 "secp160r1" -+#define NID_secp160r1 709 -+#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L - --#define SN_secp192k1 "secp192k1" --#define NID_secp192k1 711 --#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L -+#define SN_secp160r2 "secp160r2" -+#define NID_secp160r2 710 -+#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L - --#define SN_secp224k1 "secp224k1" --#define NID_secp224k1 712 --#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L -+#define SN_secp192k1 "secp192k1" -+#define NID_secp192k1 711 -+#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L - --#define SN_secp224r1 "secp224r1" --#define NID_secp224r1 713 --#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L -+#define SN_secp224k1 "secp224k1" -+#define NID_secp224k1 712 -+#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L - --#define SN_secp256k1 "secp256k1" --#define NID_secp256k1 714 --#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L -+#define SN_secp224r1 "secp224r1" -+#define NID_secp224r1 713 -+#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L - --#define SN_secp384r1 "secp384r1" --#define NID_secp384r1 715 --#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L -+#define SN_secp256k1 "secp256k1" -+#define NID_secp256k1 714 -+#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L - --#define SN_secp521r1 "secp521r1" --#define NID_secp521r1 716 --#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L -+#define SN_secp384r1 "secp384r1" -+#define NID_secp384r1 715 -+#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L - --#define SN_sect113r1 "sect113r1" --#define NID_sect113r1 717 --#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L -+#define SN_secp521r1 "secp521r1" -+#define NID_secp521r1 716 -+#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L - --#define SN_sect113r2 "sect113r2" --#define NID_sect113r2 718 --#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L -+#define SN_sect113r1 "sect113r1" -+#define NID_sect113r1 717 -+#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L - --#define SN_sect131r1 "sect131r1" --#define NID_sect131r1 719 --#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L -+#define SN_sect113r2 "sect113r2" -+#define NID_sect113r2 718 -+#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L - --#define SN_sect131r2 "sect131r2" --#define NID_sect131r2 720 --#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L -+#define SN_sect131r1 "sect131r1" -+#define NID_sect131r1 719 -+#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L - --#define SN_sect163k1 "sect163k1" --#define NID_sect163k1 721 --#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L -+#define SN_sect131r2 "sect131r2" -+#define NID_sect131r2 720 -+#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L - --#define SN_sect163r1 "sect163r1" --#define NID_sect163r1 722 --#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L -+#define SN_sect163k1 "sect163k1" -+#define NID_sect163k1 721 -+#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L - --#define SN_sect163r2 "sect163r2" --#define NID_sect163r2 723 --#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L -+#define SN_sect163r1 "sect163r1" -+#define NID_sect163r1 722 -+#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L - --#define SN_sect193r1 "sect193r1" --#define NID_sect193r1 724 --#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L -+#define SN_sect163r2 "sect163r2" -+#define NID_sect163r2 723 -+#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L - --#define SN_sect193r2 "sect193r2" --#define NID_sect193r2 725 --#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L -+#define SN_sect193r1 "sect193r1" -+#define NID_sect193r1 724 -+#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L - --#define SN_sect233k1 "sect233k1" --#define NID_sect233k1 726 --#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L -+#define SN_sect193r2 "sect193r2" -+#define NID_sect193r2 725 -+#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L - --#define SN_sect233r1 "sect233r1" --#define NID_sect233r1 727 --#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L -+#define SN_sect233k1 "sect233k1" -+#define NID_sect233k1 726 -+#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L - --#define SN_sect239k1 "sect239k1" --#define NID_sect239k1 728 --#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L -+#define SN_sect233r1 "sect233r1" -+#define NID_sect233r1 727 -+#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L - --#define SN_sect283k1 "sect283k1" --#define NID_sect283k1 729 --#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L -+#define SN_sect239k1 "sect239k1" -+#define NID_sect239k1 728 -+#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L - --#define SN_sect283r1 "sect283r1" --#define NID_sect283r1 730 --#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L -+#define SN_sect283k1 "sect283k1" -+#define NID_sect283k1 729 -+#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L - --#define SN_sect409k1 "sect409k1" --#define NID_sect409k1 731 --#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L -+#define SN_sect283r1 "sect283r1" -+#define NID_sect283r1 730 -+#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L - --#define SN_sect409r1 "sect409r1" --#define NID_sect409r1 732 --#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L -+#define SN_sect409k1 "sect409k1" -+#define NID_sect409k1 731 -+#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L - --#define SN_sect571k1 "sect571k1" --#define NID_sect571k1 733 --#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L -+#define SN_sect409r1 "sect409r1" -+#define NID_sect409r1 732 -+#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L - --#define SN_sect571r1 "sect571r1" --#define NID_sect571r1 734 --#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L -+#define SN_sect571k1 "sect571k1" -+#define NID_sect571k1 733 -+#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L - --#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L -- --#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" --#define NID_wap_wsg_idm_ecid_wtls1 735 --#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L -- --#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" --#define NID_wap_wsg_idm_ecid_wtls3 736 --#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L -- --#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" --#define NID_wap_wsg_idm_ecid_wtls4 737 --#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L -- --#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" --#define NID_wap_wsg_idm_ecid_wtls5 738 --#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L -- --#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" --#define NID_wap_wsg_idm_ecid_wtls6 739 --#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L -- --#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" --#define NID_wap_wsg_idm_ecid_wtls7 740 --#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L -- --#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" --#define NID_wap_wsg_idm_ecid_wtls8 741 --#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L -- --#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" --#define NID_wap_wsg_idm_ecid_wtls9 742 --#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L -- --#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" --#define NID_wap_wsg_idm_ecid_wtls10 743 --#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L -- --#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" --#define NID_wap_wsg_idm_ecid_wtls11 744 --#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L -- --#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" --#define NID_wap_wsg_idm_ecid_wtls12 745 --#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L -- --#define SN_cast5_cbc "CAST5-CBC" --#define LN_cast5_cbc "cast5-cbc" --#define NID_cast5_cbc 108 --#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L -- --#define SN_cast5_ecb "CAST5-ECB" --#define LN_cast5_ecb "cast5-ecb" --#define NID_cast5_ecb 109 -- --#define SN_cast5_cfb64 "CAST5-CFB" --#define LN_cast5_cfb64 "cast5-cfb" --#define NID_cast5_cfb64 110 -- --#define SN_cast5_ofb64 "CAST5-OFB" --#define LN_cast5_ofb64 "cast5-ofb" --#define NID_cast5_ofb64 111 -- --#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" --#define NID_pbeWithMD5AndCast5_CBC 112 --#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L -- --#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" --#define LN_id_PasswordBasedMAC "password based MAC" --#define NID_id_PasswordBasedMAC 782 --#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L -- --#define SN_id_DHBasedMac "id-DHBasedMac" --#define LN_id_DHBasedMac "Diffie-Hellman based MAC" --#define NID_id_DHBasedMac 783 --#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L -- --#define SN_rsadsi "rsadsi" --#define LN_rsadsi "RSA Data Security, Inc." --#define NID_rsadsi 1 --#define OBJ_rsadsi OBJ_ISO_US,113549L -- --#define SN_pkcs "pkcs" --#define LN_pkcs "RSA Data Security, Inc. PKCS" --#define NID_pkcs 2 --#define OBJ_pkcs OBJ_rsadsi,1L -- --#define SN_pkcs1 "pkcs1" --#define NID_pkcs1 186 --#define OBJ_pkcs1 OBJ_pkcs,1L -- --#define LN_rsaEncryption "rsaEncryption" --#define NID_rsaEncryption 6 --#define OBJ_rsaEncryption OBJ_pkcs1,1L -- --#define SN_md2WithRSAEncryption "RSA-MD2" --#define LN_md2WithRSAEncryption "md2WithRSAEncryption" --#define NID_md2WithRSAEncryption 7 --#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L -- --#define SN_md4WithRSAEncryption "RSA-MD4" --#define LN_md4WithRSAEncryption "md4WithRSAEncryption" --#define NID_md4WithRSAEncryption 396 --#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L -- --#define SN_md5WithRSAEncryption "RSA-MD5" --#define LN_md5WithRSAEncryption "md5WithRSAEncryption" --#define NID_md5WithRSAEncryption 8 --#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L -- --#define SN_sha1WithRSAEncryption "RSA-SHA1" --#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" --#define NID_sha1WithRSAEncryption 65 --#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L -- --#define SN_sha256WithRSAEncryption "RSA-SHA256" --#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" --#define NID_sha256WithRSAEncryption 668 --#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L -- --#define SN_sha384WithRSAEncryption "RSA-SHA384" --#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" --#define NID_sha384WithRSAEncryption 669 --#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L -- --#define SN_sha512WithRSAEncryption "RSA-SHA512" --#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" --#define NID_sha512WithRSAEncryption 670 --#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L -- --#define SN_sha224WithRSAEncryption "RSA-SHA224" --#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" --#define NID_sha224WithRSAEncryption 671 --#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L -- --#define SN_pkcs3 "pkcs3" --#define NID_pkcs3 27 --#define OBJ_pkcs3 OBJ_pkcs,3L -- --#define LN_dhKeyAgreement "dhKeyAgreement" --#define NID_dhKeyAgreement 28 --#define OBJ_dhKeyAgreement OBJ_pkcs3,1L -- --#define SN_pkcs5 "pkcs5" --#define NID_pkcs5 187 --#define OBJ_pkcs5 OBJ_pkcs,5L -- --#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" --#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" --#define NID_pbeWithMD2AndDES_CBC 9 --#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L -- --#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" --#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" --#define NID_pbeWithMD5AndDES_CBC 10 --#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L -- --#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" --#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" --#define NID_pbeWithMD2AndRC2_CBC 168 --#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L -- --#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" --#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" --#define NID_pbeWithMD5AndRC2_CBC 169 --#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L -- --#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" --#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" --#define NID_pbeWithSHA1AndDES_CBC 170 --#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L -- --#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" --#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" --#define NID_pbeWithSHA1AndRC2_CBC 68 --#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L -- --#define LN_id_pbkdf2 "PBKDF2" --#define NID_id_pbkdf2 69 --#define OBJ_id_pbkdf2 OBJ_pkcs5,12L -- --#define LN_pbes2 "PBES2" --#define NID_pbes2 161 --#define OBJ_pbes2 OBJ_pkcs5,13L -- --#define LN_pbmac1 "PBMAC1" --#define NID_pbmac1 162 --#define OBJ_pbmac1 OBJ_pkcs5,14L -- --#define SN_pkcs7 "pkcs7" --#define NID_pkcs7 20 --#define OBJ_pkcs7 OBJ_pkcs,7L -- --#define LN_pkcs7_data "pkcs7-data" --#define NID_pkcs7_data 21 --#define OBJ_pkcs7_data OBJ_pkcs7,1L -- --#define LN_pkcs7_signed "pkcs7-signedData" --#define NID_pkcs7_signed 22 --#define OBJ_pkcs7_signed OBJ_pkcs7,2L -- --#define LN_pkcs7_enveloped "pkcs7-envelopedData" --#define NID_pkcs7_enveloped 23 --#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L -- --#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" --#define NID_pkcs7_signedAndEnveloped 24 --#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L -- --#define LN_pkcs7_digest "pkcs7-digestData" --#define NID_pkcs7_digest 25 --#define OBJ_pkcs7_digest OBJ_pkcs7,5L -- --#define LN_pkcs7_encrypted "pkcs7-encryptedData" --#define NID_pkcs7_encrypted 26 --#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L -- --#define SN_pkcs9 "pkcs9" --#define NID_pkcs9 47 --#define OBJ_pkcs9 OBJ_pkcs,9L -- --#define LN_pkcs9_emailAddress "emailAddress" --#define NID_pkcs9_emailAddress 48 --#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L -- --#define LN_pkcs9_unstructuredName "unstructuredName" --#define NID_pkcs9_unstructuredName 49 --#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L -- --#define LN_pkcs9_contentType "contentType" --#define NID_pkcs9_contentType 50 --#define OBJ_pkcs9_contentType OBJ_pkcs9,3L -- --#define LN_pkcs9_messageDigest "messageDigest" --#define NID_pkcs9_messageDigest 51 --#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L -- --#define LN_pkcs9_signingTime "signingTime" --#define NID_pkcs9_signingTime 52 --#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L -- --#define LN_pkcs9_countersignature "countersignature" --#define NID_pkcs9_countersignature 53 --#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L -- --#define LN_pkcs9_challengePassword "challengePassword" --#define NID_pkcs9_challengePassword 54 --#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L -- --#define LN_pkcs9_unstructuredAddress "unstructuredAddress" --#define NID_pkcs9_unstructuredAddress 55 --#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L -- --#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" --#define NID_pkcs9_extCertAttributes 56 --#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L -- --#define SN_ext_req "extReq" --#define LN_ext_req "Extension Request" --#define NID_ext_req 172 --#define OBJ_ext_req OBJ_pkcs9,14L -- --#define SN_SMIMECapabilities "SMIME-CAPS" --#define LN_SMIMECapabilities "S/MIME Capabilities" --#define NID_SMIMECapabilities 167 --#define OBJ_SMIMECapabilities OBJ_pkcs9,15L -- --#define SN_SMIME "SMIME" --#define LN_SMIME "S/MIME" --#define NID_SMIME 188 --#define OBJ_SMIME OBJ_pkcs9,16L -+#define SN_sect571r1 "sect571r1" -+#define NID_sect571r1 734 -+#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L - --#define SN_id_smime_mod "id-smime-mod" --#define NID_id_smime_mod 189 --#define OBJ_id_smime_mod OBJ_SMIME,0L -+#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L -+ -+#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" -+#define NID_wap_wsg_idm_ecid_wtls1 735 -+#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L -+ -+#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" -+#define NID_wap_wsg_idm_ecid_wtls3 736 -+#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L -+ -+#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" -+#define NID_wap_wsg_idm_ecid_wtls4 737 -+#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L -+ -+#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" -+#define NID_wap_wsg_idm_ecid_wtls5 738 -+#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L -+ -+#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" -+#define NID_wap_wsg_idm_ecid_wtls6 739 -+#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L -+ -+#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" -+#define NID_wap_wsg_idm_ecid_wtls7 740 -+#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L -+ -+#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" -+#define NID_wap_wsg_idm_ecid_wtls8 741 -+#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L -+ -+#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" -+#define NID_wap_wsg_idm_ecid_wtls9 742 -+#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L -+ -+#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" -+#define NID_wap_wsg_idm_ecid_wtls10 743 -+#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L -+ -+#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" -+#define NID_wap_wsg_idm_ecid_wtls11 744 -+#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L -+ -+#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" -+#define NID_wap_wsg_idm_ecid_wtls12 745 -+#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L -+ -+#define SN_cast5_cbc "CAST5-CBC" -+#define LN_cast5_cbc "cast5-cbc" -+#define NID_cast5_cbc 108 -+#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L -+ -+#define SN_cast5_ecb "CAST5-ECB" -+#define LN_cast5_ecb "cast5-ecb" -+#define NID_cast5_ecb 109 -+ -+#define SN_cast5_cfb64 "CAST5-CFB" -+#define LN_cast5_cfb64 "cast5-cfb" -+#define NID_cast5_cfb64 110 -+ -+#define SN_cast5_ofb64 "CAST5-OFB" -+#define LN_cast5_ofb64 "cast5-ofb" -+#define NID_cast5_ofb64 111 -+ -+#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" -+#define NID_pbeWithMD5AndCast5_CBC 112 -+#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L -+ -+#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" -+#define LN_id_PasswordBasedMAC "password based MAC" -+#define NID_id_PasswordBasedMAC 782 -+#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L -+ -+#define SN_id_DHBasedMac "id-DHBasedMac" -+#define LN_id_DHBasedMac "Diffie-Hellman based MAC" -+#define NID_id_DHBasedMac 783 -+#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L -+ -+#define SN_rsadsi "rsadsi" -+#define LN_rsadsi "RSA Data Security, Inc." -+#define NID_rsadsi 1 -+#define OBJ_rsadsi OBJ_ISO_US,113549L -+ -+#define SN_pkcs "pkcs" -+#define LN_pkcs "RSA Data Security, Inc. PKCS" -+#define NID_pkcs 2 -+#define OBJ_pkcs OBJ_rsadsi,1L -+ -+#define SN_pkcs1 "pkcs1" -+#define NID_pkcs1 186 -+#define OBJ_pkcs1 OBJ_pkcs,1L -+ -+#define LN_rsaEncryption "rsaEncryption" -+#define NID_rsaEncryption 6 -+#define OBJ_rsaEncryption OBJ_pkcs1,1L -+ -+#define SN_md2WithRSAEncryption "RSA-MD2" -+#define LN_md2WithRSAEncryption "md2WithRSAEncryption" -+#define NID_md2WithRSAEncryption 7 -+#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L -+ -+#define SN_md4WithRSAEncryption "RSA-MD4" -+#define LN_md4WithRSAEncryption "md4WithRSAEncryption" -+#define NID_md4WithRSAEncryption 396 -+#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L -+ -+#define SN_md5WithRSAEncryption "RSA-MD5" -+#define LN_md5WithRSAEncryption "md5WithRSAEncryption" -+#define NID_md5WithRSAEncryption 8 -+#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L -+ -+#define SN_sha1WithRSAEncryption "RSA-SHA1" -+#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" -+#define NID_sha1WithRSAEncryption 65 -+#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L -+ -+#define SN_sha256WithRSAEncryption "RSA-SHA256" -+#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" -+#define NID_sha256WithRSAEncryption 668 -+#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L -+ -+#define SN_sha384WithRSAEncryption "RSA-SHA384" -+#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" -+#define NID_sha384WithRSAEncryption 669 -+#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L -+ -+#define SN_sha512WithRSAEncryption "RSA-SHA512" -+#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" -+#define NID_sha512WithRSAEncryption 670 -+#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L -+ -+#define SN_sha224WithRSAEncryption "RSA-SHA224" -+#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" -+#define NID_sha224WithRSAEncryption 671 -+#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L -+ -+#define SN_pkcs3 "pkcs3" -+#define NID_pkcs3 27 -+#define OBJ_pkcs3 OBJ_pkcs,3L -+ -+#define LN_dhKeyAgreement "dhKeyAgreement" -+#define NID_dhKeyAgreement 28 -+#define OBJ_dhKeyAgreement OBJ_pkcs3,1L -+ -+#define SN_pkcs5 "pkcs5" -+#define NID_pkcs5 187 -+#define OBJ_pkcs5 OBJ_pkcs,5L -+ -+#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" -+#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" -+#define NID_pbeWithMD2AndDES_CBC 9 -+#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L -+ -+#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" -+#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" -+#define NID_pbeWithMD5AndDES_CBC 10 -+#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L -+ -+#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" -+#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" -+#define NID_pbeWithMD2AndRC2_CBC 168 -+#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L -+ -+#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" -+#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" -+#define NID_pbeWithMD5AndRC2_CBC 169 -+#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L -+ -+#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" -+#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" -+#define NID_pbeWithSHA1AndDES_CBC 170 -+#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L -+ -+#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" -+#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" -+#define NID_pbeWithSHA1AndRC2_CBC 68 -+#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L -+ -+#define LN_id_pbkdf2 "PBKDF2" -+#define NID_id_pbkdf2 69 -+#define OBJ_id_pbkdf2 OBJ_pkcs5,12L -+ -+#define LN_pbes2 "PBES2" -+#define NID_pbes2 161 -+#define OBJ_pbes2 OBJ_pkcs5,13L -+ -+#define LN_pbmac1 "PBMAC1" -+#define NID_pbmac1 162 -+#define OBJ_pbmac1 OBJ_pkcs5,14L -+ -+#define SN_pkcs7 "pkcs7" -+#define NID_pkcs7 20 -+#define OBJ_pkcs7 OBJ_pkcs,7L -+ -+#define LN_pkcs7_data "pkcs7-data" -+#define NID_pkcs7_data 21 -+#define OBJ_pkcs7_data OBJ_pkcs7,1L -+ -+#define LN_pkcs7_signed "pkcs7-signedData" -+#define NID_pkcs7_signed 22 -+#define OBJ_pkcs7_signed OBJ_pkcs7,2L -+ -+#define LN_pkcs7_enveloped "pkcs7-envelopedData" -+#define NID_pkcs7_enveloped 23 -+#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L -+ -+#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" -+#define NID_pkcs7_signedAndEnveloped 24 -+#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L -+ -+#define LN_pkcs7_digest "pkcs7-digestData" -+#define NID_pkcs7_digest 25 -+#define OBJ_pkcs7_digest OBJ_pkcs7,5L -+ -+#define LN_pkcs7_encrypted "pkcs7-encryptedData" -+#define NID_pkcs7_encrypted 26 -+#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L -+ -+#define SN_pkcs9 "pkcs9" -+#define NID_pkcs9 47 -+#define OBJ_pkcs9 OBJ_pkcs,9L -+ -+#define LN_pkcs9_emailAddress "emailAddress" -+#define NID_pkcs9_emailAddress 48 -+#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L -+ -+#define LN_pkcs9_unstructuredName "unstructuredName" -+#define NID_pkcs9_unstructuredName 49 -+#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L -+ -+#define LN_pkcs9_contentType "contentType" -+#define NID_pkcs9_contentType 50 -+#define OBJ_pkcs9_contentType OBJ_pkcs9,3L -+ -+#define LN_pkcs9_messageDigest "messageDigest" -+#define NID_pkcs9_messageDigest 51 -+#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L -+ -+#define LN_pkcs9_signingTime "signingTime" -+#define NID_pkcs9_signingTime 52 -+#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L -+ -+#define LN_pkcs9_countersignature "countersignature" -+#define NID_pkcs9_countersignature 53 -+#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L -+ -+#define LN_pkcs9_challengePassword "challengePassword" -+#define NID_pkcs9_challengePassword 54 -+#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L -+ -+#define LN_pkcs9_unstructuredAddress "unstructuredAddress" -+#define NID_pkcs9_unstructuredAddress 55 -+#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L -+ -+#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" -+#define NID_pkcs9_extCertAttributes 56 -+#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L -+ -+#define SN_ext_req "extReq" -+#define LN_ext_req "Extension Request" -+#define NID_ext_req 172 -+#define OBJ_ext_req OBJ_pkcs9,14L -+ -+#define SN_SMIMECapabilities "SMIME-CAPS" -+#define LN_SMIMECapabilities "S/MIME Capabilities" -+#define NID_SMIMECapabilities 167 -+#define OBJ_SMIMECapabilities OBJ_pkcs9,15L -+ -+#define SN_SMIME "SMIME" -+#define LN_SMIME "S/MIME" -+#define NID_SMIME 188 -+#define OBJ_SMIME OBJ_pkcs9,16L - --#define SN_id_smime_ct "id-smime-ct" --#define NID_id_smime_ct 190 --#define OBJ_id_smime_ct OBJ_SMIME,1L -+#define SN_id_smime_mod "id-smime-mod" -+#define NID_id_smime_mod 189 -+#define OBJ_id_smime_mod OBJ_SMIME,0L - --#define SN_id_smime_aa "id-smime-aa" --#define NID_id_smime_aa 191 --#define OBJ_id_smime_aa OBJ_SMIME,2L -+#define SN_id_smime_ct "id-smime-ct" -+#define NID_id_smime_ct 190 -+#define OBJ_id_smime_ct OBJ_SMIME,1L - --#define SN_id_smime_alg "id-smime-alg" --#define NID_id_smime_alg 192 --#define OBJ_id_smime_alg OBJ_SMIME,3L -+#define SN_id_smime_aa "id-smime-aa" -+#define NID_id_smime_aa 191 -+#define OBJ_id_smime_aa OBJ_SMIME,2L - --#define SN_id_smime_cd "id-smime-cd" --#define NID_id_smime_cd 193 --#define OBJ_id_smime_cd OBJ_SMIME,4L -+#define SN_id_smime_alg "id-smime-alg" -+#define NID_id_smime_alg 192 -+#define OBJ_id_smime_alg OBJ_SMIME,3L - --#define SN_id_smime_spq "id-smime-spq" --#define NID_id_smime_spq 194 --#define OBJ_id_smime_spq OBJ_SMIME,5L -+#define SN_id_smime_cd "id-smime-cd" -+#define NID_id_smime_cd 193 -+#define OBJ_id_smime_cd OBJ_SMIME,4L - --#define SN_id_smime_cti "id-smime-cti" --#define NID_id_smime_cti 195 --#define OBJ_id_smime_cti OBJ_SMIME,6L -+#define SN_id_smime_spq "id-smime-spq" -+#define NID_id_smime_spq 194 -+#define OBJ_id_smime_spq OBJ_SMIME,5L - --#define SN_id_smime_mod_cms "id-smime-mod-cms" --#define NID_id_smime_mod_cms 196 --#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L -+#define SN_id_smime_cti "id-smime-cti" -+#define NID_id_smime_cti 195 -+#define OBJ_id_smime_cti OBJ_SMIME,6L - --#define SN_id_smime_mod_ess "id-smime-mod-ess" --#define NID_id_smime_mod_ess 197 --#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L -+#define SN_id_smime_mod_cms "id-smime-mod-cms" -+#define NID_id_smime_mod_cms 196 -+#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L - --#define SN_id_smime_mod_oid "id-smime-mod-oid" --#define NID_id_smime_mod_oid 198 --#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L -+#define SN_id_smime_mod_ess "id-smime-mod-ess" -+#define NID_id_smime_mod_ess 197 -+#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L - --#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" --#define NID_id_smime_mod_msg_v3 199 --#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L -+#define SN_id_smime_mod_oid "id-smime-mod-oid" -+#define NID_id_smime_mod_oid 198 -+#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L - --#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" --#define NID_id_smime_mod_ets_eSignature_88 200 --#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L -+#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" -+#define NID_id_smime_mod_msg_v3 199 -+#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L - --#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" --#define NID_id_smime_mod_ets_eSignature_97 201 --#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L -+#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" -+#define NID_id_smime_mod_ets_eSignature_88 200 -+#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L - --#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" --#define NID_id_smime_mod_ets_eSigPolicy_88 202 --#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L -+#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" -+#define NID_id_smime_mod_ets_eSignature_97 201 -+#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L - --#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" --#define NID_id_smime_mod_ets_eSigPolicy_97 203 --#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L -+#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" -+#define NID_id_smime_mod_ets_eSigPolicy_88 202 -+#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L - --#define SN_id_smime_ct_receipt "id-smime-ct-receipt" --#define NID_id_smime_ct_receipt 204 --#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L -+#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" -+#define NID_id_smime_mod_ets_eSigPolicy_97 203 -+#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L - --#define SN_id_smime_ct_authData "id-smime-ct-authData" --#define NID_id_smime_ct_authData 205 --#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L -+#define SN_id_smime_ct_receipt "id-smime-ct-receipt" -+#define NID_id_smime_ct_receipt 204 -+#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L - --#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" --#define NID_id_smime_ct_publishCert 206 --#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L -+#define SN_id_smime_ct_authData "id-smime-ct-authData" -+#define NID_id_smime_ct_authData 205 -+#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L - --#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" --#define NID_id_smime_ct_TSTInfo 207 --#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L -+#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" -+#define NID_id_smime_ct_publishCert 206 -+#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L - --#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" --#define NID_id_smime_ct_TDTInfo 208 --#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L -+#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" -+#define NID_id_smime_ct_TSTInfo 207 -+#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L - --#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" --#define NID_id_smime_ct_contentInfo 209 --#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L -+#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" -+#define NID_id_smime_ct_TDTInfo 208 -+#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L - --#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" --#define NID_id_smime_ct_DVCSRequestData 210 --#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L -+#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" -+#define NID_id_smime_ct_contentInfo 209 -+#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L - --#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" --#define NID_id_smime_ct_DVCSResponseData 211 --#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L -+#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" -+#define NID_id_smime_ct_DVCSRequestData 210 -+#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L - --#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" --#define NID_id_smime_ct_compressedData 786 --#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L -+#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" -+#define NID_id_smime_ct_DVCSResponseData 211 -+#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L - --#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" --#define NID_id_ct_asciiTextWithCRLF 787 --#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L -+#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" -+#define NID_id_smime_ct_compressedData 786 -+#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L - --#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" --#define NID_id_smime_aa_receiptRequest 212 --#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L -+#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" -+#define NID_id_ct_asciiTextWithCRLF 787 -+#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L - --#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" --#define NID_id_smime_aa_securityLabel 213 --#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L -+#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" -+#define NID_id_smime_aa_receiptRequest 212 -+#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L - --#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" --#define NID_id_smime_aa_mlExpandHistory 214 --#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L -+#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" -+#define NID_id_smime_aa_securityLabel 213 -+#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L - --#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" --#define NID_id_smime_aa_contentHint 215 --#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L -+#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" -+#define NID_id_smime_aa_mlExpandHistory 214 -+#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L - --#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" --#define NID_id_smime_aa_msgSigDigest 216 --#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L -+#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" -+#define NID_id_smime_aa_contentHint 215 -+#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L - --#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" --#define NID_id_smime_aa_encapContentType 217 --#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L -+#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" -+#define NID_id_smime_aa_msgSigDigest 216 -+#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L - --#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" --#define NID_id_smime_aa_contentIdentifier 218 --#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L -+#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" -+#define NID_id_smime_aa_encapContentType 217 -+#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L - --#define SN_id_smime_aa_macValue "id-smime-aa-macValue" --#define NID_id_smime_aa_macValue 219 --#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L -+#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" -+#define NID_id_smime_aa_contentIdentifier 218 -+#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L - --#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" --#define NID_id_smime_aa_equivalentLabels 220 --#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L -+#define SN_id_smime_aa_macValue "id-smime-aa-macValue" -+#define NID_id_smime_aa_macValue 219 -+#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L - --#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" --#define NID_id_smime_aa_contentReference 221 --#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L -+#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" -+#define NID_id_smime_aa_equivalentLabels 220 -+#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L - --#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" --#define NID_id_smime_aa_encrypKeyPref 222 --#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L -+#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" -+#define NID_id_smime_aa_contentReference 221 -+#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L - --#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" --#define NID_id_smime_aa_signingCertificate 223 --#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L -+#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" -+#define NID_id_smime_aa_encrypKeyPref 222 -+#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L - --#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" --#define NID_id_smime_aa_smimeEncryptCerts 224 --#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L -+#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" -+#define NID_id_smime_aa_signingCertificate 223 -+#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L - --#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" --#define NID_id_smime_aa_timeStampToken 225 --#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L -+#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" -+#define NID_id_smime_aa_smimeEncryptCerts 224 -+#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L - --#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" --#define NID_id_smime_aa_ets_sigPolicyId 226 --#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L -+#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" -+#define NID_id_smime_aa_timeStampToken 225 -+#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L - --#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" --#define NID_id_smime_aa_ets_commitmentType 227 --#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L -+#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" -+#define NID_id_smime_aa_ets_sigPolicyId 226 -+#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L - --#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" --#define NID_id_smime_aa_ets_signerLocation 228 --#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L -+#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" -+#define NID_id_smime_aa_ets_commitmentType 227 -+#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L - --#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" --#define NID_id_smime_aa_ets_signerAttr 229 --#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L -+#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" -+#define NID_id_smime_aa_ets_signerLocation 228 -+#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L - --#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" --#define NID_id_smime_aa_ets_otherSigCert 230 --#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L -+#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" -+#define NID_id_smime_aa_ets_signerAttr 229 -+#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L - --#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" --#define NID_id_smime_aa_ets_contentTimestamp 231 --#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L -+#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" -+#define NID_id_smime_aa_ets_otherSigCert 230 -+#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L - --#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" --#define NID_id_smime_aa_ets_CertificateRefs 232 --#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L -+#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" -+#define NID_id_smime_aa_ets_contentTimestamp 231 -+#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L - --#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" --#define NID_id_smime_aa_ets_RevocationRefs 233 --#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L -+#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" -+#define NID_id_smime_aa_ets_CertificateRefs 232 -+#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L - --#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" --#define NID_id_smime_aa_ets_certValues 234 --#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L -+#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" -+#define NID_id_smime_aa_ets_RevocationRefs 233 -+#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L - --#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" --#define NID_id_smime_aa_ets_revocationValues 235 --#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L -+#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" -+#define NID_id_smime_aa_ets_certValues 234 -+#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L - --#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" --#define NID_id_smime_aa_ets_escTimeStamp 236 --#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L -+#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" -+#define NID_id_smime_aa_ets_revocationValues 235 -+#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L - --#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" --#define NID_id_smime_aa_ets_certCRLTimestamp 237 --#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L -+#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" -+#define NID_id_smime_aa_ets_escTimeStamp 236 -+#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L - --#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" --#define NID_id_smime_aa_ets_archiveTimeStamp 238 --#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L -+#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" -+#define NID_id_smime_aa_ets_certCRLTimestamp 237 -+#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L - --#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" --#define NID_id_smime_aa_signatureType 239 --#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L -+#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" -+#define NID_id_smime_aa_ets_archiveTimeStamp 238 -+#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L - --#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" --#define NID_id_smime_aa_dvcs_dvc 240 --#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L -+#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" -+#define NID_id_smime_aa_signatureType 239 -+#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L - --#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" --#define NID_id_smime_alg_ESDHwith3DES 241 --#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L -+#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" -+#define NID_id_smime_aa_dvcs_dvc 240 -+#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L - --#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" --#define NID_id_smime_alg_ESDHwithRC2 242 --#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L -+#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" -+#define NID_id_smime_alg_ESDHwith3DES 241 -+#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L - --#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" --#define NID_id_smime_alg_3DESwrap 243 --#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L -+#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" -+#define NID_id_smime_alg_ESDHwithRC2 242 -+#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L - --#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" --#define NID_id_smime_alg_RC2wrap 244 --#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L -+#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" -+#define NID_id_smime_alg_3DESwrap 243 -+#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L - --#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" --#define NID_id_smime_alg_ESDH 245 --#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L -+#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" -+#define NID_id_smime_alg_RC2wrap 244 -+#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L - --#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" --#define NID_id_smime_alg_CMS3DESwrap 246 --#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L -+#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" -+#define NID_id_smime_alg_ESDH 245 -+#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L - --#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" --#define NID_id_smime_alg_CMSRC2wrap 247 --#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L -+#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" -+#define NID_id_smime_alg_CMS3DESwrap 246 -+#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L - --#define SN_id_smime_cd_ldap "id-smime-cd-ldap" --#define NID_id_smime_cd_ldap 248 --#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L -+#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" -+#define NID_id_smime_alg_CMSRC2wrap 247 -+#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L - --#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" --#define NID_id_smime_spq_ets_sqt_uri 249 --#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L -+#define SN_id_smime_cd_ldap "id-smime-cd-ldap" -+#define NID_id_smime_cd_ldap 248 -+#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L - --#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" --#define NID_id_smime_spq_ets_sqt_unotice 250 --#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L -+#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" -+#define NID_id_smime_spq_ets_sqt_uri 249 -+#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L - --#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" --#define NID_id_smime_cti_ets_proofOfOrigin 251 --#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L -+#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" -+#define NID_id_smime_spq_ets_sqt_unotice 250 -+#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L - --#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" --#define NID_id_smime_cti_ets_proofOfReceipt 252 --#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L -+#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" -+#define NID_id_smime_cti_ets_proofOfOrigin 251 -+#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L - --#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" --#define NID_id_smime_cti_ets_proofOfDelivery 253 --#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L -+#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" -+#define NID_id_smime_cti_ets_proofOfReceipt 252 -+#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L - --#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" --#define NID_id_smime_cti_ets_proofOfSender 254 --#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L -+#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" -+#define NID_id_smime_cti_ets_proofOfDelivery 253 -+#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L - --#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" --#define NID_id_smime_cti_ets_proofOfApproval 255 --#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L -+#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" -+#define NID_id_smime_cti_ets_proofOfSender 254 -+#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L - --#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" --#define NID_id_smime_cti_ets_proofOfCreation 256 --#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L -+#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" -+#define NID_id_smime_cti_ets_proofOfApproval 255 -+#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L - --#define LN_friendlyName "friendlyName" --#define NID_friendlyName 156 --#define OBJ_friendlyName OBJ_pkcs9,20L -+#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" -+#define NID_id_smime_cti_ets_proofOfCreation 256 -+#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L - --#define LN_localKeyID "localKeyID" --#define NID_localKeyID 157 --#define OBJ_localKeyID OBJ_pkcs9,21L -+#define LN_friendlyName "friendlyName" -+#define NID_friendlyName 156 -+#define OBJ_friendlyName OBJ_pkcs9,20L - --#define SN_ms_csp_name "CSPName" --#define LN_ms_csp_name "Microsoft CSP Name" --#define NID_ms_csp_name 417 --#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L -+#define LN_localKeyID "localKeyID" -+#define NID_localKeyID 157 -+#define OBJ_localKeyID OBJ_pkcs9,21L - --#define SN_LocalKeySet "LocalKeySet" --#define LN_LocalKeySet "Microsoft Local Key set" --#define NID_LocalKeySet 856 --#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L -+#define SN_ms_csp_name "CSPName" -+#define LN_ms_csp_name "Microsoft CSP Name" -+#define NID_ms_csp_name 417 -+#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L - --#define OBJ_certTypes OBJ_pkcs9,22L -+#define SN_LocalKeySet "LocalKeySet" -+#define LN_LocalKeySet "Microsoft Local Key set" -+#define NID_LocalKeySet 856 -+#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L - --#define LN_x509Certificate "x509Certificate" --#define NID_x509Certificate 158 --#define OBJ_x509Certificate OBJ_certTypes,1L -+#define OBJ_certTypes OBJ_pkcs9,22L - --#define LN_sdsiCertificate "sdsiCertificate" --#define NID_sdsiCertificate 159 --#define OBJ_sdsiCertificate OBJ_certTypes,2L -+#define LN_x509Certificate "x509Certificate" -+#define NID_x509Certificate 158 -+#define OBJ_x509Certificate OBJ_certTypes,1L - --#define OBJ_crlTypes OBJ_pkcs9,23L -+#define LN_sdsiCertificate "sdsiCertificate" -+#define NID_sdsiCertificate 159 -+#define OBJ_sdsiCertificate OBJ_certTypes,2L - --#define LN_x509Crl "x509Crl" --#define NID_x509Crl 160 --#define OBJ_x509Crl OBJ_crlTypes,1L -+#define OBJ_crlTypes OBJ_pkcs9,23L - --#define OBJ_pkcs12 OBJ_pkcs,12L -+#define LN_x509Crl "x509Crl" -+#define NID_x509Crl 160 -+#define OBJ_x509Crl OBJ_crlTypes,1L - --#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L -+#define OBJ_pkcs12 OBJ_pkcs,12L - --#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" --#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" --#define NID_pbe_WithSHA1And128BitRC4 144 --#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L -+#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L - --#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" --#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" --#define NID_pbe_WithSHA1And40BitRC4 145 --#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L -+#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" -+#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" -+#define NID_pbe_WithSHA1And128BitRC4 144 -+#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L - --#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" --#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" --#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 --#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L -+#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" -+#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" -+#define NID_pbe_WithSHA1And40BitRC4 145 -+#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L - --#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" --#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" --#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 --#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L -+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" -+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" -+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 -+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L - --#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" --#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" --#define NID_pbe_WithSHA1And128BitRC2_CBC 148 --#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L -+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" -+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" -+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 -+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L - --#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" --#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" --#define NID_pbe_WithSHA1And40BitRC2_CBC 149 --#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L -+#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" -+#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" -+#define NID_pbe_WithSHA1And128BitRC2_CBC 148 -+#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L - --#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L -+#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" -+#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" -+#define NID_pbe_WithSHA1And40BitRC2_CBC 149 -+#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L - --#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L -+#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L - --#define LN_keyBag "keyBag" --#define NID_keyBag 150 --#define OBJ_keyBag OBJ_pkcs12_BagIds,1L -+#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L - --#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" --#define NID_pkcs8ShroudedKeyBag 151 --#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L -+#define LN_keyBag "keyBag" -+#define NID_keyBag 150 -+#define OBJ_keyBag OBJ_pkcs12_BagIds,1L - --#define LN_certBag "certBag" --#define NID_certBag 152 --#define OBJ_certBag OBJ_pkcs12_BagIds,3L -+#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" -+#define NID_pkcs8ShroudedKeyBag 151 -+#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L - --#define LN_crlBag "crlBag" --#define NID_crlBag 153 --#define OBJ_crlBag OBJ_pkcs12_BagIds,4L -+#define LN_certBag "certBag" -+#define NID_certBag 152 -+#define OBJ_certBag OBJ_pkcs12_BagIds,3L - --#define LN_secretBag "secretBag" --#define NID_secretBag 154 --#define OBJ_secretBag OBJ_pkcs12_BagIds,5L -+#define LN_crlBag "crlBag" -+#define NID_crlBag 153 -+#define OBJ_crlBag OBJ_pkcs12_BagIds,4L - --#define LN_safeContentsBag "safeContentsBag" --#define NID_safeContentsBag 155 --#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L -+#define LN_secretBag "secretBag" -+#define NID_secretBag 154 -+#define OBJ_secretBag OBJ_pkcs12_BagIds,5L - --#define SN_md2 "MD2" --#define LN_md2 "md2" --#define NID_md2 3 --#define OBJ_md2 OBJ_rsadsi,2L,2L -- --#define SN_md4 "MD4" --#define LN_md4 "md4" --#define NID_md4 257 --#define OBJ_md4 OBJ_rsadsi,2L,4L -- --#define SN_md5 "MD5" --#define LN_md5 "md5" --#define NID_md5 4 --#define OBJ_md5 OBJ_rsadsi,2L,5L -- --#define SN_md5_sha1 "MD5-SHA1" --#define LN_md5_sha1 "md5-sha1" --#define NID_md5_sha1 114 -- --#define LN_hmacWithMD5 "hmacWithMD5" --#define NID_hmacWithMD5 797 --#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L -- --#define LN_hmacWithSHA1 "hmacWithSHA1" --#define NID_hmacWithSHA1 163 --#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L -- --#define LN_hmacWithSHA224 "hmacWithSHA224" --#define NID_hmacWithSHA224 798 --#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L -- --#define LN_hmacWithSHA256 "hmacWithSHA256" --#define NID_hmacWithSHA256 799 --#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L -- --#define LN_hmacWithSHA384 "hmacWithSHA384" --#define NID_hmacWithSHA384 800 --#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L -- --#define LN_hmacWithSHA512 "hmacWithSHA512" --#define NID_hmacWithSHA512 801 --#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L -- --#define SN_rc2_cbc "RC2-CBC" --#define LN_rc2_cbc "rc2-cbc" --#define NID_rc2_cbc 37 --#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L -- --#define SN_rc2_ecb "RC2-ECB" --#define LN_rc2_ecb "rc2-ecb" --#define NID_rc2_ecb 38 -- --#define SN_rc2_cfb64 "RC2-CFB" --#define LN_rc2_cfb64 "rc2-cfb" --#define NID_rc2_cfb64 39 -- --#define SN_rc2_ofb64 "RC2-OFB" --#define LN_rc2_ofb64 "rc2-ofb" --#define NID_rc2_ofb64 40 -- --#define SN_rc2_40_cbc "RC2-40-CBC" --#define LN_rc2_40_cbc "rc2-40-cbc" --#define NID_rc2_40_cbc 98 -- --#define SN_rc2_64_cbc "RC2-64-CBC" --#define LN_rc2_64_cbc "rc2-64-cbc" --#define NID_rc2_64_cbc 166 -- --#define SN_rc4 "RC4" --#define LN_rc4 "rc4" --#define NID_rc4 5 --#define OBJ_rc4 OBJ_rsadsi,3L,4L -- --#define SN_rc4_40 "RC4-40" --#define LN_rc4_40 "rc4-40" --#define NID_rc4_40 97 -- --#define SN_des_ede3_cbc "DES-EDE3-CBC" --#define LN_des_ede3_cbc "des-ede3-cbc" --#define NID_des_ede3_cbc 44 --#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L -- --#define SN_rc5_cbc "RC5-CBC" --#define LN_rc5_cbc "rc5-cbc" --#define NID_rc5_cbc 120 --#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L -- --#define SN_rc5_ecb "RC5-ECB" --#define LN_rc5_ecb "rc5-ecb" --#define NID_rc5_ecb 121 -- --#define SN_rc5_cfb64 "RC5-CFB" --#define LN_rc5_cfb64 "rc5-cfb" --#define NID_rc5_cfb64 122 -- --#define SN_rc5_ofb64 "RC5-OFB" --#define LN_rc5_ofb64 "rc5-ofb" --#define NID_rc5_ofb64 123 -- --#define SN_ms_ext_req "msExtReq" --#define LN_ms_ext_req "Microsoft Extension Request" --#define NID_ms_ext_req 171 --#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L -- --#define SN_ms_code_ind "msCodeInd" --#define LN_ms_code_ind "Microsoft Individual Code Signing" --#define NID_ms_code_ind 134 --#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L -- --#define SN_ms_code_com "msCodeCom" --#define LN_ms_code_com "Microsoft Commercial Code Signing" --#define NID_ms_code_com 135 --#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L -- --#define SN_ms_ctl_sign "msCTLSign" --#define LN_ms_ctl_sign "Microsoft Trust List Signing" --#define NID_ms_ctl_sign 136 --#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L -- --#define SN_ms_sgc "msSGC" --#define LN_ms_sgc "Microsoft Server Gated Crypto" --#define NID_ms_sgc 137 --#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L -- --#define SN_ms_efs "msEFS" --#define LN_ms_efs "Microsoft Encrypted File System" --#define NID_ms_efs 138 --#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L -- --#define SN_ms_smartcard_login "msSmartcardLogin" --#define LN_ms_smartcard_login "Microsoft Smartcardlogin" --#define NID_ms_smartcard_login 648 --#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L -- --#define SN_ms_upn "msUPN" --#define LN_ms_upn "Microsoft Universal Principal Name" --#define NID_ms_upn 649 --#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L -- --#define SN_idea_cbc "IDEA-CBC" --#define LN_idea_cbc "idea-cbc" --#define NID_idea_cbc 34 --#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L -- --#define SN_idea_ecb "IDEA-ECB" --#define LN_idea_ecb "idea-ecb" --#define NID_idea_ecb 36 -- --#define SN_idea_cfb64 "IDEA-CFB" --#define LN_idea_cfb64 "idea-cfb" --#define NID_idea_cfb64 35 -- --#define SN_idea_ofb64 "IDEA-OFB" --#define LN_idea_ofb64 "idea-ofb" --#define NID_idea_ofb64 46 -- --#define SN_bf_cbc "BF-CBC" --#define LN_bf_cbc "bf-cbc" --#define NID_bf_cbc 91 --#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L -- --#define SN_bf_ecb "BF-ECB" --#define LN_bf_ecb "bf-ecb" --#define NID_bf_ecb 92 -- --#define SN_bf_cfb64 "BF-CFB" --#define LN_bf_cfb64 "bf-cfb" --#define NID_bf_cfb64 93 -- --#define SN_bf_ofb64 "BF-OFB" --#define LN_bf_ofb64 "bf-ofb" --#define NID_bf_ofb64 94 -- --#define SN_id_pkix "PKIX" --#define NID_id_pkix 127 --#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L -- --#define SN_id_pkix_mod "id-pkix-mod" --#define NID_id_pkix_mod 258 --#define OBJ_id_pkix_mod OBJ_id_pkix,0L -- --#define SN_id_pe "id-pe" --#define NID_id_pe 175 --#define OBJ_id_pe OBJ_id_pkix,1L -- --#define SN_id_qt "id-qt" --#define NID_id_qt 259 --#define OBJ_id_qt OBJ_id_pkix,2L -- --#define SN_id_kp "id-kp" --#define NID_id_kp 128 --#define OBJ_id_kp OBJ_id_pkix,3L -- --#define SN_id_it "id-it" --#define NID_id_it 260 --#define OBJ_id_it OBJ_id_pkix,4L -- --#define SN_id_pkip "id-pkip" --#define NID_id_pkip 261 --#define OBJ_id_pkip OBJ_id_pkix,5L -- --#define SN_id_alg "id-alg" --#define NID_id_alg 262 --#define OBJ_id_alg OBJ_id_pkix,6L -- --#define SN_id_cmc "id-cmc" --#define NID_id_cmc 263 --#define OBJ_id_cmc OBJ_id_pkix,7L -- --#define SN_id_on "id-on" --#define NID_id_on 264 --#define OBJ_id_on OBJ_id_pkix,8L -- --#define SN_id_pda "id-pda" --#define NID_id_pda 265 --#define OBJ_id_pda OBJ_id_pkix,9L -- --#define SN_id_aca "id-aca" --#define NID_id_aca 266 --#define OBJ_id_aca OBJ_id_pkix,10L -- --#define SN_id_qcs "id-qcs" --#define NID_id_qcs 267 --#define OBJ_id_qcs OBJ_id_pkix,11L -- --#define SN_id_cct "id-cct" --#define NID_id_cct 268 --#define OBJ_id_cct OBJ_id_pkix,12L -- --#define SN_id_ppl "id-ppl" --#define NID_id_ppl 662 --#define OBJ_id_ppl OBJ_id_pkix,21L -- --#define SN_id_ad "id-ad" --#define NID_id_ad 176 --#define OBJ_id_ad OBJ_id_pkix,48L -- --#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" --#define NID_id_pkix1_explicit_88 269 --#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L -- --#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" --#define NID_id_pkix1_implicit_88 270 --#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L -- --#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" --#define NID_id_pkix1_explicit_93 271 --#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L -- --#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" --#define NID_id_pkix1_implicit_93 272 --#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L -- --#define SN_id_mod_crmf "id-mod-crmf" --#define NID_id_mod_crmf 273 --#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L -- --#define SN_id_mod_cmc "id-mod-cmc" --#define NID_id_mod_cmc 274 --#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L -- --#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" --#define NID_id_mod_kea_profile_88 275 --#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L -- --#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" --#define NID_id_mod_kea_profile_93 276 --#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L -- --#define SN_id_mod_cmp "id-mod-cmp" --#define NID_id_mod_cmp 277 --#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L -- --#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" --#define NID_id_mod_qualified_cert_88 278 --#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L -- --#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" --#define NID_id_mod_qualified_cert_93 279 --#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L -- --#define SN_id_mod_attribute_cert "id-mod-attribute-cert" --#define NID_id_mod_attribute_cert 280 --#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L -- --#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" --#define NID_id_mod_timestamp_protocol 281 --#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L -- --#define SN_id_mod_ocsp "id-mod-ocsp" --#define NID_id_mod_ocsp 282 --#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L -- --#define SN_id_mod_dvcs "id-mod-dvcs" --#define NID_id_mod_dvcs 283 --#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L -- --#define SN_id_mod_cmp2000 "id-mod-cmp2000" --#define NID_id_mod_cmp2000 284 --#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L -- --#define SN_info_access "authorityInfoAccess" --#define LN_info_access "Authority Information Access" --#define NID_info_access 177 --#define OBJ_info_access OBJ_id_pe,1L -- --#define SN_biometricInfo "biometricInfo" --#define LN_biometricInfo "Biometric Info" --#define NID_biometricInfo 285 --#define OBJ_biometricInfo OBJ_id_pe,2L -- --#define SN_qcStatements "qcStatements" --#define NID_qcStatements 286 --#define OBJ_qcStatements OBJ_id_pe,3L -- --#define SN_ac_auditEntity "ac-auditEntity" --#define NID_ac_auditEntity 287 --#define OBJ_ac_auditEntity OBJ_id_pe,4L -- --#define SN_ac_targeting "ac-targeting" --#define NID_ac_targeting 288 --#define OBJ_ac_targeting OBJ_id_pe,5L -- --#define SN_aaControls "aaControls" --#define NID_aaControls 289 --#define OBJ_aaControls OBJ_id_pe,6L -- --#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" --#define NID_sbgp_ipAddrBlock 290 --#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L -- --#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" --#define NID_sbgp_autonomousSysNum 291 --#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L -- --#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" --#define NID_sbgp_routerIdentifier 292 --#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L -- --#define SN_ac_proxying "ac-proxying" --#define NID_ac_proxying 397 --#define OBJ_ac_proxying OBJ_id_pe,10L -- --#define SN_sinfo_access "subjectInfoAccess" --#define LN_sinfo_access "Subject Information Access" --#define NID_sinfo_access 398 --#define OBJ_sinfo_access OBJ_id_pe,11L -- --#define SN_proxyCertInfo "proxyCertInfo" --#define LN_proxyCertInfo "Proxy Certificate Information" --#define NID_proxyCertInfo 663 --#define OBJ_proxyCertInfo OBJ_id_pe,14L -- --#define SN_id_qt_cps "id-qt-cps" --#define LN_id_qt_cps "Policy Qualifier CPS" --#define NID_id_qt_cps 164 --#define OBJ_id_qt_cps OBJ_id_qt,1L -- --#define SN_id_qt_unotice "id-qt-unotice" --#define LN_id_qt_unotice "Policy Qualifier User Notice" --#define NID_id_qt_unotice 165 --#define OBJ_id_qt_unotice OBJ_id_qt,2L -- --#define SN_textNotice "textNotice" --#define NID_textNotice 293 --#define OBJ_textNotice OBJ_id_qt,3L -- --#define SN_server_auth "serverAuth" --#define LN_server_auth "TLS Web Server Authentication" --#define NID_server_auth 129 --#define OBJ_server_auth OBJ_id_kp,1L -- --#define SN_client_auth "clientAuth" --#define LN_client_auth "TLS Web Client Authentication" --#define NID_client_auth 130 --#define OBJ_client_auth OBJ_id_kp,2L -- --#define SN_code_sign "codeSigning" --#define LN_code_sign "Code Signing" --#define NID_code_sign 131 --#define OBJ_code_sign OBJ_id_kp,3L -- --#define SN_email_protect "emailProtection" --#define LN_email_protect "E-mail Protection" --#define NID_email_protect 132 --#define OBJ_email_protect OBJ_id_kp,4L -- --#define SN_ipsecEndSystem "ipsecEndSystem" --#define LN_ipsecEndSystem "IPSec End System" --#define NID_ipsecEndSystem 294 --#define OBJ_ipsecEndSystem OBJ_id_kp,5L -- --#define SN_ipsecTunnel "ipsecTunnel" --#define LN_ipsecTunnel "IPSec Tunnel" --#define NID_ipsecTunnel 295 --#define OBJ_ipsecTunnel OBJ_id_kp,6L -- --#define SN_ipsecUser "ipsecUser" --#define LN_ipsecUser "IPSec User" --#define NID_ipsecUser 296 --#define OBJ_ipsecUser OBJ_id_kp,7L -- --#define SN_time_stamp "timeStamping" --#define LN_time_stamp "Time Stamping" --#define NID_time_stamp 133 --#define OBJ_time_stamp OBJ_id_kp,8L -- --#define SN_OCSP_sign "OCSPSigning" --#define LN_OCSP_sign "OCSP Signing" --#define NID_OCSP_sign 180 --#define OBJ_OCSP_sign OBJ_id_kp,9L -- --#define SN_dvcs "DVCS" --#define LN_dvcs "dvcs" --#define NID_dvcs 297 --#define OBJ_dvcs OBJ_id_kp,10L -- --#define SN_id_it_caProtEncCert "id-it-caProtEncCert" --#define NID_id_it_caProtEncCert 298 --#define OBJ_id_it_caProtEncCert OBJ_id_it,1L -- --#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" --#define NID_id_it_signKeyPairTypes 299 --#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L -- --#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" --#define NID_id_it_encKeyPairTypes 300 --#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L -- --#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" --#define NID_id_it_preferredSymmAlg 301 --#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L -- --#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" --#define NID_id_it_caKeyUpdateInfo 302 --#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L -- --#define SN_id_it_currentCRL "id-it-currentCRL" --#define NID_id_it_currentCRL 303 --#define OBJ_id_it_currentCRL OBJ_id_it,6L -- --#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" --#define NID_id_it_unsupportedOIDs 304 --#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L -- --#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" --#define NID_id_it_subscriptionRequest 305 --#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L -- --#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" --#define NID_id_it_subscriptionResponse 306 --#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L -- --#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" --#define NID_id_it_keyPairParamReq 307 --#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L -- --#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" --#define NID_id_it_keyPairParamRep 308 --#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L -- --#define SN_id_it_revPassphrase "id-it-revPassphrase" --#define NID_id_it_revPassphrase 309 --#define OBJ_id_it_revPassphrase OBJ_id_it,12L -- --#define SN_id_it_implicitConfirm "id-it-implicitConfirm" --#define NID_id_it_implicitConfirm 310 --#define OBJ_id_it_implicitConfirm OBJ_id_it,13L -- --#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" --#define NID_id_it_confirmWaitTime 311 --#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L -- --#define SN_id_it_origPKIMessage "id-it-origPKIMessage" --#define NID_id_it_origPKIMessage 312 --#define OBJ_id_it_origPKIMessage OBJ_id_it,15L -- --#define SN_id_it_suppLangTags "id-it-suppLangTags" --#define NID_id_it_suppLangTags 784 --#define OBJ_id_it_suppLangTags OBJ_id_it,16L -- --#define SN_id_regCtrl "id-regCtrl" --#define NID_id_regCtrl 313 --#define OBJ_id_regCtrl OBJ_id_pkip,1L -- --#define SN_id_regInfo "id-regInfo" --#define NID_id_regInfo 314 --#define OBJ_id_regInfo OBJ_id_pkip,2L -- --#define SN_id_regCtrl_regToken "id-regCtrl-regToken" --#define NID_id_regCtrl_regToken 315 --#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L -- --#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" --#define NID_id_regCtrl_authenticator 316 --#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L -+#define LN_safeContentsBag "safeContentsBag" -+#define NID_safeContentsBag 155 -+#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L - --#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" --#define NID_id_regCtrl_pkiPublicationInfo 317 --#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L -+#define SN_md2 "MD2" -+#define LN_md2 "md2" -+#define NID_md2 3 -+#define OBJ_md2 OBJ_rsadsi,2L,2L -+ -+#define SN_md4 "MD4" -+#define LN_md4 "md4" -+#define NID_md4 257 -+#define OBJ_md4 OBJ_rsadsi,2L,4L -+ -+#define SN_md5 "MD5" -+#define LN_md5 "md5" -+#define NID_md5 4 -+#define OBJ_md5 OBJ_rsadsi,2L,5L -+ -+#define SN_md5_sha1 "MD5-SHA1" -+#define LN_md5_sha1 "md5-sha1" -+#define NID_md5_sha1 114 -+ -+#define LN_hmacWithMD5 "hmacWithMD5" -+#define NID_hmacWithMD5 797 -+#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L -+ -+#define LN_hmacWithSHA1 "hmacWithSHA1" -+#define NID_hmacWithSHA1 163 -+#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L -+ -+#define LN_hmacWithSHA224 "hmacWithSHA224" -+#define NID_hmacWithSHA224 798 -+#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L -+ -+#define LN_hmacWithSHA256 "hmacWithSHA256" -+#define NID_hmacWithSHA256 799 -+#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L -+ -+#define LN_hmacWithSHA384 "hmacWithSHA384" -+#define NID_hmacWithSHA384 800 -+#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L -+ -+#define LN_hmacWithSHA512 "hmacWithSHA512" -+#define NID_hmacWithSHA512 801 -+#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L -+ -+#define SN_rc2_cbc "RC2-CBC" -+#define LN_rc2_cbc "rc2-cbc" -+#define NID_rc2_cbc 37 -+#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L -+ -+#define SN_rc2_ecb "RC2-ECB" -+#define LN_rc2_ecb "rc2-ecb" -+#define NID_rc2_ecb 38 -+ -+#define SN_rc2_cfb64 "RC2-CFB" -+#define LN_rc2_cfb64 "rc2-cfb" -+#define NID_rc2_cfb64 39 -+ -+#define SN_rc2_ofb64 "RC2-OFB" -+#define LN_rc2_ofb64 "rc2-ofb" -+#define NID_rc2_ofb64 40 -+ -+#define SN_rc2_40_cbc "RC2-40-CBC" -+#define LN_rc2_40_cbc "rc2-40-cbc" -+#define NID_rc2_40_cbc 98 -+ -+#define SN_rc2_64_cbc "RC2-64-CBC" -+#define LN_rc2_64_cbc "rc2-64-cbc" -+#define NID_rc2_64_cbc 166 -+ -+#define SN_rc4 "RC4" -+#define LN_rc4 "rc4" -+#define NID_rc4 5 -+#define OBJ_rc4 OBJ_rsadsi,3L,4L -+ -+#define SN_rc4_40 "RC4-40" -+#define LN_rc4_40 "rc4-40" -+#define NID_rc4_40 97 -+ -+#define SN_des_ede3_cbc "DES-EDE3-CBC" -+#define LN_des_ede3_cbc "des-ede3-cbc" -+#define NID_des_ede3_cbc 44 -+#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L -+ -+#define SN_rc5_cbc "RC5-CBC" -+#define LN_rc5_cbc "rc5-cbc" -+#define NID_rc5_cbc 120 -+#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L -+ -+#define SN_rc5_ecb "RC5-ECB" -+#define LN_rc5_ecb "rc5-ecb" -+#define NID_rc5_ecb 121 -+ -+#define SN_rc5_cfb64 "RC5-CFB" -+#define LN_rc5_cfb64 "rc5-cfb" -+#define NID_rc5_cfb64 122 -+ -+#define SN_rc5_ofb64 "RC5-OFB" -+#define LN_rc5_ofb64 "rc5-ofb" -+#define NID_rc5_ofb64 123 -+ -+#define SN_ms_ext_req "msExtReq" -+#define LN_ms_ext_req "Microsoft Extension Request" -+#define NID_ms_ext_req 171 -+#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L -+ -+#define SN_ms_code_ind "msCodeInd" -+#define LN_ms_code_ind "Microsoft Individual Code Signing" -+#define NID_ms_code_ind 134 -+#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L -+ -+#define SN_ms_code_com "msCodeCom" -+#define LN_ms_code_com "Microsoft Commercial Code Signing" -+#define NID_ms_code_com 135 -+#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L -+ -+#define SN_ms_ctl_sign "msCTLSign" -+#define LN_ms_ctl_sign "Microsoft Trust List Signing" -+#define NID_ms_ctl_sign 136 -+#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L -+ -+#define SN_ms_sgc "msSGC" -+#define LN_ms_sgc "Microsoft Server Gated Crypto" -+#define NID_ms_sgc 137 -+#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L -+ -+#define SN_ms_efs "msEFS" -+#define LN_ms_efs "Microsoft Encrypted File System" -+#define NID_ms_efs 138 -+#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L -+ -+#define SN_ms_smartcard_login "msSmartcardLogin" -+#define LN_ms_smartcard_login "Microsoft Smartcardlogin" -+#define NID_ms_smartcard_login 648 -+#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L -+ -+#define SN_ms_upn "msUPN" -+#define LN_ms_upn "Microsoft Universal Principal Name" -+#define NID_ms_upn 649 -+#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L -+ -+#define SN_idea_cbc "IDEA-CBC" -+#define LN_idea_cbc "idea-cbc" -+#define NID_idea_cbc 34 -+#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L -+ -+#define SN_idea_ecb "IDEA-ECB" -+#define LN_idea_ecb "idea-ecb" -+#define NID_idea_ecb 36 -+ -+#define SN_idea_cfb64 "IDEA-CFB" -+#define LN_idea_cfb64 "idea-cfb" -+#define NID_idea_cfb64 35 -+ -+#define SN_idea_ofb64 "IDEA-OFB" -+#define LN_idea_ofb64 "idea-ofb" -+#define NID_idea_ofb64 46 -+ -+#define SN_bf_cbc "BF-CBC" -+#define LN_bf_cbc "bf-cbc" -+#define NID_bf_cbc 91 -+#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L -+ -+#define SN_bf_ecb "BF-ECB" -+#define LN_bf_ecb "bf-ecb" -+#define NID_bf_ecb 92 -+ -+#define SN_bf_cfb64 "BF-CFB" -+#define LN_bf_cfb64 "bf-cfb" -+#define NID_bf_cfb64 93 -+ -+#define SN_bf_ofb64 "BF-OFB" -+#define LN_bf_ofb64 "bf-ofb" -+#define NID_bf_ofb64 94 -+ -+#define SN_id_pkix "PKIX" -+#define NID_id_pkix 127 -+#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L -+ -+#define SN_id_pkix_mod "id-pkix-mod" -+#define NID_id_pkix_mod 258 -+#define OBJ_id_pkix_mod OBJ_id_pkix,0L -+ -+#define SN_id_pe "id-pe" -+#define NID_id_pe 175 -+#define OBJ_id_pe OBJ_id_pkix,1L -+ -+#define SN_id_qt "id-qt" -+#define NID_id_qt 259 -+#define OBJ_id_qt OBJ_id_pkix,2L -+ -+#define SN_id_kp "id-kp" -+#define NID_id_kp 128 -+#define OBJ_id_kp OBJ_id_pkix,3L -+ -+#define SN_id_it "id-it" -+#define NID_id_it 260 -+#define OBJ_id_it OBJ_id_pkix,4L -+ -+#define SN_id_pkip "id-pkip" -+#define NID_id_pkip 261 -+#define OBJ_id_pkip OBJ_id_pkix,5L -+ -+#define SN_id_alg "id-alg" -+#define NID_id_alg 262 -+#define OBJ_id_alg OBJ_id_pkix,6L -+ -+#define SN_id_cmc "id-cmc" -+#define NID_id_cmc 263 -+#define OBJ_id_cmc OBJ_id_pkix,7L -+ -+#define SN_id_on "id-on" -+#define NID_id_on 264 -+#define OBJ_id_on OBJ_id_pkix,8L -+ -+#define SN_id_pda "id-pda" -+#define NID_id_pda 265 -+#define OBJ_id_pda OBJ_id_pkix,9L -+ -+#define SN_id_aca "id-aca" -+#define NID_id_aca 266 -+#define OBJ_id_aca OBJ_id_pkix,10L -+ -+#define SN_id_qcs "id-qcs" -+#define NID_id_qcs 267 -+#define OBJ_id_qcs OBJ_id_pkix,11L -+ -+#define SN_id_cct "id-cct" -+#define NID_id_cct 268 -+#define OBJ_id_cct OBJ_id_pkix,12L -+ -+#define SN_id_ppl "id-ppl" -+#define NID_id_ppl 662 -+#define OBJ_id_ppl OBJ_id_pkix,21L -+ -+#define SN_id_ad "id-ad" -+#define NID_id_ad 176 -+#define OBJ_id_ad OBJ_id_pkix,48L -+ -+#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" -+#define NID_id_pkix1_explicit_88 269 -+#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L -+ -+#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" -+#define NID_id_pkix1_implicit_88 270 -+#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L -+ -+#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" -+#define NID_id_pkix1_explicit_93 271 -+#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L -+ -+#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" -+#define NID_id_pkix1_implicit_93 272 -+#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L -+ -+#define SN_id_mod_crmf "id-mod-crmf" -+#define NID_id_mod_crmf 273 -+#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L -+ -+#define SN_id_mod_cmc "id-mod-cmc" -+#define NID_id_mod_cmc 274 -+#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L -+ -+#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" -+#define NID_id_mod_kea_profile_88 275 -+#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L -+ -+#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" -+#define NID_id_mod_kea_profile_93 276 -+#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L -+ -+#define SN_id_mod_cmp "id-mod-cmp" -+#define NID_id_mod_cmp 277 -+#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L -+ -+#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" -+#define NID_id_mod_qualified_cert_88 278 -+#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L -+ -+#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" -+#define NID_id_mod_qualified_cert_93 279 -+#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L -+ -+#define SN_id_mod_attribute_cert "id-mod-attribute-cert" -+#define NID_id_mod_attribute_cert 280 -+#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L -+ -+#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" -+#define NID_id_mod_timestamp_protocol 281 -+#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L -+ -+#define SN_id_mod_ocsp "id-mod-ocsp" -+#define NID_id_mod_ocsp 282 -+#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L -+ -+#define SN_id_mod_dvcs "id-mod-dvcs" -+#define NID_id_mod_dvcs 283 -+#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L -+ -+#define SN_id_mod_cmp2000 "id-mod-cmp2000" -+#define NID_id_mod_cmp2000 284 -+#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L -+ -+#define SN_info_access "authorityInfoAccess" -+#define LN_info_access "Authority Information Access" -+#define NID_info_access 177 -+#define OBJ_info_access OBJ_id_pe,1L -+ -+#define SN_biometricInfo "biometricInfo" -+#define LN_biometricInfo "Biometric Info" -+#define NID_biometricInfo 285 -+#define OBJ_biometricInfo OBJ_id_pe,2L -+ -+#define SN_qcStatements "qcStatements" -+#define NID_qcStatements 286 -+#define OBJ_qcStatements OBJ_id_pe,3L -+ -+#define SN_ac_auditEntity "ac-auditEntity" -+#define NID_ac_auditEntity 287 -+#define OBJ_ac_auditEntity OBJ_id_pe,4L -+ -+#define SN_ac_targeting "ac-targeting" -+#define NID_ac_targeting 288 -+#define OBJ_ac_targeting OBJ_id_pe,5L -+ -+#define SN_aaControls "aaControls" -+#define NID_aaControls 289 -+#define OBJ_aaControls OBJ_id_pe,6L -+ -+#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" -+#define NID_sbgp_ipAddrBlock 290 -+#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L -+ -+#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" -+#define NID_sbgp_autonomousSysNum 291 -+#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L -+ -+#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" -+#define NID_sbgp_routerIdentifier 292 -+#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L -+ -+#define SN_ac_proxying "ac-proxying" -+#define NID_ac_proxying 397 -+#define OBJ_ac_proxying OBJ_id_pe,10L -+ -+#define SN_sinfo_access "subjectInfoAccess" -+#define LN_sinfo_access "Subject Information Access" -+#define NID_sinfo_access 398 -+#define OBJ_sinfo_access OBJ_id_pe,11L -+ -+#define SN_proxyCertInfo "proxyCertInfo" -+#define LN_proxyCertInfo "Proxy Certificate Information" -+#define NID_proxyCertInfo 663 -+#define OBJ_proxyCertInfo OBJ_id_pe,14L -+ -+#define SN_id_qt_cps "id-qt-cps" -+#define LN_id_qt_cps "Policy Qualifier CPS" -+#define NID_id_qt_cps 164 -+#define OBJ_id_qt_cps OBJ_id_qt,1L -+ -+#define SN_id_qt_unotice "id-qt-unotice" -+#define LN_id_qt_unotice "Policy Qualifier User Notice" -+#define NID_id_qt_unotice 165 -+#define OBJ_id_qt_unotice OBJ_id_qt,2L -+ -+#define SN_textNotice "textNotice" -+#define NID_textNotice 293 -+#define OBJ_textNotice OBJ_id_qt,3L -+ -+#define SN_server_auth "serverAuth" -+#define LN_server_auth "TLS Web Server Authentication" -+#define NID_server_auth 129 -+#define OBJ_server_auth OBJ_id_kp,1L -+ -+#define SN_client_auth "clientAuth" -+#define LN_client_auth "TLS Web Client Authentication" -+#define NID_client_auth 130 -+#define OBJ_client_auth OBJ_id_kp,2L -+ -+#define SN_code_sign "codeSigning" -+#define LN_code_sign "Code Signing" -+#define NID_code_sign 131 -+#define OBJ_code_sign OBJ_id_kp,3L -+ -+#define SN_email_protect "emailProtection" -+#define LN_email_protect "E-mail Protection" -+#define NID_email_protect 132 -+#define OBJ_email_protect OBJ_id_kp,4L -+ -+#define SN_ipsecEndSystem "ipsecEndSystem" -+#define LN_ipsecEndSystem "IPSec End System" -+#define NID_ipsecEndSystem 294 -+#define OBJ_ipsecEndSystem OBJ_id_kp,5L -+ -+#define SN_ipsecTunnel "ipsecTunnel" -+#define LN_ipsecTunnel "IPSec Tunnel" -+#define NID_ipsecTunnel 295 -+#define OBJ_ipsecTunnel OBJ_id_kp,6L -+ -+#define SN_ipsecUser "ipsecUser" -+#define LN_ipsecUser "IPSec User" -+#define NID_ipsecUser 296 -+#define OBJ_ipsecUser OBJ_id_kp,7L -+ -+#define SN_time_stamp "timeStamping" -+#define LN_time_stamp "Time Stamping" -+#define NID_time_stamp 133 -+#define OBJ_time_stamp OBJ_id_kp,8L -+ -+#define SN_OCSP_sign "OCSPSigning" -+#define LN_OCSP_sign "OCSP Signing" -+#define NID_OCSP_sign 180 -+#define OBJ_OCSP_sign OBJ_id_kp,9L -+ -+#define SN_dvcs "DVCS" -+#define LN_dvcs "dvcs" -+#define NID_dvcs 297 -+#define OBJ_dvcs OBJ_id_kp,10L -+ -+#define SN_id_it_caProtEncCert "id-it-caProtEncCert" -+#define NID_id_it_caProtEncCert 298 -+#define OBJ_id_it_caProtEncCert OBJ_id_it,1L -+ -+#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" -+#define NID_id_it_signKeyPairTypes 299 -+#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L -+ -+#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" -+#define NID_id_it_encKeyPairTypes 300 -+#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L -+ -+#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" -+#define NID_id_it_preferredSymmAlg 301 -+#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L -+ -+#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" -+#define NID_id_it_caKeyUpdateInfo 302 -+#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L -+ -+#define SN_id_it_currentCRL "id-it-currentCRL" -+#define NID_id_it_currentCRL 303 -+#define OBJ_id_it_currentCRL OBJ_id_it,6L -+ -+#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" -+#define NID_id_it_unsupportedOIDs 304 -+#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L -+ -+#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" -+#define NID_id_it_subscriptionRequest 305 -+#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L -+ -+#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" -+#define NID_id_it_subscriptionResponse 306 -+#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L -+ -+#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" -+#define NID_id_it_keyPairParamReq 307 -+#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L -+ -+#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" -+#define NID_id_it_keyPairParamRep 308 -+#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L -+ -+#define SN_id_it_revPassphrase "id-it-revPassphrase" -+#define NID_id_it_revPassphrase 309 -+#define OBJ_id_it_revPassphrase OBJ_id_it,12L -+ -+#define SN_id_it_implicitConfirm "id-it-implicitConfirm" -+#define NID_id_it_implicitConfirm 310 -+#define OBJ_id_it_implicitConfirm OBJ_id_it,13L -+ -+#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" -+#define NID_id_it_confirmWaitTime 311 -+#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L -+ -+#define SN_id_it_origPKIMessage "id-it-origPKIMessage" -+#define NID_id_it_origPKIMessage 312 -+#define OBJ_id_it_origPKIMessage OBJ_id_it,15L -+ -+#define SN_id_it_suppLangTags "id-it-suppLangTags" -+#define NID_id_it_suppLangTags 784 -+#define OBJ_id_it_suppLangTags OBJ_id_it,16L -+ -+#define SN_id_regCtrl "id-regCtrl" -+#define NID_id_regCtrl 313 -+#define OBJ_id_regCtrl OBJ_id_pkip,1L -+ -+#define SN_id_regInfo "id-regInfo" -+#define NID_id_regInfo 314 -+#define OBJ_id_regInfo OBJ_id_pkip,2L -+ -+#define SN_id_regCtrl_regToken "id-regCtrl-regToken" -+#define NID_id_regCtrl_regToken 315 -+#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L -+ -+#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" -+#define NID_id_regCtrl_authenticator 316 -+#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L - --#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" --#define NID_id_regCtrl_pkiArchiveOptions 318 --#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L -+#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" -+#define NID_id_regCtrl_pkiPublicationInfo 317 -+#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L - --#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" --#define NID_id_regCtrl_oldCertID 319 --#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L -+#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" -+#define NID_id_regCtrl_pkiArchiveOptions 318 -+#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L - --#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" --#define NID_id_regCtrl_protocolEncrKey 320 --#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L -+#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" -+#define NID_id_regCtrl_oldCertID 319 -+#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L - --#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" --#define NID_id_regInfo_utf8Pairs 321 --#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L -+#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" -+#define NID_id_regCtrl_protocolEncrKey 320 -+#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L - --#define SN_id_regInfo_certReq "id-regInfo-certReq" --#define NID_id_regInfo_certReq 322 --#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L -+#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" -+#define NID_id_regInfo_utf8Pairs 321 -+#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L - --#define SN_id_alg_des40 "id-alg-des40" --#define NID_id_alg_des40 323 --#define OBJ_id_alg_des40 OBJ_id_alg,1L -+#define SN_id_regInfo_certReq "id-regInfo-certReq" -+#define NID_id_regInfo_certReq 322 -+#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L - --#define SN_id_alg_noSignature "id-alg-noSignature" --#define NID_id_alg_noSignature 324 --#define OBJ_id_alg_noSignature OBJ_id_alg,2L -+#define SN_id_alg_des40 "id-alg-des40" -+#define NID_id_alg_des40 323 -+#define OBJ_id_alg_des40 OBJ_id_alg,1L - --#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" --#define NID_id_alg_dh_sig_hmac_sha1 325 --#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L -+#define SN_id_alg_noSignature "id-alg-noSignature" -+#define NID_id_alg_noSignature 324 -+#define OBJ_id_alg_noSignature OBJ_id_alg,2L - --#define SN_id_alg_dh_pop "id-alg-dh-pop" --#define NID_id_alg_dh_pop 326 --#define OBJ_id_alg_dh_pop OBJ_id_alg,4L -+#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" -+#define NID_id_alg_dh_sig_hmac_sha1 325 -+#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L - --#define SN_id_cmc_statusInfo "id-cmc-statusInfo" --#define NID_id_cmc_statusInfo 327 --#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L -+#define SN_id_alg_dh_pop "id-alg-dh-pop" -+#define NID_id_alg_dh_pop 326 -+#define OBJ_id_alg_dh_pop OBJ_id_alg,4L - --#define SN_id_cmc_identification "id-cmc-identification" --#define NID_id_cmc_identification 328 --#define OBJ_id_cmc_identification OBJ_id_cmc,2L -+#define SN_id_cmc_statusInfo "id-cmc-statusInfo" -+#define NID_id_cmc_statusInfo 327 -+#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L - --#define SN_id_cmc_identityProof "id-cmc-identityProof" --#define NID_id_cmc_identityProof 329 --#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L -+#define SN_id_cmc_identification "id-cmc-identification" -+#define NID_id_cmc_identification 328 -+#define OBJ_id_cmc_identification OBJ_id_cmc,2L - --#define SN_id_cmc_dataReturn "id-cmc-dataReturn" --#define NID_id_cmc_dataReturn 330 --#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L -+#define SN_id_cmc_identityProof "id-cmc-identityProof" -+#define NID_id_cmc_identityProof 329 -+#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L - --#define SN_id_cmc_transactionId "id-cmc-transactionId" --#define NID_id_cmc_transactionId 331 --#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L -+#define SN_id_cmc_dataReturn "id-cmc-dataReturn" -+#define NID_id_cmc_dataReturn 330 -+#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L - --#define SN_id_cmc_senderNonce "id-cmc-senderNonce" --#define NID_id_cmc_senderNonce 332 --#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L -+#define SN_id_cmc_transactionId "id-cmc-transactionId" -+#define NID_id_cmc_transactionId 331 -+#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L - --#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" --#define NID_id_cmc_recipientNonce 333 --#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L -+#define SN_id_cmc_senderNonce "id-cmc-senderNonce" -+#define NID_id_cmc_senderNonce 332 -+#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L - --#define SN_id_cmc_addExtensions "id-cmc-addExtensions" --#define NID_id_cmc_addExtensions 334 --#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L -+#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" -+#define NID_id_cmc_recipientNonce 333 -+#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L - --#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" --#define NID_id_cmc_encryptedPOP 335 --#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L -+#define SN_id_cmc_addExtensions "id-cmc-addExtensions" -+#define NID_id_cmc_addExtensions 334 -+#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L - --#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" --#define NID_id_cmc_decryptedPOP 336 --#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L -+#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" -+#define NID_id_cmc_encryptedPOP 335 -+#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L - --#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" --#define NID_id_cmc_lraPOPWitness 337 --#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L -+#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" -+#define NID_id_cmc_decryptedPOP 336 -+#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L - --#define SN_id_cmc_getCert "id-cmc-getCert" --#define NID_id_cmc_getCert 338 --#define OBJ_id_cmc_getCert OBJ_id_cmc,15L -+#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" -+#define NID_id_cmc_lraPOPWitness 337 -+#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L - --#define SN_id_cmc_getCRL "id-cmc-getCRL" --#define NID_id_cmc_getCRL 339 --#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L -+#define SN_id_cmc_getCert "id-cmc-getCert" -+#define NID_id_cmc_getCert 338 -+#define OBJ_id_cmc_getCert OBJ_id_cmc,15L - --#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" --#define NID_id_cmc_revokeRequest 340 --#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L -+#define SN_id_cmc_getCRL "id-cmc-getCRL" -+#define NID_id_cmc_getCRL 339 -+#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L - --#define SN_id_cmc_regInfo "id-cmc-regInfo" --#define NID_id_cmc_regInfo 341 --#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L -+#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" -+#define NID_id_cmc_revokeRequest 340 -+#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L - --#define SN_id_cmc_responseInfo "id-cmc-responseInfo" --#define NID_id_cmc_responseInfo 342 --#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L -+#define SN_id_cmc_regInfo "id-cmc-regInfo" -+#define NID_id_cmc_regInfo 341 -+#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L - --#define SN_id_cmc_queryPending "id-cmc-queryPending" --#define NID_id_cmc_queryPending 343 --#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L -- --#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" --#define NID_id_cmc_popLinkRandom 344 --#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L -- --#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" --#define NID_id_cmc_popLinkWitness 345 --#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L -- --#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" --#define NID_id_cmc_confirmCertAcceptance 346 --#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L -- --#define SN_id_on_personalData "id-on-personalData" --#define NID_id_on_personalData 347 --#define OBJ_id_on_personalData OBJ_id_on,1L -- --#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" --#define LN_id_on_permanentIdentifier "Permanent Identifier" --#define NID_id_on_permanentIdentifier 858 --#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L -- --#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" --#define NID_id_pda_dateOfBirth 348 --#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L -- --#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" --#define NID_id_pda_placeOfBirth 349 --#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L -- --#define SN_id_pda_gender "id-pda-gender" --#define NID_id_pda_gender 351 --#define OBJ_id_pda_gender OBJ_id_pda,3L -- --#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" --#define NID_id_pda_countryOfCitizenship 352 --#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L -- --#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" --#define NID_id_pda_countryOfResidence 353 --#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L -- --#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" --#define NID_id_aca_authenticationInfo 354 --#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L -- --#define SN_id_aca_accessIdentity "id-aca-accessIdentity" --#define NID_id_aca_accessIdentity 355 --#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L -- --#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" --#define NID_id_aca_chargingIdentity 356 --#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L -- --#define SN_id_aca_group "id-aca-group" --#define NID_id_aca_group 357 --#define OBJ_id_aca_group OBJ_id_aca,4L -- --#define SN_id_aca_role "id-aca-role" --#define NID_id_aca_role 358 --#define OBJ_id_aca_role OBJ_id_aca,5L -- --#define SN_id_aca_encAttrs "id-aca-encAttrs" --#define NID_id_aca_encAttrs 399 --#define OBJ_id_aca_encAttrs OBJ_id_aca,6L -- --#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" --#define NID_id_qcs_pkixQCSyntax_v1 359 --#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L -- --#define SN_id_cct_crs "id-cct-crs" --#define NID_id_cct_crs 360 --#define OBJ_id_cct_crs OBJ_id_cct,1L -- --#define SN_id_cct_PKIData "id-cct-PKIData" --#define NID_id_cct_PKIData 361 --#define OBJ_id_cct_PKIData OBJ_id_cct,2L -- --#define SN_id_cct_PKIResponse "id-cct-PKIResponse" --#define NID_id_cct_PKIResponse 362 --#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L -- --#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" --#define LN_id_ppl_anyLanguage "Any language" --#define NID_id_ppl_anyLanguage 664 --#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L -- --#define SN_id_ppl_inheritAll "id-ppl-inheritAll" --#define LN_id_ppl_inheritAll "Inherit all" --#define NID_id_ppl_inheritAll 665 --#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L -- --#define SN_Independent "id-ppl-independent" --#define LN_Independent "Independent" --#define NID_Independent 667 --#define OBJ_Independent OBJ_id_ppl,2L -- --#define SN_ad_OCSP "OCSP" --#define LN_ad_OCSP "OCSP" --#define NID_ad_OCSP 178 --#define OBJ_ad_OCSP OBJ_id_ad,1L -- --#define SN_ad_ca_issuers "caIssuers" --#define LN_ad_ca_issuers "CA Issuers" --#define NID_ad_ca_issuers 179 --#define OBJ_ad_ca_issuers OBJ_id_ad,2L -- --#define SN_ad_timeStamping "ad_timestamping" --#define LN_ad_timeStamping "AD Time Stamping" --#define NID_ad_timeStamping 363 --#define OBJ_ad_timeStamping OBJ_id_ad,3L -- --#define SN_ad_dvcs "AD_DVCS" --#define LN_ad_dvcs "ad dvcs" --#define NID_ad_dvcs 364 --#define OBJ_ad_dvcs OBJ_id_ad,4L -- --#define SN_caRepository "caRepository" --#define LN_caRepository "CA Repository" --#define NID_caRepository 785 --#define OBJ_caRepository OBJ_id_ad,5L -- --#define OBJ_id_pkix_OCSP OBJ_ad_OCSP -- --#define SN_id_pkix_OCSP_basic "basicOCSPResponse" --#define LN_id_pkix_OCSP_basic "Basic OCSP Response" --#define NID_id_pkix_OCSP_basic 365 --#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L -- --#define SN_id_pkix_OCSP_Nonce "Nonce" --#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" --#define NID_id_pkix_OCSP_Nonce 366 --#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L -- --#define SN_id_pkix_OCSP_CrlID "CrlID" --#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" --#define NID_id_pkix_OCSP_CrlID 367 --#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L -- --#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" --#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" --#define NID_id_pkix_OCSP_acceptableResponses 368 --#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L -- --#define SN_id_pkix_OCSP_noCheck "noCheck" --#define LN_id_pkix_OCSP_noCheck "OCSP No Check" --#define NID_id_pkix_OCSP_noCheck 369 --#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L -- --#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" --#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" --#define NID_id_pkix_OCSP_archiveCutoff 370 --#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L -- --#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" --#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" --#define NID_id_pkix_OCSP_serviceLocator 371 --#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L -- --#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" --#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" --#define NID_id_pkix_OCSP_extendedStatus 372 --#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L -- --#define SN_id_pkix_OCSP_valid "valid" --#define NID_id_pkix_OCSP_valid 373 --#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L -- --#define SN_id_pkix_OCSP_path "path" --#define NID_id_pkix_OCSP_path 374 --#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L -- --#define SN_id_pkix_OCSP_trustRoot "trustRoot" --#define LN_id_pkix_OCSP_trustRoot "Trust Root" --#define NID_id_pkix_OCSP_trustRoot 375 --#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L -- --#define SN_algorithm "algorithm" --#define LN_algorithm "algorithm" --#define NID_algorithm 376 --#define OBJ_algorithm 1L,3L,14L,3L,2L -- --#define SN_md5WithRSA "RSA-NP-MD5" --#define LN_md5WithRSA "md5WithRSA" --#define NID_md5WithRSA 104 --#define OBJ_md5WithRSA OBJ_algorithm,3L -- --#define SN_des_ecb "DES-ECB" --#define LN_des_ecb "des-ecb" --#define NID_des_ecb 29 --#define OBJ_des_ecb OBJ_algorithm,6L -- --#define SN_des_cbc "DES-CBC" --#define LN_des_cbc "des-cbc" --#define NID_des_cbc 31 --#define OBJ_des_cbc OBJ_algorithm,7L -- --#define SN_des_ofb64 "DES-OFB" --#define LN_des_ofb64 "des-ofb" --#define NID_des_ofb64 45 --#define OBJ_des_ofb64 OBJ_algorithm,8L -- --#define SN_des_cfb64 "DES-CFB" --#define LN_des_cfb64 "des-cfb" --#define NID_des_cfb64 30 --#define OBJ_des_cfb64 OBJ_algorithm,9L -- --#define SN_rsaSignature "rsaSignature" --#define NID_rsaSignature 377 --#define OBJ_rsaSignature OBJ_algorithm,11L -- --#define SN_dsa_2 "DSA-old" --#define LN_dsa_2 "dsaEncryption-old" --#define NID_dsa_2 67 --#define OBJ_dsa_2 OBJ_algorithm,12L -- --#define SN_dsaWithSHA "DSA-SHA" --#define LN_dsaWithSHA "dsaWithSHA" --#define NID_dsaWithSHA 66 --#define OBJ_dsaWithSHA OBJ_algorithm,13L -- --#define SN_shaWithRSAEncryption "RSA-SHA" --#define LN_shaWithRSAEncryption "shaWithRSAEncryption" --#define NID_shaWithRSAEncryption 42 --#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L -- --#define SN_des_ede_ecb "DES-EDE" --#define LN_des_ede_ecb "des-ede" --#define NID_des_ede_ecb 32 --#define OBJ_des_ede_ecb OBJ_algorithm,17L -- --#define SN_des_ede3_ecb "DES-EDE3" --#define LN_des_ede3_ecb "des-ede3" --#define NID_des_ede3_ecb 33 -- --#define SN_des_ede_cbc "DES-EDE-CBC" --#define LN_des_ede_cbc "des-ede-cbc" --#define NID_des_ede_cbc 43 -- --#define SN_des_ede_cfb64 "DES-EDE-CFB" --#define LN_des_ede_cfb64 "des-ede-cfb" --#define NID_des_ede_cfb64 60 -- --#define SN_des_ede3_cfb64 "DES-EDE3-CFB" --#define LN_des_ede3_cfb64 "des-ede3-cfb" --#define NID_des_ede3_cfb64 61 -- --#define SN_des_ede_ofb64 "DES-EDE-OFB" --#define LN_des_ede_ofb64 "des-ede-ofb" --#define NID_des_ede_ofb64 62 -- --#define SN_des_ede3_ofb64 "DES-EDE3-OFB" --#define LN_des_ede3_ofb64 "des-ede3-ofb" --#define NID_des_ede3_ofb64 63 -- --#define SN_desx_cbc "DESX-CBC" --#define LN_desx_cbc "desx-cbc" --#define NID_desx_cbc 80 -- --#define SN_sha "SHA" --#define LN_sha "sha" --#define NID_sha 41 --#define OBJ_sha OBJ_algorithm,18L -- --#define SN_sha1 "SHA1" --#define LN_sha1 "sha1" --#define NID_sha1 64 --#define OBJ_sha1 OBJ_algorithm,26L -- --#define SN_dsaWithSHA1_2 "DSA-SHA1-old" --#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" --#define NID_dsaWithSHA1_2 70 --#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L -- --#define SN_sha1WithRSA "RSA-SHA1-2" --#define LN_sha1WithRSA "sha1WithRSA" --#define NID_sha1WithRSA 115 --#define OBJ_sha1WithRSA OBJ_algorithm,29L -- --#define SN_ripemd160 "RIPEMD160" --#define LN_ripemd160 "ripemd160" --#define NID_ripemd160 117 --#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L -- --#define SN_ripemd160WithRSA "RSA-RIPEMD160" --#define LN_ripemd160WithRSA "ripemd160WithRSA" --#define NID_ripemd160WithRSA 119 --#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L -- --#define SN_sxnet "SXNetID" --#define LN_sxnet "Strong Extranet ID" --#define NID_sxnet 143 --#define OBJ_sxnet 1L,3L,101L,1L,4L,1L -- --#define SN_X500 "X500" --#define LN_X500 "directory services (X.500)" --#define NID_X500 11 --#define OBJ_X500 2L,5L -- --#define SN_X509 "X509" --#define NID_X509 12 --#define OBJ_X509 OBJ_X500,4L -- --#define SN_commonName "CN" --#define LN_commonName "commonName" --#define NID_commonName 13 --#define OBJ_commonName OBJ_X509,3L -- --#define SN_surname "SN" --#define LN_surname "surname" --#define NID_surname 100 --#define OBJ_surname OBJ_X509,4L -- --#define LN_serialNumber "serialNumber" --#define NID_serialNumber 105 --#define OBJ_serialNumber OBJ_X509,5L -- --#define SN_countryName "C" --#define LN_countryName "countryName" --#define NID_countryName 14 --#define OBJ_countryName OBJ_X509,6L -- --#define SN_localityName "L" --#define LN_localityName "localityName" --#define NID_localityName 15 --#define OBJ_localityName OBJ_X509,7L -- --#define SN_stateOrProvinceName "ST" --#define LN_stateOrProvinceName "stateOrProvinceName" --#define NID_stateOrProvinceName 16 --#define OBJ_stateOrProvinceName OBJ_X509,8L -- --#define SN_streetAddress "street" --#define LN_streetAddress "streetAddress" --#define NID_streetAddress 660 --#define OBJ_streetAddress OBJ_X509,9L -- --#define SN_organizationName "O" --#define LN_organizationName "organizationName" --#define NID_organizationName 17 --#define OBJ_organizationName OBJ_X509,10L -- --#define SN_organizationalUnitName "OU" --#define LN_organizationalUnitName "organizationalUnitName" --#define NID_organizationalUnitName 18 --#define OBJ_organizationalUnitName OBJ_X509,11L -- --#define SN_title "title" --#define LN_title "title" --#define NID_title 106 --#define OBJ_title OBJ_X509,12L -- --#define LN_description "description" --#define NID_description 107 --#define OBJ_description OBJ_X509,13L -- --#define LN_searchGuide "searchGuide" --#define NID_searchGuide 859 --#define OBJ_searchGuide OBJ_X509,14L -- --#define LN_businessCategory "businessCategory" --#define NID_businessCategory 860 --#define OBJ_businessCategory OBJ_X509,15L -- --#define LN_postalAddress "postalAddress" --#define NID_postalAddress 861 --#define OBJ_postalAddress OBJ_X509,16L -- --#define LN_postalCode "postalCode" --#define NID_postalCode 661 --#define OBJ_postalCode OBJ_X509,17L -- --#define LN_postOfficeBox "postOfficeBox" --#define NID_postOfficeBox 862 --#define OBJ_postOfficeBox OBJ_X509,18L -- --#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" --#define NID_physicalDeliveryOfficeName 863 --#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L -- --#define LN_telephoneNumber "telephoneNumber" --#define NID_telephoneNumber 864 --#define OBJ_telephoneNumber OBJ_X509,20L -- --#define LN_telexNumber "telexNumber" --#define NID_telexNumber 865 --#define OBJ_telexNumber OBJ_X509,21L -- --#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" --#define NID_teletexTerminalIdentifier 866 --#define OBJ_teletexTerminalIdentifier OBJ_X509,22L -- --#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" --#define NID_facsimileTelephoneNumber 867 --#define OBJ_facsimileTelephoneNumber OBJ_X509,23L -- --#define LN_x121Address "x121Address" --#define NID_x121Address 868 --#define OBJ_x121Address OBJ_X509,24L -- --#define LN_internationaliSDNNumber "internationaliSDNNumber" --#define NID_internationaliSDNNumber 869 --#define OBJ_internationaliSDNNumber OBJ_X509,25L -- --#define LN_registeredAddress "registeredAddress" --#define NID_registeredAddress 870 --#define OBJ_registeredAddress OBJ_X509,26L -- --#define LN_destinationIndicator "destinationIndicator" --#define NID_destinationIndicator 871 --#define OBJ_destinationIndicator OBJ_X509,27L -- --#define LN_preferredDeliveryMethod "preferredDeliveryMethod" --#define NID_preferredDeliveryMethod 872 --#define OBJ_preferredDeliveryMethod OBJ_X509,28L -- --#define LN_presentationAddress "presentationAddress" --#define NID_presentationAddress 873 --#define OBJ_presentationAddress OBJ_X509,29L -- --#define LN_supportedApplicationContext "supportedApplicationContext" --#define NID_supportedApplicationContext 874 --#define OBJ_supportedApplicationContext OBJ_X509,30L -- --#define SN_member "member" --#define NID_member 875 --#define OBJ_member OBJ_X509,31L -- --#define SN_owner "owner" --#define NID_owner 876 --#define OBJ_owner OBJ_X509,32L -- --#define LN_roleOccupant "roleOccupant" --#define NID_roleOccupant 877 --#define OBJ_roleOccupant OBJ_X509,33L -- --#define SN_seeAlso "seeAlso" --#define NID_seeAlso 878 --#define OBJ_seeAlso OBJ_X509,34L -- --#define LN_userPassword "userPassword" --#define NID_userPassword 879 --#define OBJ_userPassword OBJ_X509,35L -- --#define LN_userCertificate "userCertificate" --#define NID_userCertificate 880 --#define OBJ_userCertificate OBJ_X509,36L -- --#define LN_cACertificate "cACertificate" --#define NID_cACertificate 881 --#define OBJ_cACertificate OBJ_X509,37L -- --#define LN_authorityRevocationList "authorityRevocationList" --#define NID_authorityRevocationList 882 --#define OBJ_authorityRevocationList OBJ_X509,38L -- --#define LN_certificateRevocationList "certificateRevocationList" --#define NID_certificateRevocationList 883 --#define OBJ_certificateRevocationList OBJ_X509,39L -- --#define LN_crossCertificatePair "crossCertificatePair" --#define NID_crossCertificatePair 884 --#define OBJ_crossCertificatePair OBJ_X509,40L -- --#define SN_name "name" --#define LN_name "name" --#define NID_name 173 --#define OBJ_name OBJ_X509,41L -- --#define SN_givenName "GN" --#define LN_givenName "givenName" --#define NID_givenName 99 --#define OBJ_givenName OBJ_X509,42L -- --#define SN_initials "initials" --#define LN_initials "initials" --#define NID_initials 101 --#define OBJ_initials OBJ_X509,43L -- --#define LN_generationQualifier "generationQualifier" --#define NID_generationQualifier 509 --#define OBJ_generationQualifier OBJ_X509,44L -- --#define LN_x500UniqueIdentifier "x500UniqueIdentifier" --#define NID_x500UniqueIdentifier 503 --#define OBJ_x500UniqueIdentifier OBJ_X509,45L -- --#define SN_dnQualifier "dnQualifier" --#define LN_dnQualifier "dnQualifier" --#define NID_dnQualifier 174 --#define OBJ_dnQualifier OBJ_X509,46L -- --#define LN_enhancedSearchGuide "enhancedSearchGuide" --#define NID_enhancedSearchGuide 885 --#define OBJ_enhancedSearchGuide OBJ_X509,47L -- --#define LN_protocolInformation "protocolInformation" --#define NID_protocolInformation 886 --#define OBJ_protocolInformation OBJ_X509,48L -- --#define LN_distinguishedName "distinguishedName" --#define NID_distinguishedName 887 --#define OBJ_distinguishedName OBJ_X509,49L -- --#define LN_uniqueMember "uniqueMember" --#define NID_uniqueMember 888 --#define OBJ_uniqueMember OBJ_X509,50L -- --#define LN_houseIdentifier "houseIdentifier" --#define NID_houseIdentifier 889 --#define OBJ_houseIdentifier OBJ_X509,51L -- --#define LN_supportedAlgorithms "supportedAlgorithms" --#define NID_supportedAlgorithms 890 --#define OBJ_supportedAlgorithms OBJ_X509,52L -- --#define LN_deltaRevocationList "deltaRevocationList" --#define NID_deltaRevocationList 891 --#define OBJ_deltaRevocationList OBJ_X509,53L -- --#define SN_dmdName "dmdName" --#define NID_dmdName 892 --#define OBJ_dmdName OBJ_X509,54L -- --#define LN_pseudonym "pseudonym" --#define NID_pseudonym 510 --#define OBJ_pseudonym OBJ_X509,65L -- --#define SN_role "role" --#define LN_role "role" --#define NID_role 400 --#define OBJ_role OBJ_X509,72L -- --#define SN_X500algorithms "X500algorithms" --#define LN_X500algorithms "directory services - algorithms" --#define NID_X500algorithms 378 --#define OBJ_X500algorithms OBJ_X500,8L -- --#define SN_rsa "RSA" --#define LN_rsa "rsa" --#define NID_rsa 19 --#define OBJ_rsa OBJ_X500algorithms,1L,1L -- --#define SN_mdc2WithRSA "RSA-MDC2" --#define LN_mdc2WithRSA "mdc2WithRSA" --#define NID_mdc2WithRSA 96 --#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L -- --#define SN_mdc2 "MDC2" --#define LN_mdc2 "mdc2" --#define NID_mdc2 95 --#define OBJ_mdc2 OBJ_X500algorithms,3L,101L -- --#define SN_id_ce "id-ce" --#define NID_id_ce 81 --#define OBJ_id_ce OBJ_X500,29L -- --#define SN_subject_directory_attributes "subjectDirectoryAttributes" --#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" --#define NID_subject_directory_attributes 769 --#define OBJ_subject_directory_attributes OBJ_id_ce,9L -- --#define SN_subject_key_identifier "subjectKeyIdentifier" --#define LN_subject_key_identifier "X509v3 Subject Key Identifier" --#define NID_subject_key_identifier 82 --#define OBJ_subject_key_identifier OBJ_id_ce,14L -- --#define SN_key_usage "keyUsage" --#define LN_key_usage "X509v3 Key Usage" --#define NID_key_usage 83 --#define OBJ_key_usage OBJ_id_ce,15L -- --#define SN_private_key_usage_period "privateKeyUsagePeriod" --#define LN_private_key_usage_period "X509v3 Private Key Usage Period" --#define NID_private_key_usage_period 84 --#define OBJ_private_key_usage_period OBJ_id_ce,16L -- --#define SN_subject_alt_name "subjectAltName" --#define LN_subject_alt_name "X509v3 Subject Alternative Name" --#define NID_subject_alt_name 85 --#define OBJ_subject_alt_name OBJ_id_ce,17L -- --#define SN_issuer_alt_name "issuerAltName" --#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" --#define NID_issuer_alt_name 86 --#define OBJ_issuer_alt_name OBJ_id_ce,18L -- --#define SN_basic_constraints "basicConstraints" --#define LN_basic_constraints "X509v3 Basic Constraints" --#define NID_basic_constraints 87 --#define OBJ_basic_constraints OBJ_id_ce,19L -- --#define SN_crl_number "crlNumber" --#define LN_crl_number "X509v3 CRL Number" --#define NID_crl_number 88 --#define OBJ_crl_number OBJ_id_ce,20L -- --#define SN_crl_reason "CRLReason" --#define LN_crl_reason "X509v3 CRL Reason Code" --#define NID_crl_reason 141 --#define OBJ_crl_reason OBJ_id_ce,21L -- --#define SN_invalidity_date "invalidityDate" --#define LN_invalidity_date "Invalidity Date" --#define NID_invalidity_date 142 --#define OBJ_invalidity_date OBJ_id_ce,24L -- --#define SN_delta_crl "deltaCRL" --#define LN_delta_crl "X509v3 Delta CRL Indicator" --#define NID_delta_crl 140 --#define OBJ_delta_crl OBJ_id_ce,27L -- --#define SN_issuing_distribution_point "issuingDistributionPoint" --#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" --#define NID_issuing_distribution_point 770 --#define OBJ_issuing_distribution_point OBJ_id_ce,28L -- --#define SN_certificate_issuer "certificateIssuer" --#define LN_certificate_issuer "X509v3 Certificate Issuer" --#define NID_certificate_issuer 771 --#define OBJ_certificate_issuer OBJ_id_ce,29L -- --#define SN_name_constraints "nameConstraints" --#define LN_name_constraints "X509v3 Name Constraints" --#define NID_name_constraints 666 --#define OBJ_name_constraints OBJ_id_ce,30L -- --#define SN_crl_distribution_points "crlDistributionPoints" --#define LN_crl_distribution_points "X509v3 CRL Distribution Points" --#define NID_crl_distribution_points 103 --#define OBJ_crl_distribution_points OBJ_id_ce,31L -- --#define SN_certificate_policies "certificatePolicies" --#define LN_certificate_policies "X509v3 Certificate Policies" --#define NID_certificate_policies 89 --#define OBJ_certificate_policies OBJ_id_ce,32L -- --#define SN_any_policy "anyPolicy" --#define LN_any_policy "X509v3 Any Policy" --#define NID_any_policy 746 --#define OBJ_any_policy OBJ_certificate_policies,0L -- --#define SN_policy_mappings "policyMappings" --#define LN_policy_mappings "X509v3 Policy Mappings" --#define NID_policy_mappings 747 --#define OBJ_policy_mappings OBJ_id_ce,33L -- --#define SN_authority_key_identifier "authorityKeyIdentifier" --#define LN_authority_key_identifier "X509v3 Authority Key Identifier" --#define NID_authority_key_identifier 90 --#define OBJ_authority_key_identifier OBJ_id_ce,35L -- --#define SN_policy_constraints "policyConstraints" --#define LN_policy_constraints "X509v3 Policy Constraints" --#define NID_policy_constraints 401 --#define OBJ_policy_constraints OBJ_id_ce,36L -- --#define SN_ext_key_usage "extendedKeyUsage" --#define LN_ext_key_usage "X509v3 Extended Key Usage" --#define NID_ext_key_usage 126 --#define OBJ_ext_key_usage OBJ_id_ce,37L -- --#define SN_freshest_crl "freshestCRL" --#define LN_freshest_crl "X509v3 Freshest CRL" --#define NID_freshest_crl 857 --#define OBJ_freshest_crl OBJ_id_ce,46L -- --#define SN_inhibit_any_policy "inhibitAnyPolicy" --#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" --#define NID_inhibit_any_policy 748 --#define OBJ_inhibit_any_policy OBJ_id_ce,54L -- --#define SN_target_information "targetInformation" --#define LN_target_information "X509v3 AC Targeting" --#define NID_target_information 402 --#define OBJ_target_information OBJ_id_ce,55L -- --#define SN_no_rev_avail "noRevAvail" --#define LN_no_rev_avail "X509v3 No Revocation Available" --#define NID_no_rev_avail 403 --#define OBJ_no_rev_avail OBJ_id_ce,56L -- --#define SN_netscape "Netscape" --#define LN_netscape "Netscape Communications Corp." --#define NID_netscape 57 --#define OBJ_netscape 2L,16L,840L,1L,113730L -- --#define SN_netscape_cert_extension "nsCertExt" --#define LN_netscape_cert_extension "Netscape Certificate Extension" --#define NID_netscape_cert_extension 58 --#define OBJ_netscape_cert_extension OBJ_netscape,1L -- --#define SN_netscape_data_type "nsDataType" --#define LN_netscape_data_type "Netscape Data Type" --#define NID_netscape_data_type 59 --#define OBJ_netscape_data_type OBJ_netscape,2L -- --#define SN_netscape_cert_type "nsCertType" --#define LN_netscape_cert_type "Netscape Cert Type" --#define NID_netscape_cert_type 71 --#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L -- --#define SN_netscape_base_url "nsBaseUrl" --#define LN_netscape_base_url "Netscape Base Url" --#define NID_netscape_base_url 72 --#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L -- --#define SN_netscape_revocation_url "nsRevocationUrl" --#define LN_netscape_revocation_url "Netscape Revocation Url" --#define NID_netscape_revocation_url 73 --#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L -- --#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" --#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" --#define NID_netscape_ca_revocation_url 74 --#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L -- --#define SN_netscape_renewal_url "nsRenewalUrl" --#define LN_netscape_renewal_url "Netscape Renewal Url" --#define NID_netscape_renewal_url 75 --#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L -- --#define SN_netscape_ca_policy_url "nsCaPolicyUrl" --#define LN_netscape_ca_policy_url "Netscape CA Policy Url" --#define NID_netscape_ca_policy_url 76 --#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L -- --#define SN_netscape_ssl_server_name "nsSslServerName" --#define LN_netscape_ssl_server_name "Netscape SSL Server Name" --#define NID_netscape_ssl_server_name 77 --#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L -- --#define SN_netscape_comment "nsComment" --#define LN_netscape_comment "Netscape Comment" --#define NID_netscape_comment 78 --#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L -- --#define SN_netscape_cert_sequence "nsCertSequence" --#define LN_netscape_cert_sequence "Netscape Certificate Sequence" --#define NID_netscape_cert_sequence 79 --#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L -- --#define SN_ns_sgc "nsSGC" --#define LN_ns_sgc "Netscape Server Gated Crypto" --#define NID_ns_sgc 139 --#define OBJ_ns_sgc OBJ_netscape,4L,1L -- --#define SN_org "ORG" --#define LN_org "org" --#define NID_org 379 --#define OBJ_org OBJ_iso,3L -- --#define SN_dod "DOD" --#define LN_dod "dod" --#define NID_dod 380 --#define OBJ_dod OBJ_org,6L -- --#define SN_iana "IANA" --#define LN_iana "iana" --#define NID_iana 381 --#define OBJ_iana OBJ_dod,1L -- --#define OBJ_internet OBJ_iana -- --#define SN_Directory "directory" --#define LN_Directory "Directory" --#define NID_Directory 382 --#define OBJ_Directory OBJ_internet,1L -- --#define SN_Management "mgmt" --#define LN_Management "Management" --#define NID_Management 383 --#define OBJ_Management OBJ_internet,2L -- --#define SN_Experimental "experimental" --#define LN_Experimental "Experimental" --#define NID_Experimental 384 --#define OBJ_Experimental OBJ_internet,3L -- --#define SN_Private "private" --#define LN_Private "Private" --#define NID_Private 385 --#define OBJ_Private OBJ_internet,4L -- --#define SN_Security "security" --#define LN_Security "Security" --#define NID_Security 386 --#define OBJ_Security OBJ_internet,5L -- --#define SN_SNMPv2 "snmpv2" --#define LN_SNMPv2 "SNMPv2" --#define NID_SNMPv2 387 --#define OBJ_SNMPv2 OBJ_internet,6L -- --#define LN_Mail "Mail" --#define NID_Mail 388 --#define OBJ_Mail OBJ_internet,7L -- --#define SN_Enterprises "enterprises" --#define LN_Enterprises "Enterprises" --#define NID_Enterprises 389 --#define OBJ_Enterprises OBJ_Private,1L -- --#define SN_dcObject "dcobject" --#define LN_dcObject "dcObject" --#define NID_dcObject 390 --#define OBJ_dcObject OBJ_Enterprises,1466L,344L -- --#define SN_mime_mhs "mime-mhs" --#define LN_mime_mhs "MIME MHS" --#define NID_mime_mhs 504 --#define OBJ_mime_mhs OBJ_Mail,1L -- --#define SN_mime_mhs_headings "mime-mhs-headings" --#define LN_mime_mhs_headings "mime-mhs-headings" --#define NID_mime_mhs_headings 505 --#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L -- --#define SN_mime_mhs_bodies "mime-mhs-bodies" --#define LN_mime_mhs_bodies "mime-mhs-bodies" --#define NID_mime_mhs_bodies 506 --#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L -- --#define SN_id_hex_partial_message "id-hex-partial-message" --#define LN_id_hex_partial_message "id-hex-partial-message" --#define NID_id_hex_partial_message 507 --#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L -- --#define SN_id_hex_multipart_message "id-hex-multipart-message" --#define LN_id_hex_multipart_message "id-hex-multipart-message" --#define NID_id_hex_multipart_message 508 --#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L -- --#define SN_rle_compression "RLE" --#define LN_rle_compression "run length compression" --#define NID_rle_compression 124 --#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L -- --#define SN_zlib_compression "ZLIB" --#define LN_zlib_compression "zlib compression" --#define NID_zlib_compression 125 --#define OBJ_zlib_compression OBJ_id_smime_alg,8L -- --#define OBJ_csor 2L,16L,840L,1L,101L,3L -- --#define OBJ_nistAlgorithms OBJ_csor,4L -- --#define OBJ_aes OBJ_nistAlgorithms,1L -- --#define SN_aes_128_ecb "AES-128-ECB" --#define LN_aes_128_ecb "aes-128-ecb" --#define NID_aes_128_ecb 418 --#define OBJ_aes_128_ecb OBJ_aes,1L -- --#define SN_aes_128_cbc "AES-128-CBC" --#define LN_aes_128_cbc "aes-128-cbc" --#define NID_aes_128_cbc 419 --#define OBJ_aes_128_cbc OBJ_aes,2L -- --#define SN_aes_128_ofb128 "AES-128-OFB" --#define LN_aes_128_ofb128 "aes-128-ofb" --#define NID_aes_128_ofb128 420 --#define OBJ_aes_128_ofb128 OBJ_aes,3L -- --#define SN_aes_128_cfb128 "AES-128-CFB" --#define LN_aes_128_cfb128 "aes-128-cfb" --#define NID_aes_128_cfb128 421 --#define OBJ_aes_128_cfb128 OBJ_aes,4L -- --#define SN_aes_192_ecb "AES-192-ECB" --#define LN_aes_192_ecb "aes-192-ecb" --#define NID_aes_192_ecb 422 --#define OBJ_aes_192_ecb OBJ_aes,21L -- --#define SN_aes_192_cbc "AES-192-CBC" --#define LN_aes_192_cbc "aes-192-cbc" --#define NID_aes_192_cbc 423 --#define OBJ_aes_192_cbc OBJ_aes,22L -- --#define SN_aes_192_ofb128 "AES-192-OFB" --#define LN_aes_192_ofb128 "aes-192-ofb" --#define NID_aes_192_ofb128 424 --#define OBJ_aes_192_ofb128 OBJ_aes,23L -- --#define SN_aes_192_cfb128 "AES-192-CFB" --#define LN_aes_192_cfb128 "aes-192-cfb" --#define NID_aes_192_cfb128 425 --#define OBJ_aes_192_cfb128 OBJ_aes,24L -- --#define SN_aes_256_ecb "AES-256-ECB" --#define LN_aes_256_ecb "aes-256-ecb" --#define NID_aes_256_ecb 426 --#define OBJ_aes_256_ecb OBJ_aes,41L -- --#define SN_aes_256_cbc "AES-256-CBC" --#define LN_aes_256_cbc "aes-256-cbc" --#define NID_aes_256_cbc 427 --#define OBJ_aes_256_cbc OBJ_aes,42L -- --#define SN_aes_256_ofb128 "AES-256-OFB" --#define LN_aes_256_ofb128 "aes-256-ofb" --#define NID_aes_256_ofb128 428 --#define OBJ_aes_256_ofb128 OBJ_aes,43L -- --#define SN_aes_256_cfb128 "AES-256-CFB" --#define LN_aes_256_cfb128 "aes-256-cfb" --#define NID_aes_256_cfb128 429 --#define OBJ_aes_256_cfb128 OBJ_aes,44L -- --#define SN_aes_128_cfb1 "AES-128-CFB1" --#define LN_aes_128_cfb1 "aes-128-cfb1" --#define NID_aes_128_cfb1 650 -- --#define SN_aes_192_cfb1 "AES-192-CFB1" --#define LN_aes_192_cfb1 "aes-192-cfb1" --#define NID_aes_192_cfb1 651 -- --#define SN_aes_256_cfb1 "AES-256-CFB1" --#define LN_aes_256_cfb1 "aes-256-cfb1" --#define NID_aes_256_cfb1 652 -- --#define SN_aes_128_cfb8 "AES-128-CFB8" --#define LN_aes_128_cfb8 "aes-128-cfb8" --#define NID_aes_128_cfb8 653 -- --#define SN_aes_192_cfb8 "AES-192-CFB8" --#define LN_aes_192_cfb8 "aes-192-cfb8" --#define NID_aes_192_cfb8 654 -- --#define SN_aes_256_cfb8 "AES-256-CFB8" --#define LN_aes_256_cfb8 "aes-256-cfb8" --#define NID_aes_256_cfb8 655 -- --#define SN_des_cfb1 "DES-CFB1" --#define LN_des_cfb1 "des-cfb1" --#define NID_des_cfb1 656 -- --#define SN_des_cfb8 "DES-CFB8" --#define LN_des_cfb8 "des-cfb8" --#define NID_des_cfb8 657 -- --#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" --#define LN_des_ede3_cfb1 "des-ede3-cfb1" --#define NID_des_ede3_cfb1 658 -- --#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" --#define LN_des_ede3_cfb8 "des-ede3-cfb8" --#define NID_des_ede3_cfb8 659 -- --#define SN_id_aes128_wrap "id-aes128-wrap" --#define NID_id_aes128_wrap 788 --#define OBJ_id_aes128_wrap OBJ_aes,5L -- --#define SN_id_aes192_wrap "id-aes192-wrap" --#define NID_id_aes192_wrap 789 --#define OBJ_id_aes192_wrap OBJ_aes,25L -- --#define SN_id_aes256_wrap "id-aes256-wrap" --#define NID_id_aes256_wrap 790 --#define OBJ_id_aes256_wrap OBJ_aes,45L -- --#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L -- --#define SN_sha256 "SHA256" --#define LN_sha256 "sha256" --#define NID_sha256 672 --#define OBJ_sha256 OBJ_nist_hashalgs,1L -- --#define SN_sha384 "SHA384" --#define LN_sha384 "sha384" --#define NID_sha384 673 --#define OBJ_sha384 OBJ_nist_hashalgs,2L -- --#define SN_sha512 "SHA512" --#define LN_sha512 "sha512" --#define NID_sha512 674 --#define OBJ_sha512 OBJ_nist_hashalgs,3L -- --#define SN_sha224 "SHA224" --#define LN_sha224 "sha224" --#define NID_sha224 675 --#define OBJ_sha224 OBJ_nist_hashalgs,4L -- --#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L -- --#define SN_dsa_with_SHA224 "dsa_with_SHA224" --#define NID_dsa_with_SHA224 802 --#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L -- --#define SN_dsa_with_SHA256 "dsa_with_SHA256" --#define NID_dsa_with_SHA256 803 --#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L -- --#define SN_hold_instruction_code "holdInstructionCode" --#define LN_hold_instruction_code "Hold Instruction Code" --#define NID_hold_instruction_code 430 --#define OBJ_hold_instruction_code OBJ_id_ce,23L -- --#define OBJ_holdInstruction OBJ_X9_57,2L -- --#define SN_hold_instruction_none "holdInstructionNone" --#define LN_hold_instruction_none "Hold Instruction None" --#define NID_hold_instruction_none 431 --#define OBJ_hold_instruction_none OBJ_holdInstruction,1L -- --#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" --#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" --#define NID_hold_instruction_call_issuer 432 --#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L -- --#define SN_hold_instruction_reject "holdInstructionReject" --#define LN_hold_instruction_reject "Hold Instruction Reject" --#define NID_hold_instruction_reject 433 --#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L -- --#define SN_data "data" --#define NID_data 434 --#define OBJ_data OBJ_itu_t,9L -- --#define SN_pss "pss" --#define NID_pss 435 --#define OBJ_pss OBJ_data,2342L -- --#define SN_ucl "ucl" --#define NID_ucl 436 --#define OBJ_ucl OBJ_pss,19200300L -- --#define SN_pilot "pilot" --#define NID_pilot 437 --#define OBJ_pilot OBJ_ucl,100L -- --#define LN_pilotAttributeType "pilotAttributeType" --#define NID_pilotAttributeType 438 --#define OBJ_pilotAttributeType OBJ_pilot,1L -- --#define LN_pilotAttributeSyntax "pilotAttributeSyntax" --#define NID_pilotAttributeSyntax 439 --#define OBJ_pilotAttributeSyntax OBJ_pilot,3L -- --#define LN_pilotObjectClass "pilotObjectClass" --#define NID_pilotObjectClass 440 --#define OBJ_pilotObjectClass OBJ_pilot,4L -- --#define LN_pilotGroups "pilotGroups" --#define NID_pilotGroups 441 --#define OBJ_pilotGroups OBJ_pilot,10L -- --#define LN_iA5StringSyntax "iA5StringSyntax" --#define NID_iA5StringSyntax 442 --#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L -- --#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" --#define NID_caseIgnoreIA5StringSyntax 443 --#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L -- --#define LN_pilotObject "pilotObject" --#define NID_pilotObject 444 --#define OBJ_pilotObject OBJ_pilotObjectClass,3L -- --#define LN_pilotPerson "pilotPerson" --#define NID_pilotPerson 445 --#define OBJ_pilotPerson OBJ_pilotObjectClass,4L -- --#define SN_account "account" --#define NID_account 446 --#define OBJ_account OBJ_pilotObjectClass,5L -- --#define SN_document "document" --#define NID_document 447 --#define OBJ_document OBJ_pilotObjectClass,6L -- --#define SN_room "room" --#define NID_room 448 --#define OBJ_room OBJ_pilotObjectClass,7L -- --#define LN_documentSeries "documentSeries" --#define NID_documentSeries 449 --#define OBJ_documentSeries OBJ_pilotObjectClass,9L -- --#define SN_Domain "domain" --#define LN_Domain "Domain" --#define NID_Domain 392 --#define OBJ_Domain OBJ_pilotObjectClass,13L -- --#define LN_rFC822localPart "rFC822localPart" --#define NID_rFC822localPart 450 --#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L -- --#define LN_dNSDomain "dNSDomain" --#define NID_dNSDomain 451 --#define OBJ_dNSDomain OBJ_pilotObjectClass,15L -- --#define LN_domainRelatedObject "domainRelatedObject" --#define NID_domainRelatedObject 452 --#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L -- --#define LN_friendlyCountry "friendlyCountry" --#define NID_friendlyCountry 453 --#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L -- --#define LN_simpleSecurityObject "simpleSecurityObject" --#define NID_simpleSecurityObject 454 --#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L -- --#define LN_pilotOrganization "pilotOrganization" --#define NID_pilotOrganization 455 --#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L -- --#define LN_pilotDSA "pilotDSA" --#define NID_pilotDSA 456 --#define OBJ_pilotDSA OBJ_pilotObjectClass,21L -- --#define LN_qualityLabelledData "qualityLabelledData" --#define NID_qualityLabelledData 457 --#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L -- --#define SN_userId "UID" --#define LN_userId "userId" --#define NID_userId 458 --#define OBJ_userId OBJ_pilotAttributeType,1L -- --#define LN_textEncodedORAddress "textEncodedORAddress" --#define NID_textEncodedORAddress 459 --#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L -- --#define SN_rfc822Mailbox "mail" --#define LN_rfc822Mailbox "rfc822Mailbox" --#define NID_rfc822Mailbox 460 --#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L -- --#define SN_info "info" --#define NID_info 461 --#define OBJ_info OBJ_pilotAttributeType,4L -- --#define LN_favouriteDrink "favouriteDrink" --#define NID_favouriteDrink 462 --#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L -- --#define LN_roomNumber "roomNumber" --#define NID_roomNumber 463 --#define OBJ_roomNumber OBJ_pilotAttributeType,6L -- --#define SN_photo "photo" --#define NID_photo 464 --#define OBJ_photo OBJ_pilotAttributeType,7L -- --#define LN_userClass "userClass" --#define NID_userClass 465 --#define OBJ_userClass OBJ_pilotAttributeType,8L -- --#define SN_host "host" --#define NID_host 466 --#define OBJ_host OBJ_pilotAttributeType,9L -- --#define SN_manager "manager" --#define NID_manager 467 --#define OBJ_manager OBJ_pilotAttributeType,10L -- --#define LN_documentIdentifier "documentIdentifier" --#define NID_documentIdentifier 468 --#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L -- --#define LN_documentTitle "documentTitle" --#define NID_documentTitle 469 --#define OBJ_documentTitle OBJ_pilotAttributeType,12L -- --#define LN_documentVersion "documentVersion" --#define NID_documentVersion 470 --#define OBJ_documentVersion OBJ_pilotAttributeType,13L -- --#define LN_documentAuthor "documentAuthor" --#define NID_documentAuthor 471 --#define OBJ_documentAuthor OBJ_pilotAttributeType,14L -- --#define LN_documentLocation "documentLocation" --#define NID_documentLocation 472 --#define OBJ_documentLocation OBJ_pilotAttributeType,15L -- --#define LN_homeTelephoneNumber "homeTelephoneNumber" --#define NID_homeTelephoneNumber 473 --#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L -- --#define SN_secretary "secretary" --#define NID_secretary 474 --#define OBJ_secretary OBJ_pilotAttributeType,21L -- --#define LN_otherMailbox "otherMailbox" --#define NID_otherMailbox 475 --#define OBJ_otherMailbox OBJ_pilotAttributeType,22L -- --#define LN_lastModifiedTime "lastModifiedTime" --#define NID_lastModifiedTime 476 --#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L -- --#define LN_lastModifiedBy "lastModifiedBy" --#define NID_lastModifiedBy 477 --#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L -- --#define SN_domainComponent "DC" --#define LN_domainComponent "domainComponent" --#define NID_domainComponent 391 --#define OBJ_domainComponent OBJ_pilotAttributeType,25L -+#define SN_id_cmc_responseInfo "id-cmc-responseInfo" -+#define NID_id_cmc_responseInfo 342 -+#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L - --#define LN_aRecord "aRecord" --#define NID_aRecord 478 --#define OBJ_aRecord OBJ_pilotAttributeType,26L -- --#define LN_pilotAttributeType27 "pilotAttributeType27" --#define NID_pilotAttributeType27 479 --#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L -- --#define LN_mXRecord "mXRecord" --#define NID_mXRecord 480 --#define OBJ_mXRecord OBJ_pilotAttributeType,28L -- --#define LN_nSRecord "nSRecord" --#define NID_nSRecord 481 --#define OBJ_nSRecord OBJ_pilotAttributeType,29L -- --#define LN_sOARecord "sOARecord" --#define NID_sOARecord 482 --#define OBJ_sOARecord OBJ_pilotAttributeType,30L -- --#define LN_cNAMERecord "cNAMERecord" --#define NID_cNAMERecord 483 --#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L -- --#define LN_associatedDomain "associatedDomain" --#define NID_associatedDomain 484 --#define OBJ_associatedDomain OBJ_pilotAttributeType,37L -- --#define LN_associatedName "associatedName" --#define NID_associatedName 485 --#define OBJ_associatedName OBJ_pilotAttributeType,38L -- --#define LN_homePostalAddress "homePostalAddress" --#define NID_homePostalAddress 486 --#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L -- --#define LN_personalTitle "personalTitle" --#define NID_personalTitle 487 --#define OBJ_personalTitle OBJ_pilotAttributeType,40L -- --#define LN_mobileTelephoneNumber "mobileTelephoneNumber" --#define NID_mobileTelephoneNumber 488 --#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L -- --#define LN_pagerTelephoneNumber "pagerTelephoneNumber" --#define NID_pagerTelephoneNumber 489 --#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L -- --#define LN_friendlyCountryName "friendlyCountryName" --#define NID_friendlyCountryName 490 --#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L -- --#define LN_organizationalStatus "organizationalStatus" --#define NID_organizationalStatus 491 --#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L -- --#define LN_janetMailbox "janetMailbox" --#define NID_janetMailbox 492 --#define OBJ_janetMailbox OBJ_pilotAttributeType,46L -- --#define LN_mailPreferenceOption "mailPreferenceOption" --#define NID_mailPreferenceOption 493 --#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L -- --#define LN_buildingName "buildingName" --#define NID_buildingName 494 --#define OBJ_buildingName OBJ_pilotAttributeType,48L -- --#define LN_dSAQuality "dSAQuality" --#define NID_dSAQuality 495 --#define OBJ_dSAQuality OBJ_pilotAttributeType,49L -- --#define LN_singleLevelQuality "singleLevelQuality" --#define NID_singleLevelQuality 496 --#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L -- --#define LN_subtreeMinimumQuality "subtreeMinimumQuality" --#define NID_subtreeMinimumQuality 497 --#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L -- --#define LN_subtreeMaximumQuality "subtreeMaximumQuality" --#define NID_subtreeMaximumQuality 498 --#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L -- --#define LN_personalSignature "personalSignature" --#define NID_personalSignature 499 --#define OBJ_personalSignature OBJ_pilotAttributeType,53L -- --#define LN_dITRedirect "dITRedirect" --#define NID_dITRedirect 500 --#define OBJ_dITRedirect OBJ_pilotAttributeType,54L -- --#define SN_audio "audio" --#define NID_audio 501 --#define OBJ_audio OBJ_pilotAttributeType,55L -- --#define LN_documentPublisher "documentPublisher" --#define NID_documentPublisher 502 --#define OBJ_documentPublisher OBJ_pilotAttributeType,56L -+#define SN_id_cmc_queryPending "id-cmc-queryPending" -+#define NID_id_cmc_queryPending 343 -+#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L -+ -+#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" -+#define NID_id_cmc_popLinkRandom 344 -+#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L -+ -+#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" -+#define NID_id_cmc_popLinkWitness 345 -+#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L -+ -+#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" -+#define NID_id_cmc_confirmCertAcceptance 346 -+#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L -+ -+#define SN_id_on_personalData "id-on-personalData" -+#define NID_id_on_personalData 347 -+#define OBJ_id_on_personalData OBJ_id_on,1L -+ -+#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" -+#define LN_id_on_permanentIdentifier "Permanent Identifier" -+#define NID_id_on_permanentIdentifier 858 -+#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L -+ -+#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" -+#define NID_id_pda_dateOfBirth 348 -+#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L -+ -+#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" -+#define NID_id_pda_placeOfBirth 349 -+#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L -+ -+#define SN_id_pda_gender "id-pda-gender" -+#define NID_id_pda_gender 351 -+#define OBJ_id_pda_gender OBJ_id_pda,3L -+ -+#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" -+#define NID_id_pda_countryOfCitizenship 352 -+#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L -+ -+#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" -+#define NID_id_pda_countryOfResidence 353 -+#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L -+ -+#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" -+#define NID_id_aca_authenticationInfo 354 -+#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L -+ -+#define SN_id_aca_accessIdentity "id-aca-accessIdentity" -+#define NID_id_aca_accessIdentity 355 -+#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L -+ -+#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" -+#define NID_id_aca_chargingIdentity 356 -+#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L -+ -+#define SN_id_aca_group "id-aca-group" -+#define NID_id_aca_group 357 -+#define OBJ_id_aca_group OBJ_id_aca,4L -+ -+#define SN_id_aca_role "id-aca-role" -+#define NID_id_aca_role 358 -+#define OBJ_id_aca_role OBJ_id_aca,5L -+ -+#define SN_id_aca_encAttrs "id-aca-encAttrs" -+#define NID_id_aca_encAttrs 399 -+#define OBJ_id_aca_encAttrs OBJ_id_aca,6L -+ -+#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" -+#define NID_id_qcs_pkixQCSyntax_v1 359 -+#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L -+ -+#define SN_id_cct_crs "id-cct-crs" -+#define NID_id_cct_crs 360 -+#define OBJ_id_cct_crs OBJ_id_cct,1L -+ -+#define SN_id_cct_PKIData "id-cct-PKIData" -+#define NID_id_cct_PKIData 361 -+#define OBJ_id_cct_PKIData OBJ_id_cct,2L -+ -+#define SN_id_cct_PKIResponse "id-cct-PKIResponse" -+#define NID_id_cct_PKIResponse 362 -+#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L -+ -+#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" -+#define LN_id_ppl_anyLanguage "Any language" -+#define NID_id_ppl_anyLanguage 664 -+#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L -+ -+#define SN_id_ppl_inheritAll "id-ppl-inheritAll" -+#define LN_id_ppl_inheritAll "Inherit all" -+#define NID_id_ppl_inheritAll 665 -+#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L -+ -+#define SN_Independent "id-ppl-independent" -+#define LN_Independent "Independent" -+#define NID_Independent 667 -+#define OBJ_Independent OBJ_id_ppl,2L -+ -+#define SN_ad_OCSP "OCSP" -+#define LN_ad_OCSP "OCSP" -+#define NID_ad_OCSP 178 -+#define OBJ_ad_OCSP OBJ_id_ad,1L -+ -+#define SN_ad_ca_issuers "caIssuers" -+#define LN_ad_ca_issuers "CA Issuers" -+#define NID_ad_ca_issuers 179 -+#define OBJ_ad_ca_issuers OBJ_id_ad,2L -+ -+#define SN_ad_timeStamping "ad_timestamping" -+#define LN_ad_timeStamping "AD Time Stamping" -+#define NID_ad_timeStamping 363 -+#define OBJ_ad_timeStamping OBJ_id_ad,3L -+ -+#define SN_ad_dvcs "AD_DVCS" -+#define LN_ad_dvcs "ad dvcs" -+#define NID_ad_dvcs 364 -+#define OBJ_ad_dvcs OBJ_id_ad,4L -+ -+#define SN_caRepository "caRepository" -+#define LN_caRepository "CA Repository" -+#define NID_caRepository 785 -+#define OBJ_caRepository OBJ_id_ad,5L -+ -+#define OBJ_id_pkix_OCSP OBJ_ad_OCSP -+ -+#define SN_id_pkix_OCSP_basic "basicOCSPResponse" -+#define LN_id_pkix_OCSP_basic "Basic OCSP Response" -+#define NID_id_pkix_OCSP_basic 365 -+#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L -+ -+#define SN_id_pkix_OCSP_Nonce "Nonce" -+#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" -+#define NID_id_pkix_OCSP_Nonce 366 -+#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L -+ -+#define SN_id_pkix_OCSP_CrlID "CrlID" -+#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" -+#define NID_id_pkix_OCSP_CrlID 367 -+#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L -+ -+#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" -+#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" -+#define NID_id_pkix_OCSP_acceptableResponses 368 -+#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L -+ -+#define SN_id_pkix_OCSP_noCheck "noCheck" -+#define LN_id_pkix_OCSP_noCheck "OCSP No Check" -+#define NID_id_pkix_OCSP_noCheck 369 -+#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L -+ -+#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" -+#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" -+#define NID_id_pkix_OCSP_archiveCutoff 370 -+#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L -+ -+#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" -+#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" -+#define NID_id_pkix_OCSP_serviceLocator 371 -+#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L -+ -+#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" -+#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" -+#define NID_id_pkix_OCSP_extendedStatus 372 -+#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L -+ -+#define SN_id_pkix_OCSP_valid "valid" -+#define NID_id_pkix_OCSP_valid 373 -+#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L -+ -+#define SN_id_pkix_OCSP_path "path" -+#define NID_id_pkix_OCSP_path 374 -+#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L -+ -+#define SN_id_pkix_OCSP_trustRoot "trustRoot" -+#define LN_id_pkix_OCSP_trustRoot "Trust Root" -+#define NID_id_pkix_OCSP_trustRoot 375 -+#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L -+ -+#define SN_algorithm "algorithm" -+#define LN_algorithm "algorithm" -+#define NID_algorithm 376 -+#define OBJ_algorithm 1L,3L,14L,3L,2L -+ -+#define SN_md5WithRSA "RSA-NP-MD5" -+#define LN_md5WithRSA "md5WithRSA" -+#define NID_md5WithRSA 104 -+#define OBJ_md5WithRSA OBJ_algorithm,3L -+ -+#define SN_des_ecb "DES-ECB" -+#define LN_des_ecb "des-ecb" -+#define NID_des_ecb 29 -+#define OBJ_des_ecb OBJ_algorithm,6L -+ -+#define SN_des_cbc "DES-CBC" -+#define LN_des_cbc "des-cbc" -+#define NID_des_cbc 31 -+#define OBJ_des_cbc OBJ_algorithm,7L -+ -+#define SN_des_ofb64 "DES-OFB" -+#define LN_des_ofb64 "des-ofb" -+#define NID_des_ofb64 45 -+#define OBJ_des_ofb64 OBJ_algorithm,8L -+ -+#define SN_des_cfb64 "DES-CFB" -+#define LN_des_cfb64 "des-cfb" -+#define NID_des_cfb64 30 -+#define OBJ_des_cfb64 OBJ_algorithm,9L -+ -+#define SN_rsaSignature "rsaSignature" -+#define NID_rsaSignature 377 -+#define OBJ_rsaSignature OBJ_algorithm,11L -+ -+#define SN_dsa_2 "DSA-old" -+#define LN_dsa_2 "dsaEncryption-old" -+#define NID_dsa_2 67 -+#define OBJ_dsa_2 OBJ_algorithm,12L -+ -+#define SN_dsaWithSHA "DSA-SHA" -+#define LN_dsaWithSHA "dsaWithSHA" -+#define NID_dsaWithSHA 66 -+#define OBJ_dsaWithSHA OBJ_algorithm,13L -+ -+#define SN_shaWithRSAEncryption "RSA-SHA" -+#define LN_shaWithRSAEncryption "shaWithRSAEncryption" -+#define NID_shaWithRSAEncryption 42 -+#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L -+ -+#define SN_des_ede_ecb "DES-EDE" -+#define LN_des_ede_ecb "des-ede" -+#define NID_des_ede_ecb 32 -+#define OBJ_des_ede_ecb OBJ_algorithm,17L -+ -+#define SN_des_ede3_ecb "DES-EDE3" -+#define LN_des_ede3_ecb "des-ede3" -+#define NID_des_ede3_ecb 33 -+ -+#define SN_des_ede_cbc "DES-EDE-CBC" -+#define LN_des_ede_cbc "des-ede-cbc" -+#define NID_des_ede_cbc 43 -+ -+#define SN_des_ede_cfb64 "DES-EDE-CFB" -+#define LN_des_ede_cfb64 "des-ede-cfb" -+#define NID_des_ede_cfb64 60 -+ -+#define SN_des_ede3_cfb64 "DES-EDE3-CFB" -+#define LN_des_ede3_cfb64 "des-ede3-cfb" -+#define NID_des_ede3_cfb64 61 -+ -+#define SN_des_ede_ofb64 "DES-EDE-OFB" -+#define LN_des_ede_ofb64 "des-ede-ofb" -+#define NID_des_ede_ofb64 62 -+ -+#define SN_des_ede3_ofb64 "DES-EDE3-OFB" -+#define LN_des_ede3_ofb64 "des-ede3-ofb" -+#define NID_des_ede3_ofb64 63 -+ -+#define SN_desx_cbc "DESX-CBC" -+#define LN_desx_cbc "desx-cbc" -+#define NID_desx_cbc 80 -+ -+#define SN_sha "SHA" -+#define LN_sha "sha" -+#define NID_sha 41 -+#define OBJ_sha OBJ_algorithm,18L -+ -+#define SN_sha1 "SHA1" -+#define LN_sha1 "sha1" -+#define NID_sha1 64 -+#define OBJ_sha1 OBJ_algorithm,26L -+ -+#define SN_dsaWithSHA1_2 "DSA-SHA1-old" -+#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" -+#define NID_dsaWithSHA1_2 70 -+#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L -+ -+#define SN_sha1WithRSA "RSA-SHA1-2" -+#define LN_sha1WithRSA "sha1WithRSA" -+#define NID_sha1WithRSA 115 -+#define OBJ_sha1WithRSA OBJ_algorithm,29L -+ -+#define SN_ripemd160 "RIPEMD160" -+#define LN_ripemd160 "ripemd160" -+#define NID_ripemd160 117 -+#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L -+ -+#define SN_ripemd160WithRSA "RSA-RIPEMD160" -+#define LN_ripemd160WithRSA "ripemd160WithRSA" -+#define NID_ripemd160WithRSA 119 -+#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L -+ -+#define SN_sxnet "SXNetID" -+#define LN_sxnet "Strong Extranet ID" -+#define NID_sxnet 143 -+#define OBJ_sxnet 1L,3L,101L,1L,4L,1L -+ -+#define SN_X500 "X500" -+#define LN_X500 "directory services (X.500)" -+#define NID_X500 11 -+#define OBJ_X500 2L,5L -+ -+#define SN_X509 "X509" -+#define NID_X509 12 -+#define OBJ_X509 OBJ_X500,4L -+ -+#define SN_commonName "CN" -+#define LN_commonName "commonName" -+#define NID_commonName 13 -+#define OBJ_commonName OBJ_X509,3L -+ -+#define SN_surname "SN" -+#define LN_surname "surname" -+#define NID_surname 100 -+#define OBJ_surname OBJ_X509,4L -+ -+#define LN_serialNumber "serialNumber" -+#define NID_serialNumber 105 -+#define OBJ_serialNumber OBJ_X509,5L -+ -+#define SN_countryName "C" -+#define LN_countryName "countryName" -+#define NID_countryName 14 -+#define OBJ_countryName OBJ_X509,6L -+ -+#define SN_localityName "L" -+#define LN_localityName "localityName" -+#define NID_localityName 15 -+#define OBJ_localityName OBJ_X509,7L -+ -+#define SN_stateOrProvinceName "ST" -+#define LN_stateOrProvinceName "stateOrProvinceName" -+#define NID_stateOrProvinceName 16 -+#define OBJ_stateOrProvinceName OBJ_X509,8L -+ -+#define SN_streetAddress "street" -+#define LN_streetAddress "streetAddress" -+#define NID_streetAddress 660 -+#define OBJ_streetAddress OBJ_X509,9L -+ -+#define SN_organizationName "O" -+#define LN_organizationName "organizationName" -+#define NID_organizationName 17 -+#define OBJ_organizationName OBJ_X509,10L -+ -+#define SN_organizationalUnitName "OU" -+#define LN_organizationalUnitName "organizationalUnitName" -+#define NID_organizationalUnitName 18 -+#define OBJ_organizationalUnitName OBJ_X509,11L -+ -+#define SN_title "title" -+#define LN_title "title" -+#define NID_title 106 -+#define OBJ_title OBJ_X509,12L -+ -+#define LN_description "description" -+#define NID_description 107 -+#define OBJ_description OBJ_X509,13L -+ -+#define LN_searchGuide "searchGuide" -+#define NID_searchGuide 859 -+#define OBJ_searchGuide OBJ_X509,14L -+ -+#define LN_businessCategory "businessCategory" -+#define NID_businessCategory 860 -+#define OBJ_businessCategory OBJ_X509,15L -+ -+#define LN_postalAddress "postalAddress" -+#define NID_postalAddress 861 -+#define OBJ_postalAddress OBJ_X509,16L -+ -+#define LN_postalCode "postalCode" -+#define NID_postalCode 661 -+#define OBJ_postalCode OBJ_X509,17L -+ -+#define LN_postOfficeBox "postOfficeBox" -+#define NID_postOfficeBox 862 -+#define OBJ_postOfficeBox OBJ_X509,18L -+ -+#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" -+#define NID_physicalDeliveryOfficeName 863 -+#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L -+ -+#define LN_telephoneNumber "telephoneNumber" -+#define NID_telephoneNumber 864 -+#define OBJ_telephoneNumber OBJ_X509,20L -+ -+#define LN_telexNumber "telexNumber" -+#define NID_telexNumber 865 -+#define OBJ_telexNumber OBJ_X509,21L -+ -+#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" -+#define NID_teletexTerminalIdentifier 866 -+#define OBJ_teletexTerminalIdentifier OBJ_X509,22L -+ -+#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" -+#define NID_facsimileTelephoneNumber 867 -+#define OBJ_facsimileTelephoneNumber OBJ_X509,23L -+ -+#define LN_x121Address "x121Address" -+#define NID_x121Address 868 -+#define OBJ_x121Address OBJ_X509,24L -+ -+#define LN_internationaliSDNNumber "internationaliSDNNumber" -+#define NID_internationaliSDNNumber 869 -+#define OBJ_internationaliSDNNumber OBJ_X509,25L -+ -+#define LN_registeredAddress "registeredAddress" -+#define NID_registeredAddress 870 -+#define OBJ_registeredAddress OBJ_X509,26L -+ -+#define LN_destinationIndicator "destinationIndicator" -+#define NID_destinationIndicator 871 -+#define OBJ_destinationIndicator OBJ_X509,27L -+ -+#define LN_preferredDeliveryMethod "preferredDeliveryMethod" -+#define NID_preferredDeliveryMethod 872 -+#define OBJ_preferredDeliveryMethod OBJ_X509,28L -+ -+#define LN_presentationAddress "presentationAddress" -+#define NID_presentationAddress 873 -+#define OBJ_presentationAddress OBJ_X509,29L -+ -+#define LN_supportedApplicationContext "supportedApplicationContext" -+#define NID_supportedApplicationContext 874 -+#define OBJ_supportedApplicationContext OBJ_X509,30L -+ -+#define SN_member "member" -+#define NID_member 875 -+#define OBJ_member OBJ_X509,31L -+ -+#define SN_owner "owner" -+#define NID_owner 876 -+#define OBJ_owner OBJ_X509,32L -+ -+#define LN_roleOccupant "roleOccupant" -+#define NID_roleOccupant 877 -+#define OBJ_roleOccupant OBJ_X509,33L -+ -+#define SN_seeAlso "seeAlso" -+#define NID_seeAlso 878 -+#define OBJ_seeAlso OBJ_X509,34L -+ -+#define LN_userPassword "userPassword" -+#define NID_userPassword 879 -+#define OBJ_userPassword OBJ_X509,35L -+ -+#define LN_userCertificate "userCertificate" -+#define NID_userCertificate 880 -+#define OBJ_userCertificate OBJ_X509,36L -+ -+#define LN_cACertificate "cACertificate" -+#define NID_cACertificate 881 -+#define OBJ_cACertificate OBJ_X509,37L -+ -+#define LN_authorityRevocationList "authorityRevocationList" -+#define NID_authorityRevocationList 882 -+#define OBJ_authorityRevocationList OBJ_X509,38L -+ -+#define LN_certificateRevocationList "certificateRevocationList" -+#define NID_certificateRevocationList 883 -+#define OBJ_certificateRevocationList OBJ_X509,39L -+ -+#define LN_crossCertificatePair "crossCertificatePair" -+#define NID_crossCertificatePair 884 -+#define OBJ_crossCertificatePair OBJ_X509,40L -+ -+#define SN_name "name" -+#define LN_name "name" -+#define NID_name 173 -+#define OBJ_name OBJ_X509,41L -+ -+#define SN_givenName "GN" -+#define LN_givenName "givenName" -+#define NID_givenName 99 -+#define OBJ_givenName OBJ_X509,42L -+ -+#define SN_initials "initials" -+#define LN_initials "initials" -+#define NID_initials 101 -+#define OBJ_initials OBJ_X509,43L -+ -+#define LN_generationQualifier "generationQualifier" -+#define NID_generationQualifier 509 -+#define OBJ_generationQualifier OBJ_X509,44L -+ -+#define LN_x500UniqueIdentifier "x500UniqueIdentifier" -+#define NID_x500UniqueIdentifier 503 -+#define OBJ_x500UniqueIdentifier OBJ_X509,45L -+ -+#define SN_dnQualifier "dnQualifier" -+#define LN_dnQualifier "dnQualifier" -+#define NID_dnQualifier 174 -+#define OBJ_dnQualifier OBJ_X509,46L -+ -+#define LN_enhancedSearchGuide "enhancedSearchGuide" -+#define NID_enhancedSearchGuide 885 -+#define OBJ_enhancedSearchGuide OBJ_X509,47L -+ -+#define LN_protocolInformation "protocolInformation" -+#define NID_protocolInformation 886 -+#define OBJ_protocolInformation OBJ_X509,48L -+ -+#define LN_distinguishedName "distinguishedName" -+#define NID_distinguishedName 887 -+#define OBJ_distinguishedName OBJ_X509,49L -+ -+#define LN_uniqueMember "uniqueMember" -+#define NID_uniqueMember 888 -+#define OBJ_uniqueMember OBJ_X509,50L -+ -+#define LN_houseIdentifier "houseIdentifier" -+#define NID_houseIdentifier 889 -+#define OBJ_houseIdentifier OBJ_X509,51L -+ -+#define LN_supportedAlgorithms "supportedAlgorithms" -+#define NID_supportedAlgorithms 890 -+#define OBJ_supportedAlgorithms OBJ_X509,52L -+ -+#define LN_deltaRevocationList "deltaRevocationList" -+#define NID_deltaRevocationList 891 -+#define OBJ_deltaRevocationList OBJ_X509,53L -+ -+#define SN_dmdName "dmdName" -+#define NID_dmdName 892 -+#define OBJ_dmdName OBJ_X509,54L -+ -+#define LN_pseudonym "pseudonym" -+#define NID_pseudonym 510 -+#define OBJ_pseudonym OBJ_X509,65L -+ -+#define SN_role "role" -+#define LN_role "role" -+#define NID_role 400 -+#define OBJ_role OBJ_X509,72L -+ -+#define SN_X500algorithms "X500algorithms" -+#define LN_X500algorithms "directory services - algorithms" -+#define NID_X500algorithms 378 -+#define OBJ_X500algorithms OBJ_X500,8L -+ -+#define SN_rsa "RSA" -+#define LN_rsa "rsa" -+#define NID_rsa 19 -+#define OBJ_rsa OBJ_X500algorithms,1L,1L -+ -+#define SN_mdc2WithRSA "RSA-MDC2" -+#define LN_mdc2WithRSA "mdc2WithRSA" -+#define NID_mdc2WithRSA 96 -+#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L -+ -+#define SN_mdc2 "MDC2" -+#define LN_mdc2 "mdc2" -+#define NID_mdc2 95 -+#define OBJ_mdc2 OBJ_X500algorithms,3L,101L -+ -+#define SN_id_ce "id-ce" -+#define NID_id_ce 81 -+#define OBJ_id_ce OBJ_X500,29L -+ -+#define SN_subject_directory_attributes "subjectDirectoryAttributes" -+#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" -+#define NID_subject_directory_attributes 769 -+#define OBJ_subject_directory_attributes OBJ_id_ce,9L -+ -+#define SN_subject_key_identifier "subjectKeyIdentifier" -+#define LN_subject_key_identifier "X509v3 Subject Key Identifier" -+#define NID_subject_key_identifier 82 -+#define OBJ_subject_key_identifier OBJ_id_ce,14L -+ -+#define SN_key_usage "keyUsage" -+#define LN_key_usage "X509v3 Key Usage" -+#define NID_key_usage 83 -+#define OBJ_key_usage OBJ_id_ce,15L -+ -+#define SN_private_key_usage_period "privateKeyUsagePeriod" -+#define LN_private_key_usage_period "X509v3 Private Key Usage Period" -+#define NID_private_key_usage_period 84 -+#define OBJ_private_key_usage_period OBJ_id_ce,16L -+ -+#define SN_subject_alt_name "subjectAltName" -+#define LN_subject_alt_name "X509v3 Subject Alternative Name" -+#define NID_subject_alt_name 85 -+#define OBJ_subject_alt_name OBJ_id_ce,17L -+ -+#define SN_issuer_alt_name "issuerAltName" -+#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" -+#define NID_issuer_alt_name 86 -+#define OBJ_issuer_alt_name OBJ_id_ce,18L -+ -+#define SN_basic_constraints "basicConstraints" -+#define LN_basic_constraints "X509v3 Basic Constraints" -+#define NID_basic_constraints 87 -+#define OBJ_basic_constraints OBJ_id_ce,19L -+ -+#define SN_crl_number "crlNumber" -+#define LN_crl_number "X509v3 CRL Number" -+#define NID_crl_number 88 -+#define OBJ_crl_number OBJ_id_ce,20L -+ -+#define SN_crl_reason "CRLReason" -+#define LN_crl_reason "X509v3 CRL Reason Code" -+#define NID_crl_reason 141 -+#define OBJ_crl_reason OBJ_id_ce,21L -+ -+#define SN_invalidity_date "invalidityDate" -+#define LN_invalidity_date "Invalidity Date" -+#define NID_invalidity_date 142 -+#define OBJ_invalidity_date OBJ_id_ce,24L -+ -+#define SN_delta_crl "deltaCRL" -+#define LN_delta_crl "X509v3 Delta CRL Indicator" -+#define NID_delta_crl 140 -+#define OBJ_delta_crl OBJ_id_ce,27L -+ -+#define SN_issuing_distribution_point "issuingDistributionPoint" -+#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" -+#define NID_issuing_distribution_point 770 -+#define OBJ_issuing_distribution_point OBJ_id_ce,28L -+ -+#define SN_certificate_issuer "certificateIssuer" -+#define LN_certificate_issuer "X509v3 Certificate Issuer" -+#define NID_certificate_issuer 771 -+#define OBJ_certificate_issuer OBJ_id_ce,29L -+ -+#define SN_name_constraints "nameConstraints" -+#define LN_name_constraints "X509v3 Name Constraints" -+#define NID_name_constraints 666 -+#define OBJ_name_constraints OBJ_id_ce,30L -+ -+#define SN_crl_distribution_points "crlDistributionPoints" -+#define LN_crl_distribution_points "X509v3 CRL Distribution Points" -+#define NID_crl_distribution_points 103 -+#define OBJ_crl_distribution_points OBJ_id_ce,31L -+ -+#define SN_certificate_policies "certificatePolicies" -+#define LN_certificate_policies "X509v3 Certificate Policies" -+#define NID_certificate_policies 89 -+#define OBJ_certificate_policies OBJ_id_ce,32L -+ -+#define SN_any_policy "anyPolicy" -+#define LN_any_policy "X509v3 Any Policy" -+#define NID_any_policy 746 -+#define OBJ_any_policy OBJ_certificate_policies,0L -+ -+#define SN_policy_mappings "policyMappings" -+#define LN_policy_mappings "X509v3 Policy Mappings" -+#define NID_policy_mappings 747 -+#define OBJ_policy_mappings OBJ_id_ce,33L -+ -+#define SN_authority_key_identifier "authorityKeyIdentifier" -+#define LN_authority_key_identifier "X509v3 Authority Key Identifier" -+#define NID_authority_key_identifier 90 -+#define OBJ_authority_key_identifier OBJ_id_ce,35L -+ -+#define SN_policy_constraints "policyConstraints" -+#define LN_policy_constraints "X509v3 Policy Constraints" -+#define NID_policy_constraints 401 -+#define OBJ_policy_constraints OBJ_id_ce,36L -+ -+#define SN_ext_key_usage "extendedKeyUsage" -+#define LN_ext_key_usage "X509v3 Extended Key Usage" -+#define NID_ext_key_usage 126 -+#define OBJ_ext_key_usage OBJ_id_ce,37L -+ -+#define SN_freshest_crl "freshestCRL" -+#define LN_freshest_crl "X509v3 Freshest CRL" -+#define NID_freshest_crl 857 -+#define OBJ_freshest_crl OBJ_id_ce,46L -+ -+#define SN_inhibit_any_policy "inhibitAnyPolicy" -+#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" -+#define NID_inhibit_any_policy 748 -+#define OBJ_inhibit_any_policy OBJ_id_ce,54L -+ -+#define SN_target_information "targetInformation" -+#define LN_target_information "X509v3 AC Targeting" -+#define NID_target_information 402 -+#define OBJ_target_information OBJ_id_ce,55L -+ -+#define SN_no_rev_avail "noRevAvail" -+#define LN_no_rev_avail "X509v3 No Revocation Available" -+#define NID_no_rev_avail 403 -+#define OBJ_no_rev_avail OBJ_id_ce,56L -+ -+#define SN_netscape "Netscape" -+#define LN_netscape "Netscape Communications Corp." -+#define NID_netscape 57 -+#define OBJ_netscape 2L,16L,840L,1L,113730L -+ -+#define SN_netscape_cert_extension "nsCertExt" -+#define LN_netscape_cert_extension "Netscape Certificate Extension" -+#define NID_netscape_cert_extension 58 -+#define OBJ_netscape_cert_extension OBJ_netscape,1L -+ -+#define SN_netscape_data_type "nsDataType" -+#define LN_netscape_data_type "Netscape Data Type" -+#define NID_netscape_data_type 59 -+#define OBJ_netscape_data_type OBJ_netscape,2L -+ -+#define SN_netscape_cert_type "nsCertType" -+#define LN_netscape_cert_type "Netscape Cert Type" -+#define NID_netscape_cert_type 71 -+#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L -+ -+#define SN_netscape_base_url "nsBaseUrl" -+#define LN_netscape_base_url "Netscape Base Url" -+#define NID_netscape_base_url 72 -+#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L -+ -+#define SN_netscape_revocation_url "nsRevocationUrl" -+#define LN_netscape_revocation_url "Netscape Revocation Url" -+#define NID_netscape_revocation_url 73 -+#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L -+ -+#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" -+#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" -+#define NID_netscape_ca_revocation_url 74 -+#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L -+ -+#define SN_netscape_renewal_url "nsRenewalUrl" -+#define LN_netscape_renewal_url "Netscape Renewal Url" -+#define NID_netscape_renewal_url 75 -+#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L -+ -+#define SN_netscape_ca_policy_url "nsCaPolicyUrl" -+#define LN_netscape_ca_policy_url "Netscape CA Policy Url" -+#define NID_netscape_ca_policy_url 76 -+#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L -+ -+#define SN_netscape_ssl_server_name "nsSslServerName" -+#define LN_netscape_ssl_server_name "Netscape SSL Server Name" -+#define NID_netscape_ssl_server_name 77 -+#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L -+ -+#define SN_netscape_comment "nsComment" -+#define LN_netscape_comment "Netscape Comment" -+#define NID_netscape_comment 78 -+#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L -+ -+#define SN_netscape_cert_sequence "nsCertSequence" -+#define LN_netscape_cert_sequence "Netscape Certificate Sequence" -+#define NID_netscape_cert_sequence 79 -+#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L -+ -+#define SN_ns_sgc "nsSGC" -+#define LN_ns_sgc "Netscape Server Gated Crypto" -+#define NID_ns_sgc 139 -+#define OBJ_ns_sgc OBJ_netscape,4L,1L -+ -+#define SN_org "ORG" -+#define LN_org "org" -+#define NID_org 379 -+#define OBJ_org OBJ_iso,3L -+ -+#define SN_dod "DOD" -+#define LN_dod "dod" -+#define NID_dod 380 -+#define OBJ_dod OBJ_org,6L -+ -+#define SN_iana "IANA" -+#define LN_iana "iana" -+#define NID_iana 381 -+#define OBJ_iana OBJ_dod,1L -+ -+#define OBJ_internet OBJ_iana -+ -+#define SN_Directory "directory" -+#define LN_Directory "Directory" -+#define NID_Directory 382 -+#define OBJ_Directory OBJ_internet,1L -+ -+#define SN_Management "mgmt" -+#define LN_Management "Management" -+#define NID_Management 383 -+#define OBJ_Management OBJ_internet,2L -+ -+#define SN_Experimental "experimental" -+#define LN_Experimental "Experimental" -+#define NID_Experimental 384 -+#define OBJ_Experimental OBJ_internet,3L -+ -+#define SN_Private "private" -+#define LN_Private "Private" -+#define NID_Private 385 -+#define OBJ_Private OBJ_internet,4L -+ -+#define SN_Security "security" -+#define LN_Security "Security" -+#define NID_Security 386 -+#define OBJ_Security OBJ_internet,5L -+ -+#define SN_SNMPv2 "snmpv2" -+#define LN_SNMPv2 "SNMPv2" -+#define NID_SNMPv2 387 -+#define OBJ_SNMPv2 OBJ_internet,6L -+ -+#define LN_Mail "Mail" -+#define NID_Mail 388 -+#define OBJ_Mail OBJ_internet,7L -+ -+#define SN_Enterprises "enterprises" -+#define LN_Enterprises "Enterprises" -+#define NID_Enterprises 389 -+#define OBJ_Enterprises OBJ_Private,1L -+ -+#define SN_dcObject "dcobject" -+#define LN_dcObject "dcObject" -+#define NID_dcObject 390 -+#define OBJ_dcObject OBJ_Enterprises,1466L,344L -+ -+#define SN_mime_mhs "mime-mhs" -+#define LN_mime_mhs "MIME MHS" -+#define NID_mime_mhs 504 -+#define OBJ_mime_mhs OBJ_Mail,1L -+ -+#define SN_mime_mhs_headings "mime-mhs-headings" -+#define LN_mime_mhs_headings "mime-mhs-headings" -+#define NID_mime_mhs_headings 505 -+#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L -+ -+#define SN_mime_mhs_bodies "mime-mhs-bodies" -+#define LN_mime_mhs_bodies "mime-mhs-bodies" -+#define NID_mime_mhs_bodies 506 -+#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L -+ -+#define SN_id_hex_partial_message "id-hex-partial-message" -+#define LN_id_hex_partial_message "id-hex-partial-message" -+#define NID_id_hex_partial_message 507 -+#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L -+ -+#define SN_id_hex_multipart_message "id-hex-multipart-message" -+#define LN_id_hex_multipart_message "id-hex-multipart-message" -+#define NID_id_hex_multipart_message 508 -+#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L -+ -+#define SN_rle_compression "RLE" -+#define LN_rle_compression "run length compression" -+#define NID_rle_compression 124 -+#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L -+ -+#define SN_zlib_compression "ZLIB" -+#define LN_zlib_compression "zlib compression" -+#define NID_zlib_compression 125 -+#define OBJ_zlib_compression OBJ_id_smime_alg,8L -+ -+#define OBJ_csor 2L,16L,840L,1L,101L,3L -+ -+#define OBJ_nistAlgorithms OBJ_csor,4L -+ -+#define OBJ_aes OBJ_nistAlgorithms,1L -+ -+#define SN_aes_128_ecb "AES-128-ECB" -+#define LN_aes_128_ecb "aes-128-ecb" -+#define NID_aes_128_ecb 418 -+#define OBJ_aes_128_ecb OBJ_aes,1L -+ -+#define SN_aes_128_cbc "AES-128-CBC" -+#define LN_aes_128_cbc "aes-128-cbc" -+#define NID_aes_128_cbc 419 -+#define OBJ_aes_128_cbc OBJ_aes,2L -+ -+#define SN_aes_128_ofb128 "AES-128-OFB" -+#define LN_aes_128_ofb128 "aes-128-ofb" -+#define NID_aes_128_ofb128 420 -+#define OBJ_aes_128_ofb128 OBJ_aes,3L -+ -+#define SN_aes_128_cfb128 "AES-128-CFB" -+#define LN_aes_128_cfb128 "aes-128-cfb" -+#define NID_aes_128_cfb128 421 -+#define OBJ_aes_128_cfb128 OBJ_aes,4L -+ -+#define SN_aes_192_ecb "AES-192-ECB" -+#define LN_aes_192_ecb "aes-192-ecb" -+#define NID_aes_192_ecb 422 -+#define OBJ_aes_192_ecb OBJ_aes,21L -+ -+#define SN_aes_192_cbc "AES-192-CBC" -+#define LN_aes_192_cbc "aes-192-cbc" -+#define NID_aes_192_cbc 423 -+#define OBJ_aes_192_cbc OBJ_aes,22L -+ -+#define SN_aes_192_ofb128 "AES-192-OFB" -+#define LN_aes_192_ofb128 "aes-192-ofb" -+#define NID_aes_192_ofb128 424 -+#define OBJ_aes_192_ofb128 OBJ_aes,23L -+ -+#define SN_aes_192_cfb128 "AES-192-CFB" -+#define LN_aes_192_cfb128 "aes-192-cfb" -+#define NID_aes_192_cfb128 425 -+#define OBJ_aes_192_cfb128 OBJ_aes,24L -+ -+#define SN_aes_256_ecb "AES-256-ECB" -+#define LN_aes_256_ecb "aes-256-ecb" -+#define NID_aes_256_ecb 426 -+#define OBJ_aes_256_ecb OBJ_aes,41L -+ -+#define SN_aes_256_cbc "AES-256-CBC" -+#define LN_aes_256_cbc "aes-256-cbc" -+#define NID_aes_256_cbc 427 -+#define OBJ_aes_256_cbc OBJ_aes,42L -+ -+#define SN_aes_256_ofb128 "AES-256-OFB" -+#define LN_aes_256_ofb128 "aes-256-ofb" -+#define NID_aes_256_ofb128 428 -+#define OBJ_aes_256_ofb128 OBJ_aes,43L -+ -+#define SN_aes_256_cfb128 "AES-256-CFB" -+#define LN_aes_256_cfb128 "aes-256-cfb" -+#define NID_aes_256_cfb128 429 -+#define OBJ_aes_256_cfb128 OBJ_aes,44L -+ -+#define SN_aes_128_cfb1 "AES-128-CFB1" -+#define LN_aes_128_cfb1 "aes-128-cfb1" -+#define NID_aes_128_cfb1 650 -+ -+#define SN_aes_192_cfb1 "AES-192-CFB1" -+#define LN_aes_192_cfb1 "aes-192-cfb1" -+#define NID_aes_192_cfb1 651 -+ -+#define SN_aes_256_cfb1 "AES-256-CFB1" -+#define LN_aes_256_cfb1 "aes-256-cfb1" -+#define NID_aes_256_cfb1 652 -+ -+#define SN_aes_128_cfb8 "AES-128-CFB8" -+#define LN_aes_128_cfb8 "aes-128-cfb8" -+#define NID_aes_128_cfb8 653 -+ -+#define SN_aes_192_cfb8 "AES-192-CFB8" -+#define LN_aes_192_cfb8 "aes-192-cfb8" -+#define NID_aes_192_cfb8 654 -+ -+#define SN_aes_256_cfb8 "AES-256-CFB8" -+#define LN_aes_256_cfb8 "aes-256-cfb8" -+#define NID_aes_256_cfb8 655 -+ -+#define SN_des_cfb1 "DES-CFB1" -+#define LN_des_cfb1 "des-cfb1" -+#define NID_des_cfb1 656 -+ -+#define SN_des_cfb8 "DES-CFB8" -+#define LN_des_cfb8 "des-cfb8" -+#define NID_des_cfb8 657 -+ -+#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" -+#define LN_des_ede3_cfb1 "des-ede3-cfb1" -+#define NID_des_ede3_cfb1 658 -+ -+#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" -+#define LN_des_ede3_cfb8 "des-ede3-cfb8" -+#define NID_des_ede3_cfb8 659 -+ -+#define SN_id_aes128_wrap "id-aes128-wrap" -+#define NID_id_aes128_wrap 788 -+#define OBJ_id_aes128_wrap OBJ_aes,5L -+ -+#define SN_id_aes192_wrap "id-aes192-wrap" -+#define NID_id_aes192_wrap 789 -+#define OBJ_id_aes192_wrap OBJ_aes,25L -+ -+#define SN_id_aes256_wrap "id-aes256-wrap" -+#define NID_id_aes256_wrap 790 -+#define OBJ_id_aes256_wrap OBJ_aes,45L -+ -+#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L -+ -+#define SN_sha256 "SHA256" -+#define LN_sha256 "sha256" -+#define NID_sha256 672 -+#define OBJ_sha256 OBJ_nist_hashalgs,1L -+ -+#define SN_sha384 "SHA384" -+#define LN_sha384 "sha384" -+#define NID_sha384 673 -+#define OBJ_sha384 OBJ_nist_hashalgs,2L -+ -+#define SN_sha512 "SHA512" -+#define LN_sha512 "sha512" -+#define NID_sha512 674 -+#define OBJ_sha512 OBJ_nist_hashalgs,3L -+ -+#define SN_sha224 "SHA224" -+#define LN_sha224 "sha224" -+#define NID_sha224 675 -+#define OBJ_sha224 OBJ_nist_hashalgs,4L -+ -+#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L -+ -+#define SN_dsa_with_SHA224 "dsa_with_SHA224" -+#define NID_dsa_with_SHA224 802 -+#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L -+ -+#define SN_dsa_with_SHA256 "dsa_with_SHA256" -+#define NID_dsa_with_SHA256 803 -+#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L -+ -+#define SN_hold_instruction_code "holdInstructionCode" -+#define LN_hold_instruction_code "Hold Instruction Code" -+#define NID_hold_instruction_code 430 -+#define OBJ_hold_instruction_code OBJ_id_ce,23L -+ -+#define OBJ_holdInstruction OBJ_X9_57,2L -+ -+#define SN_hold_instruction_none "holdInstructionNone" -+#define LN_hold_instruction_none "Hold Instruction None" -+#define NID_hold_instruction_none 431 -+#define OBJ_hold_instruction_none OBJ_holdInstruction,1L -+ -+#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" -+#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" -+#define NID_hold_instruction_call_issuer 432 -+#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L -+ -+#define SN_hold_instruction_reject "holdInstructionReject" -+#define LN_hold_instruction_reject "Hold Instruction Reject" -+#define NID_hold_instruction_reject 433 -+#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L -+ -+#define SN_data "data" -+#define NID_data 434 -+#define OBJ_data OBJ_itu_t,9L -+ -+#define SN_pss "pss" -+#define NID_pss 435 -+#define OBJ_pss OBJ_data,2342L -+ -+#define SN_ucl "ucl" -+#define NID_ucl 436 -+#define OBJ_ucl OBJ_pss,19200300L -+ -+#define SN_pilot "pilot" -+#define NID_pilot 437 -+#define OBJ_pilot OBJ_ucl,100L -+ -+#define LN_pilotAttributeType "pilotAttributeType" -+#define NID_pilotAttributeType 438 -+#define OBJ_pilotAttributeType OBJ_pilot,1L -+ -+#define LN_pilotAttributeSyntax "pilotAttributeSyntax" -+#define NID_pilotAttributeSyntax 439 -+#define OBJ_pilotAttributeSyntax OBJ_pilot,3L -+ -+#define LN_pilotObjectClass "pilotObjectClass" -+#define NID_pilotObjectClass 440 -+#define OBJ_pilotObjectClass OBJ_pilot,4L -+ -+#define LN_pilotGroups "pilotGroups" -+#define NID_pilotGroups 441 -+#define OBJ_pilotGroups OBJ_pilot,10L -+ -+#define LN_iA5StringSyntax "iA5StringSyntax" -+#define NID_iA5StringSyntax 442 -+#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L -+ -+#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" -+#define NID_caseIgnoreIA5StringSyntax 443 -+#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L -+ -+#define LN_pilotObject "pilotObject" -+#define NID_pilotObject 444 -+#define OBJ_pilotObject OBJ_pilotObjectClass,3L -+ -+#define LN_pilotPerson "pilotPerson" -+#define NID_pilotPerson 445 -+#define OBJ_pilotPerson OBJ_pilotObjectClass,4L -+ -+#define SN_account "account" -+#define NID_account 446 -+#define OBJ_account OBJ_pilotObjectClass,5L -+ -+#define SN_document "document" -+#define NID_document 447 -+#define OBJ_document OBJ_pilotObjectClass,6L -+ -+#define SN_room "room" -+#define NID_room 448 -+#define OBJ_room OBJ_pilotObjectClass,7L -+ -+#define LN_documentSeries "documentSeries" -+#define NID_documentSeries 449 -+#define OBJ_documentSeries OBJ_pilotObjectClass,9L -+ -+#define SN_Domain "domain" -+#define LN_Domain "Domain" -+#define NID_Domain 392 -+#define OBJ_Domain OBJ_pilotObjectClass,13L -+ -+#define LN_rFC822localPart "rFC822localPart" -+#define NID_rFC822localPart 450 -+#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L -+ -+#define LN_dNSDomain "dNSDomain" -+#define NID_dNSDomain 451 -+#define OBJ_dNSDomain OBJ_pilotObjectClass,15L -+ -+#define LN_domainRelatedObject "domainRelatedObject" -+#define NID_domainRelatedObject 452 -+#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L -+ -+#define LN_friendlyCountry "friendlyCountry" -+#define NID_friendlyCountry 453 -+#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L -+ -+#define LN_simpleSecurityObject "simpleSecurityObject" -+#define NID_simpleSecurityObject 454 -+#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L -+ -+#define LN_pilotOrganization "pilotOrganization" -+#define NID_pilotOrganization 455 -+#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L -+ -+#define LN_pilotDSA "pilotDSA" -+#define NID_pilotDSA 456 -+#define OBJ_pilotDSA OBJ_pilotObjectClass,21L -+ -+#define LN_qualityLabelledData "qualityLabelledData" -+#define NID_qualityLabelledData 457 -+#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L -+ -+#define SN_userId "UID" -+#define LN_userId "userId" -+#define NID_userId 458 -+#define OBJ_userId OBJ_pilotAttributeType,1L -+ -+#define LN_textEncodedORAddress "textEncodedORAddress" -+#define NID_textEncodedORAddress 459 -+#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L -+ -+#define SN_rfc822Mailbox "mail" -+#define LN_rfc822Mailbox "rfc822Mailbox" -+#define NID_rfc822Mailbox 460 -+#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L -+ -+#define SN_info "info" -+#define NID_info 461 -+#define OBJ_info OBJ_pilotAttributeType,4L -+ -+#define LN_favouriteDrink "favouriteDrink" -+#define NID_favouriteDrink 462 -+#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L -+ -+#define LN_roomNumber "roomNumber" -+#define NID_roomNumber 463 -+#define OBJ_roomNumber OBJ_pilotAttributeType,6L -+ -+#define SN_photo "photo" -+#define NID_photo 464 -+#define OBJ_photo OBJ_pilotAttributeType,7L -+ -+#define LN_userClass "userClass" -+#define NID_userClass 465 -+#define OBJ_userClass OBJ_pilotAttributeType,8L -+ -+#define SN_host "host" -+#define NID_host 466 -+#define OBJ_host OBJ_pilotAttributeType,9L -+ -+#define SN_manager "manager" -+#define NID_manager 467 -+#define OBJ_manager OBJ_pilotAttributeType,10L -+ -+#define LN_documentIdentifier "documentIdentifier" -+#define NID_documentIdentifier 468 -+#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L -+ -+#define LN_documentTitle "documentTitle" -+#define NID_documentTitle 469 -+#define OBJ_documentTitle OBJ_pilotAttributeType,12L -+ -+#define LN_documentVersion "documentVersion" -+#define NID_documentVersion 470 -+#define OBJ_documentVersion OBJ_pilotAttributeType,13L -+ -+#define LN_documentAuthor "documentAuthor" -+#define NID_documentAuthor 471 -+#define OBJ_documentAuthor OBJ_pilotAttributeType,14L -+ -+#define LN_documentLocation "documentLocation" -+#define NID_documentLocation 472 -+#define OBJ_documentLocation OBJ_pilotAttributeType,15L -+ -+#define LN_homeTelephoneNumber "homeTelephoneNumber" -+#define NID_homeTelephoneNumber 473 -+#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L -+ -+#define SN_secretary "secretary" -+#define NID_secretary 474 -+#define OBJ_secretary OBJ_pilotAttributeType,21L -+ -+#define LN_otherMailbox "otherMailbox" -+#define NID_otherMailbox 475 -+#define OBJ_otherMailbox OBJ_pilotAttributeType,22L -+ -+#define LN_lastModifiedTime "lastModifiedTime" -+#define NID_lastModifiedTime 476 -+#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L -+ -+#define LN_lastModifiedBy "lastModifiedBy" -+#define NID_lastModifiedBy 477 -+#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L -+ -+#define SN_domainComponent "DC" -+#define LN_domainComponent "domainComponent" -+#define NID_domainComponent 391 -+#define OBJ_domainComponent OBJ_pilotAttributeType,25L - --#define SN_id_set "id-set" --#define LN_id_set "Secure Electronic Transactions" --#define NID_id_set 512 --#define OBJ_id_set OBJ_international_organizations,42L -- --#define SN_set_ctype "set-ctype" --#define LN_set_ctype "content types" --#define NID_set_ctype 513 --#define OBJ_set_ctype OBJ_id_set,0L -- --#define SN_set_msgExt "set-msgExt" --#define LN_set_msgExt "message extensions" --#define NID_set_msgExt 514 --#define OBJ_set_msgExt OBJ_id_set,1L -- --#define SN_set_attr "set-attr" --#define NID_set_attr 515 --#define OBJ_set_attr OBJ_id_set,3L -- --#define SN_set_policy "set-policy" --#define NID_set_policy 516 --#define OBJ_set_policy OBJ_id_set,5L -- --#define SN_set_certExt "set-certExt" --#define LN_set_certExt "certificate extensions" --#define NID_set_certExt 517 --#define OBJ_set_certExt OBJ_id_set,7L -+#define LN_aRecord "aRecord" -+#define NID_aRecord 478 -+#define OBJ_aRecord OBJ_pilotAttributeType,26L -+ -+#define LN_pilotAttributeType27 "pilotAttributeType27" -+#define NID_pilotAttributeType27 479 -+#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L -+ -+#define LN_mXRecord "mXRecord" -+#define NID_mXRecord 480 -+#define OBJ_mXRecord OBJ_pilotAttributeType,28L -+ -+#define LN_nSRecord "nSRecord" -+#define NID_nSRecord 481 -+#define OBJ_nSRecord OBJ_pilotAttributeType,29L -+ -+#define LN_sOARecord "sOARecord" -+#define NID_sOARecord 482 -+#define OBJ_sOARecord OBJ_pilotAttributeType,30L -+ -+#define LN_cNAMERecord "cNAMERecord" -+#define NID_cNAMERecord 483 -+#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L -+ -+#define LN_associatedDomain "associatedDomain" -+#define NID_associatedDomain 484 -+#define OBJ_associatedDomain OBJ_pilotAttributeType,37L -+ -+#define LN_associatedName "associatedName" -+#define NID_associatedName 485 -+#define OBJ_associatedName OBJ_pilotAttributeType,38L -+ -+#define LN_homePostalAddress "homePostalAddress" -+#define NID_homePostalAddress 486 -+#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L -+ -+#define LN_personalTitle "personalTitle" -+#define NID_personalTitle 487 -+#define OBJ_personalTitle OBJ_pilotAttributeType,40L -+ -+#define LN_mobileTelephoneNumber "mobileTelephoneNumber" -+#define NID_mobileTelephoneNumber 488 -+#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L -+ -+#define LN_pagerTelephoneNumber "pagerTelephoneNumber" -+#define NID_pagerTelephoneNumber 489 -+#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L -+ -+#define LN_friendlyCountryName "friendlyCountryName" -+#define NID_friendlyCountryName 490 -+#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L -+ -+#define LN_organizationalStatus "organizationalStatus" -+#define NID_organizationalStatus 491 -+#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L -+ -+#define LN_janetMailbox "janetMailbox" -+#define NID_janetMailbox 492 -+#define OBJ_janetMailbox OBJ_pilotAttributeType,46L -+ -+#define LN_mailPreferenceOption "mailPreferenceOption" -+#define NID_mailPreferenceOption 493 -+#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L -+ -+#define LN_buildingName "buildingName" -+#define NID_buildingName 494 -+#define OBJ_buildingName OBJ_pilotAttributeType,48L -+ -+#define LN_dSAQuality "dSAQuality" -+#define NID_dSAQuality 495 -+#define OBJ_dSAQuality OBJ_pilotAttributeType,49L -+ -+#define LN_singleLevelQuality "singleLevelQuality" -+#define NID_singleLevelQuality 496 -+#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L -+ -+#define LN_subtreeMinimumQuality "subtreeMinimumQuality" -+#define NID_subtreeMinimumQuality 497 -+#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L -+ -+#define LN_subtreeMaximumQuality "subtreeMaximumQuality" -+#define NID_subtreeMaximumQuality 498 -+#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L -+ -+#define LN_personalSignature "personalSignature" -+#define NID_personalSignature 499 -+#define OBJ_personalSignature OBJ_pilotAttributeType,53L -+ -+#define LN_dITRedirect "dITRedirect" -+#define NID_dITRedirect 500 -+#define OBJ_dITRedirect OBJ_pilotAttributeType,54L -+ -+#define SN_audio "audio" -+#define NID_audio 501 -+#define OBJ_audio OBJ_pilotAttributeType,55L -+ -+#define LN_documentPublisher "documentPublisher" -+#define NID_documentPublisher 502 -+#define OBJ_documentPublisher OBJ_pilotAttributeType,56L - --#define SN_set_brand "set-brand" --#define NID_set_brand 518 --#define OBJ_set_brand OBJ_id_set,8L -+#define SN_id_set "id-set" -+#define LN_id_set "Secure Electronic Transactions" -+#define NID_id_set 512 -+#define OBJ_id_set OBJ_international_organizations,42L -+ -+#define SN_set_ctype "set-ctype" -+#define LN_set_ctype "content types" -+#define NID_set_ctype 513 -+#define OBJ_set_ctype OBJ_id_set,0L -+ -+#define SN_set_msgExt "set-msgExt" -+#define LN_set_msgExt "message extensions" -+#define NID_set_msgExt 514 -+#define OBJ_set_msgExt OBJ_id_set,1L -+ -+#define SN_set_attr "set-attr" -+#define NID_set_attr 515 -+#define OBJ_set_attr OBJ_id_set,3L -+ -+#define SN_set_policy "set-policy" -+#define NID_set_policy 516 -+#define OBJ_set_policy OBJ_id_set,5L -+ -+#define SN_set_certExt "set-certExt" -+#define LN_set_certExt "certificate extensions" -+#define NID_set_certExt 517 -+#define OBJ_set_certExt OBJ_id_set,7L - --#define SN_setct_PANData "setct-PANData" --#define NID_setct_PANData 519 --#define OBJ_setct_PANData OBJ_set_ctype,0L -+#define SN_set_brand "set-brand" -+#define NID_set_brand 518 -+#define OBJ_set_brand OBJ_id_set,8L - --#define SN_setct_PANToken "setct-PANToken" --#define NID_setct_PANToken 520 --#define OBJ_setct_PANToken OBJ_set_ctype,1L -+#define SN_setct_PANData "setct-PANData" -+#define NID_setct_PANData 519 -+#define OBJ_setct_PANData OBJ_set_ctype,0L - --#define SN_setct_PANOnly "setct-PANOnly" --#define NID_setct_PANOnly 521 --#define OBJ_setct_PANOnly OBJ_set_ctype,2L -+#define SN_setct_PANToken "setct-PANToken" -+#define NID_setct_PANToken 520 -+#define OBJ_setct_PANToken OBJ_set_ctype,1L - --#define SN_setct_OIData "setct-OIData" --#define NID_setct_OIData 522 --#define OBJ_setct_OIData OBJ_set_ctype,3L -+#define SN_setct_PANOnly "setct-PANOnly" -+#define NID_setct_PANOnly 521 -+#define OBJ_setct_PANOnly OBJ_set_ctype,2L - --#define SN_setct_PI "setct-PI" --#define NID_setct_PI 523 --#define OBJ_setct_PI OBJ_set_ctype,4L -+#define SN_setct_OIData "setct-OIData" -+#define NID_setct_OIData 522 -+#define OBJ_setct_OIData OBJ_set_ctype,3L - --#define SN_setct_PIData "setct-PIData" --#define NID_setct_PIData 524 --#define OBJ_setct_PIData OBJ_set_ctype,5L -+#define SN_setct_PI "setct-PI" -+#define NID_setct_PI 523 -+#define OBJ_setct_PI OBJ_set_ctype,4L - --#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" --#define NID_setct_PIDataUnsigned 525 --#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L -+#define SN_setct_PIData "setct-PIData" -+#define NID_setct_PIData 524 -+#define OBJ_setct_PIData OBJ_set_ctype,5L - --#define SN_setct_HODInput "setct-HODInput" --#define NID_setct_HODInput 526 --#define OBJ_setct_HODInput OBJ_set_ctype,7L -+#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" -+#define NID_setct_PIDataUnsigned 525 -+#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L - --#define SN_setct_AuthResBaggage "setct-AuthResBaggage" --#define NID_setct_AuthResBaggage 527 --#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L -+#define SN_setct_HODInput "setct-HODInput" -+#define NID_setct_HODInput 526 -+#define OBJ_setct_HODInput OBJ_set_ctype,7L - --#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" --#define NID_setct_AuthRevReqBaggage 528 --#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L -+#define SN_setct_AuthResBaggage "setct-AuthResBaggage" -+#define NID_setct_AuthResBaggage 527 -+#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L - --#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" --#define NID_setct_AuthRevResBaggage 529 --#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L -+#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" -+#define NID_setct_AuthRevReqBaggage 528 -+#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L - --#define SN_setct_CapTokenSeq "setct-CapTokenSeq" --#define NID_setct_CapTokenSeq 530 --#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L -+#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" -+#define NID_setct_AuthRevResBaggage 529 -+#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L - --#define SN_setct_PInitResData "setct-PInitResData" --#define NID_setct_PInitResData 531 --#define OBJ_setct_PInitResData OBJ_set_ctype,12L -+#define SN_setct_CapTokenSeq "setct-CapTokenSeq" -+#define NID_setct_CapTokenSeq 530 -+#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L - --#define SN_setct_PI_TBS "setct-PI-TBS" --#define NID_setct_PI_TBS 532 --#define OBJ_setct_PI_TBS OBJ_set_ctype,13L -+#define SN_setct_PInitResData "setct-PInitResData" -+#define NID_setct_PInitResData 531 -+#define OBJ_setct_PInitResData OBJ_set_ctype,12L - --#define SN_setct_PResData "setct-PResData" --#define NID_setct_PResData 533 --#define OBJ_setct_PResData OBJ_set_ctype,14L -+#define SN_setct_PI_TBS "setct-PI-TBS" -+#define NID_setct_PI_TBS 532 -+#define OBJ_setct_PI_TBS OBJ_set_ctype,13L - --#define SN_setct_AuthReqTBS "setct-AuthReqTBS" --#define NID_setct_AuthReqTBS 534 --#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L -+#define SN_setct_PResData "setct-PResData" -+#define NID_setct_PResData 533 -+#define OBJ_setct_PResData OBJ_set_ctype,14L - --#define SN_setct_AuthResTBS "setct-AuthResTBS" --#define NID_setct_AuthResTBS 535 --#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L -+#define SN_setct_AuthReqTBS "setct-AuthReqTBS" -+#define NID_setct_AuthReqTBS 534 -+#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L - --#define SN_setct_AuthResTBSX "setct-AuthResTBSX" --#define NID_setct_AuthResTBSX 536 --#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L -+#define SN_setct_AuthResTBS "setct-AuthResTBS" -+#define NID_setct_AuthResTBS 535 -+#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L - --#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" --#define NID_setct_AuthTokenTBS 537 --#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L -+#define SN_setct_AuthResTBSX "setct-AuthResTBSX" -+#define NID_setct_AuthResTBSX 536 -+#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L - --#define SN_setct_CapTokenData "setct-CapTokenData" --#define NID_setct_CapTokenData 538 --#define OBJ_setct_CapTokenData OBJ_set_ctype,20L -+#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" -+#define NID_setct_AuthTokenTBS 537 -+#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L - --#define SN_setct_CapTokenTBS "setct-CapTokenTBS" --#define NID_setct_CapTokenTBS 539 --#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L -+#define SN_setct_CapTokenData "setct-CapTokenData" -+#define NID_setct_CapTokenData 538 -+#define OBJ_setct_CapTokenData OBJ_set_ctype,20L - --#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" --#define NID_setct_AcqCardCodeMsg 540 --#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L -+#define SN_setct_CapTokenTBS "setct-CapTokenTBS" -+#define NID_setct_CapTokenTBS 539 -+#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L - --#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" --#define NID_setct_AuthRevReqTBS 541 --#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L -+#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" -+#define NID_setct_AcqCardCodeMsg 540 -+#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L - --#define SN_setct_AuthRevResData "setct-AuthRevResData" --#define NID_setct_AuthRevResData 542 --#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L -+#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" -+#define NID_setct_AuthRevReqTBS 541 -+#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L - --#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" --#define NID_setct_AuthRevResTBS 543 --#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L -+#define SN_setct_AuthRevResData "setct-AuthRevResData" -+#define NID_setct_AuthRevResData 542 -+#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L - --#define SN_setct_CapReqTBS "setct-CapReqTBS" --#define NID_setct_CapReqTBS 544 --#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L -+#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" -+#define NID_setct_AuthRevResTBS 543 -+#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L - --#define SN_setct_CapReqTBSX "setct-CapReqTBSX" --#define NID_setct_CapReqTBSX 545 --#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L -+#define SN_setct_CapReqTBS "setct-CapReqTBS" -+#define NID_setct_CapReqTBS 544 -+#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L - --#define SN_setct_CapResData "setct-CapResData" --#define NID_setct_CapResData 546 --#define OBJ_setct_CapResData OBJ_set_ctype,28L -+#define SN_setct_CapReqTBSX "setct-CapReqTBSX" -+#define NID_setct_CapReqTBSX 545 -+#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L - --#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" --#define NID_setct_CapRevReqTBS 547 --#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L -+#define SN_setct_CapResData "setct-CapResData" -+#define NID_setct_CapResData 546 -+#define OBJ_setct_CapResData OBJ_set_ctype,28L - --#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" --#define NID_setct_CapRevReqTBSX 548 --#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L -+#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" -+#define NID_setct_CapRevReqTBS 547 -+#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L - --#define SN_setct_CapRevResData "setct-CapRevResData" --#define NID_setct_CapRevResData 549 --#define OBJ_setct_CapRevResData OBJ_set_ctype,31L -+#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" -+#define NID_setct_CapRevReqTBSX 548 -+#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L - --#define SN_setct_CredReqTBS "setct-CredReqTBS" --#define NID_setct_CredReqTBS 550 --#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L -+#define SN_setct_CapRevResData "setct-CapRevResData" -+#define NID_setct_CapRevResData 549 -+#define OBJ_setct_CapRevResData OBJ_set_ctype,31L - --#define SN_setct_CredReqTBSX "setct-CredReqTBSX" --#define NID_setct_CredReqTBSX 551 --#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L -+#define SN_setct_CredReqTBS "setct-CredReqTBS" -+#define NID_setct_CredReqTBS 550 -+#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L - --#define SN_setct_CredResData "setct-CredResData" --#define NID_setct_CredResData 552 --#define OBJ_setct_CredResData OBJ_set_ctype,34L -+#define SN_setct_CredReqTBSX "setct-CredReqTBSX" -+#define NID_setct_CredReqTBSX 551 -+#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L - --#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" --#define NID_setct_CredRevReqTBS 553 --#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L -+#define SN_setct_CredResData "setct-CredResData" -+#define NID_setct_CredResData 552 -+#define OBJ_setct_CredResData OBJ_set_ctype,34L - --#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" --#define NID_setct_CredRevReqTBSX 554 --#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L -+#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" -+#define NID_setct_CredRevReqTBS 553 -+#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L - --#define SN_setct_CredRevResData "setct-CredRevResData" --#define NID_setct_CredRevResData 555 --#define OBJ_setct_CredRevResData OBJ_set_ctype,37L -+#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" -+#define NID_setct_CredRevReqTBSX 554 -+#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L - --#define SN_setct_PCertReqData "setct-PCertReqData" --#define NID_setct_PCertReqData 556 --#define OBJ_setct_PCertReqData OBJ_set_ctype,38L -+#define SN_setct_CredRevResData "setct-CredRevResData" -+#define NID_setct_CredRevResData 555 -+#define OBJ_setct_CredRevResData OBJ_set_ctype,37L - --#define SN_setct_PCertResTBS "setct-PCertResTBS" --#define NID_setct_PCertResTBS 557 --#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L -+#define SN_setct_PCertReqData "setct-PCertReqData" -+#define NID_setct_PCertReqData 556 -+#define OBJ_setct_PCertReqData OBJ_set_ctype,38L - --#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" --#define NID_setct_BatchAdminReqData 558 --#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L -+#define SN_setct_PCertResTBS "setct-PCertResTBS" -+#define NID_setct_PCertResTBS 557 -+#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L - --#define SN_setct_BatchAdminResData "setct-BatchAdminResData" --#define NID_setct_BatchAdminResData 559 --#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L -+#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" -+#define NID_setct_BatchAdminReqData 558 -+#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L - --#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" --#define NID_setct_CardCInitResTBS 560 --#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L -+#define SN_setct_BatchAdminResData "setct-BatchAdminResData" -+#define NID_setct_BatchAdminResData 559 -+#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L - --#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" --#define NID_setct_MeAqCInitResTBS 561 --#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L -+#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" -+#define NID_setct_CardCInitResTBS 560 -+#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L - --#define SN_setct_RegFormResTBS "setct-RegFormResTBS" --#define NID_setct_RegFormResTBS 562 --#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L -+#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" -+#define NID_setct_MeAqCInitResTBS 561 -+#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L - --#define SN_setct_CertReqData "setct-CertReqData" --#define NID_setct_CertReqData 563 --#define OBJ_setct_CertReqData OBJ_set_ctype,45L -+#define SN_setct_RegFormResTBS "setct-RegFormResTBS" -+#define NID_setct_RegFormResTBS 562 -+#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L - --#define SN_setct_CertReqTBS "setct-CertReqTBS" --#define NID_setct_CertReqTBS 564 --#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L -+#define SN_setct_CertReqData "setct-CertReqData" -+#define NID_setct_CertReqData 563 -+#define OBJ_setct_CertReqData OBJ_set_ctype,45L - --#define SN_setct_CertResData "setct-CertResData" --#define NID_setct_CertResData 565 --#define OBJ_setct_CertResData OBJ_set_ctype,47L -+#define SN_setct_CertReqTBS "setct-CertReqTBS" -+#define NID_setct_CertReqTBS 564 -+#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L - --#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" --#define NID_setct_CertInqReqTBS 566 --#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L -+#define SN_setct_CertResData "setct-CertResData" -+#define NID_setct_CertResData 565 -+#define OBJ_setct_CertResData OBJ_set_ctype,47L - --#define SN_setct_ErrorTBS "setct-ErrorTBS" --#define NID_setct_ErrorTBS 567 --#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L -+#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" -+#define NID_setct_CertInqReqTBS 566 -+#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L - --#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" --#define NID_setct_PIDualSignedTBE 568 --#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L -+#define SN_setct_ErrorTBS "setct-ErrorTBS" -+#define NID_setct_ErrorTBS 567 -+#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L - --#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" --#define NID_setct_PIUnsignedTBE 569 --#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L -+#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" -+#define NID_setct_PIDualSignedTBE 568 -+#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L - --#define SN_setct_AuthReqTBE "setct-AuthReqTBE" --#define NID_setct_AuthReqTBE 570 --#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L -+#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" -+#define NID_setct_PIUnsignedTBE 569 -+#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L - --#define SN_setct_AuthResTBE "setct-AuthResTBE" --#define NID_setct_AuthResTBE 571 --#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L -+#define SN_setct_AuthReqTBE "setct-AuthReqTBE" -+#define NID_setct_AuthReqTBE 570 -+#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L - --#define SN_setct_AuthResTBEX "setct-AuthResTBEX" --#define NID_setct_AuthResTBEX 572 --#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L -+#define SN_setct_AuthResTBE "setct-AuthResTBE" -+#define NID_setct_AuthResTBE 571 -+#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L - --#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" --#define NID_setct_AuthTokenTBE 573 --#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L -+#define SN_setct_AuthResTBEX "setct-AuthResTBEX" -+#define NID_setct_AuthResTBEX 572 -+#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L - --#define SN_setct_CapTokenTBE "setct-CapTokenTBE" --#define NID_setct_CapTokenTBE 574 --#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L -+#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" -+#define NID_setct_AuthTokenTBE 573 -+#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L - --#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" --#define NID_setct_CapTokenTBEX 575 --#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L -+#define SN_setct_CapTokenTBE "setct-CapTokenTBE" -+#define NID_setct_CapTokenTBE 574 -+#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L - --#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" --#define NID_setct_AcqCardCodeMsgTBE 576 --#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L -+#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" -+#define NID_setct_CapTokenTBEX 575 -+#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L - --#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" --#define NID_setct_AuthRevReqTBE 577 --#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L -+#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" -+#define NID_setct_AcqCardCodeMsgTBE 576 -+#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L - --#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" --#define NID_setct_AuthRevResTBE 578 --#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L -+#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" -+#define NID_setct_AuthRevReqTBE 577 -+#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L - --#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" --#define NID_setct_AuthRevResTBEB 579 --#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L -+#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" -+#define NID_setct_AuthRevResTBE 578 -+#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L - --#define SN_setct_CapReqTBE "setct-CapReqTBE" --#define NID_setct_CapReqTBE 580 --#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L -+#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" -+#define NID_setct_AuthRevResTBEB 579 -+#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L - --#define SN_setct_CapReqTBEX "setct-CapReqTBEX" --#define NID_setct_CapReqTBEX 581 --#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L -+#define SN_setct_CapReqTBE "setct-CapReqTBE" -+#define NID_setct_CapReqTBE 580 -+#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L - --#define SN_setct_CapResTBE "setct-CapResTBE" --#define NID_setct_CapResTBE 582 --#define OBJ_setct_CapResTBE OBJ_set_ctype,64L -+#define SN_setct_CapReqTBEX "setct-CapReqTBEX" -+#define NID_setct_CapReqTBEX 581 -+#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L - --#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" --#define NID_setct_CapRevReqTBE 583 --#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L -+#define SN_setct_CapResTBE "setct-CapResTBE" -+#define NID_setct_CapResTBE 582 -+#define OBJ_setct_CapResTBE OBJ_set_ctype,64L - --#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" --#define NID_setct_CapRevReqTBEX 584 --#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L -+#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" -+#define NID_setct_CapRevReqTBE 583 -+#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L - --#define SN_setct_CapRevResTBE "setct-CapRevResTBE" --#define NID_setct_CapRevResTBE 585 --#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L -+#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" -+#define NID_setct_CapRevReqTBEX 584 -+#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L - --#define SN_setct_CredReqTBE "setct-CredReqTBE" --#define NID_setct_CredReqTBE 586 --#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L -+#define SN_setct_CapRevResTBE "setct-CapRevResTBE" -+#define NID_setct_CapRevResTBE 585 -+#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L - --#define SN_setct_CredReqTBEX "setct-CredReqTBEX" --#define NID_setct_CredReqTBEX 587 --#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L -+#define SN_setct_CredReqTBE "setct-CredReqTBE" -+#define NID_setct_CredReqTBE 586 -+#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L - --#define SN_setct_CredResTBE "setct-CredResTBE" --#define NID_setct_CredResTBE 588 --#define OBJ_setct_CredResTBE OBJ_set_ctype,70L -+#define SN_setct_CredReqTBEX "setct-CredReqTBEX" -+#define NID_setct_CredReqTBEX 587 -+#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L - --#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" --#define NID_setct_CredRevReqTBE 589 --#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L -+#define SN_setct_CredResTBE "setct-CredResTBE" -+#define NID_setct_CredResTBE 588 -+#define OBJ_setct_CredResTBE OBJ_set_ctype,70L - --#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" --#define NID_setct_CredRevReqTBEX 590 --#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L -+#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" -+#define NID_setct_CredRevReqTBE 589 -+#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L - --#define SN_setct_CredRevResTBE "setct-CredRevResTBE" --#define NID_setct_CredRevResTBE 591 --#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L -+#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" -+#define NID_setct_CredRevReqTBEX 590 -+#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L - --#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" --#define NID_setct_BatchAdminReqTBE 592 --#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L -+#define SN_setct_CredRevResTBE "setct-CredRevResTBE" -+#define NID_setct_CredRevResTBE 591 -+#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L - --#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" --#define NID_setct_BatchAdminResTBE 593 --#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L -+#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" -+#define NID_setct_BatchAdminReqTBE 592 -+#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L - --#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" --#define NID_setct_RegFormReqTBE 594 --#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L -+#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" -+#define NID_setct_BatchAdminResTBE 593 -+#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L - --#define SN_setct_CertReqTBE "setct-CertReqTBE" --#define NID_setct_CertReqTBE 595 --#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L -+#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" -+#define NID_setct_RegFormReqTBE 594 -+#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L - --#define SN_setct_CertReqTBEX "setct-CertReqTBEX" --#define NID_setct_CertReqTBEX 596 --#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L -+#define SN_setct_CertReqTBE "setct-CertReqTBE" -+#define NID_setct_CertReqTBE 595 -+#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L - --#define SN_setct_CertResTBE "setct-CertResTBE" --#define NID_setct_CertResTBE 597 --#define OBJ_setct_CertResTBE OBJ_set_ctype,79L -+#define SN_setct_CertReqTBEX "setct-CertReqTBEX" -+#define NID_setct_CertReqTBEX 596 -+#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L - --#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" --#define NID_setct_CRLNotificationTBS 598 --#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L -+#define SN_setct_CertResTBE "setct-CertResTBE" -+#define NID_setct_CertResTBE 597 -+#define OBJ_setct_CertResTBE OBJ_set_ctype,79L - --#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" --#define NID_setct_CRLNotificationResTBS 599 --#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L -- --#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" --#define NID_setct_BCIDistributionTBS 600 --#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L -- --#define SN_setext_genCrypt "setext-genCrypt" --#define LN_setext_genCrypt "generic cryptogram" --#define NID_setext_genCrypt 601 --#define OBJ_setext_genCrypt OBJ_set_msgExt,1L -- --#define SN_setext_miAuth "setext-miAuth" --#define LN_setext_miAuth "merchant initiated auth" --#define NID_setext_miAuth 602 --#define OBJ_setext_miAuth OBJ_set_msgExt,3L -- --#define SN_setext_pinSecure "setext-pinSecure" --#define NID_setext_pinSecure 603 --#define OBJ_setext_pinSecure OBJ_set_msgExt,4L -- --#define SN_setext_pinAny "setext-pinAny" --#define NID_setext_pinAny 604 --#define OBJ_setext_pinAny OBJ_set_msgExt,5L -- --#define SN_setext_track2 "setext-track2" --#define NID_setext_track2 605 --#define OBJ_setext_track2 OBJ_set_msgExt,7L -- --#define SN_setext_cv "setext-cv" --#define LN_setext_cv "additional verification" --#define NID_setext_cv 606 --#define OBJ_setext_cv OBJ_set_msgExt,8L -- --#define SN_set_policy_root "set-policy-root" --#define NID_set_policy_root 607 --#define OBJ_set_policy_root OBJ_set_policy,0L -- --#define SN_setCext_hashedRoot "setCext-hashedRoot" --#define NID_setCext_hashedRoot 608 --#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L -- --#define SN_setCext_certType "setCext-certType" --#define NID_setCext_certType 609 --#define OBJ_setCext_certType OBJ_set_certExt,1L -- --#define SN_setCext_merchData "setCext-merchData" --#define NID_setCext_merchData 610 --#define OBJ_setCext_merchData OBJ_set_certExt,2L -- --#define SN_setCext_cCertRequired "setCext-cCertRequired" --#define NID_setCext_cCertRequired 611 --#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L -- --#define SN_setCext_tunneling "setCext-tunneling" --#define NID_setCext_tunneling 612 --#define OBJ_setCext_tunneling OBJ_set_certExt,4L -- --#define SN_setCext_setExt "setCext-setExt" --#define NID_setCext_setExt 613 --#define OBJ_setCext_setExt OBJ_set_certExt,5L -- --#define SN_setCext_setQualf "setCext-setQualf" --#define NID_setCext_setQualf 614 --#define OBJ_setCext_setQualf OBJ_set_certExt,6L -- --#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" --#define NID_setCext_PGWYcapabilities 615 --#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L -- --#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" --#define NID_setCext_TokenIdentifier 616 --#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L -- --#define SN_setCext_Track2Data "setCext-Track2Data" --#define NID_setCext_Track2Data 617 --#define OBJ_setCext_Track2Data OBJ_set_certExt,9L -- --#define SN_setCext_TokenType "setCext-TokenType" --#define NID_setCext_TokenType 618 --#define OBJ_setCext_TokenType OBJ_set_certExt,10L -- --#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" --#define NID_setCext_IssuerCapabilities 619 --#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L -- --#define SN_setAttr_Cert "setAttr-Cert" --#define NID_setAttr_Cert 620 --#define OBJ_setAttr_Cert OBJ_set_attr,0L -- --#define SN_setAttr_PGWYcap "setAttr-PGWYcap" --#define LN_setAttr_PGWYcap "payment gateway capabilities" --#define NID_setAttr_PGWYcap 621 --#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L -- --#define SN_setAttr_TokenType "setAttr-TokenType" --#define NID_setAttr_TokenType 622 --#define OBJ_setAttr_TokenType OBJ_set_attr,2L -- --#define SN_setAttr_IssCap "setAttr-IssCap" --#define LN_setAttr_IssCap "issuer capabilities" --#define NID_setAttr_IssCap 623 --#define OBJ_setAttr_IssCap OBJ_set_attr,3L -- --#define SN_set_rootKeyThumb "set-rootKeyThumb" --#define NID_set_rootKeyThumb 624 --#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L -- --#define SN_set_addPolicy "set-addPolicy" --#define NID_set_addPolicy 625 --#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L -- --#define SN_setAttr_Token_EMV "setAttr-Token-EMV" --#define NID_setAttr_Token_EMV 626 --#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L -- --#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" --#define NID_setAttr_Token_B0Prime 627 --#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L -- --#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" --#define NID_setAttr_IssCap_CVM 628 --#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L -- --#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" --#define NID_setAttr_IssCap_T2 629 --#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L -- --#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" --#define NID_setAttr_IssCap_Sig 630 --#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L -- --#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" --#define LN_setAttr_GenCryptgrm "generate cryptogram" --#define NID_setAttr_GenCryptgrm 631 --#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L -- --#define SN_setAttr_T2Enc "setAttr-T2Enc" --#define LN_setAttr_T2Enc "encrypted track 2" --#define NID_setAttr_T2Enc 632 --#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L -- --#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" --#define LN_setAttr_T2cleartxt "cleartext track 2" --#define NID_setAttr_T2cleartxt 633 --#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L -- --#define SN_setAttr_TokICCsig "setAttr-TokICCsig" --#define LN_setAttr_TokICCsig "ICC or token signature" --#define NID_setAttr_TokICCsig 634 --#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L -- --#define SN_setAttr_SecDevSig "setAttr-SecDevSig" --#define LN_setAttr_SecDevSig "secure device signature" --#define NID_setAttr_SecDevSig 635 --#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L -- --#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" --#define NID_set_brand_IATA_ATA 636 --#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L -- --#define SN_set_brand_Diners "set-brand-Diners" --#define NID_set_brand_Diners 637 --#define OBJ_set_brand_Diners OBJ_set_brand,30L -- --#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" --#define NID_set_brand_AmericanExpress 638 --#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L -- --#define SN_set_brand_JCB "set-brand-JCB" --#define NID_set_brand_JCB 639 --#define OBJ_set_brand_JCB OBJ_set_brand,35L -- --#define SN_set_brand_Visa "set-brand-Visa" --#define NID_set_brand_Visa 640 --#define OBJ_set_brand_Visa OBJ_set_brand,4L -- --#define SN_set_brand_MasterCard "set-brand-MasterCard" --#define NID_set_brand_MasterCard 641 --#define OBJ_set_brand_MasterCard OBJ_set_brand,5L -- --#define SN_set_brand_Novus "set-brand-Novus" --#define NID_set_brand_Novus 642 --#define OBJ_set_brand_Novus OBJ_set_brand,6011L -- --#define SN_des_cdmf "DES-CDMF" --#define LN_des_cdmf "des-cdmf" --#define NID_des_cdmf 643 --#define OBJ_des_cdmf OBJ_rsadsi,3L,10L -- --#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" --#define NID_rsaOAEPEncryptionSET 644 --#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L -- --#define SN_ipsec3 "Oakley-EC2N-3" --#define LN_ipsec3 "ipsec3" --#define NID_ipsec3 749 -- --#define SN_ipsec4 "Oakley-EC2N-4" --#define LN_ipsec4 "ipsec4" --#define NID_ipsec4 750 -- --#define SN_whirlpool "whirlpool" --#define NID_whirlpool 804 --#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L -- --#define SN_cryptopro "cryptopro" --#define NID_cryptopro 805 --#define OBJ_cryptopro OBJ_member_body,643L,2L,2L -- --#define SN_cryptocom "cryptocom" --#define NID_cryptocom 806 --#define OBJ_cryptocom OBJ_member_body,643L,2L,9L -- --#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" --#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" --#define NID_id_GostR3411_94_with_GostR3410_2001 807 --#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L -- --#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" --#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" --#define NID_id_GostR3411_94_with_GostR3410_94 808 --#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L -- --#define SN_id_GostR3411_94 "md_gost94" --#define LN_id_GostR3411_94 "GOST R 34.11-94" --#define NID_id_GostR3411_94 809 --#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L -- --#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" --#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" --#define NID_id_HMACGostR3411_94 810 --#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L -- --#define SN_id_GostR3410_2001 "gost2001" --#define LN_id_GostR3410_2001 "GOST R 34.10-2001" --#define NID_id_GostR3410_2001 811 --#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L -- --#define SN_id_GostR3410_94 "gost94" --#define LN_id_GostR3410_94 "GOST R 34.10-94" --#define NID_id_GostR3410_94 812 --#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L -- --#define SN_id_Gost28147_89 "gost89" --#define LN_id_Gost28147_89 "GOST 28147-89" --#define NID_id_Gost28147_89 813 --#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L -- --#define SN_gost89_cnt "gost89-cnt" --#define NID_gost89_cnt 814 -- --#define SN_id_Gost28147_89_MAC "gost-mac" --#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" --#define NID_id_Gost28147_89_MAC 815 --#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L -- --#define SN_id_GostR3411_94_prf "prf-gostr3411-94" --#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" --#define NID_id_GostR3411_94_prf 816 --#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L -- --#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" --#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" --#define NID_id_GostR3410_2001DH 817 --#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L -- --#define SN_id_GostR3410_94DH "id-GostR3410-94DH" --#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" --#define NID_id_GostR3410_94DH 818 --#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L -- --#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" --#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 --#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L -- --#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" --#define NID_id_Gost28147_89_None_KeyMeshing 820 --#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L -- --#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" --#define NID_id_GostR3411_94_TestParamSet 821 --#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L -- --#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" --#define NID_id_GostR3411_94_CryptoProParamSet 822 --#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L -- --#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" --#define NID_id_Gost28147_89_TestParamSet 823 --#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L -- --#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" --#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 --#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L -- --#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" --#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 --#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L -- --#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" --#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 --#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L -- --#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" --#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 --#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L -- --#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" --#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 --#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L -- --#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" --#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 --#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L -- --#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" --#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 --#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L -- --#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" --#define NID_id_GostR3410_94_TestParamSet 831 --#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L -- --#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" --#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 --#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L -- --#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" --#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 --#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L -- --#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" --#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 --#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L -- --#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" --#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 --#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L -- --#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" --#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 --#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L -- --#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" --#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 --#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L -- --#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" --#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 --#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L -- --#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" --#define NID_id_GostR3410_2001_TestParamSet 839 --#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L -- --#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" --#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 --#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L -- --#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" --#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 --#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L -- --#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" --#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 --#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L -- --#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" --#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 --#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L -- --#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" --#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 --#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L -- --#define SN_id_GostR3410_94_a "id-GostR3410-94-a" --#define NID_id_GostR3410_94_a 845 --#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L -- --#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" --#define NID_id_GostR3410_94_aBis 846 --#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L -- --#define SN_id_GostR3410_94_b "id-GostR3410-94-b" --#define NID_id_GostR3410_94_b 847 --#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L -- --#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" --#define NID_id_GostR3410_94_bBis 848 --#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L -- --#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" --#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" --#define NID_id_Gost28147_89_cc 849 --#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L -- --#define SN_id_GostR3410_94_cc "gost94cc" --#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" --#define NID_id_GostR3410_94_cc 850 --#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L -- --#define SN_id_GostR3410_2001_cc "gost2001cc" --#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" --#define NID_id_GostR3410_2001_cc 851 --#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L -- --#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" --#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" --#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 --#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L -- --#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" --#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" --#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 --#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L -- --#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" --#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" --#define NID_id_GostR3410_2001_ParamSet_cc 854 --#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L -- --#define SN_camellia_128_cbc "CAMELLIA-128-CBC" --#define LN_camellia_128_cbc "camellia-128-cbc" --#define NID_camellia_128_cbc 751 --#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L -- --#define SN_camellia_192_cbc "CAMELLIA-192-CBC" --#define LN_camellia_192_cbc "camellia-192-cbc" --#define NID_camellia_192_cbc 752 --#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L -- --#define SN_camellia_256_cbc "CAMELLIA-256-CBC" --#define LN_camellia_256_cbc "camellia-256-cbc" --#define NID_camellia_256_cbc 753 --#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L -- --#define OBJ_ntt_ds 0L,3L,4401L,5L -- --#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L -- --#define SN_camellia_128_ecb "CAMELLIA-128-ECB" --#define LN_camellia_128_ecb "camellia-128-ecb" --#define NID_camellia_128_ecb 754 --#define OBJ_camellia_128_ecb OBJ_camellia,1L -- --#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" --#define LN_camellia_128_ofb128 "camellia-128-ofb" --#define NID_camellia_128_ofb128 766 --#define OBJ_camellia_128_ofb128 OBJ_camellia,3L -- --#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" --#define LN_camellia_128_cfb128 "camellia-128-cfb" --#define NID_camellia_128_cfb128 757 --#define OBJ_camellia_128_cfb128 OBJ_camellia,4L -- --#define SN_camellia_192_ecb "CAMELLIA-192-ECB" --#define LN_camellia_192_ecb "camellia-192-ecb" --#define NID_camellia_192_ecb 755 --#define OBJ_camellia_192_ecb OBJ_camellia,21L -- --#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" --#define LN_camellia_192_ofb128 "camellia-192-ofb" --#define NID_camellia_192_ofb128 767 --#define OBJ_camellia_192_ofb128 OBJ_camellia,23L -- --#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" --#define LN_camellia_192_cfb128 "camellia-192-cfb" --#define NID_camellia_192_cfb128 758 --#define OBJ_camellia_192_cfb128 OBJ_camellia,24L -- --#define SN_camellia_256_ecb "CAMELLIA-256-ECB" --#define LN_camellia_256_ecb "camellia-256-ecb" --#define NID_camellia_256_ecb 756 --#define OBJ_camellia_256_ecb OBJ_camellia,41L -- --#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" --#define LN_camellia_256_ofb128 "camellia-256-ofb" --#define NID_camellia_256_ofb128 768 --#define OBJ_camellia_256_ofb128 OBJ_camellia,43L -- --#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" --#define LN_camellia_256_cfb128 "camellia-256-cfb" --#define NID_camellia_256_cfb128 759 --#define OBJ_camellia_256_cfb128 OBJ_camellia,44L -- --#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" --#define LN_camellia_128_cfb1 "camellia-128-cfb1" --#define NID_camellia_128_cfb1 760 -- --#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" --#define LN_camellia_192_cfb1 "camellia-192-cfb1" --#define NID_camellia_192_cfb1 761 -- --#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" --#define LN_camellia_256_cfb1 "camellia-256-cfb1" --#define NID_camellia_256_cfb1 762 -- --#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" --#define LN_camellia_128_cfb8 "camellia-128-cfb8" --#define NID_camellia_128_cfb8 763 -- --#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" --#define LN_camellia_192_cfb8 "camellia-192-cfb8" --#define NID_camellia_192_cfb8 764 -- --#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" --#define LN_camellia_256_cfb8 "camellia-256-cfb8" --#define NID_camellia_256_cfb8 765 -- --#define SN_kisa "KISA" --#define LN_kisa "kisa" --#define NID_kisa 773 --#define OBJ_kisa OBJ_member_body,410L,200004L -- --#define SN_seed_ecb "SEED-ECB" --#define LN_seed_ecb "seed-ecb" --#define NID_seed_ecb 776 --#define OBJ_seed_ecb OBJ_kisa,1L,3L -- --#define SN_seed_cbc "SEED-CBC" --#define LN_seed_cbc "seed-cbc" --#define NID_seed_cbc 777 --#define OBJ_seed_cbc OBJ_kisa,1L,4L -- --#define SN_seed_cfb128 "SEED-CFB" --#define LN_seed_cfb128 "seed-cfb" --#define NID_seed_cfb128 779 --#define OBJ_seed_cfb128 OBJ_kisa,1L,5L -- --#define SN_seed_ofb128 "SEED-OFB" --#define LN_seed_ofb128 "seed-ofb" --#define NID_seed_ofb128 778 --#define OBJ_seed_ofb128 OBJ_kisa,1L,6L -- --#define SN_hmac "HMAC" --#define LN_hmac "hmac" --#define NID_hmac 855 -+#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" -+#define NID_setct_CRLNotificationTBS 598 -+#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L - -+#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" -+#define NID_setct_CRLNotificationResTBS 599 -+#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L -+ -+#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" -+#define NID_setct_BCIDistributionTBS 600 -+#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L -+ -+#define SN_setext_genCrypt "setext-genCrypt" -+#define LN_setext_genCrypt "generic cryptogram" -+#define NID_setext_genCrypt 601 -+#define OBJ_setext_genCrypt OBJ_set_msgExt,1L -+ -+#define SN_setext_miAuth "setext-miAuth" -+#define LN_setext_miAuth "merchant initiated auth" -+#define NID_setext_miAuth 602 -+#define OBJ_setext_miAuth OBJ_set_msgExt,3L -+ -+#define SN_setext_pinSecure "setext-pinSecure" -+#define NID_setext_pinSecure 603 -+#define OBJ_setext_pinSecure OBJ_set_msgExt,4L -+ -+#define SN_setext_pinAny "setext-pinAny" -+#define NID_setext_pinAny 604 -+#define OBJ_setext_pinAny OBJ_set_msgExt,5L -+ -+#define SN_setext_track2 "setext-track2" -+#define NID_setext_track2 605 -+#define OBJ_setext_track2 OBJ_set_msgExt,7L -+ -+#define SN_setext_cv "setext-cv" -+#define LN_setext_cv "additional verification" -+#define NID_setext_cv 606 -+#define OBJ_setext_cv OBJ_set_msgExt,8L -+ -+#define SN_set_policy_root "set-policy-root" -+#define NID_set_policy_root 607 -+#define OBJ_set_policy_root OBJ_set_policy,0L -+ -+#define SN_setCext_hashedRoot "setCext-hashedRoot" -+#define NID_setCext_hashedRoot 608 -+#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L -+ -+#define SN_setCext_certType "setCext-certType" -+#define NID_setCext_certType 609 -+#define OBJ_setCext_certType OBJ_set_certExt,1L -+ -+#define SN_setCext_merchData "setCext-merchData" -+#define NID_setCext_merchData 610 -+#define OBJ_setCext_merchData OBJ_set_certExt,2L -+ -+#define SN_setCext_cCertRequired "setCext-cCertRequired" -+#define NID_setCext_cCertRequired 611 -+#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L -+ -+#define SN_setCext_tunneling "setCext-tunneling" -+#define NID_setCext_tunneling 612 -+#define OBJ_setCext_tunneling OBJ_set_certExt,4L -+ -+#define SN_setCext_setExt "setCext-setExt" -+#define NID_setCext_setExt 613 -+#define OBJ_setCext_setExt OBJ_set_certExt,5L -+ -+#define SN_setCext_setQualf "setCext-setQualf" -+#define NID_setCext_setQualf 614 -+#define OBJ_setCext_setQualf OBJ_set_certExt,6L -+ -+#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" -+#define NID_setCext_PGWYcapabilities 615 -+#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L -+ -+#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" -+#define NID_setCext_TokenIdentifier 616 -+#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L -+ -+#define SN_setCext_Track2Data "setCext-Track2Data" -+#define NID_setCext_Track2Data 617 -+#define OBJ_setCext_Track2Data OBJ_set_certExt,9L -+ -+#define SN_setCext_TokenType "setCext-TokenType" -+#define NID_setCext_TokenType 618 -+#define OBJ_setCext_TokenType OBJ_set_certExt,10L -+ -+#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" -+#define NID_setCext_IssuerCapabilities 619 -+#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L -+ -+#define SN_setAttr_Cert "setAttr-Cert" -+#define NID_setAttr_Cert 620 -+#define OBJ_setAttr_Cert OBJ_set_attr,0L -+ -+#define SN_setAttr_PGWYcap "setAttr-PGWYcap" -+#define LN_setAttr_PGWYcap "payment gateway capabilities" -+#define NID_setAttr_PGWYcap 621 -+#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L -+ -+#define SN_setAttr_TokenType "setAttr-TokenType" -+#define NID_setAttr_TokenType 622 -+#define OBJ_setAttr_TokenType OBJ_set_attr,2L -+ -+#define SN_setAttr_IssCap "setAttr-IssCap" -+#define LN_setAttr_IssCap "issuer capabilities" -+#define NID_setAttr_IssCap 623 -+#define OBJ_setAttr_IssCap OBJ_set_attr,3L -+ -+#define SN_set_rootKeyThumb "set-rootKeyThumb" -+#define NID_set_rootKeyThumb 624 -+#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L -+ -+#define SN_set_addPolicy "set-addPolicy" -+#define NID_set_addPolicy 625 -+#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L -+ -+#define SN_setAttr_Token_EMV "setAttr-Token-EMV" -+#define NID_setAttr_Token_EMV 626 -+#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L -+ -+#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" -+#define NID_setAttr_Token_B0Prime 627 -+#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L -+ -+#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" -+#define NID_setAttr_IssCap_CVM 628 -+#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L -+ -+#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" -+#define NID_setAttr_IssCap_T2 629 -+#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L -+ -+#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" -+#define NID_setAttr_IssCap_Sig 630 -+#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L -+ -+#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" -+#define LN_setAttr_GenCryptgrm "generate cryptogram" -+#define NID_setAttr_GenCryptgrm 631 -+#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L -+ -+#define SN_setAttr_T2Enc "setAttr-T2Enc" -+#define LN_setAttr_T2Enc "encrypted track 2" -+#define NID_setAttr_T2Enc 632 -+#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L -+ -+#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" -+#define LN_setAttr_T2cleartxt "cleartext track 2" -+#define NID_setAttr_T2cleartxt 633 -+#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L -+ -+#define SN_setAttr_TokICCsig "setAttr-TokICCsig" -+#define LN_setAttr_TokICCsig "ICC or token signature" -+#define NID_setAttr_TokICCsig 634 -+#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L -+ -+#define SN_setAttr_SecDevSig "setAttr-SecDevSig" -+#define LN_setAttr_SecDevSig "secure device signature" -+#define NID_setAttr_SecDevSig 635 -+#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L -+ -+#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" -+#define NID_set_brand_IATA_ATA 636 -+#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L -+ -+#define SN_set_brand_Diners "set-brand-Diners" -+#define NID_set_brand_Diners 637 -+#define OBJ_set_brand_Diners OBJ_set_brand,30L -+ -+#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" -+#define NID_set_brand_AmericanExpress 638 -+#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L -+ -+#define SN_set_brand_JCB "set-brand-JCB" -+#define NID_set_brand_JCB 639 -+#define OBJ_set_brand_JCB OBJ_set_brand,35L -+ -+#define SN_set_brand_Visa "set-brand-Visa" -+#define NID_set_brand_Visa 640 -+#define OBJ_set_brand_Visa OBJ_set_brand,4L -+ -+#define SN_set_brand_MasterCard "set-brand-MasterCard" -+#define NID_set_brand_MasterCard 641 -+#define OBJ_set_brand_MasterCard OBJ_set_brand,5L -+ -+#define SN_set_brand_Novus "set-brand-Novus" -+#define NID_set_brand_Novus 642 -+#define OBJ_set_brand_Novus OBJ_set_brand,6011L -+ -+#define SN_des_cdmf "DES-CDMF" -+#define LN_des_cdmf "des-cdmf" -+#define NID_des_cdmf 643 -+#define OBJ_des_cdmf OBJ_rsadsi,3L,10L -+ -+#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" -+#define NID_rsaOAEPEncryptionSET 644 -+#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L -+ -+#define SN_ipsec3 "Oakley-EC2N-3" -+#define LN_ipsec3 "ipsec3" -+#define NID_ipsec3 749 -+ -+#define SN_ipsec4 "Oakley-EC2N-4" -+#define LN_ipsec4 "ipsec4" -+#define NID_ipsec4 750 -+ -+#define SN_whirlpool "whirlpool" -+#define NID_whirlpool 804 -+#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L -+ -+#define SN_cryptopro "cryptopro" -+#define NID_cryptopro 805 -+#define OBJ_cryptopro OBJ_member_body,643L,2L,2L -+ -+#define SN_cryptocom "cryptocom" -+#define NID_cryptocom 806 -+#define OBJ_cryptocom OBJ_member_body,643L,2L,9L -+ -+#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" -+#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" -+#define NID_id_GostR3411_94_with_GostR3410_2001 807 -+#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L -+ -+#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" -+#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" -+#define NID_id_GostR3411_94_with_GostR3410_94 808 -+#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L -+ -+#define SN_id_GostR3411_94 "md_gost94" -+#define LN_id_GostR3411_94 "GOST R 34.11-94" -+#define NID_id_GostR3411_94 809 -+#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L -+ -+#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" -+#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" -+#define NID_id_HMACGostR3411_94 810 -+#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L -+ -+#define SN_id_GostR3410_2001 "gost2001" -+#define LN_id_GostR3410_2001 "GOST R 34.10-2001" -+#define NID_id_GostR3410_2001 811 -+#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L -+ -+#define SN_id_GostR3410_94 "gost94" -+#define LN_id_GostR3410_94 "GOST R 34.10-94" -+#define NID_id_GostR3410_94 812 -+#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L -+ -+#define SN_id_Gost28147_89 "gost89" -+#define LN_id_Gost28147_89 "GOST 28147-89" -+#define NID_id_Gost28147_89 813 -+#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L -+ -+#define SN_gost89_cnt "gost89-cnt" -+#define NID_gost89_cnt 814 -+ -+#define SN_id_Gost28147_89_MAC "gost-mac" -+#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" -+#define NID_id_Gost28147_89_MAC 815 -+#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L -+ -+#define SN_id_GostR3411_94_prf "prf-gostr3411-94" -+#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" -+#define NID_id_GostR3411_94_prf 816 -+#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L -+ -+#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" -+#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" -+#define NID_id_GostR3410_2001DH 817 -+#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L -+ -+#define SN_id_GostR3410_94DH "id-GostR3410-94DH" -+#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" -+#define NID_id_GostR3410_94DH 818 -+#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L -+ -+#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" -+#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 -+#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L -+ -+#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" -+#define NID_id_Gost28147_89_None_KeyMeshing 820 -+#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L -+ -+#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" -+#define NID_id_GostR3411_94_TestParamSet 821 -+#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L -+ -+#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" -+#define NID_id_GostR3411_94_CryptoProParamSet 822 -+#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L -+ -+#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" -+#define NID_id_Gost28147_89_TestParamSet 823 -+#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L -+ -+#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" -+#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 -+#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L -+ -+#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" -+#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 -+#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L -+ -+#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" -+#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 -+#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L -+ -+#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" -+#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 -+#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L -+ -+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" -+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 -+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L -+ -+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" -+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 -+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L -+ -+#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" -+#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 -+#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L -+ -+#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" -+#define NID_id_GostR3410_94_TestParamSet 831 -+#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L -+ -+#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" -+#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 -+#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L -+ -+#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" -+#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 -+#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L -+ -+#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" -+#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 -+#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L -+ -+#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" -+#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 -+#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L -+ -+#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" -+#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 -+#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L -+ -+#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" -+#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 -+#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L -+ -+#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" -+#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 -+#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L -+ -+#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" -+#define NID_id_GostR3410_2001_TestParamSet 839 -+#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L -+ -+#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" -+#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 -+#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L -+ -+#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" -+#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 -+#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L -+ -+#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" -+#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 -+#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L -+ -+#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" -+#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 -+#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L -+ -+#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" -+#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 -+#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L -+ -+#define SN_id_GostR3410_94_a "id-GostR3410-94-a" -+#define NID_id_GostR3410_94_a 845 -+#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L -+ -+#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" -+#define NID_id_GostR3410_94_aBis 846 -+#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L -+ -+#define SN_id_GostR3410_94_b "id-GostR3410-94-b" -+#define NID_id_GostR3410_94_b 847 -+#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L -+ -+#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" -+#define NID_id_GostR3410_94_bBis 848 -+#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L -+ -+#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" -+#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" -+#define NID_id_Gost28147_89_cc 849 -+#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L -+ -+#define SN_id_GostR3410_94_cc "gost94cc" -+#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" -+#define NID_id_GostR3410_94_cc 850 -+#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L -+ -+#define SN_id_GostR3410_2001_cc "gost2001cc" -+#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" -+#define NID_id_GostR3410_2001_cc 851 -+#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L -+ -+#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" -+#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" -+#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 -+#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L -+ -+#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" -+#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" -+#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 -+#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L -+ -+#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" -+#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" -+#define NID_id_GostR3410_2001_ParamSet_cc 854 -+#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L -+ -+#define SN_camellia_128_cbc "CAMELLIA-128-CBC" -+#define LN_camellia_128_cbc "camellia-128-cbc" -+#define NID_camellia_128_cbc 751 -+#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L -+ -+#define SN_camellia_192_cbc "CAMELLIA-192-CBC" -+#define LN_camellia_192_cbc "camellia-192-cbc" -+#define NID_camellia_192_cbc 752 -+#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L -+ -+#define SN_camellia_256_cbc "CAMELLIA-256-CBC" -+#define LN_camellia_256_cbc "camellia-256-cbc" -+#define NID_camellia_256_cbc 753 -+#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L -+ -+#define OBJ_ntt_ds 0L,3L,4401L,5L -+ -+#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L -+ -+#define SN_camellia_128_ecb "CAMELLIA-128-ECB" -+#define LN_camellia_128_ecb "camellia-128-ecb" -+#define NID_camellia_128_ecb 754 -+#define OBJ_camellia_128_ecb OBJ_camellia,1L -+ -+#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" -+#define LN_camellia_128_ofb128 "camellia-128-ofb" -+#define NID_camellia_128_ofb128 766 -+#define OBJ_camellia_128_ofb128 OBJ_camellia,3L -+ -+#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" -+#define LN_camellia_128_cfb128 "camellia-128-cfb" -+#define NID_camellia_128_cfb128 757 -+#define OBJ_camellia_128_cfb128 OBJ_camellia,4L -+ -+#define SN_camellia_192_ecb "CAMELLIA-192-ECB" -+#define LN_camellia_192_ecb "camellia-192-ecb" -+#define NID_camellia_192_ecb 755 -+#define OBJ_camellia_192_ecb OBJ_camellia,21L -+ -+#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" -+#define LN_camellia_192_ofb128 "camellia-192-ofb" -+#define NID_camellia_192_ofb128 767 -+#define OBJ_camellia_192_ofb128 OBJ_camellia,23L -+ -+#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" -+#define LN_camellia_192_cfb128 "camellia-192-cfb" -+#define NID_camellia_192_cfb128 758 -+#define OBJ_camellia_192_cfb128 OBJ_camellia,24L -+ -+#define SN_camellia_256_ecb "CAMELLIA-256-ECB" -+#define LN_camellia_256_ecb "camellia-256-ecb" -+#define NID_camellia_256_ecb 756 -+#define OBJ_camellia_256_ecb OBJ_camellia,41L -+ -+#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" -+#define LN_camellia_256_ofb128 "camellia-256-ofb" -+#define NID_camellia_256_ofb128 768 -+#define OBJ_camellia_256_ofb128 OBJ_camellia,43L -+ -+#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" -+#define LN_camellia_256_cfb128 "camellia-256-cfb" -+#define NID_camellia_256_cfb128 759 -+#define OBJ_camellia_256_cfb128 OBJ_camellia,44L -+ -+#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" -+#define LN_camellia_128_cfb1 "camellia-128-cfb1" -+#define NID_camellia_128_cfb1 760 -+ -+#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" -+#define LN_camellia_192_cfb1 "camellia-192-cfb1" -+#define NID_camellia_192_cfb1 761 -+ -+#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" -+#define LN_camellia_256_cfb1 "camellia-256-cfb1" -+#define NID_camellia_256_cfb1 762 -+ -+#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" -+#define LN_camellia_128_cfb8 "camellia-128-cfb8" -+#define NID_camellia_128_cfb8 763 -+ -+#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" -+#define LN_camellia_192_cfb8 "camellia-192-cfb8" -+#define NID_camellia_192_cfb8 764 -+ -+#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" -+#define LN_camellia_256_cfb8 "camellia-256-cfb8" -+#define NID_camellia_256_cfb8 765 -+ -+#define SN_kisa "KISA" -+#define LN_kisa "kisa" -+#define NID_kisa 773 -+#define OBJ_kisa OBJ_member_body,410L,200004L -+ -+#define SN_seed_ecb "SEED-ECB" -+#define LN_seed_ecb "seed-ecb" -+#define NID_seed_ecb 776 -+#define OBJ_seed_ecb OBJ_kisa,1L,3L -+ -+#define SN_seed_cbc "SEED-CBC" -+#define LN_seed_cbc "seed-cbc" -+#define NID_seed_cbc 777 -+#define OBJ_seed_cbc OBJ_kisa,1L,4L -+ -+#define SN_seed_cfb128 "SEED-CFB" -+#define LN_seed_cfb128 "seed-cfb" -+#define NID_seed_cfb128 779 -+#define OBJ_seed_cfb128 OBJ_kisa,1L,5L -+ -+#define SN_seed_ofb128 "SEED-OFB" -+#define LN_seed_ofb128 "seed-ofb" -+#define NID_seed_ofb128 778 -+#define OBJ_seed_ofb128 OBJ_kisa,1L,6L -+ -+#define SN_hmac "HMAC" -+#define LN_hmac "hmac" -+#define NID_hmac 855 -diff --git a/Cryptlib/Include/openssl/objects.h b/Cryptlib/Include/openssl/objects.h -index 7242f76..7958754 100644 ---- a/Cryptlib/Include/openssl/objects.h -+++ b/Cryptlib/Include/openssl/objects.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,973 +57,979 @@ - */ - - #ifndef HEADER_OBJECTS_H --#define HEADER_OBJECTS_H -- --#define USE_OBJ_MAC -- --#ifdef USE_OBJ_MAC --#include --#else --#define SN_undef "UNDEF" --#define LN_undef "undefined" --#define NID_undef 0 --#define OBJ_undef 0L -- --#define SN_Algorithm "Algorithm" --#define LN_algorithm "algorithm" --#define NID_algorithm 38 --#define OBJ_algorithm 1L,3L,14L,3L,2L -- --#define LN_rsadsi "rsadsi" --#define NID_rsadsi 1 --#define OBJ_rsadsi 1L,2L,840L,113549L -- --#define LN_pkcs "pkcs" --#define NID_pkcs 2 --#define OBJ_pkcs OBJ_rsadsi,1L -- --#define SN_md2 "MD2" --#define LN_md2 "md2" --#define NID_md2 3 --#define OBJ_md2 OBJ_rsadsi,2L,2L -- --#define SN_md5 "MD5" --#define LN_md5 "md5" --#define NID_md5 4 --#define OBJ_md5 OBJ_rsadsi,2L,5L -- --#define SN_rc4 "RC4" --#define LN_rc4 "rc4" --#define NID_rc4 5 --#define OBJ_rc4 OBJ_rsadsi,3L,4L -- --#define LN_rsaEncryption "rsaEncryption" --#define NID_rsaEncryption 6 --#define OBJ_rsaEncryption OBJ_pkcs,1L,1L -- --#define SN_md2WithRSAEncryption "RSA-MD2" --#define LN_md2WithRSAEncryption "md2WithRSAEncryption" --#define NID_md2WithRSAEncryption 7 --#define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L -- --#define SN_md5WithRSAEncryption "RSA-MD5" --#define LN_md5WithRSAEncryption "md5WithRSAEncryption" --#define NID_md5WithRSAEncryption 8 --#define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L -- --#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" --#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" --#define NID_pbeWithMD2AndDES_CBC 9 --#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L -- --#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" --#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" --#define NID_pbeWithMD5AndDES_CBC 10 --#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L -- --#define LN_X500 "X500" --#define NID_X500 11 --#define OBJ_X500 2L,5L -- --#define LN_X509 "X509" --#define NID_X509 12 --#define OBJ_X509 OBJ_X500,4L -- --#define SN_commonName "CN" --#define LN_commonName "commonName" --#define NID_commonName 13 --#define OBJ_commonName OBJ_X509,3L -- --#define SN_countryName "C" --#define LN_countryName "countryName" --#define NID_countryName 14 --#define OBJ_countryName OBJ_X509,6L -- --#define SN_localityName "L" --#define LN_localityName "localityName" --#define NID_localityName 15 --#define OBJ_localityName OBJ_X509,7L -+# define HEADER_OBJECTS_H -+ -+# define USE_OBJ_MAC -+ -+# ifdef USE_OBJ_MAC -+# include -+# else -+# define SN_undef "UNDEF" -+# define LN_undef "undefined" -+# define NID_undef 0 -+# define OBJ_undef 0L -+ -+# define SN_Algorithm "Algorithm" -+# define LN_algorithm "algorithm" -+# define NID_algorithm 38 -+# define OBJ_algorithm 1L,3L,14L,3L,2L -+ -+# define LN_rsadsi "rsadsi" -+# define NID_rsadsi 1 -+# define OBJ_rsadsi 1L,2L,840L,113549L -+ -+# define LN_pkcs "pkcs" -+# define NID_pkcs 2 -+# define OBJ_pkcs OBJ_rsadsi,1L -+ -+# define SN_md2 "MD2" -+# define LN_md2 "md2" -+# define NID_md2 3 -+# define OBJ_md2 OBJ_rsadsi,2L,2L -+ -+# define SN_md5 "MD5" -+# define LN_md5 "md5" -+# define NID_md5 4 -+# define OBJ_md5 OBJ_rsadsi,2L,5L -+ -+# define SN_rc4 "RC4" -+# define LN_rc4 "rc4" -+# define NID_rc4 5 -+# define OBJ_rc4 OBJ_rsadsi,3L,4L -+ -+# define LN_rsaEncryption "rsaEncryption" -+# define NID_rsaEncryption 6 -+# define OBJ_rsaEncryption OBJ_pkcs,1L,1L -+ -+# define SN_md2WithRSAEncryption "RSA-MD2" -+# define LN_md2WithRSAEncryption "md2WithRSAEncryption" -+# define NID_md2WithRSAEncryption 7 -+# define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L -+ -+# define SN_md5WithRSAEncryption "RSA-MD5" -+# define LN_md5WithRSAEncryption "md5WithRSAEncryption" -+# define NID_md5WithRSAEncryption 8 -+# define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L -+ -+# define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" -+# define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" -+# define NID_pbeWithMD2AndDES_CBC 9 -+# define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L -+ -+# define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" -+# define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" -+# define NID_pbeWithMD5AndDES_CBC 10 -+# define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L -+ -+# define LN_X500 "X500" -+# define NID_X500 11 -+# define OBJ_X500 2L,5L -+ -+# define LN_X509 "X509" -+# define NID_X509 12 -+# define OBJ_X509 OBJ_X500,4L -+ -+# define SN_commonName "CN" -+# define LN_commonName "commonName" -+# define NID_commonName 13 -+# define OBJ_commonName OBJ_X509,3L -+ -+# define SN_countryName "C" -+# define LN_countryName "countryName" -+# define NID_countryName 14 -+# define OBJ_countryName OBJ_X509,6L -+ -+# define SN_localityName "L" -+# define LN_localityName "localityName" -+# define NID_localityName 15 -+# define OBJ_localityName OBJ_X509,7L - - /* Postal Address? PA */ - - /* should be "ST" (rfc1327) but MS uses 'S' */ --#define SN_stateOrProvinceName "ST" --#define LN_stateOrProvinceName "stateOrProvinceName" --#define NID_stateOrProvinceName 16 --#define OBJ_stateOrProvinceName OBJ_X509,8L -- --#define SN_organizationName "O" --#define LN_organizationName "organizationName" --#define NID_organizationName 17 --#define OBJ_organizationName OBJ_X509,10L -- --#define SN_organizationalUnitName "OU" --#define LN_organizationalUnitName "organizationalUnitName" --#define NID_organizationalUnitName 18 --#define OBJ_organizationalUnitName OBJ_X509,11L -- --#define SN_rsa "RSA" --#define LN_rsa "rsa" --#define NID_rsa 19 --#define OBJ_rsa OBJ_X500,8L,1L,1L -- --#define LN_pkcs7 "pkcs7" --#define NID_pkcs7 20 --#define OBJ_pkcs7 OBJ_pkcs,7L -- --#define LN_pkcs7_data "pkcs7-data" --#define NID_pkcs7_data 21 --#define OBJ_pkcs7_data OBJ_pkcs7,1L -- --#define LN_pkcs7_signed "pkcs7-signedData" --#define NID_pkcs7_signed 22 --#define OBJ_pkcs7_signed OBJ_pkcs7,2L -- --#define LN_pkcs7_enveloped "pkcs7-envelopedData" --#define NID_pkcs7_enveloped 23 --#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L -- --#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" --#define NID_pkcs7_signedAndEnveloped 24 --#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L -- --#define LN_pkcs7_digest "pkcs7-digestData" --#define NID_pkcs7_digest 25 --#define OBJ_pkcs7_digest OBJ_pkcs7,5L -- --#define LN_pkcs7_encrypted "pkcs7-encryptedData" --#define NID_pkcs7_encrypted 26 --#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L -- --#define LN_pkcs3 "pkcs3" --#define NID_pkcs3 27 --#define OBJ_pkcs3 OBJ_pkcs,3L -- --#define LN_dhKeyAgreement "dhKeyAgreement" --#define NID_dhKeyAgreement 28 --#define OBJ_dhKeyAgreement OBJ_pkcs3,1L -- --#define SN_des_ecb "DES-ECB" --#define LN_des_ecb "des-ecb" --#define NID_des_ecb 29 --#define OBJ_des_ecb OBJ_algorithm,6L -- --#define SN_des_cfb64 "DES-CFB" --#define LN_des_cfb64 "des-cfb" --#define NID_des_cfb64 30 -+# define SN_stateOrProvinceName "ST" -+# define LN_stateOrProvinceName "stateOrProvinceName" -+# define NID_stateOrProvinceName 16 -+# define OBJ_stateOrProvinceName OBJ_X509,8L -+ -+# define SN_organizationName "O" -+# define LN_organizationName "organizationName" -+# define NID_organizationName 17 -+# define OBJ_organizationName OBJ_X509,10L -+ -+# define SN_organizationalUnitName "OU" -+# define LN_organizationalUnitName "organizationalUnitName" -+# define NID_organizationalUnitName 18 -+# define OBJ_organizationalUnitName OBJ_X509,11L -+ -+# define SN_rsa "RSA" -+# define LN_rsa "rsa" -+# define NID_rsa 19 -+# define OBJ_rsa OBJ_X500,8L,1L,1L -+ -+# define LN_pkcs7 "pkcs7" -+# define NID_pkcs7 20 -+# define OBJ_pkcs7 OBJ_pkcs,7L -+ -+# define LN_pkcs7_data "pkcs7-data" -+# define NID_pkcs7_data 21 -+# define OBJ_pkcs7_data OBJ_pkcs7,1L -+ -+# define LN_pkcs7_signed "pkcs7-signedData" -+# define NID_pkcs7_signed 22 -+# define OBJ_pkcs7_signed OBJ_pkcs7,2L -+ -+# define LN_pkcs7_enveloped "pkcs7-envelopedData" -+# define NID_pkcs7_enveloped 23 -+# define OBJ_pkcs7_enveloped OBJ_pkcs7,3L -+ -+# define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" -+# define NID_pkcs7_signedAndEnveloped 24 -+# define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L -+ -+# define LN_pkcs7_digest "pkcs7-digestData" -+# define NID_pkcs7_digest 25 -+# define OBJ_pkcs7_digest OBJ_pkcs7,5L -+ -+# define LN_pkcs7_encrypted "pkcs7-encryptedData" -+# define NID_pkcs7_encrypted 26 -+# define OBJ_pkcs7_encrypted OBJ_pkcs7,6L -+ -+# define LN_pkcs3 "pkcs3" -+# define NID_pkcs3 27 -+# define OBJ_pkcs3 OBJ_pkcs,3L -+ -+# define LN_dhKeyAgreement "dhKeyAgreement" -+# define NID_dhKeyAgreement 28 -+# define OBJ_dhKeyAgreement OBJ_pkcs3,1L -+ -+# define SN_des_ecb "DES-ECB" -+# define LN_des_ecb "des-ecb" -+# define NID_des_ecb 29 -+# define OBJ_des_ecb OBJ_algorithm,6L -+ -+# define SN_des_cfb64 "DES-CFB" -+# define LN_des_cfb64 "des-cfb" -+# define NID_des_cfb64 30 - /* IV + num */ --#define OBJ_des_cfb64 OBJ_algorithm,9L -+# define OBJ_des_cfb64 OBJ_algorithm,9L - --#define SN_des_cbc "DES-CBC" --#define LN_des_cbc "des-cbc" --#define NID_des_cbc 31 -+# define SN_des_cbc "DES-CBC" -+# define LN_des_cbc "des-cbc" -+# define NID_des_cbc 31 - /* IV */ --#define OBJ_des_cbc OBJ_algorithm,7L -+# define OBJ_des_cbc OBJ_algorithm,7L - --#define SN_des_ede "DES-EDE" --#define LN_des_ede "des-ede" --#define NID_des_ede 32 -+# define SN_des_ede "DES-EDE" -+# define LN_des_ede "des-ede" -+# define NID_des_ede 32 - /* ?? */ --#define OBJ_des_ede OBJ_algorithm,17L -- --#define SN_des_ede3 "DES-EDE3" --#define LN_des_ede3 "des-ede3" --#define NID_des_ede3 33 -- --#define SN_idea_cbc "IDEA-CBC" --#define LN_idea_cbc "idea-cbc" --#define NID_idea_cbc 34 --#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L -- --#define SN_idea_cfb64 "IDEA-CFB" --#define LN_idea_cfb64 "idea-cfb" --#define NID_idea_cfb64 35 -- --#define SN_idea_ecb "IDEA-ECB" --#define LN_idea_ecb "idea-ecb" --#define NID_idea_ecb 36 -- --#define SN_rc2_cbc "RC2-CBC" --#define LN_rc2_cbc "rc2-cbc" --#define NID_rc2_cbc 37 --#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L -- --#define SN_rc2_ecb "RC2-ECB" --#define LN_rc2_ecb "rc2-ecb" --#define NID_rc2_ecb 38 -- --#define SN_rc2_cfb64 "RC2-CFB" --#define LN_rc2_cfb64 "rc2-cfb" --#define NID_rc2_cfb64 39 -- --#define SN_rc2_ofb64 "RC2-OFB" --#define LN_rc2_ofb64 "rc2-ofb" --#define NID_rc2_ofb64 40 -- --#define SN_sha "SHA" --#define LN_sha "sha" --#define NID_sha 41 --#define OBJ_sha OBJ_algorithm,18L -- --#define SN_shaWithRSAEncryption "RSA-SHA" --#define LN_shaWithRSAEncryption "shaWithRSAEncryption" --#define NID_shaWithRSAEncryption 42 --#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L -- --#define SN_des_ede_cbc "DES-EDE-CBC" --#define LN_des_ede_cbc "des-ede-cbc" --#define NID_des_ede_cbc 43 -- --#define SN_des_ede3_cbc "DES-EDE3-CBC" --#define LN_des_ede3_cbc "des-ede3-cbc" --#define NID_des_ede3_cbc 44 --#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L -- --#define SN_des_ofb64 "DES-OFB" --#define LN_des_ofb64 "des-ofb" --#define NID_des_ofb64 45 --#define OBJ_des_ofb64 OBJ_algorithm,8L -- --#define SN_idea_ofb64 "IDEA-OFB" --#define LN_idea_ofb64 "idea-ofb" --#define NID_idea_ofb64 46 -- --#define LN_pkcs9 "pkcs9" --#define NID_pkcs9 47 --#define OBJ_pkcs9 OBJ_pkcs,9L -- --#define SN_pkcs9_emailAddress "Email" --#define LN_pkcs9_emailAddress "emailAddress" --#define NID_pkcs9_emailAddress 48 --#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L -- --#define LN_pkcs9_unstructuredName "unstructuredName" --#define NID_pkcs9_unstructuredName 49 --#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L -- --#define LN_pkcs9_contentType "contentType" --#define NID_pkcs9_contentType 50 --#define OBJ_pkcs9_contentType OBJ_pkcs9,3L -- --#define LN_pkcs9_messageDigest "messageDigest" --#define NID_pkcs9_messageDigest 51 --#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L -- --#define LN_pkcs9_signingTime "signingTime" --#define NID_pkcs9_signingTime 52 --#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L -- --#define LN_pkcs9_countersignature "countersignature" --#define NID_pkcs9_countersignature 53 --#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L -- --#define LN_pkcs9_challengePassword "challengePassword" --#define NID_pkcs9_challengePassword 54 --#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L -- --#define LN_pkcs9_unstructuredAddress "unstructuredAddress" --#define NID_pkcs9_unstructuredAddress 55 --#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L -- --#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" --#define NID_pkcs9_extCertAttributes 56 --#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L -- --#define SN_netscape "Netscape" --#define LN_netscape "Netscape Communications Corp." --#define NID_netscape 57 --#define OBJ_netscape 2L,16L,840L,1L,113730L -- --#define SN_netscape_cert_extension "nsCertExt" --#define LN_netscape_cert_extension "Netscape Certificate Extension" --#define NID_netscape_cert_extension 58 --#define OBJ_netscape_cert_extension OBJ_netscape,1L -- --#define SN_netscape_data_type "nsDataType" --#define LN_netscape_data_type "Netscape Data Type" --#define NID_netscape_data_type 59 --#define OBJ_netscape_data_type OBJ_netscape,2L -- --#define SN_des_ede_cfb64 "DES-EDE-CFB" --#define LN_des_ede_cfb64 "des-ede-cfb" --#define NID_des_ede_cfb64 60 -- --#define SN_des_ede3_cfb64 "DES-EDE3-CFB" --#define LN_des_ede3_cfb64 "des-ede3-cfb" --#define NID_des_ede3_cfb64 61 -- --#define SN_des_ede_ofb64 "DES-EDE-OFB" --#define LN_des_ede_ofb64 "des-ede-ofb" --#define NID_des_ede_ofb64 62 -- --#define SN_des_ede3_ofb64 "DES-EDE3-OFB" --#define LN_des_ede3_ofb64 "des-ede3-ofb" --#define NID_des_ede3_ofb64 63 -+# define OBJ_des_ede OBJ_algorithm,17L -+ -+# define SN_des_ede3 "DES-EDE3" -+# define LN_des_ede3 "des-ede3" -+# define NID_des_ede3 33 -+ -+# define SN_idea_cbc "IDEA-CBC" -+# define LN_idea_cbc "idea-cbc" -+# define NID_idea_cbc 34 -+# define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L -+ -+# define SN_idea_cfb64 "IDEA-CFB" -+# define LN_idea_cfb64 "idea-cfb" -+# define NID_idea_cfb64 35 -+ -+# define SN_idea_ecb "IDEA-ECB" -+# define LN_idea_ecb "idea-ecb" -+# define NID_idea_ecb 36 -+ -+# define SN_rc2_cbc "RC2-CBC" -+# define LN_rc2_cbc "rc2-cbc" -+# define NID_rc2_cbc 37 -+# define OBJ_rc2_cbc OBJ_rsadsi,3L,2L -+ -+# define SN_rc2_ecb "RC2-ECB" -+# define LN_rc2_ecb "rc2-ecb" -+# define NID_rc2_ecb 38 -+ -+# define SN_rc2_cfb64 "RC2-CFB" -+# define LN_rc2_cfb64 "rc2-cfb" -+# define NID_rc2_cfb64 39 -+ -+# define SN_rc2_ofb64 "RC2-OFB" -+# define LN_rc2_ofb64 "rc2-ofb" -+# define NID_rc2_ofb64 40 -+ -+# define SN_sha "SHA" -+# define LN_sha "sha" -+# define NID_sha 41 -+# define OBJ_sha OBJ_algorithm,18L -+ -+# define SN_shaWithRSAEncryption "RSA-SHA" -+# define LN_shaWithRSAEncryption "shaWithRSAEncryption" -+# define NID_shaWithRSAEncryption 42 -+# define OBJ_shaWithRSAEncryption OBJ_algorithm,15L -+ -+# define SN_des_ede_cbc "DES-EDE-CBC" -+# define LN_des_ede_cbc "des-ede-cbc" -+# define NID_des_ede_cbc 43 -+ -+# define SN_des_ede3_cbc "DES-EDE3-CBC" -+# define LN_des_ede3_cbc "des-ede3-cbc" -+# define NID_des_ede3_cbc 44 -+# define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L -+ -+# define SN_des_ofb64 "DES-OFB" -+# define LN_des_ofb64 "des-ofb" -+# define NID_des_ofb64 45 -+# define OBJ_des_ofb64 OBJ_algorithm,8L -+ -+# define SN_idea_ofb64 "IDEA-OFB" -+# define LN_idea_ofb64 "idea-ofb" -+# define NID_idea_ofb64 46 -+ -+# define LN_pkcs9 "pkcs9" -+# define NID_pkcs9 47 -+# define OBJ_pkcs9 OBJ_pkcs,9L -+ -+# define SN_pkcs9_emailAddress "Email" -+# define LN_pkcs9_emailAddress "emailAddress" -+# define NID_pkcs9_emailAddress 48 -+# define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L -+ -+# define LN_pkcs9_unstructuredName "unstructuredName" -+# define NID_pkcs9_unstructuredName 49 -+# define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L -+ -+# define LN_pkcs9_contentType "contentType" -+# define NID_pkcs9_contentType 50 -+# define OBJ_pkcs9_contentType OBJ_pkcs9,3L -+ -+# define LN_pkcs9_messageDigest "messageDigest" -+# define NID_pkcs9_messageDigest 51 -+# define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L -+ -+# define LN_pkcs9_signingTime "signingTime" -+# define NID_pkcs9_signingTime 52 -+# define OBJ_pkcs9_signingTime OBJ_pkcs9,5L -+ -+# define LN_pkcs9_countersignature "countersignature" -+# define NID_pkcs9_countersignature 53 -+# define OBJ_pkcs9_countersignature OBJ_pkcs9,6L -+ -+# define LN_pkcs9_challengePassword "challengePassword" -+# define NID_pkcs9_challengePassword 54 -+# define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L -+ -+# define LN_pkcs9_unstructuredAddress "unstructuredAddress" -+# define NID_pkcs9_unstructuredAddress 55 -+# define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L -+ -+# define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" -+# define NID_pkcs9_extCertAttributes 56 -+# define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L -+ -+# define SN_netscape "Netscape" -+# define LN_netscape "Netscape Communications Corp." -+# define NID_netscape 57 -+# define OBJ_netscape 2L,16L,840L,1L,113730L -+ -+# define SN_netscape_cert_extension "nsCertExt" -+# define LN_netscape_cert_extension "Netscape Certificate Extension" -+# define NID_netscape_cert_extension 58 -+# define OBJ_netscape_cert_extension OBJ_netscape,1L -+ -+# define SN_netscape_data_type "nsDataType" -+# define LN_netscape_data_type "Netscape Data Type" -+# define NID_netscape_data_type 59 -+# define OBJ_netscape_data_type OBJ_netscape,2L -+ -+# define SN_des_ede_cfb64 "DES-EDE-CFB" -+# define LN_des_ede_cfb64 "des-ede-cfb" -+# define NID_des_ede_cfb64 60 -+ -+# define SN_des_ede3_cfb64 "DES-EDE3-CFB" -+# define LN_des_ede3_cfb64 "des-ede3-cfb" -+# define NID_des_ede3_cfb64 61 -+ -+# define SN_des_ede_ofb64 "DES-EDE-OFB" -+# define LN_des_ede_ofb64 "des-ede-ofb" -+# define NID_des_ede_ofb64 62 -+ -+# define SN_des_ede3_ofb64 "DES-EDE3-OFB" -+# define LN_des_ede3_ofb64 "des-ede3-ofb" -+# define NID_des_ede3_ofb64 63 - - /* I'm not sure about the object ID */ --#define SN_sha1 "SHA1" --#define LN_sha1 "sha1" --#define NID_sha1 64 --#define OBJ_sha1 OBJ_algorithm,26L -+# define SN_sha1 "SHA1" -+# define LN_sha1 "sha1" -+# define NID_sha1 64 -+# define OBJ_sha1 OBJ_algorithm,26L - /* 28 Jun 1996 - eay */ --/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ -+/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ - --#define SN_sha1WithRSAEncryption "RSA-SHA1" --#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" --#define NID_sha1WithRSAEncryption 65 --#define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L -+# define SN_sha1WithRSAEncryption "RSA-SHA1" -+# define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" -+# define NID_sha1WithRSAEncryption 65 -+# define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L - --#define SN_dsaWithSHA "DSA-SHA" --#define LN_dsaWithSHA "dsaWithSHA" --#define NID_dsaWithSHA 66 --#define OBJ_dsaWithSHA OBJ_algorithm,13L -+# define SN_dsaWithSHA "DSA-SHA" -+# define LN_dsaWithSHA "dsaWithSHA" -+# define NID_dsaWithSHA 66 -+# define OBJ_dsaWithSHA OBJ_algorithm,13L - --#define SN_dsa_2 "DSA-old" --#define LN_dsa_2 "dsaEncryption-old" --#define NID_dsa_2 67 --#define OBJ_dsa_2 OBJ_algorithm,12L -+# define SN_dsa_2 "DSA-old" -+# define LN_dsa_2 "dsaEncryption-old" -+# define NID_dsa_2 67 -+# define OBJ_dsa_2 OBJ_algorithm,12L - - /* proposed by microsoft to RSA */ --#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" --#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" --#define NID_pbeWithSHA1AndRC2_CBC 68 --#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L -- --/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now -- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something -- * completely different. -+# define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" -+# define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" -+# define NID_pbeWithSHA1AndRC2_CBC 68 -+# define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L -+ -+/* -+ * proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now defined -+ * explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something completely -+ * different. - */ --#define LN_id_pbkdf2 "PBKDF2" --#define NID_id_pbkdf2 69 --#define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L -+# define LN_id_pbkdf2 "PBKDF2" -+# define NID_id_pbkdf2 69 -+# define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L - --#define SN_dsaWithSHA1_2 "DSA-SHA1-old" --#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" --#define NID_dsaWithSHA1_2 70 -+# define SN_dsaWithSHA1_2 "DSA-SHA1-old" -+# define LN_dsaWithSHA1_2 "dsaWithSHA1-old" -+# define NID_dsaWithSHA1_2 70 - /* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ --#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L -- --#define SN_netscape_cert_type "nsCertType" --#define LN_netscape_cert_type "Netscape Cert Type" --#define NID_netscape_cert_type 71 --#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L -- --#define SN_netscape_base_url "nsBaseUrl" --#define LN_netscape_base_url "Netscape Base Url" --#define NID_netscape_base_url 72 --#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L -- --#define SN_netscape_revocation_url "nsRevocationUrl" --#define LN_netscape_revocation_url "Netscape Revocation Url" --#define NID_netscape_revocation_url 73 --#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L -- --#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" --#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" --#define NID_netscape_ca_revocation_url 74 --#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L -- --#define SN_netscape_renewal_url "nsRenewalUrl" --#define LN_netscape_renewal_url "Netscape Renewal Url" --#define NID_netscape_renewal_url 75 --#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L -- --#define SN_netscape_ca_policy_url "nsCaPolicyUrl" --#define LN_netscape_ca_policy_url "Netscape CA Policy Url" --#define NID_netscape_ca_policy_url 76 --#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L -- --#define SN_netscape_ssl_server_name "nsSslServerName" --#define LN_netscape_ssl_server_name "Netscape SSL Server Name" --#define NID_netscape_ssl_server_name 77 --#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L -- --#define SN_netscape_comment "nsComment" --#define LN_netscape_comment "Netscape Comment" --#define NID_netscape_comment 78 --#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L -- --#define SN_netscape_cert_sequence "nsCertSequence" --#define LN_netscape_cert_sequence "Netscape Certificate Sequence" --#define NID_netscape_cert_sequence 79 --#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L -- --#define SN_desx_cbc "DESX-CBC" --#define LN_desx_cbc "desx-cbc" --#define NID_desx_cbc 80 -- --#define SN_id_ce "id-ce" --#define NID_id_ce 81 --#define OBJ_id_ce 2L,5L,29L -- --#define SN_subject_key_identifier "subjectKeyIdentifier" --#define LN_subject_key_identifier "X509v3 Subject Key Identifier" --#define NID_subject_key_identifier 82 --#define OBJ_subject_key_identifier OBJ_id_ce,14L -- --#define SN_key_usage "keyUsage" --#define LN_key_usage "X509v3 Key Usage" --#define NID_key_usage 83 --#define OBJ_key_usage OBJ_id_ce,15L -- --#define SN_private_key_usage_period "privateKeyUsagePeriod" --#define LN_private_key_usage_period "X509v3 Private Key Usage Period" --#define NID_private_key_usage_period 84 --#define OBJ_private_key_usage_period OBJ_id_ce,16L -- --#define SN_subject_alt_name "subjectAltName" --#define LN_subject_alt_name "X509v3 Subject Alternative Name" --#define NID_subject_alt_name 85 --#define OBJ_subject_alt_name OBJ_id_ce,17L -- --#define SN_issuer_alt_name "issuerAltName" --#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" --#define NID_issuer_alt_name 86 --#define OBJ_issuer_alt_name OBJ_id_ce,18L -- --#define SN_basic_constraints "basicConstraints" --#define LN_basic_constraints "X509v3 Basic Constraints" --#define NID_basic_constraints 87 --#define OBJ_basic_constraints OBJ_id_ce,19L -- --#define SN_crl_number "crlNumber" --#define LN_crl_number "X509v3 CRL Number" --#define NID_crl_number 88 --#define OBJ_crl_number OBJ_id_ce,20L -- --#define SN_certificate_policies "certificatePolicies" --#define LN_certificate_policies "X509v3 Certificate Policies" --#define NID_certificate_policies 89 --#define OBJ_certificate_policies OBJ_id_ce,32L -- --#define SN_authority_key_identifier "authorityKeyIdentifier" --#define LN_authority_key_identifier "X509v3 Authority Key Identifier" --#define NID_authority_key_identifier 90 --#define OBJ_authority_key_identifier OBJ_id_ce,35L -- --#define SN_bf_cbc "BF-CBC" --#define LN_bf_cbc "bf-cbc" --#define NID_bf_cbc 91 --#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L -- --#define SN_bf_ecb "BF-ECB" --#define LN_bf_ecb "bf-ecb" --#define NID_bf_ecb 92 -- --#define SN_bf_cfb64 "BF-CFB" --#define LN_bf_cfb64 "bf-cfb" --#define NID_bf_cfb64 93 -- --#define SN_bf_ofb64 "BF-OFB" --#define LN_bf_ofb64 "bf-ofb" --#define NID_bf_ofb64 94 -- --#define SN_mdc2 "MDC2" --#define LN_mdc2 "mdc2" --#define NID_mdc2 95 --#define OBJ_mdc2 2L,5L,8L,3L,101L --/* An alternative? 1L,3L,14L,3L,2L,19L */ -- --#define SN_mdc2WithRSA "RSA-MDC2" --#define LN_mdc2WithRSA "mdc2withRSA" --#define NID_mdc2WithRSA 96 --#define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L -- --#define SN_rc4_40 "RC4-40" --#define LN_rc4_40 "rc4-40" --#define NID_rc4_40 97 -- --#define SN_rc2_40_cbc "RC2-40-CBC" --#define LN_rc2_40_cbc "rc2-40-cbc" --#define NID_rc2_40_cbc 98 -- --#define SN_givenName "G" --#define LN_givenName "givenName" --#define NID_givenName 99 --#define OBJ_givenName OBJ_X509,42L -- --#define SN_surname "S" --#define LN_surname "surname" --#define NID_surname 100 --#define OBJ_surname OBJ_X509,4L -- --#define SN_initials "I" --#define LN_initials "initials" --#define NID_initials 101 --#define OBJ_initials OBJ_X509,43L -- --#define SN_uniqueIdentifier "UID" --#define LN_uniqueIdentifier "uniqueIdentifier" --#define NID_uniqueIdentifier 102 --#define OBJ_uniqueIdentifier OBJ_X509,45L -- --#define SN_crl_distribution_points "crlDistributionPoints" --#define LN_crl_distribution_points "X509v3 CRL Distribution Points" --#define NID_crl_distribution_points 103 --#define OBJ_crl_distribution_points OBJ_id_ce,31L -- --#define SN_md5WithRSA "RSA-NP-MD5" --#define LN_md5WithRSA "md5WithRSA" --#define NID_md5WithRSA 104 --#define OBJ_md5WithRSA OBJ_algorithm,3L -- --#define SN_serialNumber "SN" --#define LN_serialNumber "serialNumber" --#define NID_serialNumber 105 --#define OBJ_serialNumber OBJ_X509,5L -- --#define SN_title "T" --#define LN_title "title" --#define NID_title 106 --#define OBJ_title OBJ_X509,12L -- --#define SN_description "D" --#define LN_description "description" --#define NID_description 107 --#define OBJ_description OBJ_X509,13L -+# define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L -+ -+# define SN_netscape_cert_type "nsCertType" -+# define LN_netscape_cert_type "Netscape Cert Type" -+# define NID_netscape_cert_type 71 -+# define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L -+ -+# define SN_netscape_base_url "nsBaseUrl" -+# define LN_netscape_base_url "Netscape Base Url" -+# define NID_netscape_base_url 72 -+# define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L -+ -+# define SN_netscape_revocation_url "nsRevocationUrl" -+# define LN_netscape_revocation_url "Netscape Revocation Url" -+# define NID_netscape_revocation_url 73 -+# define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L -+ -+# define SN_netscape_ca_revocation_url "nsCaRevocationUrl" -+# define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" -+# define NID_netscape_ca_revocation_url 74 -+# define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L -+ -+# define SN_netscape_renewal_url "nsRenewalUrl" -+# define LN_netscape_renewal_url "Netscape Renewal Url" -+# define NID_netscape_renewal_url 75 -+# define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L -+ -+# define SN_netscape_ca_policy_url "nsCaPolicyUrl" -+# define LN_netscape_ca_policy_url "Netscape CA Policy Url" -+# define NID_netscape_ca_policy_url 76 -+# define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L -+ -+# define SN_netscape_ssl_server_name "nsSslServerName" -+# define LN_netscape_ssl_server_name "Netscape SSL Server Name" -+# define NID_netscape_ssl_server_name 77 -+# define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L -+ -+# define SN_netscape_comment "nsComment" -+# define LN_netscape_comment "Netscape Comment" -+# define NID_netscape_comment 78 -+# define OBJ_netscape_comment OBJ_netscape_cert_extension,13L -+ -+# define SN_netscape_cert_sequence "nsCertSequence" -+# define LN_netscape_cert_sequence "Netscape Certificate Sequence" -+# define NID_netscape_cert_sequence 79 -+# define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L -+ -+# define SN_desx_cbc "DESX-CBC" -+# define LN_desx_cbc "desx-cbc" -+# define NID_desx_cbc 80 -+ -+# define SN_id_ce "id-ce" -+# define NID_id_ce 81 -+# define OBJ_id_ce 2L,5L,29L -+ -+# define SN_subject_key_identifier "subjectKeyIdentifier" -+# define LN_subject_key_identifier "X509v3 Subject Key Identifier" -+# define NID_subject_key_identifier 82 -+# define OBJ_subject_key_identifier OBJ_id_ce,14L -+ -+# define SN_key_usage "keyUsage" -+# define LN_key_usage "X509v3 Key Usage" -+# define NID_key_usage 83 -+# define OBJ_key_usage OBJ_id_ce,15L -+ -+# define SN_private_key_usage_period "privateKeyUsagePeriod" -+# define LN_private_key_usage_period "X509v3 Private Key Usage Period" -+# define NID_private_key_usage_period 84 -+# define OBJ_private_key_usage_period OBJ_id_ce,16L -+ -+# define SN_subject_alt_name "subjectAltName" -+# define LN_subject_alt_name "X509v3 Subject Alternative Name" -+# define NID_subject_alt_name 85 -+# define OBJ_subject_alt_name OBJ_id_ce,17L -+ -+# define SN_issuer_alt_name "issuerAltName" -+# define LN_issuer_alt_name "X509v3 Issuer Alternative Name" -+# define NID_issuer_alt_name 86 -+# define OBJ_issuer_alt_name OBJ_id_ce,18L -+ -+# define SN_basic_constraints "basicConstraints" -+# define LN_basic_constraints "X509v3 Basic Constraints" -+# define NID_basic_constraints 87 -+# define OBJ_basic_constraints OBJ_id_ce,19L -+ -+# define SN_crl_number "crlNumber" -+# define LN_crl_number "X509v3 CRL Number" -+# define NID_crl_number 88 -+# define OBJ_crl_number OBJ_id_ce,20L -+ -+# define SN_certificate_policies "certificatePolicies" -+# define LN_certificate_policies "X509v3 Certificate Policies" -+# define NID_certificate_policies 89 -+# define OBJ_certificate_policies OBJ_id_ce,32L -+ -+# define SN_authority_key_identifier "authorityKeyIdentifier" -+# define LN_authority_key_identifier "X509v3 Authority Key Identifier" -+# define NID_authority_key_identifier 90 -+# define OBJ_authority_key_identifier OBJ_id_ce,35L -+ -+# define SN_bf_cbc "BF-CBC" -+# define LN_bf_cbc "bf-cbc" -+# define NID_bf_cbc 91 -+# define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L -+ -+# define SN_bf_ecb "BF-ECB" -+# define LN_bf_ecb "bf-ecb" -+# define NID_bf_ecb 92 -+ -+# define SN_bf_cfb64 "BF-CFB" -+# define LN_bf_cfb64 "bf-cfb" -+# define NID_bf_cfb64 93 -+ -+# define SN_bf_ofb64 "BF-OFB" -+# define LN_bf_ofb64 "bf-ofb" -+# define NID_bf_ofb64 94 -+ -+# define SN_mdc2 "MDC2" -+# define LN_mdc2 "mdc2" -+# define NID_mdc2 95 -+# define OBJ_mdc2 2L,5L,8L,3L,101L -+/* An alternative? 1L,3L,14L,3L,2L,19L */ -+ -+# define SN_mdc2WithRSA "RSA-MDC2" -+# define LN_mdc2WithRSA "mdc2withRSA" -+# define NID_mdc2WithRSA 96 -+# define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L -+ -+# define SN_rc4_40 "RC4-40" -+# define LN_rc4_40 "rc4-40" -+# define NID_rc4_40 97 -+ -+# define SN_rc2_40_cbc "RC2-40-CBC" -+# define LN_rc2_40_cbc "rc2-40-cbc" -+# define NID_rc2_40_cbc 98 -+ -+# define SN_givenName "G" -+# define LN_givenName "givenName" -+# define NID_givenName 99 -+# define OBJ_givenName OBJ_X509,42L -+ -+# define SN_surname "S" -+# define LN_surname "surname" -+# define NID_surname 100 -+# define OBJ_surname OBJ_X509,4L -+ -+# define SN_initials "I" -+# define LN_initials "initials" -+# define NID_initials 101 -+# define OBJ_initials OBJ_X509,43L -+ -+# define SN_uniqueIdentifier "UID" -+# define LN_uniqueIdentifier "uniqueIdentifier" -+# define NID_uniqueIdentifier 102 -+# define OBJ_uniqueIdentifier OBJ_X509,45L -+ -+# define SN_crl_distribution_points "crlDistributionPoints" -+# define LN_crl_distribution_points "X509v3 CRL Distribution Points" -+# define NID_crl_distribution_points 103 -+# define OBJ_crl_distribution_points OBJ_id_ce,31L -+ -+# define SN_md5WithRSA "RSA-NP-MD5" -+# define LN_md5WithRSA "md5WithRSA" -+# define NID_md5WithRSA 104 -+# define OBJ_md5WithRSA OBJ_algorithm,3L -+ -+# define SN_serialNumber "SN" -+# define LN_serialNumber "serialNumber" -+# define NID_serialNumber 105 -+# define OBJ_serialNumber OBJ_X509,5L -+ -+# define SN_title "T" -+# define LN_title "title" -+# define NID_title 106 -+# define OBJ_title OBJ_X509,12L -+ -+# define SN_description "D" -+# define LN_description "description" -+# define NID_description 107 -+# define OBJ_description OBJ_X509,13L - - /* CAST5 is CAST-128, I'm just sticking with the documentation */ --#define SN_cast5_cbc "CAST5-CBC" --#define LN_cast5_cbc "cast5-cbc" --#define NID_cast5_cbc 108 --#define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L -+# define SN_cast5_cbc "CAST5-CBC" -+# define LN_cast5_cbc "cast5-cbc" -+# define NID_cast5_cbc 108 -+# define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L - --#define SN_cast5_ecb "CAST5-ECB" --#define LN_cast5_ecb "cast5-ecb" --#define NID_cast5_ecb 109 -+# define SN_cast5_ecb "CAST5-ECB" -+# define LN_cast5_ecb "cast5-ecb" -+# define NID_cast5_ecb 109 - --#define SN_cast5_cfb64 "CAST5-CFB" --#define LN_cast5_cfb64 "cast5-cfb" --#define NID_cast5_cfb64 110 -+# define SN_cast5_cfb64 "CAST5-CFB" -+# define LN_cast5_cfb64 "cast5-cfb" -+# define NID_cast5_cfb64 110 - --#define SN_cast5_ofb64 "CAST5-OFB" --#define LN_cast5_ofb64 "cast5-ofb" --#define NID_cast5_ofb64 111 -+# define SN_cast5_ofb64 "CAST5-OFB" -+# define LN_cast5_ofb64 "cast5-ofb" -+# define NID_cast5_ofb64 111 - --#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" --#define NID_pbeWithMD5AndCast5_CBC 112 --#define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L -+# define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" -+# define NID_pbeWithMD5AndCast5_CBC 112 -+# define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L - --/* This is one sun will soon be using :-( -+/*- -+ * This is one sun will soon be using :-( - * id-dsa-with-sha1 ID ::= { - * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 } - */ --#define SN_dsaWithSHA1 "DSA-SHA1" --#define LN_dsaWithSHA1 "dsaWithSHA1" --#define NID_dsaWithSHA1 113 --#define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L -- --#define NID_md5_sha1 114 --#define SN_md5_sha1 "MD5-SHA1" --#define LN_md5_sha1 "md5-sha1" -- --#define SN_sha1WithRSA "RSA-SHA1-2" --#define LN_sha1WithRSA "sha1WithRSA" --#define NID_sha1WithRSA 115 --#define OBJ_sha1WithRSA OBJ_algorithm,29L -- --#define SN_dsa "DSA" --#define LN_dsa "dsaEncryption" --#define NID_dsa 116 --#define OBJ_dsa 1L,2L,840L,10040L,4L,1L -- --#define SN_ripemd160 "RIPEMD160" --#define LN_ripemd160 "ripemd160" --#define NID_ripemd160 117 --#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L -- --/* The name should actually be rsaSignatureWithripemd160, but I'm going -- * to continue using the convention I'm using with the other ciphers */ --#define SN_ripemd160WithRSA "RSA-RIPEMD160" --#define LN_ripemd160WithRSA "ripemd160WithRSA" --#define NID_ripemd160WithRSA 119 --#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L -- --/* Taken from rfc2040 -+# define SN_dsaWithSHA1 "DSA-SHA1" -+# define LN_dsaWithSHA1 "dsaWithSHA1" -+# define NID_dsaWithSHA1 113 -+# define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L -+ -+# define NID_md5_sha1 114 -+# define SN_md5_sha1 "MD5-SHA1" -+# define LN_md5_sha1 "md5-sha1" -+ -+# define SN_sha1WithRSA "RSA-SHA1-2" -+# define LN_sha1WithRSA "sha1WithRSA" -+# define NID_sha1WithRSA 115 -+# define OBJ_sha1WithRSA OBJ_algorithm,29L -+ -+# define SN_dsa "DSA" -+# define LN_dsa "dsaEncryption" -+# define NID_dsa 116 -+# define OBJ_dsa 1L,2L,840L,10040L,4L,1L -+ -+# define SN_ripemd160 "RIPEMD160" -+# define LN_ripemd160 "ripemd160" -+# define NID_ripemd160 117 -+# define OBJ_ripemd160 1L,3L,36L,3L,2L,1L -+ -+/* -+ * The name should actually be rsaSignatureWithripemd160, but I'm going to -+ * continue using the convention I'm using with the other ciphers -+ */ -+# define SN_ripemd160WithRSA "RSA-RIPEMD160" -+# define LN_ripemd160WithRSA "ripemd160WithRSA" -+# define NID_ripemd160WithRSA 119 -+# define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L -+ -+/*- -+ * Taken from rfc2040 - * RC5_CBC_Parameters ::= SEQUENCE { -- * version INTEGER (v1_0(16)), -- * rounds INTEGER (8..127), -- * blockSizeInBits INTEGER (64, 128), -- * iv OCTET STRING OPTIONAL -- * } -+ * version INTEGER (v1_0(16)), -+ * rounds INTEGER (8..127), -+ * blockSizeInBits INTEGER (64, 128), -+ * iv OCTET STRING OPTIONAL -+ * } - */ --#define SN_rc5_cbc "RC5-CBC" --#define LN_rc5_cbc "rc5-cbc" --#define NID_rc5_cbc 120 --#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L -- --#define SN_rc5_ecb "RC5-ECB" --#define LN_rc5_ecb "rc5-ecb" --#define NID_rc5_ecb 121 -- --#define SN_rc5_cfb64 "RC5-CFB" --#define LN_rc5_cfb64 "rc5-cfb" --#define NID_rc5_cfb64 122 -- --#define SN_rc5_ofb64 "RC5-OFB" --#define LN_rc5_ofb64 "rc5-ofb" --#define NID_rc5_ofb64 123 -- --#define SN_rle_compression "RLE" --#define LN_rle_compression "run length compression" --#define NID_rle_compression 124 --#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L -- --#define SN_zlib_compression "ZLIB" --#define LN_zlib_compression "zlib compression" --#define NID_zlib_compression 125 --#define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L -- --#define SN_ext_key_usage "extendedKeyUsage" --#define LN_ext_key_usage "X509v3 Extended Key Usage" --#define NID_ext_key_usage 126 --#define OBJ_ext_key_usage OBJ_id_ce,37 -- --#define SN_id_pkix "PKIX" --#define NID_id_pkix 127 --#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L -- --#define SN_id_kp "id-kp" --#define NID_id_kp 128 --#define OBJ_id_kp OBJ_id_pkix,3L -+# define SN_rc5_cbc "RC5-CBC" -+# define LN_rc5_cbc "rc5-cbc" -+# define NID_rc5_cbc 120 -+# define OBJ_rc5_cbc OBJ_rsadsi,3L,8L -+ -+# define SN_rc5_ecb "RC5-ECB" -+# define LN_rc5_ecb "rc5-ecb" -+# define NID_rc5_ecb 121 -+ -+# define SN_rc5_cfb64 "RC5-CFB" -+# define LN_rc5_cfb64 "rc5-cfb" -+# define NID_rc5_cfb64 122 -+ -+# define SN_rc5_ofb64 "RC5-OFB" -+# define LN_rc5_ofb64 "rc5-ofb" -+# define NID_rc5_ofb64 123 -+ -+# define SN_rle_compression "RLE" -+# define LN_rle_compression "run length compression" -+# define NID_rle_compression 124 -+# define OBJ_rle_compression 1L,1L,1L,1L,666L,1L -+ -+# define SN_zlib_compression "ZLIB" -+# define LN_zlib_compression "zlib compression" -+# define NID_zlib_compression 125 -+# define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L -+ -+# define SN_ext_key_usage "extendedKeyUsage" -+# define LN_ext_key_usage "X509v3 Extended Key Usage" -+# define NID_ext_key_usage 126 -+# define OBJ_ext_key_usage OBJ_id_ce,37 -+ -+# define SN_id_pkix "PKIX" -+# define NID_id_pkix 127 -+# define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L -+ -+# define SN_id_kp "id-kp" -+# define NID_id_kp 128 -+# define OBJ_id_kp OBJ_id_pkix,3L - - /* PKIX extended key usage OIDs */ - --#define SN_server_auth "serverAuth" --#define LN_server_auth "TLS Web Server Authentication" --#define NID_server_auth 129 --#define OBJ_server_auth OBJ_id_kp,1L -+# define SN_server_auth "serverAuth" -+# define LN_server_auth "TLS Web Server Authentication" -+# define NID_server_auth 129 -+# define OBJ_server_auth OBJ_id_kp,1L - --#define SN_client_auth "clientAuth" --#define LN_client_auth "TLS Web Client Authentication" --#define NID_client_auth 130 --#define OBJ_client_auth OBJ_id_kp,2L -+# define SN_client_auth "clientAuth" -+# define LN_client_auth "TLS Web Client Authentication" -+# define NID_client_auth 130 -+# define OBJ_client_auth OBJ_id_kp,2L - --#define SN_code_sign "codeSigning" --#define LN_code_sign "Code Signing" --#define NID_code_sign 131 --#define OBJ_code_sign OBJ_id_kp,3L -+# define SN_code_sign "codeSigning" -+# define LN_code_sign "Code Signing" -+# define NID_code_sign 131 -+# define OBJ_code_sign OBJ_id_kp,3L - --#define SN_email_protect "emailProtection" --#define LN_email_protect "E-mail Protection" --#define NID_email_protect 132 --#define OBJ_email_protect OBJ_id_kp,4L -+# define SN_email_protect "emailProtection" -+# define LN_email_protect "E-mail Protection" -+# define NID_email_protect 132 -+# define OBJ_email_protect OBJ_id_kp,4L - --#define SN_time_stamp "timeStamping" --#define LN_time_stamp "Time Stamping" --#define NID_time_stamp 133 --#define OBJ_time_stamp OBJ_id_kp,8L -+# define SN_time_stamp "timeStamping" -+# define LN_time_stamp "Time Stamping" -+# define NID_time_stamp 133 -+# define OBJ_time_stamp OBJ_id_kp,8L - - /* Additional extended key usage OIDs: Microsoft */ - --#define SN_ms_code_ind "msCodeInd" --#define LN_ms_code_ind "Microsoft Individual Code Signing" --#define NID_ms_code_ind 134 --#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L -+# define SN_ms_code_ind "msCodeInd" -+# define LN_ms_code_ind "Microsoft Individual Code Signing" -+# define NID_ms_code_ind 134 -+# define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L - --#define SN_ms_code_com "msCodeCom" --#define LN_ms_code_com "Microsoft Commercial Code Signing" --#define NID_ms_code_com 135 --#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L -+# define SN_ms_code_com "msCodeCom" -+# define LN_ms_code_com "Microsoft Commercial Code Signing" -+# define NID_ms_code_com 135 -+# define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L - --#define SN_ms_ctl_sign "msCTLSign" --#define LN_ms_ctl_sign "Microsoft Trust List Signing" --#define NID_ms_ctl_sign 136 --#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L -+# define SN_ms_ctl_sign "msCTLSign" -+# define LN_ms_ctl_sign "Microsoft Trust List Signing" -+# define NID_ms_ctl_sign 136 -+# define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L - --#define SN_ms_sgc "msSGC" --#define LN_ms_sgc "Microsoft Server Gated Crypto" --#define NID_ms_sgc 137 --#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L -+# define SN_ms_sgc "msSGC" -+# define LN_ms_sgc "Microsoft Server Gated Crypto" -+# define NID_ms_sgc 137 -+# define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L - --#define SN_ms_efs "msEFS" --#define LN_ms_efs "Microsoft Encrypted File System" --#define NID_ms_efs 138 --#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L -+# define SN_ms_efs "msEFS" -+# define LN_ms_efs "Microsoft Encrypted File System" -+# define NID_ms_efs 138 -+# define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L - - /* Additional usage: Netscape */ - --#define SN_ns_sgc "nsSGC" --#define LN_ns_sgc "Netscape Server Gated Crypto" --#define NID_ns_sgc 139 --#define OBJ_ns_sgc OBJ_netscape,4L,1L -+# define SN_ns_sgc "nsSGC" -+# define LN_ns_sgc "Netscape Server Gated Crypto" -+# define NID_ns_sgc 139 -+# define OBJ_ns_sgc OBJ_netscape,4L,1L - --#define SN_delta_crl "deltaCRL" --#define LN_delta_crl "X509v3 Delta CRL Indicator" --#define NID_delta_crl 140 --#define OBJ_delta_crl OBJ_id_ce,27L -+# define SN_delta_crl "deltaCRL" -+# define LN_delta_crl "X509v3 Delta CRL Indicator" -+# define NID_delta_crl 140 -+# define OBJ_delta_crl OBJ_id_ce,27L - --#define SN_crl_reason "CRLReason" --#define LN_crl_reason "CRL Reason Code" --#define NID_crl_reason 141 --#define OBJ_crl_reason OBJ_id_ce,21L -+# define SN_crl_reason "CRLReason" -+# define LN_crl_reason "CRL Reason Code" -+# define NID_crl_reason 141 -+# define OBJ_crl_reason OBJ_id_ce,21L - --#define SN_invalidity_date "invalidityDate" --#define LN_invalidity_date "Invalidity Date" --#define NID_invalidity_date 142 --#define OBJ_invalidity_date OBJ_id_ce,24L -+# define SN_invalidity_date "invalidityDate" -+# define LN_invalidity_date "Invalidity Date" -+# define NID_invalidity_date 142 -+# define OBJ_invalidity_date OBJ_id_ce,24L - --#define SN_sxnet "SXNetID" --#define LN_sxnet "Strong Extranet ID" --#define NID_sxnet 143 --#define OBJ_sxnet 1L,3L,101L,1L,4L,1L -+# define SN_sxnet "SXNetID" -+# define LN_sxnet "Strong Extranet ID" -+# define NID_sxnet 143 -+# define OBJ_sxnet 1L,3L,101L,1L,4L,1L - - /* PKCS12 and related OBJECT IDENTIFIERS */ - --#define OBJ_pkcs12 OBJ_pkcs,12L --#define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 -+# define OBJ_pkcs12 OBJ_pkcs,12L -+# define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 - --#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" --#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" --#define NID_pbe_WithSHA1And128BitRC4 144 --#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L -+# define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" -+# define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" -+# define NID_pbe_WithSHA1And128BitRC4 144 -+# define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L - --#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" --#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" --#define NID_pbe_WithSHA1And40BitRC4 145 --#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L -+# define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" -+# define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" -+# define NID_pbe_WithSHA1And40BitRC4 145 -+# define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L - --#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" --#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" --#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 --#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L -+# define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" -+# define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" -+# define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 -+# define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L - --#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" --#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" --#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 --#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L -+# define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" -+# define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" -+# define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 -+# define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L - --#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" --#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" --#define NID_pbe_WithSHA1And128BitRC2_CBC 148 --#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L -+# define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" -+# define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" -+# define NID_pbe_WithSHA1And128BitRC2_CBC 148 -+# define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L - --#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" --#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" --#define NID_pbe_WithSHA1And40BitRC2_CBC 149 --#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L -+# define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" -+# define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" -+# define NID_pbe_WithSHA1And40BitRC2_CBC 149 -+# define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L - --#define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L -+# define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L - --#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L -+# define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L - --#define LN_keyBag "keyBag" --#define NID_keyBag 150 --#define OBJ_keyBag OBJ_pkcs12_BagIds, 1L -+# define LN_keyBag "keyBag" -+# define NID_keyBag 150 -+# define OBJ_keyBag OBJ_pkcs12_BagIds, 1L - --#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" --#define NID_pkcs8ShroudedKeyBag 151 --#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L -+# define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" -+# define NID_pkcs8ShroudedKeyBag 151 -+# define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L - --#define LN_certBag "certBag" --#define NID_certBag 152 --#define OBJ_certBag OBJ_pkcs12_BagIds, 3L -+# define LN_certBag "certBag" -+# define NID_certBag 152 -+# define OBJ_certBag OBJ_pkcs12_BagIds, 3L - --#define LN_crlBag "crlBag" --#define NID_crlBag 153 --#define OBJ_crlBag OBJ_pkcs12_BagIds, 4L -+# define LN_crlBag "crlBag" -+# define NID_crlBag 153 -+# define OBJ_crlBag OBJ_pkcs12_BagIds, 4L - --#define LN_secretBag "secretBag" --#define NID_secretBag 154 --#define OBJ_secretBag OBJ_pkcs12_BagIds, 5L -+# define LN_secretBag "secretBag" -+# define NID_secretBag 154 -+# define OBJ_secretBag OBJ_pkcs12_BagIds, 5L - --#define LN_safeContentsBag "safeContentsBag" --#define NID_safeContentsBag 155 --#define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L -+# define LN_safeContentsBag "safeContentsBag" -+# define NID_safeContentsBag 155 -+# define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L - --#define LN_friendlyName "friendlyName" --#define NID_friendlyName 156 --#define OBJ_friendlyName OBJ_pkcs9, 20L -+# define LN_friendlyName "friendlyName" -+# define NID_friendlyName 156 -+# define OBJ_friendlyName OBJ_pkcs9, 20L - --#define LN_localKeyID "localKeyID" --#define NID_localKeyID 157 --#define OBJ_localKeyID OBJ_pkcs9, 21L -+# define LN_localKeyID "localKeyID" -+# define NID_localKeyID 157 -+# define OBJ_localKeyID OBJ_pkcs9, 21L - --#define OBJ_certTypes OBJ_pkcs9, 22L -+# define OBJ_certTypes OBJ_pkcs9, 22L - --#define LN_x509Certificate "x509Certificate" --#define NID_x509Certificate 158 --#define OBJ_x509Certificate OBJ_certTypes, 1L -+# define LN_x509Certificate "x509Certificate" -+# define NID_x509Certificate 158 -+# define OBJ_x509Certificate OBJ_certTypes, 1L - --#define LN_sdsiCertificate "sdsiCertificate" --#define NID_sdsiCertificate 159 --#define OBJ_sdsiCertificate OBJ_certTypes, 2L -+# define LN_sdsiCertificate "sdsiCertificate" -+# define NID_sdsiCertificate 159 -+# define OBJ_sdsiCertificate OBJ_certTypes, 2L - --#define OBJ_crlTypes OBJ_pkcs9, 23L -+# define OBJ_crlTypes OBJ_pkcs9, 23L - --#define LN_x509Crl "x509Crl" --#define NID_x509Crl 160 --#define OBJ_x509Crl OBJ_crlTypes, 1L -+# define LN_x509Crl "x509Crl" -+# define NID_x509Crl 160 -+# define OBJ_x509Crl OBJ_crlTypes, 1L - - /* PKCS#5 v2 OIDs */ - --#define LN_pbes2 "PBES2" --#define NID_pbes2 161 --#define OBJ_pbes2 OBJ_pkcs,5L,13L -+# define LN_pbes2 "PBES2" -+# define NID_pbes2 161 -+# define OBJ_pbes2 OBJ_pkcs,5L,13L - --#define LN_pbmac1 "PBMAC1" --#define NID_pbmac1 162 --#define OBJ_pbmac1 OBJ_pkcs,5L,14L -+# define LN_pbmac1 "PBMAC1" -+# define NID_pbmac1 162 -+# define OBJ_pbmac1 OBJ_pkcs,5L,14L - --#define LN_hmacWithSHA1 "hmacWithSHA1" --#define NID_hmacWithSHA1 163 --#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L -+# define LN_hmacWithSHA1 "hmacWithSHA1" -+# define NID_hmacWithSHA1 163 -+# define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L - - /* Policy Qualifier Ids */ - --#define LN_id_qt_cps "Policy Qualifier CPS" --#define SN_id_qt_cps "id-qt-cps" --#define NID_id_qt_cps 164 --#define OBJ_id_qt_cps OBJ_id_pkix,2L,1L -+# define LN_id_qt_cps "Policy Qualifier CPS" -+# define SN_id_qt_cps "id-qt-cps" -+# define NID_id_qt_cps 164 -+# define OBJ_id_qt_cps OBJ_id_pkix,2L,1L - --#define LN_id_qt_unotice "Policy Qualifier User Notice" --#define SN_id_qt_unotice "id-qt-unotice" --#define NID_id_qt_unotice 165 --#define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L -+# define LN_id_qt_unotice "Policy Qualifier User Notice" -+# define SN_id_qt_unotice "id-qt-unotice" -+# define NID_id_qt_unotice 165 -+# define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L - --#define SN_rc2_64_cbc "RC2-64-CBC" --#define LN_rc2_64_cbc "rc2-64-cbc" --#define NID_rc2_64_cbc 166 -+# define SN_rc2_64_cbc "RC2-64-CBC" -+# define LN_rc2_64_cbc "rc2-64-cbc" -+# define NID_rc2_64_cbc 166 - --#define SN_SMIMECapabilities "SMIME-CAPS" --#define LN_SMIMECapabilities "S/MIME Capabilities" --#define NID_SMIMECapabilities 167 --#define OBJ_SMIMECapabilities OBJ_pkcs9,15L -+# define SN_SMIMECapabilities "SMIME-CAPS" -+# define LN_SMIMECapabilities "S/MIME Capabilities" -+# define NID_SMIMECapabilities 167 -+# define OBJ_SMIMECapabilities OBJ_pkcs9,15L - --#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" --#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" --#define NID_pbeWithMD2AndRC2_CBC 168 --#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L -+# define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" -+# define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" -+# define NID_pbeWithMD2AndRC2_CBC 168 -+# define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L - --#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" --#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" --#define NID_pbeWithMD5AndRC2_CBC 169 --#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L -+# define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" -+# define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" -+# define NID_pbeWithMD5AndRC2_CBC 169 -+# define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L - --#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" --#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" --#define NID_pbeWithSHA1AndDES_CBC 170 --#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L -+# define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" -+# define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" -+# define NID_pbeWithSHA1AndDES_CBC 170 -+# define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L - - /* Extension request OIDs */ - --#define LN_ms_ext_req "Microsoft Extension Request" --#define SN_ms_ext_req "msExtReq" --#define NID_ms_ext_req 171 --#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L -+# define LN_ms_ext_req "Microsoft Extension Request" -+# define SN_ms_ext_req "msExtReq" -+# define NID_ms_ext_req 171 -+# define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L - --#define LN_ext_req "Extension Request" --#define SN_ext_req "extReq" --#define NID_ext_req 172 --#define OBJ_ext_req OBJ_pkcs9,14L -+# define LN_ext_req "Extension Request" -+# define SN_ext_req "extReq" -+# define NID_ext_req 172 -+# define OBJ_ext_req OBJ_pkcs9,14L - --#define SN_name "name" --#define LN_name "name" --#define NID_name 173 --#define OBJ_name OBJ_X509,41L -+# define SN_name "name" -+# define LN_name "name" -+# define NID_name 173 -+# define OBJ_name OBJ_X509,41L - --#define SN_dnQualifier "dnQualifier" --#define LN_dnQualifier "dnQualifier" --#define NID_dnQualifier 174 --#define OBJ_dnQualifier OBJ_X509,46L -+# define SN_dnQualifier "dnQualifier" -+# define LN_dnQualifier "dnQualifier" -+# define NID_dnQualifier 174 -+# define OBJ_dnQualifier OBJ_X509,46L - --#define SN_id_pe "id-pe" --#define NID_id_pe 175 --#define OBJ_id_pe OBJ_id_pkix,1L -+# define SN_id_pe "id-pe" -+# define NID_id_pe 175 -+# define OBJ_id_pe OBJ_id_pkix,1L - --#define SN_id_ad "id-ad" --#define NID_id_ad 176 --#define OBJ_id_ad OBJ_id_pkix,48L -+# define SN_id_ad "id-ad" -+# define NID_id_ad 176 -+# define OBJ_id_ad OBJ_id_pkix,48L - --#define SN_info_access "authorityInfoAccess" --#define LN_info_access "Authority Information Access" --#define NID_info_access 177 --#define OBJ_info_access OBJ_id_pe,1L -+# define SN_info_access "authorityInfoAccess" -+# define LN_info_access "Authority Information Access" -+# define NID_info_access 177 -+# define OBJ_info_access OBJ_id_pe,1L - --#define SN_ad_OCSP "OCSP" --#define LN_ad_OCSP "OCSP" --#define NID_ad_OCSP 178 --#define OBJ_ad_OCSP OBJ_id_ad,1L -+# define SN_ad_OCSP "OCSP" -+# define LN_ad_OCSP "OCSP" -+# define NID_ad_OCSP 178 -+# define OBJ_ad_OCSP OBJ_id_ad,1L - --#define SN_ad_ca_issuers "caIssuers" --#define LN_ad_ca_issuers "CA Issuers" --#define NID_ad_ca_issuers 179 --#define OBJ_ad_ca_issuers OBJ_id_ad,2L -+# define SN_ad_ca_issuers "caIssuers" -+# define LN_ad_ca_issuers "CA Issuers" -+# define NID_ad_ca_issuers 179 -+# define OBJ_ad_ca_issuers OBJ_id_ad,2L - --#define SN_OCSP_sign "OCSPSigning" --#define LN_OCSP_sign "OCSP Signing" --#define NID_OCSP_sign 180 --#define OBJ_OCSP_sign OBJ_id_kp,9L --#endif /* USE_OBJ_MAC */ -+# define SN_OCSP_sign "OCSPSigning" -+# define LN_OCSP_sign "OCSP Signing" -+# define NID_OCSP_sign 180 -+# define OBJ_OCSP_sign OBJ_id_kp,9L -+# endif /* USE_OBJ_MAC */ - --#include --#include -+# include -+# include - --#define OBJ_NAME_TYPE_UNDEF 0x00 --#define OBJ_NAME_TYPE_MD_METH 0x01 --#define OBJ_NAME_TYPE_CIPHER_METH 0x02 --#define OBJ_NAME_TYPE_PKEY_METH 0x03 --#define OBJ_NAME_TYPE_COMP_METH 0x04 --#define OBJ_NAME_TYPE_NUM 0x05 -+# define OBJ_NAME_TYPE_UNDEF 0x00 -+# define OBJ_NAME_TYPE_MD_METH 0x01 -+# define OBJ_NAME_TYPE_CIPHER_METH 0x02 -+# define OBJ_NAME_TYPE_PKEY_METH 0x03 -+# define OBJ_NAME_TYPE_COMP_METH 0x04 -+# define OBJ_NAME_TYPE_NUM 0x05 - --#define OBJ_NAME_ALIAS 0x8000 -+# define OBJ_NAME_ALIAS 0x8000 - --#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 --#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 -+# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 -+# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 - - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct obj_name_st -- { -- int type; -- int alias; -- const char *name; -- const char *data; -- } OBJ_NAME; -- --#define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) -+typedef struct obj_name_st { -+ int type; -+ int alias; -+ const char *name; -+ const char *data; -+} OBJ_NAME; - -+# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) - - int OBJ_NAME_init(void); --int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), -- int (*cmp_func)(const char *, const char *), -- void (*free_func)(const char *, int, const char *)); --const char *OBJ_NAME_get(const char *name,int type); --int OBJ_NAME_add(const char *name,int type,const char *data); --int OBJ_NAME_remove(const char *name,int type); -+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), -+ int (*cmp_func) (const char *, const char *), -+ void (*free_func) (const char *, int, const char *)); -+const char *OBJ_NAME_get(const char *name, int type); -+int OBJ_NAME_add(const char *name, int type, const char *data); -+int OBJ_NAME_remove(const char *name, int type); - void OBJ_NAME_cleanup(int type); /* -1 for everything */ --void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg), -- void *arg); --void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), -- void *arg); -- --ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); --ASN1_OBJECT * OBJ_nid2obj(int n); --const char * OBJ_nid2ln(int n); --const char * OBJ_nid2sn(int n); --int OBJ_obj2nid(const ASN1_OBJECT *o); --ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); --int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); --int OBJ_txt2nid(const char *s); --int OBJ_ln2nid(const char *s); --int OBJ_sn2nid(const char *s); --int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); --const char * OBJ_bsearch(const char *key,const char *base,int num,int size, -- int (*cmp)(const void *, const void *)); --const char * OBJ_bsearch_ex(const char *key,const char *base,int num, -- int size, int (*cmp)(const void *, const void *), int flags); -- --int OBJ_new_nid(int num); --int OBJ_add_object(const ASN1_OBJECT *obj); --int OBJ_create(const char *oid,const char *sn,const char *ln); --void OBJ_cleanup(void ); --int OBJ_create_objects(BIO *in); -+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), -+ void *arg); -+void OBJ_NAME_do_all_sorted(int type, -+ void (*fn) (const OBJ_NAME *, void *arg), -+ void *arg); -+ -+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); -+ASN1_OBJECT *OBJ_nid2obj(int n); -+const char *OBJ_nid2ln(int n); -+const char *OBJ_nid2sn(int n); -+int OBJ_obj2nid(const ASN1_OBJECT *o); -+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); -+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); -+int OBJ_txt2nid(const char *s); -+int OBJ_ln2nid(const char *s); -+int OBJ_sn2nid(const char *s); -+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); -+const char *OBJ_bsearch(const char *key, const char *base, int num, int size, -+ int (*cmp) (const void *, const void *)); -+const char *OBJ_bsearch_ex(const char *key, const char *base, int num, -+ int size, int (*cmp) (const void *, const void *), -+ int flags); -+ -+int OBJ_new_nid(int num); -+int OBJ_add_object(const ASN1_OBJECT *obj); -+int OBJ_create(const char *oid, const char *sn, const char *ln); -+void OBJ_cleanup(void); -+int OBJ_create_objects(BIO *in); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_OBJ_strings(void); -@@ -1031,17 +1037,17 @@ void ERR_load_OBJ_strings(void); - /* Error codes for the OBJ functions. */ - - /* Function codes. */ --#define OBJ_F_OBJ_ADD_OBJECT 105 --#define OBJ_F_OBJ_CREATE 100 --#define OBJ_F_OBJ_DUP 101 --#define OBJ_F_OBJ_NAME_NEW_INDEX 106 --#define OBJ_F_OBJ_NID2LN 102 --#define OBJ_F_OBJ_NID2OBJ 103 --#define OBJ_F_OBJ_NID2SN 104 -+# define OBJ_F_OBJ_ADD_OBJECT 105 -+# define OBJ_F_OBJ_CREATE 100 -+# define OBJ_F_OBJ_DUP 101 -+# define OBJ_F_OBJ_NAME_NEW_INDEX 106 -+# define OBJ_F_OBJ_NID2LN 102 -+# define OBJ_F_OBJ_NID2OBJ 103 -+# define OBJ_F_OBJ_NID2SN 104 - - /* Reason codes. */ --#define OBJ_R_MALLOC_FAILURE 100 --#define OBJ_R_UNKNOWN_NID 101 -+# define OBJ_R_MALLOC_FAILURE 100 -+# define OBJ_R_UNKNOWN_NID 101 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ocsp.h b/Cryptlib/Include/openssl/ocsp.h -index a0577a7..026725d 100644 ---- a/Cryptlib/Include/openssl/ocsp.h -+++ b/Cryptlib/Include/openssl/ocsp.h -@@ -1,11 +1,14 @@ - /* ocsp.h */ --/* Written by Tom Titchener for the OpenSSL -- * project. */ -+/* -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ - --/* History: -- This file was transfered to Richard Levitte from CertCo by Kathy -- Weinhold in mid-spring 2000 to be included in OpenSSL or released -- as a patch kit. */ -+/* -+ * History: This file was transfered to Richard Levitte from CertCo by Kathy -+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a -+ * patch kit. -+ */ - - /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -@@ -15,7 +18,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,11 +65,11 @@ - */ - - #ifndef HEADER_OCSP_H --#define HEADER_OCSP_H -+# define HEADER_OCSP_H - --#include --#include --#include -+# include -+# include -+# include - - #ifdef __cplusplus - extern "C" { -@@ -74,88 +77,82 @@ extern "C" { - - /* Various flags and values */ - --#define OCSP_DEFAULT_NONCE_LENGTH 16 -- --#define OCSP_NOCERTS 0x1 --#define OCSP_NOINTERN 0x2 --#define OCSP_NOSIGS 0x4 --#define OCSP_NOCHAIN 0x8 --#define OCSP_NOVERIFY 0x10 --#define OCSP_NOEXPLICIT 0x20 --#define OCSP_NOCASIGN 0x40 --#define OCSP_NODELEGATED 0x80 --#define OCSP_NOCHECKS 0x100 --#define OCSP_TRUSTOTHER 0x200 --#define OCSP_RESPID_KEY 0x400 --#define OCSP_NOTIME 0x800 -- --/* CertID ::= SEQUENCE { -+# define OCSP_DEFAULT_NONCE_LENGTH 16 -+ -+# define OCSP_NOCERTS 0x1 -+# define OCSP_NOINTERN 0x2 -+# define OCSP_NOSIGS 0x4 -+# define OCSP_NOCHAIN 0x8 -+# define OCSP_NOVERIFY 0x10 -+# define OCSP_NOEXPLICIT 0x20 -+# define OCSP_NOCASIGN 0x40 -+# define OCSP_NODELEGATED 0x80 -+# define OCSP_NOCHECKS 0x100 -+# define OCSP_TRUSTOTHER 0x200 -+# define OCSP_RESPID_KEY 0x400 -+# define OCSP_NOTIME 0x800 -+ -+/*- CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ --typedef struct ocsp_cert_id_st -- { -- X509_ALGOR *hashAlgorithm; -- ASN1_OCTET_STRING *issuerNameHash; -- ASN1_OCTET_STRING *issuerKeyHash; -- ASN1_INTEGER *serialNumber; -- } OCSP_CERTID; -+typedef struct ocsp_cert_id_st { -+ X509_ALGOR *hashAlgorithm; -+ ASN1_OCTET_STRING *issuerNameHash; -+ ASN1_OCTET_STRING *issuerKeyHash; -+ ASN1_INTEGER *serialNumber; -+} OCSP_CERTID; - - DECLARE_STACK_OF(OCSP_CERTID) - --/* Request ::= SEQUENCE { -+/*- Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ --typedef struct ocsp_one_request_st -- { -- OCSP_CERTID *reqCert; -- STACK_OF(X509_EXTENSION) *singleRequestExtensions; -- } OCSP_ONEREQ; -+typedef struct ocsp_one_request_st { -+ OCSP_CERTID *reqCert; -+ STACK_OF(X509_EXTENSION) *singleRequestExtensions; -+} OCSP_ONEREQ; - - DECLARE_STACK_OF(OCSP_ONEREQ) - DECLARE_ASN1_SET_OF(OCSP_ONEREQ) - -- --/* TBSRequest ::= SEQUENCE { -+/*- TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ --typedef struct ocsp_req_info_st -- { -- ASN1_INTEGER *version; -- GENERAL_NAME *requestorName; -- STACK_OF(OCSP_ONEREQ) *requestList; -- STACK_OF(X509_EXTENSION) *requestExtensions; -- } OCSP_REQINFO; -- --/* Signature ::= SEQUENCE { -+typedef struct ocsp_req_info_st { -+ ASN1_INTEGER *version; -+ GENERAL_NAME *requestorName; -+ STACK_OF(OCSP_ONEREQ) *requestList; -+ STACK_OF(X509_EXTENSION) *requestExtensions; -+} OCSP_REQINFO; -+ -+/*- Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ --typedef struct ocsp_signature_st -- { -- X509_ALGOR *signatureAlgorithm; -- ASN1_BIT_STRING *signature; -- STACK_OF(X509) *certs; -- } OCSP_SIGNATURE; -- --/* OCSPRequest ::= SEQUENCE { -+typedef struct ocsp_signature_st { -+ X509_ALGOR *signatureAlgorithm; -+ ASN1_BIT_STRING *signature; -+ STACK_OF(X509) *certs; -+} OCSP_SIGNATURE; -+ -+/*- OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ --typedef struct ocsp_request_st -- { -- OCSP_REQINFO *tbsRequest; -- OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -- } OCSP_REQUEST; -+typedef struct ocsp_request_st { -+ OCSP_REQINFO *tbsRequest; -+ OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -+} OCSP_REQUEST; - --/* OCSPResponseStatus ::= ENUMERATED { -+/*- OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer -@@ -165,149 +162,145 @@ typedef struct ocsp_request_st - * unauthorized (6) --Request unauthorized - * } - */ --#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 --#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 --#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 --#define OCSP_RESPONSE_STATUS_TRYLATER 3 --#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 --#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 -- --/* ResponseBytes ::= SEQUENCE { -+# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 -+# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 -+# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 -+# define OCSP_RESPONSE_STATUS_TRYLATER 3 -+# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 -+# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 -+ -+/*- ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ --typedef struct ocsp_resp_bytes_st -- { -- ASN1_OBJECT *responseType; -- ASN1_OCTET_STRING *response; -- } OCSP_RESPBYTES; -+typedef struct ocsp_resp_bytes_st { -+ ASN1_OBJECT *responseType; -+ ASN1_OCTET_STRING *response; -+} OCSP_RESPBYTES; - --/* OCSPResponse ::= SEQUENCE { -+/*- OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ --struct ocsp_response_st -- { -- ASN1_ENUMERATED *responseStatus; -- OCSP_RESPBYTES *responseBytes; -- }; -+struct ocsp_response_st { -+ ASN1_ENUMERATED *responseStatus; -+ OCSP_RESPBYTES *responseBytes; -+}; - --/* ResponderID ::= CHOICE { -+/*- ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ --#define V_OCSP_RESPID_NAME 0 --#define V_OCSP_RESPID_KEY 1 --struct ocsp_responder_id_st -- { -- int type; -- union { -- X509_NAME* byName; -- ASN1_OCTET_STRING *byKey; -- } value; -- }; -+# define V_OCSP_RESPID_NAME 0 -+# define V_OCSP_RESPID_KEY 1 -+struct ocsp_responder_id_st { -+ int type; -+ union { -+ X509_NAME *byName; -+ ASN1_OCTET_STRING *byKey; -+ } value; -+}; - - DECLARE_STACK_OF(OCSP_RESPID) - DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) - --/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key -+/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ - --/* RevokedInfo ::= SEQUENCE { -+/*- RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ --typedef struct ocsp_revoked_info_st -- { -- ASN1_GENERALIZEDTIME *revocationTime; -- ASN1_ENUMERATED *revocationReason; -- } OCSP_REVOKEDINFO; -+typedef struct ocsp_revoked_info_st { -+ ASN1_GENERALIZEDTIME *revocationTime; -+ ASN1_ENUMERATED *revocationReason; -+} OCSP_REVOKEDINFO; - --/* CertStatus ::= CHOICE { -+/*- CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ --#define V_OCSP_CERTSTATUS_GOOD 0 --#define V_OCSP_CERTSTATUS_REVOKED 1 --#define V_OCSP_CERTSTATUS_UNKNOWN 2 --typedef struct ocsp_cert_status_st -- { -- int type; -- union { -- ASN1_NULL *good; -- OCSP_REVOKEDINFO *revoked; -- ASN1_NULL *unknown; -- } value; -- } OCSP_CERTSTATUS; -- --/* SingleResponse ::= SEQUENCE { -+# define V_OCSP_CERTSTATUS_GOOD 0 -+# define V_OCSP_CERTSTATUS_REVOKED 1 -+# define V_OCSP_CERTSTATUS_UNKNOWN 2 -+typedef struct ocsp_cert_status_st { -+ int type; -+ union { -+ ASN1_NULL *good; -+ OCSP_REVOKEDINFO *revoked; -+ ASN1_NULL *unknown; -+ } value; -+} OCSP_CERTSTATUS; -+ -+/*- SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ --typedef struct ocsp_single_response_st -- { -- OCSP_CERTID *certId; -- OCSP_CERTSTATUS *certStatus; -- ASN1_GENERALIZEDTIME *thisUpdate; -- ASN1_GENERALIZEDTIME *nextUpdate; -- STACK_OF(X509_EXTENSION) *singleExtensions; -- } OCSP_SINGLERESP; -+typedef struct ocsp_single_response_st { -+ OCSP_CERTID *certId; -+ OCSP_CERTSTATUS *certStatus; -+ ASN1_GENERALIZEDTIME *thisUpdate; -+ ASN1_GENERALIZEDTIME *nextUpdate; -+ STACK_OF(X509_EXTENSION) *singleExtensions; -+} OCSP_SINGLERESP; - - DECLARE_STACK_OF(OCSP_SINGLERESP) - DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) - --/* ResponseData ::= SEQUENCE { -+/*- ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ --typedef struct ocsp_response_data_st -- { -- ASN1_INTEGER *version; -- OCSP_RESPID *responderId; -- ASN1_GENERALIZEDTIME *producedAt; -- STACK_OF(OCSP_SINGLERESP) *responses; -- STACK_OF(X509_EXTENSION) *responseExtensions; -- } OCSP_RESPDATA; -- --/* BasicOCSPResponse ::= SEQUENCE { -+typedef struct ocsp_response_data_st { -+ ASN1_INTEGER *version; -+ OCSP_RESPID *responderId; -+ ASN1_GENERALIZEDTIME *producedAt; -+ STACK_OF(OCSP_SINGLERESP) *responses; -+ STACK_OF(X509_EXTENSION) *responseExtensions; -+} OCSP_RESPDATA; -+ -+/*- BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -- /* Note 1: -- The value for "signature" is specified in the OCSP rfc2560 as follows: -- "The value for the signature SHALL be computed on the hash of the DER -- encoding ResponseData." This means that you must hash the DER-encoded -- tbsResponseData, and then run it through a crypto-signing function, which -- will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems -- a bit odd, but that's the spec. Also note that the data structures do not -- leave anywhere to independently specify the algorithm used for the initial -- hash. So, we look at the signature-specification algorithm, and try to do -- something intelligent. -- Kathy Weinhold, CertCo */ -- /* Note 2: -- It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open -- for interpretation. I've done tests against another responder, and found -- that it doesn't do the double hashing that the RFC seems to say one -- should. Therefore, all relevant functions take a flag saying which -- variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ --typedef struct ocsp_basic_response_st -- { -- OCSP_RESPDATA *tbsResponseData; -- X509_ALGOR *signatureAlgorithm; -- ASN1_BIT_STRING *signature; -- STACK_OF(X509) *certs; -- } OCSP_BASICRESP; -- --/* -+ /* -+ * Note 1: The value for "signature" is specified in the OCSP rfc2560 as -+ * follows: "The value for the signature SHALL be computed on the hash of -+ * the DER encoding ResponseData." This means that you must hash the -+ * DER-encoded tbsResponseData, and then run it through a crypto-signing -+ * function, which will (at least w/RSA) do a hash-'n'-private-encrypt -+ * operation. This seems a bit odd, but that's the spec. Also note that -+ * the data structures do not leave anywhere to independently specify the -+ * algorithm used for the initial hash. So, we look at the -+ * signature-specification algorithm, and try to do something intelligent. -+ * -- Kathy Weinhold, CertCo -+ */ -+ /* -+ * Note 2: It seems that the mentioned passage from RFC 2560 (section -+ * 4.2.1) is open for interpretation. I've done tests against another -+ * responder, and found that it doesn't do the double hashing that the RFC -+ * seems to say one should. Therefore, all relevant functions take a flag -+ * saying which variant should be used. -- Richard Levitte, OpenSSL team -+ * and CeloCom -+ */ -+typedef struct ocsp_basic_response_st { -+ OCSP_RESPDATA *tbsResponseData; -+ X509_ALGOR *signatureAlgorithm; -+ ASN1_BIT_STRING *signature; -+ STACK_OF(X509) *certs; -+} OCSP_BASICRESP; -+ -+/*- - * CRLReason ::= ENUMERATED { - * unspecified (0), - * keyCompromise (1), -@@ -318,100 +311,100 @@ typedef struct ocsp_basic_response_st - * certificateHold (6), - * removeFromCRL (8) } - */ --#define OCSP_REVOKED_STATUS_NOSTATUS -1 --#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 --#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 --#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 --#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 --#define OCSP_REVOKED_STATUS_SUPERSEDED 4 --#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 --#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 --#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -- --/* CrlID ::= SEQUENCE { -+# define OCSP_REVOKED_STATUS_NOSTATUS -1 -+# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 -+# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 -+# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 -+# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 -+# define OCSP_REVOKED_STATUS_SUPERSEDED 4 -+# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 -+# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 -+# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -+ -+/*- -+ * CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ --typedef struct ocsp_crl_id_st -- { -- ASN1_IA5STRING *crlUrl; -- ASN1_INTEGER *crlNum; -- ASN1_GENERALIZEDTIME *crlTime; -- } OCSP_CRLID; -- --/* ServiceLocator ::= SEQUENCE { -+typedef struct ocsp_crl_id_st { -+ ASN1_IA5STRING *crlUrl; -+ ASN1_INTEGER *crlNum; -+ ASN1_GENERALIZEDTIME *crlTime; -+} OCSP_CRLID; -+ -+/*- -+ * ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ --typedef struct ocsp_service_locator_st -- { -- X509_NAME* issuer; -- STACK_OF(ACCESS_DESCRIPTION) *locator; -- } OCSP_SERVICELOC; -- --#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" --#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" -+typedef struct ocsp_service_locator_st { -+ X509_NAME *issuer; -+ STACK_OF(ACCESS_DESCRIPTION) *locator; -+} OCSP_SERVICELOC; - --#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) -+# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" -+# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" - --#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) -+# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) - --#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ -+# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) -+ -+# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) - --#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ -+# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ - (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) - --#define PEM_write_bio_OCSP_REQUEST(bp,o) \ -+# define PEM_write_bio_OCSP_REQUEST(bp,o) \ - PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ -- bp,(char *)o, NULL,NULL,0,NULL,NULL) -+ bp,(char *)o, NULL,NULL,0,NULL,NULL) - --#define PEM_write_bio_OCSP_RESPONSE(bp,o) \ -+# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ - PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ -- bp,(char *)o, NULL,NULL,0,NULL,NULL) -+ bp,(char *)o, NULL,NULL,0,NULL,NULL) - --#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) -+# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) - --#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) -+# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) - --#define OCSP_REQUEST_sign(o,pkey,md) \ -- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ -- o->optionalSignature->signatureAlgorithm,NULL,\ -- o->optionalSignature->signature,o->tbsRequest,pkey,md) -+# define OCSP_REQUEST_sign(o,pkey,md) \ -+ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ -+ o->optionalSignature->signatureAlgorithm,NULL,\ -+ o->optionalSignature->signature,o->tbsRequest,pkey,md) - --#define OCSP_BASICRESP_sign(o,pkey,md,d) \ -- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ -- o->signature,o->tbsResponseData,pkey,md) -+# define OCSP_BASICRESP_sign(o,pkey,md,d) \ -+ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ -+ o->signature,o->tbsResponseData,pkey,md) - --#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ -+# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ - a->optionalSignature->signatureAlgorithm,\ -- a->optionalSignature->signature,a->tbsRequest,r) -+ a->optionalSignature->signature,a->tbsRequest,r) - --#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ -- a->signatureAlgorithm,a->signature,a->tbsResponseData,r) -+# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ -+ a->signatureAlgorithm,a->signature,a->tbsResponseData,r) - --#define ASN1_BIT_STRING_digest(data,type,md,len) \ -- ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) -+# define ASN1_BIT_STRING_digest(data,type,md,len) \ -+ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) - --#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) -+# define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) - --#define OCSP_CERTSTATUS_dup(cs)\ -+# define OCSP_CERTSTATUS_dup(cs)\ - (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ -- (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) -+ (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) - - OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); - OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, -- int maxline); -+ int maxline); - int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); - void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); - - OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); - --OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, -- X509_NAME *issuerName, -- ASN1_BIT_STRING* issuerKey, -- ASN1_INTEGER *serialNumber); -+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, -+ X509_NAME *issuerName, -+ ASN1_BIT_STRING *issuerKey, -+ ASN1_INTEGER *serialNumber); - - OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); - -@@ -423,12 +416,11 @@ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); - int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); - int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); - --int OCSP_request_sign(OCSP_REQUEST *req, -- X509 *signer, -- EVP_PKEY *key, -- const EVP_MD *dgst, -- STACK_OF(X509) *certs, -- unsigned long flags); -+int OCSP_request_sign(OCSP_REQUEST *req, -+ X509 *signer, -+ EVP_PKEY *key, -+ const EVP_MD *dgst, -+ STACK_OF(X509) *certs, unsigned long flags); - - int OCSP_response_status(OCSP_RESPONSE *resp); - OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); -@@ -437,21 +429,22 @@ int OCSP_resp_count(OCSP_BASICRESP *bs); - OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); - int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); - int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, -- ASN1_GENERALIZEDTIME **revtime, -- ASN1_GENERALIZEDTIME **thisupd, -- ASN1_GENERALIZEDTIME **nextupd); -+ ASN1_GENERALIZEDTIME **revtime, -+ ASN1_GENERALIZEDTIME **thisupd, -+ ASN1_GENERALIZEDTIME **nextupd); - int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, -- int *reason, -- ASN1_GENERALIZEDTIME **revtime, -- ASN1_GENERALIZEDTIME **thisupd, -- ASN1_GENERALIZEDTIME **nextupd); -+ int *reason, -+ ASN1_GENERALIZEDTIME **revtime, -+ ASN1_GENERALIZEDTIME **thisupd, -+ ASN1_GENERALIZEDTIME **nextupd); - int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, -- ASN1_GENERALIZEDTIME *nextupd, -- long sec, long maxsec); -+ ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); - --int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); -+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, -+ X509_STORE *store, unsigned long flags); - --int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl); -+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, -+ int *pssl); - - int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); - int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); -@@ -460,42 +453,45 @@ int OCSP_request_onereq_count(OCSP_REQUEST *req); - OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); - OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); - int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, -- ASN1_OCTET_STRING **pikeyHash, -- ASN1_INTEGER **pserial, OCSP_CERTID *cid); -+ ASN1_OCTET_STRING **pikeyHash, -+ ASN1_INTEGER **pserial, OCSP_CERTID *cid); - int OCSP_request_is_signed(OCSP_REQUEST *req); - OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); - OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, -- OCSP_CERTID *cid, -- int status, int reason, -- ASN1_TIME *revtime, -- ASN1_TIME *thisupd, ASN1_TIME *nextupd); -+ OCSP_CERTID *cid, -+ int status, int reason, -+ ASN1_TIME *revtime, -+ ASN1_TIME *thisupd, -+ ASN1_TIME *nextupd); - int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); --int OCSP_basic_sign(OCSP_BASICRESP *brsp, -- X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, -- STACK_OF(X509) *certs, unsigned long flags); -+int OCSP_basic_sign(OCSP_BASICRESP *brsp, -+ X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, -+ STACK_OF(X509) *certs, unsigned long flags); - - ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, -- void *data, STACK_OF(ASN1_OBJECT) *sk); --#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ -- ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) -+ void *data, STACK_OF(ASN1_OBJECT) *sk); -+# define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ -+ ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) - - X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); - - X509_EXTENSION *OCSP_accept_responses_new(char **oids); - --X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); -+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); - --X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); -+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls); - - int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); - int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); --int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos); -+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, -+ int lastpos); - int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); - X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); - X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); --void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx); -+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, -+ int *idx); - int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, -- unsigned long flags); -+ unsigned long flags); - int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); - - int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); -@@ -506,29 +502,35 @@ X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); - X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); - void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); - int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, -- unsigned long flags); -+ unsigned long flags); - int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); - - int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); - int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); --int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos); --int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos); -+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, -+ int lastpos); -+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, -+ int lastpos); - X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); - X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); --void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx); --int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, -- unsigned long flags); -+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, -+ int *idx); -+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, -+ int crit, unsigned long flags); - int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); - - int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); - int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); --int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos); --int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos); -+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, -+ int lastpos); -+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, -+ int lastpos); - X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); - X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); --void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx); --int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, -- unsigned long flags); -+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, -+ int *idx); -+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, -+ int crit, unsigned long flags); - int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); - - DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) -@@ -551,14 +553,15 @@ char *OCSP_response_status_str(long s); - char *OCSP_cert_status_str(long s); - char *OCSP_crl_reason_str(long s); - --int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); --int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); -+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); -+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); - - int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, -- X509_STORE *st, unsigned long flags); -+ X509_STORE *st, unsigned long flags); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_OCSP_strings(void); -@@ -566,56 +569,56 @@ void ERR_load_OCSP_strings(void); - /* Error codes for the OCSP functions. */ - - /* Function codes. */ --#define OCSP_F_ASN1_STRING_ENCODE 100 --#define OCSP_F_D2I_OCSP_NONCE 102 --#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 --#define OCSP_F_OCSP_BASIC_SIGN 104 --#define OCSP_F_OCSP_BASIC_VERIFY 105 --#define OCSP_F_OCSP_CERT_ID_NEW 101 --#define OCSP_F_OCSP_CHECK_DELEGATED 106 --#define OCSP_F_OCSP_CHECK_IDS 107 --#define OCSP_F_OCSP_CHECK_ISSUER 108 --#define OCSP_F_OCSP_CHECK_VALIDITY 115 --#define OCSP_F_OCSP_MATCH_ISSUERID 109 --#define OCSP_F_OCSP_PARSE_URL 114 --#define OCSP_F_OCSP_REQUEST_SIGN 110 --#define OCSP_F_OCSP_REQUEST_VERIFY 116 --#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 --#define OCSP_F_OCSP_SENDREQ_BIO 112 --#define OCSP_F_PARSE_HTTP_LINE1 117 --#define OCSP_F_REQUEST_VERIFY 113 -+# define OCSP_F_ASN1_STRING_ENCODE 100 -+# define OCSP_F_D2I_OCSP_NONCE 102 -+# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 -+# define OCSP_F_OCSP_BASIC_SIGN 104 -+# define OCSP_F_OCSP_BASIC_VERIFY 105 -+# define OCSP_F_OCSP_CERT_ID_NEW 101 -+# define OCSP_F_OCSP_CHECK_DELEGATED 106 -+# define OCSP_F_OCSP_CHECK_IDS 107 -+# define OCSP_F_OCSP_CHECK_ISSUER 108 -+# define OCSP_F_OCSP_CHECK_VALIDITY 115 -+# define OCSP_F_OCSP_MATCH_ISSUERID 109 -+# define OCSP_F_OCSP_PARSE_URL 114 -+# define OCSP_F_OCSP_REQUEST_SIGN 110 -+# define OCSP_F_OCSP_REQUEST_VERIFY 116 -+# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 -+# define OCSP_F_OCSP_SENDREQ_BIO 112 -+# define OCSP_F_PARSE_HTTP_LINE1 117 -+# define OCSP_F_REQUEST_VERIFY 113 - - /* Reason codes. */ --#define OCSP_R_BAD_DATA 100 --#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 --#define OCSP_R_DIGEST_ERR 102 --#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 --#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 --#define OCSP_R_ERROR_PARSING_URL 121 --#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 --#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 --#define OCSP_R_NOT_BASIC_RESPONSE 104 --#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 --#define OCSP_R_NO_CONTENT 106 --#define OCSP_R_NO_PUBLIC_KEY 107 --#define OCSP_R_NO_RESPONSE_DATA 108 --#define OCSP_R_NO_REVOKED_TIME 109 --#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 --#define OCSP_R_REQUEST_NOT_SIGNED 128 --#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 --#define OCSP_R_ROOT_CA_NOT_TRUSTED 112 --#define OCSP_R_SERVER_READ_ERROR 113 --#define OCSP_R_SERVER_RESPONSE_ERROR 114 --#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 --#define OCSP_R_SERVER_WRITE_ERROR 116 --#define OCSP_R_SIGNATURE_FAILURE 117 --#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 --#define OCSP_R_STATUS_EXPIRED 125 --#define OCSP_R_STATUS_NOT_YET_VALID 126 --#define OCSP_R_STATUS_TOO_OLD 127 --#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 --#define OCSP_R_UNKNOWN_NID 120 --#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 -+# define OCSP_R_BAD_DATA 100 -+# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 -+# define OCSP_R_DIGEST_ERR 102 -+# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 -+# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 -+# define OCSP_R_ERROR_PARSING_URL 121 -+# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 -+# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 -+# define OCSP_R_NOT_BASIC_RESPONSE 104 -+# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 -+# define OCSP_R_NO_CONTENT 106 -+# define OCSP_R_NO_PUBLIC_KEY 107 -+# define OCSP_R_NO_RESPONSE_DATA 108 -+# define OCSP_R_NO_REVOKED_TIME 109 -+# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 -+# define OCSP_R_REQUEST_NOT_SIGNED 128 -+# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 -+# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 -+# define OCSP_R_SERVER_READ_ERROR 113 -+# define OCSP_R_SERVER_RESPONSE_ERROR 114 -+# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 -+# define OCSP_R_SERVER_WRITE_ERROR 116 -+# define OCSP_R_SIGNATURE_FAILURE 117 -+# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 -+# define OCSP_R_STATUS_EXPIRED 125 -+# define OCSP_R_STATUS_NOT_YET_VALID 126 -+# define OCSP_R_STATUS_TOO_OLD 127 -+# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 -+# define OCSP_R_UNKNOWN_NID 120 -+# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h -index e5ab5c4..1c671fd 100644 ---- a/Cryptlib/Include/openssl/opensslv.h -+++ b/Cryptlib/Include/openssl/opensslv.h -@@ -1,19 +1,20 @@ - #ifndef HEADER_OPENSSLV_H --#define HEADER_OPENSSLV_H -+# define HEADER_OPENSSLV_H - --/* Numeric release version identifier: -+/*- -+ * Numeric release version identifier: - * MNNFFPPS: major minor fix patch status - * The status nibble has one of the values 0 for development, 1 to e for betas - * 1 to 14, and f for release. The patch level is exactly that. - * For example: -- * 0.9.3-dev 0x00903000 -- * 0.9.3-beta1 0x00903001 -+ * 0.9.3-dev 0x00903000 -+ * 0.9.3-beta1 0x00903001 - * 0.9.3-beta2-dev 0x00903002 - * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) -- * 0.9.3 0x0090300f -- * 0.9.3a 0x0090301f -- * 0.9.4 0x0090400f -- * 1.2.3z 0x102031af -+ * 0.9.3 0x0090300f -+ * 0.9.3a 0x0090301f -+ * 0.9.4 0x0090400f -+ * 1.2.3z 0x102031af - * - * For continuity reasons (because 0.9.5 is already out, and is coded - * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level -@@ -25,16 +26,16 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x009081afL --#ifdef OPENSSL_FIPS --#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" --#else --#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za 5 Jun 2014" --#endif --#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT -+# define OPENSSL_VERSION_NUMBER 0x009081ffL -+# ifdef OPENSSL_FIPS -+# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015" -+# else -+# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf 19 Mar 2015" -+# endif -+# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT - -- --/* The macros below are to be used for shared library (.so, .dll, ...) -+/*- -+ * The macros below are to be used for shared library (.so, .dll, ...) - * versioning. That kind of versioning works a bit differently between - * operating systems. The most usual scheme is to set a major and a minor - * number, and have the runtime loader check that the major number is equal -@@ -42,11 +43,11 @@ - * be greater or equal to what it was at application link time. With this - * scheme, the version number is usually part of the file name, like this: - * -- * libcrypto.so.0.9 -+ * libcrypto.so.0.9 - * - * Some unixen also make a softlink with the major verson number only: - * -- * libcrypto.so.0 -+ * libcrypto.so.0 - * - * On Tru64 and IRIX 6.x it works a little bit differently. There, the - * shared library version is stored in the file, and is actually a series -@@ -61,11 +62,11 @@ - * to highest, should be part of the string. Consecutive builds would - * give the following versions strings: - * -- * 3.0 -- * 3.0:3.1 -- * 3.0:3.1:3.2 -- * 4.0 -- * 4.0:4.1 -+ * 3.0 -+ * 3.0:3.1 -+ * 3.0:3.1:3.2 -+ * 4.0 -+ * 4.0:4.1 - * - * Notice how version 4 is completely incompatible with version, and - * therefore give the breach you can see. -@@ -82,8 +83,7 @@ - * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and - * should only keep the versions that are binary compatible with the current. - */ --#define SHLIB_VERSION_HISTORY "" --#define SHLIB_VERSION_NUMBER "0.9.8" -- -+# define SHLIB_VERSION_HISTORY "" -+# define SHLIB_VERSION_NUMBER "0.9.8" - --#endif /* HEADER_OPENSSLV_H */ -+#endif /* HEADER_OPENSSLV_H */ -diff --git a/Cryptlib/Include/openssl/ossl_typ.h b/Cryptlib/Include/openssl/ossl_typ.h -index 0e7a380..bfcb201 100644 ---- a/Cryptlib/Include/openssl/ossl_typ.h -+++ b/Cryptlib/Include/openssl/ossl_typ.h -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,29 +53,29 @@ - */ - - #ifndef HEADER_OPENSSL_TYPES_H --#define HEADER_OPENSSL_TYPES_H -- --#include -- --#ifdef NO_ASN1_TYPEDEFS --#define ASN1_INTEGER ASN1_STRING --#define ASN1_ENUMERATED ASN1_STRING --#define ASN1_BIT_STRING ASN1_STRING --#define ASN1_OCTET_STRING ASN1_STRING --#define ASN1_PRINTABLESTRING ASN1_STRING --#define ASN1_T61STRING ASN1_STRING --#define ASN1_IA5STRING ASN1_STRING --#define ASN1_UTCTIME ASN1_STRING --#define ASN1_GENERALIZEDTIME ASN1_STRING --#define ASN1_TIME ASN1_STRING --#define ASN1_GENERALSTRING ASN1_STRING --#define ASN1_UNIVERSALSTRING ASN1_STRING --#define ASN1_BMPSTRING ASN1_STRING --#define ASN1_VISIBLESTRING ASN1_STRING --#define ASN1_UTF8STRING ASN1_STRING --#define ASN1_BOOLEAN int --#define ASN1_NULL int --#else -+# define HEADER_OPENSSL_TYPES_H -+ -+# include -+ -+# ifdef NO_ASN1_TYPEDEFS -+# define ASN1_INTEGER ASN1_STRING -+# define ASN1_ENUMERATED ASN1_STRING -+# define ASN1_BIT_STRING ASN1_STRING -+# define ASN1_OCTET_STRING ASN1_STRING -+# define ASN1_PRINTABLESTRING ASN1_STRING -+# define ASN1_T61STRING ASN1_STRING -+# define ASN1_IA5STRING ASN1_STRING -+# define ASN1_UTCTIME ASN1_STRING -+# define ASN1_GENERALIZEDTIME ASN1_STRING -+# define ASN1_TIME ASN1_STRING -+# define ASN1_GENERALSTRING ASN1_STRING -+# define ASN1_UNIVERSALSTRING ASN1_STRING -+# define ASN1_BMPSTRING ASN1_STRING -+# define ASN1_VISIBLESTRING ASN1_STRING -+# define ASN1_UTF8STRING ASN1_STRING -+# define ASN1_BOOLEAN int -+# define ASN1_NULL int -+# else - typedef struct asn1_string_st ASN1_INTEGER; - typedef struct asn1_string_st ASN1_ENUMERATED; - typedef struct asn1_string_st ASN1_BIT_STRING; -@@ -93,20 +93,20 @@ typedef struct asn1_string_st ASN1_VISIBLESTRING; - typedef struct asn1_string_st ASN1_UTF8STRING; - typedef int ASN1_BOOLEAN; - typedef int ASN1_NULL; --#endif -- --#ifdef OPENSSL_SYS_WIN32 --#undef X509_NAME --#undef X509_EXTENSIONS --#undef X509_CERT_PAIR --#undef PKCS7_ISSUER_AND_SERIAL --#undef OCSP_REQUEST --#undef OCSP_RESPONSE --#endif -- --#ifdef BIGNUM --#undef BIGNUM --#endif -+# endif -+ -+# ifdef OPENSSL_SYS_WIN32 -+# undef X509_NAME -+# undef X509_EXTENSIONS -+# undef X509_CERT_PAIR -+# undef PKCS7_ISSUER_AND_SERIAL -+# undef OCSP_REQUEST -+# undef OCSP_RESPONSE -+# endif -+ -+# ifdef BIGNUM -+# undef BIGNUM -+# endif - typedef struct bignum_st BIGNUM; - typedef struct bignum_ctx BN_CTX; - typedef struct bn_blinding_st BN_BLINDING; -@@ -164,20 +164,20 @@ typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; - typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; - - /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ --#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ --#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ -+# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ -+# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ - - typedef struct crypto_ex_data_st CRYPTO_EX_DATA; - /* Callback types for crypto.h */ --typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -- int idx, long argl, void *argp); --typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -- int idx, long argl, void *argp); --typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, -- int idx, long argl, void *argp); -+typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp); -+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int idx, long argl, void *argp); -+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, -+ void *from_d, int idx, long argl, void *argp); - - typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; - typedef struct ocsp_response_st OCSP_RESPONSE; - typedef struct ocsp_responder_id_st OCSP_RESPID; - --#endif /* def HEADER_OPENSSL_TYPES_H */ -+#endif /* def HEADER_OPENSSL_TYPES_H */ -diff --git a/Cryptlib/Include/openssl/pem.h b/Cryptlib/Include/openssl/pem.h -index 6c193f1..5fad903 100644 ---- a/Cryptlib/Include/openssl/pem.h -+++ b/Cryptlib/Include/openssl/pem.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,673 +57,633 @@ - */ - - #ifndef HEADER_PEM_H --#define HEADER_PEM_H -- --#include --#ifndef OPENSSL_NO_BIO --#include --#endif --#ifndef OPENSSL_NO_STACK --#include --#endif --#include --#include --#include -+# define HEADER_PEM_H -+ -+# include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# ifndef OPENSSL_NO_STACK -+# include -+# endif -+# include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#define PEM_BUFSIZE 1024 -- --#define PEM_OBJ_UNDEF 0 --#define PEM_OBJ_X509 1 --#define PEM_OBJ_X509_REQ 2 --#define PEM_OBJ_CRL 3 --#define PEM_OBJ_SSL_SESSION 4 --#define PEM_OBJ_PRIV_KEY 10 --#define PEM_OBJ_PRIV_RSA 11 --#define PEM_OBJ_PRIV_DSA 12 --#define PEM_OBJ_PRIV_DH 13 --#define PEM_OBJ_PUB_RSA 14 --#define PEM_OBJ_PUB_DSA 15 --#define PEM_OBJ_PUB_DH 16 --#define PEM_OBJ_DHPARAMS 17 --#define PEM_OBJ_DSAPARAMS 18 --#define PEM_OBJ_PRIV_RSA_PUBLIC 19 --#define PEM_OBJ_PRIV_ECDSA 20 --#define PEM_OBJ_PUB_ECDSA 21 --#define PEM_OBJ_ECPARAMETERS 22 -- --#define PEM_ERROR 30 --#define PEM_DEK_DES_CBC 40 --#define PEM_DEK_IDEA_CBC 45 --#define PEM_DEK_DES_EDE 50 --#define PEM_DEK_DES_ECB 60 --#define PEM_DEK_RSA 70 --#define PEM_DEK_RSA_MD2 80 --#define PEM_DEK_RSA_MD5 90 -- --#define PEM_MD_MD2 NID_md2 --#define PEM_MD_MD5 NID_md5 --#define PEM_MD_SHA NID_sha --#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption --#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption --#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption -- --#define PEM_STRING_X509_OLD "X509 CERTIFICATE" --#define PEM_STRING_X509 "CERTIFICATE" --#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" --#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" --#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" --#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" --#define PEM_STRING_X509_CRL "X509 CRL" --#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" --#define PEM_STRING_PUBLIC "PUBLIC KEY" --#define PEM_STRING_RSA "RSA PRIVATE KEY" --#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" --#define PEM_STRING_DSA "DSA PRIVATE KEY" --#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" --#define PEM_STRING_PKCS7 "PKCS7" --#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" --#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" --#define PEM_STRING_PKCS8INF "PRIVATE KEY" --#define PEM_STRING_DHPARAMS "DH PARAMETERS" --#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" --#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" --#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" --#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" --#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" --#define PEM_STRING_CMS "CMS" -- -- /* Note that this structure is initialised by PEM_SealInit and cleaned up -- by PEM_SealFinal (at least for now) */ --typedef struct PEM_Encode_Seal_st -- { -- EVP_ENCODE_CTX encode; -- EVP_MD_CTX md; -- EVP_CIPHER_CTX cipher; -- } PEM_ENCODE_SEAL_CTX; -+# define PEM_BUFSIZE 1024 -+ -+# define PEM_OBJ_UNDEF 0 -+# define PEM_OBJ_X509 1 -+# define PEM_OBJ_X509_REQ 2 -+# define PEM_OBJ_CRL 3 -+# define PEM_OBJ_SSL_SESSION 4 -+# define PEM_OBJ_PRIV_KEY 10 -+# define PEM_OBJ_PRIV_RSA 11 -+# define PEM_OBJ_PRIV_DSA 12 -+# define PEM_OBJ_PRIV_DH 13 -+# define PEM_OBJ_PUB_RSA 14 -+# define PEM_OBJ_PUB_DSA 15 -+# define PEM_OBJ_PUB_DH 16 -+# define PEM_OBJ_DHPARAMS 17 -+# define PEM_OBJ_DSAPARAMS 18 -+# define PEM_OBJ_PRIV_RSA_PUBLIC 19 -+# define PEM_OBJ_PRIV_ECDSA 20 -+# define PEM_OBJ_PUB_ECDSA 21 -+# define PEM_OBJ_ECPARAMETERS 22 -+ -+# define PEM_ERROR 30 -+# define PEM_DEK_DES_CBC 40 -+# define PEM_DEK_IDEA_CBC 45 -+# define PEM_DEK_DES_EDE 50 -+# define PEM_DEK_DES_ECB 60 -+# define PEM_DEK_RSA 70 -+# define PEM_DEK_RSA_MD2 80 -+# define PEM_DEK_RSA_MD5 90 -+ -+# define PEM_MD_MD2 NID_md2 -+# define PEM_MD_MD5 NID_md5 -+# define PEM_MD_SHA NID_sha -+# define PEM_MD_MD2_RSA NID_md2WithRSAEncryption -+# define PEM_MD_MD5_RSA NID_md5WithRSAEncryption -+# define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption -+ -+# define PEM_STRING_X509_OLD "X509 CERTIFICATE" -+# define PEM_STRING_X509 "CERTIFICATE" -+# define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" -+# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" -+# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" -+# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" -+# define PEM_STRING_X509_CRL "X509 CRL" -+# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" -+# define PEM_STRING_PUBLIC "PUBLIC KEY" -+# define PEM_STRING_RSA "RSA PRIVATE KEY" -+# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" -+# define PEM_STRING_DSA "DSA PRIVATE KEY" -+# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" -+# define PEM_STRING_PKCS7 "PKCS7" -+# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" -+# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" -+# define PEM_STRING_PKCS8INF "PRIVATE KEY" -+# define PEM_STRING_DHPARAMS "DH PARAMETERS" -+# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" -+# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" -+# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" -+# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" -+# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" -+# define PEM_STRING_CMS "CMS" -+ -+ /* -+ * Note that this structure is initialised by PEM_SealInit and cleaned up -+ * by PEM_SealFinal (at least for now) -+ */ -+typedef struct PEM_Encode_Seal_st { -+ EVP_ENCODE_CTX encode; -+ EVP_MD_CTX md; -+ EVP_CIPHER_CTX cipher; -+} PEM_ENCODE_SEAL_CTX; - - /* enc_type is one off */ --#define PEM_TYPE_ENCRYPTED 10 --#define PEM_TYPE_MIC_ONLY 20 --#define PEM_TYPE_MIC_CLEAR 30 --#define PEM_TYPE_CLEAR 40 -- --typedef struct pem_recip_st -- { -- char *name; -- X509_NAME *dn; -- -- int cipher; -- int key_enc; -- /* char iv[8]; unused and wrong size */ -- } PEM_USER; -- --typedef struct pem_ctx_st -- { -- int type; /* what type of object */ -- -- struct { -- int version; -- int mode; -- } proc_type; -- -- char *domain; -- -- struct { -- int cipher; -- /* unused, and wrong size -- unsigned char iv[8]; */ -- } DEK_info; -- -- PEM_USER *originator; -- -- int num_recipient; -- PEM_USER **recipient; -- --#ifndef OPENSSL_NO_STACK -- STACK *x509_chain; /* certificate chain */ --#else -- char *x509_chain; /* certificate chain */ --#endif -- EVP_MD *md; /* signature type */ -- -- int md_enc; /* is the md encrypted or not? */ -- int md_len; /* length of md_data */ -- char *md_data; /* message digest, could be pkey encrypted */ -- -- EVP_CIPHER *dec; /* date encryption cipher */ -- int key_len; /* key length */ -- unsigned char *key; /* key */ -- /* unused, and wrong size -- unsigned char iv[8]; */ -- -- -- int data_enc; /* is the data encrypted */ -- int data_len; -- unsigned char *data; -- } PEM_CTX; -- --/* These macros make the PEM_read/PEM_write functions easier to maintain and -- * write. Now they are all implemented with either: -- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) -+# define PEM_TYPE_ENCRYPTED 10 -+# define PEM_TYPE_MIC_ONLY 20 -+# define PEM_TYPE_MIC_CLEAR 30 -+# define PEM_TYPE_CLEAR 40 -+ -+typedef struct pem_recip_st { -+ char *name; -+ X509_NAME *dn; -+ int cipher; -+ int key_enc; -+ /* char iv[8]; unused and wrong size */ -+} PEM_USER; -+ -+typedef struct pem_ctx_st { -+ int type; /* what type of object */ -+ struct { -+ int version; -+ int mode; -+ } proc_type; -+ -+ char *domain; -+ -+ struct { -+ int cipher; -+ /*- -+ unused, and wrong size -+ unsigned char iv[8]; */ -+ } DEK_info; -+ -+ PEM_USER *originator; -+ -+ int num_recipient; -+ PEM_USER **recipient; -+ -+# ifndef OPENSSL_NO_STACK -+ STACK *x509_chain; /* certificate chain */ -+# else -+ char *x509_chain; /* certificate chain */ -+# endif -+ EVP_MD *md; /* signature type */ -+ -+ int md_enc; /* is the md encrypted or not? */ -+ int md_len; /* length of md_data */ -+ char *md_data; /* message digest, could be pkey encrypted */ -+ -+ EVP_CIPHER *dec; /* date encryption cipher */ -+ int key_len; /* key length */ -+ unsigned char *key; /* key */ -+ /*- -+ unused, and wrong size -+ unsigned char iv[8]; */ -+ -+ int data_enc; /* is the data encrypted */ -+ int data_len; -+ unsigned char *data; -+} PEM_CTX; -+ -+/* -+ * These macros make the PEM_read/PEM_write functions easier to maintain and -+ * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or -+ * IMPLEMENT_PEM_rw_cb(...) - */ - --#ifdef OPENSSL_NO_FP_API -- --#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ --#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ --#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ --#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ --#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ -+# ifdef OPENSSL_NO_FP_API - --#else -+# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ -+# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ -+# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ -+# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ -+# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ -+# else - --#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ -+# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ - type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ - { \ - return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ -- str, fp, \ -- CHECKED_PPTR_OF(type, x), \ -- cb, u); \ --} -+ str, fp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u); \ -+} - --#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ -+# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ - int PEM_write_##name(FILE *fp, type *x) \ - { \ - return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ -- str, fp, \ -- CHECKED_PTR_OF(type, x), \ -- NULL, NULL, 0, NULL, NULL); \ -+ str, fp, \ -+ CHECKED_PTR_OF(type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - --#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ -+# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ - int PEM_write_##name(FILE *fp, const type *x) \ - { \ - return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ -- str, fp, \ -- CHECKED_PTR_OF(const type, x), \ -- NULL, NULL, 0, NULL, NULL); \ -+ str, fp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - --#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ -+# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ - int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ -- unsigned char *kstr, int klen, pem_password_cb *cb, \ -- void *u) \ -- { \ -- return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ -- str, fp, \ -- CHECKED_PTR_OF(type, x), \ -- enc, kstr, klen, cb, u); \ -- } -- --#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ -+ unsigned char *kstr, int klen, pem_password_cb *cb, \ -+ void *u) \ -+ { \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u); \ -+ } -+ -+# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ - int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ -- unsigned char *kstr, int klen, pem_password_cb *cb, \ -- void *u) \ -- { \ -- return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ -- str, fp, \ -- CHECKED_PTR_OF(const type, x), \ -- enc, kstr, klen, cb, u); \ -- } -- --#endif -- --#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ -+ unsigned char *kstr, int klen, pem_password_cb *cb, \ -+ void *u) \ -+ { \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ enc, kstr, klen, cb, u); \ -+ } -+ -+# endif -+ -+# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ - type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ - { \ - return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ -- str, bp, \ -- CHECKED_PPTR_OF(type, x), \ -- cb, u); \ -+ str, bp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u); \ - } - --#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ -+# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x) \ - { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ -- str, bp, \ -- CHECKED_PTR_OF(type, x), \ -- NULL, NULL, 0, NULL, NULL); \ -+ str, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - --#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ -+# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, const type *x) \ - { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ -- str, bp, \ -- CHECKED_PTR_OF(const type, x), \ -- NULL, NULL, 0, NULL, NULL); \ -+ str, bp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - --#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ -+# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ -- unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ -- { \ -- return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ -- str, bp, \ -- CHECKED_PTR_OF(type, x), \ -- enc, kstr, klen, cb, u); \ -- } -- --#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ -+ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ -+ { \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u); \ -+ } -+ -+# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ -- unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ -- { \ -- return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ -- str, bp, \ -- CHECKED_PTR_OF(const type, x), \ -- enc, kstr, klen, cb, u); \ -- } -- --#define IMPLEMENT_PEM_write(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_fp(name, type, str, asn1) -- --#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) -- --#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) -- --#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) -- --#define IMPLEMENT_PEM_read(name, type, str, asn1) \ -- IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ -- IMPLEMENT_PEM_read_fp(name, type, str, asn1) -- --#define IMPLEMENT_PEM_rw(name, type, str, asn1) \ -- IMPLEMENT_PEM_read(name, type, str, asn1) \ -- IMPLEMENT_PEM_write(name, type, str, asn1) -- --#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ -- IMPLEMENT_PEM_read(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_const(name, type, str, asn1) -- --#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ -- IMPLEMENT_PEM_read(name, type, str, asn1) \ -- IMPLEMENT_PEM_write_cb(name, type, str, asn1) -+ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ -+ { \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ enc, kstr, klen, cb, u); \ -+ } -+ -+# define IMPLEMENT_PEM_write(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_fp(name, type, str, asn1) -+ -+# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) -+ -+# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) -+ -+# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) -+ -+# define IMPLEMENT_PEM_read(name, type, str, asn1) \ -+ IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ -+ IMPLEMENT_PEM_read_fp(name, type, str, asn1) -+ -+# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ -+ IMPLEMENT_PEM_read(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write(name, type, str, asn1) -+ -+# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ -+ IMPLEMENT_PEM_read(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_const(name, type, str, asn1) -+ -+# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ -+ IMPLEMENT_PEM_read(name, type, str, asn1) \ -+ IMPLEMENT_PEM_write_cb(name, type, str, asn1) - - /* These are the same except they are for the declarations */ - --#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) -- --#define DECLARE_PEM_read_fp(name, type) /**/ --#define DECLARE_PEM_write_fp(name, type) /**/ --#define DECLARE_PEM_write_fp_const(name, type) /**/ --#define DECLARE_PEM_write_cb_fp(name, type) /**/ -- --#else -- --#define DECLARE_PEM_read_fp(name, type) \ -- type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); -- --#define DECLARE_PEM_write_fp(name, type) \ -- int PEM_write_##name(FILE *fp, type *x); -- --#define DECLARE_PEM_write_fp_const(name, type) \ -- int PEM_write_##name(FILE *fp, const type *x); -- --#define DECLARE_PEM_write_cb_fp(name, type) \ -- int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ -- unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -- --#endif -- --#ifndef OPENSSL_NO_BIO --#define DECLARE_PEM_read_bio(name, type) \ -- type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); -- --#define DECLARE_PEM_write_bio(name, type) \ -- int PEM_write_bio_##name(BIO *bp, type *x); -- --#define DECLARE_PEM_write_bio_const(name, type) \ -- int PEM_write_bio_##name(BIO *bp, const type *x); -- --#define DECLARE_PEM_write_cb_bio(name, type) \ -- int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ -- unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -- --#else -- --#define DECLARE_PEM_read_bio(name, type) /**/ --#define DECLARE_PEM_write_bio(name, type) /**/ --#define DECLARE_PEM_write_bio_const(name, type) /**/ --#define DECLARE_PEM_write_cb_bio(name, type) /**/ -- --#endif -- --#define DECLARE_PEM_write(name, type) \ -- DECLARE_PEM_write_bio(name, type) \ -- DECLARE_PEM_write_fp(name, type) -- --#define DECLARE_PEM_write_const(name, type) \ -- DECLARE_PEM_write_bio_const(name, type) \ -- DECLARE_PEM_write_fp_const(name, type) -- --#define DECLARE_PEM_write_cb(name, type) \ -- DECLARE_PEM_write_cb_bio(name, type) \ -- DECLARE_PEM_write_cb_fp(name, type) -- --#define DECLARE_PEM_read(name, type) \ -- DECLARE_PEM_read_bio(name, type) \ -- DECLARE_PEM_read_fp(name, type) -- --#define DECLARE_PEM_rw(name, type) \ -- DECLARE_PEM_read(name, type) \ -- DECLARE_PEM_write(name, type) -- --#define DECLARE_PEM_rw_const(name, type) \ -- DECLARE_PEM_read(name, type) \ -- DECLARE_PEM_write_const(name, type) -- --#define DECLARE_PEM_rw_cb(name, type) \ -- DECLARE_PEM_read(name, type) \ -- DECLARE_PEM_write_cb(name, type) -- --#ifdef SSLEAY_MACROS -- --#define PEM_write_SSL_SESSION(fp,x) \ -- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ -- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) --#define PEM_write_X509(fp,x) \ -- PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ -- (char *)x, NULL,NULL,0,NULL,NULL) --#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ -- (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ -- NULL,NULL,0,NULL,NULL) --#define PEM_write_X509_CRL(fp,x) \ -- PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ -- fp,(char *)x, NULL,NULL,0,NULL,NULL) --#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ -- PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ -- (char *)x,enc,kstr,klen,cb,u) --#define PEM_write_RSAPublicKey(fp,x) \ -- PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ -- PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) --#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ -- PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ -- (char *)x,enc,kstr,klen,cb,u) --#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ -- PEM_ASN1_write((int (*)())i2d_PrivateKey,\ -- (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ -- bp,(char *)x,enc,kstr,klen,cb,u) --#define PEM_write_PKCS7(fp,x) \ -- PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ -- (char *)x, NULL,NULL,0,NULL,NULL) --#define PEM_write_DHparams(fp,x) \ -- PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ -- (char *)x,NULL,NULL,0,NULL,NULL) -- --#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ -+# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) -+ -+# define DECLARE_PEM_read_fp(name, type) /**/ -+# define DECLARE_PEM_write_fp(name, type) /**/ -+# define DECLARE_PEM_write_fp_const(name, type) /**/ -+# define DECLARE_PEM_write_cb_fp(name, type) /**/ -+# else -+ -+# define DECLARE_PEM_read_fp(name, type) \ -+ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); -+ -+# define DECLARE_PEM_write_fp(name, type) \ -+ int PEM_write_##name(FILE *fp, type *x); -+ -+# define DECLARE_PEM_write_fp_const(name, type) \ -+ int PEM_write_##name(FILE *fp, const type *x); -+ -+# define DECLARE_PEM_write_cb_fp(name, type) \ -+ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ -+ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -+ -+# endif -+ -+# ifndef OPENSSL_NO_BIO -+# define DECLARE_PEM_read_bio(name, type) \ -+ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); -+ -+# define DECLARE_PEM_write_bio(name, type) \ -+ int PEM_write_bio_##name(BIO *bp, type *x); -+ -+# define DECLARE_PEM_write_bio_const(name, type) \ -+ int PEM_write_bio_##name(BIO *bp, const type *x); -+ -+# define DECLARE_PEM_write_cb_bio(name, type) \ -+ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ -+ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -+ -+# else -+ -+# define DECLARE_PEM_read_bio(name, type) /**/ -+# define DECLARE_PEM_write_bio(name, type) /**/ -+# define DECLARE_PEM_write_bio_const(name, type) /**/ -+# define DECLARE_PEM_write_cb_bio(name, type) /**/ -+# endif -+# define DECLARE_PEM_write(name, type) \ -+ DECLARE_PEM_write_bio(name, type) \ -+ DECLARE_PEM_write_fp(name, type) -+# define DECLARE_PEM_write_const(name, type) \ -+ DECLARE_PEM_write_bio_const(name, type) \ -+ DECLARE_PEM_write_fp_const(name, type) -+# define DECLARE_PEM_write_cb(name, type) \ -+ DECLARE_PEM_write_cb_bio(name, type) \ -+ DECLARE_PEM_write_cb_fp(name, type) -+# define DECLARE_PEM_read(name, type) \ -+ DECLARE_PEM_read_bio(name, type) \ -+ DECLARE_PEM_read_fp(name, type) -+# define DECLARE_PEM_rw(name, type) \ -+ DECLARE_PEM_read(name, type) \ -+ DECLARE_PEM_write(name, type) -+# define DECLARE_PEM_rw_const(name, type) \ -+ DECLARE_PEM_read(name, type) \ -+ DECLARE_PEM_write_const(name, type) -+# define DECLARE_PEM_rw_cb(name, type) \ -+ DECLARE_PEM_read(name, type) \ -+ DECLARE_PEM_write_cb(name, type) -+# ifdef SSLEAY_MACROS -+# define PEM_write_SSL_SESSION(fp,x) \ -+ PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ -+ PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) -+# define PEM_write_X509(fp,x) \ -+ PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ -+ (char *)x, NULL,NULL,0,NULL,NULL) -+# define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ -+ (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ -+ NULL,NULL,0,NULL,NULL) -+# define PEM_write_X509_CRL(fp,x) \ -+ PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ -+ fp,(char *)x, NULL,NULL,0,NULL,NULL) -+# define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ -+ PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ -+ (char *)x,enc,kstr,klen,cb,u) -+# define PEM_write_RSAPublicKey(fp,x) \ -+ PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ -+ PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) -+# define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ -+ PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ -+ (char *)x,enc,kstr,klen,cb,u) -+# define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ -+ PEM_ASN1_write((int (*)())i2d_PrivateKey,\ -+ (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ -+ bp,(char *)x,enc,kstr,klen,cb,u) -+# define PEM_write_PKCS7(fp,x) \ -+ PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ -+ (char *)x, NULL,NULL,0,NULL,NULL) -+# define PEM_write_DHparams(fp,x) \ -+ PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ -+ (char *)x,NULL,NULL,0,NULL,NULL) -+# define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ - PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ -- PEM_STRING_X509,fp, \ -+ PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -- --#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ -- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) --#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ -- (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) --#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ -- (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) --#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ -- (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) --#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ -- (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) --#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ -- (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) --#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ -- (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) --#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ -- (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) --#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ -- (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) --#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ -- (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) -- --#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ -- (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ -+# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ -+ (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) -+# define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ -+ (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) -+# define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ -+ (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) -+# define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ -+ (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) -+# define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ -+ (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) -+# define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ -+ (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) -+# define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ -+ (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) -+# define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ -+ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) -+# define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ -+ (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) -+# define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ -+ (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) -+# define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ -+ (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ - (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ -- (char **)x,cb,u) -- --#define PEM_write_bio_X509(bp,x) \ -- PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ -- (char *)x, NULL,NULL,0,NULL,NULL) --#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ -- (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ -- NULL,NULL,0,NULL,NULL) --#define PEM_write_bio_X509_CRL(bp,x) \ -- PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ -- bp,(char *)x, NULL,NULL,0,NULL,NULL) --#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ -- PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ -- bp,(char *)x,enc,kstr,klen,cb,u) --#define PEM_write_bio_RSAPublicKey(bp,x) \ -- PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ -- PEM_STRING_RSA_PUBLIC,\ -- bp,(char *)x,NULL,NULL,0,NULL,NULL) --#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ -- PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ -- bp,(char *)x,enc,kstr,klen,cb,u) --#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ -- PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ -- (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ -- bp,(char *)x,enc,kstr,klen,cb,u) --#define PEM_write_bio_PKCS7(bp,x) \ -- PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ -- (char *)x, NULL,NULL,0,NULL,NULL) --#define PEM_write_bio_DHparams(bp,x) \ -- PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ -- bp,(char *)x,NULL,NULL,0,NULL,NULL) --#define PEM_write_bio_DSAparams(bp,x) \ -- PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ -- PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) -- --#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ -+ (char **)x,cb,u) -+# define PEM_write_bio_X509(bp,x) \ -+ PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ -+ (char *)x, NULL,NULL,0,NULL,NULL) -+# define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ -+ (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ -+ NULL,NULL,0,NULL,NULL) -+# define PEM_write_bio_X509_CRL(bp,x) \ -+ PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ -+ bp,(char *)x, NULL,NULL,0,NULL,NULL) -+# define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ -+ PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ -+ bp,(char *)x,enc,kstr,klen,cb,u) -+# define PEM_write_bio_RSAPublicKey(bp,x) \ -+ PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ -+ PEM_STRING_RSA_PUBLIC,\ -+ bp,(char *)x,NULL,NULL,0,NULL,NULL) -+# define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ -+ PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ -+ bp,(char *)x,enc,kstr,klen,cb,u) -+# define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ -+ PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ -+ (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ -+ bp,(char *)x,enc,kstr,klen,cb,u) -+# define PEM_write_bio_PKCS7(bp,x) \ -+ PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ -+ (char *)x, NULL,NULL,0,NULL,NULL) -+# define PEM_write_bio_DHparams(bp,x) \ -+ PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ -+ bp,(char *)x,NULL,NULL,0,NULL,NULL) -+# define PEM_write_bio_DSAparams(bp,x) \ -+ PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ -+ PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) -+# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ -- PEM_STRING_X509,bp, \ -+ PEM_STRING_X509,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -- --#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) --#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) --#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) --#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) --#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) --#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) --#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) -- --#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) --#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) --#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ -- (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) -- --#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ -- (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ -+# define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) -+# define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) -+# define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) -+# define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) -+# define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) -+# define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) -+# define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) -+# define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) -+# define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) -+# define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ -+ (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) -+# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ -+ (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\ -- (char **)x,cb,u) -- --#endif -- --#if 1 -+ (char **)x,cb,u) -+# endif -+# if 1 - /* "userdata": new with OpenSSL 0.9.4 */ --typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); --#else -+typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); -+# else - /* OpenSSL 0.9.3, 0.9.3a */ --typedef int pem_password_cb(char *buf, int size, int rwflag); --#endif -- --int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); --int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, -- pem_password_cb *callback,void *u); -- --#ifndef OPENSSL_NO_BIO --int PEM_read_bio(BIO *bp, char **name, char **header, -- unsigned char **data,long *len); --int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, -- long len); --int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, -- pem_password_cb *cb, void *u); --void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, -- void **x, pem_password_cb *cb, void *u); -- --#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ -+typedef int pem_password_cb (char *buf, int size, int rwflag); -+# endif -+ -+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); -+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, -+ pem_password_cb *callback, void *u); -+ -+# ifndef OPENSSL_NO_BIO -+int PEM_read_bio(BIO *bp, char **name, char **header, -+ unsigned char **data, long *len); -+int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data, -+ long len); -+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, -+ const char *name, BIO *bp, pem_password_cb *cb, -+ void *u); -+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, -+ pem_password_cb *cb, void *u); -+ -+# define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ - ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ -- name, bp, \ -- CHECKED_PPTR_OF(type, x), \ -- cb, u)) -+ name, bp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u)) - --int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, -- const EVP_CIPHER *enc,unsigned char *kstr,int klen, -- pem_password_cb *cb, void *u); -+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, char *x, -+ const EVP_CIPHER *enc, unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u); - --#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ -+# define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ - (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ -- name, bp, \ -- CHECKED_PTR_OF(type, x), \ -- enc, kstr, klen, cb, u)) -- --STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); --int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, -- unsigned char *kstr, int klen, pem_password_cb *cd, void *u); --#endif -- --#ifndef OPENSSL_SYS_WIN16 --int PEM_read(FILE *fp, char **name, char **header, -- unsigned char **data,long *len); --int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); --void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, -- pem_password_cb *cb, void *u); --int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, -- char *x,const EVP_CIPHER *enc,unsigned char *kstr, -- int klen,pem_password_cb *callback, void *u); --STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, -- pem_password_cb *cb, void *u); --#endif -- --int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, -- EVP_MD *md_type, unsigned char **ek, int *ekl, -- unsigned char *iv, EVP_PKEY **pubk, int npubk); --void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, -- unsigned char *in, int inl); --int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, -- unsigned char *out, int *outl, EVP_PKEY *priv); -- --void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); --void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); --int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, -- unsigned int *siglen, EVP_PKEY *pkey); -- --int PEM_def_callback(char *buf, int num, int w, void *key); --void PEM_proc_type(char *buf, int type); --void PEM_dek_info(char *buf, const char *type, int len, char *str); -- --#ifndef SSLEAY_MACROS -- --#include -+ name, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u)) -+ -+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, -+ pem_password_cb *cb, void *u); -+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, -+ unsigned char *kstr, int klen, -+ pem_password_cb *cd, void *u); -+# endif -+ -+# ifndef OPENSSL_SYS_WIN16 -+int PEM_read(FILE *fp, char **name, char **header, -+ unsigned char **data, long *len); -+int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, long len); -+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, -+ pem_password_cb *cb, void *u); -+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, -+ char *x, const EVP_CIPHER *enc, unsigned char *kstr, -+ int klen, pem_password_cb *callback, void *u); -+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, -+ pem_password_cb *cb, void *u); -+# endif -+ -+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, -+ EVP_MD *md_type, unsigned char **ek, int *ekl, -+ unsigned char *iv, EVP_PKEY **pubk, int npubk); -+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, -+ unsigned char *in, int inl); -+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, -+ unsigned char *out, int *outl, EVP_PKEY *priv); -+ -+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); -+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); -+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, -+ unsigned int *siglen, EVP_PKEY *pkey); -+ -+int PEM_def_callback(char *buf, int num, int w, void *key); -+void PEM_proc_type(char *buf, int type); -+void PEM_dek_info(char *buf, const char *type, int len, char *str); -+ -+# ifndef SSLEAY_MACROS -+ -+# include - - DECLARE_PEM_rw(X509, X509) -- - DECLARE_PEM_rw(X509_AUX, X509) -- - DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) -- - DECLARE_PEM_rw(X509_REQ, X509_REQ) - DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) -- - DECLARE_PEM_rw(X509_CRL, X509_CRL) -- - DECLARE_PEM_rw(PKCS7, PKCS7) -- - DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) -- - DECLARE_PEM_rw(PKCS8, X509_SIG) -- - DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) -- --#ifndef OPENSSL_NO_RSA -- -+# ifndef OPENSSL_NO_RSA - DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -- - DECLARE_PEM_rw_const(RSAPublicKey, RSA) - DECLARE_PEM_rw(RSA_PUBKEY, RSA) -- --#endif -- --#ifndef OPENSSL_NO_DSA -- -+# endif -+# ifndef OPENSSL_NO_DSA - DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) -- - DECLARE_PEM_rw(DSA_PUBKEY, DSA) -- - DECLARE_PEM_rw_const(DSAparams, DSA) -- --#endif -- --#ifndef OPENSSL_NO_EC -+# endif -+# ifndef OPENSSL_NO_EC - DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) - DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) - DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) --#endif -- --#ifndef OPENSSL_NO_DH -- -+# endif -+# ifndef OPENSSL_NO_DH - DECLARE_PEM_rw_const(DHparams, DH) -- --#endif -- -+# endif - DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) -- - DECLARE_PEM_rw(PUBKEY, EVP_PKEY) - - int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, -- char *kstr, int klen, -- pem_password_cb *cb, void *u); -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u); - int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, - char *, int, pem_password_cb *, void *); - int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u); -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u); - int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, -- char *kstr, int klen, -- pem_password_cb *cb, void *u); --EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u); -+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, -+ void *u); - - int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u); -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u); - int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, -- char *kstr, int klen, -- pem_password_cb *cb, void *u); -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u); - int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, -- char *kstr, int klen, -- pem_password_cb *cb, void *u); -- --EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u); - --int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, -- char *kstr,int klen, pem_password_cb *cd, void *u); -+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, -+ void *u); - --#endif /* SSLEAY_MACROS */ -+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, -+ char *kstr, int klen, pem_password_cb *cd, -+ void *u); - -+# endif /* SSLEAY_MACROS */ - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_PEM_strings(void); -@@ -731,50 +691,50 @@ void ERR_load_PEM_strings(void); - /* Error codes for the PEM functions. */ - - /* Function codes. */ --#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 --#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 --#define PEM_F_DO_PK8PKEY 126 --#define PEM_F_DO_PK8PKEY_FP 125 --#define PEM_F_LOAD_IV 101 --#define PEM_F_PEM_ASN1_READ 102 --#define PEM_F_PEM_ASN1_READ_BIO 103 --#define PEM_F_PEM_ASN1_WRITE 104 --#define PEM_F_PEM_ASN1_WRITE_BIO 105 --#define PEM_F_PEM_DEF_CALLBACK 100 --#define PEM_F_PEM_DO_HEADER 106 --#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 --#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 --#define PEM_F_PEM_PK8PKEY 119 --#define PEM_F_PEM_READ 108 --#define PEM_F_PEM_READ_BIO 109 --#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 --#define PEM_F_PEM_READ_PRIVATEKEY 124 --#define PEM_F_PEM_SEALFINAL 110 --#define PEM_F_PEM_SEALINIT 111 --#define PEM_F_PEM_SIGNFINAL 112 --#define PEM_F_PEM_WRITE 113 --#define PEM_F_PEM_WRITE_BIO 114 --#define PEM_F_PEM_X509_INFO_READ 115 --#define PEM_F_PEM_X509_INFO_READ_BIO 116 --#define PEM_F_PEM_X509_INFO_WRITE_BIO 117 -+# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 -+# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 -+# define PEM_F_DO_PK8PKEY 126 -+# define PEM_F_DO_PK8PKEY_FP 125 -+# define PEM_F_LOAD_IV 101 -+# define PEM_F_PEM_ASN1_READ 102 -+# define PEM_F_PEM_ASN1_READ_BIO 103 -+# define PEM_F_PEM_ASN1_WRITE 104 -+# define PEM_F_PEM_ASN1_WRITE_BIO 105 -+# define PEM_F_PEM_DEF_CALLBACK 100 -+# define PEM_F_PEM_DO_HEADER 106 -+# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 -+# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 -+# define PEM_F_PEM_PK8PKEY 119 -+# define PEM_F_PEM_READ 108 -+# define PEM_F_PEM_READ_BIO 109 -+# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 -+# define PEM_F_PEM_READ_PRIVATEKEY 124 -+# define PEM_F_PEM_SEALFINAL 110 -+# define PEM_F_PEM_SEALINIT 111 -+# define PEM_F_PEM_SIGNFINAL 112 -+# define PEM_F_PEM_WRITE 113 -+# define PEM_F_PEM_WRITE_BIO 114 -+# define PEM_F_PEM_X509_INFO_READ 115 -+# define PEM_F_PEM_X509_INFO_READ_BIO 116 -+# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 - - /* Reason codes. */ --#define PEM_R_BAD_BASE64_DECODE 100 --#define PEM_R_BAD_DECRYPT 101 --#define PEM_R_BAD_END_LINE 102 --#define PEM_R_BAD_IV_CHARS 103 --#define PEM_R_BAD_PASSWORD_READ 104 --#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 --#define PEM_R_NOT_DEK_INFO 105 --#define PEM_R_NOT_ENCRYPTED 106 --#define PEM_R_NOT_PROC_TYPE 107 --#define PEM_R_NO_START_LINE 108 --#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 --#define PEM_R_PUBLIC_KEY_NO_RSA 110 --#define PEM_R_READ_KEY 111 --#define PEM_R_SHORT_HEADER 112 --#define PEM_R_UNSUPPORTED_CIPHER 113 --#define PEM_R_UNSUPPORTED_ENCRYPTION 114 -+# define PEM_R_BAD_BASE64_DECODE 100 -+# define PEM_R_BAD_DECRYPT 101 -+# define PEM_R_BAD_END_LINE 102 -+# define PEM_R_BAD_IV_CHARS 103 -+# define PEM_R_BAD_PASSWORD_READ 104 -+# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 -+# define PEM_R_NOT_DEK_INFO 105 -+# define PEM_R_NOT_ENCRYPTED 106 -+# define PEM_R_NOT_PROC_TYPE 107 -+# define PEM_R_NO_START_LINE 108 -+# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 -+# define PEM_R_PUBLIC_KEY_NO_RSA 110 -+# define PEM_R_READ_KEY 111 -+# define PEM_R_SHORT_HEADER 112 -+# define PEM_R_UNSUPPORTED_CIPHER 113 -+# define PEM_R_UNSUPPORTED_ENCRYPTION 114 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/pem2.h b/Cryptlib/Include/openssl/pem2.h -index f31790d..84897d5 100644 ---- a/Cryptlib/Include/openssl/pem2.h -+++ b/Cryptlib/Include/openssl/pem2.h -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -diff --git a/Cryptlib/Include/openssl/pkcs12.h b/Cryptlib/Include/openssl/pkcs12.h -index 78317fb..90959f6 100644 ---- a/Cryptlib/Include/openssl/pkcs12.h -+++ b/Cryptlib/Include/openssl/pkcs12.h -@@ -1,6 +1,7 @@ - /* pkcs12.h */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,69 +58,69 @@ - */ - - #ifndef HEADER_PKCS12_H --#define HEADER_PKCS12_H -+# define HEADER_PKCS12_H - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#define PKCS12_KEY_ID 1 --#define PKCS12_IV_ID 2 --#define PKCS12_MAC_ID 3 -+# define PKCS12_KEY_ID 1 -+# define PKCS12_IV_ID 2 -+# define PKCS12_MAC_ID 3 - - /* Default iteration count */ --#ifndef PKCS12_DEFAULT_ITER --#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER --#endif -+# ifndef PKCS12_DEFAULT_ITER -+# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER -+# endif - --#define PKCS12_MAC_KEY_LENGTH 20 -+# define PKCS12_MAC_KEY_LENGTH 20 - --#define PKCS12_SALT_LEN 8 -+# define PKCS12_SALT_LEN 8 - - /* Uncomment out next line for unicode password and names, otherwise ASCII */ - --/*#define PBE_UNICODE*/ -+/* -+ * #define PBE_UNICODE -+ */ - --#ifdef PBE_UNICODE --#define PKCS12_key_gen PKCS12_key_gen_uni --#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni --#else --#define PKCS12_key_gen PKCS12_key_gen_asc --#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc --#endif -+# ifdef PBE_UNICODE -+# define PKCS12_key_gen PKCS12_key_gen_uni -+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni -+# else -+# define PKCS12_key_gen PKCS12_key_gen_asc -+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc -+# endif - - /* MS key usage constants */ - --#define KEY_EX 0x10 --#define KEY_SIG 0x80 -+# define KEY_EX 0x10 -+# define KEY_SIG 0x80 - - typedef struct { --X509_SIG *dinfo; --ASN1_OCTET_STRING *salt; --ASN1_INTEGER *iter; /* defaults to 1 */ -+ X509_SIG *dinfo; -+ ASN1_OCTET_STRING *salt; -+ ASN1_INTEGER *iter; /* defaults to 1 */ - } PKCS12_MAC_DATA; - - typedef struct { --ASN1_INTEGER *version; --PKCS12_MAC_DATA *mac; --PKCS7 *authsafes; -+ ASN1_INTEGER *version; -+ PKCS12_MAC_DATA *mac; -+ PKCS7 *authsafes; - } PKCS12; - --PREDECLARE_STACK_OF(PKCS12_SAFEBAG) -- --typedef struct { --ASN1_OBJECT *type; --union { -- struct pkcs12_bag_st *bag; /* secret, crl and certbag */ -- struct pkcs8_priv_key_info_st *keybag; /* keybag */ -- X509_SIG *shkeybag; /* shrouded key bag */ -- STACK_OF(PKCS12_SAFEBAG) *safes; -- ASN1_TYPE *other; --}value; --STACK_OF(X509_ATTRIBUTE) *attrib; -+PREDECLARE_STACK_OF(PKCS12_SAFEBAG) typedef struct { -+ ASN1_OBJECT *type; -+ union { -+ struct pkcs12_bag_st *bag; /* secret, crl and certbag */ -+ struct pkcs8_priv_key_info_st *keybag; /* keybag */ -+ X509_SIG *shkeybag; /* shrouded key bag */ -+ STACK_OF(PKCS12_SAFEBAG) *safes; -+ ASN1_TYPE *other; -+ } value; -+ STACK_OF(X509_ATTRIBUTE) *attrib; - } PKCS12_SAFEBAG; - - DECLARE_STACK_OF(PKCS12_SAFEBAG) -@@ -127,119 +128,127 @@ DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) - DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) - - typedef struct pkcs12_bag_st { --ASN1_OBJECT *type; --union { -- ASN1_OCTET_STRING *x509cert; -- ASN1_OCTET_STRING *x509crl; -- ASN1_OCTET_STRING *octet; -- ASN1_IA5STRING *sdsicert; -- ASN1_TYPE *other; /* Secret or other bag */ --}value; -+ ASN1_OBJECT *type; -+ union { -+ ASN1_OCTET_STRING *x509cert; -+ ASN1_OCTET_STRING *x509crl; -+ ASN1_OCTET_STRING *octet; -+ ASN1_IA5STRING *sdsicert; -+ ASN1_TYPE *other; /* Secret or other bag */ -+ } value; - } PKCS12_BAGS; - --#define PKCS12_ERROR 0 --#define PKCS12_OK 1 -+# define PKCS12_ERROR 0 -+# define PKCS12_OK 1 - - /* Compatibility macros */ - --#define M_PKCS12_x5092certbag PKCS12_x5092certbag --#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag -- --#define M_PKCS12_certbag2x509 PKCS12_certbag2x509 --#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl -+# define M_PKCS12_x5092certbag PKCS12_x5092certbag -+# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag - --#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data --#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes --#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes --#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata -+# define M_PKCS12_certbag2x509 PKCS12_certbag2x509 -+# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl - --#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey --#define M_PKCS8_decrypt PKCS8_decrypt -+# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data -+# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes -+# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes -+# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata - --#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) --#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) --#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type -+# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey -+# define M_PKCS8_decrypt PKCS8_decrypt - --#define PKCS12_get_attr(bag, attr_nid) \ -- PKCS12_get_attr_gen(bag->attrib, attr_nid) -+# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) -+# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) -+# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type - --#define PKCS8_get_attr(p8, attr_nid) \ -- PKCS12_get_attr_gen(p8->attributes, attr_nid) -+# define PKCS12_get_attr(bag, attr_nid) \ -+ PKCS12_get_attr_gen(bag->attrib, attr_nid) - --#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) -+# define PKCS8_get_attr(p8, attr_nid) \ -+ PKCS12_get_attr_gen(p8->attributes, attr_nid) - -+# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) - - PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); - PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); - X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); - X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); - --PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, -- int nid2); -+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, -+ int nid1, int nid2); - PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); --PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen); --PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, -- int passlen); --X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, -- const char *pass, int passlen, -- unsigned char *salt, int saltlen, int iter, -- PKCS8_PRIV_KEY_INFO *p8); -+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, -+ int passlen); -+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, -+ const char *pass, int passlen); -+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, -+ const char *pass, int passlen, unsigned char *salt, -+ int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); - PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, -- int passlen, unsigned char *salt, -- int saltlen, int iter, -- PKCS8_PRIV_KEY_INFO *p8); -+ int passlen, unsigned char *salt, -+ int saltlen, int iter, -+ PKCS8_PRIV_KEY_INFO *p8); - PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); - STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); - PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, -- unsigned char *salt, int saltlen, int iter, -- STACK_OF(PKCS12_SAFEBAG) *bags); --STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); -+ unsigned char *salt, int saltlen, int iter, -+ STACK_OF(PKCS12_SAFEBAG) *bags); -+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, -+ int passlen); - - int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); - STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); - --int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); -+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, -+ int namelen); - int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, -- int namelen); -+ int namelen); - int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, -- int namelen); --int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, -- int namelen); -+ int namelen); -+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, -+ const unsigned char *name, int namelen); - int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); - ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); - char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); - unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, -- int passlen, unsigned char *in, int inlen, -- unsigned char **data, int *datalen, int en_de); --void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, -- const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf); --ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, -- const char *pass, int passlen, -- void *obj, int zbuf); -+ int passlen, unsigned char *in, int inlen, -+ unsigned char **data, int *datalen, -+ int en_de); -+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, -+ const char *pass, int passlen, -+ ASN1_OCTET_STRING *oct, int zbuf); -+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, -+ const ASN1_ITEM *it, -+ const char *pass, int passlen, -+ void *obj, int zbuf); - PKCS12 *PKCS12_init(int mode); - int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, -- int saltlen, int id, int iter, int n, -- unsigned char *out, const EVP_MD *md_type); --int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); -+ int saltlen, int id, int iter, int n, -+ unsigned char *out, const EVP_MD *md_type); -+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, -+ int saltlen, int id, int iter, int n, -+ unsigned char *out, const EVP_MD *md_type); - int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, -- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, -- int en_de); -+ ASN1_TYPE *param, const EVP_CIPHER *cipher, -+ const EVP_MD *md_type, int en_de); - int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, -- unsigned char *mac, unsigned int *maclen); -+ unsigned char *mac, unsigned int *maclen); - int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); - int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, -- unsigned char *salt, int saltlen, int iter, -- const EVP_MD *md_type); -+ unsigned char *salt, int saltlen, int iter, -+ const EVP_MD *md_type); - int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, -- int saltlen, const EVP_MD *md_type); --#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) -+ int saltlen, const EVP_MD *md_type); -+# if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) - /* Rename these functions to avoid name clashes on NetWare OS */ --unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); -+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, -+ unsigned char **uni, int *unilen); - char *OPENSSL_uni2asc(unsigned char *uni, int unilen); --#else --unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); -+# else -+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, -+ int *unilen); - char *uni2asc(unsigned char *uni, int unilen); --#endif -+# endif - DECLARE_ASN1_FUNCTIONS(PKCS12) - DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) - DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) -@@ -250,17 +259,17 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) - - void PKCS12_PBE_add(void); - int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, -- STACK_OF(X509) **ca); -+ STACK_OF(X509) **ca); - PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, -- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, -- int mac_iter, int keytype); -+ STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, -+ int mac_iter, int keytype); - - PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); --PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, -- int key_usage, int iter, -- int key_nid, char *pass); -+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, -+ EVP_PKEY *key, int key_usage, int iter, -+ int key_nid, char *pass); - int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, -- int safe_nid, int iter, char *pass); -+ int safe_nid, int iter, char *pass); - PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); - - int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); -@@ -270,7 +279,8 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); - int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_PKCS12_strings(void); -@@ -278,59 +288,59 @@ void ERR_load_PKCS12_strings(void); - /* Error codes for the PKCS12 functions. */ - - /* Function codes. */ --#define PKCS12_F_PARSE_BAG 129 --#define PKCS12_F_PARSE_BAGS 103 --#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 --#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 --#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 --#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 --#define PKCS12_F_PKCS12_CREATE 105 --#define PKCS12_F_PKCS12_GEN_MAC 107 --#define PKCS12_F_PKCS12_INIT 109 --#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 --#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 --#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 --#define PKCS12_F_PKCS12_KEY_GEN_ASC 110 --#define PKCS12_F_PKCS12_KEY_GEN_UNI 111 --#define PKCS12_F_PKCS12_MAKE_KEYBAG 112 --#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 --#define PKCS12_F_PKCS12_NEWPASS 128 --#define PKCS12_F_PKCS12_PACK_P7DATA 114 --#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 --#define PKCS12_F_PKCS12_PARSE 118 --#define PKCS12_F_PKCS12_PBE_CRYPT 119 --#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 --#define PKCS12_F_PKCS12_SETUP_MAC 122 --#define PKCS12_F_PKCS12_SET_MAC 123 --#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 --#define PKCS12_F_PKCS12_UNPACK_P7DATA 131 --#define PKCS12_F_PKCS12_VERIFY_MAC 126 --#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 --#define PKCS12_F_PKCS8_ENCRYPT 125 -+# define PKCS12_F_PARSE_BAG 129 -+# define PKCS12_F_PARSE_BAGS 103 -+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 -+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 -+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 -+# define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 -+# define PKCS12_F_PKCS12_CREATE 105 -+# define PKCS12_F_PKCS12_GEN_MAC 107 -+# define PKCS12_F_PKCS12_INIT 109 -+# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 -+# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 -+# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 -+# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 -+# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 -+# define PKCS12_F_PKCS12_MAKE_KEYBAG 112 -+# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 -+# define PKCS12_F_PKCS12_NEWPASS 128 -+# define PKCS12_F_PKCS12_PACK_P7DATA 114 -+# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 -+# define PKCS12_F_PKCS12_PARSE 118 -+# define PKCS12_F_PKCS12_PBE_CRYPT 119 -+# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 -+# define PKCS12_F_PKCS12_SETUP_MAC 122 -+# define PKCS12_F_PKCS12_SET_MAC 123 -+# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 -+# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 -+# define PKCS12_F_PKCS12_VERIFY_MAC 126 -+# define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 -+# define PKCS12_F_PKCS8_ENCRYPT 125 - - /* Reason codes. */ --#define PKCS12_R_CANT_PACK_STRUCTURE 100 --#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 --#define PKCS12_R_DECODE_ERROR 101 --#define PKCS12_R_ENCODE_ERROR 102 --#define PKCS12_R_ENCRYPT_ERROR 103 --#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 --#define PKCS12_R_INVALID_NULL_ARGUMENT 104 --#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 --#define PKCS12_R_IV_GEN_ERROR 106 --#define PKCS12_R_KEY_GEN_ERROR 107 --#define PKCS12_R_MAC_ABSENT 108 --#define PKCS12_R_MAC_GENERATION_ERROR 109 --#define PKCS12_R_MAC_SETUP_ERROR 110 --#define PKCS12_R_MAC_STRING_SET_ERROR 111 --#define PKCS12_R_MAC_VERIFY_ERROR 112 --#define PKCS12_R_MAC_VERIFY_FAILURE 113 --#define PKCS12_R_PARSE_ERROR 114 --#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 --#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 --#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 --#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 --#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 -+# define PKCS12_R_CANT_PACK_STRUCTURE 100 -+# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 -+# define PKCS12_R_DECODE_ERROR 101 -+# define PKCS12_R_ENCODE_ERROR 102 -+# define PKCS12_R_ENCRYPT_ERROR 103 -+# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 -+# define PKCS12_R_INVALID_NULL_ARGUMENT 104 -+# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 -+# define PKCS12_R_IV_GEN_ERROR 106 -+# define PKCS12_R_KEY_GEN_ERROR 107 -+# define PKCS12_R_MAC_ABSENT 108 -+# define PKCS12_R_MAC_GENERATION_ERROR 109 -+# define PKCS12_R_MAC_SETUP_ERROR 110 -+# define PKCS12_R_MAC_STRING_SET_ERROR 111 -+# define PKCS12_R_MAC_VERIFY_ERROR 112 -+# define PKCS12_R_MAC_VERIFY_FAILURE 113 -+# define PKCS12_R_PARSE_ERROR 114 -+# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 -+# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 -+# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 -+# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 -+# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/pkcs7.h b/Cryptlib/Include/openssl/pkcs7.h -index cc092d2..201f289 100644 ---- a/Cryptlib/Include/openssl/pkcs7.h -+++ b/Cryptlib/Include/openssl/pkcs7.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,241 +57,225 @@ - */ - - #ifndef HEADER_PKCS7_H --#define HEADER_PKCS7_H -+# define HEADER_PKCS7_H - --#include --#include --#include -+# include -+# include -+# include - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#ifdef OPENSSL_SYS_WIN32 -+# ifdef OPENSSL_SYS_WIN32 - /* Under Win32 thes are defined in wincrypt.h */ --#undef PKCS7_ISSUER_AND_SERIAL --#undef PKCS7_SIGNER_INFO --#endif -- --/* --Encryption_ID DES-CBC --Digest_ID MD5 --Digest_Encryption_ID rsaEncryption --Key_Encryption_ID rsaEncryption -+# undef PKCS7_ISSUER_AND_SERIAL -+# undef PKCS7_SIGNER_INFO -+# endif -+ -+/*- -+Encryption_ID DES-CBC -+Digest_ID MD5 -+Digest_Encryption_ID rsaEncryption -+Key_Encryption_ID rsaEncryption - */ - --typedef struct pkcs7_issuer_and_serial_st -- { -- X509_NAME *issuer; -- ASN1_INTEGER *serial; -- } PKCS7_ISSUER_AND_SERIAL; -- --typedef struct pkcs7_signer_info_st -- { -- ASN1_INTEGER *version; /* version 1 */ -- PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; -- X509_ALGOR *digest_alg; -- STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ -- X509_ALGOR *digest_enc_alg; -- ASN1_OCTET_STRING *enc_digest; -- STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ -- -- /* The private key to sign with */ -- EVP_PKEY *pkey; -- } PKCS7_SIGNER_INFO; -+typedef struct pkcs7_issuer_and_serial_st { -+ X509_NAME *issuer; -+ ASN1_INTEGER *serial; -+} PKCS7_ISSUER_AND_SERIAL; -+ -+typedef struct pkcs7_signer_info_st { -+ ASN1_INTEGER *version; /* version 1 */ -+ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; -+ X509_ALGOR *digest_alg; -+ STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ -+ X509_ALGOR *digest_enc_alg; -+ ASN1_OCTET_STRING *enc_digest; -+ STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ -+ /* The private key to sign with */ -+ EVP_PKEY *pkey; -+} PKCS7_SIGNER_INFO; - - DECLARE_STACK_OF(PKCS7_SIGNER_INFO) - DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) - --typedef struct pkcs7_recip_info_st -- { -- ASN1_INTEGER *version; /* version 0 */ -- PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; -- X509_ALGOR *key_enc_algor; -- ASN1_OCTET_STRING *enc_key; -- X509 *cert; /* get the pub-key from this */ -- } PKCS7_RECIP_INFO; -+typedef struct pkcs7_recip_info_st { -+ ASN1_INTEGER *version; /* version 0 */ -+ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; -+ X509_ALGOR *key_enc_algor; -+ ASN1_OCTET_STRING *enc_key; -+ X509 *cert; /* get the pub-key from this */ -+} PKCS7_RECIP_INFO; - - DECLARE_STACK_OF(PKCS7_RECIP_INFO) - DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) - --typedef struct pkcs7_signed_st -- { -- ASN1_INTEGER *version; /* version 1 */ -- STACK_OF(X509_ALGOR) *md_algs; /* md used */ -- STACK_OF(X509) *cert; /* [ 0 ] */ -- STACK_OF(X509_CRL) *crl; /* [ 1 ] */ -- STACK_OF(PKCS7_SIGNER_INFO) *signer_info; -- -- struct pkcs7_st *contents; -- } PKCS7_SIGNED; --/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE. -- * How about merging the two */ -- --typedef struct pkcs7_enc_content_st -- { -- ASN1_OBJECT *content_type; -- X509_ALGOR *algorithm; -- ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ -- const EVP_CIPHER *cipher; -- } PKCS7_ENC_CONTENT; -- --typedef struct pkcs7_enveloped_st -- { -- ASN1_INTEGER *version; /* version 0 */ -- STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; -- PKCS7_ENC_CONTENT *enc_data; -- } PKCS7_ENVELOPE; -- --typedef struct pkcs7_signedandenveloped_st -- { -- ASN1_INTEGER *version; /* version 1 */ -- STACK_OF(X509_ALGOR) *md_algs; /* md used */ -- STACK_OF(X509) *cert; /* [ 0 ] */ -- STACK_OF(X509_CRL) *crl; /* [ 1 ] */ -- STACK_OF(PKCS7_SIGNER_INFO) *signer_info; -- -- PKCS7_ENC_CONTENT *enc_data; -- STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; -- } PKCS7_SIGN_ENVELOPE; -- --typedef struct pkcs7_digest_st -- { -- ASN1_INTEGER *version; /* version 0 */ -- X509_ALGOR *md; /* md used */ -- struct pkcs7_st *contents; -- ASN1_OCTET_STRING *digest; -- } PKCS7_DIGEST; -- --typedef struct pkcs7_encrypted_st -- { -- ASN1_INTEGER *version; /* version 0 */ -- PKCS7_ENC_CONTENT *enc_data; -- } PKCS7_ENCRYPT; -- --typedef struct pkcs7_st -- { -- /* The following is non NULL if it contains ASN1 encoding of -- * this structure */ -- unsigned char *asn1; -- long length; -- --#define PKCS7_S_HEADER 0 --#define PKCS7_S_BODY 1 --#define PKCS7_S_TAIL 2 -- int state; /* used during processing */ -- -- int detached; -- -- ASN1_OBJECT *type; -- /* content as defined by the type */ -- /* all encryption/message digests are applied to the 'contents', -- * leaving out the 'type' field. */ -- union { -- char *ptr; -- -- /* NID_pkcs7_data */ -- ASN1_OCTET_STRING *data; -- -- /* NID_pkcs7_signed */ -- PKCS7_SIGNED *sign; -- -- /* NID_pkcs7_enveloped */ -- PKCS7_ENVELOPE *enveloped; -- -- /* NID_pkcs7_signedAndEnveloped */ -- PKCS7_SIGN_ENVELOPE *signed_and_enveloped; -- -- /* NID_pkcs7_digest */ -- PKCS7_DIGEST *digest; -- -- /* NID_pkcs7_encrypted */ -- PKCS7_ENCRYPT *encrypted; -- -- /* Anything else */ -- ASN1_TYPE *other; -- } d; -- } PKCS7; -+typedef struct pkcs7_signed_st { -+ ASN1_INTEGER *version; /* version 1 */ -+ STACK_OF(X509_ALGOR) *md_algs; /* md used */ -+ STACK_OF(X509) *cert; /* [ 0 ] */ -+ STACK_OF(X509_CRL) *crl; /* [ 1 ] */ -+ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; -+ struct pkcs7_st *contents; -+} PKCS7_SIGNED; -+/* -+ * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about -+ * merging the two -+ */ -+ -+typedef struct pkcs7_enc_content_st { -+ ASN1_OBJECT *content_type; -+ X509_ALGOR *algorithm; -+ ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ -+ const EVP_CIPHER *cipher; -+} PKCS7_ENC_CONTENT; -+ -+typedef struct pkcs7_enveloped_st { -+ ASN1_INTEGER *version; /* version 0 */ -+ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; -+ PKCS7_ENC_CONTENT *enc_data; -+} PKCS7_ENVELOPE; -+ -+typedef struct pkcs7_signedandenveloped_st { -+ ASN1_INTEGER *version; /* version 1 */ -+ STACK_OF(X509_ALGOR) *md_algs; /* md used */ -+ STACK_OF(X509) *cert; /* [ 0 ] */ -+ STACK_OF(X509_CRL) *crl; /* [ 1 ] */ -+ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; -+ PKCS7_ENC_CONTENT *enc_data; -+ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; -+} PKCS7_SIGN_ENVELOPE; -+ -+typedef struct pkcs7_digest_st { -+ ASN1_INTEGER *version; /* version 0 */ -+ X509_ALGOR *md; /* md used */ -+ struct pkcs7_st *contents; -+ ASN1_OCTET_STRING *digest; -+} PKCS7_DIGEST; -+ -+typedef struct pkcs7_encrypted_st { -+ ASN1_INTEGER *version; /* version 0 */ -+ PKCS7_ENC_CONTENT *enc_data; -+} PKCS7_ENCRYPT; -+ -+typedef struct pkcs7_st { -+ /* -+ * The following is non NULL if it contains ASN1 encoding of this -+ * structure -+ */ -+ unsigned char *asn1; -+ long length; -+# define PKCS7_S_HEADER 0 -+# define PKCS7_S_BODY 1 -+# define PKCS7_S_TAIL 2 -+ int state; /* used during processing */ -+ int detached; -+ ASN1_OBJECT *type; -+ /* content as defined by the type */ -+ /* -+ * all encryption/message digests are applied to the 'contents', leaving -+ * out the 'type' field. -+ */ -+ union { -+ char *ptr; -+ /* NID_pkcs7_data */ -+ ASN1_OCTET_STRING *data; -+ /* NID_pkcs7_signed */ -+ PKCS7_SIGNED *sign; -+ /* NID_pkcs7_enveloped */ -+ PKCS7_ENVELOPE *enveloped; -+ /* NID_pkcs7_signedAndEnveloped */ -+ PKCS7_SIGN_ENVELOPE *signed_and_enveloped; -+ /* NID_pkcs7_digest */ -+ PKCS7_DIGEST *digest; -+ /* NID_pkcs7_encrypted */ -+ PKCS7_ENCRYPT *encrypted; -+ /* Anything else */ -+ ASN1_TYPE *other; -+ } d; -+} PKCS7; - - DECLARE_STACK_OF(PKCS7) - DECLARE_ASN1_SET_OF(PKCS7) - DECLARE_PKCS12_STACK_OF(PKCS7) - --#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 --#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 -+# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 -+# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 - --#define PKCS7_get_signed_attributes(si) ((si)->auth_attr) --#define PKCS7_get_attributes(si) ((si)->unauth_attr) -+# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) -+# define PKCS7_get_attributes(si) ((si)->unauth_attr) - --#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) --#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) --#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) --#define PKCS7_type_is_signedAndEnveloped(a) \ -- (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) --#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) -+# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) -+# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) -+# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) -+# define PKCS7_type_is_signedAndEnveloped(a) \ -+ (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) -+# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) - --#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -+# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) - --#define PKCS7_set_detached(p,v) \ -- PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) --#define PKCS7_get_detached(p) \ -- PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) -+# define PKCS7_set_detached(p,v) \ -+ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) -+# define PKCS7_get_detached(p) \ -+ PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) - --#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) -+# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) - --#ifdef SSLEAY_MACROS --#ifndef PKCS7_ISSUER_AND_SERIAL_digest --#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ -+# ifdef SSLEAY_MACROS -+# ifndef PKCS7_ISSUER_AND_SERIAL_digest -+# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ -- (char *)data,md,len) --#endif --#endif -+ (char *)data,md,len) -+# endif -+# endif - - /* S/MIME related flags */ - --#define PKCS7_TEXT 0x1 --#define PKCS7_NOCERTS 0x2 --#define PKCS7_NOSIGS 0x4 --#define PKCS7_NOCHAIN 0x8 --#define PKCS7_NOINTERN 0x10 --#define PKCS7_NOVERIFY 0x20 --#define PKCS7_DETACHED 0x40 --#define PKCS7_BINARY 0x80 --#define PKCS7_NOATTR 0x100 --#define PKCS7_NOSMIMECAP 0x200 --#define PKCS7_NOOLDMIMETYPE 0x400 --#define PKCS7_CRLFEOL 0x800 --#define PKCS7_STREAM 0x1000 --#define PKCS7_NOCRL 0x2000 -+# define PKCS7_TEXT 0x1 -+# define PKCS7_NOCERTS 0x2 -+# define PKCS7_NOSIGS 0x4 -+# define PKCS7_NOCHAIN 0x8 -+# define PKCS7_NOINTERN 0x10 -+# define PKCS7_NOVERIFY 0x20 -+# define PKCS7_DETACHED 0x40 -+# define PKCS7_BINARY 0x80 -+# define PKCS7_NOATTR 0x100 -+# define PKCS7_NOSMIMECAP 0x200 -+# define PKCS7_NOOLDMIMETYPE 0x400 -+# define PKCS7_CRLFEOL 0x800 -+# define PKCS7_STREAM 0x1000 -+# define PKCS7_NOCRL 0x2000 - - /* Flags: for compatibility with older code */ - --#define SMIME_TEXT PKCS7_TEXT --#define SMIME_NOCERTS PKCS7_NOCERTS --#define SMIME_NOSIGS PKCS7_NOSIGS --#define SMIME_NOCHAIN PKCS7_NOCHAIN --#define SMIME_NOINTERN PKCS7_NOINTERN --#define SMIME_NOVERIFY PKCS7_NOVERIFY --#define SMIME_DETACHED PKCS7_DETACHED --#define SMIME_BINARY PKCS7_BINARY --#define SMIME_NOATTR PKCS7_NOATTR -+# define SMIME_TEXT PKCS7_TEXT -+# define SMIME_NOCERTS PKCS7_NOCERTS -+# define SMIME_NOSIGS PKCS7_NOSIGS -+# define SMIME_NOCHAIN PKCS7_NOCHAIN -+# define SMIME_NOINTERN PKCS7_NOINTERN -+# define SMIME_NOVERIFY PKCS7_NOVERIFY -+# define SMIME_DETACHED PKCS7_DETACHED -+# define SMIME_BINARY PKCS7_BINARY -+# define SMIME_NOATTR PKCS7_NOATTR - - DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) - --#ifndef SSLEAY_MACROS --int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, -- unsigned char *md,unsigned int *len); --#ifndef OPENSSL_NO_FP_API --PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); --int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); --#endif -+# ifndef SSLEAY_MACROS -+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, -+ const EVP_MD *type, unsigned char *md, -+ unsigned int *len); -+# ifndef OPENSSL_NO_FP_API -+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); -+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); -+# endif - PKCS7 *PKCS7_dup(PKCS7 *p7); --PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); --int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); --#endif -+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); -+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); -+# endif - - DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) - DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) -@@ -314,23 +298,22 @@ int PKCS7_set_type(PKCS7 *p7, int type); - int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); - int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); - int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, -- const EVP_MD *dgst); -+ const EVP_MD *dgst); - int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); - int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); - int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); - int PKCS7_content_new(PKCS7 *p7, int nid); - int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, -- BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); -+ BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); - int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, -- X509 *x509); -+ X509 *x509); - - BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); - int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); - BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); - -- - PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, -- EVP_PKEY *pkey, const EVP_MD *dgst); -+ EVP_PKEY *pkey, const EVP_MD *dgst); - X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); - int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); - STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); -@@ -342,28 +325,30 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); - - PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); - ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); --int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type, -- void *data); --int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, -- void *value); -+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, -+ void *data); -+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, -+ void *value); - ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); - ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); - int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, -- STACK_OF(X509_ATTRIBUTE) *sk); --int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); -- -+ STACK_OF(X509_ATTRIBUTE) *sk); -+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, -+ STACK_OF(X509_ATTRIBUTE) *sk); - - PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, -- BIO *data, int flags); -+ BIO *data, int flags); - int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, -- BIO *indata, BIO *out, int flags); --STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); -+ BIO *indata, BIO *out, int flags); -+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, -+ int flags); - PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, -- int flags); --int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); -+ int flags); -+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, -+ int flags); - - int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, -- STACK_OF(X509_ALGOR) *cap); -+ STACK_OF(X509_ALGOR) *cap); - STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); - int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); - -@@ -373,7 +358,8 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags); - int SMIME_text(BIO *in, BIO *out); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_PKCS7_strings(void); -@@ -381,82 +367,82 @@ void ERR_load_PKCS7_strings(void); - /* Error codes for the PKCS7 functions. */ - - /* Function codes. */ --#define PKCS7_F_B64_READ_PKCS7 120 --#define PKCS7_F_B64_WRITE_PKCS7 121 --#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 --#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 --#define PKCS7_F_PKCS7_ADD_CRL 101 --#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 --#define PKCS7_F_PKCS7_ADD_SIGNER 103 --#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 --#define PKCS7_F_PKCS7_CTRL 104 --#define PKCS7_F_PKCS7_DATADECODE 112 --#define PKCS7_F_PKCS7_DATAFINAL 128 --#define PKCS7_F_PKCS7_DATAINIT 105 --#define PKCS7_F_PKCS7_DATASIGN 106 --#define PKCS7_F_PKCS7_DATAVERIFY 107 --#define PKCS7_F_PKCS7_DECRYPT 114 --#define PKCS7_F_PKCS7_ENCRYPT 115 --#define PKCS7_F_PKCS7_FIND_DIGEST 127 --#define PKCS7_F_PKCS7_GET0_SIGNERS 124 --#define PKCS7_F_PKCS7_SET_CIPHER 108 --#define PKCS7_F_PKCS7_SET_CONTENT 109 --#define PKCS7_F_PKCS7_SET_DIGEST 126 --#define PKCS7_F_PKCS7_SET_TYPE 110 --#define PKCS7_F_PKCS7_SIGN 116 --#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 --#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 --#define PKCS7_F_PKCS7_VERIFY 117 --#define PKCS7_F_SMIME_READ_PKCS7 122 --#define PKCS7_F_SMIME_TEXT 123 -+# define PKCS7_F_B64_READ_PKCS7 120 -+# define PKCS7_F_B64_WRITE_PKCS7 121 -+# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 -+# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 -+# define PKCS7_F_PKCS7_ADD_CRL 101 -+# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 -+# define PKCS7_F_PKCS7_ADD_SIGNER 103 -+# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 -+# define PKCS7_F_PKCS7_CTRL 104 -+# define PKCS7_F_PKCS7_DATADECODE 112 -+# define PKCS7_F_PKCS7_DATAFINAL 128 -+# define PKCS7_F_PKCS7_DATAINIT 105 -+# define PKCS7_F_PKCS7_DATASIGN 106 -+# define PKCS7_F_PKCS7_DATAVERIFY 107 -+# define PKCS7_F_PKCS7_DECRYPT 114 -+# define PKCS7_F_PKCS7_ENCRYPT 115 -+# define PKCS7_F_PKCS7_FIND_DIGEST 127 -+# define PKCS7_F_PKCS7_GET0_SIGNERS 124 -+# define PKCS7_F_PKCS7_SET_CIPHER 108 -+# define PKCS7_F_PKCS7_SET_CONTENT 109 -+# define PKCS7_F_PKCS7_SET_DIGEST 126 -+# define PKCS7_F_PKCS7_SET_TYPE 110 -+# define PKCS7_F_PKCS7_SIGN 116 -+# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 -+# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 -+# define PKCS7_F_PKCS7_VERIFY 117 -+# define PKCS7_F_SMIME_READ_PKCS7 122 -+# define PKCS7_F_SMIME_TEXT 123 - - /* Reason codes. */ --#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 --#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 --#define PKCS7_R_CIPHER_NOT_INITIALIZED 116 --#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 --#define PKCS7_R_DECODE_ERROR 130 --#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 --#define PKCS7_R_DECRYPT_ERROR 119 --#define PKCS7_R_DIGEST_FAILURE 101 --#define PKCS7_R_ERROR_ADDING_RECIPIENT 120 --#define PKCS7_R_ERROR_SETTING_CIPHER 121 --#define PKCS7_R_INVALID_MIME_TYPE 131 --#define PKCS7_R_INVALID_NULL_POINTER 143 --#define PKCS7_R_MIME_NO_CONTENT_TYPE 132 --#define PKCS7_R_MIME_PARSE_ERROR 133 --#define PKCS7_R_MIME_SIG_PARSE_ERROR 134 --#define PKCS7_R_MISSING_CERIPEND_INFO 103 --#define PKCS7_R_NO_CONTENT 122 --#define PKCS7_R_NO_CONTENT_TYPE 135 --#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 --#define PKCS7_R_NO_MULTIPART_BOUNDARY 137 --#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 --#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 --#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 --#define PKCS7_R_NO_SIGNERS 142 --#define PKCS7_R_NO_SIG_CONTENT_TYPE 138 --#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 --#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 --#define PKCS7_R_PKCS7_DATAFINAL 126 --#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 --#define PKCS7_R_PKCS7_DATASIGN 145 --#define PKCS7_R_PKCS7_PARSE_ERROR 139 --#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 --#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 --#define PKCS7_R_SIGNATURE_FAILURE 105 --#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 --#define PKCS7_R_SIG_INVALID_MIME_TYPE 141 --#define PKCS7_R_SMIME_TEXT_ERROR 129 --#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 --#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 --#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 --#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 --#define PKCS7_R_UNKNOWN_OPERATION 110 --#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 --#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 --#define PKCS7_R_WRONG_CONTENT_TYPE 113 --#define PKCS7_R_WRONG_PKCS7_TYPE 114 -+# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 -+# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 -+# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 -+# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 -+# define PKCS7_R_DECODE_ERROR 130 -+# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 -+# define PKCS7_R_DECRYPT_ERROR 119 -+# define PKCS7_R_DIGEST_FAILURE 101 -+# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 -+# define PKCS7_R_ERROR_SETTING_CIPHER 121 -+# define PKCS7_R_INVALID_MIME_TYPE 131 -+# define PKCS7_R_INVALID_NULL_POINTER 143 -+# define PKCS7_R_MIME_NO_CONTENT_TYPE 132 -+# define PKCS7_R_MIME_PARSE_ERROR 133 -+# define PKCS7_R_MIME_SIG_PARSE_ERROR 134 -+# define PKCS7_R_MISSING_CERIPEND_INFO 103 -+# define PKCS7_R_NO_CONTENT 122 -+# define PKCS7_R_NO_CONTENT_TYPE 135 -+# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 -+# define PKCS7_R_NO_MULTIPART_BOUNDARY 137 -+# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 -+# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 -+# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 -+# define PKCS7_R_NO_SIGNERS 142 -+# define PKCS7_R_NO_SIG_CONTENT_TYPE 138 -+# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 -+# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 -+# define PKCS7_R_PKCS7_DATAFINAL 126 -+# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 -+# define PKCS7_R_PKCS7_DATASIGN 145 -+# define PKCS7_R_PKCS7_PARSE_ERROR 139 -+# define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 -+# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 -+# define PKCS7_R_SIGNATURE_FAILURE 105 -+# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 -+# define PKCS7_R_SIG_INVALID_MIME_TYPE 141 -+# define PKCS7_R_SMIME_TEXT_ERROR 129 -+# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 -+# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 -+# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 -+# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 -+# define PKCS7_R_UNKNOWN_OPERATION 110 -+# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 -+# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 -+# define PKCS7_R_WRONG_CONTENT_TYPE 113 -+# define PKCS7_R_WRONG_PKCS7_TYPE 114 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/pq_compat.h b/Cryptlib/Include/openssl/pq_compat.h -index 7b2c327..974cd05 100644 ---- a/Cryptlib/Include/openssl/pq_compat.h -+++ b/Cryptlib/Include/openssl/pq_compat.h -@@ -1,7 +1,7 @@ - /* crypto/pqueue/pqueue_compat.h */ --/* -+/* - * DTLS implementation written by Nagendra Modadugu -- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ - /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -@@ -11,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,12 +58,12 @@ - */ - - #ifndef HEADER_PQ_COMPAT_H --#define HEADER_PQ_COMPAT_H -+# define HEADER_PQ_COMPAT_H - --#include --#include -+# include -+# include - --/* -+/* - * The purpose of this header file is for supporting 64-bit integer - * manipulation on 32-bit (and lower) machines. Currently the only - * such environment is VMS, Utrix and those with smaller default integer -@@ -75,78 +75,78 @@ - * (2) DTLS, for sequence number manipulation. - */ - --#if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT) -- --#define PQ_64BIT_IS_INTEGER 0 --#define PQ_64BIT_IS_BIGNUM 1 -- --#define PQ_64BIT BIGNUM --#define PQ_64BIT_CTX BN_CTX -- --#define pq_64bit_init(x) BN_init(x) --#define pq_64bit_free(x) BN_free(x) -- --#define pq_64bit_ctx_new(ctx) BN_CTX_new() --#define pq_64bit_ctx_free(x) BN_CTX_free(x) -- --#define pq_64bit_assign(x, y) BN_copy(x, y) --#define pq_64bit_assign_word(x, y) BN_set_word(x, y) --#define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0 --#define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0 --#define pq_64bit_add_word(x, w) BN_add_word(x, w) --#define pq_64bit_sub(r, x, y) BN_sub(r, x, y) --#define pq_64bit_sub_word(x, w) BN_sub_word(x, w) --#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx) -- --#define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn) --#define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes) --#define pq_64bit_get_word(x) BN_get_word(x) --#define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset) --#define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift) --#define pq_64bit_set_bit(x, num) BN_set_bit(x, num) --#define pq_64bit_get_length(x) BN_num_bits((x)) -- --#else -- --#define PQ_64BIT_IS_INTEGER 1 --#define PQ_64BIT_IS_BIGNUM 0 -- --#if defined(SIXTY_FOUR_BIT) --#define PQ_64BIT BN_ULONG --#define PQ_64BIT_PRINT "%lld" --#elif defined(SIXTY_FOUR_BIT_LONG) --#define PQ_64BIT BN_ULONG --#define PQ_64BIT_PRINT "%ld" --#elif defined(THIRTY_TWO_BIT) --#define PQ_64BIT BN_ULLONG --#define PQ_64BIT_PRINT "%lld" --#endif -- --#define PQ_64BIT_CTX void -- --#define pq_64bit_init(x) --#define pq_64bit_free(x) --#define pq_64bit_ctx_new(ctx) (ctx) --#define pq_64bit_ctx_free(x) -- --#define pq_64bit_assign(x, y) (*(x) = *(y)) --#define pq_64bit_assign_word(x, y) (*(x) = y) --#define pq_64bit_gt(x, y) (*(x) > *(y)) --#define pq_64bit_eq(x, y) (*(x) == *(y)) --#define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w))) --#define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y))) --#define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w))) --#define pq_64bit_mod(r, x, n, ctx) -- --#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num) --#define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes) --#define pq_64bit_get_word(x) *(x) --#define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift))) --#define pq_64bit_set_bit(x, num) do { \ -+# if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT) -+ -+# define PQ_64BIT_IS_INTEGER 0 -+# define PQ_64BIT_IS_BIGNUM 1 -+ -+# define PQ_64BIT BIGNUM -+# define PQ_64BIT_CTX BN_CTX -+ -+# define pq_64bit_init(x) BN_init(x) -+# define pq_64bit_free(x) BN_free(x) -+ -+# define pq_64bit_ctx_new(ctx) BN_CTX_new() -+# define pq_64bit_ctx_free(x) BN_CTX_free(x) -+ -+# define pq_64bit_assign(x, y) BN_copy(x, y) -+# define pq_64bit_assign_word(x, y) BN_set_word(x, y) -+# define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0 -+# define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0 -+# define pq_64bit_add_word(x, w) BN_add_word(x, w) -+# define pq_64bit_sub(r, x, y) BN_sub(r, x, y) -+# define pq_64bit_sub_word(x, w) BN_sub_word(x, w) -+# define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx) -+ -+# define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn) -+# define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes) -+# define pq_64bit_get_word(x) BN_get_word(x) -+# define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset) -+# define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift) -+# define pq_64bit_set_bit(x, num) BN_set_bit(x, num) -+# define pq_64bit_get_length(x) BN_num_bits((x)) -+ -+# else -+ -+# define PQ_64BIT_IS_INTEGER 1 -+# define PQ_64BIT_IS_BIGNUM 0 -+ -+# if defined(SIXTY_FOUR_BIT) -+# define PQ_64BIT BN_ULONG -+# define PQ_64BIT_PRINT "%lld" -+# elif defined(SIXTY_FOUR_BIT_LONG) -+# define PQ_64BIT BN_ULONG -+# define PQ_64BIT_PRINT "%ld" -+# elif defined(THIRTY_TWO_BIT) -+# define PQ_64BIT BN_ULLONG -+# define PQ_64BIT_PRINT "%lld" -+# endif -+ -+# define PQ_64BIT_CTX void -+ -+# define pq_64bit_init(x) -+# define pq_64bit_free(x) -+# define pq_64bit_ctx_new(ctx) (ctx) -+# define pq_64bit_ctx_free(x) -+ -+# define pq_64bit_assign(x, y) (*(x) = *(y)) -+# define pq_64bit_assign_word(x, y) (*(x) = y) -+# define pq_64bit_gt(x, y) (*(x) > *(y)) -+# define pq_64bit_eq(x, y) (*(x) == *(y)) -+# define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w))) -+# define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y))) -+# define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w))) -+# define pq_64bit_mod(r, x, n, ctx) -+ -+# define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num) -+# define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes) -+# define pq_64bit_get_word(x) *(x) -+# define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift))) -+# define pq_64bit_set_bit(x, num) do { \ - PQ_64BIT mask = 1; \ - mask = mask << (num); \ - *(x) |= mask; \ - } while(0) --#endif /* OPENSSL_SYS_VMS */ -+# endif /* OPENSSL_SYS_VMS */ - - #endif -diff --git a/Cryptlib/Include/openssl/pqueue.h b/Cryptlib/Include/openssl/pqueue.h -index 16c4072..7b23580 100644 ---- a/Cryptlib/Include/openssl/pqueue.h -+++ b/Cryptlib/Include/openssl/pqueue.h -@@ -1,7 +1,7 @@ - /* crypto/pqueue/pqueue.h */ --/* -+/* - * DTLS implementation written by Nagendra Modadugu -- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ - /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -@@ -11,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,30 +58,29 @@ - */ - - #ifndef HEADER_PQUEUE_H --#define HEADER_PQUEUE_H -+# define HEADER_PQUEUE_H - --#include --#include --#include -+# include -+# include -+# include - --#include -+# include - - typedef struct _pqueue *pqueue; - --typedef struct _pitem -- { -- PQ_64BIT priority; -- void *data; -- struct _pitem *next; -- } pitem; -+typedef struct _pitem { -+ PQ_64BIT priority; -+ void *data; -+ struct _pitem *next; -+} pitem; - - typedef struct _pitem *piterator; - - pitem *pitem_new(PQ_64BIT priority, void *data); --void pitem_free(pitem *item); -+void pitem_free(pitem *item); - - pqueue pqueue_new(void); --void pqueue_free(pqueue pq); -+void pqueue_free(pqueue pq); - - pitem *pqueue_insert(pqueue pq, pitem *item); - pitem *pqueue_peek(pqueue pq); -@@ -90,7 +89,7 @@ pitem *pqueue_find(pqueue pq, PQ_64BIT priority); - pitem *pqueue_iterator(pqueue pq); - pitem *pqueue_next(piterator *iter); - --void pqueue_print(pqueue pq); --int pqueue_size(pqueue pq); -+void pqueue_print(pqueue pq); -+int pqueue_size(pqueue pq); - --#endif /* ! HEADER_PQUEUE_H */ -+#endif /* ! HEADER_PQUEUE_H */ -diff --git a/Cryptlib/Include/openssl/rand.h b/Cryptlib/Include/openssl/rand.h -index ea89153..ed1f276 100644 ---- a/Cryptlib/Include/openssl/rand.h -+++ b/Cryptlib/Include/openssl/rand.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,79 +57,80 @@ - */ - - #ifndef HEADER_RAND_H --#define HEADER_RAND_H -+# define HEADER_RAND_H - --#include --#include --#include -+# include -+# include -+# include - --#if defined(OPENSSL_SYS_WINDOWS) --#include --#endif -+# if defined(OPENSSL_SYS_WINDOWS) -+# include -+# endif - - #ifdef __cplusplus - extern "C" { - #endif - --#if defined(OPENSSL_FIPS) --#define FIPS_RAND_SIZE_T int --#endif -+# if defined(OPENSSL_FIPS) -+# define FIPS_RAND_SIZE_T int -+# endif - - /* Already defined in ossl_typ.h */ - /* typedef struct rand_meth_st RAND_METHOD; */ - --struct rand_meth_st -- { -- void (*seed)(const void *buf, int num); -- int (*bytes)(unsigned char *buf, int num); -- void (*cleanup)(void); -- void (*add)(const void *buf, int num, double entropy); -- int (*pseudorand)(unsigned char *buf, int num); -- int (*status)(void); -- }; -- --#ifdef BN_DEBUG -+struct rand_meth_st { -+ void (*seed) (const void *buf, int num); -+ int (*bytes) (unsigned char *buf, int num); -+ void (*cleanup) (void); -+ void (*add) (const void *buf, int num, double entropy); -+ int (*pseudorand) (unsigned char *buf, int num); -+ int (*status) (void); -+}; -+ -+# ifdef BN_DEBUG - extern int rand_predictable; --#endif -+# endif - - int RAND_set_rand_method(const RAND_METHOD *meth); - const RAND_METHOD *RAND_get_rand_method(void); --#ifndef OPENSSL_NO_ENGINE -+# ifndef OPENSSL_NO_ENGINE - int RAND_set_rand_engine(ENGINE *engine); --#endif -+# endif - RAND_METHOD *RAND_SSLeay(void); --void RAND_cleanup(void ); --int RAND_bytes(unsigned char *buf,int num); --int RAND_pseudo_bytes(unsigned char *buf,int num); --void RAND_seed(const void *buf,int num); --void RAND_add(const void *buf,int num,double entropy); --int RAND_load_file(const char *file,long max_bytes); --int RAND_write_file(const char *file); --const char *RAND_file_name(char *file,size_t num); -+void RAND_cleanup(void); -+int RAND_bytes(unsigned char *buf, int num); -+int RAND_pseudo_bytes(unsigned char *buf, int num); -+void RAND_seed(const void *buf, int num); -+void RAND_add(const void *buf, int num, double entropy); -+int RAND_load_file(const char *file, long max_bytes); -+int RAND_write_file(const char *file); -+const char *RAND_file_name(char *file, size_t num); - int RAND_status(void); - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); - int RAND_egd(const char *path); --int RAND_egd_bytes(const char *path,int bytes); -+int RAND_egd_bytes(const char *path, int bytes); - int RAND_poll(void); --#ifndef OPENSSL_NO_ENGINE --#ifdef OPENSSL_FIPS -+# ifndef OPENSSL_NO_ENGINE -+# ifdef OPENSSL_FIPS - void int_RAND_init_engine_callbacks(void); --void int_RAND_set_callbacks( -- int (*set_rand_func)(const RAND_METHOD *meth, -- const RAND_METHOD **pmeth), -- const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth)); --#endif --#endif -+void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth, -+ const RAND_METHOD **pmeth), -+ const RAND_METHOD *(*get_rand_func) (const -+ RAND_METHOD -+ **pmeth)); -+# endif -+# endif - --#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) - - void RAND_screen(void); - int RAND_event(UINT, WPARAM, LPARAM); - --#endif -+# endif - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_RAND_strings(void); -@@ -137,29 +138,29 @@ void ERR_load_RAND_strings(void); - /* Error codes for the RAND functions. */ - - /* Function codes. */ --#define RAND_F_ENG_RAND_GET_RAND_METHOD 108 --#define RAND_F_FIPS_RAND 103 --#define RAND_F_FIPS_RAND_BYTES 102 --#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 --#define RAND_F_FIPS_RAND_SET_DT 106 --#define RAND_F_FIPS_SET_DT 104 --#define RAND_F_FIPS_SET_PRNG_SEED 107 --#define RAND_F_FIPS_SET_TEST_MODE 105 --#define RAND_F_RAND_GET_RAND_METHOD 101 --#define RAND_F_SSLEAY_RAND_BYTES 100 -+# define RAND_F_ENG_RAND_GET_RAND_METHOD 108 -+# define RAND_F_FIPS_RAND 103 -+# define RAND_F_FIPS_RAND_BYTES 102 -+# define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 -+# define RAND_F_FIPS_RAND_SET_DT 106 -+# define RAND_F_FIPS_SET_DT 104 -+# define RAND_F_FIPS_SET_PRNG_SEED 107 -+# define RAND_F_FIPS_SET_TEST_MODE 105 -+# define RAND_F_RAND_GET_RAND_METHOD 101 -+# define RAND_F_SSLEAY_RAND_BYTES 100 - - /* Reason codes. */ --#define RAND_R_NON_FIPS_METHOD 105 --#define RAND_R_NOT_IN_TEST_MODE 106 --#define RAND_R_NO_KEY_SET 107 --#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 --#define RAND_R_PRNG_ERROR 108 --#define RAND_R_PRNG_KEYED 109 --#define RAND_R_PRNG_NOT_REKEYED 102 --#define RAND_R_PRNG_NOT_RESEEDED 103 --#define RAND_R_PRNG_NOT_SEEDED 100 --#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 --#define RAND_R_PRNG_STUCK 104 -+# define RAND_R_NON_FIPS_METHOD 105 -+# define RAND_R_NOT_IN_TEST_MODE 106 -+# define RAND_R_NO_KEY_SET 107 -+# define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 -+# define RAND_R_PRNG_ERROR 108 -+# define RAND_R_PRNG_KEYED 109 -+# define RAND_R_PRNG_NOT_REKEYED 102 -+# define RAND_R_PRNG_NOT_RESEEDED 103 -+# define RAND_R_PRNG_NOT_SEEDED 100 -+# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 -+# define RAND_R_PRNG_STUCK 104 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/rc2.h b/Cryptlib/Include/openssl/rc2.h -index e542ec9..29d02d7 100644 ---- a/Cryptlib/Include/openssl/rc2.h -+++ b/Cryptlib/Include/openssl/rc2.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,44 +57,44 @@ - */ - - #ifndef HEADER_RC2_H --#define HEADER_RC2_H -+# define HEADER_RC2_H - --#include /* OPENSSL_NO_RC2, RC2_INT */ --#ifdef OPENSSL_NO_RC2 --#error RC2 is disabled. --#endif -+# include /* OPENSSL_NO_RC2, RC2_INT */ -+# ifdef OPENSSL_NO_RC2 -+# error RC2 is disabled. -+# endif - --#define RC2_ENCRYPT 1 --#define RC2_DECRYPT 0 -+# define RC2_ENCRYPT 1 -+# define RC2_DECRYPT 0 - --#define RC2_BLOCK 8 --#define RC2_KEY_LENGTH 16 -+# define RC2_BLOCK 8 -+# define RC2_KEY_LENGTH 16 - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct rc2_key_st -- { -- RC2_INT data[64]; -- } RC2_KEY; -+typedef struct rc2_key_st { -+ RC2_INT data[64]; -+} RC2_KEY; - --#ifdef OPENSSL_FIPS --void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); --#endif --void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); --void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, -- int enc); --void RC2_encrypt(unsigned long *data,RC2_KEY *key); --void RC2_decrypt(unsigned long *data,RC2_KEY *key); -+# ifdef OPENSSL_FIPS -+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, -+ int bits); -+# endif -+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); -+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, -+ RC2_KEY *key, int enc); -+void RC2_encrypt(unsigned long *data, RC2_KEY *key); -+void RC2_decrypt(unsigned long *data, RC2_KEY *key); - void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, -- RC2_KEY *ks, unsigned char *iv, int enc); -+ RC2_KEY *ks, unsigned char *iv, int enc); - void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, RC2_KEY *schedule, unsigned char *ivec, -- int *num, int enc); -+ long length, RC2_KEY *schedule, unsigned char *ivec, -+ int *num, int enc); - void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, RC2_KEY *schedule, unsigned char *ivec, -- int *num); -+ long length, RC2_KEY *schedule, unsigned char *ivec, -+ int *num); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/rc4.h b/Cryptlib/Include/openssl/rc4.h -index 2d8620d..006f839 100644 ---- a/Cryptlib/Include/openssl/rc4.h -+++ b/Cryptlib/Include/openssl/rc4.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,31 +57,29 @@ - */ - - #ifndef HEADER_RC4_H --#define HEADER_RC4_H -+# define HEADER_RC4_H - --#include /* OPENSSL_NO_RC4, RC4_INT */ --#ifdef OPENSSL_NO_RC4 --#error RC4 is disabled. --#endif -+# include /* OPENSSL_NO_RC4, RC4_INT */ -+# ifdef OPENSSL_NO_RC4 -+# error RC4 is disabled. -+# endif - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct rc4_key_st -- { -- RC4_INT x,y; -- RC4_INT data[256]; -- } RC4_KEY; -+typedef struct rc4_key_st { -+ RC4_INT x, y; -+ RC4_INT data[256]; -+} RC4_KEY; - -- - const char *RC4_options(void); --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); --#endif -+# endif - void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); - void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, -- unsigned char *outdata); -+ unsigned char *outdata); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ripemd.h b/Cryptlib/Include/openssl/ripemd.h -index 3b6d043..6cf74b3 100644 ---- a/Cryptlib/Include/openssl/ripemd.h -+++ b/Cryptlib/Include/openssl/ripemd.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,47 +57,45 @@ - */ - - #ifndef HEADER_RIPEMD_H --#define HEADER_RIPEMD_H -+# define HEADER_RIPEMD_H - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#ifdef OPENSSL_NO_RIPEMD --#error RIPEMD is disabled. --#endif -+# ifdef OPENSSL_NO_RIPEMD -+# error RIPEMD is disabled. -+# endif - --#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) --#define RIPEMD160_LONG unsigned long --#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) --#define RIPEMD160_LONG unsigned long --#define RIPEMD160_LONG_LOG2 3 --#else --#define RIPEMD160_LONG unsigned int --#endif -+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -+# define RIPEMD160_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define RIPEMD160_LONG unsigned long -+# define RIPEMD160_LONG_LOG2 3 -+# else -+# define RIPEMD160_LONG unsigned int -+# endif - --#define RIPEMD160_CBLOCK 64 --#define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) --#define RIPEMD160_DIGEST_LENGTH 20 -+# define RIPEMD160_CBLOCK 64 -+# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) -+# define RIPEMD160_DIGEST_LENGTH 20 - --typedef struct RIPEMD160state_st -- { -- RIPEMD160_LONG A,B,C,D,E; -- RIPEMD160_LONG Nl,Nh; -- RIPEMD160_LONG data[RIPEMD160_LBLOCK]; -- unsigned int num; -- } RIPEMD160_CTX; --#ifdef OPENSSL_FIPS -+typedef struct RIPEMD160state_st { -+ RIPEMD160_LONG A, B, C, D, E; -+ RIPEMD160_LONG Nl, Nh; -+ RIPEMD160_LONG data[RIPEMD160_LBLOCK]; -+ unsigned int num; -+} RIPEMD160_CTX; -+# ifdef OPENSSL_FIPS - int private_RIPEMD160_Init(RIPEMD160_CTX *c); --#endif -+# endif - int RIPEMD160_Init(RIPEMD160_CTX *c); - int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); - int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); --unsigned char *RIPEMD160(const unsigned char *d, size_t n, -- unsigned char *md); -+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); - void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/rsa.h b/Cryptlib/Include/openssl/rsa.h -index 5bb932a..4af5e35 100644 ---- a/Cryptlib/Include/openssl/rsa.h -+++ b/Cryptlib/Include/openssl/rsa.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,41 +57,43 @@ - */ - - #ifndef HEADER_RSA_H --#define HEADER_RSA_H -- --#include -- --#ifndef OPENSSL_NO_BIO --#include --#endif --#include --#include --#ifndef OPENSSL_NO_DEPRECATED --#include --#endif -- --#ifdef OPENSSL_NO_RSA --#error RSA is disabled. --#endif -- --/* If this flag is set the RSA method is FIPS compliant and can be used -- * in FIPS mode. This is set in the validated module method. If an -- * application sets this flag in its own methods it is its reposibility -- * to ensure the result is compliant. -+# define HEADER_RSA_H -+ -+# include -+ -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# include -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif -+ -+# ifdef OPENSSL_NO_RSA -+# error RSA is disabled. -+# endif -+ -+/* -+ * If this flag is set the RSA method is FIPS compliant and can be used in -+ * FIPS mode. This is set in the validated module method. If an application -+ * sets this flag in its own methods it is its reposibility to ensure the -+ * result is compliant. - */ - --#define RSA_FLAG_FIPS_METHOD 0x0400 -+# define RSA_FLAG_FIPS_METHOD 0x0400 - --/* If this flag is set the operations normally disabled in FIPS mode are -+/* -+ * If this flag is set the operations normally disabled in FIPS mode are - * permitted it is then the applications responsibility to ensure that the - * usage is compliant. - */ - --#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 -+# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 - --#ifdef OPENSSL_FIPS --#define FIPS_RSA_SIZE_T int --#endif -+# ifdef OPENSSL_FIPS -+# define FIPS_RSA_SIZE_T int -+# endif - - #ifdef __cplusplus - extern "C" { -@@ -101,192 +103,209 @@ extern "C" { - /* typedef struct rsa_st RSA; */ - /* typedef struct rsa_meth_st RSA_METHOD; */ - --struct rsa_meth_st -- { -- const char *name; -- int (*rsa_pub_enc)(int flen,const unsigned char *from, -- unsigned char *to, -- RSA *rsa,int padding); -- int (*rsa_pub_dec)(int flen,const unsigned char *from, -- unsigned char *to, -- RSA *rsa,int padding); -- int (*rsa_priv_enc)(int flen,const unsigned char *from, -- unsigned char *to, -- RSA *rsa,int padding); -- int (*rsa_priv_dec)(int flen,const unsigned char *from, -- unsigned char *to, -- RSA *rsa,int padding); -- int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */ -- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); /* Can be null */ -- int (*init)(RSA *rsa); /* called at new */ -- int (*finish)(RSA *rsa); /* called at free */ -- int flags; /* RSA_METHOD_FLAG_* things */ -- char *app_data; /* may be needed! */ --/* New sign and verify functions: some libraries don't allow arbitrary data -- * to be signed/verified: this allows them to be used. Note: for this to work -- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used -- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards -- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER -- * option is set in 'flags'. -- */ -- int (*rsa_sign)(int type, -- const unsigned char *m, unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, const RSA *rsa); -- int (*rsa_verify)(int dtype, -- const unsigned char *m, unsigned int m_length, -- unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); --/* If this callback is NULL, the builtin software RSA key-gen will be used. This -- * is for behavioural compatibility whilst the code gets rewired, but one day -- * it would be nice to assume there are no such things as "builtin software" -- * implementations. */ -- int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -- }; -- --struct rsa_st -- { -- /* The first parameter is used to pickup errors where -- * this is passed instead of aEVP_PKEY, it is set to 0 */ -- int pad; -- long version; -- const RSA_METHOD *meth; -- /* functional reference if 'meth' is ENGINE-provided */ -- ENGINE *engine; -- BIGNUM *n; -- BIGNUM *e; -- BIGNUM *d; -- BIGNUM *p; -- BIGNUM *q; -- BIGNUM *dmp1; -- BIGNUM *dmq1; -- BIGNUM *iqmp; -- /* be careful using this if the RSA structure is shared */ -- CRYPTO_EX_DATA ex_data; -- int references; -- int flags; -- -- /* Used to cache montgomery values */ -- BN_MONT_CTX *_method_mod_n; -- BN_MONT_CTX *_method_mod_p; -- BN_MONT_CTX *_method_mod_q; -- -- /* all BIGNUM values are actually in the following data, if it is not -- * NULL */ -- char *bignum_data; -- BN_BLINDING *blinding; -- BN_BLINDING *mt_blinding; -- }; -- --#ifndef OPENSSL_RSA_MAX_MODULUS_BITS --# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 --#endif -- --#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 -- --#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS --# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 --#endif --#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS --# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ --#endif -- --#define RSA_3 0x3L --#define RSA_F4 0x10001L -- --#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */ -- --#define RSA_FLAG_CACHE_PUBLIC 0x0002 --#define RSA_FLAG_CACHE_PRIVATE 0x0004 --#define RSA_FLAG_BLINDING 0x0008 --#define RSA_FLAG_THREAD_SAFE 0x0010 --/* This flag means the private key operations will be handled by rsa_mod_exp -+struct rsa_meth_st { -+ const char *name; -+ int (*rsa_pub_enc) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+ int (*rsa_pub_dec) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+ int (*rsa_priv_enc) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+ int (*rsa_priv_dec) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+ /* Can be null */ -+ int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -+ /* Can be null */ -+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ /* called at new */ -+ int (*init) (RSA *rsa); -+ /* called at free */ -+ int (*finish) (RSA *rsa); -+ /* RSA_METHOD_FLAG_* things */ -+ int flags; -+ /* may be needed! */ -+ char *app_data; -+ /* -+ * New sign and verify functions: some libraries don't allow arbitrary -+ * data to be signed/verified: this allows them to be used. Note: for -+ * this to work the RSA_public_decrypt() and RSA_private_encrypt() should -+ * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: -+ * for backwards compatibility this functionality is only enabled if the -+ * RSA_FLAG_SIGN_VER option is set in 'flags'. -+ */ -+ int (*rsa_sign) (int type, -+ const unsigned char *m, unsigned int m_length, -+ unsigned char *sigret, unsigned int *siglen, -+ const RSA *rsa); -+ int (*rsa_verify) (int dtype, const unsigned char *m, -+ unsigned int m_length, unsigned char *sigbuf, -+ unsigned int siglen, const RSA *rsa); -+ /* -+ * If this callback is NULL, the builtin software RSA key-gen will be -+ * used. This is for behavioural compatibility whilst the code gets -+ * rewired, but one day it would be nice to assume there are no such -+ * things as "builtin software" implementations. -+ */ -+ int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -+}; -+ -+struct rsa_st { -+ /* -+ * The first parameter is used to pickup errors where this is passed -+ * instead of aEVP_PKEY, it is set to 0 -+ */ -+ int pad; -+ long version; -+ const RSA_METHOD *meth; -+ /* functional reference if 'meth' is ENGINE-provided */ -+ ENGINE *engine; -+ BIGNUM *n; -+ BIGNUM *e; -+ BIGNUM *d; -+ BIGNUM *p; -+ BIGNUM *q; -+ BIGNUM *dmp1; -+ BIGNUM *dmq1; -+ BIGNUM *iqmp; -+ /* be careful using this if the RSA structure is shared */ -+ CRYPTO_EX_DATA ex_data; -+ int references; -+ int flags; -+ /* Used to cache montgomery values */ -+ BN_MONT_CTX *_method_mod_n; -+ BN_MONT_CTX *_method_mod_p; -+ BN_MONT_CTX *_method_mod_q; -+ /* -+ * all BIGNUM values are actually in the following data, if it is not -+ * NULL -+ */ -+ char *bignum_data; -+ BN_BLINDING *blinding; -+ BN_BLINDING *mt_blinding; -+}; -+ -+# ifndef OPENSSL_RSA_MAX_MODULUS_BITS -+# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 -+# endif -+ -+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 -+ -+# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS -+# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 -+# endif -+# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS -+ -+/* exponent limit enforced for "large" modulus only */ -+# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 -+# endif -+ -+# define RSA_3 0x3L -+# define RSA_F4 0x10001L -+ -+# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private -+ * match */ -+ -+# define RSA_FLAG_CACHE_PUBLIC 0x0002 -+# define RSA_FLAG_CACHE_PRIVATE 0x0004 -+# define RSA_FLAG_BLINDING 0x0008 -+# define RSA_FLAG_THREAD_SAFE 0x0010 -+/* -+ * This flag means the private key operations will be handled by rsa_mod_exp - * and that they do not depend on the private key components being present: -- * for example a key stored in external hardware. Without this flag bn_mod_exp -- * gets called when private key components are absent. -+ * for example a key stored in external hardware. Without this flag -+ * bn_mod_exp gets called when private key components are absent. - */ --#define RSA_FLAG_EXT_PKEY 0x0020 -+# define RSA_FLAG_EXT_PKEY 0x0020 - --/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. -+/* -+ * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify -+ * functions. - */ --#define RSA_FLAG_SIGN_VER 0x0040 -- --#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in -- * RSA implementation now uses blinding by -- * default (ignoring RSA_FLAG_BLINDING), -- * but other engines might not need it -- */ --#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA -- * implementation now uses constant time -- * operations by default in private key operations, -- * e.g., constant time modular exponentiation, -- * modular inverse without leaking branches, -- * division without leaking branches. This -- * flag disables these constant time -- * operations and results in faster RSA -- * private key operations. -- */ --#ifndef OPENSSL_NO_DEPRECATED --#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ -- /* new with 0.9.7h; the built-in RSA -- * implementation now uses constant time -- * modular exponentiation for secret exponents -- * by default. This flag causes the -- * faster variable sliding window method to -- * be used for all exponents. -- */ --#endif -+# define RSA_FLAG_SIGN_VER 0x0040 - -+/* -+ * new with 0.9.6j and 0.9.7b; the built-in -+ * RSA implementation now uses blinding by -+ * default (ignoring RSA_FLAG_BLINDING), -+ * but other engines might not need it -+ */ -+# define RSA_FLAG_NO_BLINDING 0x0080 -+/* -+ * new with 0.9.8f; the built-in RSA -+ * implementation now uses constant time -+ * operations by default in private key operations, -+ * e.g., constant time modular exponentiation, -+ * modular inverse without leaking branches, -+ * division without leaking branches. This -+ * flag disables these constant time -+ * operations and results in faster RSA -+ * private key operations. -+ */ -+# define RSA_FLAG_NO_CONSTTIME 0x0100 -+# ifdef OPENSSL_USE_DEPRECATED -+/* deprecated name for the flag*/ -+/* -+ * new with 0.9.7h; the built-in RSA -+ * implementation now uses constant time -+ * modular exponentiation for secret exponents -+ * by default. This flag causes the -+ * faster variable sliding window method to -+ * be used for all exponents. -+ */ -+# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME -+# endif - --#define RSA_PKCS1_PADDING 1 --#define RSA_SSLV23_PADDING 2 --#define RSA_NO_PADDING 3 --#define RSA_PKCS1_OAEP_PADDING 4 --#define RSA_X931_PADDING 5 -+# define RSA_PKCS1_PADDING 1 -+# define RSA_SSLV23_PADDING 2 -+# define RSA_NO_PADDING 3 -+# define RSA_PKCS1_OAEP_PADDING 4 -+# define RSA_X931_PADDING 5 - --#define RSA_PKCS1_PADDING_SIZE 11 -+# define RSA_PKCS1_PADDING_SIZE 11 - --#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) --#define RSA_get_app_data(s) RSA_get_ex_data(s,0) -+# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) -+# define RSA_get_app_data(s) RSA_get_ex_data(s,0) - --RSA * RSA_new(void); --RSA * RSA_new_method(ENGINE *engine); --int RSA_size(const RSA *); -+RSA *RSA_new(void); -+RSA *RSA_new_method(ENGINE *engine); -+int RSA_size(const RSA *); - - /* Deprecated version */ --#ifndef OPENSSL_NO_DEPRECATED --RSA * RSA_generate_key(int bits, unsigned long e,void -- (*callback)(int,int,void *),void *cb_arg); --#endif /* !defined(OPENSSL_NO_DEPRECATED) */ -+# ifndef OPENSSL_NO_DEPRECATED -+RSA *RSA_generate_key(int bits, unsigned long e, void -+ (*callback) (int, int, void *), void *cb_arg); -+# endif /* !defined(OPENSSL_NO_DEPRECATED) */ - - /* New version */ --int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); --int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, -- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, -- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, -- const BIGNUM *e, BN_GENCB *cb); --int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); -- --int RSA_check_key(const RSA *); -- /* next 4 return -1 on error */ --int RSA_public_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa,int padding); --int RSA_private_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa,int padding); --int RSA_public_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa,int padding); --int RSA_private_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa,int padding); --void RSA_free (RSA *r); -+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, -+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, -+ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, -+ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); -+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, -+ BN_GENCB *cb); -+ -+int RSA_check_key(const RSA *); -+ /* next 4 return -1 on error */ -+int RSA_public_encrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+int RSA_private_encrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+int RSA_public_decrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+int RSA_private_decrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding); -+void RSA_free(RSA *r); - /* "up" the RSA object's reference count */ --int RSA_up_ref(RSA *r); -+int RSA_up_ref(RSA *r); - --int RSA_flags(const RSA *r); -+int RSA_flags(const RSA *r); - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - RSA *FIPS_rsa_new(void); - void FIPS_rsa_free(RSA *r); --#endif -+# endif - - void RSA_set_default_method(const RSA_METHOD *meth); - const RSA_METHOD *RSA_get_default_method(void); -@@ -304,96 +323,105 @@ const RSA_METHOD *RSA_null_method(void); - DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) - DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) - --#ifndef OPENSSL_NO_FP_API --int RSA_print_fp(FILE *fp, const RSA *r,int offset); --#endif -+# ifndef OPENSSL_NO_FP_API -+int RSA_print_fp(FILE *fp, const RSA *r, int offset); -+# endif - --#ifndef OPENSSL_NO_BIO --int RSA_print(BIO *bp, const RSA *r,int offset); --#endif -+# ifndef OPENSSL_NO_BIO -+int RSA_print(BIO *bp, const RSA *r, int offset); -+# endif - --#ifndef OPENSSL_NO_RC4 -+# ifndef OPENSSL_NO_RC4 - int i2d_RSA_NET(const RSA *a, unsigned char **pp, -- int (*cb)(char *buf, int len, const char *prompt, int verify), -- int sgckey); -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey); - RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, -- int (*cb)(char *buf, int len, const char *prompt, int verify), -- int sgckey); -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey); - - int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, -- int (*cb)(char *buf, int len, const char *prompt, -- int verify)); -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify)); - RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, -- int (*cb)(char *buf, int len, const char *prompt, -- int verify)); --#endif -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify)); -+# endif - --/* The following 2 functions sign and verify a X509_SIG ASN1 object -- * inside PKCS#1 padded RSA encryption */ -+/* -+ * The following 2 functions sign and verify a X509_SIG ASN1 object inside -+ * PKCS#1 padded RSA encryption -+ */ - int RSA_sign(int type, const unsigned char *m, unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, RSA *rsa); -+ unsigned char *sigret, unsigned int *siglen, RSA *rsa); - int RSA_verify(int type, const unsigned char *m, unsigned int m_length, -- unsigned char *sigbuf, unsigned int siglen, RSA *rsa); -+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa); - --/* The following 2 function sign and verify a ASN1_OCTET_STRING -- * object inside PKCS#1 padded RSA encryption */ -+/* -+ * The following 2 function sign and verify a ASN1_OCTET_STRING object inside -+ * PKCS#1 padded RSA encryption -+ */ - int RSA_sign_ASN1_OCTET_STRING(int type, -- const unsigned char *m, unsigned int m_length, -- unsigned char *sigret, unsigned int *siglen, RSA *rsa); --int RSA_verify_ASN1_OCTET_STRING(int type, -- const unsigned char *m, unsigned int m_length, -- unsigned char *sigbuf, unsigned int siglen, RSA *rsa); -+ const unsigned char *m, unsigned int m_length, -+ unsigned char *sigret, unsigned int *siglen, -+ RSA *rsa); -+int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, -+ unsigned int m_length, unsigned char *sigbuf, -+ unsigned int siglen, RSA *rsa); - - int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); - void RSA_blinding_off(RSA *rsa); - BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); - --int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, -- const unsigned char *f,int fl); --int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, -- const unsigned char *f,int fl,int rsa_len); --int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, -- const unsigned char *f,int fl); --int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, -- const unsigned char *f,int fl,int rsa_len); --int PKCS1_MGF1(unsigned char *mask, long len, -- const unsigned char *seed, long seedlen, const EVP_MD *dgst); --int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, -- const unsigned char *f,int fl, -- const unsigned char *p,int pl); --int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, -- const unsigned char *f,int fl,int rsa_len, -- const unsigned char *p,int pl); --int RSA_padding_add_SSLv23(unsigned char *to,int tlen, -- const unsigned char *f,int fl); --int RSA_padding_check_SSLv23(unsigned char *to,int tlen, -- const unsigned char *f,int fl,int rsa_len); --int RSA_padding_add_none(unsigned char *to,int tlen, -- const unsigned char *f,int fl); --int RSA_padding_check_none(unsigned char *to,int tlen, -- const unsigned char *f,int fl,int rsa_len); --int RSA_padding_add_X931(unsigned char *to,int tlen, -- const unsigned char *f,int fl); --int RSA_padding_check_X931(unsigned char *to,int tlen, -- const unsigned char *f,int fl,int rsa_len); -+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, -+ const unsigned char *f, int fl); -+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, -+ const unsigned char *f, int fl, -+ int rsa_len); -+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, -+ const unsigned char *f, int fl); -+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, -+ const unsigned char *f, int fl, -+ int rsa_len); -+int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, -+ long seedlen, const EVP_MD *dgst); -+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, -+ const unsigned char *f, int fl, -+ const unsigned char *p, int pl); -+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, -+ const unsigned char *f, int fl, int rsa_len, -+ const unsigned char *p, int pl); -+int RSA_padding_add_SSLv23(unsigned char *to, int tlen, -+ const unsigned char *f, int fl); -+int RSA_padding_check_SSLv23(unsigned char *to, int tlen, -+ const unsigned char *f, int fl, int rsa_len); -+int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, -+ int fl); -+int RSA_padding_check_none(unsigned char *to, int tlen, -+ const unsigned char *f, int fl, int rsa_len); -+int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, -+ int fl); -+int RSA_padding_check_X931(unsigned char *to, int tlen, -+ const unsigned char *f, int fl, int rsa_len); - int RSA_X931_hash_id(int nid); - - int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, -- const EVP_MD *Hash, const unsigned char *EM, int sLen); -+ const EVP_MD *Hash, const unsigned char *EM, -+ int sLen); - int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, -- const unsigned char *mHash, -- const EVP_MD *Hash, int sLen); -+ const unsigned char *mHash, const EVP_MD *Hash, -+ int sLen); - - int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); --int RSA_set_ex_data(RSA *r,int idx,void *arg); -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+int RSA_set_ex_data(RSA *r, int idx, void *arg); - void *RSA_get_ex_data(const RSA *r, int idx); - - RSA *RSAPublicKey_dup(RSA *rsa); - RSA *RSAPrivateKey_dup(RSA *rsa); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_RSA_strings(void); -@@ -401,94 +429,95 @@ void ERR_load_RSA_strings(void); - /* Error codes for the RSA functions. */ - - /* Function codes. */ --#define RSA_F_FIPS_RSA_SIGN 140 --#define RSA_F_FIPS_RSA_VERIFY 141 --#define RSA_F_MEMORY_LOCK 100 --#define RSA_F_RSA_BUILTIN_KEYGEN 129 --#define RSA_F_RSA_CHECK_KEY 123 --#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 --#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 --#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 --#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 --#define RSA_F_RSA_GENERATE_KEY 105 --#define RSA_F_RSA_MEMORY_LOCK 130 --#define RSA_F_RSA_NEW_METHOD 106 --#define RSA_F_RSA_NULL 124 --#define RSA_F_RSA_NULL_MOD_EXP 131 --#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 --#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 --#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 --#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 --#define RSA_F_RSA_PADDING_ADD_NONE 107 --#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 --#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 --#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 --#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 --#define RSA_F_RSA_PADDING_ADD_SSLV23 110 --#define RSA_F_RSA_PADDING_ADD_X931 127 --#define RSA_F_RSA_PADDING_CHECK_NONE 111 --#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 --#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 --#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 --#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 --#define RSA_F_RSA_PADDING_CHECK_X931 128 --#define RSA_F_RSA_PRINT 115 --#define RSA_F_RSA_PRINT_FP 116 --#define RSA_F_RSA_PRIVATE_ENCRYPT 137 --#define RSA_F_RSA_PUBLIC_DECRYPT 138 --#define RSA_F_RSA_SETUP_BLINDING 136 --#define RSA_F_RSA_SET_DEFAULT_METHOD 139 --#define RSA_F_RSA_SET_METHOD 142 --#define RSA_F_RSA_SIGN 117 --#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 --#define RSA_F_RSA_VERIFY 119 --#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 --#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 -+# define RSA_F_FIPS_RSA_SIGN 140 -+# define RSA_F_FIPS_RSA_VERIFY 141 -+# define RSA_F_MEMORY_LOCK 100 -+# define RSA_F_RSA_BUILTIN_KEYGEN 129 -+# define RSA_F_RSA_CHECK_KEY 123 -+# define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 -+# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 -+# define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 -+# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 -+# define RSA_F_RSA_GENERATE_KEY 105 -+# define RSA_F_RSA_MEMORY_LOCK 130 -+# define RSA_F_RSA_NEW_METHOD 106 -+# define RSA_F_RSA_NULL 124 -+# define RSA_F_RSA_NULL_MOD_EXP 131 -+# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 -+# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 -+# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 -+# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 -+# define RSA_F_RSA_PADDING_ADD_NONE 107 -+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 -+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 -+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 -+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 -+# define RSA_F_RSA_PADDING_ADD_SSLV23 110 -+# define RSA_F_RSA_PADDING_ADD_X931 127 -+# define RSA_F_RSA_PADDING_CHECK_NONE 111 -+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 -+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 -+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 -+# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 -+# define RSA_F_RSA_PADDING_CHECK_X931 128 -+# define RSA_F_RSA_PRINT 115 -+# define RSA_F_RSA_PRINT_FP 116 -+# define RSA_F_RSA_PRIVATE_ENCRYPT 137 -+# define RSA_F_RSA_PUBLIC_DECRYPT 138 -+# define RSA_F_RSA_SETUP_BLINDING 136 -+# define RSA_F_RSA_SET_DEFAULT_METHOD 139 -+# define RSA_F_RSA_SET_METHOD 142 -+# define RSA_F_RSA_SIGN 117 -+# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 -+# define RSA_F_RSA_VERIFY 119 -+# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 -+# define RSA_F_RSA_VERIFY_PKCS1_PSS 126 - - /* Reason codes. */ --#define RSA_R_ALGORITHM_MISMATCH 100 --#define RSA_R_BAD_E_VALUE 101 --#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 --#define RSA_R_BAD_PAD_BYTE_COUNT 103 --#define RSA_R_BAD_SIGNATURE 104 --#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 --#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 --#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 --#define RSA_R_DATA_TOO_LARGE 109 --#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 --#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 --#define RSA_R_DATA_TOO_SMALL 111 --#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 --#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 --#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 --#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 --#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 --#define RSA_R_FIRST_OCTET_INVALID 133 --#define RSA_R_INVALID_HEADER 137 --#define RSA_R_INVALID_MESSAGE_LENGTH 131 --#define RSA_R_INVALID_PADDING 138 --#define RSA_R_INVALID_TRAILER 139 --#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 --#define RSA_R_KEY_SIZE_TOO_SMALL 120 --#define RSA_R_LAST_OCTET_INVALID 134 --#define RSA_R_MODULUS_TOO_LARGE 105 --#define RSA_R_NON_FIPS_METHOD 141 --#define RSA_R_NO_PUBLIC_EXPONENT 140 --#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 --#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 --#define RSA_R_OAEP_DECODING_ERROR 121 --#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 --#define RSA_R_PADDING_CHECK_FAILED 114 --#define RSA_R_P_NOT_PRIME 128 --#define RSA_R_Q_NOT_PRIME 129 --#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 --#define RSA_R_SLEN_CHECK_FAILED 136 --#define RSA_R_SLEN_RECOVERY_FAILED 135 --#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 --#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 --#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 --#define RSA_R_UNKNOWN_PADDING_TYPE 118 --#define RSA_R_WRONG_SIGNATURE_LENGTH 119 -+# define RSA_R_ALGORITHM_MISMATCH 100 -+# define RSA_R_BAD_E_VALUE 101 -+# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 -+# define RSA_R_BAD_PAD_BYTE_COUNT 103 -+# define RSA_R_BAD_SIGNATURE 104 -+# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 -+# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 -+# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 -+# define RSA_R_DATA_TOO_LARGE 109 -+# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 -+# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 -+# define RSA_R_DATA_TOO_SMALL 111 -+# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 -+# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 -+# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 -+# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 -+# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 -+# define RSA_R_FIRST_OCTET_INVALID 133 -+# define RSA_R_INVALID_HEADER 137 -+# define RSA_R_INVALID_MESSAGE_LENGTH 131 -+# define RSA_R_INVALID_PADDING 138 -+# define RSA_R_INVALID_TRAILER 139 -+# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 -+# define RSA_R_KEY_SIZE_TOO_SMALL 120 -+# define RSA_R_LAST_OCTET_INVALID 134 -+# define RSA_R_MODULUS_TOO_LARGE 105 -+# define RSA_R_NON_FIPS_METHOD 141 -+# define RSA_R_NO_PUBLIC_EXPONENT 140 -+# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 -+# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 -+# define RSA_R_OAEP_DECODING_ERROR 121 -+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 -+# define RSA_R_PADDING_CHECK_FAILED 114 -+# define RSA_R_PKCS_DECODING_ERROR 159 -+# define RSA_R_P_NOT_PRIME 128 -+# define RSA_R_Q_NOT_PRIME 129 -+# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 -+# define RSA_R_SLEN_CHECK_FAILED 136 -+# define RSA_R_SLEN_RECOVERY_FAILED 135 -+# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 -+# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 -+# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 -+# define RSA_R_UNKNOWN_PADDING_TYPE 118 -+# define RSA_R_WRONG_SIGNATURE_LENGTH 119 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/safestack.h b/Cryptlib/Include/openssl/safestack.h -index b59c640..334ce9e 100644 ---- a/Cryptlib/Include/openssl/safestack.h -+++ b/Cryptlib/Include/openssl/safestack.h -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,1934 +53,1940 @@ - */ - - #ifndef HEADER_SAFESTACK_H --#define HEADER_SAFESTACK_H -+# define HEADER_SAFESTACK_H - --#include -+# include - --#ifdef DEBUG_SAFESTACK -+# ifdef DEBUG_SAFESTACK - --#ifndef CHECKED_PTR_OF --#define CHECKED_PTR_OF(type, p) \ -+# ifndef CHECKED_PTR_OF -+# define CHECKED_PTR_OF(type, p) \ - ((void*) (1 ? p : (type*)0)) --#endif -+# endif - --#define CHECKED_SK_FREE_FUNC(type, p) \ -+# define CHECKED_SK_FREE_FUNC(type, p) \ - ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) - --#define CHECKED_SK_CMP_FUNC(type, p) \ -+# define CHECKED_SK_CMP_FUNC(type, p) \ - ((int (*)(const char * const *, const char * const *)) \ -- ((1 ? p : (int (*)(const type * const *, const type * const *))0))) -+ ((1 ? p : (int (*)(const type * const *, const type * const *))0))) - --#define STACK_OF(type) struct stack_st_##type --#define PREDECLARE_STACK_OF(type) STACK_OF(type); -+# define STACK_OF(type) struct stack_st_##type -+# define PREDECLARE_STACK_OF(type) STACK_OF(type); - --#define DECLARE_STACK_OF(type) \ -+# define DECLARE_STACK_OF(type) \ - STACK_OF(type) \ - { \ - STACK stack; \ - }; - --#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ -- --/* SKM_sk_... stack macros are internal to safestack.h: -- * never use them directly, use sk__... instead */ --#define SKM_sk_new(type, cmp) \ -- ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) --#define SKM_sk_new_null(type) \ -- ((STACK_OF(type) *)sk_new_null()) --#define SKM_sk_free(type, st) \ -- sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) --#define SKM_sk_num(type, st) \ -- sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) --#define SKM_sk_value(type, st,i) \ -- ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) --#define SKM_sk_set(type, st,i,val) \ -- sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) --#define SKM_sk_zero(type, st) \ -- sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) --#define SKM_sk_push(type, st,val) \ -- sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) --#define SKM_sk_unshift(type, st,val) \ -- sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) --#define SKM_sk_find(type, st,val) \ -- sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) --#define SKM_sk_delete(type, st,i) \ -- (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) --#define SKM_sk_delete_ptr(type, st,ptr) \ -- (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) --#define SKM_sk_insert(type, st,val,i) \ -- sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) --#define SKM_sk_set_cmp_func(type, st,cmp) \ -- ((int (*)(const type * const *,const type * const *)) \ -- sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) --#define SKM_sk_dup(type, st) \ -- (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) --#define SKM_sk_pop_free(type, st,free_func) \ -- sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) --#define SKM_sk_shift(type, st) \ -- (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) --#define SKM_sk_pop(type, st) \ -- (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) --#define SKM_sk_sort(type, st) \ -- sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) --#define SKM_sk_is_sorted(type, st) \ -- sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) -- --#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \ -- pp, length, \ -- CHECKED_D2I_OF(type, d2i_func), \ -- CHECKED_SK_FREE_FUNC(type, free_func), \ -- ex_tag, ex_class) -- --#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ -- CHECKED_I2D_OF(type, i2d_func), \ -- ex_tag, ex_class, is_set) -- --#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ -- ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ -- CHECKED_I2D_OF(type, i2d_func), buf, len) -- --#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ -- (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) -- --#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ -- (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ -- CHECKED_D2I_OF(type, d2i_func), \ -- CHECKED_SK_FREE_FUNC(type, free_func), \ -- pass, passlen, oct, seq) -- --#else -- --#define STACK_OF(type) STACK --#define PREDECLARE_STACK_OF(type) /* nada */ --#define DECLARE_STACK_OF(type) /* nada */ --#define IMPLEMENT_STACK_OF(type) /* nada */ -- --#define SKM_sk_new(type, cmp) \ -- sk_new((int (*)(const char * const *, const char * const *))(cmp)) --#define SKM_sk_new_null(type) \ -- sk_new_null() --#define SKM_sk_free(type, st) \ -- sk_free(st) --#define SKM_sk_num(type, st) \ -- sk_num(st) --#define SKM_sk_value(type, st,i) \ -- ((type *)sk_value(st, i)) --#define SKM_sk_set(type, st,i,val) \ -- ((type *)sk_set(st, i,(char *)val)) --#define SKM_sk_zero(type, st) \ -- sk_zero(st) --#define SKM_sk_push(type, st,val) \ -- sk_push(st, (char *)val) --#define SKM_sk_unshift(type, st,val) \ -- sk_unshift(st, (char *)val) --#define SKM_sk_find(type, st,val) \ -- sk_find(st, (char *)val) --#define SKM_sk_delete(type, st,i) \ -- ((type *)sk_delete(st, i)) --#define SKM_sk_delete_ptr(type, st,ptr) \ -- ((type *)sk_delete_ptr(st,(char *)ptr)) --#define SKM_sk_insert(type, st,val,i) \ -- sk_insert(st, (char *)val, i) --#define SKM_sk_set_cmp_func(type, st,cmp) \ -- ((int (*)(const type * const *,const type * const *)) \ -- sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) --#define SKM_sk_dup(type, st) \ -- sk_dup(st) --#define SKM_sk_pop_free(type, st,free_func) \ -- sk_pop_free(st, (void (*)(void *))free_func) --#define SKM_sk_shift(type, st) \ -- ((type *)sk_shift(st)) --#define SKM_sk_pop(type, st) \ -- ((type *)sk_pop(st)) --#define SKM_sk_sort(type, st) \ -- sk_sort(st) --#define SKM_sk_is_sorted(type, st) \ -- sk_is_sorted(st) -- --#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) --#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) -- --#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ -- ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) --#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ -- ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) -- --#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ -- ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) -- --#endif -- --/* This block of defines is updated by util/mkstack.pl, please do not touch! */ --#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) --#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) --#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) --#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) --#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) --#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) --#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) --#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) --#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) --#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) --#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) --#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) --#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) --#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) --#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) --#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) --#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) --#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) --#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) --#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) --#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) -- --#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) --#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) --#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) --#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) --#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) --#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) --#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) --#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) --#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) --#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) --#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) --#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) --#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) --#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) --#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) --#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) --#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) --#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) --#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) --#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) --#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) -- --#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) --#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) --#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) --#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) --#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) --#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) --#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) --#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) --#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) --#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) --#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) --#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) --#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) --#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) --#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) --#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) --#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) --#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) --#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) --#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) --#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) -- --#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) --#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) --#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) --#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) --#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) --#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) --#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) --#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) --#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) --#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) --#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) --#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) --#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) --#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) --#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) --#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) --#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) --#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) --#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) --#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) --#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) -- --#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) --#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) --#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) --#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) --#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) --#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) --#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) --#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) --#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) --#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) --#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) --#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) --#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) --#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) --#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) --#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) --#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) --#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) --#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) --#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) --#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) -- --#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) --#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) --#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) --#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) --#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) --#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) --#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) --#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) --#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) --#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) --#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) --#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) --#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) --#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) --#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) --#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) --#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) --#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) --#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) --#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) --#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) -- --#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) --#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) --#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) --#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) --#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) --#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) --#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) --#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) --#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) --#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) --#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) --#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) --#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) --#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) --#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) --#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) --#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) --#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) --#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) --#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) --#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) -- --#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) --#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) --#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) --#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) --#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) --#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) --#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) --#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) --#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) --#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) --#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) --#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) --#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) --#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) --#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) --#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) --#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) --#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) --#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) --#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) --#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) -- --#define sk_BIO_new(st) SKM_sk_new(BIO, (st)) --#define sk_BIO_new_null() SKM_sk_new_null(BIO) --#define sk_BIO_free(st) SKM_sk_free(BIO, (st)) --#define sk_BIO_num(st) SKM_sk_num(BIO, (st)) --#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) --#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) --#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) --#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) --#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) --#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) --#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) --#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) --#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) --#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) --#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) --#define sk_BIO_dup(st) SKM_sk_dup(BIO, st) --#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) --#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) --#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) --#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) --#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) -- --#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) --#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) --#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) --#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) --#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) --#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) --#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) --#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) --#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) --#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) --#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) --#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) --#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) --#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) --#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) --#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) --#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) --#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) --#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) --#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) --#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) -- --#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) --#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) --#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) --#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) --#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) --#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) --#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) --#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) --#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) --#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) --#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) --#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) --#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) --#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) --#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) --#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) --#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) --#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) --#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) --#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) --#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) -- --#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) --#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) --#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) --#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) --#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) --#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) --#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) --#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) --#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) --#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) --#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) --#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) --#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) --#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) --#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) --#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) --#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) --#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) --#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) --#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) --#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) -- --#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) --#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) --#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) --#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) --#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) --#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) --#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) --#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) --#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) --#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) --#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) --#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) --#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) --#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) --#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) --#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) --#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) --#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) --#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) --#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) --#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) -- --#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) --#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) --#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) --#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) --#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) --#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) --#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) --#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) --#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) --#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) --#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) --#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) --#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) --#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) --#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) --#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) --#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) --#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) --#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) --#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) --#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) -- --#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) --#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) --#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) --#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) --#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) --#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) --#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) --#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) --#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) --#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) --#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) --#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) --#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) --#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) --#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) --#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) --#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) --#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) --#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) --#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) --#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) -- --#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) --#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) --#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) --#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) --#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) --#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) --#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) --#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) --#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) --#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) --#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) --#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) --#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) --#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) --#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) --#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) --#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) --#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) --#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) --#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) --#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) -- --#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) --#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) --#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) --#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) --#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) --#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) --#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) --#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) --#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) --#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) --#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) --#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) --#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) --#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) --#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) --#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) --#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) --#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) --#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) --#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) --#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) -- --#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) --#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) --#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) --#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) --#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) --#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) --#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) --#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) --#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) --#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) --#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) --#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) --#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) --#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) --#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) --#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) --#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) --#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) --#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) --#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) --#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) -- --#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) --#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) --#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) --#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) --#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) --#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) --#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) --#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) --#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) --#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) --#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) --#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) --#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) --#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) --#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) --#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) --#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) --#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) --#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) --#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) --#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) -- --#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) --#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) --#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) --#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) --#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) --#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) --#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) --#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) --#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) --#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) --#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) --#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) --#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) --#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) --#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) --#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) --#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) --#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) --#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) --#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) --#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) -- --#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) --#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) --#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) --#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) --#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) --#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) --#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) --#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) --#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) --#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) --#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) --#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) --#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) --#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) --#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) --#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) --#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) --#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) --#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) --#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) --#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) -- --#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) --#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) --#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) --#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) --#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) --#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) --#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) --#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) --#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) --#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) --#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) --#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) --#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) --#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) --#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) --#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) --#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) --#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) --#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) --#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) --#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) -- --#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) --#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) --#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) --#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) --#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) --#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) --#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) --#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) --#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) --#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) --#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) --#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) --#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) --#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) --#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) --#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) --#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) --#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) --#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) --#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) --#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) -- --#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) --#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) --#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) --#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) --#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) --#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) --#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) --#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) --#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) --#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) --#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) --#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) --#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) --#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) --#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) --#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) --#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) --#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) --#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) --#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) --#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) -- --#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) --#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) --#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) --#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) --#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) --#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) --#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) --#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) --#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) --#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) --#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) --#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) --#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) --#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) --#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) --#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) --#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) --#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) --#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) --#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) --#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) -- --#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) --#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) --#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) --#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) --#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) --#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) --#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) --#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) --#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) --#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) --#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) --#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) --#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) --#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) --#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) --#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) --#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) --#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) --#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) --#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) --#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) -- --#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) --#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) --#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) --#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) --#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) --#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) --#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) --#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) --#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) --#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) --#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) --#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) --#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) --#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) --#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) --#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) --#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) --#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) --#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) --#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) --#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) -- --#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) --#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) --#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) --#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) --#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) --#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) --#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) --#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) --#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) --#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) --#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) --#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) --#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) --#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) --#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) --#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) --#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) --#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) --#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) --#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) --#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) -- --#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) --#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) --#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) --#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) --#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) --#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) --#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) --#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) --#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) --#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) --#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) --#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) --#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) --#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) --#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) --#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) --#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) --#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) --#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) --#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) --#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) -- --#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) --#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) --#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) --#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) --#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) --#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) --#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) --#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) --#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) --#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) --#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) --#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) --#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) --#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) --#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) --#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) --#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) --#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) --#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) --#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) --#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) -- --#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) --#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) --#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) --#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) --#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) --#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) --#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) --#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) --#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) --#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) --#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) --#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) --#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) --#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) --#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) --#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) --#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) --#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) --#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) --#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) --#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) -- --#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) --#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) --#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) --#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) --#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) --#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) --#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) --#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) --#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) --#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) --#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) --#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) --#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) --#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) --#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) --#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) --#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) --#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) --#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) --#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) --#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) -- --#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) --#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) --#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) --#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) --#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) --#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) --#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) --#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) --#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) --#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) --#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) --#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) --#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) --#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) --#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) --#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) --#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) --#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) --#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) --#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) --#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) -- --#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) --#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) --#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) --#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) --#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) --#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) --#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) --#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) --#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) --#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) --#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) --#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) --#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) --#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) --#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) --#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) --#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) --#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) --#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) --#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) --#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) -- --#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) --#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) --#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) --#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) --#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) --#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) --#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) --#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) --#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) --#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) --#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) --#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) --#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) --#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) --#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) --#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) --#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) --#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) --#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) --#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) --#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) -- --#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) --#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) --#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) --#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) --#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) --#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) --#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) --#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) --#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) --#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) --#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) --#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) --#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) --#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) --#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) --#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) --#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) --#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) --#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) --#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) --#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) -- --#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) --#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) --#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) --#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) --#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) --#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) --#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) --#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) --#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) --#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) --#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) --#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) --#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) --#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) --#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) --#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) --#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) --#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) --#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) --#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) --#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) -- --#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) --#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) --#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) --#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) --#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) --#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) --#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) --#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) --#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) --#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) --#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) --#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) --#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) --#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) --#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) --#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) --#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) --#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) --#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) --#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) --#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) -- --#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) --#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) --#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) --#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) --#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) --#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) --#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) --#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) --#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) --#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) --#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) --#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) --#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) --#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) --#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) --#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) --#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) --#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) --#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) --#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) --#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) -- --#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) --#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) --#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) --#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) --#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) --#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) --#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) --#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) --#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) --#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) --#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) --#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) --#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) --#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) --#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) --#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) --#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) --#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) --#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) --#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) --#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) -- --#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) --#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) --#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) --#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) --#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) --#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) --#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) --#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) --#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) --#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) --#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) --#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) --#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) --#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) --#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) --#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) --#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) --#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) --#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) --#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) --#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) -- --#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) --#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) --#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) --#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) --#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) --#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) --#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) --#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) --#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) --#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) --#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) --#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) --#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) --#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) --#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) --#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) --#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) --#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) --#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) --#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) --#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) -- --#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) --#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) --#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) --#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) --#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) --#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) --#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) --#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) --#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) --#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) --#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) --#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) --#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) --#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) --#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) --#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) --#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) --#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) --#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) --#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) --#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) -- --#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) --#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) --#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) --#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) --#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) --#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) --#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) --#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) --#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) --#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) --#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) --#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) --#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) --#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) --#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) --#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) --#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) --#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) --#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) --#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) --#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) -- --#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) --#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) --#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) --#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) --#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) --#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) --#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) --#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) --#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) --#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) --#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) --#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) --#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) --#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) --#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) --#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) --#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) --#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) --#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) --#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) --#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) -- --#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) --#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) --#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) --#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) --#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) --#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) --#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) --#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) --#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) --#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) --#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) --#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) --#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) --#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) --#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) --#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) --#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) --#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) --#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) --#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) --#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) -- --#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) --#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) --#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) --#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) --#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) --#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) --#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) --#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) --#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) --#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) --#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) --#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) --#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) --#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) --#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) --#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) --#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) --#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) --#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) --#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) --#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) -- --#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) --#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) --#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) --#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) --#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) --#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) --#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) --#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) --#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) --#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) --#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) --#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) --#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) --#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) --#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) --#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) --#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) --#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) --#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) --#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) --#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) -- --#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) --#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) --#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) --#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) --#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) --#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) --#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) --#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) --#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) --#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) --#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) --#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) --#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) --#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) --#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) --#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) --#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) --#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) --#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) --#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) --#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) -- --#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) --#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) --#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) --#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) --#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) --#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) --#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) --#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) --#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) --#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) --#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) --#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) --#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) --#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) --#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) --#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) --#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) --#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) --#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) --#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) --#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) -- --#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) --#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) --#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) --#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) --#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) --#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) --#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) --#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) --#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) --#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) --#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) --#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) --#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) --#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) --#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) --#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) --#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) --#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) --#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) --#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) --#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) -- --#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) --#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) --#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) --#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) --#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) --#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) --#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) --#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) --#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) --#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) --#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) --#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) --#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) --#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) --#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) --#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) --#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) --#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) --#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) --#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) --#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) -- --#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) --#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) --#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) --#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) --#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) --#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) --#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) --#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) --#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) --#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) --#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) --#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) --#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) --#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) --#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) --#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) --#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) --#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) --#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) --#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) --#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) -- --#define sk_X509_new(st) SKM_sk_new(X509, (st)) --#define sk_X509_new_null() SKM_sk_new_null(X509) --#define sk_X509_free(st) SKM_sk_free(X509, (st)) --#define sk_X509_num(st) SKM_sk_num(X509, (st)) --#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) --#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) --#define sk_X509_zero(st) SKM_sk_zero(X509, (st)) --#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) --#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) --#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) --#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) --#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) --#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) --#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) --#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) --#define sk_X509_dup(st) SKM_sk_dup(X509, st) --#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) --#define sk_X509_shift(st) SKM_sk_shift(X509, (st)) --#define sk_X509_pop(st) SKM_sk_pop(X509, (st)) --#define sk_X509_sort(st) SKM_sk_sort(X509, (st)) --#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) -- --#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) --#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) --#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) --#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) --#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) --#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) --#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) --#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) --#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) --#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) --#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) --#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) --#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) --#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) --#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) --#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) --#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) --#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) --#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) --#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) --#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) -- --#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) --#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) --#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) --#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) --#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) --#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) --#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) --#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) --#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) --#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) --#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) --#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) --#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) --#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) --#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) --#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) --#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) --#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) --#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) --#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) --#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) -- --#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) --#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) --#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) --#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) --#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) --#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) --#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) --#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) --#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) --#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) --#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) --#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) --#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) --#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) --#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) --#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) --#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) --#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) --#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) --#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) --#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) -- --#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) --#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) --#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) --#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) --#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) --#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) --#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) --#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) --#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) --#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) --#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) --#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) --#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) --#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) --#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) --#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) --#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) --#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) --#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) --#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) --#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) -- --#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) --#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) --#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) --#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) --#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) --#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) --#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) --#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) --#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) --#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) --#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) --#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) --#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) --#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) --#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) --#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) --#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) --#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) --#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) --#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) --#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) -- --#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) --#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) --#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) --#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) --#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) --#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) --#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) --#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) --#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) --#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) --#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) --#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) --#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) --#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) --#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) --#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) --#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) --#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) --#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) --#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) --#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) -- --#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) --#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) --#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) --#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) --#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) --#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) --#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) --#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) --#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) --#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) --#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) --#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) --#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) --#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) --#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) --#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) --#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) --#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) --#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) --#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) --#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) -- --#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) --#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) --#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) --#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) --#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) --#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) --#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) --#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) --#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) --#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) --#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) --#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) --#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) --#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) --#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) --#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) --#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) --#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) --#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) --#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) --#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) -- --#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) --#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) --#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) --#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) --#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) --#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) --#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) --#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) --#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) --#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) --#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) --#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) --#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) --#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) --#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) --#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) --#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) --#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) --#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) --#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) --#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) -- --#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) --#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) --#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) --#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) --#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) --#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) --#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) --#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) --#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) --#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) --#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) --#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) --#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) --#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) --#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) --#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) --#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) --#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) --#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) --#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) --#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) -- --#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) --#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) --#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) --#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) --#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) --#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) --#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) --#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) --#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) --#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) --#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) --#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) --#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) --#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) --#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) --#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) --#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) --#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) --#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) --#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) --#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) -- --#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) --#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) --#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) --#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) --#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) --#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) --#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) --#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) --#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) --#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) --#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) --#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) --#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) --#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) --#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) --#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) --#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) --#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) --#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) --#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) --#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) -- --#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) --#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) --#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) --#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) --#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) --#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) --#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) --#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) --#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) --#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) --#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) --#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) --#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) --#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) --#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) --#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) --#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) --#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) --#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) --#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) --#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) -- --#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) --#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) --#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) --#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) --#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) --#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) --#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) --#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) --#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) --#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) --#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) --#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) --#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) --#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) --#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) --#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) --#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) --#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) --#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) --#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) --#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) -- --#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) --#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) --#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) --#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) --#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) --#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) --#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) --#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) --#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) --#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) --#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) --#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) --#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) --#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) --#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) --#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) --#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) --#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) --#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) --#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) --#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) -- --#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) --#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) --#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) --#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) --#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) --#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) --#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) --#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) --#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) --#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) --#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) --#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) --#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) --#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) --#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) --#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) --#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) --#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) --#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) --#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) --#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) -- --#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) --#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) --#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) --#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) --#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) --#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) --#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) --#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) --#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) --#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) --#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) --#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) --#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) --#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) --#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) --#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) --#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) --#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) --#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) --#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) --#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) -- --#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) -- --#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -- SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) --#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -- SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) --#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ -- SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) --#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ -- SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) -- --#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ -- SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) -- --#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ -- SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) --/* End of util/mkstack.pl block, you may now edit :-) */ -- --#endif /* !defined HEADER_SAFESTACK_H */ -+/* nada (obsolete in new safestack approach)*/ -+# define IMPLEMENT_STACK_OF(type) -+ -+/* -+ * SKM_sk_... stack macros are internal to safestack.h: never use them -+ * directly, use sk__... instead -+ */ -+# define SKM_sk_new(type, cmp) \ -+ ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) -+# define SKM_sk_new_null(type) \ -+ ((STACK_OF(type) *)sk_new_null()) -+# define SKM_sk_free(type, st) \ -+ sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) -+# define SKM_sk_num(type, st) \ -+ sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) -+# define SKM_sk_value(type, st,i) \ -+ ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) -+# define SKM_sk_set(type, st,i,val) \ -+ sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) -+# define SKM_sk_zero(type, st) \ -+ sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) -+# define SKM_sk_push(type, st,val) \ -+ sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -+# define SKM_sk_unshift(type, st,val) \ -+ sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -+# define SKM_sk_find(type, st,val) \ -+ sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -+# define SKM_sk_delete(type, st,i) \ -+ (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) -+# define SKM_sk_delete_ptr(type, st,ptr) \ -+ (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) -+# define SKM_sk_insert(type, st,val,i) \ -+ sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) -+# define SKM_sk_set_cmp_func(type, st,cmp) \ -+ ((int (*)(const type * const *,const type * const *)) \ -+ sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) -+# define SKM_sk_dup(type, st) \ -+ (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) -+# define SKM_sk_pop_free(type, st,free_func) \ -+ sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) -+# define SKM_sk_shift(type, st) \ -+ (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) -+# define SKM_sk_pop(type, st) \ -+ (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) -+# define SKM_sk_sort(type, st) \ -+ sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) -+# define SKM_sk_is_sorted(type, st) \ -+ sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) -+ -+# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \ -+ pp, length, \ -+ CHECKED_D2I_OF(type, d2i_func), \ -+ CHECKED_SK_FREE_FUNC(type, free_func), \ -+ ex_tag, ex_class) -+ -+# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ -+ CHECKED_I2D_OF(type, i2d_func), \ -+ ex_tag, ex_class, is_set) -+ -+# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ -+ ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ -+ CHECKED_I2D_OF(type, i2d_func), buf, len) -+ -+# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ -+ (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) -+ -+# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ -+ (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ -+ CHECKED_D2I_OF(type, d2i_func), \ -+ CHECKED_SK_FREE_FUNC(type, free_func), \ -+ pass, passlen, oct, seq) -+ -+# else -+ -+# define STACK_OF(type) STACK -+# define PREDECLARE_STACK_OF(type) -+ /* nada */ -+# define DECLARE_STACK_OF(type)/* nada */ -+# define IMPLEMENT_STACK_OF(type) -+ /* nada */ -+ -+# define SKM_sk_new(type, cmp) \ -+ sk_new((int (*)(const char * const *, const char * const *))(cmp)) -+# define SKM_sk_new_null(type) \ -+ sk_new_null() -+# define SKM_sk_free(type, st) \ -+ sk_free(st) -+# define SKM_sk_num(type, st) \ -+ sk_num(st) -+# define SKM_sk_value(type, st,i) \ -+ ((type *)sk_value(st, i)) -+# define SKM_sk_set(type, st,i,val) \ -+ ((type *)sk_set(st, i,(char *)val)) -+# define SKM_sk_zero(type, st) \ -+ sk_zero(st) -+# define SKM_sk_push(type, st,val) \ -+ sk_push(st, (char *)val) -+# define SKM_sk_unshift(type, st,val) \ -+ sk_unshift(st, (char *)val) -+# define SKM_sk_find(type, st,val) \ -+ sk_find(st, (char *)val) -+# define SKM_sk_delete(type, st,i) \ -+ ((type *)sk_delete(st, i)) -+# define SKM_sk_delete_ptr(type, st,ptr) \ -+ ((type *)sk_delete_ptr(st,(char *)ptr)) -+# define SKM_sk_insert(type, st,val,i) \ -+ sk_insert(st, (char *)val, i) -+# define SKM_sk_set_cmp_func(type, st,cmp) \ -+ ((int (*)(const type * const *,const type * const *)) \ -+ sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) -+# define SKM_sk_dup(type, st) \ -+ sk_dup(st) -+# define SKM_sk_pop_free(type, st,free_func) \ -+ sk_pop_free(st, (void (*)(void *))free_func) -+# define SKM_sk_shift(type, st) \ -+ ((type *)sk_shift(st)) -+# define SKM_sk_pop(type, st) \ -+ ((type *)sk_pop(st)) -+# define SKM_sk_sort(type, st) \ -+ sk_sort(st) -+# define SKM_sk_is_sorted(type, st) \ -+ sk_is_sorted(st) -+ -+# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) -+# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) -+ -+# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ -+ ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) -+# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ -+ ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) -+ -+# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ -+ ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) -+ -+# endif -+ -+/* -+ * This block of defines is updated by util/mkstack.pl, please do not touch! -+ */ -+# define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) -+# define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) -+# define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) -+# define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) -+# define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) -+# define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) -+# define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) -+# define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) -+# define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) -+# define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) -+# define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) -+# define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) -+# define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) -+# define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) -+# define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) -+ -+# define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) -+# define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) -+# define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) -+# define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) -+# define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) -+# define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) -+# define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) -+# define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) -+# define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) -+# define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) -+# define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) -+# define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) -+# define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) -+# define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) -+# define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) -+ -+# define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) -+# define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) -+# define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) -+# define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) -+# define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) -+# define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) -+# define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) -+# define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) -+# define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) -+# define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) -+# define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) -+# define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) -+# define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) -+# define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) -+# define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) -+ -+# define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) -+# define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) -+# define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) -+# define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) -+# define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) -+# define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) -+# define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) -+# define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) -+# define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) -+# define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) -+# define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) -+# define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) -+# define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) -+# define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) -+# define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) -+ -+# define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) -+# define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) -+# define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) -+# define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) -+# define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) -+# define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) -+# define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) -+# define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) -+# define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) -+# define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) -+# define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) -+# define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) -+# define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) -+# define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) -+# define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) -+ -+# define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) -+# define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) -+# define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) -+# define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) -+# define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) -+# define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) -+# define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) -+# define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) -+# define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) -+# define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) -+# define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) -+# define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) -+# define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) -+# define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) -+# define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) -+ -+# define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) -+# define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) -+# define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) -+# define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) -+# define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) -+# define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) -+# define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) -+# define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) -+# define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) -+# define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) -+# define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) -+# define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) -+# define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) -+# define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) -+# define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) -+ -+# define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) -+# define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) -+# define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) -+# define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) -+# define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) -+# define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) -+# define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) -+# define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) -+# define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) -+# define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) -+# define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) -+# define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) -+# define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) -+# define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) -+# define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) -+ -+# define sk_BIO_new(st) SKM_sk_new(BIO, (st)) -+# define sk_BIO_new_null() SKM_sk_new_null(BIO) -+# define sk_BIO_free(st) SKM_sk_free(BIO, (st)) -+# define sk_BIO_num(st) SKM_sk_num(BIO, (st)) -+# define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) -+# define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) -+# define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) -+# define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) -+# define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) -+# define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) -+# define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) -+# define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) -+# define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) -+# define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) -+# define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) -+# define sk_BIO_dup(st) SKM_sk_dup(BIO, st) -+# define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) -+# define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) -+# define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) -+# define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) -+# define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) -+ -+# define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) -+# define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) -+# define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) -+# define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) -+# define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) -+# define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) -+# define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) -+# define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) -+# define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) -+# define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) -+# define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) -+# define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) -+# define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) -+# define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) -+# define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) -+ -+# define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) -+# define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) -+# define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) -+# define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) -+# define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) -+# define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) -+# define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) -+# define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) -+# define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) -+# define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) -+# define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) -+# define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) -+# define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) -+# define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) -+# define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) -+ -+# define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) -+# define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) -+# define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) -+# define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) -+# define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) -+# define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) -+# define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) -+# define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) -+# define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) -+# define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) -+# define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) -+# define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) -+# define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) -+# define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) -+# define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) -+ -+# define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) -+# define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) -+# define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) -+# define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) -+# define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) -+# define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) -+# define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) -+# define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) -+# define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) -+# define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) -+# define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) -+# define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) -+# define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) -+# define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) -+# define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) -+ -+# define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) -+# define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) -+# define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) -+# define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) -+# define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) -+# define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) -+# define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) -+# define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) -+# define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) -+# define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) -+# define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) -+# define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) -+# define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) -+# define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) -+# define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) -+ -+# define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) -+# define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) -+# define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) -+# define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) -+# define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) -+# define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) -+# define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) -+# define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) -+# define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) -+# define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) -+# define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) -+# define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) -+# define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) -+# define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) -+# define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) -+ -+# define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) -+# define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) -+# define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) -+# define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) -+# define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) -+# define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) -+# define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) -+# define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) -+# define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) -+# define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) -+# define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) -+# define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) -+# define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) -+# define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) -+# define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) -+ -+# define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) -+# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) -+# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) -+# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) -+# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) -+# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) -+# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) -+# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) -+# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) -+# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) -+# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) -+ -+# define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) -+# define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) -+# define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) -+# define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) -+# define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) -+# define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) -+# define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) -+# define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) -+# define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) -+# define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) -+# define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) -+# define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) -+# define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) -+# define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) -+# define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) -+ -+# define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) -+# define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) -+# define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) -+# define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) -+# define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) -+# define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) -+# define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) -+# define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) -+# define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) -+# define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) -+# define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) -+# define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) -+# define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) -+# define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) -+# define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) -+# define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) -+# define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) -+# define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) -+# define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) -+# define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) -+# define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) -+ -+# define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) -+# define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) -+# define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) -+# define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) -+# define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) -+# define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) -+# define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) -+# define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) -+# define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) -+# define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) -+# define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) -+# define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) -+# define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) -+# define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) -+# define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) -+# define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) -+# define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) -+# define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) -+# define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) -+# define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) -+# define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) -+ -+# define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) -+# define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) -+# define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) -+# define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) -+# define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) -+# define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) -+# define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) -+# define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) -+# define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) -+# define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) -+# define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) -+ -+# define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) -+# define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) -+# define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) -+# define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) -+# define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) -+# define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) -+# define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) -+# define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) -+# define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) -+# define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) -+# define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) -+# define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) -+# define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) -+# define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) -+# define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) -+ -+# define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) -+# define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) -+# define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) -+# define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) -+# define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) -+# define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) -+# define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) -+# define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) -+# define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) -+# define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) -+# define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) -+# define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) -+# define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) -+# define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) -+# define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) -+ -+# define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) -+# define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) -+# define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) -+# define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) -+# define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) -+# define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) -+# define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) -+# define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) -+# define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) -+# define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) -+# define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) -+# define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) -+# define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) -+# define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) -+# define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) -+ -+# define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) -+# define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) -+# define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) -+# define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) -+# define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) -+# define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) -+# define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) -+# define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) -+# define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) -+# define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) -+# define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) -+# define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) -+# define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) -+# define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) -+# define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) -+ -+# define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) -+# define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) -+# define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) -+# define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) -+# define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) -+# define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) -+# define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) -+# define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) -+# define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) -+# define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) -+# define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) -+# define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) -+# define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) -+# define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) -+# define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) -+ -+# define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) -+# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) -+# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) -+# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) -+# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) -+# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) -+# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) -+# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) -+# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) -+# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) -+# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) -+# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) -+# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) -+# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) -+# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) -+ -+# define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) -+# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) -+# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) -+# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) -+# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) -+# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) -+# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) -+# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) -+# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) -+# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) -+# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) -+# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) -+# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) -+# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) -+# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) -+ -+# define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) -+# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) -+# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) -+# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) -+# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) -+# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) -+# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) -+# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) -+# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) -+# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) -+# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) -+# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) -+# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) -+# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) -+# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) -+ -+# define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) -+# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) -+# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) -+# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) -+# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) -+# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) -+# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) -+# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) -+# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) -+# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) -+# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) -+# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) -+# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) -+# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) -+# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) -+ -+# define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) -+# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) -+# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) -+# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) -+# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) -+# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) -+# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) -+# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) -+# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) -+# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) -+# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) -+# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) -+# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) -+# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) -+# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) -+ -+# define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) -+# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) -+# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) -+# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) -+# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) -+# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) -+# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) -+# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) -+# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) -+# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) -+# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) -+# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) -+# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) -+# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) -+# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) -+ -+# define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) -+# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) -+# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) -+# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) -+# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) -+# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) -+# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) -+# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) -+# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) -+# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) -+# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) -+# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) -+# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) -+# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) -+# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) -+ -+# define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) -+# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) -+# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) -+# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) -+# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) -+# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) -+# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) -+# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) -+# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) -+# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) -+# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) -+# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) -+# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) -+# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) -+# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) -+ -+# define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) -+# define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) -+# define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) -+# define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) -+# define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) -+# define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) -+# define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) -+# define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) -+# define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) -+# define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) -+# define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) -+# define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) -+# define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) -+# define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) -+# define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) -+ -+# define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) -+# define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) -+# define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) -+# define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) -+# define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) -+# define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) -+# define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) -+# define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) -+# define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) -+# define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) -+# define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) -+# define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) -+# define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) -+# define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) -+# define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) -+ -+# define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) -+# define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) -+# define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) -+# define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) -+# define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) -+# define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) -+# define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) -+# define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) -+# define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) -+# define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) -+# define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) -+# define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) -+# define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) -+# define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) -+# define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) -+ -+# define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) -+# define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) -+# define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) -+# define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) -+# define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) -+# define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) -+# define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) -+# define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) -+# define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) -+# define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) -+# define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) -+# define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) -+# define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) -+# define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) -+# define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) -+ -+# define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) -+# define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) -+# define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) -+# define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) -+# define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) -+# define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) -+# define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) -+# define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) -+# define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) -+# define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) -+# define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) -+# define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) -+# define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) -+# define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) -+# define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) -+ -+# define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) -+# define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) -+# define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) -+# define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) -+# define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) -+# define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) -+# define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) -+# define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) -+# define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) -+# define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) -+# define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) -+# define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) -+# define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) -+# define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) -+# define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) -+ -+# define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) -+# define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) -+# define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) -+# define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) -+# define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) -+# define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) -+# define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) -+# define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) -+# define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) -+# define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) -+# define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) -+# define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) -+# define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) -+# define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) -+# define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) -+ -+# define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) -+# define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) -+# define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) -+# define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) -+# define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) -+# define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) -+# define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) -+# define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) -+# define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) -+# define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) -+# define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) -+# define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) -+# define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) -+# define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) -+# define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) -+ -+# define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) -+# define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) -+# define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) -+# define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) -+# define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) -+# define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) -+# define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) -+# define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) -+# define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) -+# define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) -+# define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) -+# define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) -+# define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) -+# define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) -+# define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) -+# define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) -+# define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) -+# define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) -+# define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) -+# define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) -+# define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) -+ -+# define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) -+# define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) -+# define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) -+# define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) -+# define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) -+# define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) -+# define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) -+# define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) -+# define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) -+# define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) -+# define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) -+# define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) -+# define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) -+# define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) -+# define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) -+ -+# define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) -+# define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) -+# define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) -+# define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) -+# define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) -+# define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) -+# define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) -+# define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) -+# define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) -+# define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) -+# define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) -+# define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) -+# define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) -+# define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) -+# define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) -+ -+# define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) -+# define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) -+# define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) -+# define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) -+# define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) -+# define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) -+# define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) -+# define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) -+# define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) -+# define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) -+# define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) -+# define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) -+# define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) -+# define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) -+# define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) -+# define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) -+# define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) -+# define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) -+# define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) -+# define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) -+# define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) -+ -+# define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) -+# define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) -+# define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) -+# define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) -+# define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) -+# define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) -+# define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) -+# define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) -+# define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) -+# define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) -+# define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) -+# define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) -+# define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) -+# define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) -+# define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) -+ -+# define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) -+# define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) -+# define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) -+# define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) -+# define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) -+# define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) -+# define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) -+# define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) -+# define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) -+# define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) -+# define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) -+# define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) -+# define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) -+# define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) -+# define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) -+ -+# define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) -+# define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) -+# define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) -+# define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) -+# define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) -+# define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) -+# define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) -+# define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) -+# define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) -+# define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) -+# define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) -+# define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) -+# define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) -+# define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) -+# define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) -+ -+# define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) -+# define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) -+# define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) -+# define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) -+# define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) -+# define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) -+# define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) -+# define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) -+# define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) -+# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) -+# define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) -+# define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) -+# define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) -+# define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) -+# define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) -+# define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) -+# define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) -+# define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) -+# define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) -+# define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) -+# define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) -+ -+# define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) -+# define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) -+# define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) -+# define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) -+# define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) -+# define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) -+# define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) -+# define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) -+# define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) -+# define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) -+# define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) -+# define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) -+# define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) -+# define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) -+# define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) -+ -+# define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) -+# define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) -+# define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) -+# define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) -+# define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) -+# define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) -+# define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) -+# define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) -+# define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) -+# define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) -+# define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) -+# define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) -+# define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) -+# define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) -+# define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) -+# define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) -+# define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) -+# define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) -+# define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) -+# define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) -+# define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) -+ -+# define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) -+# define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) -+# define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) -+# define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) -+# define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) -+# define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) -+# define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) -+# define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) -+# define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) -+# define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) -+# define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) -+# define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) -+# define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) -+# define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) -+# define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) -+# define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) -+# define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) -+# define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) -+# define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) -+# define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) -+# define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) -+ -+# define sk_X509_new(st) SKM_sk_new(X509, (st)) -+# define sk_X509_new_null() SKM_sk_new_null(X509) -+# define sk_X509_free(st) SKM_sk_free(X509, (st)) -+# define sk_X509_num(st) SKM_sk_num(X509, (st)) -+# define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) -+# define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) -+# define sk_X509_zero(st) SKM_sk_zero(X509, (st)) -+# define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) -+# define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) -+# define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) -+# define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) -+# define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) -+# define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) -+# define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) -+# define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) -+# define sk_X509_dup(st) SKM_sk_dup(X509, st) -+# define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) -+# define sk_X509_shift(st) SKM_sk_shift(X509, (st)) -+# define sk_X509_pop(st) SKM_sk_pop(X509, (st)) -+# define sk_X509_sort(st) SKM_sk_sort(X509, (st)) -+# define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) -+ -+# define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) -+# define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) -+# define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) -+# define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) -+# define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) -+# define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) -+# define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) -+# define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) -+# define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) -+# define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) -+# define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) -+# define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) -+# define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) -+# define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) -+# define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) -+ -+# define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) -+# define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) -+# define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) -+# define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) -+# define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) -+# define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) -+# define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) -+# define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) -+# define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) -+# define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) -+# define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) -+# define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) -+# define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) -+# define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) -+# define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) -+ -+# define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) -+# define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) -+# define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) -+# define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) -+# define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) -+# define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) -+# define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) -+# define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) -+# define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) -+# define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) -+# define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) -+# define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) -+# define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) -+# define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) -+# define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) -+ -+# define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) -+# define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) -+# define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) -+# define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) -+# define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) -+# define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) -+# define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) -+# define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) -+# define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) -+# define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) -+# define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) -+# define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) -+# define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) -+# define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) -+# define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) -+# define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) -+# define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) -+# define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) -+# define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) -+# define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) -+# define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) -+ -+# define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) -+# define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) -+# define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) -+# define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) -+# define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) -+# define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) -+# define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) -+# define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) -+# define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) -+# define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) -+# define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) -+# define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) -+# define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) -+# define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) -+# define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) -+ -+# define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) -+# define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) -+# define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) -+# define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) -+# define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) -+# define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) -+# define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) -+# define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) -+# define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) -+# define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) -+# define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) -+# define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) -+# define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) -+# define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) -+# define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) -+# define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) -+# define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) -+# define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) -+# define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) -+# define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) -+# define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) -+ -+# define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) -+# define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) -+# define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) -+# define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) -+# define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) -+# define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) -+# define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) -+# define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) -+# define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) -+# define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) -+# define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) -+# define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) -+# define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) -+# define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) -+# define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) -+ -+# define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) -+# define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) -+# define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) -+# define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) -+# define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) -+# define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) -+# define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) -+# define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) -+# define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) -+# define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) -+# define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) -+# define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) -+# define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) -+# define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) -+# define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) -+# define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) -+# define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) -+# define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) -+# define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) -+# define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) -+# define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) -+ -+# define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) -+# define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) -+# define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) -+# define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) -+# define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) -+# define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) -+# define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) -+# define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) -+# define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) -+# define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) -+# define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) -+# define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) -+# define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) -+# define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) -+# define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) -+ -+# define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) -+# define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) -+# define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) -+# define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) -+# define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) -+# define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) -+# define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) -+# define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) -+# define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) -+# define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) -+# define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) -+# define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) -+# define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) -+# define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) -+# define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) -+ -+# define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) -+# define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) -+# define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) -+# define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) -+# define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) -+# define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) -+# define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) -+# define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) -+# define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) -+# define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) -+# define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) -+# define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) -+# define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) -+# define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) -+# define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) -+ -+# define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) -+# define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) -+# define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) -+# define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) -+# define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) -+# define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) -+# define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) -+# define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) -+# define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) -+# define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) -+# define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) -+# define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) -+# define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) -+# define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) -+# define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) -+ -+# define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) -+# define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) -+# define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) -+# define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) -+# define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) -+# define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) -+# define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) -+# define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) -+# define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) -+# define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) -+# define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) -+# define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) -+# define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) -+# define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) -+# define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) -+# define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) -+# define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) -+# define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) -+# define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) -+# define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) -+# define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) -+ -+# define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) -+# define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) -+# define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) -+# define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) -+# define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) -+# define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) -+# define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) -+# define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) -+# define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) -+# define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) -+# define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) -+# define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) -+# define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) -+# define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) -+# define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) -+ -+# define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) -+# define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) -+# define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) -+# define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) -+# define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) -+# define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) -+# define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) -+# define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) -+# define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) -+# define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) -+# define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) -+# define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) -+# define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) -+# define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) -+# define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) -+ -+# define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) -+# define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) -+# define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) -+# define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) -+# define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) -+# define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) -+# define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) -+# define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) -+# define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) -+# define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) -+# define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) -+# define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) -+# define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) -+# define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) -+# define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) -+# define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) -+# define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) -+# define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) -+# define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) -+# define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) -+# define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) -+ -+# define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) -+# define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) -+# define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) -+# define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) -+# define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) -+# define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) -+# define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) -+# define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) -+# define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) -+# define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) -+# define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) -+# define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) -+# define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) -+# define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) -+# define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) -+ -+# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) -+ -+# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -+ SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -+# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ -+ SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -+# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ -+ SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) -+# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ -+ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) -+ -+# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ -+ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) -+ -+# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ -+ SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) -+ -+#endif /* !defined HEADER_SAFESTACK_H */ -diff --git a/Cryptlib/Include/openssl/sha.h b/Cryptlib/Include/openssl/sha.h -index 47a2c29..8a50878 100644 ---- a/Cryptlib/Include/openssl/sha.h -+++ b/Cryptlib/Include/openssl/sha.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,144 +57,144 @@ - */ - - #ifndef HEADER_SHA_H --#define HEADER_SHA_H -+# define HEADER_SHA_H - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) --#error SHA is disabled. --#endif -+# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) -+# error SHA is disabled. -+# endif - --#if defined(OPENSSL_FIPS) --#define FIPS_SHA_SIZE_T size_t --#endif -+# if defined(OPENSSL_FIPS) -+# define FIPS_SHA_SIZE_T size_t -+# endif - --/* -+/*- - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! SHA_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ - --#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) --#define SHA_LONG unsigned long --#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) --#define SHA_LONG unsigned long --#define SHA_LONG_LOG2 3 --#else --#define SHA_LONG unsigned int --#endif -- --#define SHA_LBLOCK 16 --#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a -- * contiguous array of 32 bit -- * wide big-endian values. */ --#define SHA_LAST_BLOCK (SHA_CBLOCK-8) --#define SHA_DIGEST_LENGTH 20 -- --typedef struct SHAstate_st -- { -- SHA_LONG h0,h1,h2,h3,h4; -- SHA_LONG Nl,Nh; -- SHA_LONG data[SHA_LBLOCK]; -- unsigned int num; -- } SHA_CTX; -- --#ifndef OPENSSL_NO_SHA0 --#ifdef OPENSSL_FIPS -+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -+# define SHA_LONG unsigned long -+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -+# define SHA_LONG unsigned long -+# define SHA_LONG_LOG2 3 -+# else -+# define SHA_LONG unsigned int -+# endif -+ -+# define SHA_LBLOCK 16 -+# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a -+ * contiguous array of 32 bit wide -+ * big-endian values. */ -+# define SHA_LAST_BLOCK (SHA_CBLOCK-8) -+# define SHA_DIGEST_LENGTH 20 -+ -+typedef struct SHAstate_st { -+ SHA_LONG h0, h1, h2, h3, h4; -+ SHA_LONG Nl, Nh; -+ SHA_LONG data[SHA_LBLOCK]; -+ unsigned int num; -+} SHA_CTX; -+ -+# ifndef OPENSSL_NO_SHA0 -+# ifdef OPENSSL_FIPS - int private_SHA_Init(SHA_CTX *c); --#endif -+# endif - int SHA_Init(SHA_CTX *c); - int SHA_Update(SHA_CTX *c, const void *data, size_t len); - int SHA_Final(unsigned char *md, SHA_CTX *c); - unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); - void SHA_Transform(SHA_CTX *c, const unsigned char *data); --#endif --#ifndef OPENSSL_NO_SHA1 -+# endif -+# ifndef OPENSSL_NO_SHA1 - int SHA1_Init(SHA_CTX *c); - int SHA1_Update(SHA_CTX *c, const void *data, size_t len); - int SHA1_Final(unsigned char *md, SHA_CTX *c); - unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); - void SHA1_Transform(SHA_CTX *c, const unsigned char *data); --#endif -- --#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a -- * contiguous array of 32 bit -- * wide big-endian values. */ --#define SHA224_DIGEST_LENGTH 28 --#define SHA256_DIGEST_LENGTH 32 -- --typedef struct SHA256state_st -- { -- SHA_LONG h[8]; -- SHA_LONG Nl,Nh; -- SHA_LONG data[SHA_LBLOCK]; -- unsigned int num,md_len; -- } SHA256_CTX; -- --#ifndef OPENSSL_NO_SHA256 -+# endif -+ -+# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a -+ * contiguous array of 32 bit wide -+ * big-endian values. */ -+# define SHA224_DIGEST_LENGTH 28 -+# define SHA256_DIGEST_LENGTH 32 -+ -+typedef struct SHA256state_st { -+ SHA_LONG h[8]; -+ SHA_LONG Nl, Nh; -+ SHA_LONG data[SHA_LBLOCK]; -+ unsigned int num, md_len; -+} SHA256_CTX; -+ -+# ifndef OPENSSL_NO_SHA256 - int SHA224_Init(SHA256_CTX *c); - int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); - int SHA224_Final(unsigned char *md, SHA256_CTX *c); --unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md); -+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); - int SHA256_Init(SHA256_CTX *c); - int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); - int SHA256_Final(unsigned char *md, SHA256_CTX *c); --unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md); -+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); - void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); --#endif -+# endif - --#define SHA384_DIGEST_LENGTH 48 --#define SHA512_DIGEST_LENGTH 64 -+# define SHA384_DIGEST_LENGTH 48 -+# define SHA512_DIGEST_LENGTH 64 - --#ifndef OPENSSL_NO_SHA512 -+# ifndef OPENSSL_NO_SHA512 - /* - * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 - * being exactly 64-bit wide. See Implementation Notes in sha512.c - * for further details. - */ --#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a -- * contiguous array of 64 bit -- * wide big-endian values. */ --#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) --#define SHA_LONG64 unsigned __int64 --#define U64(C) C##UI64 --#elif defined(__arch64__) --#define SHA_LONG64 unsigned long --#define U64(C) C##UL --#else --#define SHA_LONG64 unsigned long long --#define U64(C) C##ULL --#endif -- --typedef struct SHA512state_st -- { -- SHA_LONG64 h[8]; -- SHA_LONG64 Nl,Nh; -- union { -- SHA_LONG64 d[SHA_LBLOCK]; -- unsigned char p[SHA512_CBLOCK]; -- } u; -- unsigned int num,md_len; -- } SHA512_CTX; --#endif -- --#ifndef OPENSSL_NO_SHA512 -+/* -+ * SHA-512 treats input data as a -+ * contiguous array of 64 bit -+ * wide big-endian values. -+ */ -+# define SHA512_CBLOCK (SHA_LBLOCK*8) -+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -+# define SHA_LONG64 unsigned __int64 -+# define U64(C) C##UI64 -+# elif defined(__arch64__) -+# define SHA_LONG64 unsigned long -+# define U64(C) C##UL -+# else -+# define SHA_LONG64 unsigned long long -+# define U64(C) C##ULL -+# endif -+ -+typedef struct SHA512state_st { -+ SHA_LONG64 h[8]; -+ SHA_LONG64 Nl, Nh; -+ union { -+ SHA_LONG64 d[SHA_LBLOCK]; -+ unsigned char p[SHA512_CBLOCK]; -+ } u; -+ unsigned int num, md_len; -+} SHA512_CTX; -+# endif -+ -+# ifndef OPENSSL_NO_SHA512 - int SHA384_Init(SHA512_CTX *c); - int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); - int SHA384_Final(unsigned char *md, SHA512_CTX *c); --unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md); -+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); - int SHA512_Init(SHA512_CTX *c); - int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); - int SHA512_Final(unsigned char *md, SHA512_CTX *c); --unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md); -+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); - void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); --#endif -+# endif - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h -index 5f2a04e..ee9944f 100644 ---- a/Cryptlib/Include/openssl/ssl.h -+++ b/Cryptlib/Include/openssl/ssl.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -116,7 +116,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -163,143 +163,146 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECC cipher suite support in OpenSSL originally developed by -+ * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - --#ifndef HEADER_SSL_H --#define HEADER_SSL_H -- --#include -- --#ifndef OPENSSL_NO_COMP --#include --#endif --#ifndef OPENSSL_NO_BIO --#include --#endif --#ifndef OPENSSL_NO_DEPRECATED --#ifndef OPENSSL_NO_X509 --#include --#endif --#include --#include --#include --#endif --#include --#include -- --#include --#include --#include -+#ifndef HEADER_SSL_H -+# define HEADER_SSL_H -+ -+# include -+ -+# ifndef OPENSSL_NO_COMP -+# include -+# endif -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# ifndef OPENSSL_NO_DEPRECATED -+# ifndef OPENSSL_NO_X509 -+# include -+# endif -+# include -+# include -+# include -+# endif -+# include -+# include -+ -+# include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - - /* SSLeay version number for ASN.1 encoding of the session information */ --/* Version 0 - initial version -+/*- -+ * Version 0 - initial version - * Version 1 - added the optional peer certificate - */ --#define SSL_SESSION_ASN1_VERSION 0x0001 -+# define SSL_SESSION_ASN1_VERSION 0x0001 - - /* text strings for the ciphers */ --#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 --#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 --#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 --#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 --#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 --#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 --#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 --#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA --#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 --#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA -- --/* VRS Additional Kerberos5 entries -+# define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 -+# define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 -+# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 -+# define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 -+# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 -+# define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 -+# define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 -+# define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA -+# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 -+# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA -+ -+/* -+ * VRS Additional Kerberos5 entries - */ --#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA --#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA --#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA --#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA --#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 --#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 --#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 --#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 -- --#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA --#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA --#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA --#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 --#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 --#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 -- --#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA --#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 --#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA --#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 --#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA --#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 --#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 -- --#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 --#define SSL_MAX_SID_CTX_LENGTH 32 -- --#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) --#define SSL_MAX_KEY_ARG_LENGTH 8 --#define SSL_MAX_MASTER_KEY_LENGTH 48 -+# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -+# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -+# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA -+# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA -+# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -+# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -+# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 -+# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 -+ -+# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -+# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA -+# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA -+# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -+# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 -+# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 -+ -+# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -+# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -+# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -+# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -+# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -+# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -+# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 -+ -+# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 -+# define SSL_MAX_SID_CTX_LENGTH 32 -+ -+# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) -+# define SSL_MAX_KEY_ARG_LENGTH 8 -+# define SSL_MAX_MASTER_KEY_LENGTH 48 - - /* These are used to specify which ciphers to use and not to use */ --#define SSL_TXT_LOW "LOW" --#define SSL_TXT_MEDIUM "MEDIUM" --#define SSL_TXT_HIGH "HIGH" --#define SSL_TXT_FIPS "FIPS" --#define SSL_TXT_kFZA "kFZA" --#define SSL_TXT_aFZA "aFZA" --#define SSL_TXT_eFZA "eFZA" --#define SSL_TXT_FZA "FZA" -- --#define SSL_TXT_aNULL "aNULL" --#define SSL_TXT_eNULL "eNULL" --#define SSL_TXT_NULL "NULL" -- --#define SSL_TXT_kKRB5 "kKRB5" --#define SSL_TXT_aKRB5 "aKRB5" --#define SSL_TXT_KRB5 "KRB5" -- --#define SSL_TXT_kRSA "kRSA" --#define SSL_TXT_kDHr "kDHr" --#define SSL_TXT_kDHd "kDHd" --#define SSL_TXT_kEDH "kEDH" --#define SSL_TXT_aRSA "aRSA" --#define SSL_TXT_aDSS "aDSS" --#define SSL_TXT_aDH "aDH" --#define SSL_TXT_DSS "DSS" --#define SSL_TXT_DH "DH" --#define SSL_TXT_EDH "EDH" --#define SSL_TXT_ADH "ADH" --#define SSL_TXT_RSA "RSA" --#define SSL_TXT_DES "DES" --#define SSL_TXT_3DES "3DES" --#define SSL_TXT_RC4 "RC4" --#define SSL_TXT_RC2 "RC2" --#define SSL_TXT_IDEA "IDEA" --#define SSL_TXT_SEED "SEED" --#define SSL_TXT_AES "AES" --#define SSL_TXT_CAMELLIA "CAMELLIA" --#define SSL_TXT_MD5 "MD5" --#define SSL_TXT_SHA1 "SHA1" --#define SSL_TXT_SHA "SHA" --#define SSL_TXT_EXP "EXP" --#define SSL_TXT_EXPORT "EXPORT" --#define SSL_TXT_EXP40 "EXPORT40" --#define SSL_TXT_EXP56 "EXPORT56" --#define SSL_TXT_SSLV2 "SSLv2" --#define SSL_TXT_SSLV3 "SSLv3" --#define SSL_TXT_TLSV1 "TLSv1" --#define SSL_TXT_ALL "ALL" --#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */ -- --/* -+# define SSL_TXT_LOW "LOW" -+# define SSL_TXT_MEDIUM "MEDIUM" -+# define SSL_TXT_HIGH "HIGH" -+# define SSL_TXT_FIPS "FIPS" -+# define SSL_TXT_kFZA "kFZA" -+# define SSL_TXT_aFZA "aFZA" -+# define SSL_TXT_eFZA "eFZA" -+# define SSL_TXT_FZA "FZA" -+ -+# define SSL_TXT_aNULL "aNULL" -+# define SSL_TXT_eNULL "eNULL" -+# define SSL_TXT_NULL "NULL" -+ -+# define SSL_TXT_kKRB5 "kKRB5" -+# define SSL_TXT_aKRB5 "aKRB5" -+# define SSL_TXT_KRB5 "KRB5" -+ -+# define SSL_TXT_kRSA "kRSA" -+# define SSL_TXT_kDHr "kDHr" -+# define SSL_TXT_kDHd "kDHd" -+# define SSL_TXT_kEDH "kEDH" -+# define SSL_TXT_aRSA "aRSA" -+# define SSL_TXT_aDSS "aDSS" -+# define SSL_TXT_aDH "aDH" -+# define SSL_TXT_DSS "DSS" -+# define SSL_TXT_DH "DH" -+# define SSL_TXT_EDH "EDH" -+# define SSL_TXT_ADH "ADH" -+# define SSL_TXT_RSA "RSA" -+# define SSL_TXT_DES "DES" -+# define SSL_TXT_3DES "3DES" -+# define SSL_TXT_RC4 "RC4" -+# define SSL_TXT_RC2 "RC2" -+# define SSL_TXT_IDEA "IDEA" -+# define SSL_TXT_SEED "SEED" -+# define SSL_TXT_AES "AES" -+# define SSL_TXT_CAMELLIA "CAMELLIA" -+# define SSL_TXT_MD5 "MD5" -+# define SSL_TXT_SHA1 "SHA1" -+# define SSL_TXT_SHA "SHA" -+# define SSL_TXT_EXP "EXP" -+# define SSL_TXT_EXPORT "EXPORT" -+# define SSL_TXT_EXP40 "EXPORT40" -+# define SSL_TXT_EXP56 "EXPORT56" -+# define SSL_TXT_SSLV2 "SSLv2" -+# define SSL_TXT_SSLV3 "SSLv3" -+# define SSL_TXT_TLSV1 "TLSv1" -+# define SSL_TXT_ALL "ALL" -+# define SSL_TXT_ECC "ECCdraft"/* ECC ciphersuites are not yet -+ * official */ -+ -+/*- - * COMPLEMENTOF* definitions. These identifiers are used to (de-select) - * ciphers normally not being used. - * Example: "RC4" will activate all ciphers using RC4 including ciphers -@@ -313,17 +316,18 @@ extern "C" { - * DEFAULT gets, as only selection is being done and no sorting as needed - * for DEFAULT. - */ --#define SSL_TXT_CMPALL "COMPLEMENTOFALL" --#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" -+# define SSL_TXT_CMPALL "COMPLEMENTOFALL" -+# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" - --/* The following cipher list is used by default. -- * It also is substituted when an application-defined cipher list string -- * starts with 'DEFAULT'. */ --#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ -+/* -+ * The following cipher list is used by default. It also is substituted when -+ * an application-defined cipher list string starts with 'DEFAULT'. -+ */ -+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH" - - /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ --#define SSL_SENT_SHUTDOWN 1 --#define SSL_RECEIVED_SHUTDOWN 2 -+# define SSL_SENT_SHUTDOWN 1 -+# define SSL_RECEIVED_SHUTDOWN 2 - - #ifdef __cplusplus - } -@@ -333,1144 +337,1238 @@ extern "C" { - extern "C" { - #endif - --#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) --#define OPENSSL_NO_SSL2 --#endif -+# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) -+# define OPENSSL_NO_SSL2 -+# endif - --#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 --#define SSL_FILETYPE_PEM X509_FILETYPE_PEM -+# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 -+# define SSL_FILETYPE_PEM X509_FILETYPE_PEM - --/* This is needed to stop compilers complaining about the -- * 'struct ssl_st *' function parameters used to prototype callbacks -- * in SSL_CTX. */ -+/* -+ * This is needed to stop compilers complaining about the 'struct ssl_st *' -+ * function parameters used to prototype callbacks in SSL_CTX. -+ */ - typedef struct ssl_st *ssl_crock_st; - - /* used to hold info on the particular ciphers used */ --typedef struct ssl_cipher_st -- { -- int valid; -- const char *name; /* text name */ -- unsigned long id; /* id, 4 bytes, first is version */ -- unsigned long algorithms; /* what ciphers are used */ -- unsigned long algo_strength; /* strength and export flags */ -- unsigned long algorithm2; /* Extra flags */ -- int strength_bits; /* Number of bits really used */ -- int alg_bits; /* Number of bits for algorithm */ -- unsigned long mask; /* used for matching */ -- unsigned long mask_strength; /* also used for matching */ -- } SSL_CIPHER; -+typedef struct ssl_cipher_st { -+ int valid; -+ const char *name; /* text name */ -+ unsigned long id; /* id, 4 bytes, first is version */ -+ unsigned long algorithms; /* what ciphers are used */ -+ unsigned long algo_strength; /* strength and export flags */ -+ unsigned long algorithm2; /* Extra flags */ -+ int strength_bits; /* Number of bits really used */ -+ int alg_bits; /* Number of bits for algorithm */ -+ unsigned long mask; /* used for matching */ -+ unsigned long mask_strength; /* also used for matching */ -+} SSL_CIPHER; - - DECLARE_STACK_OF(SSL_CIPHER) - - /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ --typedef struct ssl_method_st -- { -- int version; -- int (*ssl_new)(SSL *s); -- void (*ssl_clear)(SSL *s); -- void (*ssl_free)(SSL *s); -- int (*ssl_accept)(SSL *s); -- int (*ssl_connect)(SSL *s); -- int (*ssl_read)(SSL *s,void *buf,int len); -- int (*ssl_peek)(SSL *s,void *buf,int len); -- int (*ssl_write)(SSL *s,const void *buf,int len); -- int (*ssl_shutdown)(SSL *s); -- int (*ssl_renegotiate)(SSL *s); -- int (*ssl_renegotiate_check)(SSL *s); -- long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long -- max, int *ok); -- int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, -- int peek); -- int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); -- int (*ssl_dispatch_alert)(SSL *s); -- long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); -- long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); -- SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); -- int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); -- int (*ssl_pending)(const SSL *s); -- int (*num_ciphers)(void); -- SSL_CIPHER *(*get_cipher)(unsigned ncipher); -- struct ssl_method_st *(*get_ssl_method)(int version); -- long (*get_timeout)(void); -- struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ -- int (*ssl_version)(void); -- long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); -- long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); -- } SSL_METHOD; -- --/* Lets make this into an ASN.1 type structure as follows -+typedef struct ssl_method_st { -+ int version; -+ int (*ssl_new) (SSL *s); -+ void (*ssl_clear) (SSL *s); -+ void (*ssl_free) (SSL *s); -+ int (*ssl_accept) (SSL *s); -+ int (*ssl_connect) (SSL *s); -+ int (*ssl_read) (SSL *s, void *buf, int len); -+ int (*ssl_peek) (SSL *s, void *buf, int len); -+ int (*ssl_write) (SSL *s, const void *buf, int len); -+ int (*ssl_shutdown) (SSL *s); -+ int (*ssl_renegotiate) (SSL *s); -+ int (*ssl_renegotiate_check) (SSL *s); -+ long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long -+ max, int *ok); -+ int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, -+ int peek); -+ int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); -+ int (*ssl_dispatch_alert) (SSL *s); -+ long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); -+ long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); -+ SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); -+ int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); -+ int (*ssl_pending) (const SSL *s); -+ int (*num_ciphers) (void); -+ SSL_CIPHER *(*get_cipher) (unsigned ncipher); -+ struct ssl_method_st *(*get_ssl_method) (int version); -+ long (*get_timeout) (void); -+ struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ -+ int (*ssl_version) (void); -+ long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); -+ long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); -+} SSL_METHOD; -+ -+/*- -+ * Lets make this into an ASN.1 type structure as follows - * SSL_SESSION_ID ::= SEQUENCE { -- * version INTEGER, -- structure version number -- * SSLversion INTEGER, -- SSL version number -- * Cipher OCTET_STRING, -- the 3 byte cipher ID -- * Session_ID OCTET_STRING, -- the Session ID -- * Master_key OCTET_STRING, -- the master key -- * KRB5_principal OCTET_STRING -- optional Kerberos principal -- * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument -- * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time -- * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds -- * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate -- * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context -- * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' -- * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX -- * } -+ * version INTEGER, -- structure version number -+ * SSLversion INTEGER, -- SSL version number -+ * Cipher OCTET_STRING, -- the 3 byte cipher ID -+ * Session_ID OCTET_STRING, -- the Session ID -+ * Master_key OCTET_STRING, -- the master key -+ * KRB5_principal OCTET_STRING -- optional Kerberos principal -+ * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument -+ * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time -+ * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds -+ * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate -+ * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context -+ * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' -+ * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX -+ * } - * Look in ssl/ssl_asn1.c for more details - * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). - */ --typedef struct ssl_session_st -- { -- int ssl_version; /* what ssl version session info is -- * being kept in here? */ -- -- /* only really used in SSLv2 */ -- unsigned int key_arg_length; -- unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; -- int master_key_length; -- unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; -- /* session_id - valid? */ -- unsigned int session_id_length; -- unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; -- /* this is used to determine whether the session is being reused in -- * the appropriate context. It is up to the application to set this, -- * via SSL_new */ -- unsigned int sid_ctx_length; -- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -- --#ifndef OPENSSL_NO_KRB5 -- unsigned int krb5_client_princ_len; -- unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; --#endif /* OPENSSL_NO_KRB5 */ -- -- int not_resumable; -- -- /* The cert is the certificate used to establish this connection */ -- struct sess_cert_st /* SESS_CERT */ *sess_cert; -- -- /* This is the cert for the other end. -- * On clients, it will be the same as sess_cert->peer_key->x509 -- * (the latter is not enough as sess_cert is not retained -- * in the external representation of sessions, see ssl_asn1.c). */ -- X509 *peer; -- /* when app_verify_callback accepts a session where the peer's certificate -- * is not ok, we must remember the error for session reuse: */ -- long verify_result; /* only for servers */ -- -- int references; -- long timeout; -- long time; -- -- int compress_meth; /* Need to lookup the method */ -- -- SSL_CIPHER *cipher; -- unsigned long cipher_id; /* when ASN.1 loaded, this -- * needs to be used to load -- * the 'cipher' structure */ -- -- STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ -- -- CRYPTO_EX_DATA ex_data; /* application specific data */ -- -- /* These are used to make removal of session-ids more -- * efficient and to implement a maximum cache size. */ -- struct ssl_session_st *prev,*next; --#ifndef OPENSSL_NO_TLSEXT -- char *tlsext_hostname; -- /* RFC4507 info */ -- unsigned char *tlsext_tick; /* Session ticket */ -- size_t tlsext_ticklen; /* Session ticket length */ -- long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ --#endif -- } SSL_SESSION; -- -- --#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L --#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L -+typedef struct ssl_session_st { -+ int ssl_version; /* what ssl version session info is being -+ * kept in here? */ -+ /* only really used in SSLv2 */ -+ unsigned int key_arg_length; -+ unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; -+ int master_key_length; -+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; -+ /* session_id - valid? */ -+ unsigned int session_id_length; -+ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; -+ /* -+ * this is used to determine whether the session is being reused in the -+ * appropriate context. It is up to the application to set this, via -+ * SSL_new -+ */ -+ unsigned int sid_ctx_length; -+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -+# ifndef OPENSSL_NO_KRB5 -+ unsigned int krb5_client_princ_len; -+ unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; -+# endif /* OPENSSL_NO_KRB5 */ -+ int not_resumable; -+ /* The cert is the certificate used to establish this connection */ -+ struct sess_cert_st /* SESS_CERT */ *sess_cert; -+ /* -+ * This is the cert for the other end. On clients, it will be the same as -+ * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is -+ * not retained in the external representation of sessions, see -+ * ssl_asn1.c). -+ */ -+ X509 *peer; -+ /* -+ * when app_verify_callback accepts a session where the peer's -+ * certificate is not ok, we must remember the error for session reuse: -+ */ -+ long verify_result; /* only for servers */ -+ int references; -+ long timeout; -+ long time; -+ int compress_meth; /* Need to lookup the method */ -+ SSL_CIPHER *cipher; -+ unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used -+ * to load the 'cipher' structure */ -+ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ -+ CRYPTO_EX_DATA ex_data; /* application specific data */ -+ /* -+ * These are used to make removal of session-ids more efficient and to -+ * implement a maximum cache size. -+ */ -+ struct ssl_session_st *prev, *next; -+# ifndef OPENSSL_NO_TLSEXT -+ char *tlsext_hostname; -+ /* RFC4507 info */ -+ unsigned char *tlsext_tick; /* Session ticket */ -+ size_t tlsext_ticklen; /* Session ticket length */ -+ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ -+# endif -+} SSL_SESSION; -+ -+# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L -+# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L - /* Allow initial connection to servers that don't support RI */ --#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L --#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L --#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L --#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L --#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L --#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L --#define SSL_OP_TLS_D5_BUG 0x00000100L --#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L -+# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L -+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -+# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L -+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L -+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L -+# define SSL_OP_TLS_D5_BUG 0x00000100L -+# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L - - /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ --#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 -+# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 - --/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added -- * in OpenSSL 0.9.6d. Usually (depending on the application protocol) -- * the workaround is not needed. Unfortunately some broken SSL/TLS -- * implementations cannot handle it at all, which is why we include -- * it in SSL_OP_ALL. */ --#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ -+/* -+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in -+ * OpenSSL 0.9.6d. Usually (depending on the application protocol) the -+ * workaround is not needed. Unfortunately some broken SSL/TLS -+ * implementations cannot handle it at all, which is why we include it in -+ * SSL_OP_ALL. -+ */ -+/* added in 0.9.6e */ -+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L - --/* SSL_OP_ALL: various bug workarounds that should be rather harmless. -- * This used to be 0x000FFFFFL before 0.9.7. */ --#define SSL_OP_ALL 0x00000FFFL -+/* -+ * SSL_OP_ALL: various bug workarounds that should be rather harmless. This -+ * used to be 0x000FFFFFL before 0.9.7. -+ */ -+# define SSL_OP_ALL 0x00000FFFL - - /* DTLS options */ --#define SSL_OP_NO_QUERY_MTU 0x00001000L -+# define SSL_OP_NO_QUERY_MTU 0x00001000L - /* Turn on Cookie Exchange (on relevant for servers) */ --#define SSL_OP_COOKIE_EXCHANGE 0x00002000L -+# define SSL_OP_COOKIE_EXCHANGE 0x00002000L - /* Don't use RFC4507 ticket extension */ --#define SSL_OP_NO_TICKET 0x00004000L -+# define SSL_OP_NO_TICKET 0x00004000L - /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ --#define SSL_OP_CISCO_ANYCONNECT 0x00008000L -+# define SSL_OP_CISCO_ANYCONNECT 0x00008000L - - /* As server, disallow session resumption on renegotiation */ --#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L -+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L - /* Permit unsafe legacy renegotiation */ --#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L -+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L - /* If set, always create a new key when using tmp_ecdh parameters */ --#define SSL_OP_SINGLE_ECDH_USE 0x00080000L -+# define SSL_OP_SINGLE_ECDH_USE 0x00080000L - /* If set, always create a new key when using tmp_dh parameters */ --#define SSL_OP_SINGLE_DH_USE 0x00100000L --/* Set to always use the tmp_rsa key when doing RSA operations, -- * even when this violates protocol specs */ --#define SSL_OP_EPHEMERAL_RSA 0x00200000L --/* Set on servers to choose the cipher according to the server's -- * preferences */ --#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L --/* If set, a server will allow a client to issue a SSLv3.0 version number -- * as latest version supported in the premaster secret, even when TLSv1.0 -+# define SSL_OP_SINGLE_DH_USE 0x00100000L -+/* Does nothing: retained for compatibiity */ -+# define SSL_OP_EPHEMERAL_RSA 0x0 -+/* -+ * Set on servers to choose the cipher according to the server's preferences -+ */ -+# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L -+/* -+ * If set, a server will allow a client to issue a SSLv3.0 version number as -+ * latest version supported in the premaster secret, even when TLSv1.0 - * (version 3.1) was announced in the client hello. Normally this is -- * forbidden to prevent version rollback attacks. */ --#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L -- --#define SSL_OP_NO_SSLv2 0x01000000L --#define SSL_OP_NO_SSLv3 0x02000000L --#define SSL_OP_NO_TLSv1 0x04000000L -- --/* The next flag deliberately changes the ciphertest, this is a check -- * for the PKCS#1 attack */ --#define SSL_OP_PKCS1_CHECK_1 0x08000000L --#define SSL_OP_PKCS1_CHECK_2 0x10000000L --#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L --#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L -- -- --/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success -- * when just a single record has been written): */ --#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L --/* Make it possible to retry SSL_write() with changed buffer location -- * (buffer contents must stay the same!); this is not the default to avoid -- * the misconception that non-blocking SSL_write() behaves like -- * non-blocking write(): */ --#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L --/* Never bother the application with retries if the transport -- * is blocking: */ --#define SSL_MODE_AUTO_RETRY 0x00000004L --/* Don't attempt to automatically build certificate chain */ --#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L -- -- --/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, -- * they cannot be used to clear bits. */ -- --#define SSL_CTX_set_options(ctx,op) \ -- SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) --#define SSL_CTX_clear_options(ctx,op) \ -- SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) --#define SSL_CTX_get_options(ctx) \ -- SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) --#define SSL_set_options(ssl,op) \ -- SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) --#define SSL_clear_options(ssl,op) \ -- SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) --#define SSL_get_options(ssl) \ -- SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) -+ * forbidden to prevent version rollback attacks. -+ */ -+# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L - --#define SSL_CTX_set_mode(ctx,op) \ -- SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) --#define SSL_CTX_clear_mode(ctx,op) \ -- SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) --#define SSL_CTX_get_mode(ctx) \ -- SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) --#define SSL_clear_mode(ssl,op) \ -- SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) --#define SSL_set_mode(ssl,op) \ -- SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) --#define SSL_get_mode(ssl) \ -- SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) --#define SSL_set_mtu(ssl, mtu) \ -- SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) -+# define SSL_OP_NO_SSLv2 0x01000000L -+# define SSL_OP_NO_SSLv3 0x02000000L -+# define SSL_OP_NO_TLSv1 0x04000000L -+ -+/* -+ * The next flag deliberately changes the ciphertest, this is a check for the -+ * PKCS#1 attack -+ */ -+# define SSL_OP_PKCS1_CHECK_1 0x08000000L -+# define SSL_OP_PKCS1_CHECK_2 0x10000000L -+# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L -+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L - --#define SSL_get_secure_renegotiation_support(ssl) \ -- SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) -+/* -+ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success -+ * when just a single record has been written): -+ */ -+# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L -+/* -+ * Make it possible to retry SSL_write() with changed buffer location (buffer -+ * contents must stay the same!); this is not the default to avoid the -+ * misconception that non-blocking SSL_write() behaves like non-blocking -+ * write(): -+ */ -+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L -+/* -+ * Never bother the application with retries if the transport is blocking: -+ */ -+# define SSL_MODE_AUTO_RETRY 0x00000004L -+/* Don't attempt to automatically build certificate chain */ -+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L -+/* -+ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications -+ * that reconnect with a downgraded protocol version; see -+ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your -+ * application attempts a normal handshake. Only use this in explicit -+ * fallback retries, following the guidance in -+ * draft-ietf-tls-downgrade-scsv-00. -+ */ -+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L - --void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); --void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); --#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) --#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -+/* -+ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they -+ * cannot be used to clear bits. -+ */ - -+# define SSL_CTX_set_options(ctx,op) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) -+# define SSL_CTX_clear_options(ctx,op) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -+# define SSL_CTX_get_options(ctx) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) -+# define SSL_set_options(ssl,op) \ -+ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) -+# define SSL_clear_options(ssl,op) \ -+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -+# define SSL_get_options(ssl) \ -+ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) - -+# define SSL_CTX_set_mode(ctx,op) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) -+# define SSL_CTX_clear_mode(ctx,op) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) -+# define SSL_CTX_get_mode(ctx) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) -+# define SSL_clear_mode(ssl,op) \ -+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) -+# define SSL_set_mode(ssl,op) \ -+ SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) -+# define SSL_get_mode(ssl) \ -+ SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) -+# define SSL_set_mtu(ssl, mtu) \ -+ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) - --#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) --#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ --#else --#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ --#endif -+# define SSL_get_secure_renegotiation_support(ssl) \ -+ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) -+ -+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, -+ void (*cb) (int write_p, int version, -+ int content_type, const void *buf, -+ size_t len, SSL *ssl, void *arg)); -+void SSL_set_msg_callback(SSL *ssl, -+ void (*cb) (int write_p, int version, -+ int content_type, const void *buf, -+ size_t len, SSL *ssl, void *arg)); -+# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -+# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -+ -+# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) -+# define SSL_MAX_CERT_LIST_DEFAULT 1024*30 -+ /* 30k max cert list :-) */ -+# else -+# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 -+ /* 100k max cert list :-) */ -+# endif -+ -+# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) - --#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) -- --/* This callback type is used inside SSL_CTX, SSL, and in the functions that set -- * them. It is used to override the generation of SSL/TLS session IDs in a -- * server. Return value should be zero on an error, non-zero to proceed. Also, -- * callbacks should themselves check if the id they generate is unique otherwise -- * the SSL handshake will fail with an error - callbacks can do this using the -- * 'ssl' value they're passed by; -- * SSL_has_matching_session_id(ssl, id, *id_len) -- * The length value passed in is set at the maximum size the session ID can be. -- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback -- * can alter this length to be less if desired, but under SSLv2 session IDs are -- * supposed to be fixed at 16 bytes so the id will be padded after the callback -- * returns in this case. It is also an error for the callback to set the size to -- * zero. */ --typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, -- unsigned int *id_len); -- --typedef struct ssl_comp_st -- { -- int id; -- const char *name; --#ifndef OPENSSL_NO_COMP -- COMP_METHOD *method; --#else -- char *method; --#endif -- } SSL_COMP; -+/* -+ * This callback type is used inside SSL_CTX, SSL, and in the functions that -+ * set them. It is used to override the generation of SSL/TLS session IDs in -+ * a server. Return value should be zero on an error, non-zero to proceed. -+ * Also, callbacks should themselves check if the id they generate is unique -+ * otherwise the SSL handshake will fail with an error - callbacks can do -+ * this using the 'ssl' value they're passed by; -+ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in -+ * is set at the maximum size the session ID can be. In SSLv2 this is 16 -+ * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this -+ * length to be less if desired, but under SSLv2 session IDs are supposed to -+ * be fixed at 16 bytes so the id will be padded after the callback returns -+ * in this case. It is also an error for the callback to set the size to -+ * zero. -+ */ -+typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, -+ unsigned int *id_len); -+ -+typedef struct ssl_comp_st { -+ int id; -+ const char *name; -+# ifndef OPENSSL_NO_COMP -+ COMP_METHOD *method; -+# else -+ char *method; -+# endif -+} SSL_COMP; - - DECLARE_STACK_OF(SSL_COMP) - --struct ssl_ctx_st -- { -- SSL_METHOD *method; -- -- STACK_OF(SSL_CIPHER) *cipher_list; -- /* same as above but sorted for lookup */ -- STACK_OF(SSL_CIPHER) *cipher_list_by_id; -- -- struct x509_store_st /* X509_STORE */ *cert_store; -- struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ -- /* Most session-ids that will be cached, default is -- * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ -- unsigned long session_cache_size; -- struct ssl_session_st *session_cache_head; -- struct ssl_session_st *session_cache_tail; -- -- /* This can have one of 2 values, ored together, -- * SSL_SESS_CACHE_CLIENT, -- * SSL_SESS_CACHE_SERVER, -- * Default is SSL_SESSION_CACHE_SERVER, which means only -- * SSL_accept which cache SSL_SESSIONS. */ -- int session_cache_mode; -- -- /* If timeout is not 0, it is the default timeout value set -- * when SSL_new() is called. This has been put in to make -- * life easier to set things up */ -- long session_timeout; -- -- /* If this callback is not null, it will be called each -- * time a session id is added to the cache. If this function -- * returns 1, it means that the callback will do a -- * SSL_SESSION_free() when it has finished using it. Otherwise, -- * on 0, it means the callback has finished with it. -- * If remove_session_cb is not null, it will be called when -- * a session-id is removed from the cache. After the call, -- * OpenSSL will SSL_SESSION_free() it. */ -- int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); -- void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); -- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, -- unsigned char *data,int len,int *copy); -- -- struct -- { -- int sess_connect; /* SSL new conn - started */ -- int sess_connect_renegotiate;/* SSL reneg - requested */ -- int sess_connect_good; /* SSL new conne/reneg - finished */ -- int sess_accept; /* SSL new accept - started */ -- int sess_accept_renegotiate;/* SSL reneg - requested */ -- int sess_accept_good; /* SSL accept/reneg - finished */ -- int sess_miss; /* session lookup misses */ -- int sess_timeout; /* reuse attempt on timeouted session */ -- int sess_cache_full; /* session removed due to full cache */ -- int sess_hit; /* session reuse actually done */ -- int sess_cb_hit; /* session-id that was not -- * in the cache was -- * passed back via the callback. This -- * indicates that the application is -- * supplying session-id's from other -- * processes - spooky :-) */ -- } stats; -- -- int references; -- -- /* if defined, these override the X509_verify_cert() calls */ -- int (*app_verify_callback)(X509_STORE_CTX *, void *); -- void *app_verify_arg; -- /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored -- * ('app_verify_callback' was called with just one argument) */ -- -- /* Default password callback. */ -- pem_password_cb *default_passwd_callback; -- -- /* Default password callback user data. */ -- void *default_passwd_callback_userdata; -- -- /* get client cert callback */ -- int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -+struct ssl_ctx_st { -+ SSL_METHOD *method; -+ STACK_OF(SSL_CIPHER) *cipher_list; -+ /* same as above but sorted for lookup */ -+ STACK_OF(SSL_CIPHER) *cipher_list_by_id; -+ struct x509_store_st /* X509_STORE */ *cert_store; -+ struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ -+ /* -+ * Most session-ids that will be cached, default is -+ * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. -+ */ -+ unsigned long session_cache_size; -+ struct ssl_session_st *session_cache_head; -+ struct ssl_session_st *session_cache_tail; -+ /* -+ * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, -+ * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which -+ * means only SSL_accept which cache SSL_SESSIONS. -+ */ -+ int session_cache_mode; -+ /* -+ * If timeout is not 0, it is the default timeout value set when -+ * SSL_new() is called. This has been put in to make life easier to set -+ * things up -+ */ -+ long session_timeout; -+ /* -+ * If this callback is not null, it will be called each time a session id -+ * is added to the cache. If this function returns 1, it means that the -+ * callback will do a SSL_SESSION_free() when it has finished using it. -+ * Otherwise, on 0, it means the callback has finished with it. If -+ * remove_session_cb is not null, it will be called when a session-id is -+ * removed from the cache. After the call, OpenSSL will -+ * SSL_SESSION_free() it. -+ */ -+ int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); -+ void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); -+ SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, -+ unsigned char *data, int len, int *copy); -+ struct { -+ int sess_connect; /* SSL new conn - started */ -+ int sess_connect_renegotiate; /* SSL reneg - requested */ -+ int sess_connect_good; /* SSL new conne/reneg - finished */ -+ int sess_accept; /* SSL new accept - started */ -+ int sess_accept_renegotiate; /* SSL reneg - requested */ -+ int sess_accept_good; /* SSL accept/reneg - finished */ -+ int sess_miss; /* session lookup misses */ -+ int sess_timeout; /* reuse attempt on timeouted session */ -+ int sess_cache_full; /* session removed due to full cache */ -+ int sess_hit; /* session reuse actually done */ -+ int sess_cb_hit; /* session-id that was not in the cache was -+ * passed back via the callback. This -+ * indicates that the application is -+ * supplying session-id's from other -+ * processes - spooky :-) */ -+ } stats; -+ -+ int references; -+ -+ /* if defined, these override the X509_verify_cert() calls */ -+ int (*app_verify_callback) (X509_STORE_CTX *, void *); -+ void *app_verify_arg; -+ /* -+ * before OpenSSL 0.9.7, 'app_verify_arg' was ignored -+ * ('app_verify_callback' was called with just one argument) -+ */ -+ -+ /* Default password callback. */ -+ pem_password_cb *default_passwd_callback; -+ -+ /* Default password callback user data. */ -+ void *default_passwd_callback_userdata; -+ -+ /* get client cert callback */ -+ int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); - - /* cookie generate callback */ -- int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, -- unsigned int *cookie_len); -+ int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, -+ unsigned int *cookie_len); - - /* verify cookie callback */ -- int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, -- unsigned int cookie_len); -- -- CRYPTO_EX_DATA ex_data; -- -- const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ -- const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ -- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ -- -- STACK_OF(X509) *extra_certs; -- STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ -- -- -- /* Default values used when no per-SSL value is defined follow */ -- -- void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ -- -- /* what we put in client cert requests */ -- STACK_OF(X509_NAME) *client_CA; -- -- -- /* Default values to use in SSL structures follow (these are copied by SSL_new) */ -- -- unsigned long options; -- unsigned long mode; -- long max_cert_list; -- -- struct cert_st /* CERT */ *cert; -- int read_ahead; -- -- /* callback that allows applications to peek at protocol messages */ -- void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); -- void *msg_callback_arg; -- -- int verify_mode; -- unsigned int sid_ctx_length; -- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -- int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ -- -- /* Default generate session ID callback. */ -- GEN_SESSION_CB generate_session_id; -- -- X509_VERIFY_PARAM *param; -- --#if 0 -- int purpose; /* Purpose setting */ -- int trust; /* Trust setting */ --#endif -- -- int quiet_shutdown; -- --#ifndef OPENSSL_ENGINE -- /* Engine to pass requests for client certs to -- */ -- ENGINE *client_cert_engine; --#endif -- --#ifndef OPENSSL_NO_TLSEXT -- /* TLS extensions servername callback */ -- int (*tlsext_servername_callback)(SSL*, int *, void *); -- void *tlsext_servername_arg; -- /* RFC 4507 session ticket keys */ -- unsigned char tlsext_tick_key_name[16]; -- unsigned char tlsext_tick_hmac_key[16]; -- unsigned char tlsext_tick_aes_key[16]; -- /* Callback to support customisation of ticket key setting */ -- int (*tlsext_ticket_key_cb)(SSL *ssl, -- unsigned char *name, unsigned char *iv, -- EVP_CIPHER_CTX *ectx, -- HMAC_CTX *hctx, int enc); -- -- /* certificate status request info */ -- /* Callback for status request */ -- int (*tlsext_status_cb)(SSL *ssl, void *arg); -- void *tlsext_status_arg; --#endif -- -- }; -- --#define SSL_SESS_CACHE_OFF 0x0000 --#define SSL_SESS_CACHE_CLIENT 0x0001 --#define SSL_SESS_CACHE_SERVER 0x0002 --#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) --#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -+ int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, -+ unsigned int cookie_len); -+ -+ CRYPTO_EX_DATA ex_data; -+ -+ const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ -+ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ -+ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ -+ -+ STACK_OF(X509) *extra_certs; -+ STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ -+ -+ /* Default values used when no per-SSL value is defined follow */ -+ -+ /* used if SSL's info_callback is NULL */ -+ void (*info_callback) (const SSL *ssl, int type, int val); -+ -+ /* what we put in client cert requests */ -+ STACK_OF(X509_NAME) *client_CA; -+ -+ /* -+ * Default values to use in SSL structures follow (these are copied by -+ * SSL_new) -+ */ -+ -+ unsigned long options; -+ unsigned long mode; -+ long max_cert_list; -+ -+ struct cert_st /* CERT */ *cert; -+ int read_ahead; -+ -+ /* callback that allows applications to peek at protocol messages */ -+ void (*msg_callback) (int write_p, int version, int content_type, -+ const void *buf, size_t len, SSL *ssl, void *arg); -+ void *msg_callback_arg; -+ -+ int verify_mode; -+ unsigned int sid_ctx_length; -+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -+ /* called 'verify_callback' in the SSL */ -+ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); -+ -+ /* Default generate session ID callback. */ -+ GEN_SESSION_CB generate_session_id; -+ -+ X509_VERIFY_PARAM *param; -+ -+# if 0 -+ int purpose; /* Purpose setting */ -+ int trust; /* Trust setting */ -+# endif -+ -+ int quiet_shutdown; -+ -+# ifndef OPENSSL_ENGINE -+ /* -+ * Engine to pass requests for client certs to -+ */ -+ ENGINE *client_cert_engine; -+# endif -+ -+# ifndef OPENSSL_NO_TLSEXT -+ /* TLS extensions servername callback */ -+ int (*tlsext_servername_callback) (SSL *, int *, void *); -+ void *tlsext_servername_arg; -+ /* RFC 4507 session ticket keys */ -+ unsigned char tlsext_tick_key_name[16]; -+ unsigned char tlsext_tick_hmac_key[16]; -+ unsigned char tlsext_tick_aes_key[16]; -+ /* Callback to support customisation of ticket key setting */ -+ int (*tlsext_ticket_key_cb) (SSL *ssl, -+ unsigned char *name, unsigned char *iv, -+ EVP_CIPHER_CTX *ectx, -+ HMAC_CTX *hctx, int enc); -+ -+ /* certificate status request info */ -+ /* Callback for status request */ -+ int (*tlsext_status_cb) (SSL *ssl, void *arg); -+ void *tlsext_status_arg; -+# endif -+ -+}; -+ -+# define SSL_SESS_CACHE_OFF 0x0000 -+# define SSL_SESS_CACHE_CLIENT 0x0001 -+# define SSL_SESS_CACHE_SERVER 0x0002 -+# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) -+# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 - /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ --#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 --#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 --#define SSL_SESS_CACHE_NO_INTERNAL \ -- (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) -- -- struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); --#define SSL_CTX_sess_number(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) --#define SSL_CTX_sess_connect(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) --#define SSL_CTX_sess_connect_good(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) --#define SSL_CTX_sess_connect_renegotiate(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) --#define SSL_CTX_sess_accept(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) --#define SSL_CTX_sess_accept_renegotiate(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) --#define SSL_CTX_sess_accept_good(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) --#define SSL_CTX_sess_hits(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) --#define SSL_CTX_sess_cb_hits(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) --#define SSL_CTX_sess_misses(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) --#define SSL_CTX_sess_timeouts(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) --#define SSL_CTX_sess_cache_full(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) -- --void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); --int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); --void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); --void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); --void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); --SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); --void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); --void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); --void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); --int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); --#ifndef OPENSSL_NO_ENGINE -+# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 -+# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 -+# define SSL_SESS_CACHE_NO_INTERNAL \ -+ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) -+ -+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); -+# define SSL_CTX_sess_number(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) -+# define SSL_CTX_sess_connect(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) -+# define SSL_CTX_sess_connect_good(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) -+# define SSL_CTX_sess_connect_renegotiate(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) -+# define SSL_CTX_sess_accept(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) -+# define SSL_CTX_sess_accept_renegotiate(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) -+# define SSL_CTX_sess_accept_good(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) -+# define SSL_CTX_sess_hits(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) -+# define SSL_CTX_sess_cb_hits(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) -+# define SSL_CTX_sess_misses(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) -+# define SSL_CTX_sess_timeouts(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) -+# define SSL_CTX_sess_cache_full(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) -+ -+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, -+ int (*new_session_cb) (struct ssl_st *ssl, -+ SSL_SESSION *sess)); -+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, -+ SSL_SESSION *sess); -+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, -+ void (*remove_session_cb) (struct ssl_ctx_st -+ *ctx, -+ SSL_SESSION -+ *sess)); -+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, -+ SSL_SESSION *sess); -+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, -+ SSL_SESSION *(*get_session_cb) (struct ssl_st -+ *ssl, -+ unsigned char -+ *data, int len, -+ int *copy)); -+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, -+ unsigned char *Data, -+ int len, int *copy); -+void SSL_CTX_set_info_callback(SSL_CTX *ctx, -+ void (*cb) (const SSL *ssl, int type, -+ int val)); -+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, -+ int val); -+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, -+ int (*client_cert_cb) (SSL *ssl, X509 **x509, -+ EVP_PKEY **pkey)); -+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, -+ EVP_PKEY **pkey); -+# ifndef OPENSSL_NO_ENGINE - int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); --#endif --void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); --void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); -- --#define SSL_NOTHING 1 --#define SSL_WRITING 2 --#define SSL_READING 3 --#define SSL_X509_LOOKUP 4 -+# endif -+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, -+ int (*app_gen_cookie_cb) (SSL *ssl, -+ unsigned char -+ *cookie, -+ unsigned int -+ *cookie_len)); -+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, -+ int (*app_verify_cookie_cb) (SSL *ssl, -+ unsigned char -+ *cookie, -+ unsigned int -+ cookie_len)); -+ -+# define SSL_NOTHING 1 -+# define SSL_WRITING 2 -+# define SSL_READING 3 -+# define SSL_X509_LOOKUP 4 - - /* These will only be used when doing non-blocking IO */ --#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) --#define SSL_want_read(s) (SSL_want(s) == SSL_READING) --#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) --#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) -- --struct ssl_st -- { -- /* protocol version -- * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) -- */ -- int version; -- int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ -- -- SSL_METHOD *method; /* SSLv3 */ -- -- /* There are 2 BIO's even though they are normally both the -- * same. This is so data can be read and written to different -- * handlers */ -- --#ifndef OPENSSL_NO_BIO -- BIO *rbio; /* used by SSL_read */ -- BIO *wbio; /* used by SSL_write */ -- BIO *bbio; /* used during session-id reuse to concatenate -- * messages */ --#else -- char *rbio; /* used by SSL_read */ -- char *wbio; /* used by SSL_write */ -- char *bbio; --#endif -- /* This holds a variable that indicates what we were doing -- * when a 0 or -1 is returned. This is needed for -- * non-blocking IO so we know what request needs re-doing when -- * in SSL_accept or SSL_connect */ -- int rwstate; -- -- /* true when we are actually in SSL_accept() or SSL_connect() */ -- int in_handshake; -- int (*handshake_func)(SSL *); -- -- /* Imagine that here's a boolean member "init" that is -- * switched as soon as SSL_set_{accept/connect}_state -- * is called for the first time, so that "state" and -- * "handshake_func" are properly initialized. But as -- * handshake_func is == 0 until then, we use this -- * test instead of an "init" member. -- */ -- -- int server; /* are we the server side? - mostly used by SSL_clear*/ -- -- int new_session;/* 1 if we are to use a new session. -- * 2 if we are a server and are inside a handshake -- * (i.e. not just sending a HelloRequest) -- * NB: For servers, the 'new' session may actually be a previously -- * cached session or even the previous session unless -- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ -- int quiet_shutdown;/* don't send shutdown packets */ -- int shutdown; /* we have shut things down, 0x01 sent, 0x02 -- * for received */ -- int state; /* where we are */ -- int rstate; /* where we are when reading */ -- -- BUF_MEM *init_buf; /* buffer used during init */ -- void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ -- int init_num; /* amount read/written */ -- int init_off; /* amount read/written */ -- -- /* used internally to point at a raw packet */ -- unsigned char *packet; -- unsigned int packet_length; -- -- struct ssl2_state_st *s2; /* SSLv2 variables */ -- struct ssl3_state_st *s3; /* SSLv3 variables */ -- struct dtls1_state_st *d1; /* DTLSv1 variables */ -- -- int read_ahead; /* Read as many input bytes as possible -- * (for non-blocking reads) */ -- -- /* callback that allows applications to peek at protocol messages */ -- void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); -- void *msg_callback_arg; -- -- int hit; /* reusing a previous session */ -- -- X509_VERIFY_PARAM *param; -- --#if 0 -- int purpose; /* Purpose setting */ -- int trust; /* Trust setting */ --#endif -- -- /* crypto */ -- STACK_OF(SSL_CIPHER) *cipher_list; -- STACK_OF(SSL_CIPHER) *cipher_list_by_id; -- -- /* These are the ones being used, the ones in SSL_SESSION are -- * the ones to be 'copied' into these ones */ -- -- EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ -- const EVP_MD *read_hash; /* used for mac generation */ --#ifndef OPENSSL_NO_COMP -- COMP_CTX *expand; /* uncompress */ --#else -- char *expand; --#endif -- -- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ -- const EVP_MD *write_hash; /* used for mac generation */ --#ifndef OPENSSL_NO_COMP -- COMP_CTX *compress; /* compression */ --#else -- char *compress; --#endif -- -- /* session info */ -- -- /* client cert? */ -- /* This is used to hold the server certificate used */ -- struct cert_st /* CERT */ *cert; -- -- /* the session_id_context is used to ensure sessions are only reused -- * in the appropriate context */ -- unsigned int sid_ctx_length; -- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -- -- /* This can also be in the session once a session is established */ -- SSL_SESSION *session; -- -- /* Default generate session ID callback. */ -- GEN_SESSION_CB generate_session_id; -- -- /* Used in SSL2 and SSL3 */ -- int verify_mode; /* 0 don't care about verify failure. -- * 1 fail if verify fails */ -- int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ -- -- void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ -- -- int error; /* error bytes to be written */ -- int error_code; /* actual code */ -- --#ifndef OPENSSL_NO_KRB5 -- KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ --#endif /* OPENSSL_NO_KRB5 */ -- -- SSL_CTX *ctx; -- /* set this flag to 1 and a sleep(1) is put into all SSL_read() -- * and SSL_write() calls, good for nbio debuging :-) */ -- int debug; -- -- /* extra application data */ -- long verify_result; -- CRYPTO_EX_DATA ex_data; -- -- /* for server side, keep the list of CA_dn we can use */ -- STACK_OF(X509_NAME) *client_CA; -- -- int references; -- unsigned long options; /* protocol behaviour */ -- unsigned long mode; /* API behaviour */ -- long max_cert_list; -- int first_packet; -- int client_version; /* what was passed, used for -- * SSLv3/TLS rollback check */ --#ifndef OPENSSL_NO_TLSEXT -- /* TLS extension debug callback */ -- void (*tlsext_debug_cb)(SSL *s, int client_server, int type, -- unsigned char *data, int len, -- void *arg); -- void *tlsext_debug_arg; -- char *tlsext_hostname; -- int servername_done; /* no further mod of servername -- 0 : call the servername extension callback. -- 1 : prepare 2, allow last ack just after in server callback. -- 2 : don't call servername callback, no ack in server hello -- */ -- /* certificate status request info */ -- /* Status type or -1 if no status type */ -- int tlsext_status_type; -- /* Expect OCSP CertificateStatus message */ -- int tlsext_status_expected; -- /* OCSP status request only */ -- STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; -- X509_EXTENSIONS *tlsext_ocsp_exts; -- /* OCSP response received or to be sent */ -- unsigned char *tlsext_ocsp_resp; -- int tlsext_ocsp_resplen; -- -- /* RFC4507 session ticket expected to be received or sent */ -- int tlsext_ticket_expected; -- SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ --#define session_ctx initial_ctx --#else --#define session_ctx ctx --#endif -- }; -+# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) -+# define SSL_want_read(s) (SSL_want(s) == SSL_READING) -+# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) -+# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) -+ -+struct ssl_st { -+ /* -+ * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, -+ * DTLS1_VERSION) -+ */ -+ int version; -+ /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ -+ int type; -+ /* SSLv3 */ -+ SSL_METHOD *method; -+ /* -+ * There are 2 BIO's even though they are normally both the same. This -+ * is so data can be read and written to different handlers -+ */ -+# ifndef OPENSSL_NO_BIO -+ /* used by SSL_read */ -+ BIO *rbio; -+ /* used by SSL_write */ -+ BIO *wbio; -+ /* used during session-id reuse to concatenate messages */ -+ BIO *bbio; -+# else -+ /* used by SSL_read */ -+ char *rbio; -+ /* used by SSL_write */ -+ char *wbio; -+ char *bbio; -+# endif -+ /* -+ * This holds a variable that indicates what we were doing when a 0 or -1 -+ * is returned. This is needed for non-blocking IO so we know what -+ * request needs re-doing when in SSL_accept or SSL_connect -+ */ -+ int rwstate; -+ /* true when we are actually in SSL_accept() or SSL_connect() */ -+ int in_handshake; -+ int (*handshake_func) (SSL *); -+ /* -+ * Imagine that here's a boolean member "init" that is switched as soon -+ * as SSL_set_{accept/connect}_state is called for the first time, so -+ * that "state" and "handshake_func" are properly initialized. But as -+ * handshake_func is == 0 until then, we use this test instead of an -+ * "init" member. -+ */ -+ /* are we the server side? - mostly used by SSL_clear */ -+ int server; -+ /* -+ * 1 if we are to use a new session. -+ * 2 if we are a server and are inside a handshake -+ * (i.e. not just sending a HelloRequest) -+ * NB: For servers, the 'new' session may actually be a previously -+ * cached session or even the previous session unless -+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set -+ */ -+ int new_session; -+ /* don't send shutdown packets */ -+ int quiet_shutdown; -+ /* we have shut things down, 0x01 sent, 0x02 for received */ -+ int shutdown; -+ /* where we are */ -+ int state; -+ /* where we are when reading */ -+ int rstate; -+ BUF_MEM *init_buf; /* buffer used during init */ -+ void *init_msg; /* pointer to handshake message body, set by -+ * ssl3_get_message() */ -+ int init_num; /* amount read/written */ -+ int init_off; /* amount read/written */ -+ /* used internally to point at a raw packet */ -+ unsigned char *packet; -+ unsigned int packet_length; -+ struct ssl2_state_st *s2; /* SSLv2 variables */ -+ struct ssl3_state_st *s3; /* SSLv3 variables */ -+ struct dtls1_state_st *d1; /* DTLSv1 variables */ -+ int read_ahead; /* Read as many input bytes as possible (for -+ * non-blocking reads) */ -+ /* callback that allows applications to peek at protocol messages */ -+ void (*msg_callback) (int write_p, int version, int content_type, -+ const void *buf, size_t len, SSL *ssl, void *arg); -+ void *msg_callback_arg; -+ int hit; /* reusing a previous session */ -+ X509_VERIFY_PARAM *param; -+# if 0 -+ int purpose; /* Purpose setting */ -+ int trust; /* Trust setting */ -+# endif -+ /* crypto */ -+ STACK_OF(SSL_CIPHER) *cipher_list; -+ STACK_OF(SSL_CIPHER) *cipher_list_by_id; -+ /* -+ * These are the ones being used, the ones in SSL_SESSION are the ones to -+ * be 'copied' into these ones -+ */ -+ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ -+ const EVP_MD *read_hash; /* used for mac generation */ -+# ifndef OPENSSL_NO_COMP -+ COMP_CTX *expand; /* uncompress */ -+# else -+ char *expand; -+# endif -+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ -+ const EVP_MD *write_hash; /* used for mac generation */ -+# ifndef OPENSSL_NO_COMP -+ COMP_CTX *compress; /* compression */ -+# else -+ char *compress; -+# endif -+ /* session info */ -+ /* client cert? */ -+ /* This is used to hold the server certificate used */ -+ struct cert_st /* CERT */ *cert; -+ /* -+ * the session_id_context is used to ensure sessions are only reused in -+ * the appropriate context -+ */ -+ unsigned int sid_ctx_length; -+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -+ /* This can also be in the session once a session is established */ -+ SSL_SESSION *session; -+ /* Default generate session ID callback. */ -+ GEN_SESSION_CB generate_session_id; -+ /* Used in SSL2 and SSL3 */ -+ /* -+ * 0 don't care about verify failure. -+ * 1 fail if verify fails -+ */ -+ int verify_mode; -+ /* fail if callback returns 0 */ -+ int (*verify_callback) (int ok, X509_STORE_CTX *ctx); -+ /* optional informational callback */ -+ void (*info_callback) (const SSL *ssl, int type, int val); -+ /* error bytes to be written */ -+ int error; -+ /* actual code */ -+ int error_code; -+# ifndef OPENSSL_NO_KRB5 -+ /* Kerberos 5 context */ -+ KSSL_CTX *kssl_ctx; -+# endif /* OPENSSL_NO_KRB5 */ -+ SSL_CTX *ctx; -+ /* -+ * set this flag to 1 and a sleep(1) is put into all SSL_read() and -+ * SSL_write() calls, good for nbio debuging :-) -+ */ -+ int debug; -+ /* extra application data */ -+ long verify_result; -+ CRYPTO_EX_DATA ex_data; -+ /* for server side, keep the list of CA_dn we can use */ -+ STACK_OF(X509_NAME) *client_CA; -+ int references; -+ /* protocol behaviour */ -+ unsigned long options; -+ /* API behaviour */ -+ unsigned long mode; -+ long max_cert_list; -+ int first_packet; -+ /* what was passed, used for SSLv3/TLS rollback check */ -+ int client_version; -+# ifndef OPENSSL_NO_TLSEXT -+ /* TLS extension debug callback */ -+ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, -+ unsigned char *data, int len, void *arg); -+ void *tlsext_debug_arg; -+ char *tlsext_hostname; -+ /*- -+ * no further mod of servername -+ * 0 : call the servername extension callback. -+ * 1 : prepare 2, allow last ack just after in server callback. -+ * 2 : don't call servername callback, no ack in server hello -+ */ -+ int servername_done; -+ /* certificate status request info */ -+ /* Status type or -1 if no status type */ -+ int tlsext_status_type; -+ /* Expect OCSP CertificateStatus message */ -+ int tlsext_status_expected; -+ /* OCSP status request only */ -+ STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; -+ X509_EXTENSIONS *tlsext_ocsp_exts; -+ /* OCSP response received or to be sent */ -+ unsigned char *tlsext_ocsp_resp; -+ int tlsext_ocsp_resplen; -+ /* RFC4507 session ticket expected to be received or sent */ -+ int tlsext_ticket_expected; -+ SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ -+# define session_ctx initial_ctx -+# else -+# define session_ctx ctx -+# endif -+}; - - #ifdef __cplusplus - } - #endif - --#include --#include --#include /* This is mostly sslv3 with a few tweaks */ --#include /* Datagram TLS */ --#include -+# include -+# include -+# include /* This is mostly sslv3 with a few tweaks */ -+# include /* Datagram TLS */ -+# include - - #ifdef __cplusplus - extern "C" { - #endif - - /* compatibility */ --#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) --#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) --#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) --#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) --#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) --#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) -- --/* The following are the possible values for ssl->state are are -- * used to indicate where we are up to in the SSL connection establishment. -- * The macros that follow are about the only things you should need to use -- * and even then, only when using non-blocking IO. -- * It can also be useful to work out where you were when the connection -- * failed */ -- --#define SSL_ST_CONNECT 0x1000 --#define SSL_ST_ACCEPT 0x2000 --#define SSL_ST_MASK 0x0FFF --#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) --#define SSL_ST_BEFORE 0x4000 --#define SSL_ST_OK 0x03 --#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -- --#define SSL_CB_LOOP 0x01 --#define SSL_CB_EXIT 0x02 --#define SSL_CB_READ 0x04 --#define SSL_CB_WRITE 0x08 --#define SSL_CB_ALERT 0x4000 /* used in callback */ --#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) --#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) --#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) --#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) --#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) --#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) --#define SSL_CB_HANDSHAKE_START 0x10 --#define SSL_CB_HANDSHAKE_DONE 0x20 -+# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) -+# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) -+# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) -+# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) -+# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) -+# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) -+ -+/* -+ * The following are the possible values for ssl->state are are used to -+ * indicate where we are up to in the SSL connection establishment. The -+ * macros that follow are about the only things you should need to use and -+ * even then, only when using non-blocking IO. It can also be useful to work -+ * out where you were when the connection failed -+ */ -+ -+# define SSL_ST_CONNECT 0x1000 -+# define SSL_ST_ACCEPT 0x2000 -+# define SSL_ST_MASK 0x0FFF -+# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) -+# define SSL_ST_BEFORE 0x4000 -+# define SSL_ST_OK 0x03 -+# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -+ -+# define SSL_CB_LOOP 0x01 -+# define SSL_CB_EXIT 0x02 -+# define SSL_CB_READ 0x04 -+# define SSL_CB_WRITE 0x08 -+# define SSL_CB_ALERT 0x4000/* used in callback */ -+# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) -+# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) -+# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) -+# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) -+# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) -+# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) -+# define SSL_CB_HANDSHAKE_START 0x10 -+# define SSL_CB_HANDSHAKE_DONE 0x20 - - /* Is the SSL_connection established? */ --#define SSL_get_state(a) SSL_state(a) --#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) --#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) --#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) --#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) --#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) -- --/* The following 2 states are kept in ssl->rstate when reads fail, -- * you should not need these */ --#define SSL_ST_READ_HEADER 0xF0 --#define SSL_ST_READ_BODY 0xF1 --#define SSL_ST_READ_DONE 0xF2 -- --/* Obtain latest Finished message -+# define SSL_get_state(a) SSL_state(a) -+# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) -+# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) -+# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) -+# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) -+# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) -+ -+/* -+ * The following 2 states are kept in ssl->rstate when reads fail, you should -+ * not need these -+ */ -+# define SSL_ST_READ_HEADER 0xF0 -+# define SSL_ST_READ_BODY 0xF1 -+# define SSL_ST_READ_DONE 0xF2 -+ -+/*- -+ * Obtain latest Finished message - * -- that we sent (SSL_get_finished) - * -- that we expected from peer (SSL_get_peer_finished). -- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ -+ * Returns length (0 == no Finished so far), copies up to 'count' bytes. -+ */ - size_t SSL_get_finished(const SSL *s, void *buf, size_t count); - size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); - --/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options -- * are 'ored' with SSL_VERIFY_PEER if they are desired */ --#define SSL_VERIFY_NONE 0x00 --#define SSL_VERIFY_PEER 0x01 --#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 --#define SSL_VERIFY_CLIENT_ONCE 0x04 -+/* -+ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are -+ * 'ored' with SSL_VERIFY_PEER if they are desired -+ */ -+# define SSL_VERIFY_NONE 0x00 -+# define SSL_VERIFY_PEER 0x01 -+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -+# define SSL_VERIFY_CLIENT_ONCE 0x04 - --#define OpenSSL_add_ssl_algorithms() SSL_library_init() --#define SSLeay_add_ssl_algorithms() SSL_library_init() -+# define OpenSSL_add_ssl_algorithms() SSL_library_init() -+# define SSLeay_add_ssl_algorithms() SSL_library_init() - - /* this is for backward compatibility */ --#if 0 /* NEW_SSLEAY */ --#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) --#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) --#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) --#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) --#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) --#endif -+# if 0 /* NEW_SSLEAY */ -+# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) -+# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) -+# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) -+# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) -+# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) -+# endif - /* More backward compatibility */ --#define SSL_get_cipher(s) \ -- SSL_CIPHER_get_name(SSL_get_current_cipher(s)) --#define SSL_get_cipher_bits(s,np) \ -- SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) --#define SSL_get_cipher_version(s) \ -- SSL_CIPHER_get_version(SSL_get_current_cipher(s)) --#define SSL_get_cipher_name(s) \ -- SSL_CIPHER_get_name(SSL_get_current_cipher(s)) --#define SSL_get_time(a) SSL_SESSION_get_time(a) --#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) --#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) --#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) -- --#if 1 /*SSLEAY_MACROS*/ --#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) --#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) --#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ -- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) --#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) --#define PEM_write_SSL_SESSION(fp,x) \ -- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ -- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) --#define PEM_write_bio_SSL_SESSION(bp,x) \ -- PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) --#endif -- --#define SSL_AD_REASON_OFFSET 1000 -+# define SSL_get_cipher(s) \ -+ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -+# define SSL_get_cipher_bits(s,np) \ -+ SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -+# define SSL_get_cipher_version(s) \ -+ SSL_CIPHER_get_version(SSL_get_current_cipher(s)) -+# define SSL_get_cipher_name(s) \ -+ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -+# define SSL_get_time(a) SSL_SESSION_get_time(a) -+# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) -+# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) -+# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) -+ -+# if 1 /* SSLEAY_MACROS */ -+# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) -+# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) -+# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ -+ (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) -+# define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) -+# define PEM_write_SSL_SESSION(fp,x) \ -+ PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ -+ PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) -+# define PEM_write_bio_SSL_SESSION(bp,x) \ -+ PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) -+# endif -+ -+# define SSL_AD_REASON_OFFSET 1000 - /* These alert types are for SSLv3 and TLSv1 */ --#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY --#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ --#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ --#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED --#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW --#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ --#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ --#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ --#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE --#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE --#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED --#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED --#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN --#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ --#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ --#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ --#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ --#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR --#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ --#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ --#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ --#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ --#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED --#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION --#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION --#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE --#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME --#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE --#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE --#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -- --#define SSL_ERROR_NONE 0 --#define SSL_ERROR_SSL 1 --#define SSL_ERROR_WANT_READ 2 --#define SSL_ERROR_WANT_WRITE 3 --#define SSL_ERROR_WANT_X509_LOOKUP 4 --#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ --#define SSL_ERROR_ZERO_RETURN 6 --#define SSL_ERROR_WANT_CONNECT 7 --#define SSL_ERROR_WANT_ACCEPT 8 -- --#define SSL_CTRL_NEED_TMP_RSA 1 --#define SSL_CTRL_SET_TMP_RSA 2 --#define SSL_CTRL_SET_TMP_DH 3 --#define SSL_CTRL_SET_TMP_ECDH 4 --#define SSL_CTRL_SET_TMP_RSA_CB 5 --#define SSL_CTRL_SET_TMP_DH_CB 6 --#define SSL_CTRL_SET_TMP_ECDH_CB 7 -- --#define SSL_CTRL_GET_SESSION_REUSED 8 --#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 --#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 --#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 --#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 --#define SSL_CTRL_GET_FLAGS 13 --#define SSL_CTRL_EXTRA_CHAIN_CERT 14 -- --#define SSL_CTRL_SET_MSG_CALLBACK 15 --#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 -+# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY -+/* fatal */ -+# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE -+/* fatal */ -+# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC -+# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED -+# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW -+/* fatal */ -+# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE -+/* fatal */ -+# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE -+/* Not for TLS */ -+# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE -+# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE -+# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE -+# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED -+# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED -+# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN -+/* fatal */ -+# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER -+/* fatal */ -+# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA -+/* fatal */ -+# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED -+/* fatal */ -+# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR -+# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR -+/* fatal */ -+# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION -+/* fatal */ -+# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION -+/* fatal */ -+# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY -+/* fatal */ -+# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR -+# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED -+# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION -+# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION -+# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE -+# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME -+# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE -+# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -+/* fatal */ -+# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY -+/* fatal */ -+# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK -+ -+# define SSL_ERROR_NONE 0 -+# define SSL_ERROR_SSL 1 -+# define SSL_ERROR_WANT_READ 2 -+# define SSL_ERROR_WANT_WRITE 3 -+# define SSL_ERROR_WANT_X509_LOOKUP 4 -+# define SSL_ERROR_SYSCALL 5/* look at error stack/return -+ * value/errno */ -+# define SSL_ERROR_ZERO_RETURN 6 -+# define SSL_ERROR_WANT_CONNECT 7 -+# define SSL_ERROR_WANT_ACCEPT 8 -+ -+# define SSL_CTRL_NEED_TMP_RSA 1 -+# define SSL_CTRL_SET_TMP_RSA 2 -+# define SSL_CTRL_SET_TMP_DH 3 -+# define SSL_CTRL_SET_TMP_ECDH 4 -+# define SSL_CTRL_SET_TMP_RSA_CB 5 -+# define SSL_CTRL_SET_TMP_DH_CB 6 -+# define SSL_CTRL_SET_TMP_ECDH_CB 7 -+ -+# define SSL_CTRL_GET_SESSION_REUSED 8 -+# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 -+# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 -+# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 -+# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 -+# define SSL_CTRL_GET_FLAGS 13 -+# define SSL_CTRL_EXTRA_CHAIN_CERT 14 -+ -+# define SSL_CTRL_SET_MSG_CALLBACK 15 -+# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 - - /* only applies to datagram connections */ --#define SSL_CTRL_SET_MTU 17 -+# define SSL_CTRL_SET_MTU 17 - /* Stats */ --#define SSL_CTRL_SESS_NUMBER 20 --#define SSL_CTRL_SESS_CONNECT 21 --#define SSL_CTRL_SESS_CONNECT_GOOD 22 --#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 --#define SSL_CTRL_SESS_ACCEPT 24 --#define SSL_CTRL_SESS_ACCEPT_GOOD 25 --#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 --#define SSL_CTRL_SESS_HIT 27 --#define SSL_CTRL_SESS_CB_HIT 28 --#define SSL_CTRL_SESS_MISSES 29 --#define SSL_CTRL_SESS_TIMEOUTS 30 --#define SSL_CTRL_SESS_CACHE_FULL 31 --#define SSL_CTRL_OPTIONS 32 --#define SSL_CTRL_MODE 33 -- --#define SSL_CTRL_GET_READ_AHEAD 40 --#define SSL_CTRL_SET_READ_AHEAD 41 --#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 --#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 --#define SSL_CTRL_SET_SESS_CACHE_MODE 44 --#define SSL_CTRL_GET_SESS_CACHE_MODE 45 -- --#define SSL_CTRL_GET_MAX_CERT_LIST 50 --#define SSL_CTRL_SET_MAX_CERT_LIST 51 -+# define SSL_CTRL_SESS_NUMBER 20 -+# define SSL_CTRL_SESS_CONNECT 21 -+# define SSL_CTRL_SESS_CONNECT_GOOD 22 -+# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 -+# define SSL_CTRL_SESS_ACCEPT 24 -+# define SSL_CTRL_SESS_ACCEPT_GOOD 25 -+# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 -+# define SSL_CTRL_SESS_HIT 27 -+# define SSL_CTRL_SESS_CB_HIT 28 -+# define SSL_CTRL_SESS_MISSES 29 -+# define SSL_CTRL_SESS_TIMEOUTS 30 -+# define SSL_CTRL_SESS_CACHE_FULL 31 -+# define SSL_CTRL_OPTIONS 32 -+# define SSL_CTRL_MODE 33 -+ -+# define SSL_CTRL_GET_READ_AHEAD 40 -+# define SSL_CTRL_SET_READ_AHEAD 41 -+# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 -+# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 -+# define SSL_CTRL_SET_SESS_CACHE_MODE 44 -+# define SSL_CTRL_GET_SESS_CACHE_MODE 45 -+ -+# define SSL_CTRL_GET_MAX_CERT_LIST 50 -+# define SSL_CTRL_SET_MAX_CERT_LIST 51 - - /* see tls1.h for macros based on these */ --#ifndef OPENSSL_NO_TLSEXT --#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 --#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 --#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 --#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 --#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 --#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 --#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -- --#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 --#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 --#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 --#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 --#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 --#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 --#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 --#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 --#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -- --#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 --#endif -- --#define DTLS_CTRL_GET_TIMEOUT 73 --#define DTLS_CTRL_HANDLE_TIMEOUT 74 --#define DTLS_CTRL_LISTEN 75 -- --#define SSL_CTRL_GET_RI_SUPPORT 76 --#define SSL_CTRL_CLEAR_OPTIONS 77 --#define SSL_CTRL_CLEAR_MODE 78 -- --#define DTLSv1_get_timeout(ssl, arg) \ -- SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) --#define DTLSv1_handle_timeout(ssl) \ -- SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) --#define DTLSv1_listen(ssl, peer) \ -- SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) -- --#define SSL_session_reused(ssl) \ -- SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) --#define SSL_num_renegotiations(ssl) \ -- SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) --#define SSL_clear_num_renegotiations(ssl) \ -- SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) --#define SSL_total_renegotiations(ssl) \ -- SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -- --#define SSL_CTX_need_tmp_RSA(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) --#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) --#define SSL_CTX_set_tmp_dh(ctx,dh) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) --#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) -- --#define SSL_need_tmp_RSA(ssl) \ -- SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) --#define SSL_set_tmp_rsa(ssl,rsa) \ -- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) --#define SSL_set_tmp_dh(ssl,dh) \ -- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) --#define SSL_set_tmp_ecdh(ssl,ecdh) \ -- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) -- --#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) -- --#ifndef OPENSSL_NO_BIO -+# ifndef OPENSSL_NO_TLSEXT -+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -+# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 -+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 -+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -+ -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 -+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 -+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 -+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 -+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -+ -+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 -+# endif -+ -+# define DTLS_CTRL_GET_TIMEOUT 73 -+# define DTLS_CTRL_HANDLE_TIMEOUT 74 -+# define DTLS_CTRL_LISTEN 75 -+ -+# define SSL_CTRL_GET_RI_SUPPORT 76 -+# define SSL_CTRL_CLEAR_OPTIONS 77 -+# define SSL_CTRL_CLEAR_MODE 78 -+ -+# define SSL_CTRL_CHECK_PROTO_VERSION 119 -+ -+# define DTLSv1_get_timeout(ssl, arg) \ -+ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) -+# define DTLSv1_handle_timeout(ssl) \ -+ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) -+# define DTLSv1_listen(ssl, peer) \ -+ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) -+ -+# define SSL_session_reused(ssl) \ -+ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) -+# define SSL_num_renegotiations(ssl) \ -+ SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) -+# define SSL_clear_num_renegotiations(ssl) \ -+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) -+# define SSL_total_renegotiations(ssl) \ -+ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -+ -+# define SSL_CTX_need_tmp_RSA(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -+# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) -+# define SSL_CTX_set_tmp_dh(ctx,dh) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) -+# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) -+ -+# define SSL_need_tmp_RSA(ssl) \ -+ SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) -+# define SSL_set_tmp_rsa(ssl,rsa) \ -+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) -+# define SSL_set_tmp_dh(ssl,dh) \ -+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) -+# define SSL_set_tmp_ecdh(ssl,ecdh) \ -+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) -+ -+# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) -+ -+# ifndef OPENSSL_NO_BIO - BIO_METHOD *BIO_f_ssl(void); --BIO *BIO_new_ssl(SSL_CTX *ctx,int client); -+BIO *BIO_new_ssl(SSL_CTX *ctx, int client); - BIO *BIO_new_ssl_connect(SSL_CTX *ctx); - BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); --int BIO_ssl_copy_session_id(BIO *to,BIO *from); -+int BIO_ssl_copy_session_id(BIO *to, BIO *from); - void BIO_ssl_shutdown(BIO *ssl_bio); - --#endif -+# endif - --int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); -+int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); - SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); --void SSL_CTX_free(SSL_CTX *); --long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); -+void SSL_CTX_free(SSL_CTX *); -+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); - long SSL_CTX_get_timeout(const SSL_CTX *ctx); - X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); --void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); -+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); - int SSL_want(const SSL *s); --int SSL_clear(SSL *s); -+int SSL_clear(SSL *s); - --void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); -+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); - - SSL_CIPHER *SSL_get_current_cipher(const SSL *s); --int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); --char * SSL_CIPHER_get_version(const SSL_CIPHER *c); --const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); -- --int SSL_get_fd(const SSL *s); --int SSL_get_rfd(const SSL *s); --int SSL_get_wfd(const SSL *s); --const char * SSL_get_cipher_list(const SSL *s,int n); --char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); --int SSL_get_read_ahead(const SSL * s); --int SSL_pending(const SSL *s); --#ifndef OPENSSL_NO_SOCK --int SSL_set_fd(SSL *s, int fd); --int SSL_set_rfd(SSL *s, int fd); --int SSL_set_wfd(SSL *s, int fd); --#endif --#ifndef OPENSSL_NO_BIO --void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); --BIO * SSL_get_rbio(const SSL *s); --BIO * SSL_get_wbio(const SSL *s); --#endif --int SSL_set_cipher_list(SSL *s, const char *str); --void SSL_set_read_ahead(SSL *s, int yes); --int SSL_get_verify_mode(const SSL *s); --int SSL_get_verify_depth(const SSL *s); --int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); --void SSL_set_verify(SSL *s, int mode, -- int (*callback)(int ok,X509_STORE_CTX *ctx)); --void SSL_set_verify_depth(SSL *s, int depth); --#ifndef OPENSSL_NO_RSA --int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); --#endif --int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); --int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); --int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); --int SSL_use_certificate(SSL *ssl, X509 *x); --int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); -- --#ifndef OPENSSL_NO_STDIO --int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); --int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); --int SSL_use_certificate_file(SSL *ssl, const char *file, int type); --int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); --int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); --int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); --int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ -+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); -+char *SSL_CIPHER_get_version(const SSL_CIPHER *c); -+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); -+ -+int SSL_get_fd(const SSL *s); -+int SSL_get_rfd(const SSL *s); -+int SSL_get_wfd(const SSL *s); -+const char *SSL_get_cipher_list(const SSL *s, int n); -+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); -+int SSL_get_read_ahead(const SSL *s); -+int SSL_pending(const SSL *s); -+# ifndef OPENSSL_NO_SOCK -+int SSL_set_fd(SSL *s, int fd); -+int SSL_set_rfd(SSL *s, int fd); -+int SSL_set_wfd(SSL *s, int fd); -+# endif -+# ifndef OPENSSL_NO_BIO -+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); -+BIO *SSL_get_rbio(const SSL *s); -+BIO *SSL_get_wbio(const SSL *s); -+# endif -+int SSL_set_cipher_list(SSL *s, const char *str); -+void SSL_set_read_ahead(SSL *s, int yes); -+int SSL_get_verify_mode(const SSL *s); -+int SSL_get_verify_depth(const SSL *s); -+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); -+void SSL_set_verify(SSL *s, int mode, -+ int (*callback) (int ok, X509_STORE_CTX *ctx)); -+void SSL_set_verify_depth(SSL *s, int depth); -+# ifndef OPENSSL_NO_RSA -+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -+# endif -+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); -+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -+int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, -+ long len); -+int SSL_use_certificate(SSL *ssl, X509 *x); -+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); -+ -+# ifndef OPENSSL_NO_STDIO -+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); -+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); -+int SSL_use_certificate_file(SSL *ssl, const char *file, int type); -+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); -+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -+/* PEM type */ -+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); - STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); --int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, -- const char *file); --#ifndef OPENSSL_SYS_VMS --#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ --int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, -- const char *dir); --#endif --#endif -- --#endif -- --void SSL_load_error_strings(void ); -+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, -+ const char *file); -+# ifndef OPENSSL_SYS_VMS -+/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ -+# ifndef OPENSSL_SYS_MACINTOSH_CLASSIC -+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, -+ const char *dir); -+# endif -+# endif -+ -+# endif -+ -+void SSL_load_error_strings(void); - const char *SSL_state_string(const SSL *s); - const char *SSL_rstate_string(const SSL *s); - const char *SSL_state_string_long(const SSL *s); - const char *SSL_rstate_string_long(const SSL *s); --long SSL_SESSION_get_time(const SSL_SESSION *s); --long SSL_SESSION_set_time(SSL_SESSION *s, long t); --long SSL_SESSION_get_timeout(const SSL_SESSION *s); --long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); --void SSL_copy_session_id(SSL *to,const SSL *from); -+long SSL_SESSION_get_time(const SSL_SESSION *s); -+long SSL_SESSION_set_time(SSL_SESSION *s, long t); -+long SSL_SESSION_get_timeout(const SSL_SESSION *s); -+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); -+void SSL_copy_session_id(SSL *to, const SSL *from); - - SSL_SESSION *SSL_SESSION_new(void); - unsigned long SSL_SESSION_hash(const SSL_SESSION *a); --int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); --const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); --#ifndef OPENSSL_NO_FP_API --int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); --#endif --#ifndef OPENSSL_NO_BIO --int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); --#endif --void SSL_SESSION_free(SSL_SESSION *ses); --int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); --int SSL_set_session(SSL *to, SSL_SESSION *session); --int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); --int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); --int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); --int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); --int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, -- unsigned int id_len); --SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, -- long length); -- --#ifdef HEADER_X509_H --X509 * SSL_get_peer_certificate(const SSL *s); --#endif -+int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b); -+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, -+ unsigned int *len); -+# ifndef OPENSSL_NO_FP_API -+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); -+# endif -+# ifndef OPENSSL_NO_BIO -+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); -+# endif -+void SSL_SESSION_free(SSL_SESSION *ses); -+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); -+int SSL_set_session(SSL *to, SSL_SESSION *session); -+int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); -+int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); -+int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); -+int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); -+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, -+ unsigned int id_len); -+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, -+ long length); -+ -+# ifdef HEADER_X509_H -+X509 *SSL_get_peer_certificate(const SSL *s); -+# endif - - STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); - - int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); - int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); --int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); --void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, -- int (*callback)(int, X509_STORE_CTX *)); --void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); --void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); --#ifndef OPENSSL_NO_RSA -+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, -+ X509_STORE_CTX *); -+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, -+ int (*callback) (int, X509_STORE_CTX *)); -+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); -+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, -+ int (*cb) (X509_STORE_CTX *, void *), -+ void *arg); -+# ifndef OPENSSL_NO_RSA - int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); --#endif --int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); -+# endif -+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, -+ long len); - int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); --int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, -- const unsigned char *d, long len); -+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, -+ const unsigned char *d, long len); - int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); --int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); -+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, -+ const unsigned char *d); - - void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); - void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); -@@ -1478,54 +1576,54 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); - int SSL_CTX_check_private_key(const SSL_CTX *ctx); - int SSL_check_private_key(const SSL *ctx); - --int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, -- unsigned int sid_ctx_len); -+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, -+ unsigned int sid_ctx_len); - --SSL * SSL_new(SSL_CTX *ctx); --int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, -- unsigned int sid_ctx_len); -+SSL *SSL_new(SSL_CTX *ctx); -+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, -+ unsigned int sid_ctx_len); - - int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); - int SSL_set_purpose(SSL *s, int purpose); - int SSL_CTX_set_trust(SSL_CTX *s, int trust); - int SSL_set_trust(SSL *s, int trust); - --void SSL_free(SSL *ssl); --int SSL_accept(SSL *ssl); --int SSL_connect(SSL *ssl); --int SSL_read(SSL *ssl,void *buf,int num); --int SSL_peek(SSL *ssl,void *buf,int num); --int SSL_write(SSL *ssl,const void *buf,int num); --long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); --long SSL_callback_ctrl(SSL *, int, void (*)(void)); --long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); --long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); -- --int SSL_get_error(const SSL *s,int ret_code); -+void SSL_free(SSL *ssl); -+int SSL_accept(SSL *ssl); -+int SSL_connect(SSL *ssl); -+int SSL_read(SSL *ssl, void *buf, int num); -+int SSL_peek(SSL *ssl, void *buf, int num); -+int SSL_write(SSL *ssl, const void *buf, int num); -+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); -+long SSL_callback_ctrl(SSL *, int, void (*)(void)); -+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); -+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); -+ -+int SSL_get_error(const SSL *s, int ret_code); - const char *SSL_get_version(const SSL *s); - - /* This sets the 'default' SSL version that SSL_new() will create */ --int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); -+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth); - --SSL_METHOD *SSLv2_method(void); /* SSLv2 */ --SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ --SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ -+SSL_METHOD *SSLv2_method(void); /* SSLv2 */ -+SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ -+SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ - --SSL_METHOD *SSLv3_method(void); /* SSLv3 */ --SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ --SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ -+SSL_METHOD *SSLv3_method(void); /* SSLv3 */ -+SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ -+SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ - --SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ --SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ --SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ -+SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ -+SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ -+SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ - --SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ --SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ --SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ -+SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ -+SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ -+SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ - --SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ --SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ --SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ -+SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ -+SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ -+SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ - - STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); - -@@ -1535,7 +1633,7 @@ int SSL_renegotiate_pending(SSL *s); - int SSL_shutdown(SSL *s); - - SSL_METHOD *SSL_get_ssl_method(SSL *s); --int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); -+int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); - const char *SSL_alert_type_string_long(int value); - const char *SSL_alert_type_string(int value); - const char *SSL_alert_desc_string_long(int value); -@@ -1545,131 +1643,138 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); - void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); - STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); - STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); --int SSL_add_client_CA(SSL *ssl,X509 *x); --int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); -+int SSL_add_client_CA(SSL *ssl, X509 *x); -+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - - void SSL_set_connect_state(SSL *s); - void SSL_set_accept_state(SSL *s); - - long SSL_get_default_timeout(const SSL *s); - --int SSL_library_init(void ); -+int SSL_library_init(void); - --char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); -+char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); - STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); - - SSL *SSL_dup(SSL *ssl); - - X509 *SSL_get_certificate(const SSL *ssl); --/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); -+/* -+ * EVP_PKEY -+ */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); - --void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); -+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); - int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); --void SSL_set_quiet_shutdown(SSL *ssl,int mode); -+void SSL_set_quiet_shutdown(SSL *ssl, int mode); - int SSL_get_quiet_shutdown(const SSL *ssl); --void SSL_set_shutdown(SSL *ssl,int mode); -+void SSL_set_shutdown(SSL *ssl, int mode); - int SSL_get_shutdown(const SSL *ssl); - int SSL_version(const SSL *ssl); - int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); - int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, -- const char *CApath); --#define SSL_get0_session SSL_get_session /* just peek at pointer */ -+ const char *CApath); -+# define SSL_get0_session SSL_get_session/* just peek at pointer */ - SSL_SESSION *SSL_get_session(const SSL *ssl); - SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ - SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); --SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); -+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); - void SSL_set_info_callback(SSL *ssl, -- void (*cb)(const SSL *ssl,int type,int val)); --void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); -+ void (*cb) (const SSL *ssl, int type, int val)); -+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, -+ int val); - int SSL_state(const SSL *ssl); - --void SSL_set_verify_result(SSL *ssl,long v); -+void SSL_set_verify_result(SSL *ssl, long v); - long SSL_get_verify_result(const SSL *ssl); - --int SSL_set_ex_data(SSL *ssl,int idx,void *data); --void *SSL_get_ex_data(const SSL *ssl,int idx); -+int SSL_set_ex_data(SSL *ssl, int idx, void *data); -+void *SSL_get_ex_data(const SSL *ssl, int idx); - int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - --int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); --void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); --int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); -+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); -+int SSL_SESSION_get_ex_new_index(long argl, void *argp, -+ CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); - --int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); --void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); -+int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); -+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); - int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -- --int SSL_get_ex_data_X509_STORE_CTX_idx(void ); -- --#define SSL_CTX_sess_set_cache_size(ctx,t) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) --#define SSL_CTX_sess_get_cache_size(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) --#define SSL_CTX_set_session_cache_mode(ctx,m) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) --#define SSL_CTX_get_session_cache_mode(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) -- --#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) --#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) --#define SSL_CTX_get_read_ahead(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) --#define SSL_CTX_set_read_ahead(ctx,m) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) --#define SSL_CTX_get_max_cert_list(ctx) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) --#define SSL_CTX_set_max_cert_list(ctx,m) \ -- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) --#define SSL_get_max_cert_list(ssl) \ -- SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) --#define SSL_set_max_cert_list(ssl,m) \ -- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+ -+int SSL_get_ex_data_X509_STORE_CTX_idx(void); -+ -+# define SSL_CTX_sess_set_cache_size(ctx,t) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) -+# define SSL_CTX_sess_get_cache_size(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) -+# define SSL_CTX_set_session_cache_mode(ctx,m) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) -+# define SSL_CTX_get_session_cache_mode(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) -+ -+# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) -+# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) -+# define SSL_CTX_get_read_ahead(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) -+# define SSL_CTX_set_read_ahead(ctx,m) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) -+# define SSL_CTX_get_max_cert_list(ctx) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -+# define SSL_CTX_set_max_cert_list(ctx,m) \ -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) -+# define SSL_get_max_cert_list(ssl) \ -+ SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -+# define SSL_set_max_cert_list(ssl,m) \ -+ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) - - /* NB: the keylength is only applicable when is_export is true */ --#ifndef OPENSSL_NO_RSA -+# ifndef OPENSSL_NO_RSA - void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, -- RSA *(*cb)(SSL *ssl,int is_export, -- int keylength)); -+ RSA *(*cb) (SSL *ssl, int is_export, -+ int keylength)); - - void SSL_set_tmp_rsa_callback(SSL *ssl, -- RSA *(*cb)(SSL *ssl,int is_export, -- int keylength)); --#endif --#ifndef OPENSSL_NO_DH -+ RSA *(*cb) (SSL *ssl, int is_export, -+ int keylength)); -+# endif -+# ifndef OPENSSL_NO_DH - void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, -- DH *(*dh)(SSL *ssl,int is_export, -- int keylength)); -+ DH *(*dh) (SSL *ssl, int is_export, -+ int keylength)); - void SSL_set_tmp_dh_callback(SSL *ssl, -- DH *(*dh)(SSL *ssl,int is_export, -- int keylength)); --#endif --#ifndef OPENSSL_NO_ECDH -+ DH *(*dh) (SSL *ssl, int is_export, -+ int keylength)); -+# endif -+# ifndef OPENSSL_NO_ECDH - void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, -- EC_KEY *(*ecdh)(SSL *ssl,int is_export, -- int keylength)); -+ EC_KEY *(*ecdh) (SSL *ssl, int is_export, -+ int keylength)); - void SSL_set_tmp_ecdh_callback(SSL *ssl, -- EC_KEY *(*ecdh)(SSL *ssl,int is_export, -- int keylength)); --#endif -+ EC_KEY *(*ecdh) (SSL *ssl, int is_export, -+ int keylength)); -+# endif - --#ifndef OPENSSL_NO_COMP -+# ifndef OPENSSL_NO_COMP - const COMP_METHOD *SSL_get_current_compression(SSL *s); - const COMP_METHOD *SSL_get_current_expansion(SSL *s); - const char *SSL_COMP_get_name(const COMP_METHOD *comp); - STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); --int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); --#else -+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -+# else - const void *SSL_get_current_compression(SSL *s); - const void *SSL_get_current_expansion(SSL *s); - const char *SSL_COMP_get_name(const void *comp); - void *SSL_COMP_get_compression_methods(void); --int SSL_COMP_add_compression_method(int id,void *cm); --#endif -+int SSL_COMP_add_compression_method(int id, void *cm); -+# endif - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_SSL_strings(void); -@@ -1677,458 +1782,460 @@ void ERR_load_SSL_strings(void); - /* Error codes for the SSL functions. */ - - /* Function codes. */ --#define SSL_F_CLIENT_CERTIFICATE 100 --#define SSL_F_CLIENT_FINISHED 167 --#define SSL_F_CLIENT_HELLO 101 --#define SSL_F_CLIENT_MASTER_KEY 102 --#define SSL_F_D2I_SSL_SESSION 103 --#define SSL_F_DO_DTLS1_WRITE 245 --#define SSL_F_DO_SSL3_WRITE 104 --#define SSL_F_DTLS1_ACCEPT 246 --#define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 --#define SSL_F_DTLS1_BUFFER_RECORD 247 --#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293 --#define SSL_F_DTLS1_CLIENT_HELLO 248 --#define SSL_F_DTLS1_CONNECT 249 --#define SSL_F_DTLS1_ENC 250 --#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 --#define SSL_F_DTLS1_GET_MESSAGE 252 --#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 --#define SSL_F_DTLS1_GET_RECORD 254 --#define SSL_F_DTLS1_HANDLE_TIMEOUT 282 --#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 --#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 --#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 --#define SSL_F_DTLS1_PROCESS_RECORD 257 --#define SSL_F_DTLS1_READ_BYTES 258 --#define SSL_F_DTLS1_READ_FAILED 259 --#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 --#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 --#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 --#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 --#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 --#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 --#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 --#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 --#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 --#define SSL_F_GET_CLIENT_FINISHED 105 --#define SSL_F_GET_CLIENT_HELLO 106 --#define SSL_F_GET_CLIENT_MASTER_KEY 107 --#define SSL_F_GET_SERVER_FINISHED 108 --#define SSL_F_GET_SERVER_HELLO 109 --#define SSL_F_GET_SERVER_VERIFY 110 --#define SSL_F_I2D_SSL_SESSION 111 --#define SSL_F_READ_N 112 --#define SSL_F_REQUEST_CERTIFICATE 113 --#define SSL_F_SERVER_FINISH 239 --#define SSL_F_SERVER_HELLO 114 --#define SSL_F_SERVER_VERIFY 240 --#define SSL_F_SSL23_ACCEPT 115 --#define SSL_F_SSL23_CLIENT_HELLO 116 --#define SSL_F_SSL23_CONNECT 117 --#define SSL_F_SSL23_GET_CLIENT_HELLO 118 --#define SSL_F_SSL23_GET_SERVER_HELLO 119 --#define SSL_F_SSL23_PEEK 237 --#define SSL_F_SSL23_READ 120 --#define SSL_F_SSL23_WRITE 121 --#define SSL_F_SSL2_ACCEPT 122 --#define SSL_F_SSL2_CONNECT 123 --#define SSL_F_SSL2_ENC_INIT 124 --#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 --#define SSL_F_SSL2_PEEK 234 --#define SSL_F_SSL2_READ 125 --#define SSL_F_SSL2_READ_INTERNAL 236 --#define SSL_F_SSL2_SET_CERTIFICATE 126 --#define SSL_F_SSL2_WRITE 127 --#define SSL_F_SSL3_ACCEPT 128 --#define SSL_F_SSL3_ADD_CERT_TO_BUF 281 --#define SSL_F_SSL3_CALLBACK_CTRL 233 --#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 --#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 --#define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 --#define SSL_F_SSL3_CLIENT_HELLO 131 --#define SSL_F_SSL3_CONNECT 132 --#define SSL_F_SSL3_CTRL 213 --#define SSL_F_SSL3_CTX_CTRL 133 --#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 --#define SSL_F_SSL3_ENC 134 --#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 --#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 --#define SSL_F_SSL3_GET_CERT_STATUS 288 --#define SSL_F_SSL3_GET_CERT_VERIFY 136 --#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 --#define SSL_F_SSL3_GET_CLIENT_HELLO 138 --#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 --#define SSL_F_SSL3_GET_FINISHED 140 --#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 --#define SSL_F_SSL3_GET_MESSAGE 142 --#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 --#define SSL_F_SSL3_GET_RECORD 143 --#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 --#define SSL_F_SSL3_GET_SERVER_DONE 145 --#define SSL_F_SSL3_GET_SERVER_HELLO 146 --#define SSL_F_SSL3_NEW_SESSION_TICKET 284 --#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 --#define SSL_F_SSL3_PEEK 235 --#define SSL_F_SSL3_READ_BYTES 148 --#define SSL_F_SSL3_READ_N 149 --#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 --#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 --#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 --#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 --#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 --#define SSL_F_SSL3_SEND_SERVER_HELLO 242 --#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 --#define SSL_F_SSL3_SETUP_BUFFERS 156 --#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 --#define SSL_F_SSL3_WRITE_BYTES 158 --#define SSL_F_SSL3_WRITE_PENDING 159 --#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 --#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 --#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 --#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 --#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 --#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 --#define SSL_F_SSL_BAD_METHOD 160 --#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 --#define SSL_F_SSL_CERT_DUP 221 --#define SSL_F_SSL_CERT_INST 222 --#define SSL_F_SSL_CERT_INSTANTIATE 214 --#define SSL_F_SSL_CERT_NEW 162 --#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 --#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 --#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 --#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 --#define SSL_F_SSL_CLEAR 164 --#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 --#define SSL_F_SSL_CREATE_CIPHER_LIST 166 --#define SSL_F_SSL_CTRL 232 --#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 --#define SSL_F_SSL_CTX_NEW 169 --#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 --#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 --#define SSL_F_SSL_CTX_SET_PURPOSE 226 --#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 --#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 --#define SSL_F_SSL_CTX_SET_TRUST 229 --#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 --#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 --#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 --#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 --#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 --#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 --#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 --#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 --#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 --#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 --#define SSL_F_SSL_DO_HANDSHAKE 180 --#define SSL_F_SSL_GET_NEW_SESSION 181 --#define SSL_F_SSL_GET_PREV_SESSION 217 --#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 --#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 --#define SSL_F_SSL_GET_SIGN_PKEY 183 --#define SSL_F_SSL_INIT_WBIO_BUFFER 184 --#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 --#define SSL_F_SSL_NEW 186 --#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 --#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 --#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 --#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 --#define SSL_F_SSL_PEEK 270 --#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 --#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 --#define SSL_F_SSL_READ 223 --#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 --#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 --#define SSL_F_SSL_SESSION_NEW 189 --#define SSL_F_SSL_SESSION_PRINT_FP 190 --#define SSL_F_SSL_SESS_CERT_NEW 225 --#define SSL_F_SSL_SET_CERT 191 --#define SSL_F_SSL_SET_CIPHER_LIST 271 --#define SSL_F_SSL_SET_FD 192 --#define SSL_F_SSL_SET_PKEY 193 --#define SSL_F_SSL_SET_PURPOSE 227 --#define SSL_F_SSL_SET_RFD 194 --#define SSL_F_SSL_SET_SESSION 195 --#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 --#define SSL_F_SSL_SET_TRUST 228 --#define SSL_F_SSL_SET_WFD 196 --#define SSL_F_SSL_SHUTDOWN 224 --#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 --#define SSL_F_SSL_UNDEFINED_FUNCTION 197 --#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 --#define SSL_F_SSL_USE_CERTIFICATE 198 --#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 --#define SSL_F_SSL_USE_CERTIFICATE_FILE 200 --#define SSL_F_SSL_USE_PRIVATEKEY 201 --#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 --#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 --#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 --#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 --#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 --#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 --#define SSL_F_SSL_WRITE 208 --#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 --#define SSL_F_TLS1_ENC 210 --#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 --#define SSL_F_WRITE_PENDING 212 -+# define SSL_F_CLIENT_CERTIFICATE 100 -+# define SSL_F_CLIENT_FINISHED 167 -+# define SSL_F_CLIENT_HELLO 101 -+# define SSL_F_CLIENT_MASTER_KEY 102 -+# define SSL_F_D2I_SSL_SESSION 103 -+# define SSL_F_DO_DTLS1_WRITE 245 -+# define SSL_F_DO_SSL3_WRITE 104 -+# define SSL_F_DTLS1_ACCEPT 246 -+# define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 -+# define SSL_F_DTLS1_BUFFER_RECORD 247 -+# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293 -+# define SSL_F_DTLS1_CLIENT_HELLO 248 -+# define SSL_F_DTLS1_CONNECT 249 -+# define SSL_F_DTLS1_ENC 250 -+# define SSL_F_DTLS1_GET_HELLO_VERIFY 251 -+# define SSL_F_DTLS1_GET_MESSAGE 252 -+# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 -+# define SSL_F_DTLS1_GET_RECORD 254 -+# define SSL_F_DTLS1_HANDLE_TIMEOUT 282 -+# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 -+# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 -+# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 -+# define SSL_F_DTLS1_PROCESS_RECORD 257 -+# define SSL_F_DTLS1_READ_BYTES 258 -+# define SSL_F_DTLS1_READ_FAILED 259 -+# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 -+# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 -+# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 -+# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 -+# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 -+# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 -+# define SSL_F_DTLS1_SEND_SERVER_HELLO 266 -+# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 -+# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 -+# define SSL_F_GET_CLIENT_FINISHED 105 -+# define SSL_F_GET_CLIENT_HELLO 106 -+# define SSL_F_GET_CLIENT_MASTER_KEY 107 -+# define SSL_F_GET_SERVER_FINISHED 108 -+# define SSL_F_GET_SERVER_HELLO 109 -+# define SSL_F_GET_SERVER_VERIFY 110 -+# define SSL_F_I2D_SSL_SESSION 111 -+# define SSL_F_READ_N 112 -+# define SSL_F_REQUEST_CERTIFICATE 113 -+# define SSL_F_SERVER_FINISH 239 -+# define SSL_F_SERVER_HELLO 114 -+# define SSL_F_SERVER_VERIFY 240 -+# define SSL_F_SSL23_ACCEPT 115 -+# define SSL_F_SSL23_CLIENT_HELLO 116 -+# define SSL_F_SSL23_CONNECT 117 -+# define SSL_F_SSL23_GET_CLIENT_HELLO 118 -+# define SSL_F_SSL23_GET_SERVER_HELLO 119 -+# define SSL_F_SSL23_PEEK 237 -+# define SSL_F_SSL23_READ 120 -+# define SSL_F_SSL23_WRITE 121 -+# define SSL_F_SSL2_ACCEPT 122 -+# define SSL_F_SSL2_CONNECT 123 -+# define SSL_F_SSL2_ENC_INIT 124 -+# define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 -+# define SSL_F_SSL2_PEEK 234 -+# define SSL_F_SSL2_READ 125 -+# define SSL_F_SSL2_READ_INTERNAL 236 -+# define SSL_F_SSL2_SET_CERTIFICATE 126 -+# define SSL_F_SSL2_WRITE 127 -+# define SSL_F_SSL3_ACCEPT 128 -+# define SSL_F_SSL3_ADD_CERT_TO_BUF 281 -+# define SSL_F_SSL3_CALLBACK_CTRL 233 -+# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 -+# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 -+# define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 -+# define SSL_F_SSL3_CLIENT_HELLO 131 -+# define SSL_F_SSL3_CONNECT 132 -+# define SSL_F_SSL3_CTRL 213 -+# define SSL_F_SSL3_CTX_CTRL 133 -+# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 -+# define SSL_F_SSL3_ENC 134 -+# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 -+# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 -+# define SSL_F_SSL3_GET_CERT_STATUS 288 -+# define SSL_F_SSL3_GET_CERT_VERIFY 136 -+# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 -+# define SSL_F_SSL3_GET_CLIENT_HELLO 138 -+# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 -+# define SSL_F_SSL3_GET_FINISHED 140 -+# define SSL_F_SSL3_GET_KEY_EXCHANGE 141 -+# define SSL_F_SSL3_GET_MESSAGE 142 -+# define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 -+# define SSL_F_SSL3_GET_RECORD 143 -+# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 -+# define SSL_F_SSL3_GET_SERVER_DONE 145 -+# define SSL_F_SSL3_GET_SERVER_HELLO 146 -+# define SSL_F_SSL3_NEW_SESSION_TICKET 284 -+# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 -+# define SSL_F_SSL3_PEEK 235 -+# define SSL_F_SSL3_READ_BYTES 148 -+# define SSL_F_SSL3_READ_N 149 -+# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 -+# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 -+# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 -+# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 -+# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 -+# define SSL_F_SSL3_SEND_SERVER_HELLO 242 -+# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 -+# define SSL_F_SSL3_SETUP_BUFFERS 156 -+# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 -+# define SSL_F_SSL3_WRITE_BYTES 158 -+# define SSL_F_SSL3_WRITE_PENDING 159 -+# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 -+# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 -+# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 -+# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 -+# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 -+# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 -+# define SSL_F_SSL_BAD_METHOD 160 -+# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 -+# define SSL_F_SSL_CERT_DUP 221 -+# define SSL_F_SSL_CERT_INST 222 -+# define SSL_F_SSL_CERT_INSTANTIATE 214 -+# define SSL_F_SSL_CERT_NEW 162 -+# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 -+# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 -+# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 -+# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 -+# define SSL_F_SSL_CLEAR 164 -+# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 -+# define SSL_F_SSL_CREATE_CIPHER_LIST 166 -+# define SSL_F_SSL_CTRL 232 -+# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 -+# define SSL_F_SSL_CTX_NEW 169 -+# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 -+# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 -+# define SSL_F_SSL_CTX_SET_PURPOSE 226 -+# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 -+# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 -+# define SSL_F_SSL_CTX_SET_TRUST 229 -+# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 -+# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 -+# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 -+# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 -+# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 -+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 -+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 -+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 -+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 -+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 -+# define SSL_F_SSL_DO_HANDSHAKE 180 -+# define SSL_F_SSL_GET_NEW_SESSION 181 -+# define SSL_F_SSL_GET_PREV_SESSION 217 -+# define SSL_F_SSL_GET_SERVER_SEND_CERT 182 -+# define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 -+# define SSL_F_SSL_GET_SIGN_PKEY 183 -+# define SSL_F_SSL_INIT_WBIO_BUFFER 184 -+# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 -+# define SSL_F_SSL_NEW 186 -+# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 -+# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 -+# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 -+# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 -+# define SSL_F_SSL_PEEK 270 -+# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 -+# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 -+# define SSL_F_SSL_READ 223 -+# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 -+# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 -+# define SSL_F_SSL_SESSION_NEW 189 -+# define SSL_F_SSL_SESSION_PRINT_FP 190 -+# define SSL_F_SSL_SESS_CERT_NEW 225 -+# define SSL_F_SSL_SET_CERT 191 -+# define SSL_F_SSL_SET_CIPHER_LIST 271 -+# define SSL_F_SSL_SET_FD 192 -+# define SSL_F_SSL_SET_PKEY 193 -+# define SSL_F_SSL_SET_PURPOSE 227 -+# define SSL_F_SSL_SET_RFD 194 -+# define SSL_F_SSL_SET_SESSION 195 -+# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 -+# define SSL_F_SSL_SET_TRUST 228 -+# define SSL_F_SSL_SET_WFD 196 -+# define SSL_F_SSL_SHUTDOWN 224 -+# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 -+# define SSL_F_SSL_UNDEFINED_FUNCTION 197 -+# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 -+# define SSL_F_SSL_USE_CERTIFICATE 198 -+# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 -+# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 -+# define SSL_F_SSL_USE_PRIVATEKEY 201 -+# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 -+# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 -+# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 -+# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 -+# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 -+# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 -+# define SSL_F_SSL_WRITE 208 -+# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 -+# define SSL_F_TLS1_ENC 210 -+# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 -+# define SSL_F_WRITE_PENDING 212 - - /* Reason codes. */ --#define SSL_R_APP_DATA_IN_HANDSHAKE 100 --#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 --#define SSL_R_BAD_ALERT_RECORD 101 --#define SSL_R_BAD_AUTHENTICATION_TYPE 102 --#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 --#define SSL_R_BAD_CHECKSUM 104 --#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 --#define SSL_R_BAD_DECOMPRESSION 107 --#define SSL_R_BAD_DH_G_LENGTH 108 --#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 --#define SSL_R_BAD_DH_P_LENGTH 110 --#define SSL_R_BAD_DIGEST_LENGTH 111 --#define SSL_R_BAD_DSA_SIGNATURE 112 --#define SSL_R_BAD_ECC_CERT 304 --#define SSL_R_BAD_ECDSA_SIGNATURE 305 --#define SSL_R_BAD_ECPOINT 306 --#define SSL_R_BAD_HELLO_REQUEST 105 --#define SSL_R_BAD_LENGTH 271 --#define SSL_R_BAD_MAC_DECODE 113 --#define SSL_R_BAD_MESSAGE_TYPE 114 --#define SSL_R_BAD_PACKET_LENGTH 115 --#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 --#define SSL_R_BAD_RESPONSE_ARGUMENT 117 --#define SSL_R_BAD_RSA_DECRYPT 118 --#define SSL_R_BAD_RSA_ENCRYPT 119 --#define SSL_R_BAD_RSA_E_LENGTH 120 --#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 --#define SSL_R_BAD_RSA_SIGNATURE 122 --#define SSL_R_BAD_SIGNATURE 123 --#define SSL_R_BAD_SSL_FILETYPE 124 --#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 --#define SSL_R_BAD_STATE 126 --#define SSL_R_BAD_WRITE_RETRY 127 --#define SSL_R_BIO_NOT_SET 128 --#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 --#define SSL_R_BN_LIB 130 --#define SSL_R_CA_DN_LENGTH_MISMATCH 131 --#define SSL_R_CA_DN_TOO_LONG 132 --#define SSL_R_CCS_RECEIVED_EARLY 133 --#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 --#define SSL_R_CERT_LENGTH_MISMATCH 135 --#define SSL_R_CHALLENGE_IS_DIFFERENT 136 --#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 --#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 --#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 --#define SSL_R_CLIENTHELLO_TLSEXT 157 --#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 --#define SSL_R_COMPRESSION_FAILURE 141 --#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 --#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 --#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 --#define SSL_R_CONNECTION_TYPE_NOT_SET 144 --#define SSL_R_COOKIE_MISMATCH 308 --#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 --#define SSL_R_DATA_LENGTH_TOO_LONG 146 --#define SSL_R_DECRYPTION_FAILED 147 --#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 --#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 --#define SSL_R_DIGEST_CHECK_FAILED 149 --#define SSL_R_DTLS_MESSAGE_TOO_BIG 318 --#define SSL_R_DUPLICATE_COMPRESSION_ID 309 --#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 --#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 --#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 --#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 --#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 --#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 --#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 --#define SSL_R_HTTPS_PROXY_REQUEST 155 --#define SSL_R_HTTP_REQUEST 156 --#define SSL_R_ILLEGAL_PADDING 283 --#define SSL_R_INVALID_CHALLENGE_LENGTH 158 --#define SSL_R_INVALID_COMMAND 280 --#define SSL_R_INVALID_PURPOSE 278 --#define SSL_R_INVALID_STATUS_RESPONSE 316 --#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 --#define SSL_R_INVALID_TRUST 279 --#define SSL_R_KEY_ARG_TOO_LONG 284 --#define SSL_R_KRB5 285 --#define SSL_R_KRB5_C_CC_PRINC 286 --#define SSL_R_KRB5_C_GET_CRED 287 --#define SSL_R_KRB5_C_INIT 288 --#define SSL_R_KRB5_C_MK_REQ 289 --#define SSL_R_KRB5_S_BAD_TICKET 290 --#define SSL_R_KRB5_S_INIT 291 --#define SSL_R_KRB5_S_RD_REQ 292 --#define SSL_R_KRB5_S_TKT_EXPIRED 293 --#define SSL_R_KRB5_S_TKT_NYV 294 --#define SSL_R_KRB5_S_TKT_SKEW 295 --#define SSL_R_LENGTH_MISMATCH 159 --#define SSL_R_LENGTH_TOO_SHORT 160 --#define SSL_R_LIBRARY_BUG 274 --#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 --#define SSL_R_MESSAGE_TOO_LONG 296 --#define SSL_R_MISSING_DH_DSA_CERT 162 --#define SSL_R_MISSING_DH_KEY 163 --#define SSL_R_MISSING_DH_RSA_CERT 164 --#define SSL_R_MISSING_DSA_SIGNING_CERT 165 --#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 --#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 --#define SSL_R_MISSING_RSA_CERTIFICATE 168 --#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 --#define SSL_R_MISSING_RSA_SIGNING_CERT 170 --#define SSL_R_MISSING_TMP_DH_KEY 171 --#define SSL_R_MISSING_TMP_ECDH_KEY 311 --#define SSL_R_MISSING_TMP_RSA_KEY 172 --#define SSL_R_MISSING_TMP_RSA_PKEY 173 --#define SSL_R_MISSING_VERIFY_MESSAGE 174 --#define SSL_R_MULTIPLE_SGC_RESTARTS 325 --#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 --#define SSL_R_NO_CERTIFICATES_RETURNED 176 --#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 --#define SSL_R_NO_CERTIFICATE_RETURNED 178 --#define SSL_R_NO_CERTIFICATE_SET 179 --#define SSL_R_NO_CERTIFICATE_SPECIFIED 180 --#define SSL_R_NO_CIPHERS_AVAILABLE 181 --#define SSL_R_NO_CIPHERS_PASSED 182 --#define SSL_R_NO_CIPHERS_SPECIFIED 183 --#define SSL_R_NO_CIPHER_LIST 184 --#define SSL_R_NO_CIPHER_MATCH 185 --#define SSL_R_NO_CLIENT_CERT_METHOD 317 --#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 --#define SSL_R_NO_COMPRESSION_SPECIFIED 187 --#define SSL_R_NO_METHOD_SPECIFIED 188 --#define SSL_R_NO_PRIVATEKEY 189 --#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 --#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 --#define SSL_R_NO_PUBLICKEY 192 --#define SSL_R_NO_RENEGOTIATION 319 --#define SSL_R_NO_SHARED_CIPHER 193 --#define SSL_R_NO_VERIFY_CALLBACK 194 --#define SSL_R_NULL_SSL_CTX 195 --#define SSL_R_NULL_SSL_METHOD_PASSED 196 --#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 --#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 --#define SSL_R_PACKET_LENGTH_TOO_LONG 198 --#define SSL_R_PARSE_TLSEXT 223 --#define SSL_R_PATH_TOO_LONG 270 --#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 --#define SSL_R_PEER_ERROR 200 --#define SSL_R_PEER_ERROR_CERTIFICATE 201 --#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 --#define SSL_R_PEER_ERROR_NO_CIPHER 203 --#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 --#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 --#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 --#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 --#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 --#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 --#define SSL_R_PUBLIC_KEY_NOT_RSA 210 --#define SSL_R_READ_BIO_NOT_SET 211 --#define SSL_R_READ_TIMEOUT_EXPIRED 312 --#define SSL_R_READ_WRONG_PACKET_TYPE 212 --#define SSL_R_RECORD_LENGTH_MISMATCH 213 --#define SSL_R_RECORD_TOO_LARGE 214 --#define SSL_R_RECORD_TOO_SMALL 298 --#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 --#define SSL_R_RENEGOTIATION_ENCODING_ERR 321 --#define SSL_R_RENEGOTIATION_MISMATCH 322 --#define SSL_R_REQUIRED_CIPHER_MISSING 215 --#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 --#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 --#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 --#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 --#define SSL_R_SERVERHELLO_TLSEXT 224 --#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 --#define SSL_R_SHORT_READ 219 --#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 --#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 --#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 --#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 --#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 --#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 --#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 --#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 --#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 --#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 --#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 --#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 --#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 --#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 --#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 --#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 --#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 --#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 --#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 --#define SSL_R_SSL_HANDSHAKE_FAILURE 229 --#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 --#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 --#define SSL_R_SSL_SESSION_ID_CONFLICT 302 --#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 --#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 --#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 --#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 --#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 --#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 --#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 --#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 --#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 --#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 --#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 --#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 --#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 --#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 --#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 --#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 --#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 --#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 --#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 --#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 --#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 --#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 --#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 --#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 --#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 --#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 --#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 --#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 --#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 --#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 --#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 --#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 --#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 --#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 --#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 --#define SSL_R_UNEXPECTED_MESSAGE 244 --#define SSL_R_UNEXPECTED_RECORD 245 --#define SSL_R_UNINITIALIZED 276 --#define SSL_R_UNKNOWN_ALERT_TYPE 246 --#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 --#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 --#define SSL_R_UNKNOWN_CIPHER_TYPE 249 --#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 --#define SSL_R_UNKNOWN_PKEY_TYPE 251 --#define SSL_R_UNKNOWN_PROTOCOL 252 --#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 --#define SSL_R_UNKNOWN_SSL_VERSION 254 --#define SSL_R_UNKNOWN_STATE 255 --#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 --#define SSL_R_UNSUPPORTED_CIPHER 256 --#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 --#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 --#define SSL_R_UNSUPPORTED_PROTOCOL 258 --#define SSL_R_UNSUPPORTED_SSL_VERSION 259 --#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 --#define SSL_R_WRITE_BIO_NOT_SET 260 --#define SSL_R_WRONG_CIPHER_RETURNED 261 --#define SSL_R_WRONG_MESSAGE_TYPE 262 --#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 --#define SSL_R_WRONG_SIGNATURE_LENGTH 264 --#define SSL_R_WRONG_SIGNATURE_SIZE 265 --#define SSL_R_WRONG_SSL_VERSION 266 --#define SSL_R_WRONG_VERSION_NUMBER 267 --#define SSL_R_X509_LIB 268 --#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 -+# define SSL_R_APP_DATA_IN_HANDSHAKE 100 -+# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 -+# define SSL_R_BAD_ALERT_RECORD 101 -+# define SSL_R_BAD_AUTHENTICATION_TYPE 102 -+# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 -+# define SSL_R_BAD_CHECKSUM 104 -+# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 -+# define SSL_R_BAD_DECOMPRESSION 107 -+# define SSL_R_BAD_DH_G_LENGTH 108 -+# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 -+# define SSL_R_BAD_DH_P_LENGTH 110 -+# define SSL_R_BAD_DIGEST_LENGTH 111 -+# define SSL_R_BAD_DSA_SIGNATURE 112 -+# define SSL_R_BAD_ECC_CERT 304 -+# define SSL_R_BAD_ECDSA_SIGNATURE 305 -+# define SSL_R_BAD_ECPOINT 306 -+# define SSL_R_BAD_HELLO_REQUEST 105 -+# define SSL_R_BAD_LENGTH 271 -+# define SSL_R_BAD_MAC_DECODE 113 -+# define SSL_R_BAD_MESSAGE_TYPE 114 -+# define SSL_R_BAD_PACKET_LENGTH 115 -+# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 -+# define SSL_R_BAD_RESPONSE_ARGUMENT 117 -+# define SSL_R_BAD_RSA_DECRYPT 118 -+# define SSL_R_BAD_RSA_ENCRYPT 119 -+# define SSL_R_BAD_RSA_E_LENGTH 120 -+# define SSL_R_BAD_RSA_MODULUS_LENGTH 121 -+# define SSL_R_BAD_RSA_SIGNATURE 122 -+# define SSL_R_BAD_SIGNATURE 123 -+# define SSL_R_BAD_SSL_FILETYPE 124 -+# define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 -+# define SSL_R_BAD_STATE 126 -+# define SSL_R_BAD_WRITE_RETRY 127 -+# define SSL_R_BIO_NOT_SET 128 -+# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 -+# define SSL_R_BN_LIB 130 -+# define SSL_R_CA_DN_LENGTH_MISMATCH 131 -+# define SSL_R_CA_DN_TOO_LONG 132 -+# define SSL_R_CCS_RECEIVED_EARLY 133 -+# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 -+# define SSL_R_CERT_LENGTH_MISMATCH 135 -+# define SSL_R_CHALLENGE_IS_DIFFERENT 136 -+# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 -+# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 -+# define SSL_R_CIPHER_TABLE_SRC_ERROR 139 -+# define SSL_R_CLIENTHELLO_TLSEXT 157 -+# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 -+# define SSL_R_COMPRESSION_FAILURE 141 -+# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 -+# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 -+# define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 -+# define SSL_R_CONNECTION_TYPE_NOT_SET 144 -+# define SSL_R_COOKIE_MISMATCH 308 -+# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 -+# define SSL_R_DATA_LENGTH_TOO_LONG 146 -+# define SSL_R_DECRYPTION_FAILED 147 -+# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 -+# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 -+# define SSL_R_DIGEST_CHECK_FAILED 149 -+# define SSL_R_DTLS_MESSAGE_TOO_BIG 318 -+# define SSL_R_DUPLICATE_COMPRESSION_ID 309 -+# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 -+# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -+# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 -+# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 -+# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 -+# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 -+# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 -+# define SSL_R_HTTPS_PROXY_REQUEST 155 -+# define SSL_R_HTTP_REQUEST 156 -+# define SSL_R_ILLEGAL_PADDING 283 -+# define SSL_R_INAPPROPRIATE_FALLBACK 373 -+# define SSL_R_INVALID_CHALLENGE_LENGTH 158 -+# define SSL_R_INVALID_COMMAND 280 -+# define SSL_R_INVALID_PURPOSE 278 -+# define SSL_R_INVALID_STATUS_RESPONSE 316 -+# define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 -+# define SSL_R_INVALID_TRUST 279 -+# define SSL_R_KEY_ARG_TOO_LONG 284 -+# define SSL_R_KRB5 285 -+# define SSL_R_KRB5_C_CC_PRINC 286 -+# define SSL_R_KRB5_C_GET_CRED 287 -+# define SSL_R_KRB5_C_INIT 288 -+# define SSL_R_KRB5_C_MK_REQ 289 -+# define SSL_R_KRB5_S_BAD_TICKET 290 -+# define SSL_R_KRB5_S_INIT 291 -+# define SSL_R_KRB5_S_RD_REQ 292 -+# define SSL_R_KRB5_S_TKT_EXPIRED 293 -+# define SSL_R_KRB5_S_TKT_NYV 294 -+# define SSL_R_KRB5_S_TKT_SKEW 295 -+# define SSL_R_LENGTH_MISMATCH 159 -+# define SSL_R_LENGTH_TOO_SHORT 160 -+# define SSL_R_LIBRARY_BUG 274 -+# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -+# define SSL_R_MESSAGE_TOO_LONG 296 -+# define SSL_R_MISSING_DH_DSA_CERT 162 -+# define SSL_R_MISSING_DH_KEY 163 -+# define SSL_R_MISSING_DH_RSA_CERT 164 -+# define SSL_R_MISSING_DSA_SIGNING_CERT 165 -+# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 -+# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 -+# define SSL_R_MISSING_RSA_CERTIFICATE 168 -+# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 -+# define SSL_R_MISSING_RSA_SIGNING_CERT 170 -+# define SSL_R_MISSING_TMP_DH_KEY 171 -+# define SSL_R_MISSING_TMP_ECDH_KEY 311 -+# define SSL_R_MISSING_TMP_RSA_KEY 172 -+# define SSL_R_MISSING_TMP_RSA_PKEY 173 -+# define SSL_R_MISSING_VERIFY_MESSAGE 174 -+# define SSL_R_MULTIPLE_SGC_RESTARTS 325 -+# define SSL_R_NON_SSLV2_INITIAL_PACKET 175 -+# define SSL_R_NO_CERTIFICATES_RETURNED 176 -+# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 -+# define SSL_R_NO_CERTIFICATE_RETURNED 178 -+# define SSL_R_NO_CERTIFICATE_SET 179 -+# define SSL_R_NO_CERTIFICATE_SPECIFIED 180 -+# define SSL_R_NO_CIPHERS_AVAILABLE 181 -+# define SSL_R_NO_CIPHERS_PASSED 182 -+# define SSL_R_NO_CIPHERS_SPECIFIED 183 -+# define SSL_R_NO_CIPHER_LIST 184 -+# define SSL_R_NO_CIPHER_MATCH 185 -+# define SSL_R_NO_CLIENT_CERT_METHOD 317 -+# define SSL_R_NO_CLIENT_CERT_RECEIVED 186 -+# define SSL_R_NO_COMPRESSION_SPECIFIED 187 -+# define SSL_R_NO_METHOD_SPECIFIED 188 -+# define SSL_R_NO_PRIVATEKEY 189 -+# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 -+# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 -+# define SSL_R_NO_PUBLICKEY 192 -+# define SSL_R_NO_RENEGOTIATION 319 -+# define SSL_R_NO_SHARED_CIPHER 193 -+# define SSL_R_NO_VERIFY_CALLBACK 194 -+# define SSL_R_NULL_SSL_CTX 195 -+# define SSL_R_NULL_SSL_METHOD_PASSED 196 -+# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 -+# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 -+# define SSL_R_PACKET_LENGTH_TOO_LONG 198 -+# define SSL_R_PARSE_TLSEXT 223 -+# define SSL_R_PATH_TOO_LONG 270 -+# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 -+# define SSL_R_PEER_ERROR 200 -+# define SSL_R_PEER_ERROR_CERTIFICATE 201 -+# define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 -+# define SSL_R_PEER_ERROR_NO_CIPHER 203 -+# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 -+# define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 -+# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 -+# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 -+# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 -+# define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 -+# define SSL_R_PUBLIC_KEY_NOT_RSA 210 -+# define SSL_R_READ_BIO_NOT_SET 211 -+# define SSL_R_READ_TIMEOUT_EXPIRED 312 -+# define SSL_R_READ_WRONG_PACKET_TYPE 212 -+# define SSL_R_RECORD_LENGTH_MISMATCH 213 -+# define SSL_R_RECORD_TOO_LARGE 214 -+# define SSL_R_RECORD_TOO_SMALL 298 -+# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 -+# define SSL_R_RENEGOTIATION_ENCODING_ERR 321 -+# define SSL_R_RENEGOTIATION_MISMATCH 322 -+# define SSL_R_REQUIRED_CIPHER_MISSING 215 -+# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 -+# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 -+# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 -+# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 -+# define SSL_R_SERVERHELLO_TLSEXT 224 -+# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 -+# define SSL_R_SHORT_READ 219 -+# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 -+# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 -+# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 -+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 -+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 -+# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 -+# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 -+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 -+# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 -+# define SSL_R_SSL_HANDSHAKE_FAILURE 229 -+# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 -+# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 -+# define SSL_R_SSL_SESSION_ID_CONFLICT 302 -+# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 -+# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 -+# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 -+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 -+# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 -+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 -+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 -+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 -+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 -+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 -+# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -+# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -+# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 -+# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 -+# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 -+# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 -+# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 -+# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 -+# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 -+# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 -+# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 -+# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 -+# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 -+# define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 -+# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 -+# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 -+# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 -+# define SSL_R_UNEXPECTED_MESSAGE 244 -+# define SSL_R_UNEXPECTED_RECORD 245 -+# define SSL_R_UNINITIALIZED 276 -+# define SSL_R_UNKNOWN_ALERT_TYPE 246 -+# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 -+# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 -+# define SSL_R_UNKNOWN_CIPHER_TYPE 249 -+# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 -+# define SSL_R_UNKNOWN_PKEY_TYPE 251 -+# define SSL_R_UNKNOWN_PROTOCOL 252 -+# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 -+# define SSL_R_UNKNOWN_SSL_VERSION 254 -+# define SSL_R_UNKNOWN_STATE 255 -+# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 -+# define SSL_R_UNSUPPORTED_CIPHER 256 -+# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 -+# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 -+# define SSL_R_UNSUPPORTED_PROTOCOL 258 -+# define SSL_R_UNSUPPORTED_SSL_VERSION 259 -+# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 -+# define SSL_R_WRITE_BIO_NOT_SET 260 -+# define SSL_R_WRONG_CIPHER_RETURNED 261 -+# define SSL_R_WRONG_MESSAGE_TYPE 262 -+# define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 -+# define SSL_R_WRONG_SIGNATURE_LENGTH 264 -+# define SSL_R_WRONG_SIGNATURE_SIZE 265 -+# define SSL_R_WRONG_SSL_VERSION 266 -+# define SSL_R_WRONG_VERSION_NUMBER 267 -+# define SSL_R_X509_LIB 268 -+# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ssl2.h b/Cryptlib/Include/openssl/ssl2.h -index 99a52ea..d399676 100644 ---- a/Cryptlib/Include/openssl/ssl2.h -+++ b/Cryptlib/Include/openssl/ssl2.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,220 +49,213 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --#ifndef HEADER_SSL2_H --#define HEADER_SSL2_H -+#ifndef HEADER_SSL2_H -+# define HEADER_SSL2_H - - #ifdef __cplusplus - extern "C" { - #endif - - /* Protocol Version Codes */ --#define SSL2_VERSION 0x0002 --#define SSL2_VERSION_MAJOR 0x00 --#define SSL2_VERSION_MINOR 0x02 --/* #define SSL2_CLIENT_VERSION 0x0002 */ --/* #define SSL2_SERVER_VERSION 0x0002 */ -+# define SSL2_VERSION 0x0002 -+# define SSL2_VERSION_MAJOR 0x00 -+# define SSL2_VERSION_MINOR 0x02 -+/* #define SSL2_CLIENT_VERSION 0x0002 */ -+/* #define SSL2_SERVER_VERSION 0x0002 */ - - /* Protocol Message Codes */ --#define SSL2_MT_ERROR 0 --#define SSL2_MT_CLIENT_HELLO 1 --#define SSL2_MT_CLIENT_MASTER_KEY 2 --#define SSL2_MT_CLIENT_FINISHED 3 --#define SSL2_MT_SERVER_HELLO 4 --#define SSL2_MT_SERVER_VERIFY 5 --#define SSL2_MT_SERVER_FINISHED 6 --#define SSL2_MT_REQUEST_CERTIFICATE 7 --#define SSL2_MT_CLIENT_CERTIFICATE 8 -+# define SSL2_MT_ERROR 0 -+# define SSL2_MT_CLIENT_HELLO 1 -+# define SSL2_MT_CLIENT_MASTER_KEY 2 -+# define SSL2_MT_CLIENT_FINISHED 3 -+# define SSL2_MT_SERVER_HELLO 4 -+# define SSL2_MT_SERVER_VERIFY 5 -+# define SSL2_MT_SERVER_FINISHED 6 -+# define SSL2_MT_REQUEST_CERTIFICATE 7 -+# define SSL2_MT_CLIENT_CERTIFICATE 8 - - /* Error Message Codes */ --#define SSL2_PE_UNDEFINED_ERROR 0x0000 --#define SSL2_PE_NO_CIPHER 0x0001 --#define SSL2_PE_NO_CERTIFICATE 0x0002 --#define SSL2_PE_BAD_CERTIFICATE 0x0004 --#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 -+# define SSL2_PE_UNDEFINED_ERROR 0x0000 -+# define SSL2_PE_NO_CIPHER 0x0001 -+# define SSL2_PE_NO_CERTIFICATE 0x0002 -+# define SSL2_PE_BAD_CERTIFICATE 0x0004 -+# define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 - - /* Cipher Kind Values */ --#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */ --#define SSL2_CK_RC4_128_WITH_MD5 0x02010080 --#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 --#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 --#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 --#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 --#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 --#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */ --#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 --#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */ --#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */ -- --#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */ --#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */ -+# define SSL2_CK_NULL_WITH_MD5 0x02000000/* v3 */ -+# define SSL2_CK_RC4_128_WITH_MD5 0x02010080 -+# define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 -+# define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 -+# define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 -+# define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 -+# define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 -+# define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140/* v3 */ -+# define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 -+# define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0/* v3 */ -+# define SSL2_CK_RC4_64_WITH_MD5 0x02080080/* MS hack */ - --#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" --#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" --#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" --#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" --#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" --#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" --#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" --#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" --#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" --#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" --#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" --#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" -+# define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800/* SSLeay */ -+# define SSL2_CK_NULL 0x02ff0810/* SSLeay */ - --#define SSL2_TXT_NULL "NULL" -+# define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" -+# define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" -+# define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" -+# define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" -+# define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" -+# define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" -+# define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" -+# define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" -+# define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" -+# define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" -+# define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" -+# define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" -+ -+# define SSL2_TXT_NULL "NULL" - - /* Flags for the SSL_CIPHER.algorithm2 field */ --#define SSL2_CF_5_BYTE_ENC 0x01 --#define SSL2_CF_8_BYTE_ENC 0x02 -+# define SSL2_CF_5_BYTE_ENC 0x01 -+# define SSL2_CF_8_BYTE_ENC 0x02 - - /* Certificate Type Codes */ --#define SSL2_CT_X509_CERTIFICATE 0x01 -+# define SSL2_CT_X509_CERTIFICATE 0x01 - - /* Authentication Type Code */ --#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 -+# define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 - --#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 -+# define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 - - /* Upper/Lower Bounds */ --#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 --#ifdef OPENSSL_SYS_MPE --#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u --#else --#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */ --#endif --#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */ -- --#define SSL2_CHALLENGE_LENGTH 16 --/*#define SSL2_CHALLENGE_LENGTH 32 */ --#define SSL2_MIN_CHALLENGE_LENGTH 16 --#define SSL2_MAX_CHALLENGE_LENGTH 32 --#define SSL2_CONNECTION_ID_LENGTH 16 --#define SSL2_MAX_CONNECTION_ID_LENGTH 16 --#define SSL2_SSL_SESSION_ID_LENGTH 16 --#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 --#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 --#define SSL2_MAX_KEY_MATERIAL_LENGTH 24 -- --#ifndef HEADER_SSL_LOCL_H --#define CERT char --#endif -+# define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 -+# ifdef OPENSSL_SYS_MPE -+# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u -+# else -+# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u -+ /* 2^15-1 */ -+# endif -+# define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383/* 2^14-1 */ - --typedef struct ssl2_state_st -- { -- int three_byte_header; -- int clear_text; /* clear text */ -- int escape; /* not used in SSLv2 */ -- int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ -- -- /* non-blocking io info, used to make sure the same -- * args were passwd */ -- unsigned int wnum; /* number of bytes sent so far */ -- int wpend_tot; -- const unsigned char *wpend_buf; -- -- int wpend_off; /* offset to data to write */ -- int wpend_len; /* number of bytes passwd to write */ -- int wpend_ret; /* number of bytes to return to caller */ -- -- /* buffer raw data */ -- int rbuf_left; -- int rbuf_offs; -- unsigned char *rbuf; -- unsigned char *wbuf; -- -- unsigned char *write_ptr;/* used to point to the start due to -- * 2/3 byte header. */ -- -- unsigned int padding; -- unsigned int rlength; /* passed to ssl2_enc */ -- int ract_data_length; /* Set when things are encrypted. */ -- unsigned int wlength; /* passed to ssl2_enc */ -- int wact_data_length; /* Set when things are decrypted. */ -- unsigned char *ract_data; -- unsigned char *wact_data; -- unsigned char *mac_data; -- -- unsigned char *read_key; -- unsigned char *write_key; -- -- /* Stuff specifically to do with this SSL session */ -- unsigned int challenge_length; -- unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; -- unsigned int conn_id_length; -- unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; -- unsigned int key_material_length; -- unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2]; -+# define SSL2_CHALLENGE_LENGTH 16 -+/* -+ * #define SSL2_CHALLENGE_LENGTH 32 -+ */ -+# define SSL2_MIN_CHALLENGE_LENGTH 16 -+# define SSL2_MAX_CHALLENGE_LENGTH 32 -+# define SSL2_CONNECTION_ID_LENGTH 16 -+# define SSL2_MAX_CONNECTION_ID_LENGTH 16 -+# define SSL2_SSL_SESSION_ID_LENGTH 16 -+# define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 -+# define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 -+# define SSL2_MAX_KEY_MATERIAL_LENGTH 24 - -- unsigned long read_sequence; -- unsigned long write_sequence; -+# ifndef HEADER_SSL_LOCL_H -+# define CERT char -+# endif - -- struct { -- unsigned int conn_id_length; -- unsigned int cert_type; -- unsigned int cert_length; -- unsigned int csl; -- unsigned int clear; -- unsigned int enc; -- unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; -- unsigned int cipher_spec_length; -- unsigned int session_id_length; -- unsigned int clen; -- unsigned int rlen; -- } tmp; -- } SSL2_STATE; -+typedef struct ssl2_state_st { -+ int three_byte_header; -+ int clear_text; /* clear text */ -+ int escape; /* not used in SSLv2 */ -+ int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ -+ /* -+ * non-blocking io info, used to make sure the same args were passwd -+ */ -+ unsigned int wnum; /* number of bytes sent so far */ -+ int wpend_tot; -+ const unsigned char *wpend_buf; -+ int wpend_off; /* offset to data to write */ -+ int wpend_len; /* number of bytes passwd to write */ -+ int wpend_ret; /* number of bytes to return to caller */ -+ /* buffer raw data */ -+ int rbuf_left; -+ int rbuf_offs; -+ unsigned char *rbuf; -+ unsigned char *wbuf; -+ unsigned char *write_ptr; /* used to point to the start due to 2/3 byte -+ * header. */ -+ unsigned int padding; -+ unsigned int rlength; /* passed to ssl2_enc */ -+ int ract_data_length; /* Set when things are encrypted. */ -+ unsigned int wlength; /* passed to ssl2_enc */ -+ int wact_data_length; /* Set when things are decrypted. */ -+ unsigned char *ract_data; -+ unsigned char *wact_data; -+ unsigned char *mac_data; -+ unsigned char *read_key; -+ unsigned char *write_key; -+ /* Stuff specifically to do with this SSL session */ -+ unsigned int challenge_length; -+ unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; -+ unsigned int conn_id_length; -+ unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; -+ unsigned int key_material_length; -+ unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2]; -+ unsigned long read_sequence; -+ unsigned long write_sequence; -+ struct { -+ unsigned int conn_id_length; -+ unsigned int cert_type; -+ unsigned int cert_length; -+ unsigned int csl; -+ unsigned int clear; -+ unsigned int enc; -+ unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; -+ unsigned int cipher_spec_length; -+ unsigned int session_id_length; -+ unsigned int clen; -+ unsigned int rlen; -+ } tmp; -+} SSL2_STATE; - - /* SSLv2 */ - /* client */ --#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) --#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) --#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) --#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) --#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) --#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) --#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) --#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) --#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) --#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) -+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) -+# define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) -+# define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) -+# define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) - /* server */ --#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) --#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) --#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) --#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) --#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) --#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) --#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) --#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) --#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) --#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) -+# define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) -+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) -+# define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) -+# define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) - - #ifdef __cplusplus - } - #endif - #endif -- -diff --git a/Cryptlib/Include/openssl/ssl23.h b/Cryptlib/Include/openssl/ssl23.h -index d322898..9de4685 100644 ---- a/Cryptlib/Include/openssl/ssl23.h -+++ b/Cryptlib/Include/openssl/ssl23.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,35 +49,36 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --#ifndef HEADER_SSL23_H --#define HEADER_SSL23_H -+#ifndef HEADER_SSL23_H -+# define HEADER_SSL23_H - - #ifdef __cplusplus - extern "C" { - #endif - --/*client */ -+/* -+ * client -+ */ - /* write to server */ --#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) --#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) -+# define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) -+# define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) - /* read from server */ --#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) --#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) -+# define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) -+# define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) - - /* server */ - /* read from client */ --#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) --#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) -+# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) -+# define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) - - #ifdef __cplusplus - } - #endif - #endif -- -diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h -index de5e559..761a0e2 100644 ---- a/Cryptlib/Include/openssl/ssl3.h -+++ b/Cryptlib/Include/openssl/ssl3.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -110,486 +110,506 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECC cipher suite support in OpenSSL originally developed by -+ * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - --#ifndef HEADER_SSL3_H --#define HEADER_SSL3_H -+#ifndef HEADER_SSL3_H -+# define HEADER_SSL3_H - --#ifndef OPENSSL_NO_COMP --#include --#endif --#include --#include --#include --#include -+# ifndef OPENSSL_NO_COMP -+# include -+# endif -+# include -+# include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ --#define SSL3_CK_SCSV 0x030000FF -- --#define SSL3_CK_RSA_NULL_MD5 0x03000001 --#define SSL3_CK_RSA_NULL_SHA 0x03000002 --#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 --#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 --#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 --#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 --#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 --#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 --#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 --#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A -- --#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B --#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C --#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D --#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E --#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F --#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 -- --#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 --#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 --#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 --#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 --#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 --#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 -- --#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 --#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 --#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 --#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A --#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -- --#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C --#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D --#if 0 /* Because it clashes with KRB5, is never used any more, and is safe -- to remove according to David Hopwood -- of the ietf-tls list */ --#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E --#endif -+/* -+ * Signalling cipher suite value from RFC 5746 -+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) -+ */ -+# define SSL3_CK_SCSV 0x030000FF - --/* VRS Additional Kerberos5 entries -+/* -+ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 -+ * (TLS_FALLBACK_SCSV) -+ */ -+# define SSL3_CK_FALLBACK_SCSV 0x03005600 -+ -+# define SSL3_CK_RSA_NULL_MD5 0x03000001 -+# define SSL3_CK_RSA_NULL_SHA 0x03000002 -+# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 -+# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 -+# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 -+# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 -+# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 -+# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 -+# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 -+# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A -+ -+# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B -+# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C -+# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D -+# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E -+# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F -+# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 -+ -+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 -+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 -+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 -+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 -+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 -+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 -+ -+# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 -+# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 -+# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 -+# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A -+# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -+ -+# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C -+# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D -+# if 0 /* Because it clashes with KRB5, is never -+ * used any more, and is safe to remove -+ * according to David Hopwood -+ * of the -+ * ietf-tls list */ -+# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E -+# endif -+ -+/* -+ * VRS Additional Kerberos5 entries - */ --#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E --#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F --#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 --#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 --#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 --#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 --#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 --#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 -- --#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 --#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 --#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 --#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 --#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A --#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B -- --#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" --#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" --#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" --#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" --#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" --#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" --#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" --#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" --#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" --#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" -- --#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" --#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" --#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" --#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" --#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" --#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" -- --#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" --#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" --#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" --#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" --#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" --#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" -- --#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" --#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" --#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" --#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" --#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -- --#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" --#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" --#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" -- --#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" --#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" --#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" --#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" --#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" --#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" --#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" --#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" -- --#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" --#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" --#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" --#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" --#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" --#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" -- --#define SSL3_SSL_SESSION_ID_LENGTH 32 --#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 -- --#define SSL3_MASTER_SECRET_SIZE 48 --#define SSL3_RANDOM_SIZE 32 --#define SSL3_SESSION_ID_SIZE 32 --#define SSL3_RT_HEADER_LENGTH 5 -+# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E -+# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F -+# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 -+# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 -+# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 -+# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 -+# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 -+# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 -+ -+# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 -+# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 -+# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 -+# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 -+# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A -+# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B -+ -+# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" -+# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" -+# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" -+# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" -+# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" -+# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" -+# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" -+# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" -+# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" -+# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" -+ -+# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" -+# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" -+# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" -+# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" -+# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" -+# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" -+ -+# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" -+# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" -+# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" -+# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" -+# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" -+# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" -+ -+# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" -+# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" -+# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" -+# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" -+# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -+ -+# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" -+# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" -+# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" -+ -+# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" -+# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" -+# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" -+# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" -+# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -+# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" -+# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -+# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" -+ -+# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" -+# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" -+# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" -+# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" -+# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" -+# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" -+ -+# define SSL3_SSL_SESSION_ID_LENGTH 32 -+# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 -+ -+# define SSL3_MASTER_SECRET_SIZE 48 -+# define SSL3_RANDOM_SIZE 32 -+# define SSL3_SESSION_ID_SIZE 32 -+# define SSL3_RT_HEADER_LENGTH 5 - - /* Due to MS stuffing up, this can change.... */ --#if defined(OPENSSL_SYS_WIN16) || \ -- (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) --#define SSL3_RT_MAX_EXTRA (14000) --#else --#define SSL3_RT_MAX_EXTRA (16384) --#endif -- --#define SSL3_RT_MAX_PLAIN_LENGTH 16384 --#ifdef OPENSSL_NO_COMP --#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH --#else --#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) --#endif --#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) --#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) --#define SSL3_RT_MAX_DATA_SIZE (1024*1024) -- --#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" --#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" -- --#define SSL3_VERSION 0x0300 --#define SSL3_VERSION_MAJOR 0x03 --#define SSL3_VERSION_MINOR 0x00 -- --#define SSL3_RT_CHANGE_CIPHER_SPEC 20 --#define SSL3_RT_ALERT 21 --#define SSL3_RT_HANDSHAKE 22 --#define SSL3_RT_APPLICATION_DATA 23 -- --#define SSL3_AL_WARNING 1 --#define SSL3_AL_FATAL 2 -- --#define SSL3_AD_CLOSE_NOTIFY 0 --#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ --#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ --#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ --#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ --#define SSL3_AD_NO_CERTIFICATE 41 --#define SSL3_AD_BAD_CERTIFICATE 42 --#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 --#define SSL3_AD_CERTIFICATE_REVOKED 44 --#define SSL3_AD_CERTIFICATE_EXPIRED 45 --#define SSL3_AD_CERTIFICATE_UNKNOWN 46 --#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ -- --typedef struct ssl3_record_st -- { --/*r */ int type; /* type of record */ --/*rw*/ unsigned int length; /* How many bytes available */ --/*r */ unsigned int off; /* read/write offset into 'buf' */ --/*rw*/ unsigned char *data; /* pointer to the record data */ --/*rw*/ unsigned char *input; /* where the decode bytes are */ --/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ --/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ --/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ -- } SSL3_RECORD; -- --typedef struct ssl3_buffer_st -- { -- unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, -- * see ssl3_setup_buffers() */ -- size_t len; /* buffer size */ -- int offset; /* where to 'copy from' */ -- int left; /* how many bytes left */ -- } SSL3_BUFFER; -- --#define SSL3_CT_RSA_SIGN 1 --#define SSL3_CT_DSS_SIGN 2 --#define SSL3_CT_RSA_FIXED_DH 3 --#define SSL3_CT_DSS_FIXED_DH 4 --#define SSL3_CT_RSA_EPHEMERAL_DH 5 --#define SSL3_CT_DSS_EPHEMERAL_DH 6 --#define SSL3_CT_FORTEZZA_DMS 20 --/* SSL3_CT_NUMBER is used to size arrays and it must be large -- * enough to contain all of the cert types defined either for -- * SSLv3 and TLSv1. -+# if defined(OPENSSL_SYS_WIN16) || \ -+ (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) -+# define SSL3_RT_MAX_EXTRA (14000) -+# else -+# define SSL3_RT_MAX_EXTRA (16384) -+# endif -+ -+# define SSL3_RT_MAX_PLAIN_LENGTH 16384 -+# ifdef OPENSSL_NO_COMP -+# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH -+# else -+# define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) -+# endif -+# define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) -+# define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) -+# define SSL3_RT_MAX_DATA_SIZE (1024*1024) -+ -+# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" -+# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" -+ -+# define SSL3_VERSION 0x0300 -+# define SSL3_VERSION_MAJOR 0x03 -+# define SSL3_VERSION_MINOR 0x00 -+ -+# define SSL3_RT_CHANGE_CIPHER_SPEC 20 -+# define SSL3_RT_ALERT 21 -+# define SSL3_RT_HANDSHAKE 22 -+# define SSL3_RT_APPLICATION_DATA 23 -+ -+# define SSL3_AL_WARNING 1 -+# define SSL3_AL_FATAL 2 -+ -+# define SSL3_AD_CLOSE_NOTIFY 0 -+# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ -+# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ -+# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ -+# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ -+# define SSL3_AD_NO_CERTIFICATE 41 -+# define SSL3_AD_BAD_CERTIFICATE 42 -+# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 -+# define SSL3_AD_CERTIFICATE_REVOKED 44 -+# define SSL3_AD_CERTIFICATE_EXPIRED 45 -+# define SSL3_AD_CERTIFICATE_UNKNOWN 46 -+# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ -+ -+typedef struct ssl3_record_st { -+ /* type of record */ -+ /* -+ * r -+ */ int type; -+ /* How many bytes available */ -+ /* -+ * rw -+ */ unsigned int length; -+ /* read/write offset into 'buf' */ -+ /* -+ * r -+ */ unsigned int off; -+ /* pointer to the record data */ -+ /* -+ * rw -+ */ unsigned char *data; -+ /* where the decode bytes are */ -+ /* -+ * rw -+ */ unsigned char *input; -+ /* only used with decompression - malloc()ed */ -+ /* -+ * r -+ */ unsigned char *comp; -+ /* epoch number, needed by DTLS1 */ -+ /* -+ * r -+ */ unsigned long epoch; -+ /* sequence number, needed by DTLS1 */ -+ /* -+ * r -+ */ PQ_64BIT seq_num; -+} SSL3_RECORD; -+ -+typedef struct ssl3_buffer_st { -+ /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ -+ unsigned char *buf; -+ /* buffer size */ -+ size_t len; -+ /* where to 'copy from' */ -+ int offset; -+ /* how many bytes left */ -+ int left; -+} SSL3_BUFFER; -+ -+# define SSL3_CT_RSA_SIGN 1 -+# define SSL3_CT_DSS_SIGN 2 -+# define SSL3_CT_RSA_FIXED_DH 3 -+# define SSL3_CT_DSS_FIXED_DH 4 -+# define SSL3_CT_RSA_EPHEMERAL_DH 5 -+# define SSL3_CT_DSS_EPHEMERAL_DH 6 -+# define SSL3_CT_FORTEZZA_DMS 20 -+/* -+ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to -+ * contain all of the cert types defined either for SSLv3 and TLSv1. - */ --#define SSL3_CT_NUMBER 7 -- -- --#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 --#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 --#define SSL3_FLAGS_POP_BUFFER 0x0004 --#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 --#define SSL3_FLAGS_CCS_OK 0x0080 -- --/* SSL3_FLAGS_SGC_RESTART_DONE is set when we -- * restart a handshake because of MS SGC and so prevents us -- * from restarting the handshake in a loop. It's reset on a -- * renegotiation, so effectively limits the client to one restart -- * per negotiation. This limits the possibility of a DDoS -- * attack where the client handshakes in a loop using SGC to -- * restart. Servers which permit renegotiation can still be -- * effected, but we can't prevent that. -+# define SSL3_CT_NUMBER 7 -+ -+# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -+# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -+# define SSL3_FLAGS_POP_BUFFER 0x0004 -+# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 -+# define SSL3_FLAGS_CCS_OK 0x0080 -+ -+/* -+ * SSL3_FLAGS_SGC_RESTART_DONE is set when we restart a handshake because of -+ * MS SGC and so prevents us from restarting the handshake in a loop. It's -+ * reset on a renegotiation, so effectively limits the client to one restart -+ * per negotiation. This limits the possibility of a DDoS attack where the -+ * client handshakes in a loop using SGC to restart. Servers which permit -+ * renegotiation can still be effected, but we can't prevent that. - */ --#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 -- --typedef struct ssl3_state_st -- { -- long flags; -- int delay_buf_pop_ret; -- -- unsigned char read_sequence[8]; -- unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; -- unsigned char write_sequence[8]; -- unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; -- -- unsigned char server_random[SSL3_RANDOM_SIZE]; -- unsigned char client_random[SSL3_RANDOM_SIZE]; -- -- /* flags for countermeasure against known-IV weakness */ -- int need_empty_fragments; -- int empty_fragment_done; -- -- SSL3_BUFFER rbuf; /* read IO goes into here */ -- SSL3_BUFFER wbuf; /* write IO goes into here */ -- -- SSL3_RECORD rrec; /* each decoded record goes in here */ -- SSL3_RECORD wrec; /* goes out from here */ -- -- /* storage for Alert/Handshake protocol data received but not -- * yet processed by ssl3_read_bytes: */ -- unsigned char alert_fragment[2]; -- unsigned int alert_fragment_len; -- unsigned char handshake_fragment[4]; -- unsigned int handshake_fragment_len; -- -- /* partial write - check the numbers match */ -- unsigned int wnum; /* number of bytes sent so far */ -- int wpend_tot; /* number bytes written */ -- int wpend_type; -- int wpend_ret; /* number of bytes submitted */ -- const unsigned char *wpend_buf; -- -- /* used during startup, digest all incoming/outgoing packets */ -- EVP_MD_CTX finish_dgst1; -- EVP_MD_CTX finish_dgst2; -- -- /* this is set whenerver we see a change_cipher_spec message -- * come in when we are not looking for one */ -- int change_cipher_spec; -- -- int warn_alert; -- int fatal_alert; -- /* we allow one fatal and one warning alert to be outstanding, -- * send close alert via the warning alert */ -- int alert_dispatch; -- unsigned char send_alert[2]; -- -- /* This flag is set when we should renegotiate ASAP, basically when -- * there is no more data in the read or write buffers */ -- int renegotiate; -- int total_renegotiations; -- int num_renegotiations; -- -- int in_read_app_data; -- -- struct { -- /* actually only needs to be 16+20 */ -- unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; -- -- /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ -- unsigned char finish_md[EVP_MAX_MD_SIZE*2]; -- int finish_md_len; -- unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; -- int peer_finish_md_len; -- -- unsigned long message_size; -- int message_type; -- -- /* used to hold the new cipher we are going to use */ -- SSL_CIPHER *new_cipher; --#ifndef OPENSSL_NO_DH -- DH *dh; --#endif -- --#ifndef OPENSSL_NO_ECDH -- EC_KEY *ecdh; /* holds short lived ECDH key */ --#endif -- -- /* used when SSL_ST_FLUSH_DATA is entered */ -- int next_state; -- -- int reuse_message; -- -- /* used for certificate requests */ -- int cert_req; -- int ctype_num; -- char ctype[SSL3_CT_NUMBER]; -- STACK_OF(X509_NAME) *ca_names; -- -- int use_rsa_tmp; -- -- int key_block_length; -- unsigned char *key_block; -- -- const EVP_CIPHER *new_sym_enc; -- const EVP_MD *new_hash; --#ifndef OPENSSL_NO_COMP -- const SSL_COMP *new_compression; --#else -- char *new_compression; --#endif -- int cert_request; -- } tmp; -- -- /* Connection binding to prevent renegotiation attacks */ -- unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; -- unsigned char previous_client_finished_len; -- unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; -- unsigned char previous_server_finished_len; -- int send_connection_binding; /* TODOEKR */ -- --#ifndef OPENSSL_NO_TLSEXT --#ifndef OPENSSL_NO_EC -- /* This is set to true if we believe that this is a version of Safari -- * running on OS X 10.6 or newer. We wish to know this because Safari -- * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ -- char is_probably_safari; --#endif /* !OPENSSL_NO_EC */ --#endif /* !OPENSSL_NO_TLSEXT */ -- } SSL3_STATE; -- -+# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 -+ -+typedef struct ssl3_state_st { -+ long flags; -+ int delay_buf_pop_ret; -+ unsigned char read_sequence[8]; -+ unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; -+ unsigned char write_sequence[8]; -+ unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; -+ unsigned char server_random[SSL3_RANDOM_SIZE]; -+ unsigned char client_random[SSL3_RANDOM_SIZE]; -+ /* flags for countermeasure against known-IV weakness */ -+ int need_empty_fragments; -+ int empty_fragment_done; -+ SSL3_BUFFER rbuf; /* read IO goes into here */ -+ SSL3_BUFFER wbuf; /* write IO goes into here */ -+ SSL3_RECORD rrec; /* each decoded record goes in here */ -+ SSL3_RECORD wrec; /* goes out from here */ -+ /* -+ * storage for Alert/Handshake protocol data received but not yet -+ * processed by ssl3_read_bytes: -+ */ -+ unsigned char alert_fragment[2]; -+ unsigned int alert_fragment_len; -+ unsigned char handshake_fragment[4]; -+ unsigned int handshake_fragment_len; -+ /* partial write - check the numbers match */ -+ unsigned int wnum; /* number of bytes sent so far */ -+ int wpend_tot; /* number bytes written */ -+ int wpend_type; -+ int wpend_ret; /* number of bytes submitted */ -+ const unsigned char *wpend_buf; -+ /* used during startup, digest all incoming/outgoing packets */ -+ EVP_MD_CTX finish_dgst1; -+ EVP_MD_CTX finish_dgst2; -+ /* -+ * this is set whenerver we see a change_cipher_spec message come in when -+ * we are not looking for one -+ */ -+ int change_cipher_spec; -+ int warn_alert; -+ int fatal_alert; -+ /* -+ * we allow one fatal and one warning alert to be outstanding, send close -+ * alert via the warning alert -+ */ -+ int alert_dispatch; -+ unsigned char send_alert[2]; -+ /* -+ * This flag is set when we should renegotiate ASAP, basically when there -+ * is no more data in the read or write buffers -+ */ -+ int renegotiate; -+ int total_renegotiations; -+ int num_renegotiations; -+ int in_read_app_data; -+ struct { -+ /* actually only needs to be 16+20 */ -+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; -+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ -+ unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; -+ int finish_md_len; -+ unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; -+ int peer_finish_md_len; -+ unsigned long message_size; -+ int message_type; -+ /* used to hold the new cipher we are going to use */ -+ SSL_CIPHER *new_cipher; -+# ifndef OPENSSL_NO_DH -+ DH *dh; -+# endif -+# ifndef OPENSSL_NO_ECDH -+ EC_KEY *ecdh; /* holds short lived ECDH key */ -+# endif -+ /* used when SSL_ST_FLUSH_DATA is entered */ -+ int next_state; -+ int reuse_message; -+ /* used for certificate requests */ -+ int cert_req; -+ int ctype_num; -+ char ctype[SSL3_CT_NUMBER]; -+ STACK_OF(X509_NAME) *ca_names; -+ int use_rsa_tmp; -+ int key_block_length; -+ unsigned char *key_block; -+ const EVP_CIPHER *new_sym_enc; -+ const EVP_MD *new_hash; -+# ifndef OPENSSL_NO_COMP -+ const SSL_COMP *new_compression; -+# else -+ char *new_compression; -+# endif -+ int cert_request; -+ } tmp; -+ -+ /* Connection binding to prevent renegotiation attacks */ -+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; -+ unsigned char previous_client_finished_len; -+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; -+ unsigned char previous_server_finished_len; -+ int send_connection_binding; /* TODOEKR */ -+ -+# ifndef OPENSSL_NO_TLSEXT -+# ifndef OPENSSL_NO_EC -+ /* -+ * This is set to true if we believe that this is a version of Safari -+ * running on OS X 10.6 or newer. We wish to know this because Safari on -+ * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. -+ */ -+ char is_probably_safari; -+# endif /* !OPENSSL_NO_EC */ -+# endif /* !OPENSSL_NO_TLSEXT */ -+} SSL3_STATE; - - /* SSLv3 */ --/*client */ -+/* -+ * client -+ */ - /* extra state */ --#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) -+# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) - /* write to server */ --#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) --#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) - /* read from server */ --#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) --#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) --#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) --#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) --#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) --#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) --#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) --#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) --#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) --#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) --#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) --#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) -+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) -+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) -+# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) -+# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) - /* write to server */ --#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) --#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) --#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) --#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) --#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) --#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) --#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) --#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) --#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) --#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) --#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) --#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) -+# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) -+# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) -+# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) -+# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) -+# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) - /* read from server */ --#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) --#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) --#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) --#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) --#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) --#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) --#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) --#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) -+# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) -+# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) -+# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) -+# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) - - /* server */ - /* extra state */ --#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) - /* read from client */ - /* Do not change the number values, they do matter */ --#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) --#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) --#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) - /* write to client */ --#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) --#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) --#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) --#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) --#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) --#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) --#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) --#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) --#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) --#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) --#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) --#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) --#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) --#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) --#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) -+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) -+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) - /* read from client */ --#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) --#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) --#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) --#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) --#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) --#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) --#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) --#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) --#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) --#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) -+# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) - /* write to client */ --#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) --#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) --#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) --#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) --#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) --#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) --#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) --#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) -- --#define SSL3_MT_HELLO_REQUEST 0 --#define SSL3_MT_CLIENT_HELLO 1 --#define SSL3_MT_SERVER_HELLO 2 --#define SSL3_MT_NEWSESSION_TICKET 4 --#define SSL3_MT_CERTIFICATE 11 --#define SSL3_MT_SERVER_KEY_EXCHANGE 12 --#define SSL3_MT_CERTIFICATE_REQUEST 13 --#define SSL3_MT_SERVER_DONE 14 --#define SSL3_MT_CERTIFICATE_VERIFY 15 --#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 --#define SSL3_MT_FINISHED 20 --#define SSL3_MT_CERTIFICATE_STATUS 22 --#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 -- -- --#define SSL3_MT_CCS 1 -+# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) -+# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) -+ -+# define SSL3_MT_HELLO_REQUEST 0 -+# define SSL3_MT_CLIENT_HELLO 1 -+# define SSL3_MT_SERVER_HELLO 2 -+# define SSL3_MT_NEWSESSION_TICKET 4 -+# define SSL3_MT_CERTIFICATE 11 -+# define SSL3_MT_SERVER_KEY_EXCHANGE 12 -+# define SSL3_MT_CERTIFICATE_REQUEST 13 -+# define SSL3_MT_SERVER_DONE 14 -+# define SSL3_MT_CERTIFICATE_VERIFY 15 -+# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 -+# define SSL3_MT_FINISHED 20 -+# define SSL3_MT_CERTIFICATE_STATUS 22 -+# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 -+ -+# define SSL3_MT_CCS 1 - - /* These are used when changing over to a new cipher */ --#define SSL3_CC_READ 0x01 --#define SSL3_CC_WRITE 0x02 --#define SSL3_CC_CLIENT 0x10 --#define SSL3_CC_SERVER 0x20 --#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) --#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) --#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) --#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) -+# define SSL3_CC_READ 0x01 -+# define SSL3_CC_WRITE 0x02 -+# define SSL3_CC_CLIENT 0x10 -+# define SSL3_CC_SERVER 0x20 -+# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) -+# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) -+# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) -+# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) - - #ifdef __cplusplus - } - #endif - #endif -- -diff --git a/Cryptlib/Include/openssl/stack.h b/Cryptlib/Include/openssl/stack.h -index 5cbb116..5ce8250 100644 ---- a/Cryptlib/Include/openssl/stack.h -+++ b/Cryptlib/Include/openssl/stack.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,50 +57,48 @@ - */ - - #ifndef HEADER_STACK_H --#define HEADER_STACK_H -+# define HEADER_STACK_H - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct stack_st -- { -- int num; -- char **data; -- int sorted; -- -- int num_alloc; -- int (*comp)(const char * const *, const char * const *); -- } STACK; -+typedef struct stack_st { -+ int num; -+ char **data; -+ int sorted; -+ int num_alloc; -+ int (*comp) (const char *const *, const char *const *); -+} STACK; - --#define M_sk_num(sk) ((sk) ? (sk)->num:-1) --#define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) -+# define M_sk_num(sk) ((sk) ? (sk)->num:-1) -+# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) - - int sk_num(const STACK *); - char *sk_value(const STACK *, int); - - char *sk_set(STACK *, int, char *); - --STACK *sk_new(int (*cmp)(const char * const *, const char * const *)); -+STACK *sk_new(int (*cmp) (const char *const *, const char *const *)); - STACK *sk_new_null(void); - void sk_free(STACK *); --void sk_pop_free(STACK *st, void (*func)(void *)); --int sk_insert(STACK *sk,char *data,int where); --char *sk_delete(STACK *st,int loc); --char *sk_delete_ptr(STACK *st, char *p); --int sk_find(STACK *st,char *data); --int sk_find_ex(STACK *st,char *data); --int sk_push(STACK *st,char *data); --int sk_unshift(STACK *st,char *data); --char *sk_shift(STACK *st); --char *sk_pop(STACK *st); --void sk_zero(STACK *st); --int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *, -- const char * const *))) -- (const char * const *, const char * const *); --STACK *sk_dup(STACK *st); --void sk_sort(STACK *st); --int sk_is_sorted(const STACK *st); -+void sk_pop_free(STACK * st, void (*func) (void *)); -+int sk_insert(STACK * sk, char *data, int where); -+char *sk_delete(STACK * st, int loc); -+char *sk_delete_ptr(STACK * st, char *p); -+int sk_find(STACK * st, char *data); -+int sk_find_ex(STACK * st, char *data); -+int sk_push(STACK * st, char *data); -+int sk_unshift(STACK * st, char *data); -+char *sk_shift(STACK * st); -+char *sk_pop(STACK * st); -+void sk_zero(STACK * st); -+int (*sk_set_cmp_func(STACK * sk, int (*c) (const char *const *, -+ const char *const *))) -+ (const char *const *, const char *const *); -+STACK *sk_dup(STACK * st); -+void sk_sort(STACK * st); -+int sk_is_sorted(const STACK * st); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/store.h b/Cryptlib/Include/openssl/store.h -index 6458337..715d470 100644 ---- a/Cryptlib/Include/openssl/store.h -+++ b/Cryptlib/Include/openssl/store.h -@@ -1,6 +1,7 @@ - /* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2003. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2003. - */ - /* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,14 +58,14 @@ - */ - - #ifndef HEADER_STORE_H --#define HEADER_STORE_H -+# define HEADER_STORE_H - --#include --#ifndef OPENSSL_NO_DEPRECATED --#include --#include --#include --#endif -+# include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# include -+# include -+# endif - - #ifdef __cplusplus - extern "C" { -@@ -74,41 +75,51 @@ extern "C" { - /* typedef struct store_st STORE; */ - /* typedef struct store_method_st STORE_METHOD; */ - -- --/* All the following functions return 0, a negative number or NULL on error. -- When everything is fine, they return a positive value or a non-NULL -- pointer, all depending on their purpose. */ -+/* -+ * All the following functions return 0, a negative number or NULL on error. -+ * When everything is fine, they return a positive value or a non-NULL -+ * pointer, all depending on their purpose. -+ */ - - /* Creators and destructor. */ - STORE *STORE_new_method(const STORE_METHOD *method); - STORE *STORE_new_engine(ENGINE *engine); - void STORE_free(STORE *ui); - -+/* -+ * Give a user interface parametrised control commands. This can be used to -+ * send down an integer, a data pointer or a function pointer, as well as be -+ * used to get information from a STORE. -+ */ -+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)); - --/* Give a user interface parametrised control commands. This can be used to -- send down an integer, a data pointer or a function pointer, as well as -- be used to get information from a STORE. */ --int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)); -- --/* A control to set the directory with keys and certificates. Used by the -- built-in directory level method. */ --#define STORE_CTRL_SET_DIRECTORY 0x0001 --/* A control to set a file to load. Used by the built-in file level method. */ --#define STORE_CTRL_SET_FILE 0x0002 --/* A control to set a configuration file to load. Can be used by any method -- that wishes to load a configuration file. */ --#define STORE_CTRL_SET_CONF_FILE 0x0003 --/* A control to set a the section of the loaded configuration file. Can be -- used by any method that wishes to load a configuration file. */ --#define STORE_CTRL_SET_CONF_SECTION 0x0004 -- -+/* -+ * A control to set the directory with keys and certificates. Used by the -+ * built-in directory level method. -+ */ -+# define STORE_CTRL_SET_DIRECTORY 0x0001 -+/* -+ * A control to set a file to load. Used by the built-in file level method. -+ */ -+# define STORE_CTRL_SET_FILE 0x0002 -+/* -+ * A control to set a configuration file to load. Can be used by any method -+ * that wishes to load a configuration file. -+ */ -+# define STORE_CTRL_SET_CONF_FILE 0x0003 -+/* -+ * A control to set a the section of the loaded configuration file. Can be -+ * used by any method that wishes to load a configuration file. -+ */ -+# define STORE_CTRL_SET_CONF_SECTION 0x0004 - - /* Some methods may use extra data */ --#define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) --#define STORE_get_app_data(s) STORE_get_ex_data(s,0) -+# define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) -+# define STORE_get_app_data(s) STORE_get_ex_data(s,0) - int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); --int STORE_set_ex_data(STORE *r,int idx,void *arg); -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+int STORE_set_ex_data(STORE *r, int idx, void *arg); - void *STORE_get_ex_data(STORE *r, int idx); - - /* Use specific methods instead of the built-in one */ -@@ -116,264 +127,341 @@ const STORE_METHOD *STORE_get_method(STORE *store); - const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); - - /* The standard OpenSSL methods. */ --/* This is the in-memory method. It does everything except revoking and updating, -- and is of course volatile. It's used by other methods that have an in-memory -- cache. */ -+/* -+ * This is the in-memory method. It does everything except revoking and -+ * updating, and is of course volatile. It's used by other methods that have -+ * an in-memory cache. -+ */ - const STORE_METHOD *STORE_Memory(void); --#if 0 /* Not yet implemented */ --/* This is the directory store. It does everything except revoking and updating, -- and uses STORE_Memory() to cache things in memory. */ -+# if 0 /* Not yet implemented */ -+/* -+ * This is the directory store. It does everything except revoking and -+ * updating, and uses STORE_Memory() to cache things in memory. -+ */ - const STORE_METHOD *STORE_Directory(void); --/* This is the file store. It does everything except revoking and updating, -- and uses STORE_Memory() to cache things in memory. Certificates are added -- to it with the store operation, and it will only get cached certificates. */ -+/* -+ * This is the file store. It does everything except revoking and updating, -+ * and uses STORE_Memory() to cache things in memory. Certificates are added -+ * to it with the store operation, and it will only get cached certificates. -+ */ - const STORE_METHOD *STORE_File(void); --#endif -+# endif - --/* Store functions take a type code for the type of data they should store -- or fetch */ --typedef enum STORE_object_types -- { -- STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, /* X509 * */ -- STORE_OBJECT_TYPE_X509_CRL= 0x02, /* X509_CRL * */ -- STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, /* EVP_PKEY * */ -- STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, /* EVP_PKEY * */ -- STORE_OBJECT_TYPE_NUMBER= 0x05, /* BIGNUM * */ -- STORE_OBJECT_TYPE_ARBITRARY= 0x06, /* BUF_MEM * */ -- STORE_OBJECT_TYPE_NUM= 0x06 /* The amount of known -- object types */ -- } STORE_OBJECT_TYPES; -+/* -+ * Store functions take a type code for the type of data they should store or -+ * fetch -+ */ -+typedef enum STORE_object_types { -+ STORE_OBJECT_TYPE_X509_CERTIFICATE = 0x01, /* X509 * */ -+ STORE_OBJECT_TYPE_X509_CRL = 0x02, /* X509_CRL * */ -+ STORE_OBJECT_TYPE_PRIVATE_KEY = 0x03, /* EVP_PKEY * */ -+ STORE_OBJECT_TYPE_PUBLIC_KEY = 0x04, /* EVP_PKEY * */ -+ STORE_OBJECT_TYPE_NUMBER = 0x05, /* BIGNUM * */ -+ STORE_OBJECT_TYPE_ARBITRARY = 0x06, /* BUF_MEM * */ -+ STORE_OBJECT_TYPE_NUM = 0x06 /* The amount of known object types */ -+} STORE_OBJECT_TYPES; - /* List of text strings corresponding to the object types. */ --extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1]; -- --/* Some store functions take a parameter list. Those parameters come with -- one of the following codes. The comments following the codes below indicate -- what type the value should be a pointer to. */ --typedef enum STORE_params -- { -- STORE_PARAM_EVP_TYPE= 0x01, /* int */ -- STORE_PARAM_BITS= 0x02, /* size_t */ -- STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ -- STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ -- STORE_PARAM_AUTH_PASSPHRASE= 0x05, /* char * */ -- STORE_PARAM_AUTH_KRB5_TICKET= 0x06, /* void * */ -- STORE_PARAM_TYPE_NUM= 0x06 /* The amount of known -- parameter types */ -- } STORE_PARAM_TYPES; --/* Parameter value sizes. -1 means unknown, anything else is the required size. */ --extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1]; -- --/* Store functions take attribute lists. Those attributes come with codes. -- The comments following the codes below indicate what type the value should -- be a pointer to. */ --typedef enum STORE_attribs -- { -- STORE_ATTR_END= 0x00, -- STORE_ATTR_FRIENDLYNAME= 0x01, /* C string */ -- STORE_ATTR_KEYID= 0x02, /* 160 bit string (SHA1) */ -- STORE_ATTR_ISSUERKEYID= 0x03, /* 160 bit string (SHA1) */ -- STORE_ATTR_SUBJECTKEYID= 0x04, /* 160 bit string (SHA1) */ -- STORE_ATTR_ISSUERSERIALHASH= 0x05, /* 160 bit string (SHA1) */ -- STORE_ATTR_ISSUER= 0x06, /* X509_NAME * */ -- STORE_ATTR_SERIAL= 0x07, /* BIGNUM * */ -- STORE_ATTR_SUBJECT= 0x08, /* X509_NAME * */ -- STORE_ATTR_CERTHASH= 0x09, /* 160 bit string (SHA1) */ -- STORE_ATTR_EMAIL= 0x0a, /* C string */ -- STORE_ATTR_FILENAME= 0x0b, /* C string */ -- STORE_ATTR_TYPE_NUM= 0x0b, /* The amount of known -- attribute types */ -- STORE_ATTR_OR= 0xff /* This is a special -- separator, which -- expresses the OR -- operation. */ -- } STORE_ATTR_TYPES; --/* Attribute value sizes. -1 means unknown, anything else is the required size. */ --extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1]; -- --typedef enum STORE_certificate_status -- { -- STORE_X509_VALID= 0x00, -- STORE_X509_EXPIRED= 0x01, -- STORE_X509_SUSPENDED= 0x02, -- STORE_X509_REVOKED= 0x03 -- } STORE_CERTIFICATE_STATUS; -- --/* Engine store functions will return a structure that contains all the necessary -- * information, including revokation status for certificates. This is really not -- * needed for application authors, as the ENGINE framework functions will extract -- * the OpenSSL-specific information when at all possible. However, for engine -- * authors, it's crucial to know this structure. */ --typedef struct STORE_OBJECT_st -- { -- STORE_OBJECT_TYPES type; -- union -- { -- struct -- { -- STORE_CERTIFICATE_STATUS status; -- X509 *certificate; -- } x509; -- X509_CRL *crl; -- EVP_PKEY *key; -- BIGNUM *number; -- BUF_MEM *arbitrary; -- } data; -- } STORE_OBJECT; -+extern const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1]; -+ -+/* -+ * Some store functions take a parameter list. Those parameters come with -+ * one of the following codes. The comments following the codes below -+ * indicate what type the value should be a pointer to. -+ */ -+typedef enum STORE_params { -+ STORE_PARAM_EVP_TYPE = 0x01, /* int */ -+ STORE_PARAM_BITS = 0x02, /* size_t */ -+ STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */ -+ STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */ -+ STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */ -+ STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */ -+ STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */ -+} STORE_PARAM_TYPES; -+/* -+ * Parameter value sizes. -1 means unknown, anything else is the required -+ * size. -+ */ -+extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1]; -+ -+/* -+ * Store functions take attribute lists. Those attributes come with codes. -+ * The comments following the codes below indicate what type the value should -+ * be a pointer to. -+ */ -+typedef enum STORE_attribs { -+ STORE_ATTR_END = 0x00, -+ STORE_ATTR_FRIENDLYNAME = 0x01, /* C string */ -+ STORE_ATTR_KEYID = 0x02, /* 160 bit string (SHA1) */ -+ STORE_ATTR_ISSUERKEYID = 0x03, /* 160 bit string (SHA1) */ -+ STORE_ATTR_SUBJECTKEYID = 0x04, /* 160 bit string (SHA1) */ -+ STORE_ATTR_ISSUERSERIALHASH = 0x05, /* 160 bit string (SHA1) */ -+ STORE_ATTR_ISSUER = 0x06, /* X509_NAME * */ -+ STORE_ATTR_SERIAL = 0x07, /* BIGNUM * */ -+ STORE_ATTR_SUBJECT = 0x08, /* X509_NAME * */ -+ STORE_ATTR_CERTHASH = 0x09, /* 160 bit string (SHA1) */ -+ STORE_ATTR_EMAIL = 0x0a, /* C string */ -+ STORE_ATTR_FILENAME = 0x0b, /* C string */ -+ STORE_ATTR_TYPE_NUM = 0x0b, /* The amount of known attribute types */ -+ STORE_ATTR_OR = 0xff /* This is a special separator, which -+ * expresses the OR operation. */ -+} STORE_ATTR_TYPES; -+/* -+ * Attribute value sizes. -1 means unknown, anything else is the required -+ * size. -+ */ -+extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1]; -+ -+typedef enum STORE_certificate_status { -+ STORE_X509_VALID = 0x00, -+ STORE_X509_EXPIRED = 0x01, -+ STORE_X509_SUSPENDED = 0x02, -+ STORE_X509_REVOKED = 0x03 -+} STORE_CERTIFICATE_STATUS; -+ -+/* -+ * Engine store functions will return a structure that contains all the -+ * necessary information, including revokation status for certificates. This -+ * is really not needed for application authors, as the ENGINE framework -+ * functions will extract the OpenSSL-specific information when at all -+ * possible. However, for engine authors, it's crucial to know this -+ * structure. -+ */ -+typedef struct STORE_OBJECT_st { -+ STORE_OBJECT_TYPES type; -+ union { -+ struct { -+ STORE_CERTIFICATE_STATUS status; -+ X509 *certificate; -+ } x509; -+ X509_CRL *crl; -+ EVP_PKEY *key; -+ BIGNUM *number; -+ BUF_MEM *arbitrary; -+ } data; -+} STORE_OBJECT; - DECLARE_STACK_OF(STORE_OBJECT) - STORE_OBJECT *STORE_OBJECT_new(void); - void STORE_OBJECT_free(STORE_OBJECT *data); - -- -- --/* The following functions handle the storage. They return 0, a negative number -- or NULL on error, anything else on success. */ -+/* -+ * The following functions handle the storage. They return 0, a negative -+ * number or NULL on error, anything else on success. -+ */ - X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]); - int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - X509 *STORE_list_certificate_next(STORE *e, void *handle); - int STORE_list_certificate_end(STORE *e, void *handle); - int STORE_list_certificate_endp(STORE *e, void *handle); - EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_store_private_key(STORE *e, EVP_PKEY *data, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); - int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM add_sttributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]); - int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); - int STORE_list_private_key_end(STORE *e, void *handle); - int STORE_list_private_key_endp(STORE *e, void *handle); - EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); --int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); -+int STORE_store_public_key(STORE *e, EVP_PKEY *data, -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); - int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM add_sttributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]); - int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); - int STORE_list_public_key_end(STORE *e, void *handle); - int STORE_list_public_key_endp(STORE *e, void *handle); - X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM add_sttributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]); - int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - X509_CRL *STORE_list_crl_next(STORE *e, void *handle); - int STORE_list_crl_end(STORE *e, void *handle); - int STORE_list_crl_endp(STORE *e, void *handle); - int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM add_sttributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]); - BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM add_sttributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]); - BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -- -+ OPENSSL_ITEM parameters[]); - - /* Create and manipulate methods */ - STORE_METHOD *STORE_create_method(char *name); - void STORE_destroy_method(STORE_METHOD *store_method); - - /* These callback types are use for store handlers */ --typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *); --typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *); --typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); --typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); --typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -+typedef int (*STORE_INITIALISE_FUNC_PTR) (STORE *); -+typedef void (*STORE_CLEANUP_FUNC_PTR) (STORE *); -+typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, -+ STORE_OBJECT_TYPES -+ type, -+ OPENSSL_ITEM -+ attributes[], -+ OPENSSL_ITEM -+ parameters[]); -+typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, -+ STORE_OBJECT_TYPES type, -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); -+typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); - typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); --typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle); --typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); --typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); --typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); --typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); --typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void)); -- --int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f); --int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f); --int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f); --int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f); --int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f); --int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f); --int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); --int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f); --int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f); --int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f); --int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f); --int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); --int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); --int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); --int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f); -- --STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm); -+typedef int (*STORE_END_OBJECT_FUNC_PTR) (STORE *, void *handle); -+typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); -+typedef int (*STORE_STORE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, -+ STORE_OBJECT *data, -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); -+typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, -+ OPENSSL_ITEM search_attributes[], -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]); -+typedef int (*STORE_GENERIC_FUNC_PTR) (STORE *, OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); -+typedef int (*STORE_CTRL_FUNC_PTR) (STORE *, int cmd, long l, void *p, -+ void (*f) (void)); -+ -+int STORE_method_set_initialise_function(STORE_METHOD *sm, -+ STORE_INITIALISE_FUNC_PTR init_f); -+int STORE_method_set_cleanup_function(STORE_METHOD *sm, -+ STORE_CLEANUP_FUNC_PTR clean_f); -+int STORE_method_set_generate_function(STORE_METHOD *sm, -+ STORE_GENERATE_OBJECT_FUNC_PTR -+ generate_f); -+int STORE_method_set_get_function(STORE_METHOD *sm, -+ STORE_GET_OBJECT_FUNC_PTR get_f); -+int STORE_method_set_store_function(STORE_METHOD *sm, -+ STORE_STORE_OBJECT_FUNC_PTR store_f); -+int STORE_method_set_modify_function(STORE_METHOD *sm, -+ STORE_MODIFY_OBJECT_FUNC_PTR store_f); -+int STORE_method_set_revoke_function(STORE_METHOD *sm, -+ STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); -+int STORE_method_set_delete_function(STORE_METHOD *sm, -+ STORE_HANDLE_OBJECT_FUNC_PTR delete_f); -+int STORE_method_set_list_start_function(STORE_METHOD *sm, -+ STORE_START_OBJECT_FUNC_PTR -+ list_start_f); -+int STORE_method_set_list_next_function(STORE_METHOD *sm, -+ STORE_NEXT_OBJECT_FUNC_PTR -+ list_next_f); -+int STORE_method_set_list_end_function(STORE_METHOD *sm, -+ STORE_END_OBJECT_FUNC_PTR list_end_f); -+int STORE_method_set_update_store_function(STORE_METHOD *sm, -+ STORE_GENERIC_FUNC_PTR); -+int STORE_method_set_lock_store_function(STORE_METHOD *sm, -+ STORE_GENERIC_FUNC_PTR); -+int STORE_method_set_unlock_store_function(STORE_METHOD *sm, -+ STORE_GENERIC_FUNC_PTR); -+int STORE_method_set_ctrl_function(STORE_METHOD *sm, -+ STORE_CTRL_FUNC_PTR ctrl_f); -+ -+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD -+ *sm); - STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm); --STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm); -+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD -+ *sm); - STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm); - STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm); --STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm); --STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm); --STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm); --STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm); --STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm); --STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm); --STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm); -+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD -+ *sm); -+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD -+ *sm); -+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD -+ *sm); -+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD -+ *sm); -+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD -+ *sm); -+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD -+ *sm); -+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD -+ *sm); - STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm); --STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm); -+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD -+ *sm); - STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm); - - /* Method helper structures and functions. */ - --/* This structure is the result of parsing through the information in a list -- of OPENSSL_ITEMs. It stores all the necessary information in a structured -- way.*/ -+/* -+ * This structure is the result of parsing through the information in a list -+ * of OPENSSL_ITEMs. It stores all the necessary information in a structured -+ * way. -+ */ - typedef struct STORE_attr_info_st STORE_ATTR_INFO; - --/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. -- Note that we do this in the list form, since the list of OPENSSL_ITEMs can -- come in blocks separated with STORE_ATTR_OR. Note that the value returned -- by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */ -+/* -+ * Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. -+ * Note that we do this in the list form, since the list of OPENSSL_ITEMs can -+ * come in blocks separated with STORE_ATTR_OR. Note that the value returned -+ * by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). -+ */ - void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes); - STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle); - int STORE_parse_attrs_end(void *handle); -@@ -384,42 +472,51 @@ STORE_ATTR_INFO *STORE_ATTR_INFO_new(void); - int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs); - - /* Manipulators */ --char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); -+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code); - unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, -- STORE_ATTR_TYPES code); --X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); --BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); -+ STORE_ATTR_TYPES code); -+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code); -+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code); - int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- char *cstr, size_t cstr_size); -+ char *cstr, size_t cstr_size); - int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- unsigned char *sha1str, size_t sha1str_size); -+ unsigned char *sha1str, size_t sha1str_size); - int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- X509_NAME *dn); -+ X509_NAME *dn); - int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- BIGNUM *number); -+ BIGNUM *number); - int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- char *cstr, size_t cstr_size); --int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- unsigned char *sha1str, size_t sha1str_size); -+ char *cstr, size_t cstr_size); -+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code, -+ unsigned char *sha1str, -+ size_t sha1str_size); - int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- X509_NAME *dn); --int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- BIGNUM *number); -+ X509_NAME *dn); -+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code, BIGNUM *number); - --/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values -- in each contained attribute. */ -+/* -+ * Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in -+ * each contained attribute. -+ */ - int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); --/* Check if the set of attributes in a is within the range of attributes -- set in b. */ -+/* -+ * Check if the set of attributes in a is within the range of attributes set -+ * in b. -+ */ - int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); - /* Check if the set of attributes in a are also set in b. */ - int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); - /* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ - int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); - -- - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_STORE_strings(void); -@@ -427,126 +524,126 @@ void ERR_load_STORE_strings(void); - /* Error codes for the STORE functions. */ - - /* Function codes. */ --#define STORE_F_MEM_DELETE 134 --#define STORE_F_MEM_GENERATE 135 --#define STORE_F_MEM_LIST_END 168 --#define STORE_F_MEM_LIST_NEXT 136 --#define STORE_F_MEM_LIST_START 137 --#define STORE_F_MEM_MODIFY 169 --#define STORE_F_MEM_STORE 138 --#define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 --#define STORE_F_STORE_ATTR_INFO_GET0_DN 140 --#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 --#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 --#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 --#define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 --#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 --#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 --#define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 --#define STORE_F_STORE_ATTR_INFO_SET_DN 148 --#define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 --#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 --#define STORE_F_STORE_CERTIFICATE 170 --#define STORE_F_STORE_CTRL 161 --#define STORE_F_STORE_DELETE_ARBITRARY 158 --#define STORE_F_STORE_DELETE_CERTIFICATE 102 --#define STORE_F_STORE_DELETE_CRL 103 --#define STORE_F_STORE_DELETE_NUMBER 104 --#define STORE_F_STORE_DELETE_PRIVATE_KEY 105 --#define STORE_F_STORE_DELETE_PUBLIC_KEY 106 --#define STORE_F_STORE_GENERATE_CRL 107 --#define STORE_F_STORE_GENERATE_KEY 108 --#define STORE_F_STORE_GET_ARBITRARY 159 --#define STORE_F_STORE_GET_CERTIFICATE 109 --#define STORE_F_STORE_GET_CRL 110 --#define STORE_F_STORE_GET_NUMBER 111 --#define STORE_F_STORE_GET_PRIVATE_KEY 112 --#define STORE_F_STORE_GET_PUBLIC_KEY 113 --#define STORE_F_STORE_LIST_CERTIFICATE_END 114 --#define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 --#define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 --#define STORE_F_STORE_LIST_CERTIFICATE_START 116 --#define STORE_F_STORE_LIST_CRL_END 117 --#define STORE_F_STORE_LIST_CRL_ENDP 154 --#define STORE_F_STORE_LIST_CRL_NEXT 118 --#define STORE_F_STORE_LIST_CRL_START 119 --#define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 --#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 --#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 --#define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 --#define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 --#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 --#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 --#define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 --#define STORE_F_STORE_MODIFY_ARBITRARY 162 --#define STORE_F_STORE_MODIFY_CERTIFICATE 163 --#define STORE_F_STORE_MODIFY_CRL 164 --#define STORE_F_STORE_MODIFY_NUMBER 165 --#define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 --#define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 --#define STORE_F_STORE_NEW_ENGINE 133 --#define STORE_F_STORE_NEW_METHOD 132 --#define STORE_F_STORE_PARSE_ATTRS_END 151 --#define STORE_F_STORE_PARSE_ATTRS_ENDP 172 --#define STORE_F_STORE_PARSE_ATTRS_NEXT 152 --#define STORE_F_STORE_PARSE_ATTRS_START 171 --#define STORE_F_STORE_REVOKE_CERTIFICATE 129 --#define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 --#define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 --#define STORE_F_STORE_STORE_ARBITRARY 157 --#define STORE_F_STORE_STORE_CERTIFICATE 100 --#define STORE_F_STORE_STORE_CRL 101 --#define STORE_F_STORE_STORE_NUMBER 126 --#define STORE_F_STORE_STORE_PRIVATE_KEY 127 --#define STORE_F_STORE_STORE_PUBLIC_KEY 128 -+# define STORE_F_MEM_DELETE 134 -+# define STORE_F_MEM_GENERATE 135 -+# define STORE_F_MEM_LIST_END 168 -+# define STORE_F_MEM_LIST_NEXT 136 -+# define STORE_F_MEM_LIST_START 137 -+# define STORE_F_MEM_MODIFY 169 -+# define STORE_F_MEM_STORE 138 -+# define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 -+# define STORE_F_STORE_ATTR_INFO_GET0_DN 140 -+# define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 -+# define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 -+# define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 -+# define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 -+# define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 -+# define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 -+# define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 -+# define STORE_F_STORE_ATTR_INFO_SET_DN 148 -+# define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 -+# define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 -+# define STORE_F_STORE_CERTIFICATE 170 -+# define STORE_F_STORE_CTRL 161 -+# define STORE_F_STORE_DELETE_ARBITRARY 158 -+# define STORE_F_STORE_DELETE_CERTIFICATE 102 -+# define STORE_F_STORE_DELETE_CRL 103 -+# define STORE_F_STORE_DELETE_NUMBER 104 -+# define STORE_F_STORE_DELETE_PRIVATE_KEY 105 -+# define STORE_F_STORE_DELETE_PUBLIC_KEY 106 -+# define STORE_F_STORE_GENERATE_CRL 107 -+# define STORE_F_STORE_GENERATE_KEY 108 -+# define STORE_F_STORE_GET_ARBITRARY 159 -+# define STORE_F_STORE_GET_CERTIFICATE 109 -+# define STORE_F_STORE_GET_CRL 110 -+# define STORE_F_STORE_GET_NUMBER 111 -+# define STORE_F_STORE_GET_PRIVATE_KEY 112 -+# define STORE_F_STORE_GET_PUBLIC_KEY 113 -+# define STORE_F_STORE_LIST_CERTIFICATE_END 114 -+# define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 -+# define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 -+# define STORE_F_STORE_LIST_CERTIFICATE_START 116 -+# define STORE_F_STORE_LIST_CRL_END 117 -+# define STORE_F_STORE_LIST_CRL_ENDP 154 -+# define STORE_F_STORE_LIST_CRL_NEXT 118 -+# define STORE_F_STORE_LIST_CRL_START 119 -+# define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 -+# define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 -+# define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 -+# define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 -+# define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 -+# define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 -+# define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 -+# define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 -+# define STORE_F_STORE_MODIFY_ARBITRARY 162 -+# define STORE_F_STORE_MODIFY_CERTIFICATE 163 -+# define STORE_F_STORE_MODIFY_CRL 164 -+# define STORE_F_STORE_MODIFY_NUMBER 165 -+# define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 -+# define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 -+# define STORE_F_STORE_NEW_ENGINE 133 -+# define STORE_F_STORE_NEW_METHOD 132 -+# define STORE_F_STORE_PARSE_ATTRS_END 151 -+# define STORE_F_STORE_PARSE_ATTRS_ENDP 172 -+# define STORE_F_STORE_PARSE_ATTRS_NEXT 152 -+# define STORE_F_STORE_PARSE_ATTRS_START 171 -+# define STORE_F_STORE_REVOKE_CERTIFICATE 129 -+# define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 -+# define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 -+# define STORE_F_STORE_STORE_ARBITRARY 157 -+# define STORE_F_STORE_STORE_CERTIFICATE 100 -+# define STORE_F_STORE_STORE_CRL 101 -+# define STORE_F_STORE_STORE_NUMBER 126 -+# define STORE_F_STORE_STORE_PRIVATE_KEY 127 -+# define STORE_F_STORE_STORE_PUBLIC_KEY 128 - - /* Reason codes. */ --#define STORE_R_ALREADY_HAS_A_VALUE 127 --#define STORE_R_FAILED_DELETING_ARBITRARY 132 --#define STORE_R_FAILED_DELETING_CERTIFICATE 100 --#define STORE_R_FAILED_DELETING_KEY 101 --#define STORE_R_FAILED_DELETING_NUMBER 102 --#define STORE_R_FAILED_GENERATING_CRL 103 --#define STORE_R_FAILED_GENERATING_KEY 104 --#define STORE_R_FAILED_GETTING_ARBITRARY 133 --#define STORE_R_FAILED_GETTING_CERTIFICATE 105 --#define STORE_R_FAILED_GETTING_KEY 106 --#define STORE_R_FAILED_GETTING_NUMBER 107 --#define STORE_R_FAILED_LISTING_CERTIFICATES 108 --#define STORE_R_FAILED_LISTING_KEYS 109 --#define STORE_R_FAILED_MODIFYING_ARBITRARY 138 --#define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 --#define STORE_R_FAILED_MODIFYING_CRL 140 --#define STORE_R_FAILED_MODIFYING_NUMBER 141 --#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 --#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 --#define STORE_R_FAILED_REVOKING_CERTIFICATE 110 --#define STORE_R_FAILED_REVOKING_KEY 111 --#define STORE_R_FAILED_STORING_ARBITRARY 134 --#define STORE_R_FAILED_STORING_CERTIFICATE 112 --#define STORE_R_FAILED_STORING_KEY 113 --#define STORE_R_FAILED_STORING_NUMBER 114 --#define STORE_R_NOT_IMPLEMENTED 128 --#define STORE_R_NO_CONTROL_FUNCTION 144 --#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 --#define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 --#define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 --#define STORE_R_NO_GENERATE_CRL_FUNCTION 117 --#define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 --#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 --#define STORE_R_NO_GET_OBJECT_FUNCTION 119 --#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 --#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 --#define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 --#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 --#define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 --#define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 --#define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 --#define STORE_R_NO_STORE 129 --#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 --#define STORE_R_NO_STORE_OBJECT_FUNCTION 125 --#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 --#define STORE_R_NO_VALUE 130 -+# define STORE_R_ALREADY_HAS_A_VALUE 127 -+# define STORE_R_FAILED_DELETING_ARBITRARY 132 -+# define STORE_R_FAILED_DELETING_CERTIFICATE 100 -+# define STORE_R_FAILED_DELETING_KEY 101 -+# define STORE_R_FAILED_DELETING_NUMBER 102 -+# define STORE_R_FAILED_GENERATING_CRL 103 -+# define STORE_R_FAILED_GENERATING_KEY 104 -+# define STORE_R_FAILED_GETTING_ARBITRARY 133 -+# define STORE_R_FAILED_GETTING_CERTIFICATE 105 -+# define STORE_R_FAILED_GETTING_KEY 106 -+# define STORE_R_FAILED_GETTING_NUMBER 107 -+# define STORE_R_FAILED_LISTING_CERTIFICATES 108 -+# define STORE_R_FAILED_LISTING_KEYS 109 -+# define STORE_R_FAILED_MODIFYING_ARBITRARY 138 -+# define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 -+# define STORE_R_FAILED_MODIFYING_CRL 140 -+# define STORE_R_FAILED_MODIFYING_NUMBER 141 -+# define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 -+# define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 -+# define STORE_R_FAILED_REVOKING_CERTIFICATE 110 -+# define STORE_R_FAILED_REVOKING_KEY 111 -+# define STORE_R_FAILED_STORING_ARBITRARY 134 -+# define STORE_R_FAILED_STORING_CERTIFICATE 112 -+# define STORE_R_FAILED_STORING_KEY 113 -+# define STORE_R_FAILED_STORING_NUMBER 114 -+# define STORE_R_NOT_IMPLEMENTED 128 -+# define STORE_R_NO_CONTROL_FUNCTION 144 -+# define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 -+# define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 -+# define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 -+# define STORE_R_NO_GENERATE_CRL_FUNCTION 117 -+# define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 -+# define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 -+# define STORE_R_NO_GET_OBJECT_FUNCTION 119 -+# define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 -+# define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 -+# define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 -+# define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 -+# define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 -+# define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 -+# define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 -+# define STORE_R_NO_STORE 129 -+# define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 -+# define STORE_R_NO_STORE_OBJECT_FUNCTION 125 -+# define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 -+# define STORE_R_NO_VALUE 130 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h -index c540771..b8a6ddf 100644 ---- a/Cryptlib/Include/openssl/symhacks.h -+++ b/Cryptlib/Include/openssl/symhacks.h -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,375 +53,386 @@ - */ - - #ifndef HEADER_SYMHACKS_H --#define HEADER_SYMHACKS_H -+# define HEADER_SYMHACKS_H - --#include -+# include - --/* Hacks to solve the problem with linkers incapable of handling very long -- symbol names. In the case of VMS, the limit is 31 characters on VMS for -- VAX. */ --/* Note that this affects util/libeay.num and util/ssleay.num... you may -- change those manually, but that's not recommended, as those files are -- controlled centrally and updated on Unix, and the central definition -- may disagree with yours, which in turn may come with shareable library -- incompatibilities. */ --#ifdef OPENSSL_SYS_VMS -+/* -+ * Hacks to solve the problem with linkers incapable of handling very long -+ * symbol names. In the case of VMS, the limit is 31 characters on VMS for -+ * VAX. -+ */ -+/* -+ * Note that this affects util/libeay.num and util/ssleay.num... you may -+ * change those manually, but that's not recommended, as those files are -+ * controlled centrally and updated on Unix, and the central definition may -+ * disagree with yours, which in turn may come with shareable library -+ * incompatibilities. -+ */ -+# ifdef OPENSSL_SYS_VMS - - /* Hack a long name in crypto/cryptlib.c */ --#undef int_CRYPTO_set_do_dynlock_callback --#define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb -+# undef int_CRYPTO_set_do_dynlock_callback -+# define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb - - /* Hack a long name in crypto/ex_data.c */ --#undef CRYPTO_get_ex_data_implementation --#define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl --#undef CRYPTO_set_ex_data_implementation --#define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl -+# undef CRYPTO_get_ex_data_implementation -+# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl -+# undef CRYPTO_set_ex_data_implementation -+# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl - - /* Hack a long name in crypto/asn1/a_mbstr.c */ --#undef ASN1_STRING_set_default_mask_asc --#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc -+# undef ASN1_STRING_set_default_mask_asc -+# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc - --#if 0 /* No longer needed, since safestack macro magic does the job */ -+# if 0 /* No longer needed, since safestack macro -+ * magic does the job */ - /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ --#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO --#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF --#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO --#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF --#endif -- --#if 0 /* No longer needed, since safestack macro magic does the job */ -+# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO -+# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF -+# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO -+# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF -+# endif -+ -+# if 0 /* No longer needed, since safestack macro -+ * magic does the job */ - /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ --#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO --#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF --#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO --#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF --#endif -- --#if 0 /* No longer needed, since safestack macro magic does the job */ -+# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO -+# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF -+# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO -+# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF -+# endif -+ -+# if 0 /* No longer needed, since safestack macro -+ * magic does the job */ - /* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ --#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION --#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC --#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION --#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC --#endif -+# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION -+# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC -+# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION -+# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC -+# endif - - /* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ --#undef PEM_read_NETSCAPE_CERT_SEQUENCE --#define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ --#undef PEM_write_NETSCAPE_CERT_SEQUENCE --#define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ --#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE --#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ --#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE --#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ --#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE --#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ -+# undef PEM_read_NETSCAPE_CERT_SEQUENCE -+# define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ -+# undef PEM_write_NETSCAPE_CERT_SEQUENCE -+# define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ -+# undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE -+# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ -+# undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE -+# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ -+# undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE -+# define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ - - /* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ --#undef PEM_read_PKCS8_PRIV_KEY_INFO --#define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO --#undef PEM_write_PKCS8_PRIV_KEY_INFO --#define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO --#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO --#define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO --#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO --#define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO --#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO --#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO -+# undef PEM_read_PKCS8_PRIV_KEY_INFO -+# define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO -+# undef PEM_write_PKCS8_PRIV_KEY_INFO -+# define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO -+# undef PEM_read_bio_PKCS8_PRIV_KEY_INFO -+# define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO -+# undef PEM_write_bio_PKCS8_PRIV_KEY_INFO -+# define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO -+# undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO -+# define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO - - /* Hack other PEM names */ --#undef PEM_write_bio_PKCS8PrivateKey_nid --#define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid -+# undef PEM_write_bio_PKCS8PrivateKey_nid -+# define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid - - /* Hack some long X509 names */ --#undef X509_REVOKED_get_ext_by_critical --#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic --#undef X509_policy_tree_get0_user_policies --#define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies --#undef X509_policy_node_get0_qualifiers --#define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers --#undef X509_STORE_CTX_get_explicit_policy --#define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy --#undef X509_STORE_CTX_get0_current_issuer --#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer -+# undef X509_REVOKED_get_ext_by_critical -+# define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic -+# undef X509_policy_tree_get0_user_policies -+# define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies -+# undef X509_policy_node_get0_qualifiers -+# define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers -+# undef X509_STORE_CTX_get_explicit_policy -+# define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy -+# undef X509_STORE_CTX_get0_current_issuer -+# define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer - - /* Hack some long CRYPTO names */ --#undef CRYPTO_set_dynlock_destroy_callback --#define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb --#undef CRYPTO_set_dynlock_create_callback --#define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb --#undef CRYPTO_set_dynlock_lock_callback --#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb --#undef CRYPTO_get_dynlock_lock_callback --#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb --#undef CRYPTO_get_dynlock_destroy_callback --#define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb --#undef CRYPTO_get_dynlock_create_callback --#define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb --#undef CRYPTO_set_locked_mem_ex_functions --#define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs --#undef CRYPTO_get_locked_mem_ex_functions --#define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs -+# undef CRYPTO_set_dynlock_destroy_callback -+# define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb -+# undef CRYPTO_set_dynlock_create_callback -+# define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb -+# undef CRYPTO_set_dynlock_lock_callback -+# define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb -+# undef CRYPTO_get_dynlock_lock_callback -+# define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb -+# undef CRYPTO_get_dynlock_destroy_callback -+# define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb -+# undef CRYPTO_get_dynlock_create_callback -+# define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb -+# undef CRYPTO_set_locked_mem_ex_functions -+# define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs -+# undef CRYPTO_get_locked_mem_ex_functions -+# define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs - - /* Hack some long SSL names */ --#undef SSL_CTX_set_default_verify_paths --#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths --#undef SSL_get_ex_data_X509_STORE_CTX_idx --#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx --#undef SSL_add_file_cert_subjects_to_stack --#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk --#undef SSL_add_dir_cert_subjects_to_stack --#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk --#undef SSL_CTX_use_certificate_chain_file --#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file --#undef SSL_CTX_set_cert_verify_callback --#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb --#undef SSL_CTX_set_default_passwd_cb_userdata --#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud --#undef SSL_COMP_get_compression_methods --#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods -- --#undef ssl_add_clienthello_renegotiate_ext --#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext --#undef ssl_add_serverhello_renegotiate_ext --#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext --#undef ssl_parse_clienthello_renegotiate_ext --#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext --#undef ssl_parse_serverhello_renegotiate_ext --#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext -+# undef SSL_CTX_set_default_verify_paths -+# define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths -+# undef SSL_get_ex_data_X509_STORE_CTX_idx -+# define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx -+# undef SSL_add_file_cert_subjects_to_stack -+# define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk -+# undef SSL_add_dir_cert_subjects_to_stack -+# define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk -+# undef SSL_CTX_use_certificate_chain_file -+# define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file -+# undef SSL_CTX_set_cert_verify_callback -+# define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb -+# undef SSL_CTX_set_default_passwd_cb_userdata -+# define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud -+# undef SSL_COMP_get_compression_methods -+# define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods -+ -+# undef ssl_add_clienthello_renegotiate_ext -+# define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext -+# undef ssl_add_serverhello_renegotiate_ext -+# define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext -+# undef ssl_parse_clienthello_renegotiate_ext -+# define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext -+# undef ssl_parse_serverhello_renegotiate_ext -+# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext -+ -+# undef ssl3_cbc_record_digest_supported -+# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support -+# undef ssl_check_clienthello_tlsext_late -+# define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late -+# undef ssl_check_clienthello_tlsext_early -+# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early - - /* Hack some long ENGINE names */ --#undef ENGINE_get_default_BN_mod_exp_crt --#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt --#undef ENGINE_set_default_BN_mod_exp_crt --#define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt --#undef ENGINE_set_load_privkey_function --#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn --#undef ENGINE_get_load_privkey_function --#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn --#undef ENGINE_set_load_ssl_client_cert_function --#define ENGINE_set_load_ssl_client_cert_function \ -- ENGINE_set_ld_ssl_clnt_cert_fn --#undef ENGINE_get_ssl_client_cert_function --#define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn -+# undef ENGINE_get_default_BN_mod_exp_crt -+# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt -+# undef ENGINE_set_default_BN_mod_exp_crt -+# define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt -+# undef ENGINE_set_load_privkey_function -+# define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn -+# undef ENGINE_get_load_privkey_function -+# define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn -+# undef ENGINE_set_load_ssl_client_cert_function -+# define ENGINE_set_load_ssl_client_cert_function \ -+ ENGINE_set_ld_ssl_clnt_cert_fn -+# undef ENGINE_get_ssl_client_cert_function -+# define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn - - /* Hack some long OCSP names */ --#undef OCSP_REQUEST_get_ext_by_critical --#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit --#undef OCSP_BASICRESP_get_ext_by_critical --#define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit --#undef OCSP_SINGLERESP_get_ext_by_critical --#define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit -+# undef OCSP_REQUEST_get_ext_by_critical -+# define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit -+# undef OCSP_BASICRESP_get_ext_by_critical -+# define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit -+# undef OCSP_SINGLERESP_get_ext_by_critical -+# define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit - - /* Hack some long DES names */ --#undef _ossl_old_des_ede3_cfb64_encrypt --#define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt --#undef _ossl_old_des_ede3_ofb64_encrypt --#define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt -+# undef _ossl_old_des_ede3_cfb64_encrypt -+# define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt -+# undef _ossl_old_des_ede3_ofb64_encrypt -+# define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt - - /* Hack some long EVP names */ --#undef OPENSSL_add_all_algorithms_noconf --#define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf --#undef OPENSSL_add_all_algorithms_conf --#define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf -+# undef OPENSSL_add_all_algorithms_noconf -+# define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf -+# undef OPENSSL_add_all_algorithms_conf -+# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf - - /* Hack some long EC names */ --#undef EC_GROUP_set_point_conversion_form --#define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form --#undef EC_GROUP_get_point_conversion_form --#define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form --#undef EC_GROUP_clear_free_all_extra_data --#define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data --#undef EC_POINT_set_Jprojective_coordinates_GFp --#define EC_POINT_set_Jprojective_coordinates_GFp \ -+# undef EC_GROUP_set_point_conversion_form -+# define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form -+# undef EC_GROUP_get_point_conversion_form -+# define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form -+# undef EC_GROUP_clear_free_all_extra_data -+# define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data -+# undef EC_POINT_set_Jprojective_coordinates_GFp -+# define EC_POINT_set_Jprojective_coordinates_GFp \ - EC_POINT_set_Jproj_coords_GFp --#undef EC_POINT_get_Jprojective_coordinates_GFp --#define EC_POINT_get_Jprojective_coordinates_GFp \ -+# undef EC_POINT_get_Jprojective_coordinates_GFp -+# define EC_POINT_get_Jprojective_coordinates_GFp \ - EC_POINT_get_Jproj_coords_GFp --#undef EC_POINT_set_affine_coordinates_GFp --#define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp --#undef EC_POINT_get_affine_coordinates_GFp --#define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp --#undef EC_POINT_set_compressed_coordinates_GFp --#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp --#undef EC_POINT_set_affine_coordinates_GF2m --#define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m --#undef EC_POINT_get_affine_coordinates_GF2m --#define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m --#undef EC_POINT_set_compressed_coordinates_GF2m --#define EC_POINT_set_compressed_coordinates_GF2m \ -+# undef EC_POINT_set_affine_coordinates_GFp -+# define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp -+# undef EC_POINT_get_affine_coordinates_GFp -+# define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp -+# undef EC_POINT_set_compressed_coordinates_GFp -+# define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp -+# undef EC_POINT_set_affine_coordinates_GF2m -+# define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m -+# undef EC_POINT_get_affine_coordinates_GF2m -+# define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m -+# undef EC_POINT_set_compressed_coordinates_GF2m -+# define EC_POINT_set_compressed_coordinates_GF2m \ - EC_POINT_set_compr_coords_GF2m --#undef ec_GF2m_simple_group_clear_finish --#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish --#undef ec_GF2m_simple_group_check_discriminant --#define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim --#undef ec_GF2m_simple_point_clear_finish --#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish --#undef ec_GF2m_simple_point_set_to_infinity --#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf --#undef ec_GF2m_simple_points_make_affine --#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine --#undef ec_GF2m_simple_point_set_affine_coordinates --#define ec_GF2m_simple_point_set_affine_coordinates \ -+# undef ec_GF2m_simple_group_clear_finish -+# define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish -+# undef ec_GF2m_simple_group_check_discriminant -+# define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim -+# undef ec_GF2m_simple_point_clear_finish -+# define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish -+# undef ec_GF2m_simple_point_set_to_infinity -+# define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf -+# undef ec_GF2m_simple_points_make_affine -+# define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine -+# undef ec_GF2m_simple_point_set_affine_coordinates -+# define ec_GF2m_simple_point_set_affine_coordinates \ - ec_GF2m_smp_pt_set_af_coords --#undef ec_GF2m_simple_point_get_affine_coordinates --#define ec_GF2m_simple_point_get_affine_coordinates \ -+# undef ec_GF2m_simple_point_get_affine_coordinates -+# define ec_GF2m_simple_point_get_affine_coordinates \ - ec_GF2m_smp_pt_get_af_coords --#undef ec_GF2m_simple_set_compressed_coordinates --#define ec_GF2m_simple_set_compressed_coordinates \ -+# undef ec_GF2m_simple_set_compressed_coordinates -+# define ec_GF2m_simple_set_compressed_coordinates \ - ec_GF2m_smp_set_compr_coords --#undef ec_GFp_simple_group_set_curve_GFp --#define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp --#undef ec_GFp_simple_group_get_curve_GFp --#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp --#undef ec_GFp_simple_group_clear_finish --#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish --#undef ec_GFp_simple_group_set_generator --#define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator --#undef ec_GFp_simple_group_get0_generator --#define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator --#undef ec_GFp_simple_group_get_cofactor --#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor --#undef ec_GFp_simple_point_clear_finish --#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish --#undef ec_GFp_simple_point_set_to_infinity --#define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf --#undef ec_GFp_simple_points_make_affine --#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine --#undef ec_GFp_simple_set_Jprojective_coordinates_GFp --#define ec_GFp_simple_set_Jprojective_coordinates_GFp \ -+# undef ec_GFp_simple_group_set_curve_GFp -+# define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp -+# undef ec_GFp_simple_group_get_curve_GFp -+# define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp -+# undef ec_GFp_simple_group_clear_finish -+# define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish -+# undef ec_GFp_simple_group_set_generator -+# define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator -+# undef ec_GFp_simple_group_get0_generator -+# define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator -+# undef ec_GFp_simple_group_get_cofactor -+# define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor -+# undef ec_GFp_simple_point_clear_finish -+# define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish -+# undef ec_GFp_simple_point_set_to_infinity -+# define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf -+# undef ec_GFp_simple_points_make_affine -+# define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine -+# undef ec_GFp_simple_set_Jprojective_coordinates_GFp -+# define ec_GFp_simple_set_Jprojective_coordinates_GFp \ - ec_GFp_smp_set_Jproj_coords_GFp --#undef ec_GFp_simple_get_Jprojective_coordinates_GFp --#define ec_GFp_simple_get_Jprojective_coordinates_GFp \ -+# undef ec_GFp_simple_get_Jprojective_coordinates_GFp -+# define ec_GFp_simple_get_Jprojective_coordinates_GFp \ - ec_GFp_smp_get_Jproj_coords_GFp --#undef ec_GFp_simple_point_set_affine_coordinates_GFp --#define ec_GFp_simple_point_set_affine_coordinates_GFp \ -+# undef ec_GFp_simple_point_set_affine_coordinates_GFp -+# define ec_GFp_simple_point_set_affine_coordinates_GFp \ - ec_GFp_smp_pt_set_af_coords_GFp --#undef ec_GFp_simple_point_get_affine_coordinates_GFp --#define ec_GFp_simple_point_get_affine_coordinates_GFp \ -+# undef ec_GFp_simple_point_get_affine_coordinates_GFp -+# define ec_GFp_simple_point_get_affine_coordinates_GFp \ - ec_GFp_smp_pt_get_af_coords_GFp --#undef ec_GFp_simple_set_compressed_coordinates_GFp --#define ec_GFp_simple_set_compressed_coordinates_GFp \ -+# undef ec_GFp_simple_set_compressed_coordinates_GFp -+# define ec_GFp_simple_set_compressed_coordinates_GFp \ - ec_GFp_smp_set_compr_coords_GFp --#undef ec_GFp_simple_point_set_affine_coordinates --#define ec_GFp_simple_point_set_affine_coordinates \ -+# undef ec_GFp_simple_point_set_affine_coordinates -+# define ec_GFp_simple_point_set_affine_coordinates \ - ec_GFp_smp_pt_set_af_coords --#undef ec_GFp_simple_point_get_affine_coordinates --#define ec_GFp_simple_point_get_affine_coordinates \ -+# undef ec_GFp_simple_point_get_affine_coordinates -+# define ec_GFp_simple_point_get_affine_coordinates \ - ec_GFp_smp_pt_get_af_coords --#undef ec_GFp_simple_set_compressed_coordinates --#define ec_GFp_simple_set_compressed_coordinates \ -+# undef ec_GFp_simple_set_compressed_coordinates -+# define ec_GFp_simple_set_compressed_coordinates \ - ec_GFp_smp_set_compr_coords --#undef ec_GFp_simple_group_check_discriminant --#define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim -+# undef ec_GFp_simple_group_check_discriminant -+# define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim - - /* Hack som long STORE names */ --#undef STORE_method_set_initialise_function --#define STORE_method_set_initialise_function STORE_meth_set_initialise_fn --#undef STORE_method_set_cleanup_function --#define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn --#undef STORE_method_set_generate_function --#define STORE_method_set_generate_function STORE_meth_set_generate_fn --#undef STORE_method_set_modify_function --#define STORE_method_set_modify_function STORE_meth_set_modify_fn --#undef STORE_method_set_revoke_function --#define STORE_method_set_revoke_function STORE_meth_set_revoke_fn --#undef STORE_method_set_delete_function --#define STORE_method_set_delete_function STORE_meth_set_delete_fn --#undef STORE_method_set_list_start_function --#define STORE_method_set_list_start_function STORE_meth_set_list_start_fn --#undef STORE_method_set_list_next_function --#define STORE_method_set_list_next_function STORE_meth_set_list_next_fn --#undef STORE_method_set_list_end_function --#define STORE_method_set_list_end_function STORE_meth_set_list_end_fn --#undef STORE_method_set_update_store_function --#define STORE_method_set_update_store_function STORE_meth_set_update_store_fn --#undef STORE_method_set_lock_store_function --#define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn --#undef STORE_method_set_unlock_store_function --#define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn --#undef STORE_method_get_initialise_function --#define STORE_method_get_initialise_function STORE_meth_get_initialise_fn --#undef STORE_method_get_cleanup_function --#define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn --#undef STORE_method_get_generate_function --#define STORE_method_get_generate_function STORE_meth_get_generate_fn --#undef STORE_method_get_modify_function --#define STORE_method_get_modify_function STORE_meth_get_modify_fn --#undef STORE_method_get_revoke_function --#define STORE_method_get_revoke_function STORE_meth_get_revoke_fn --#undef STORE_method_get_delete_function --#define STORE_method_get_delete_function STORE_meth_get_delete_fn --#undef STORE_method_get_list_start_function --#define STORE_method_get_list_start_function STORE_meth_get_list_start_fn --#undef STORE_method_get_list_next_function --#define STORE_method_get_list_next_function STORE_meth_get_list_next_fn --#undef STORE_method_get_list_end_function --#define STORE_method_get_list_end_function STORE_meth_get_list_end_fn --#undef STORE_method_get_update_store_function --#define STORE_method_get_update_store_function STORE_meth_get_update_store_fn --#undef STORE_method_get_lock_store_function --#define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn --#undef STORE_method_get_unlock_store_function --#define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn -+# undef STORE_method_set_initialise_function -+# define STORE_method_set_initialise_function STORE_meth_set_initialise_fn -+# undef STORE_method_set_cleanup_function -+# define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn -+# undef STORE_method_set_generate_function -+# define STORE_method_set_generate_function STORE_meth_set_generate_fn -+# undef STORE_method_set_modify_function -+# define STORE_method_set_modify_function STORE_meth_set_modify_fn -+# undef STORE_method_set_revoke_function -+# define STORE_method_set_revoke_function STORE_meth_set_revoke_fn -+# undef STORE_method_set_delete_function -+# define STORE_method_set_delete_function STORE_meth_set_delete_fn -+# undef STORE_method_set_list_start_function -+# define STORE_method_set_list_start_function STORE_meth_set_list_start_fn -+# undef STORE_method_set_list_next_function -+# define STORE_method_set_list_next_function STORE_meth_set_list_next_fn -+# undef STORE_method_set_list_end_function -+# define STORE_method_set_list_end_function STORE_meth_set_list_end_fn -+# undef STORE_method_set_update_store_function -+# define STORE_method_set_update_store_function STORE_meth_set_update_store_fn -+# undef STORE_method_set_lock_store_function -+# define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn -+# undef STORE_method_set_unlock_store_function -+# define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn -+# undef STORE_method_get_initialise_function -+# define STORE_method_get_initialise_function STORE_meth_get_initialise_fn -+# undef STORE_method_get_cleanup_function -+# define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn -+# undef STORE_method_get_generate_function -+# define STORE_method_get_generate_function STORE_meth_get_generate_fn -+# undef STORE_method_get_modify_function -+# define STORE_method_get_modify_function STORE_meth_get_modify_fn -+# undef STORE_method_get_revoke_function -+# define STORE_method_get_revoke_function STORE_meth_get_revoke_fn -+# undef STORE_method_get_delete_function -+# define STORE_method_get_delete_function STORE_meth_get_delete_fn -+# undef STORE_method_get_list_start_function -+# define STORE_method_get_list_start_function STORE_meth_get_list_start_fn -+# undef STORE_method_get_list_next_function -+# define STORE_method_get_list_next_function STORE_meth_get_list_next_fn -+# undef STORE_method_get_list_end_function -+# define STORE_method_get_list_end_function STORE_meth_get_list_end_fn -+# undef STORE_method_get_update_store_function -+# define STORE_method_get_update_store_function STORE_meth_get_update_store_fn -+# undef STORE_method_get_lock_store_function -+# define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn -+# undef STORE_method_get_unlock_store_function -+# define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn - - /* Hack some long CMS names */ --#undef CMS_RecipientInfo_ktri_get0_algs --#define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs --#undef CMS_RecipientInfo_ktri_get0_signer_id --#define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id --#undef CMS_OtherRevocationInfoFormat_it --#define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it --#undef CMS_KeyAgreeRecipientIdentifier_it --#define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it --#undef CMS_OriginatorIdentifierOrKey_it --#define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it --#undef cms_SignerIdentifier_get0_signer_id --#define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id -+# undef CMS_RecipientInfo_ktri_get0_algs -+# define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs -+# undef CMS_RecipientInfo_ktri_get0_signer_id -+# define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id -+# undef CMS_OtherRevocationInfoFormat_it -+# define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it -+# undef CMS_KeyAgreeRecipientIdentifier_it -+# define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it -+# undef CMS_OriginatorIdentifierOrKey_it -+# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it -+# undef cms_SignerIdentifier_get0_signer_id -+# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id - - /* Hack some long DTLS1 names */ --#undef dtls1_retransmit_buffered_messages --#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs -- --#endif /* defined OPENSSL_SYS_VMS */ -+# undef dtls1_retransmit_buffered_messages -+# define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs - -+# endif /* defined OPENSSL_SYS_VMS */ - - /* Case insensiteve linking causes problems.... */ --#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) --#undef ERR_load_CRYPTO_strings --#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings --#undef OCSP_crlID_new --#define OCSP_crlID_new OCSP_crlID2_new -- --#undef d2i_ECPARAMETERS --#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS --#undef i2d_ECPARAMETERS --#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS --#undef d2i_ECPKPARAMETERS --#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS --#undef i2d_ECPKPARAMETERS --#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS -- --/* These functions do not seem to exist! However, I'm paranoid... -- Original command in x509v3.h: -- These functions are being redefined in another directory, -- and clash when the linker is case-insensitive, so let's -- hide them a little, by giving them an extra 'o' at the -- beginning of the name... */ --#undef X509v3_cleanup_extensions --#define X509v3_cleanup_extensions oX509v3_cleanup_extensions --#undef X509v3_add_extension --#define X509v3_add_extension oX509v3_add_extension --#undef X509v3_add_netscape_extensions --#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions --#undef X509v3_add_standard_extensions --#define X509v3_add_standard_extensions oX509v3_add_standard_extensions -- -- --#endif -- -- --#endif /* ! defined HEADER_VMS_IDHACKS_H */ -+# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) -+# undef ERR_load_CRYPTO_strings -+# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings -+# undef OCSP_crlID_new -+# define OCSP_crlID_new OCSP_crlID2_new -+ -+# undef d2i_ECPARAMETERS -+# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS -+# undef i2d_ECPARAMETERS -+# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS -+# undef d2i_ECPKPARAMETERS -+# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS -+# undef i2d_ECPKPARAMETERS -+# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS -+ -+/* -+ * These functions do not seem to exist! However, I'm paranoid... Original -+ * command in x509v3.h: These functions are being redefined in another -+ * directory, and clash when the linker is case-insensitive, so let's hide -+ * them a little, by giving them an extra 'o' at the beginning of the name... -+ */ -+# undef X509v3_cleanup_extensions -+# define X509v3_cleanup_extensions oX509v3_cleanup_extensions -+# undef X509v3_add_extension -+# define X509v3_add_extension oX509v3_add_extension -+# undef X509v3_add_netscape_extensions -+# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions -+# undef X509v3_add_standard_extensions -+# define X509v3_add_standard_extensions oX509v3_add_standard_extensions -+ -+# endif -+ -+#endif /* ! defined HEADER_VMS_IDHACKS_H */ - /* This one clashes with CMS_data_create */ - #undef cms_Data_create --#define cms_Data_create priv_cms_Data_create -+#define cms_Data_create priv_cms_Data_create -diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h -index 47f25af..fd8a034 100644 ---- a/Cryptlib/Include/openssl/tls1.h -+++ b/Cryptlib/Include/openssl/tls1.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,7 +58,7 @@ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -- * Portions of the attached software ("Contribution") are developed by -+ * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source -@@ -69,356 +69,398 @@ - * - */ - --#ifndef HEADER_TLS1_H --#define HEADER_TLS1_H -+#ifndef HEADER_TLS1_H -+# define HEADER_TLS1_H - --#include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 -- --#define TLS1_2_VERSION 0x0303 --#define TLS1_2_VERSION_MAJOR 0x03 --#define TLS1_2_VERSION_MINOR 0x03 -- --#define TLS1_1_VERSION 0x0302 --#define TLS1_1_VERSION_MAJOR 0x03 --#define TLS1_1_VERSION_MINOR 0x02 -- --#define TLS1_VERSION 0x0301 --#define TLS1_VERSION_MAJOR 0x03 --#define TLS1_VERSION_MINOR 0x01 -- --#define TLS1_get_version(s) \ -- ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) -- --#define TLS1_get_client_version(s) \ -- ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) -- --#define TLS1_AD_DECRYPTION_FAILED 21 --#define TLS1_AD_RECORD_OVERFLOW 22 --#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ --#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ --#define TLS1_AD_DECODE_ERROR 50 /* fatal */ --#define TLS1_AD_DECRYPT_ERROR 51 --#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ --#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ --#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ --#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ --#define TLS1_AD_USER_CANCELLED 90 --#define TLS1_AD_NO_RENEGOTIATION 100 -+# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 -+ -+# define TLS1_VERSION 0x0301 -+# define TLS1_1_VERSION 0x0302 -+# define TLS1_2_VERSION 0x0303 -+/* -+ * TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so -+ * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above definitions. -+ * (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() check that would catch -+ * the error if TLS_MAX_VERSION was too low.) -+ */ -+# define TLS_MAX_VERSION TLS1_VERSION -+ -+# define TLS1_VERSION_MAJOR 0x03 -+# define TLS1_VERSION_MINOR 0x01 -+ -+# define TLS1_1_VERSION_MAJOR 0x03 -+# define TLS1_1_VERSION_MINOR 0x02 -+ -+# define TLS1_2_VERSION_MAJOR 0x03 -+# define TLS1_2_VERSION_MINOR 0x03 -+ -+# define TLS1_get_version(s) \ -+ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) -+ -+# define TLS1_get_client_version(s) \ -+ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) -+ -+# define TLS1_AD_DECRYPTION_FAILED 21 -+# define TLS1_AD_RECORD_OVERFLOW 22 -+# define TLS1_AD_UNKNOWN_CA 48/* fatal */ -+# define TLS1_AD_ACCESS_DENIED 49/* fatal */ -+# define TLS1_AD_DECODE_ERROR 50/* fatal */ -+# define TLS1_AD_DECRYPT_ERROR 51 -+# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ -+# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ -+# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ -+# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ -+# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ -+# define TLS1_AD_USER_CANCELLED 90 -+# define TLS1_AD_NO_RENEGOTIATION 100 - /* codes 110-114 are from RFC3546 */ --#define TLS1_AD_UNSUPPORTED_EXTENSION 110 --#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 --#define TLS1_AD_UNRECOGNIZED_NAME 112 --#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 --#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 --#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ -+# define TLS1_AD_UNSUPPORTED_EXTENSION 110 -+# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 -+# define TLS1_AD_UNRECOGNIZED_NAME 112 -+# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 -+# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 -+# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ - - /* ExtensionType values from RFC 3546 */ --#define TLSEXT_TYPE_server_name 0 --#define TLSEXT_TYPE_max_fragment_length 1 --#define TLSEXT_TYPE_client_certificate_url 2 --#define TLSEXT_TYPE_trusted_ca_keys 3 --#define TLSEXT_TYPE_truncated_hmac 4 --#define TLSEXT_TYPE_status_request 5 --#define TLSEXT_TYPE_elliptic_curves 10 --#define TLSEXT_TYPE_ec_point_formats 11 --#define TLSEXT_TYPE_session_ticket 35 -+# define TLSEXT_TYPE_server_name 0 -+# define TLSEXT_TYPE_max_fragment_length 1 -+# define TLSEXT_TYPE_client_certificate_url 2 -+# define TLSEXT_TYPE_trusted_ca_keys 3 -+# define TLSEXT_TYPE_truncated_hmac 4 -+# define TLSEXT_TYPE_status_request 5 -+# define TLSEXT_TYPE_elliptic_curves 10 -+# define TLSEXT_TYPE_ec_point_formats 11 -+# define TLSEXT_TYPE_session_ticket 35 - - /* Temporary extension type */ --#define TLSEXT_TYPE_renegotiate 0xff01 -+# define TLSEXT_TYPE_renegotiate 0xff01 - - /* NameType value from RFC 3546 */ --#define TLSEXT_NAMETYPE_host_name 0 -+# define TLSEXT_NAMETYPE_host_name 0 - /* status request value from RFC 3546 */ --#define TLSEXT_STATUSTYPE_ocsp 1 -+# define TLSEXT_STATUSTYPE_ocsp 1 - --#ifndef OPENSSL_NO_TLSEXT -+# ifndef OPENSSL_NO_TLSEXT - --#define TLSEXT_MAXLEN_host_name 255 -+# define TLSEXT_MAXLEN_host_name 255 - --const char *SSL_get_servername(const SSL *s, const int type) ; --int SSL_get_servername_type(const SSL *s) ; -+const char *SSL_get_servername(const SSL *s, const int type); -+int SSL_get_servername_type(const SSL *s); - --#define SSL_set_tlsext_host_name(s,name) \ -+# define SSL_set_tlsext_host_name(s,name) \ - SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) - --#define SSL_set_tlsext_debug_callback(ssl, cb) \ -+# define SSL_set_tlsext_debug_callback(ssl, cb) \ - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) - --#define SSL_set_tlsext_debug_arg(ssl, arg) \ -+# define SSL_set_tlsext_debug_arg(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) - --#define SSL_set_tlsext_status_type(ssl, type) \ -+# define SSL_set_tlsext_status_type(ssl, type) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) - --#define SSL_get_tlsext_status_exts(ssl, arg) \ -+# define SSL_get_tlsext_status_exts(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) - --#define SSL_set_tlsext_status_exts(ssl, arg) \ -+# define SSL_set_tlsext_status_exts(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) - --#define SSL_get_tlsext_status_ids(ssl, arg) \ -+# define SSL_get_tlsext_status_ids(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) - --#define SSL_set_tlsext_status_ids(ssl, arg) \ -+# define SSL_set_tlsext_status_ids(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) - --#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ -+# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) - --#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ -+# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) - --#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ -+# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) - --#define SSL_TLSEXT_ERR_OK 0 --#define SSL_TLSEXT_ERR_ALERT_WARNING 1 --#define SSL_TLSEXT_ERR_ALERT_FATAL 2 --#define SSL_TLSEXT_ERR_NOACK 3 -+# define SSL_TLSEXT_ERR_OK 0 -+# define SSL_TLSEXT_ERR_ALERT_WARNING 1 -+# define SSL_TLSEXT_ERR_ALERT_FATAL 2 -+# define SSL_TLSEXT_ERR_NOACK 3 - --#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ -+# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) - --#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ -- SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) --#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ -- SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) -+# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) -+# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ -+ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) - --#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ -+# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) - --#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ -+# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) - --#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ -+# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) - --#endif -+# endif - --/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt -+/* -+ * Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt - * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see - * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably -- * shouldn't. */ --#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 --#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 --#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 --#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 --#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 --#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 --#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 -+ * shouldn't. -+ */ -+# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 -+# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 -+# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 -+# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 -+# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 -+# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 -+# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 - - /* AES ciphersuites from RFC3268 */ - --#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F --#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 --#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 --#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 --#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 --#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 -+# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F -+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 -+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 -+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 -+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 -+# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 - --#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 --#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 --#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 --#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 --#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 --#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A -+# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 -+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 -+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 -+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 -+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 -+# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A - - /* Camellia ciphersuites from RFC4132 */ --#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 --#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 --#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 --#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 --#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 --#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 -- --#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 --#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 --#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 --#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 --#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 --#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 -+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 -+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 -+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 -+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 -+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 -+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 -+ -+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 -+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 -+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 -+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 -+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 -+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 - - /* SEED ciphersuites from RFC4162 */ --#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 --#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 --#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 --#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 --#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A --#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B -- --/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ --#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 --#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 --#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 --#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 --#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 -- --#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 --#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 --#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 --#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 --#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A -- --#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B --#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C --#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D --#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E --#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F -- --#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 --#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 --#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 --#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 --#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 -- --#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 --#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 --#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 --#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 --#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 -- --/* XXX -- * Inconsistency alert: -- * The OpenSSL names of ciphers with ephemeral DH here include the string -- * "DHE", while elsewhere it has always been "EDH". -- * (The alias for the list of all such ciphers also is "EDH".) -- * The specifications speak of "EDH"; maybe we should allow both forms -- * for everything. */ --#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" --#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" --#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" --#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" --#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" --#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" --#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" -+# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 -+# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 -+# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 -+# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 -+# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A -+# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B -+ -+/* -+ * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in -+ * draft 13 -+ */ -+# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 -+# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 -+# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 -+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 -+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 -+ -+# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 -+# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 -+# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 -+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 -+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A -+ -+# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B -+# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C -+# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D -+# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E -+# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F -+ -+# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 -+# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 -+# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 -+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 -+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 -+ -+# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 -+# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 -+# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 -+# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 -+# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 -+ -+/* -+ * XXX Inconsistency alert: The OpenSSL names of ciphers with ephemeral DH -+ * here include the string "DHE", while elsewhere it has always been "EDH". -+ * (The alias for the list of all such ciphers also is "EDH".) The -+ * specifications speak of "EDH"; maybe we should allow both forms for -+ * everything. -+ */ -+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" -+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" -+# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" -+# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" -+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" -+# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" -+# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" - - /* AES ciphersuites from RFC3268 */ --#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" --#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" --#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" --#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" --#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" --#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" -- --#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" --#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" --#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" --#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" --#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" --#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" -+# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" -+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" -+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" -+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" -+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" -+# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" -+ -+# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" -+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" -+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" -+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" -+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" -+# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" - - /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ --#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" --#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" --#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" --#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" --#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" -- --#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" --#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" --#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" --#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" --#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" -- --#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" --#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" --#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" --#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" --#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" -- --#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" --#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" --#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" --#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" --#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" -- --#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" --#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" --#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" --#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" --#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" -+# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" -+# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" -+# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" -+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" -+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" -+ -+# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" -+# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" -+# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" -+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" -+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" -+ -+# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" -+# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" -+# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" -+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" -+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" -+ -+# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" -+# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" -+# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" -+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" -+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" -+ -+# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" -+# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" -+# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" -+# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" -+# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" - - /* Camellia ciphersuites from RFC4132 */ --#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" --#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" --#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" --#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" --#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" --#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" -- --#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" --#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" --#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" --#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" --#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" --#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" -+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" -+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" -+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" -+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" -+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" -+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" -+ -+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" -+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" -+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" -+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" -+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" -+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" - - /* SEED ciphersuites from RFC4162 */ --#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" --#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" --#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" --#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" --#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" --#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" -- --#define TLS_CT_RSA_SIGN 1 --#define TLS_CT_DSS_SIGN 2 --#define TLS_CT_RSA_FIXED_DH 3 --#define TLS_CT_DSS_FIXED_DH 4 --#define TLS_CT_ECDSA_SIGN 64 --#define TLS_CT_RSA_FIXED_ECDH 65 --#define TLS_CT_ECDSA_FIXED_ECDH 66 --#define TLS_CT_NUMBER 7 -- --#define TLS1_FINISH_MAC_LENGTH 12 -- --#define TLS_MD_MAX_CONST_SIZE 20 --#define TLS_MD_CLIENT_FINISH_CONST "client finished" --#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 --#define TLS_MD_SERVER_FINISH_CONST "server finished" --#define TLS_MD_SERVER_FINISH_CONST_SIZE 15 --#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" --#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 --#define TLS_MD_KEY_EXPANSION_CONST "key expansion" --#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 --#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" --#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 --#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" --#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 --#define TLS_MD_IV_BLOCK_CONST "IV block" --#define TLS_MD_IV_BLOCK_CONST_SIZE 8 --#define TLS_MD_MASTER_SECRET_CONST "master secret" --#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 -- --#ifdef CHARSET_EBCDIC --#undef TLS_MD_CLIENT_FINISH_CONST --#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ --#undef TLS_MD_SERVER_FINISH_CONST --#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ --#undef TLS_MD_SERVER_WRITE_KEY_CONST --#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ --#undef TLS_MD_KEY_EXPANSION_CONST --#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ --#undef TLS_MD_CLIENT_WRITE_KEY_CONST --#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ --#undef TLS_MD_SERVER_WRITE_KEY_CONST --#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ --#undef TLS_MD_IV_BLOCK_CONST --#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ --#undef TLS_MD_MASTER_SECRET_CONST --#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ --#endif -+# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" -+# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" -+# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" -+# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" -+# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" -+# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" -+ -+# define TLS_CT_RSA_SIGN 1 -+# define TLS_CT_DSS_SIGN 2 -+# define TLS_CT_RSA_FIXED_DH 3 -+# define TLS_CT_DSS_FIXED_DH 4 -+# define TLS_CT_ECDSA_SIGN 64 -+# define TLS_CT_RSA_FIXED_ECDH 65 -+# define TLS_CT_ECDSA_FIXED_ECDH 66 -+# define TLS_CT_NUMBER 7 -+ -+# define TLS1_FINISH_MAC_LENGTH 12 -+ -+# define TLS_MD_MAX_CONST_SIZE 20 -+# define TLS_MD_CLIENT_FINISH_CONST "client finished" -+# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 -+# define TLS_MD_SERVER_FINISH_CONST "server finished" -+# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 -+# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" -+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 -+# define TLS_MD_KEY_EXPANSION_CONST "key expansion" -+# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 -+# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" -+# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 -+# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" -+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 -+# define TLS_MD_IV_BLOCK_CONST "IV block" -+# define TLS_MD_IV_BLOCK_CONST_SIZE 8 -+# define TLS_MD_MASTER_SECRET_CONST "master secret" -+# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 -+ -+# ifdef CHARSET_EBCDIC -+# undef TLS_MD_CLIENT_FINISH_CONST -+/* -+ * client finished -+ */ -+# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" -+ -+# undef TLS_MD_SERVER_FINISH_CONST -+/* -+ * server finished -+ */ -+# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" -+ -+# undef TLS_MD_SERVER_WRITE_KEY_CONST -+/* -+ * server write key -+ */ -+# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" -+ -+# undef TLS_MD_KEY_EXPANSION_CONST -+/* -+ * key expansion -+ */ -+# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" -+ -+# undef TLS_MD_CLIENT_WRITE_KEY_CONST -+/* -+ * client write key -+ */ -+# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" -+ -+# undef TLS_MD_SERVER_WRITE_KEY_CONST -+/* -+ * server write key -+ */ -+# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" -+ -+# undef TLS_MD_IV_BLOCK_CONST -+/* -+ * IV block -+ */ -+# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" -+ -+# undef TLS_MD_MASTER_SECRET_CONST -+/* -+ * master secret -+ */ -+# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" -+# endif - - #ifdef __cplusplus - } - #endif - #endif -- -- -- -diff --git a/Cryptlib/Include/openssl/tmdiff.h b/Cryptlib/Include/openssl/tmdiff.h -index af5c41c..33c901e 100644 ---- a/Cryptlib/Include/openssl/tmdiff.h -+++ b/Cryptlib/Include/openssl/tmdiff.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,29 +49,28 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* Header for dynamic hash table routines -- * Author - Eric Young -+/* -+ * Header for dynamic hash table routines Author - Eric Young - */ --/* ... erm yeah, "dynamic hash tables" you say? -- * -- * And what would dynamic hash tables have to do with any of this code *now*? -- * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused -- * file that I doubt compiles any more. speed.c is the only thing that could -- * use this (and it has nothing to do with hash tables), yet it instead has its -- * own duplication of all this stuff and looks, if anything, more complete. See -- * the corresponding note in apps/speed.c. -- * The Bemused - Geoff -+/* -+ * ... erm yeah, "dynamic hash tables" you say? And what would dynamic hash -+ * tables have to do with any of this code *now*? AFAICS, this code is only -+ * referenced by crypto/bn/exp.c which is an unused file that I doubt -+ * compiles any more. speed.c is the only thing that could use this (and it -+ * has nothing to do with hash tables), yet it instead has its own -+ * duplication of all this stuff and looks, if anything, more complete. See -+ * the corresponding note in apps/speed.c. The Bemused - Geoff - */ - - #ifndef HEADER_TMDIFF_H --#define HEADER_TMDIFF_H -+# define HEADER_TMDIFF_H - - #ifdef __cplusplus - extern "C" { -@@ -79,15 +78,14 @@ extern "C" { - - typedef struct ms_tm MS_TM; - --MS_TM *ms_time_new(void ); --void ms_time_free(MS_TM *a); --void ms_time_get(MS_TM *a); --double ms_time_diff(MS_TM *start, MS_TM *end); --int ms_time_cmp(const MS_TM *ap, const MS_TM *bp); -+MS_TM *ms_time_new(void); -+void ms_time_free(MS_TM * a); -+void ms_time_get(MS_TM * a); -+double ms_time_diff(MS_TM * start, MS_TM * end); -+int ms_time_cmp(const MS_TM * ap, const MS_TM * bp); - - #ifdef __cplusplus - } - #endif - - #endif -- -diff --git a/Cryptlib/Include/openssl/txt_db.h b/Cryptlib/Include/openssl/txt_db.h -index 307e1ba..f1145a7 100644 ---- a/Cryptlib/Include/openssl/txt_db.h -+++ b/Cryptlib/Include/openssl/txt_db.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,50 +57,49 @@ - */ - - #ifndef HEADER_TXT_DB_H --#define HEADER_TXT_DB_H -+# define HEADER_TXT_DB_H - --#include --#ifndef OPENSSL_NO_BIO --#include --#endif --#include --#include -+# include -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# include -+# include - --#define DB_ERROR_OK 0 --#define DB_ERROR_MALLOC 1 --#define DB_ERROR_INDEX_CLASH 2 --#define DB_ERROR_INDEX_OUT_OF_RANGE 3 --#define DB_ERROR_NO_INDEX 4 --#define DB_ERROR_INSERT_INDEX_CLASH 5 -+# define DB_ERROR_OK 0 -+# define DB_ERROR_MALLOC 1 -+# define DB_ERROR_INDEX_CLASH 2 -+# define DB_ERROR_INDEX_OUT_OF_RANGE 3 -+# define DB_ERROR_NO_INDEX 4 -+# define DB_ERROR_INSERT_INDEX_CLASH 5 - - #ifdef __cplusplus - extern "C" { - #endif - --typedef struct txt_db_st -- { -- int num_fields; -- STACK /* char ** */ *data; -- LHASH **index; -- int (**qual)(char **); -- long error; -- long arg1; -- long arg2; -- char **arg_row; -- } TXT_DB; -+typedef struct txt_db_st { -+ int num_fields; -+ STACK /* char ** */ * data; -+ LHASH **index; -+ int (**qual) (char **); -+ long error; -+ long arg1; -+ long arg2; -+ char **arg_row; -+} TXT_DB; - --#ifndef OPENSSL_NO_BIO -+# ifndef OPENSSL_NO_BIO - TXT_DB *TXT_DB_read(BIO *in, int num); - long TXT_DB_write(BIO *out, TXT_DB *db); --#else -+# else - TXT_DB *TXT_DB_read(char *in, int num); - long TXT_DB_write(char *out, TXT_DB *db); --#endif --int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **), -- LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); -+# endif -+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **), -+ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); - void TXT_DB_free(TXT_DB *db); - char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); --int TXT_DB_insert(TXT_DB *db,char **value); -+int TXT_DB_insert(TXT_DB *db, char **value); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ui.h b/Cryptlib/Include/openssl/ui.h -index 0182964..1f0c2ea 100644 ---- a/Cryptlib/Include/openssl/ui.h -+++ b/Cryptlib/Include/openssl/ui.h -@@ -1,6 +1,7 @@ - /* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,13 +58,13 @@ - */ - - #ifndef HEADER_UI_H --#define HEADER_UI_H -+# define HEADER_UI_H - --#ifndef OPENSSL_NO_DEPRECATED --#include --#endif --#include --#include -+# ifndef OPENSSL_NO_DEPRECATED -+# include -+# endif -+# include -+# include - - #ifdef __cplusplus - extern "C" { -@@ -73,41 +74,42 @@ extern "C" { - /* typedef struct ui_st UI; */ - /* typedef struct ui_method_st UI_METHOD; */ - -- --/* All the following functions return -1 or NULL on error and in some cases -- (UI_process()) -2 if interrupted or in some other way cancelled. -- When everything is fine, they return 0, a positive value or a non-NULL -- pointer, all depending on their purpose. */ -+/* -+ * All the following functions return -1 or NULL on error and in some cases -+ * (UI_process()) -2 if interrupted or in some other way cancelled. When -+ * everything is fine, they return 0, a positive value or a non-NULL pointer, -+ * all depending on their purpose. -+ */ - - /* Creators and destructor. */ - UI *UI_new(void); - UI *UI_new_method(const UI_METHOD *method); - void UI_free(UI *ui); - --/* The following functions are used to add strings to be printed and prompt -+/*- -+ The following functions are used to add strings to be printed and prompt - strings to prompt for data. The names are UI_{add,dup}__string - and UI_{add,dup}_input_boolean. - - UI_{add,dup}__string have the following meanings: -- add add a text or prompt string. The pointers given to these -- functions are used verbatim, no copying is done. -- dup make a copy of the text or prompt string, then add the copy -- to the collection of strings in the user interface. -- -- The function is a name for the functionality that the given -- string shall be used for. It can be one of: -- input use the string as data prompt. -- verify use the string as verification prompt. This -- is used to verify a previous input. -- info use the string for informational output. -- error use the string for error output. -+ add add a text or prompt string. The pointers given to these -+ functions are used verbatim, no copying is done. -+ dup make a copy of the text or prompt string, then add the copy -+ to the collection of strings in the user interface. -+ -+ The function is a name for the functionality that the given -+ string shall be used for. It can be one of: -+ input use the string as data prompt. -+ verify use the string as verification prompt. This -+ is used to verify a previous input. -+ info use the string for informational output. -+ error use the string for error output. - Honestly, there's currently no difference between info and error for the - moment. - - UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", - and are typically used when one wants to prompt for a yes/no response. - -- - All of the functions in this group take a UI and a prompt string. - The string input and verify addition functions also take a flag argument, - a buffer for the result to end up with, a minimum input size and a maximum -@@ -128,19 +130,21 @@ void UI_free(UI *ui); - On success, the all return an index of the added information. That index - is usefull when retrieving results with UI_get0_result(). */ - int UI_add_input_string(UI *ui, const char *prompt, int flags, -- char *result_buf, int minsize, int maxsize); -+ char *result_buf, int minsize, int maxsize); - int UI_dup_input_string(UI *ui, const char *prompt, int flags, -- char *result_buf, int minsize, int maxsize); -+ char *result_buf, int minsize, int maxsize); - int UI_add_verify_string(UI *ui, const char *prompt, int flags, -- char *result_buf, int minsize, int maxsize, const char *test_buf); -+ char *result_buf, int minsize, int maxsize, -+ const char *test_buf); - int UI_dup_verify_string(UI *ui, const char *prompt, int flags, -- char *result_buf, int minsize, int maxsize, const char *test_buf); -+ char *result_buf, int minsize, int maxsize, -+ const char *test_buf); - int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, -- const char *ok_chars, const char *cancel_chars, -- int flags, char *result_buf); -+ const char *ok_chars, const char *cancel_chars, -+ int flags, char *result_buf); - int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, -- const char *ok_chars, const char *cancel_chars, -- int flags, char *result_buf); -+ const char *ok_chars, const char *cancel_chars, -+ int flags, char *result_buf); - int UI_add_info_string(UI *ui, const char *text); - int UI_dup_info_string(UI *ui, const char *text); - int UI_add_error_string(UI *ui, const char *text); -@@ -148,56 +152,60 @@ int UI_dup_error_string(UI *ui, const char *text); - - /* These are the possible flags. They can be or'ed together. */ - /* Use to have echoing of input */ --#define UI_INPUT_FLAG_ECHO 0x01 --/* Use a default password. Where that password is found is completely -- up to the application, it might for example be in the user data set -- with UI_add_user_data(). It is not recommended to have more than -- one input in each UI being marked with this flag, or the application -- might get confused. */ --#define UI_INPUT_FLAG_DEFAULT_PWD 0x02 -- --/* The user of these routines may want to define flags of their own. The core -- UI won't look at those, but will pass them on to the method routines. They -- must use higher bits so they don't get confused with the UI bits above. -- UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good -- example of use is this: -- -- #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) -- -+# define UI_INPUT_FLAG_ECHO 0x01 -+/* -+ * Use a default password. Where that password is found is completely up to -+ * the application, it might for example be in the user data set with -+ * UI_add_user_data(). It is not recommended to have more than one input in -+ * each UI being marked with this flag, or the application might get -+ * confused. -+ */ -+# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 -+ -+/*- -+ * The user of these routines may want to define flags of their own. The core -+ * UI won't look at those, but will pass them on to the method routines. They -+ * must use higher bits so they don't get confused with the UI bits above. -+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good -+ * example of use is this: -+ * -+ * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) -+ * - */ --#define UI_INPUT_FLAG_USER_BASE 16 -- -- --/* The following function helps construct a prompt. object_desc is a -- textual short description of the object, for example "pass phrase", -- and object_name is the name of the object (might be a card name or -- a file name. -- The returned string shall always be allocated on the heap with -- OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). -- -- If the ui_method doesn't contain a pointer to a user-defined prompt -- constructor, a default string is built, looking like this: -- -- "Enter {object_desc} for {object_name}:" -- -- So, if object_desc has the value "pass phrase" and object_name has -- the value "foo.key", the resulting string is: -- -- "Enter pass phrase for foo.key:" -+# define UI_INPUT_FLAG_USER_BASE 16 -+ -+/*- -+ * The following function helps construct a prompt. object_desc is a -+ * textual short description of the object, for example "pass phrase", -+ * and object_name is the name of the object (might be a card name or -+ * a file name. -+ * The returned string shall always be allocated on the heap with -+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). -+ * -+ * If the ui_method doesn't contain a pointer to a user-defined prompt -+ * constructor, a default string is built, looking like this: -+ * -+ * "Enter {object_desc} for {object_name}:" -+ * -+ * So, if object_desc has the value "pass phrase" and object_name has -+ * the value "foo.key", the resulting string is: -+ * -+ * "Enter pass phrase for foo.key:" - */ - char *UI_construct_prompt(UI *ui_method, -- const char *object_desc, const char *object_name); -- -+ const char *object_desc, const char *object_name); - --/* The following function is used to store a pointer to user-specific data. -- Any previous such pointer will be returned and replaced. -- -- For callback purposes, this function makes a lot more sense than using -- ex_data, since the latter requires that different parts of OpenSSL or -- applications share the same ex_data index. -- -- Note that the UI_OpenSSL() method completely ignores the user data. -- Other methods may not, however. */ -+/* -+ * The following function is used to store a pointer to user-specific data. -+ * Any previous such pointer will be returned and replaced. -+ * -+ * For callback purposes, this function makes a lot more sense than using -+ * ex_data, since the latter requires that different parts of OpenSSL or -+ * applications share the same ex_data index. -+ * -+ * Note that the UI_OpenSSL() method completely ignores the user data. Other -+ * methods may not, however. -+ */ - void *UI_add_user_data(UI *ui, void *user_data); - /* We need a user data retrieving function as well. */ - void *UI_get0_user_data(UI *ui); -@@ -208,28 +216,33 @@ const char *UI_get0_result(UI *ui, int i); - /* When all strings have been added, process the whole thing. */ - int UI_process(UI *ui); - --/* Give a user interface parametrised control commands. This can be used to -- send down an integer, a data pointer or a function pointer, as well as -- be used to get information from a UI. */ --int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); -+/* -+ * Give a user interface parametrised control commands. This can be used to -+ * send down an integer, a data pointer or a function pointer, as well as be -+ * used to get information from a UI. -+ */ -+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); - - /* The commands */ --/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the -- OpenSSL error stack before printing any info or added error messages and -- before any prompting. */ --#define UI_CTRL_PRINT_ERRORS 1 --/* Check if a UI_process() is possible to do again with the same instance of -- a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 -- if not. */ --#define UI_CTRL_IS_REDOABLE 2 -- -+/* -+ * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the -+ * OpenSSL error stack before printing any info or added error messages and -+ * before any prompting. -+ */ -+# define UI_CTRL_PRINT_ERRORS 1 -+/* -+ * Check if a UI_process() is possible to do again with the same instance of -+ * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 -+ * if not. -+ */ -+# define UI_CTRL_IS_REDOABLE 2 - - /* Some methods may use extra data */ --#define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) --#define UI_get_app_data(s) UI_get_ex_data(s,0) -+# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) -+# define UI_get_app_data(s) UI_get_ex_data(s,0) - int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); --int UI_set_ex_data(UI *r,int idx,void *arg); -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+int UI_set_ex_data(UI *r, int idx, void *arg); - void *UI_get_ex_data(UI *r, int idx); - - /* Use specific methods instead of the built-in one */ -@@ -241,34 +254,34 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); - /* The method with all the built-in thingies */ - UI_METHOD *UI_OpenSSL(void); - -- - /* ---------- For method writers ---------- */ --/* A method contains a number of functions that implement the low level -+/*- -+ A method contains a number of functions that implement the low level - of the User Interface. The functions are: - -- an opener This function starts a session, maybe by opening -- a channel to a tty, or by opening a window. -- a writer This function is called to write a given string, -- maybe to the tty, maybe as a field label in a -- window. -- a flusher This function is called to flush everything that -- has been output so far. It can be used to actually -- display a dialog box after it has been built. -- a reader This function is called to read a given prompt, -- maybe from the tty, maybe from a field in a -- window. Note that it's called wth all string -- structures, not only the prompt ones, so it must -- check such things itself. -- a closer This function closes the session, maybe by closing -- the channel to the tty, or closing the window. -+ an opener This function starts a session, maybe by opening -+ a channel to a tty, or by opening a window. -+ a writer This function is called to write a given string, -+ maybe to the tty, maybe as a field label in a -+ window. -+ a flusher This function is called to flush everything that -+ has been output so far. It can be used to actually -+ display a dialog box after it has been built. -+ a reader This function is called to read a given prompt, -+ maybe from the tty, maybe from a field in a -+ window. Note that it's called wth all string -+ structures, not only the prompt ones, so it must -+ check such things itself. -+ a closer This function closes the session, maybe by closing -+ the channel to the tty, or closing the window. - - All these functions are expected to return: - -- 0 on error. -- 1 on success. -- -1 on out-of-band events, for example if some prompting has -- been canceled (by pressing Ctrl-C, for example). This is -- only checked when returned by the flusher or the reader. -+ 0 on error. -+ 1 on success. -+ -1 on out-of-band events, for example if some prompting has -+ been canceled (by pressing Ctrl-C, for example). This is -+ only checked when returned by the flusher or the reader. - - The way this is used, the opener is first called, then the writer for all - strings, then the flusher, then the reader for all strings and finally the -@@ -284,40 +297,46 @@ UI_METHOD *UI_OpenSSL(void); - the reader take a UI_STRING. - */ - --/* The UI_STRING type is the data structure that contains all the needed info -- about a string or a prompt, including test data for a verification prompt. --*/ -+/* -+ * The UI_STRING type is the data structure that contains all the needed info -+ * about a string or a prompt, including test data for a verification prompt. -+ */ - DECLARE_STACK_OF(UI_STRING) - typedef struct ui_string_st UI_STRING; - --/* The different types of strings that are currently supported. -- This is only needed by method authors. */ --enum UI_string_types -- { -- UIT_NONE=0, -- UIT_PROMPT, /* Prompt for a string */ -- UIT_VERIFY, /* Prompt for a string and verify */ -- UIT_BOOLEAN, /* Prompt for a yes/no response */ -- UIT_INFO, /* Send info to the user */ -- UIT_ERROR /* Send an error message to the user */ -- }; -+/* -+ * The different types of strings that are currently supported. This is only -+ * needed by method authors. -+ */ -+enum UI_string_types { -+ UIT_NONE = 0, -+ UIT_PROMPT, /* Prompt for a string */ -+ UIT_VERIFY, /* Prompt for a string and verify */ -+ UIT_BOOLEAN, /* Prompt for a yes/no response */ -+ UIT_INFO, /* Send info to the user */ -+ UIT_ERROR /* Send an error message to the user */ -+}; - - /* Create and manipulate methods */ - UI_METHOD *UI_create_method(char *name); - void UI_destroy_method(UI_METHOD *ui_method); --int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)); --int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis)); --int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)); --int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)); --int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)); --int (*UI_method_get_opener(UI_METHOD *method))(UI*); --int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*); --int (*UI_method_get_flusher(UI_METHOD *method))(UI*); --int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*); --int (*UI_method_get_closer(UI_METHOD *method))(UI*); -- --/* The following functions are helpers for method writers to access relevant -- data from a UI_STRING. */ -+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); -+int UI_method_set_writer(UI_METHOD *method, -+ int (*writer) (UI *ui, UI_STRING *uis)); -+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); -+int UI_method_set_reader(UI_METHOD *method, -+ int (*reader) (UI *ui, UI_STRING *uis)); -+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); -+int (*UI_method_get_opener(UI_METHOD *method)) (UI *); -+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *); -+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *); -+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *); -+int (*UI_method_get_closer(UI_METHOD *method)) (UI *); -+ -+/* -+ * The following functions are helpers for method writers to access relevant -+ * data from a UI_STRING. -+ */ - - /* Return type of the UI_STRING */ - enum UI_string_types UI_get_string_type(UI_STRING *uis); -@@ -325,11 +344,16 @@ enum UI_string_types UI_get_string_type(UI_STRING *uis); - int UI_get_input_flags(UI_STRING *uis); - /* Return the actual string to output (the prompt, info or error) */ - const char *UI_get0_output_string(UI_STRING *uis); --/* Return the optional action string to output (the boolean promtp instruction) */ -+/* -+ * Return the optional action string to output (the boolean promtp -+ * instruction) -+ */ - const char *UI_get0_action_string(UI_STRING *uis); - /* Return the result of a prompt */ - const char *UI_get0_result_string(UI_STRING *uis); --/* Return the string to test the result against. Only useful with verifies. */ -+/* -+ * Return the string to test the result against. Only useful with verifies. -+ */ - const char *UI_get0_test_string(UI_STRING *uis); - /* Return the required minimum size of the result */ - int UI_get_result_minsize(UI_STRING *uis); -@@ -338,14 +362,15 @@ int UI_get_result_maxsize(UI_STRING *uis); - /* Set the result of a UI_STRING. */ - int UI_set_result(UI *ui, UI_STRING *uis, const char *result); - -- - /* A couple of popular utility functions */ --int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify); --int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); -- -+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, -+ int verify); -+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, -+ int verify); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_UI_strings(void); -@@ -353,27 +378,27 @@ void ERR_load_UI_strings(void); - /* Error codes for the UI functions. */ - - /* Function codes. */ --#define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 --#define UI_F_GENERAL_ALLOCATE_PROMPT 109 --#define UI_F_GENERAL_ALLOCATE_STRING 100 --#define UI_F_UI_CTRL 111 --#define UI_F_UI_DUP_ERROR_STRING 101 --#define UI_F_UI_DUP_INFO_STRING 102 --#define UI_F_UI_DUP_INPUT_BOOLEAN 110 --#define UI_F_UI_DUP_INPUT_STRING 103 --#define UI_F_UI_DUP_VERIFY_STRING 106 --#define UI_F_UI_GET0_RESULT 107 --#define UI_F_UI_NEW_METHOD 104 --#define UI_F_UI_SET_RESULT 105 -+# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 -+# define UI_F_GENERAL_ALLOCATE_PROMPT 109 -+# define UI_F_GENERAL_ALLOCATE_STRING 100 -+# define UI_F_UI_CTRL 111 -+# define UI_F_UI_DUP_ERROR_STRING 101 -+# define UI_F_UI_DUP_INFO_STRING 102 -+# define UI_F_UI_DUP_INPUT_BOOLEAN 110 -+# define UI_F_UI_DUP_INPUT_STRING 103 -+# define UI_F_UI_DUP_VERIFY_STRING 106 -+# define UI_F_UI_GET0_RESULT 107 -+# define UI_F_UI_NEW_METHOD 104 -+# define UI_F_UI_SET_RESULT 105 - - /* Reason codes. */ --#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 --#define UI_R_INDEX_TOO_LARGE 102 --#define UI_R_INDEX_TOO_SMALL 103 --#define UI_R_NO_RESULT_BUFFER 105 --#define UI_R_RESULT_TOO_LARGE 100 --#define UI_R_RESULT_TOO_SMALL 101 --#define UI_R_UNKNOWN_CONTROL_COMMAND 106 -+# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 -+# define UI_R_INDEX_TOO_LARGE 102 -+# define UI_R_INDEX_TOO_SMALL 103 -+# define UI_R_NO_RESULT_BUFFER 105 -+# define UI_R_RESULT_TOO_LARGE 100 -+# define UI_R_RESULT_TOO_SMALL 101 -+# define UI_R_UNKNOWN_CONTROL_COMMAND 106 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/ui_compat.h b/Cryptlib/Include/openssl/ui_compat.h -index b35c9bb..42fb9ff 100644 ---- a/Cryptlib/Include/openssl/ui_compat.h -+++ b/Cryptlib/Include/openssl/ui_compat.h -@@ -1,6 +1,7 @@ - /* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,25 +58,29 @@ - */ - - #ifndef HEADER_UI_COMPAT_H --#define HEADER_UI_COMPAT_H -+# define HEADER_UI_COMPAT_H - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --/* The following functions were previously part of the DES section, -- and are provided here for backward compatibility reasons. */ -+/* -+ * The following functions were previously part of the DES section, and are -+ * provided here for backward compatibility reasons. -+ */ - --#define des_read_pw_string(b,l,p,v) \ -- _ossl_old_des_read_pw_string((b),(l),(p),(v)) --#define des_read_pw(b,bf,s,p,v) \ -- _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) -+# define des_read_pw_string(b,l,p,v) \ -+ _ossl_old_des_read_pw_string((b),(l),(p),(v)) -+# define des_read_pw(b,bf,s,p,v) \ -+ _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) - --int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify); --int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); -+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, -+ int verify); -+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, -+ int verify); - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/x509.h b/Cryptlib/Include/openssl/x509.h -index c34689a..51cccbf 100644 ---- a/Cryptlib/Include/openssl/x509.h -+++ b/Cryptlib/Include/openssl/x509.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,153 +57,145 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECDH support in OpenSSL originally developed by -+ * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - - #ifndef HEADER_X509_H --#define HEADER_X509_H -- --#include --#include --#ifndef OPENSSL_NO_BUFFER --#include --#endif --#ifndef OPENSSL_NO_EVP --#include --#endif --#ifndef OPENSSL_NO_BIO --#include --#endif --#include --#include --#include -- --#ifndef OPENSSL_NO_EC --#include --#endif -- --#ifndef OPENSSL_NO_ECDSA --#include --#endif -- --#ifndef OPENSSL_NO_ECDH --#include --#endif -- --#ifndef OPENSSL_NO_DEPRECATED --#ifndef OPENSSL_NO_RSA --#include --#endif --#ifndef OPENSSL_NO_DSA --#include --#endif --#ifndef OPENSSL_NO_DH --#include --#endif --#endif -- --#ifndef OPENSSL_NO_SHA --#include --#endif --#include -+# define HEADER_X509_H -+ -+# include -+# include -+# ifndef OPENSSL_NO_BUFFER -+# include -+# endif -+# ifndef OPENSSL_NO_EVP -+# include -+# endif -+# ifndef OPENSSL_NO_BIO -+# include -+# endif -+# include -+# include -+# include -+ -+# ifndef OPENSSL_NO_EC -+# include -+# endif -+ -+# ifndef OPENSSL_NO_ECDSA -+# include -+# endif -+ -+# ifndef OPENSSL_NO_ECDH -+# include -+# endif -+ -+# ifndef OPENSSL_NO_DEPRECATED -+# ifndef OPENSSL_NO_RSA -+# include -+# endif -+# ifndef OPENSSL_NO_DSA -+# include -+# endif -+# ifndef OPENSSL_NO_DH -+# include -+# endif -+# endif -+ -+# ifndef OPENSSL_NO_SHA -+# include -+# endif -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#ifdef OPENSSL_SYS_WIN32 -+# ifdef OPENSSL_SYS_WIN32 - /* Under Win32 these are defined in wincrypt.h */ --#undef X509_NAME --#undef X509_CERT_PAIR --#undef X509_EXTENSIONS --#endif -- --#define X509_FILETYPE_PEM 1 --#define X509_FILETYPE_ASN1 2 --#define X509_FILETYPE_DEFAULT 3 -- --#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 --#define X509v3_KU_NON_REPUDIATION 0x0040 --#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 --#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 --#define X509v3_KU_KEY_AGREEMENT 0x0008 --#define X509v3_KU_KEY_CERT_SIGN 0x0004 --#define X509v3_KU_CRL_SIGN 0x0002 --#define X509v3_KU_ENCIPHER_ONLY 0x0001 --#define X509v3_KU_DECIPHER_ONLY 0x8000 --#define X509v3_KU_UNDEF 0xffff -- --typedef struct X509_objects_st -- { -- int nid; -- int (*a2i)(void); -- int (*i2a)(void); -- } X509_OBJECTS; -- --struct X509_algor_st -- { -- ASN1_OBJECT *algorithm; -- ASN1_TYPE *parameter; -- } /* X509_ALGOR */; -+# undef X509_NAME -+# undef X509_CERT_PAIR -+# undef X509_EXTENSIONS -+# endif -+ -+# define X509_FILETYPE_PEM 1 -+# define X509_FILETYPE_ASN1 2 -+# define X509_FILETYPE_DEFAULT 3 -+ -+# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 -+# define X509v3_KU_NON_REPUDIATION 0x0040 -+# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 -+# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 -+# define X509v3_KU_KEY_AGREEMENT 0x0008 -+# define X509v3_KU_KEY_CERT_SIGN 0x0004 -+# define X509v3_KU_CRL_SIGN 0x0002 -+# define X509v3_KU_ENCIPHER_ONLY 0x0001 -+# define X509v3_KU_DECIPHER_ONLY 0x8000 -+# define X509v3_KU_UNDEF 0xffff -+ -+typedef struct X509_objects_st { -+ int nid; -+ int (*a2i) (void); -+ int (*i2a) (void); -+} X509_OBJECTS; -+ -+struct X509_algor_st { -+ ASN1_OBJECT *algorithm; -+ ASN1_TYPE *parameter; -+} /* X509_ALGOR */ ; - - DECLARE_ASN1_SET_OF(X509_ALGOR) - - typedef STACK_OF(X509_ALGOR) X509_ALGORS; - --typedef struct X509_val_st -- { -- ASN1_TIME *notBefore; -- ASN1_TIME *notAfter; -- } X509_VAL; -- --typedef struct X509_pubkey_st -- { -- X509_ALGOR *algor; -- ASN1_BIT_STRING *public_key; -- EVP_PKEY *pkey; -- } X509_PUBKEY; -- --typedef struct X509_sig_st -- { -- X509_ALGOR *algor; -- ASN1_OCTET_STRING *digest; -- } X509_SIG; -- --typedef struct X509_name_entry_st -- { -- ASN1_OBJECT *object; -- ASN1_STRING *value; -- int set; -- int size; /* temp variable */ -- } X509_NAME_ENTRY; -+typedef struct X509_val_st { -+ ASN1_TIME *notBefore; -+ ASN1_TIME *notAfter; -+} X509_VAL; -+ -+typedef struct X509_pubkey_st { -+ X509_ALGOR *algor; -+ ASN1_BIT_STRING *public_key; -+ EVP_PKEY *pkey; -+} X509_PUBKEY; -+ -+typedef struct X509_sig_st { -+ X509_ALGOR *algor; -+ ASN1_OCTET_STRING *digest; -+} X509_SIG; -+ -+typedef struct X509_name_entry_st { -+ ASN1_OBJECT *object; -+ ASN1_STRING *value; -+ int set; -+ int size; /* temp variable */ -+} X509_NAME_ENTRY; - - DECLARE_STACK_OF(X509_NAME_ENTRY) - DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) - - /* we always keep X509_NAMEs in 2 forms. */ --struct X509_name_st -- { -- STACK_OF(X509_NAME_ENTRY) *entries; -- int modified; /* true if 'bytes' needs to be built */ --#ifndef OPENSSL_NO_BUFFER -- BUF_MEM *bytes; --#else -- char *bytes; --#endif -- unsigned long hash; /* Keep the hash around for lookups */ -- } /* X509_NAME */; -+struct X509_name_st { -+ STACK_OF(X509_NAME_ENTRY) *entries; -+ int modified; /* true if 'bytes' needs to be built */ -+# ifndef OPENSSL_NO_BUFFER -+ BUF_MEM *bytes; -+# else -+ char *bytes; -+# endif -+ unsigned long hash; /* Keep the hash around for lookups */ -+} /* X509_NAME */ ; - - DECLARE_STACK_OF(X509_NAME) - --#define X509_EX_V_NETSCAPE_HACK 0x8000 --#define X509_EX_V_INIT 0x0001 --typedef struct X509_extension_st -- { -- ASN1_OBJECT *object; -- ASN1_BOOLEAN critical; -- ASN1_OCTET_STRING *value; -- } X509_EXTENSION; -+# define X509_EX_V_NETSCAPE_HACK 0x8000 -+# define X509_EX_V_INIT 0x0001 -+typedef struct X509_extension_st { -+ ASN1_OBJECT *object; -+ ASN1_BOOLEAN critical; -+ ASN1_OCTET_STRING *value; -+} X509_EXTENSION; - - typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; - -@@ -211,97 +203,95 @@ DECLARE_STACK_OF(X509_EXTENSION) - DECLARE_ASN1_SET_OF(X509_EXTENSION) - - /* a sequence of these are used */ --typedef struct x509_attributes_st -- { -- ASN1_OBJECT *object; -- int single; /* 0 for a set, 1 for a single item (which is wrong) */ -- union { -- char *ptr; --/* 0 */ STACK_OF(ASN1_TYPE) *set; --/* 1 */ ASN1_TYPE *single; -- } value; -- } X509_ATTRIBUTE; -+typedef struct x509_attributes_st { -+ ASN1_OBJECT *object; -+ int single; /* 0 for a set, 1 for a single item (which is -+ * wrong) */ -+ union { -+ char *ptr; -+ /* -+ * 0 -+ */ STACK_OF(ASN1_TYPE) *set; -+ /* -+ * 1 -+ */ ASN1_TYPE *single; -+ } value; -+} X509_ATTRIBUTE; - - DECLARE_STACK_OF(X509_ATTRIBUTE) - DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) - -- --typedef struct X509_req_info_st -- { -- ASN1_ENCODING enc; -- ASN1_INTEGER *version; -- X509_NAME *subject; -- X509_PUBKEY *pubkey; -- /* d=2 hl=2 l= 0 cons: cont: 00 */ -- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -- } X509_REQ_INFO; -- --typedef struct X509_req_st -- { -- X509_REQ_INFO *req_info; -- X509_ALGOR *sig_alg; -- ASN1_BIT_STRING *signature; -- int references; -- } X509_REQ; -- --typedef struct x509_cinf_st -- { -- ASN1_INTEGER *version; /* [ 0 ] default of v1 */ -- ASN1_INTEGER *serialNumber; -- X509_ALGOR *signature; -- X509_NAME *issuer; -- X509_VAL *validity; -- X509_NAME *subject; -- X509_PUBKEY *key; -- ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ -- ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ -- STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ -- ASN1_ENCODING enc; -- } X509_CINF; -- --/* This stuff is certificate "auxiliary info" -- * it contains details which are useful in certificate -- * stores and databases. When used this is tagged onto -+typedef struct X509_req_info_st { -+ ASN1_ENCODING enc; -+ ASN1_INTEGER *version; -+ X509_NAME *subject; -+ X509_PUBKEY *pubkey; -+ /* d=2 hl=2 l= 0 cons: cont: 00 */ -+ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -+} X509_REQ_INFO; -+ -+typedef struct X509_req_st { -+ X509_REQ_INFO *req_info; -+ X509_ALGOR *sig_alg; -+ ASN1_BIT_STRING *signature; -+ int references; -+} X509_REQ; -+ -+typedef struct x509_cinf_st { -+ ASN1_INTEGER *version; /* [ 0 ] default of v1 */ -+ ASN1_INTEGER *serialNumber; -+ X509_ALGOR *signature; -+ X509_NAME *issuer; -+ X509_VAL *validity; -+ X509_NAME *subject; -+ X509_PUBKEY *key; -+ ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ -+ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ -+ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ -+ ASN1_ENCODING enc; -+} X509_CINF; -+ -+/* -+ * This stuff is certificate "auxiliary info" it contains details which are -+ * useful in certificate stores and databases. When used this is tagged onto - * the end of the certificate itself - */ - --typedef struct x509_cert_aux_st -- { -- STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ -- STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ -- ASN1_UTF8STRING *alias; /* "friendly name" */ -- ASN1_OCTET_STRING *keyid; /* key id of private key */ -- STACK_OF(X509_ALGOR) *other; /* other unspecified info */ -- } X509_CERT_AUX; -- --struct x509_st -- { -- X509_CINF *cert_info; -- X509_ALGOR *sig_alg; -- ASN1_BIT_STRING *signature; -- int valid; -- int references; -- char *name; -- CRYPTO_EX_DATA ex_data; -- /* These contain copies of various extension values */ -- long ex_pathlen; -- long ex_pcpathlen; -- unsigned long ex_flags; -- unsigned long ex_kusage; -- unsigned long ex_xkusage; -- unsigned long ex_nscert; -- ASN1_OCTET_STRING *skid; -- struct AUTHORITY_KEYID_st *akid; -- X509_POLICY_CACHE *policy_cache; --#ifndef OPENSSL_NO_RFC3779 -- STACK_OF(IPAddressFamily) *rfc3779_addr; -- struct ASIdentifiers_st *rfc3779_asid; --#endif --#ifndef OPENSSL_NO_SHA -- unsigned char sha1_hash[SHA_DIGEST_LENGTH]; --#endif -- X509_CERT_AUX *aux; -- } /* X509 */; -+typedef struct x509_cert_aux_st { -+ STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ -+ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ -+ ASN1_UTF8STRING *alias; /* "friendly name" */ -+ ASN1_OCTET_STRING *keyid; /* key id of private key */ -+ STACK_OF(X509_ALGOR) *other; /* other unspecified info */ -+} X509_CERT_AUX; -+ -+struct x509_st { -+ X509_CINF *cert_info; -+ X509_ALGOR *sig_alg; -+ ASN1_BIT_STRING *signature; -+ int valid; -+ int references; -+ char *name; -+ CRYPTO_EX_DATA ex_data; -+ /* These contain copies of various extension values */ -+ long ex_pathlen; -+ long ex_pcpathlen; -+ unsigned long ex_flags; -+ unsigned long ex_kusage; -+ unsigned long ex_xkusage; -+ unsigned long ex_nscert; -+ ASN1_OCTET_STRING *skid; -+ struct AUTHORITY_KEYID_st *akid; -+ X509_POLICY_CACHE *policy_cache; -+# ifndef OPENSSL_NO_RFC3779 -+ STACK_OF(IPAddressFamily) *rfc3779_addr; -+ struct ASIdentifiers_st *rfc3779_asid; -+# endif -+# ifndef OPENSSL_NO_SHA -+ unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -+# endif -+ X509_CERT_AUX *aux; -+} /* X509 */ ; - - DECLARE_STACK_OF(X509) - DECLARE_ASN1_SET_OF(X509) -@@ -309,557 +299,548 @@ DECLARE_ASN1_SET_OF(X509) - /* This is used for a table of trust checking functions */ - - typedef struct x509_trust_st { -- int trust; -- int flags; -- int (*check_trust)(struct x509_trust_st *, X509 *, int); -- char *name; -- int arg1; -- void *arg2; -+ int trust; -+ int flags; -+ int (*check_trust) (struct x509_trust_st *, X509 *, int); -+ char *name; -+ int arg1; -+ void *arg2; - } X509_TRUST; - - DECLARE_STACK_OF(X509_TRUST) - - typedef struct x509_cert_pair_st { -- X509 *forward; -- X509 *reverse; -+ X509 *forward; -+ X509 *reverse; - } X509_CERT_PAIR; - - /* standard trust ids */ - --#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ -+# define X509_TRUST_DEFAULT -1/* Only valid in purpose settings */ - --#define X509_TRUST_COMPAT 1 --#define X509_TRUST_SSL_CLIENT 2 --#define X509_TRUST_SSL_SERVER 3 --#define X509_TRUST_EMAIL 4 --#define X509_TRUST_OBJECT_SIGN 5 --#define X509_TRUST_OCSP_SIGN 6 --#define X509_TRUST_OCSP_REQUEST 7 -+# define X509_TRUST_COMPAT 1 -+# define X509_TRUST_SSL_CLIENT 2 -+# define X509_TRUST_SSL_SERVER 3 -+# define X509_TRUST_EMAIL 4 -+# define X509_TRUST_OBJECT_SIGN 5 -+# define X509_TRUST_OCSP_SIGN 6 -+# define X509_TRUST_OCSP_REQUEST 7 - - /* Keep these up to date! */ --#define X509_TRUST_MIN 1 --#define X509_TRUST_MAX 7 -- -+# define X509_TRUST_MIN 1 -+# define X509_TRUST_MAX 7 - - /* trust_flags values */ --#define X509_TRUST_DYNAMIC 1 --#define X509_TRUST_DYNAMIC_NAME 2 -+# define X509_TRUST_DYNAMIC 1 -+# define X509_TRUST_DYNAMIC_NAME 2 - - /* check_trust return codes */ - --#define X509_TRUST_TRUSTED 1 --#define X509_TRUST_REJECTED 2 --#define X509_TRUST_UNTRUSTED 3 -+# define X509_TRUST_TRUSTED 1 -+# define X509_TRUST_REJECTED 2 -+# define X509_TRUST_UNTRUSTED 3 - - /* Flags for X509_print_ex() */ - --#define X509_FLAG_COMPAT 0 --#define X509_FLAG_NO_HEADER 1L --#define X509_FLAG_NO_VERSION (1L << 1) --#define X509_FLAG_NO_SERIAL (1L << 2) --#define X509_FLAG_NO_SIGNAME (1L << 3) --#define X509_FLAG_NO_ISSUER (1L << 4) --#define X509_FLAG_NO_VALIDITY (1L << 5) --#define X509_FLAG_NO_SUBJECT (1L << 6) --#define X509_FLAG_NO_PUBKEY (1L << 7) --#define X509_FLAG_NO_EXTENSIONS (1L << 8) --#define X509_FLAG_NO_SIGDUMP (1L << 9) --#define X509_FLAG_NO_AUX (1L << 10) --#define X509_FLAG_NO_ATTRIBUTES (1L << 11) -- --/* Flags specific to X509_NAME_print_ex() */ -+# define X509_FLAG_COMPAT 0 -+# define X509_FLAG_NO_HEADER 1L -+# define X509_FLAG_NO_VERSION (1L << 1) -+# define X509_FLAG_NO_SERIAL (1L << 2) -+# define X509_FLAG_NO_SIGNAME (1L << 3) -+# define X509_FLAG_NO_ISSUER (1L << 4) -+# define X509_FLAG_NO_VALIDITY (1L << 5) -+# define X509_FLAG_NO_SUBJECT (1L << 6) -+# define X509_FLAG_NO_PUBKEY (1L << 7) -+# define X509_FLAG_NO_EXTENSIONS (1L << 8) -+# define X509_FLAG_NO_SIGDUMP (1L << 9) -+# define X509_FLAG_NO_AUX (1L << 10) -+# define X509_FLAG_NO_ATTRIBUTES (1L << 11) -+ -+/* Flags specific to X509_NAME_print_ex() */ - - /* The field separator information */ - --#define XN_FLAG_SEP_MASK (0xf << 16) -+# define XN_FLAG_SEP_MASK (0xf << 16) - --#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */ --#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ --#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ --#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ --#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ -+# define XN_FLAG_COMPAT 0/* Traditional SSLeay: use old -+ * X509_NAME_print */ -+# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ -+# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ -+# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ -+# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ - --#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ -+# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ - - /* How the field name is shown */ - --#define XN_FLAG_FN_MASK (0x3 << 21) -+# define XN_FLAG_FN_MASK (0x3 << 21) - --#define XN_FLAG_FN_SN 0 /* Object short name */ --#define XN_FLAG_FN_LN (1 << 21) /* Object long name */ --#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ --#define XN_FLAG_FN_NONE (3 << 21) /* No field names */ -+# define XN_FLAG_FN_SN 0/* Object short name */ -+# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ -+# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ -+# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ - --#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ -+# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ - --/* This determines if we dump fields we don't recognise: -- * RFC2253 requires this. -+/* -+ * This determines if we dump fields we don't recognise: RFC2253 requires -+ * this. - */ - --#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) -+# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) - --#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */ -+# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 -+ * characters */ - - /* Complete set of RFC2253 flags */ - --#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ -- XN_FLAG_SEP_COMMA_PLUS | \ -- XN_FLAG_DN_REV | \ -- XN_FLAG_FN_SN | \ -- XN_FLAG_DUMP_UNKNOWN_FIELDS) -+# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ -+ XN_FLAG_SEP_COMMA_PLUS | \ -+ XN_FLAG_DN_REV | \ -+ XN_FLAG_FN_SN | \ -+ XN_FLAG_DUMP_UNKNOWN_FIELDS) - - /* readable oneline form */ - --#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ -- ASN1_STRFLGS_ESC_QUOTE | \ -- XN_FLAG_SEP_CPLUS_SPC | \ -- XN_FLAG_SPC_EQ | \ -- XN_FLAG_FN_SN) -+# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ -+ ASN1_STRFLGS_ESC_QUOTE | \ -+ XN_FLAG_SEP_CPLUS_SPC | \ -+ XN_FLAG_SPC_EQ | \ -+ XN_FLAG_FN_SN) - - /* readable multiline form */ - --#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ -- ASN1_STRFLGS_ESC_MSB | \ -- XN_FLAG_SEP_MULTILINE | \ -- XN_FLAG_SPC_EQ | \ -- XN_FLAG_FN_LN | \ -- XN_FLAG_FN_ALIGN) -- --typedef struct X509_revoked_st -- { -- ASN1_INTEGER *serialNumber; -- ASN1_TIME *revocationDate; -- STACK_OF(X509_EXTENSION) /* optional */ *extensions; -- int sequence; /* load sequence */ -- } X509_REVOKED; -+# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ -+ ASN1_STRFLGS_ESC_MSB | \ -+ XN_FLAG_SEP_MULTILINE | \ -+ XN_FLAG_SPC_EQ | \ -+ XN_FLAG_FN_LN | \ -+ XN_FLAG_FN_ALIGN) -+ -+typedef struct X509_revoked_st { -+ ASN1_INTEGER *serialNumber; -+ ASN1_TIME *revocationDate; -+ STACK_OF(X509_EXTENSION) /* optional */ *extensions; -+ int sequence; /* load sequence */ -+} X509_REVOKED; - - DECLARE_STACK_OF(X509_REVOKED) - DECLARE_ASN1_SET_OF(X509_REVOKED) - --typedef struct X509_crl_info_st -- { -- ASN1_INTEGER *version; -- X509_ALGOR *sig_alg; -- X509_NAME *issuer; -- ASN1_TIME *lastUpdate; -- ASN1_TIME *nextUpdate; -- STACK_OF(X509_REVOKED) *revoked; -- STACK_OF(X509_EXTENSION) /* [0] */ *extensions; -- ASN1_ENCODING enc; -- } X509_CRL_INFO; -- --struct X509_crl_st -- { -- /* actual signature */ -- X509_CRL_INFO *crl; -- X509_ALGOR *sig_alg; -- ASN1_BIT_STRING *signature; -- int references; -- } /* X509_CRL */; -+typedef struct X509_crl_info_st { -+ ASN1_INTEGER *version; -+ X509_ALGOR *sig_alg; -+ X509_NAME *issuer; -+ ASN1_TIME *lastUpdate; -+ ASN1_TIME *nextUpdate; -+ STACK_OF(X509_REVOKED) *revoked; -+ STACK_OF(X509_EXTENSION) /* [0] */ *extensions; -+ ASN1_ENCODING enc; -+} X509_CRL_INFO; -+ -+struct X509_crl_st { -+ /* actual signature */ -+ X509_CRL_INFO *crl; -+ X509_ALGOR *sig_alg; -+ ASN1_BIT_STRING *signature; -+ int references; -+} /* X509_CRL */ ; - - DECLARE_STACK_OF(X509_CRL) - DECLARE_ASN1_SET_OF(X509_CRL) - --typedef struct private_key_st -- { -- int version; -- /* The PKCS#8 data types */ -- X509_ALGOR *enc_algor; -- ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ -- -- /* When decrypted, the following will not be NULL */ -- EVP_PKEY *dec_pkey; -- -- /* used to encrypt and decrypt */ -- int key_length; -- char *key_data; -- int key_free; /* true if we should auto free key_data */ -- -- /* expanded version of 'enc_algor' */ -- EVP_CIPHER_INFO cipher; -- -- int references; -- } X509_PKEY; -- --#ifndef OPENSSL_NO_EVP --typedef struct X509_info_st -- { -- X509 *x509; -- X509_CRL *crl; -- X509_PKEY *x_pkey; -- -- EVP_CIPHER_INFO enc_cipher; -- int enc_len; -- char *enc_data; -- -- int references; -- } X509_INFO; -+typedef struct private_key_st { -+ int version; -+ /* The PKCS#8 data types */ -+ X509_ALGOR *enc_algor; -+ ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ -+ /* When decrypted, the following will not be NULL */ -+ EVP_PKEY *dec_pkey; -+ /* used to encrypt and decrypt */ -+ int key_length; -+ char *key_data; -+ int key_free; /* true if we should auto free key_data */ -+ /* expanded version of 'enc_algor' */ -+ EVP_CIPHER_INFO cipher; -+ int references; -+} X509_PKEY; -+ -+# ifndef OPENSSL_NO_EVP -+typedef struct X509_info_st { -+ X509 *x509; -+ X509_CRL *crl; -+ X509_PKEY *x_pkey; -+ EVP_CIPHER_INFO enc_cipher; -+ int enc_len; -+ char *enc_data; -+ int references; -+} X509_INFO; - - DECLARE_STACK_OF(X509_INFO) --#endif -+# endif - --/* The next 2 structures and their 8 routines were sent to me by -- * Pat Richard and are used to manipulate -- * Netscapes spki structures - useful if you are writing a CA web page -+/* -+ * The next 2 structures and their 8 routines were sent to me by Pat Richard -+ * and are used to manipulate Netscapes spki structures - -+ * useful if you are writing a CA web page - */ --typedef struct Netscape_spkac_st -- { -- X509_PUBKEY *pubkey; -- ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ -- } NETSCAPE_SPKAC; -- --typedef struct Netscape_spki_st -- { -- NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ -- X509_ALGOR *sig_algor; -- ASN1_BIT_STRING *signature; -- } NETSCAPE_SPKI; -+typedef struct Netscape_spkac_st { -+ X509_PUBKEY *pubkey; -+ ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ -+} NETSCAPE_SPKAC; -+ -+typedef struct Netscape_spki_st { -+ NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ -+ X509_ALGOR *sig_algor; -+ ASN1_BIT_STRING *signature; -+} NETSCAPE_SPKI; - - /* Netscape certificate sequence structure */ --typedef struct Netscape_certificate_sequence -- { -- ASN1_OBJECT *type; -- STACK_OF(X509) *certs; -- } NETSCAPE_CERT_SEQUENCE; -+typedef struct Netscape_certificate_sequence { -+ ASN1_OBJECT *type; -+ STACK_OF(X509) *certs; -+} NETSCAPE_CERT_SEQUENCE; - --/* Unused (and iv length is wrong) -+/*- Unused (and iv length is wrong) - typedef struct CBCParameter_st -- { -- unsigned char iv[8]; -- } CBC_PARAM; -+ { -+ unsigned char iv[8]; -+ } CBC_PARAM; - */ - - /* Password based encryption structure */ - - typedef struct PBEPARAM_st { --ASN1_OCTET_STRING *salt; --ASN1_INTEGER *iter; -+ ASN1_OCTET_STRING *salt; -+ ASN1_INTEGER *iter; - } PBEPARAM; - - /* Password based encryption V2 structures */ - - typedef struct PBE2PARAM_st { --X509_ALGOR *keyfunc; --X509_ALGOR *encryption; -+ X509_ALGOR *keyfunc; -+ X509_ALGOR *encryption; - } PBE2PARAM; - - typedef struct PBKDF2PARAM_st { --ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ --ASN1_INTEGER *iter; --ASN1_INTEGER *keylength; --X509_ALGOR *prf; -+/* Usually OCTET STRING but could be anything */ -+ ASN1_TYPE *salt; -+ ASN1_INTEGER *iter; -+ ASN1_INTEGER *keylength; -+ X509_ALGOR *prf; - } PBKDF2PARAM; - -- - /* PKCS#8 private key info structure */ - --typedef struct pkcs8_priv_key_info_st -- { -- int broken; /* Flag for various broken formats */ --#define PKCS8_OK 0 --#define PKCS8_NO_OCTET 1 --#define PKCS8_EMBEDDED_PARAM 2 --#define PKCS8_NS_DB 3 -- ASN1_INTEGER *version; -- X509_ALGOR *pkeyalg; -- ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ -- STACK_OF(X509_ATTRIBUTE) *attributes; -- } PKCS8_PRIV_KEY_INFO; -+typedef struct pkcs8_priv_key_info_st { -+ /* Flag for various broken formats */ -+ int broken; -+# define PKCS8_OK 0 -+# define PKCS8_NO_OCTET 1 -+# define PKCS8_EMBEDDED_PARAM 2 -+# define PKCS8_NS_DB 3 -+ ASN1_INTEGER *version; -+ X509_ALGOR *pkeyalg; -+ /* Should be OCTET STRING but some are broken */ -+ ASN1_TYPE *pkey; -+ STACK_OF(X509_ATTRIBUTE) *attributes; -+} PKCS8_PRIV_KEY_INFO; - - #ifdef __cplusplus - } - #endif - --#include --#include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - --#ifdef SSLEAY_MACROS --#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ -- a->signature,(char *)a->cert_info,r) --#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ -- a->sig_alg,a->signature,(char *)a->req_info,r) --#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ -- a->sig_alg, a->signature,(char *)a->crl,r) -- --#define X509_sign(x,pkey,md) \ -- ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ -- x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) --#define X509_REQ_sign(x,pkey,md) \ -- ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ -- x->signature, (char *)x->req_info,pkey,md) --#define X509_CRL_sign(x,pkey,md) \ -- ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ -- x->signature, (char *)x->crl,pkey,md) --#define NETSCAPE_SPKI_sign(x,pkey,md) \ -- ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ -- x->signature, (char *)x->spkac,pkey,md) -- --#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ -- (char *(*)())d2i_X509,(char *)x509) --#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ -- (int (*)())i2d_X509_ATTRIBUTE, \ -- (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) --#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ -- (int (*)())i2d_X509_EXTENSION, \ -- (char *(*)())d2i_X509_EXTENSION,(char *)ex) --#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ -- (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) --#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) --#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ -- (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) --#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) -- --#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ -- (char *(*)())d2i_X509_CRL,(char *)crl) --#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ -- X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ -- (unsigned char **)(crl)) --#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ -- (unsigned char *)crl) --#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ -- X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ -- (unsigned char **)(crl)) --#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ -- (unsigned char *)crl) -- --#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ -- (char *(*)())d2i_PKCS7,(char *)p7) --#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ -- PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ -- (unsigned char **)(p7)) --#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ -- (unsigned char *)p7) --#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ -- PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ -- (unsigned char **)(p7)) --#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ -- (unsigned char *)p7) -- --#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ -- (char *(*)())d2i_X509_REQ,(char *)req) --#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ -- X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ -- (unsigned char **)(req)) --#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ -- (unsigned char *)req) --#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ -- X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ -- (unsigned char **)(req)) --#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ -- (unsigned char *)req) -- --#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ -- (char *(*)())d2i_RSAPublicKey,(char *)rsa) --#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ -- (char *(*)())d2i_RSAPrivateKey,(char *)rsa) -- --#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ -- RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ -- (unsigned char **)(rsa)) --#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ -- (unsigned char *)rsa) --#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ -- RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ -- (unsigned char **)(rsa)) --#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ -- (unsigned char *)rsa) -- --#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ -- RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ -- (unsigned char **)(rsa)) --#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ -- (unsigned char *)rsa) --#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ -- RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ -- (unsigned char **)(rsa)) --#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ -- (unsigned char *)rsa) -- --#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ -- DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ -- (unsigned char **)(dsa)) --#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ -- (unsigned char *)dsa) --#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ -- DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ -- (unsigned char **)(dsa)) --#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ -- (unsigned char *)dsa) -- --#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ -- EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ -- (unsigned char **)(ecdsa)) --#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ -- (unsigned char *)ecdsa) --#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ -- EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ -- (unsigned char **)(ecdsa)) --#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ -- (unsigned char *)ecdsa) -- --#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ -- (char *(*)())d2i_X509_ALGOR,(char *)xn) -- --#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ -- (char *(*)())d2i_X509_NAME,(char *)xn) --#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ -- (int (*)())i2d_X509_NAME_ENTRY, \ -- (char *(*)())d2i_X509_NAME_ENTRY,\ -- (char *)ne) -- --#define X509_digest(data,type,md,len) \ -- ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) --#define X509_NAME_digest(data,type,md,len) \ -- ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) --#ifndef PKCS7_ISSUER_AND_SERIAL_digest --#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ -- ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ -- (char *)data,md,len) --#endif --#endif -- --#define X509_EXT_PACK_UNKNOWN 1 --#define X509_EXT_PACK_STRING 2 -- --#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) --/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ --#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) --#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) --#define X509_extract_key(x) X509_get_pubkey(x) /*****/ --#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) --#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) --#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) --#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) --#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) -- --#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) --#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) --#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) --#define X509_CRL_get_issuer(x) ((x)->crl->issuer) --#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) -- --/* This one is only used so that a binary form can output, as in -- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ --#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) -- -+# ifdef SSLEAY_MACROS -+# define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ -+ a->signature,(char *)a->cert_info,r) -+# define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ -+ a->sig_alg,a->signature,(char *)a->req_info,r) -+# define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ -+ a->sig_alg, a->signature,(char *)a->crl,r) -+ -+# define X509_sign(x,pkey,md) \ -+ ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ -+ x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) -+# define X509_REQ_sign(x,pkey,md) \ -+ ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ -+ x->signature, (char *)x->req_info,pkey,md) -+# define X509_CRL_sign(x,pkey,md) \ -+ ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ -+ x->signature, (char *)x->crl,pkey,md) -+# define NETSCAPE_SPKI_sign(x,pkey,md) \ -+ ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ -+ x->signature, (char *)x->spkac,pkey,md) -+ -+# define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ -+ (char *(*)())d2i_X509,(char *)x509) -+# define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ -+ (int (*)())i2d_X509_ATTRIBUTE, \ -+ (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) -+# define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ -+ (int (*)())i2d_X509_EXTENSION, \ -+ (char *(*)())d2i_X509_EXTENSION,(char *)ex) -+# define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ -+ (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) -+# define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) -+# define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ -+ (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) -+# define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) -+ -+# define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ -+ (char *(*)())d2i_X509_CRL,(char *)crl) -+# define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ -+ X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ -+ (unsigned char **)(crl)) -+# define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ -+ (unsigned char *)crl) -+# define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ -+ X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ -+ (unsigned char **)(crl)) -+# define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ -+ (unsigned char *)crl) -+ -+# define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ -+ (char *(*)())d2i_PKCS7,(char *)p7) -+# define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ -+ PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ -+ (unsigned char **)(p7)) -+# define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ -+ (unsigned char *)p7) -+# define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ -+ PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ -+ (unsigned char **)(p7)) -+# define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ -+ (unsigned char *)p7) -+ -+# define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ -+ (char *(*)())d2i_X509_REQ,(char *)req) -+# define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ -+ X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ -+ (unsigned char **)(req)) -+# define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ -+ (unsigned char *)req) -+# define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ -+ X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ -+ (unsigned char **)(req)) -+# define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ -+ (unsigned char *)req) -+ -+# define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ -+ (char *(*)())d2i_RSAPublicKey,(char *)rsa) -+# define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ -+ (char *(*)())d2i_RSAPrivateKey,(char *)rsa) -+ -+# define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ -+ RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ -+ (unsigned char **)(rsa)) -+# define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ -+ (unsigned char *)rsa) -+# define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ -+ RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ -+ (unsigned char **)(rsa)) -+# define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ -+ (unsigned char *)rsa) -+ -+# define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ -+ RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ -+ (unsigned char **)(rsa)) -+# define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ -+ (unsigned char *)rsa) -+# define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ -+ RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ -+ (unsigned char **)(rsa)) -+# define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ -+ (unsigned char *)rsa) -+ -+# define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ -+ DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ -+ (unsigned char **)(dsa)) -+# define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ -+ (unsigned char *)dsa) -+# define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ -+ DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ -+ (unsigned char **)(dsa)) -+# define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ -+ (unsigned char *)dsa) -+ -+# define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ -+ EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ -+ (unsigned char **)(ecdsa)) -+# define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ -+ (unsigned char *)ecdsa) -+# define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ -+ EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ -+ (unsigned char **)(ecdsa)) -+# define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ -+ (unsigned char *)ecdsa) -+ -+# define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ -+ (char *(*)())d2i_X509_ALGOR,(char *)xn) -+ -+# define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ -+ (char *(*)())d2i_X509_NAME,(char *)xn) -+# define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ -+ (int (*)())i2d_X509_NAME_ENTRY, \ -+ (char *(*)())d2i_X509_NAME_ENTRY,\ -+ (char *)ne) -+ -+# define X509_digest(data,type,md,len) \ -+ ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) -+# define X509_NAME_digest(data,type,md,len) \ -+ ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) -+# ifndef PKCS7_ISSUER_AND_SERIAL_digest -+# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ -+ ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ -+ (char *)data,md,len) -+# endif -+# endif -+ -+# define X509_EXT_PACK_UNKNOWN 1 -+# define X509_EXT_PACK_STRING 2 -+ -+# define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) -+/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ -+# define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) -+# define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) -+# define X509_extract_key(x) X509_get_pubkey(x)/*****/ -+# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -+# define X509_REQ_get_subject_name(x) ((x)->req_info->subject) -+# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) -+# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) -+# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) -+ -+# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) -+# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) -+# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) -+# define X509_CRL_get_issuer(x) ((x)->crl->issuer) -+# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) -+ -+/* -+ * This one is only used so that a binary form can output, as in -+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) -+ */ -+# define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) - - const char *X509_verify_cert_error_string(long n); - --#ifndef SSLEAY_MACROS --#ifndef OPENSSL_NO_EVP -+# ifndef SSLEAY_MACROS -+# ifndef OPENSSL_NO_EVP - int X509_verify(X509 *a, EVP_PKEY *r); - - int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); - int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); - int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); - --NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); --char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); -+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); -+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); - EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); - int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); - - int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); - --int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig); -+int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig); - - int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); - int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); - int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); - int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); - --int X509_pubkey_digest(const X509 *data,const EVP_MD *type, -- unsigned char *md, unsigned int *len); --int X509_digest(const X509 *data,const EVP_MD *type, -- unsigned char *md, unsigned int *len); --int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, -- unsigned char *md, unsigned int *len); --int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, -- unsigned char *md, unsigned int *len); --int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, -- unsigned char *md, unsigned int *len); --#endif -- --#ifndef OPENSSL_NO_FP_API -+int X509_pubkey_digest(const X509 *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len); -+int X509_digest(const X509 *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len); -+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len); -+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len); -+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len); -+# endif -+ -+# ifndef OPENSSL_NO_FP_API - X509 *d2i_X509_fp(FILE *fp, X509 **x509); --int i2d_X509_fp(FILE *fp,X509 *x509); --X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); --int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); --X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); --int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); --#ifndef OPENSSL_NO_RSA --RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); --int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); --RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); --int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); --RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); --int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); --#endif --#ifndef OPENSSL_NO_DSA -+int i2d_X509_fp(FILE *fp, X509 *x509); -+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); -+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); -+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); -+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); -+# ifndef OPENSSL_NO_RSA -+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); -+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); -+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); -+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); -+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); -+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); -+# endif -+# ifndef OPENSSL_NO_DSA - DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); - int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); - DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); - int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); --#endif --#ifndef OPENSSL_NO_EC -+# endif -+# ifndef OPENSSL_NO_EC - EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); --int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); -+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); - EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); --int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); --#endif --X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); --int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); -+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); -+# endif -+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); -+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); - PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, -- PKCS8_PRIV_KEY_INFO **p8inf); --int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); -+ PKCS8_PRIV_KEY_INFO **p8inf); -+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf); - int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); - int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); - EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); - int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); - EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); --#endif -- --#ifndef OPENSSL_NO_BIO --X509 *d2i_X509_bio(BIO *bp,X509 **x509); --int i2d_X509_bio(BIO *bp,X509 *x509); --X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); --int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); --X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); --int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); --#ifndef OPENSSL_NO_RSA --RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); --int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); --RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); --int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); --RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); --int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); --#endif --#ifndef OPENSSL_NO_DSA -+# endif -+ -+# ifndef OPENSSL_NO_BIO -+X509 *d2i_X509_bio(BIO *bp, X509 **x509); -+int i2d_X509_bio(BIO *bp, X509 *x509); -+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); -+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); -+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); -+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); -+# ifndef OPENSSL_NO_RSA -+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); -+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); -+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); -+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); -+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); -+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); -+# endif -+# ifndef OPENSSL_NO_DSA - DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); - int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); - DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); - int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); --#endif --#ifndef OPENSSL_NO_EC -+# endif -+# ifndef OPENSSL_NO_EC - EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); --int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); -+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); - EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); --int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); --#endif --X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); --int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); -+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); -+# endif -+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); -+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); - PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, -- PKCS8_PRIV_KEY_INFO **p8inf); --int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); -+ PKCS8_PRIV_KEY_INFO **p8inf); -+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf); - int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); - int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); - EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); - int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); - EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); --#endif -+# endif - - X509 *X509_dup(X509 *x509); - X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); -@@ -867,29 +848,31 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); - X509_CRL *X509_CRL_dup(X509_CRL *crl); - X509_REQ *X509_REQ_dup(X509_REQ *req); - X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); --int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); -+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, -+ void *pval); - void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, -- X509_ALGOR *algor); -+ X509_ALGOR *algor); -+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); - - X509_NAME *X509_NAME_dup(X509_NAME *xn); - X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); - --#endif /* !SSLEAY_MACROS */ -+# endif /* !SSLEAY_MACROS */ - --int X509_cmp_time(ASN1_TIME *s, time_t *t); --int X509_cmp_current_time(ASN1_TIME *s); --ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); --ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); -+int X509_cmp_time(ASN1_TIME *s, time_t *t); -+int X509_cmp_current_time(ASN1_TIME *s); -+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); -+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); - --const char * X509_get_default_cert_area(void ); --const char * X509_get_default_cert_dir(void ); --const char * X509_get_default_cert_file(void ); --const char * X509_get_default_cert_dir_env(void ); --const char * X509_get_default_cert_file_env(void ); --const char * X509_get_default_private_dir(void ); -+const char *X509_get_default_cert_area(void); -+const char *X509_get_default_cert_dir(void); -+const char *X509_get_default_cert_file(void); -+const char *X509_get_default_cert_dir_env(void); -+const char *X509_get_default_cert_file_env(void); -+const char *X509_get_default_private_dir(void); - --X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); --X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); -+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); -+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); - - DECLARE_ASN1_FUNCTIONS(X509_ALGOR) - DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) -@@ -897,28 +880,23 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL) - - DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) - --int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); --EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); --int X509_get_pubkey_parameters(EVP_PKEY *pkey, -- STACK_OF(X509) *chain); --int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); --EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, -- long length); --#ifndef OPENSSL_NO_RSA --int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); --RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, -- long length); --#endif --#ifndef OPENSSL_NO_DSA --int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); --DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, -- long length); --#endif --#ifndef OPENSSL_NO_EC --int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); --EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, -- long length); --#endif -+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); -+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); -+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); -+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); -+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); -+# ifndef OPENSSL_NO_RSA -+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); -+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); -+# endif -+# ifndef OPENSSL_NO_DSA -+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp); -+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); -+# endif -+# ifndef OPENSSL_NO_EC -+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); -+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); -+# endif - - DECLARE_ASN1_FUNCTIONS(X509_SIG) - DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) -@@ -934,7 +912,7 @@ DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) - - DECLARE_ASN1_FUNCTIONS(X509_NAME) - --int X509_NAME_set(X509_NAME **xn, X509_NAME *name); -+int X509_NAME_set(X509_NAME **xn, X509_NAME *name); - - DECLARE_ASN1_FUNCTIONS(X509_CINF) - -@@ -944,17 +922,18 @@ DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) - DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) - - int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - int X509_set_ex_data(X509 *r, int idx, void *arg); - void *X509_get_ex_data(X509 *r, int idx); --int i2d_X509_AUX(X509 *a,unsigned char **pp); --X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); -+int i2d_X509_AUX(X509 *a, unsigned char **pp); -+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); - - int X509_alias_set1(X509 *x, unsigned char *name, int len); - int X509_keyid_set1(X509 *x, unsigned char *id, int len); --unsigned char * X509_alias_get0(X509 *x, int *len); --unsigned char * X509_keyid_get0(X509 *x, int *len); --int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); -+unsigned char *X509_alias_get0(X509 *x, int *len); -+unsigned char *X509_keyid_get0(X509 *x, int *len); -+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, -+ int); - int X509_TRUST_set(int *t, int trust); - int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); - int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); -@@ -967,83 +946,83 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL) - - int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); - --X509_PKEY * X509_PKEY_new(void ); --void X509_PKEY_free(X509_PKEY *a); --int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); --X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length); -+X509_PKEY *X509_PKEY_new(void); -+void X509_PKEY_free(X509_PKEY *a); -+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp); -+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, -+ long length); - - DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) - DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) - DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) - --#ifndef OPENSSL_NO_EVP --X509_INFO * X509_INFO_new(void); --void X509_INFO_free(X509_INFO *a); --char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); -+# ifndef OPENSSL_NO_EVP -+X509_INFO *X509_INFO_new(void); -+void X509_INFO_free(X509_INFO *a); -+char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); - - int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, -- ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); -+ ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); - --int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data, -- unsigned char *md,unsigned int *len); -+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, -+ unsigned char *md, unsigned int *len); - - int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, -- X509_ALGOR *algor2, ASN1_BIT_STRING *signature, -- char *data,EVP_PKEY *pkey, const EVP_MD *type); -+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, -+ char *data, EVP_PKEY *pkey, const EVP_MD *type); - --int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, -- unsigned char *md,unsigned int *len); -+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, -+ unsigned char *md, unsigned int *len); - - int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, -- ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey); -- --int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, -- ASN1_BIT_STRING *signature, -- void *data, EVP_PKEY *pkey, const EVP_MD *type); --#endif -- --int X509_set_version(X509 *x,long version); --int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); --ASN1_INTEGER * X509_get_serialNumber(X509 *x); --int X509_set_issuer_name(X509 *x, X509_NAME *name); --X509_NAME * X509_get_issuer_name(X509 *a); --int X509_set_subject_name(X509 *x, X509_NAME *name); --X509_NAME * X509_get_subject_name(X509 *a); --int X509_set_notBefore(X509 *x, ASN1_TIME *tm); --int X509_set_notAfter(X509 *x, ASN1_TIME *tm); --int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); --EVP_PKEY * X509_get_pubkey(X509 *x); --ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); --int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); -- --int X509_REQ_set_version(X509_REQ *x,long version); --int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); --int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); --EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); --int X509_REQ_extension_nid(int nid); --int * X509_REQ_get_extension_nids(void); --void X509_REQ_set_extension_nids(int *nids); -+ ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); -+ -+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, -+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, -+ EVP_PKEY *pkey, const EVP_MD *type); -+# endif -+ -+int X509_set_version(X509 *x, long version); -+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); -+ASN1_INTEGER *X509_get_serialNumber(X509 *x); -+int X509_set_issuer_name(X509 *x, X509_NAME *name); -+X509_NAME *X509_get_issuer_name(X509 *a); -+int X509_set_subject_name(X509 *x, X509_NAME *name); -+X509_NAME *X509_get_subject_name(X509 *a); -+int X509_set_notBefore(X509 *x, ASN1_TIME *tm); -+int X509_set_notAfter(X509 *x, ASN1_TIME *tm); -+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); -+EVP_PKEY *X509_get_pubkey(X509 *x); -+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); -+int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); -+ -+int X509_REQ_set_version(X509_REQ *x, long version); -+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); -+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); -+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); -+int X509_REQ_extension_nid(int nid); -+int *X509_REQ_get_extension_nids(void); -+void X509_REQ_set_extension_nids(int *nids); - STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); - int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, -- int nid); -+ int nid); - int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); - int X509_REQ_get_attr_count(const X509_REQ *req); --int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, -- int lastpos); -+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); - int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, -- int lastpos); -+ int lastpos); - X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); - X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); - int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); - int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, -- const ASN1_OBJECT *obj, int type, -- const unsigned char *bytes, int len); -+ const ASN1_OBJECT *obj, int type, -+ const unsigned char *bytes, int len); - int X509_REQ_add1_attr_by_NID(X509_REQ *req, -- int nid, int type, -- const unsigned char *bytes, int len); -+ int nid, int type, -+ const unsigned char *bytes, int len); - int X509_REQ_add1_attr_by_txt(X509_REQ *req, -- const char *attrname, int type, -- const unsigned char *bytes, int len); -+ const char *attrname, int type, -+ const unsigned char *bytes, int len); - - int X509_CRL_set_version(X509_CRL *x, long version); - int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); -@@ -1054,202 +1033,227 @@ int X509_CRL_sort(X509_CRL *crl); - int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); - int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); - --int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); -- --int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); -- --int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); --unsigned long X509_issuer_and_serial_hash(X509 *a); -- --int X509_issuer_name_cmp(const X509 *a, const X509 *b); --unsigned long X509_issuer_name_hash(X509 *a); -- --int X509_subject_name_cmp(const X509 *a, const X509 *b); --unsigned long X509_subject_name_hash(X509 *x); -- --int X509_cmp(const X509 *a, const X509 *b); --int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); --unsigned long X509_NAME_hash(X509_NAME *x); -- --int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); --#ifndef OPENSSL_NO_FP_API --int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); --int X509_print_fp(FILE *bp,X509 *x); --int X509_CRL_print_fp(FILE *bp,X509_CRL *x); --int X509_REQ_print_fp(FILE *bp,X509_REQ *req); --int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); --#endif -- --#ifndef OPENSSL_NO_BIO --int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); --int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); --int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); --int X509_print(BIO *bp,X509 *x); --int X509_ocspid_print(BIO *bp,X509 *x); --int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); --int X509_CRL_print(BIO *bp,X509_CRL *x); --int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); --int X509_REQ_print(BIO *bp,X509_REQ *req); --#endif -- --int X509_NAME_entry_count(X509_NAME *name); --int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, -- char *buf,int len); --int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, -- char *buf,int len); -- --/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use -- * lastpos, search after that position on. */ --int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); --int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, -- int lastpos); -+int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); -+ -+int X509_check_private_key(X509 *x509, EVP_PKEY *pkey); -+ -+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); -+unsigned long X509_issuer_and_serial_hash(X509 *a); -+ -+int X509_issuer_name_cmp(const X509 *a, const X509 *b); -+unsigned long X509_issuer_name_hash(X509 *a); -+ -+int X509_subject_name_cmp(const X509 *a, const X509 *b); -+unsigned long X509_subject_name_hash(X509 *x); -+ -+int X509_cmp(const X509 *a, const X509 *b); -+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); -+unsigned long X509_NAME_hash(X509_NAME *x); -+ -+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); -+# ifndef OPENSSL_NO_FP_API -+int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, -+ unsigned long cflag); -+int X509_print_fp(FILE *bp, X509 *x); -+int X509_CRL_print_fp(FILE *bp, X509_CRL *x); -+int X509_REQ_print_fp(FILE *bp, X509_REQ *req); -+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, -+ unsigned long flags); -+# endif -+ -+# ifndef OPENSSL_NO_BIO -+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); -+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, -+ unsigned long flags); -+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, -+ unsigned long cflag); -+int X509_print(BIO *bp, X509 *x); -+int X509_ocspid_print(BIO *bp, X509 *x); -+int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); -+int X509_CRL_print(BIO *bp, X509_CRL *x); -+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, -+ unsigned long cflag); -+int X509_REQ_print(BIO *bp, X509_REQ *req); -+# endif -+ -+int X509_NAME_entry_count(X509_NAME *name); -+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); -+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, -+ char *buf, int len); -+ -+/* -+ * NOTE: you should be passsing -1, not 0 as lastpos. The functions that use -+ * lastpos, search after that position on. -+ */ -+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); -+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, -+ int lastpos); - X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); - X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); --int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, -- int loc, int set); -+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, -+ int loc, int set); - int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, -- unsigned char *bytes, int len, int loc, int set); -+ unsigned char *bytes, int len, int loc, -+ int set); - int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, -- unsigned char *bytes, int len, int loc, int set); -+ unsigned char *bytes, int len, int loc, -+ int set); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, -- const char *field, int type, const unsigned char *bytes, int len); -+ const char *field, int type, -+ const unsigned char *bytes, -+ int len); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, -- int type,unsigned char *bytes, int len); -+ int type, unsigned char *bytes, -+ int len); - int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, -- const unsigned char *bytes, int len, int loc, int set); -+ const unsigned char *bytes, int len, int loc, -+ int set); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, -- ASN1_OBJECT *obj, int type,const unsigned char *bytes, -- int len); --int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, -- ASN1_OBJECT *obj); --int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, -- const unsigned char *bytes, int len); --ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); --ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); -- --int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); --int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, -- int nid, int lastpos); --int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, -- ASN1_OBJECT *obj,int lastpos); --int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, -- int crit, int lastpos); -+ ASN1_OBJECT *obj, int type, -+ const unsigned char *bytes, -+ int len); -+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); -+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, -+ const unsigned char *bytes, int len); -+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); -+ -+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); -+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, -+ int nid, int lastpos); -+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, -+ ASN1_OBJECT *obj, int lastpos); -+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, -+ int crit, int lastpos); - X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); - X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); - STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, -- X509_EXTENSION *ex, int loc); -+ X509_EXTENSION *ex, int loc); - --int X509_get_ext_count(X509 *x); --int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); --int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); --int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); -+int X509_get_ext_count(X509 *x); -+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); -+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); -+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); - X509_EXTENSION *X509_get_ext(X509 *x, int loc); - X509_EXTENSION *X509_delete_ext(X509 *x, int loc); --int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); --void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); --int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, -- unsigned long flags); -- --int X509_CRL_get_ext_count(X509_CRL *x); --int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); --int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); --int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); -+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -+void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); -+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, -+ unsigned long flags); -+ -+int X509_CRL_get_ext_count(X509_CRL *x); -+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); -+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos); -+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); - X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); - X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); --int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); --void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); --int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, -- unsigned long flags); -- --int X509_REVOKED_get_ext_count(X509_REVOKED *x); --int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); --int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); --int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); -+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -+void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); -+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, -+ unsigned long flags); -+ -+int X509_REVOKED_get_ext_count(X509_REVOKED *x); -+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); -+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, -+ int lastpos); -+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); - X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); - X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); --int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); --void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); --int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, -- unsigned long flags); -+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); -+void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); -+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, -+ unsigned long flags); - - X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, -- int nid, int crit, ASN1_OCTET_STRING *data); -+ int nid, int crit, -+ ASN1_OCTET_STRING *data); - X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, -- ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); --int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj); --int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); --int X509_EXTENSION_set_data(X509_EXTENSION *ex, -- ASN1_OCTET_STRING *data); --ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); -+ ASN1_OBJECT *obj, int crit, -+ ASN1_OCTET_STRING *data); -+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj); -+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); -+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); -+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); - ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); --int X509_EXTENSION_get_critical(X509_EXTENSION *ex); -+int X509_EXTENSION_get_critical(X509_EXTENSION *ex); - - int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); - int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, -- int lastpos); --int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, -- int lastpos); -+ int lastpos); -+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, -+ ASN1_OBJECT *obj, int lastpos); - X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); - X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); - STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, -- X509_ATTRIBUTE *attr); --STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, -- const ASN1_OBJECT *obj, int type, -- const unsigned char *bytes, int len); --STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, -- int nid, int type, -- const unsigned char *bytes, int len); --STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, -- const char *attrname, int type, -- const unsigned char *bytes, int len); --void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, -- ASN1_OBJECT *obj, int lastpos, int type); -+ X509_ATTRIBUTE *attr); -+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) -+ **x, const ASN1_OBJECT *obj, -+ int type, -+ const unsigned char *bytes, -+ int len); -+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) -+ **x, int nid, int type, -+ const unsigned char *bytes, -+ int len); -+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) -+ **x, const char *attrname, -+ int type, -+ const unsigned char *bytes, -+ int len); -+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj, -+ int lastpos, int type); - X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, -- int atrtype, const void *data, int len); -+ int atrtype, const void *data, -+ int len); - X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, -- const ASN1_OBJECT *obj, int atrtype, const void *data, int len); -+ const ASN1_OBJECT *obj, -+ int atrtype, const void *data, -+ int len); - X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, -- const char *atrname, int type, const unsigned char *bytes, int len); -+ const char *atrname, int type, -+ const unsigned char *bytes, -+ int len); - int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); --int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); --void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, -- int atrtype, void *data); -+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, -+ const void *data, int len); -+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, -+ void *data); - int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); - ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); - ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); - - int EVP_PKEY_get_attr_count(const EVP_PKEY *key); --int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, -- int lastpos); -+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); - int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, -- int lastpos); -+ int lastpos); - X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); - X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); - int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); - int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, -- const ASN1_OBJECT *obj, int type, -- const unsigned char *bytes, int len); -+ const ASN1_OBJECT *obj, int type, -+ const unsigned char *bytes, int len); - int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, -- int nid, int type, -- const unsigned char *bytes, int len); -+ int nid, int type, -+ const unsigned char *bytes, int len); - int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, -- const char *attrname, int type, -- const unsigned char *bytes, int len); -+ const char *attrname, int type, -+ const unsigned char *bytes, int len); - --int X509_verify_cert(X509_STORE_CTX *ctx); -+int X509_verify_cert(X509_STORE_CTX *ctx); - - /* lookup a cert from a X509 STACK */ --X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, -- ASN1_INTEGER *serial); --X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); -+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, -+ ASN1_INTEGER *serial); -+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); - - DECLARE_ASN1_FUNCTIONS(PBEPARAM) - DECLARE_ASN1_FUNCTIONS(PBE2PARAM) - DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) - --X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); -+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, -+ int saltlen); - X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, -- unsigned char *salt, int saltlen); -+ unsigned char *salt, int saltlen); - - /* PKCS#8 utilities */ - -@@ -1262,17 +1266,18 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); - - int X509_check_trust(X509 *x, int id, int flags); - int X509_TRUST_get_count(void); --X509_TRUST * X509_TRUST_get0(int idx); -+X509_TRUST *X509_TRUST_get0(int idx); - int X509_TRUST_get_by_id(int id); --int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), -- char *name, int arg1, void *arg2); -+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), -+ char *name, int arg1, void *arg2); - void X509_TRUST_cleanup(void); - int X509_TRUST_get_flags(X509_TRUST *xp); - char *X509_TRUST_get0_name(X509_TRUST *xp); - int X509_TRUST_get_trust(X509_TRUST *xp); - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_X509_strings(void); -@@ -1280,76 +1285,76 @@ void ERR_load_X509_strings(void); - /* Error codes for the X509 functions. */ - - /* Function codes. */ --#define X509_F_ADD_CERT_DIR 100 --#define X509_F_BY_FILE_CTRL 101 --#define X509_F_CHECK_POLICY 145 --#define X509_F_DIR_CTRL 102 --#define X509_F_GET_CERT_BY_SUBJECT 103 --#define X509_F_NETSCAPE_SPKI_B64_DECODE 129 --#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 --#define X509_F_X509AT_ADD1_ATTR 135 --#define X509_F_X509V3_ADD_EXT 104 --#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 --#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 --#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 --#define X509_F_X509_ATTRIBUTE_GET0_DATA 139 --#define X509_F_X509_ATTRIBUTE_SET1_DATA 138 --#define X509_F_X509_CHECK_PRIVATE_KEY 128 --#define X509_F_X509_CRL_PRINT_FP 147 --#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 --#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 --#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 --#define X509_F_X509_LOAD_CERT_CRL_FILE 132 --#define X509_F_X509_LOAD_CERT_FILE 111 --#define X509_F_X509_LOAD_CRL_FILE 112 --#define X509_F_X509_NAME_ADD_ENTRY 113 --#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 --#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 --#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 --#define X509_F_X509_NAME_ONELINE 116 --#define X509_F_X509_NAME_PRINT 117 --#define X509_F_X509_PRINT_EX_FP 118 --#define X509_F_X509_PUBKEY_GET 119 --#define X509_F_X509_PUBKEY_SET 120 --#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 --#define X509_F_X509_REQ_PRINT_EX 121 --#define X509_F_X509_REQ_PRINT_FP 122 --#define X509_F_X509_REQ_TO_X509 123 --#define X509_F_X509_STORE_ADD_CERT 124 --#define X509_F_X509_STORE_ADD_CRL 125 --#define X509_F_X509_STORE_CTX_GET1_ISSUER 146 --#define X509_F_X509_STORE_CTX_INIT 143 --#define X509_F_X509_STORE_CTX_NEW 142 --#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 --#define X509_F_X509_TO_X509_REQ 126 --#define X509_F_X509_TRUST_ADD 133 --#define X509_F_X509_TRUST_SET 141 --#define X509_F_X509_VERIFY_CERT 127 -+# define X509_F_ADD_CERT_DIR 100 -+# define X509_F_BY_FILE_CTRL 101 -+# define X509_F_CHECK_POLICY 145 -+# define X509_F_DIR_CTRL 102 -+# define X509_F_GET_CERT_BY_SUBJECT 103 -+# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 -+# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 -+# define X509_F_X509AT_ADD1_ATTR 135 -+# define X509_F_X509V3_ADD_EXT 104 -+# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 -+# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 -+# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 -+# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 -+# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 -+# define X509_F_X509_CHECK_PRIVATE_KEY 128 -+# define X509_F_X509_CRL_PRINT_FP 147 -+# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 -+# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 -+# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 -+# define X509_F_X509_LOAD_CERT_CRL_FILE 132 -+# define X509_F_X509_LOAD_CERT_FILE 111 -+# define X509_F_X509_LOAD_CRL_FILE 112 -+# define X509_F_X509_NAME_ADD_ENTRY 113 -+# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 -+# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 -+# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 -+# define X509_F_X509_NAME_ONELINE 116 -+# define X509_F_X509_NAME_PRINT 117 -+# define X509_F_X509_PRINT_EX_FP 118 -+# define X509_F_X509_PUBKEY_GET 119 -+# define X509_F_X509_PUBKEY_SET 120 -+# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 -+# define X509_F_X509_REQ_PRINT_EX 121 -+# define X509_F_X509_REQ_PRINT_FP 122 -+# define X509_F_X509_REQ_TO_X509 123 -+# define X509_F_X509_STORE_ADD_CERT 124 -+# define X509_F_X509_STORE_ADD_CRL 125 -+# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 -+# define X509_F_X509_STORE_CTX_INIT 143 -+# define X509_F_X509_STORE_CTX_NEW 142 -+# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 -+# define X509_F_X509_TO_X509_REQ 126 -+# define X509_F_X509_TRUST_ADD 133 -+# define X509_F_X509_TRUST_SET 141 -+# define X509_F_X509_VERIFY_CERT 127 - - /* Reason codes. */ --#define X509_R_BAD_X509_FILETYPE 100 --#define X509_R_BASE64_DECODE_ERROR 118 --#define X509_R_CANT_CHECK_DH_KEY 114 --#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 --#define X509_R_ERR_ASN1_LIB 102 --#define X509_R_INVALID_DIRECTORY 113 --#define X509_R_INVALID_FIELD_NAME 119 --#define X509_R_INVALID_TRUST 123 --#define X509_R_KEY_TYPE_MISMATCH 115 --#define X509_R_KEY_VALUES_MISMATCH 116 --#define X509_R_LOADING_CERT_DIR 103 --#define X509_R_LOADING_DEFAULTS 104 --#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 --#define X509_R_SHOULD_RETRY 106 --#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 --#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 --#define X509_R_UNKNOWN_KEY_TYPE 117 --#define X509_R_UNKNOWN_NID 109 --#define X509_R_UNKNOWN_PURPOSE_ID 121 --#define X509_R_UNKNOWN_TRUST_ID 120 --#define X509_R_UNSUPPORTED_ALGORITHM 111 --#define X509_R_WRONG_LOOKUP_TYPE 112 --#define X509_R_WRONG_TYPE 122 -+# define X509_R_BAD_X509_FILETYPE 100 -+# define X509_R_BASE64_DECODE_ERROR 118 -+# define X509_R_CANT_CHECK_DH_KEY 114 -+# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 -+# define X509_R_ERR_ASN1_LIB 102 -+# define X509_R_INVALID_DIRECTORY 113 -+# define X509_R_INVALID_FIELD_NAME 119 -+# define X509_R_INVALID_TRUST 123 -+# define X509_R_KEY_TYPE_MISMATCH 115 -+# define X509_R_KEY_VALUES_MISMATCH 116 -+# define X509_R_LOADING_CERT_DIR 103 -+# define X509_R_LOADING_DEFAULTS 104 -+# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 -+# define X509_R_SHOULD_RETRY 106 -+# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 -+# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 -+# define X509_R_UNKNOWN_KEY_TYPE 117 -+# define X509_R_UNKNOWN_NID 109 -+# define X509_R_UNKNOWN_PURPOSE_ID 121 -+# define X509_R_UNKNOWN_TRUST_ID 120 -+# define X509_R_UNSUPPORTED_ALGORITHM 111 -+# define X509_R_WRONG_LOOKUP_TYPE 112 -+# define X509_R_WRONG_TYPE 122 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/Include/openssl/x509_vfy.h b/Cryptlib/Include/openssl/x509_vfy.h -index 86ae35f..69fab69 100644 ---- a/Cryptlib/Include/openssl/x509_vfy.h -+++ b/Cryptlib/Include/openssl/x509_vfy.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,53 +57,53 @@ - */ - - #ifndef HEADER_X509_H --#include --/* openssl/x509.h ends up #include-ing this file at about the only -- * appropriate moment. */ -+# include -+/* -+ * openssl/x509.h ends up #include-ing this file at about the only -+ * appropriate moment. -+ */ - #endif - - #ifndef HEADER_X509_VFY_H --#define HEADER_X509_VFY_H -+# define HEADER_X509_VFY_H - --#include --#ifndef OPENSSL_NO_LHASH --#include --#endif --#include --#include --#include -+# include -+# ifndef OPENSSL_NO_LHASH -+# include -+# endif -+# include -+# include -+# include - - #ifdef __cplusplus - extern "C" { - #endif - - /* Outer object */ --typedef struct x509_hash_dir_st -- { -- int num_dirs; -- char **dirs; -- int *dirs_type; -- int num_dirs_alloced; -- } X509_HASH_DIR_CTX; -- --typedef struct x509_file_st -- { -- int num_paths; /* number of paths to files or directories */ -- int num_alloced; -- char **paths; /* the list of paths or directories */ -- int *path_type; -- } X509_CERT_FILE_CTX; -+typedef struct x509_hash_dir_st { -+ int num_dirs; -+ char **dirs; -+ int *dirs_type; -+ int num_dirs_alloced; -+} X509_HASH_DIR_CTX; -+ -+typedef struct x509_file_st { -+ int num_paths; /* number of paths to files or directories */ -+ int num_alloced; -+ char **paths; /* the list of paths or directories */ -+ int *path_type; -+} X509_CERT_FILE_CTX; - - /*******************************/ --/* --SSL_CTX -> X509_STORE -- -> X509_LOOKUP -- ->X509_LOOKUP_METHOD -- -> X509_LOOKUP -- ->X509_LOOKUP_METHOD -- --SSL -> X509_STORE_CTX -- ->X509_STORE -+/*- -+SSL_CTX -> X509_STORE -+ -> X509_LOOKUP -+ ->X509_LOOKUP_METHOD -+ -> X509_LOOKUP -+ ->X509_LOOKUP_METHOD -+ -+SSL -> X509_STORE_CTX -+ ->X509_STORE - - The X509_STORE holds the tables etc for verification stuff. - A X509_STORE_CTX is used while validating a single certificate. -@@ -112,23 +112,22 @@ The X509_STORE then calls a function to actually verify the - certificate chain. - */ - --#define X509_LU_RETRY -1 --#define X509_LU_FAIL 0 --#define X509_LU_X509 1 --#define X509_LU_CRL 2 --#define X509_LU_PKEY 3 -- --typedef struct x509_object_st -- { -- /* one of the above types */ -- int type; -- union { -- char *ptr; -- X509 *x509; -- X509_CRL *crl; -- EVP_PKEY *pkey; -- } data; -- } X509_OBJECT; -+# define X509_LU_RETRY -1 -+# define X509_LU_FAIL 0 -+# define X509_LU_X509 1 -+# define X509_LU_CRL 2 -+# define X509_LU_PKEY 3 -+ -+typedef struct x509_object_st { -+ /* one of the above types */ -+ int type; -+ union { -+ char *ptr; -+ X509 *x509; -+ X509_CRL *crl; -+ EVP_PKEY *pkey; -+ } data; -+} X509_OBJECT; - - typedef struct x509_lookup_st X509_LOOKUP; - -@@ -136,255 +135,273 @@ DECLARE_STACK_OF(X509_LOOKUP) - DECLARE_STACK_OF(X509_OBJECT) - - /* This is a static that defines the function interface */ --typedef struct x509_lookup_method_st -- { -- const char *name; -- int (*new_item)(X509_LOOKUP *ctx); -- void (*free)(X509_LOOKUP *ctx); -- int (*init)(X509_LOOKUP *ctx); -- int (*shutdown)(X509_LOOKUP *ctx); -- int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl, -- char **ret); -- int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name, -- X509_OBJECT *ret); -- int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name, -- ASN1_INTEGER *serial,X509_OBJECT *ret); -- int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type, -- unsigned char *bytes,int len, -- X509_OBJECT *ret); -- int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len, -- X509_OBJECT *ret); -- } X509_LOOKUP_METHOD; -- --/* This structure hold all parameters associated with a verify operation -- * by including an X509_VERIFY_PARAM structure in related structures the -+typedef struct x509_lookup_method_st { -+ const char *name; -+ int (*new_item) (X509_LOOKUP *ctx); -+ void (*free) (X509_LOOKUP *ctx); -+ int (*init) (X509_LOOKUP *ctx); -+ int (*shutdown) (X509_LOOKUP *ctx); -+ int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, -+ char **ret); -+ int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name, -+ X509_OBJECT *ret); -+ int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name, -+ ASN1_INTEGER *serial, X509_OBJECT *ret); -+ int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type, -+ unsigned char *bytes, int len, -+ X509_OBJECT *ret); -+ int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len, -+ X509_OBJECT *ret); -+} X509_LOOKUP_METHOD; -+ -+/* -+ * This structure hold all parameters associated with a verify operation by -+ * including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ - --typedef struct X509_VERIFY_PARAM_st -- { -- char *name; -- time_t check_time; /* Time to use */ -- unsigned long inh_flags; /* Inheritance flags */ -- unsigned long flags; /* Various verify flags */ -- int purpose; /* purpose to check untrusted certificates */ -- int trust; /* trust setting to check */ -- int depth; /* Verify depth */ -- STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ -- } X509_VERIFY_PARAM; -+typedef struct X509_VERIFY_PARAM_st { -+ char *name; -+ time_t check_time; /* Time to use */ -+ unsigned long inh_flags; /* Inheritance flags */ -+ unsigned long flags; /* Various verify flags */ -+ int purpose; /* purpose to check untrusted certificates */ -+ int trust; /* trust setting to check */ -+ int depth; /* Verify depth */ -+ STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ -+} X509_VERIFY_PARAM; - - DECLARE_STACK_OF(X509_VERIFY_PARAM) - --/* This is used to hold everything. It is used for all certificate -- * validation. Once we have a certificate chain, the 'verify' -- * function is then called to actually check the cert chain. */ --struct x509_store_st -- { -- /* The following is a cache of trusted certs */ -- int cache; /* if true, stash any hits */ -- STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ -- -- /* These are external lookup methods */ -- STACK_OF(X509_LOOKUP) *get_cert_methods; -- -- X509_VERIFY_PARAM *param; -- -- /* Callbacks for various operations */ -- int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ -- int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ -- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ -- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ -- int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ -- int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ -- int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ -- int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ -- int (*cleanup)(X509_STORE_CTX *ctx); -- -- CRYPTO_EX_DATA ex_data; -- int references; -- } /* X509_STORE */; -+/* -+ * This is used to hold everything. It is used for all certificate -+ * validation. Once we have a certificate chain, the 'verify' function is -+ * then called to actually check the cert chain. -+ */ -+struct x509_store_st { -+ /* The following is a cache of trusted certs */ -+ int cache; /* if true, stash any hits */ -+ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ -+ /* These are external lookup methods */ -+ STACK_OF(X509_LOOKUP) *get_cert_methods; -+ X509_VERIFY_PARAM *param; -+ /* Callbacks for various operations */ -+ /* called to verify a certificate */ -+ int (*verify) (X509_STORE_CTX *ctx); -+ /* error callback */ -+ int (*verify_cb) (int ok, X509_STORE_CTX *ctx); -+ /* get issuers cert from ctx */ -+ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); -+ /* check issued */ -+ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); -+ /* Check revocation status of chain */ -+ int (*check_revocation) (X509_STORE_CTX *ctx); -+ /* retrieve CRL */ -+ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); -+ /* Check CRL validity */ -+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); -+ /* Check certificate against CRL */ -+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); -+ int (*cleanup) (X509_STORE_CTX *ctx); -+ CRYPTO_EX_DATA ex_data; -+ int references; -+} /* X509_STORE */ ; - - int X509_STORE_set_depth(X509_STORE *store, int depth); - --#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) --#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) -+# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) -+# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) - - /* This is the functions plus an instance of the local variables. */ --struct x509_lookup_st -- { -- int init; /* have we been started */ -- int skip; /* don't use us. */ -- X509_LOOKUP_METHOD *method; /* the functions */ -- char *method_data; /* method data */ -- -- X509_STORE *store_ctx; /* who owns us */ -- } /* X509_LOOKUP */; -- --/* This is a used when verifying cert chains. Since the -- * gathering of the cert chain can take some time (and have to be -- * 'retried', this needs to be kept and passed around. */ --struct x509_store_ctx_st /* X509_STORE_CTX */ -- { -- X509_STORE *ctx; -- int current_method; /* used when looking up certs */ -- -- /* The following are set by the caller */ -- X509 *cert; /* The cert to check */ -- STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ -- STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ -- -- X509_VERIFY_PARAM *param; -- void *other_ctx; /* Other info for use with get_issuer() */ -- -- /* Callbacks for various operations */ -- int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ -- int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ -- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ -- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ -- int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ -- int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ -- int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ -- int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ -- int (*check_policy)(X509_STORE_CTX *ctx); -- int (*cleanup)(X509_STORE_CTX *ctx); -- -- /* The following is built up */ -- int valid; /* if 0, rebuild chain */ -- int last_untrusted; /* index of last untrusted cert */ -- STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ -- X509_POLICY_TREE *tree; /* Valid policy tree */ -- -- int explicit_policy; /* Require explicit policy value */ -- -- /* When something goes wrong, this is why */ -- int error_depth; -- int error; -- X509 *current_cert; -- X509 *current_issuer; /* cert currently being tested as valid issuer */ -- X509_CRL *current_crl; /* current CRL */ -- -- CRYPTO_EX_DATA ex_data; -- } /* X509_STORE_CTX */; -+struct x509_lookup_st { -+ int init; /* have we been started */ -+ int skip; /* don't use us. */ -+ X509_LOOKUP_METHOD *method; /* the functions */ -+ char *method_data; /* method data */ -+ X509_STORE *store_ctx; /* who owns us */ -+} /* X509_LOOKUP */ ; -+ -+/* -+ * This is a used when verifying cert chains. Since the gathering of the -+ * cert chain can take some time (and have to be 'retried', this needs to be -+ * kept and passed around. -+ */ -+struct x509_store_ctx_st { /* X509_STORE_CTX */ -+ X509_STORE *ctx; -+ /* used when looking up certs */ -+ int current_method; -+ /* The following are set by the caller */ -+ /* The cert to check */ -+ X509 *cert; -+ /* chain of X509s - untrusted - passed in */ -+ STACK_OF(X509) *untrusted; -+ /* set of CRLs passed in */ -+ STACK_OF(X509_CRL) *crls; -+ X509_VERIFY_PARAM *param; -+ /* Other info for use with get_issuer() */ -+ void *other_ctx; -+ /* Callbacks for various operations */ -+ /* called to verify a certificate */ -+ int (*verify) (X509_STORE_CTX *ctx); -+ /* error callback */ -+ int (*verify_cb) (int ok, X509_STORE_CTX *ctx); -+ /* get issuers cert from ctx */ -+ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); -+ /* check issued */ -+ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); -+ /* Check revocation status of chain */ -+ int (*check_revocation) (X509_STORE_CTX *ctx); -+ /* retrieve CRL */ -+ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); -+ /* Check CRL validity */ -+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); -+ /* Check certificate against CRL */ -+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); -+ int (*check_policy) (X509_STORE_CTX *ctx); -+ int (*cleanup) (X509_STORE_CTX *ctx); -+ /* The following is built up */ -+ /* if 0, rebuild chain */ -+ int valid; -+ /* index of last untrusted cert */ -+ int last_untrusted; -+ /* chain of X509s - built up and trusted */ -+ STACK_OF(X509) *chain; -+ /* Valid policy tree */ -+ X509_POLICY_TREE *tree; -+ /* Require explicit policy value */ -+ int explicit_policy; -+ /* When something goes wrong, this is why */ -+ int error_depth; -+ int error; -+ X509 *current_cert; -+ /* cert currently being tested as valid issuer */ -+ X509 *current_issuer; -+ /* current CRL */ -+ X509_CRL *current_crl; -+ CRYPTO_EX_DATA ex_data; -+} /* X509_STORE_CTX */ ; - - void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); - --#define X509_STORE_CTX_set_app_data(ctx,data) \ -- X509_STORE_CTX_set_ex_data(ctx,0,data) --#define X509_STORE_CTX_get_app_data(ctx) \ -- X509_STORE_CTX_get_ex_data(ctx,0) -+# define X509_STORE_CTX_set_app_data(ctx,data) \ -+ X509_STORE_CTX_set_ex_data(ctx,0,data) -+# define X509_STORE_CTX_get_app_data(ctx) \ -+ X509_STORE_CTX_get_ex_data(ctx,0) - --#define X509_L_FILE_LOAD 1 --#define X509_L_ADD_DIR 2 -+# define X509_L_FILE_LOAD 1 -+# define X509_L_ADD_DIR 2 - --#define X509_LOOKUP_load_file(x,name,type) \ -- X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) -+# define X509_LOOKUP_load_file(x,name,type) \ -+ X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) - --#define X509_LOOKUP_add_dir(x,name,type) \ -- X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) -+# define X509_LOOKUP_add_dir(x,name,type) \ -+ X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) - --#define X509_V_OK 0 -+# define X509_V_OK 0 - /* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ - --#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 --#define X509_V_ERR_UNABLE_TO_GET_CRL 3 --#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 --#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 --#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 --#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 --#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 --#define X509_V_ERR_CERT_NOT_YET_VALID 9 --#define X509_V_ERR_CERT_HAS_EXPIRED 10 --#define X509_V_ERR_CRL_NOT_YET_VALID 11 --#define X509_V_ERR_CRL_HAS_EXPIRED 12 --#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 --#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 --#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 --#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 --#define X509_V_ERR_OUT_OF_MEM 17 --#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 --#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 --#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 --#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 --#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 --#define X509_V_ERR_CERT_REVOKED 23 --#define X509_V_ERR_INVALID_CA 24 --#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 --#define X509_V_ERR_INVALID_PURPOSE 26 --#define X509_V_ERR_CERT_UNTRUSTED 27 --#define X509_V_ERR_CERT_REJECTED 28 -+# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -+# define X509_V_ERR_UNABLE_TO_GET_CRL 3 -+# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -+# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -+# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -+# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -+# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -+# define X509_V_ERR_CERT_NOT_YET_VALID 9 -+# define X509_V_ERR_CERT_HAS_EXPIRED 10 -+# define X509_V_ERR_CRL_NOT_YET_VALID 11 -+# define X509_V_ERR_CRL_HAS_EXPIRED 12 -+# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -+# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -+# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -+# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -+# define X509_V_ERR_OUT_OF_MEM 17 -+# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -+# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -+# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -+# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -+# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -+# define X509_V_ERR_CERT_REVOKED 23 -+# define X509_V_ERR_INVALID_CA 24 -+# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -+# define X509_V_ERR_INVALID_PURPOSE 26 -+# define X509_V_ERR_CERT_UNTRUSTED 27 -+# define X509_V_ERR_CERT_REJECTED 28 - /* These are 'informational' when looking for issuer cert */ --#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 --#define X509_V_ERR_AKID_SKID_MISMATCH 30 --#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 --#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -- --#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 --#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 --#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 --#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 --#define X509_V_ERR_INVALID_NON_CA 37 --#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 --#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 --#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -- --#define X509_V_ERR_INVALID_EXTENSION 41 --#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 --#define X509_V_ERR_NO_EXPLICIT_POLICY 43 -- --#define X509_V_ERR_UNNESTED_RESOURCE 44 -+# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 -+# define X509_V_ERR_AKID_SKID_MISMATCH 30 -+# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 -+# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -+ -+# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 -+# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -+# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -+# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 -+# define X509_V_ERR_INVALID_NON_CA 37 -+# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 -+# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -+# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -+ -+# define X509_V_ERR_INVALID_EXTENSION 41 -+# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 -+# define X509_V_ERR_NO_EXPLICIT_POLICY 43 -+ -+# define X509_V_ERR_UNNESTED_RESOURCE 44 - - /* The application is not happy */ --#define X509_V_ERR_APPLICATION_VERIFICATION 50 -+# define X509_V_ERR_APPLICATION_VERIFICATION 50 - - /* Certificate verify flags */ - - /* Send issuer+subject checks to verify_cb */ --#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 -+# define X509_V_FLAG_CB_ISSUER_CHECK 0x1 - /* Use check time instead of current time */ --#define X509_V_FLAG_USE_CHECK_TIME 0x2 -+# define X509_V_FLAG_USE_CHECK_TIME 0x2 - /* Lookup CRLs */ --#define X509_V_FLAG_CRL_CHECK 0x4 -+# define X509_V_FLAG_CRL_CHECK 0x4 - /* Lookup CRLs for whole chain */ --#define X509_V_FLAG_CRL_CHECK_ALL 0x8 -+# define X509_V_FLAG_CRL_CHECK_ALL 0x8 - /* Ignore unhandled critical extensions */ --#define X509_V_FLAG_IGNORE_CRITICAL 0x10 -+# define X509_V_FLAG_IGNORE_CRITICAL 0x10 - /* Disable workarounds for broken certificates */ --#define X509_V_FLAG_X509_STRICT 0x20 -+# define X509_V_FLAG_X509_STRICT 0x20 - /* Enable proxy certificate validation */ --#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 -+# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 - /* Enable policy checking */ --#define X509_V_FLAG_POLICY_CHECK 0x80 -+# define X509_V_FLAG_POLICY_CHECK 0x80 - /* Policy variable require-explicit-policy */ --#define X509_V_FLAG_EXPLICIT_POLICY 0x100 -+# define X509_V_FLAG_EXPLICIT_POLICY 0x100 - /* Policy variable inhibit-any-policy */ --#define X509_V_FLAG_INHIBIT_ANY 0x200 -+# define X509_V_FLAG_INHIBIT_ANY 0x200 - /* Policy variable inhibit-policy-mapping */ --#define X509_V_FLAG_INHIBIT_MAP 0x400 -+# define X509_V_FLAG_INHIBIT_MAP 0x400 - /* Notify callback that policy is OK */ --#define X509_V_FLAG_NOTIFY_POLICY 0x800 -+# define X509_V_FLAG_NOTIFY_POLICY 0x800 - - /* Check selfsigned CA signature */ --#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 -+# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 - --#define X509_VP_FLAG_DEFAULT 0x1 --#define X509_VP_FLAG_OVERWRITE 0x2 --#define X509_VP_FLAG_RESET_FLAGS 0x4 --#define X509_VP_FLAG_LOCKED 0x8 --#define X509_VP_FLAG_ONCE 0x10 -+# define X509_VP_FLAG_DEFAULT 0x1 -+# define X509_VP_FLAG_OVERWRITE 0x2 -+# define X509_VP_FLAG_RESET_FLAGS 0x4 -+# define X509_VP_FLAG_LOCKED 0x8 -+# define X509_VP_FLAG_ONCE 0x10 - - /* Internal use: mask of policy related options */ --#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ -- | X509_V_FLAG_EXPLICIT_POLICY \ -- | X509_V_FLAG_INHIBIT_ANY \ -- | X509_V_FLAG_INHIBIT_MAP) -+# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ -+ | X509_V_FLAG_EXPLICIT_POLICY \ -+ | X509_V_FLAG_INHIBIT_ANY \ -+ | X509_V_FLAG_INHIBIT_MAP) - - int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, -- X509_NAME *name); --X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); --X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); -+ X509_NAME *name); -+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, -+ int type, X509_NAME *name); -+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, -+ X509_OBJECT *x); - void X509_OBJECT_up_ref_count(X509_OBJECT *a); - void X509_OBJECT_free_contents(X509_OBJECT *a); --X509_STORE *X509_STORE_new(void ); -+X509_STORE *X509_STORE_new(void); - void X509_STORE_free(X509_STORE *v); - - int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); -@@ -398,7 +415,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - - void X509_STORE_CTX_free(X509_STORE_CTX *ctx); - int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, -- X509 *x509, STACK_OF(X509) *chain); -+ X509 *x509, STACK_OF(X509) *chain); - void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); - void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); - -@@ -410,61 +427,63 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void); - int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); - int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); - --int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, -- X509_OBJECT *ret); -+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, -+ X509_OBJECT *ret); - - int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, -- long argl, char **ret); -+ long argl, char **ret); - --#ifndef OPENSSL_NO_STDIO -+# ifndef OPENSSL_NO_STDIO - int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); - int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); - int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); --#endif -- -+# endif - - X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); - void X509_LOOKUP_free(X509_LOOKUP *ctx); - int X509_LOOKUP_init(X509_LOOKUP *ctx); - int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, -- X509_OBJECT *ret); -+ X509_OBJECT *ret); - int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, -- ASN1_INTEGER *serial, X509_OBJECT *ret); -+ ASN1_INTEGER *serial, X509_OBJECT *ret); - int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, -- unsigned char *bytes, int len, X509_OBJECT *ret); --int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, -- int len, X509_OBJECT *ret); -+ unsigned char *bytes, int len, -+ X509_OBJECT *ret); -+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, -+ X509_OBJECT *ret); - int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); - --#ifndef OPENSSL_NO_STDIO --int X509_STORE_load_locations (X509_STORE *ctx, -- const char *file, const char *dir); --int X509_STORE_set_default_paths(X509_STORE *ctx); --#endif -- --int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); --int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); --void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); --int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); --void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); --int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); --X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); -+# ifndef OPENSSL_NO_STDIO -+int X509_STORE_load_locations(X509_STORE *ctx, -+ const char *file, const char *dir); -+int X509_STORE_set_default_paths(X509_STORE *ctx); -+# endif -+ -+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, -+ CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); -+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); -+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); -+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); -+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); -+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); - STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); - STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); --void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); --void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); --void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); -+void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); -+void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); -+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); - int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); - int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); - int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, -- int purpose, int trust); -+ int purpose, int trust); - void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); - void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, -- time_t t); -+ time_t t); - void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, -- int (*verify_cb)(int, X509_STORE_CTX *)); -- -+ int (*verify_cb) (int, X509_STORE_CTX *)); -+ - X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); - int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); - -@@ -477,22 +496,23 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); - X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); - void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); - int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, -- const X509_VERIFY_PARAM *from); --int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, -- const X509_VERIFY_PARAM *from); -+ const X509_VERIFY_PARAM *from); -+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, -+ const X509_VERIFY_PARAM *from); - int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); --int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); -+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, -+ unsigned long flags); - int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, -- unsigned long flags); -+ unsigned long flags); - unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); - int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); - int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); - void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); - void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); - int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, -- ASN1_OBJECT *policy); --int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, -- STACK_OF(ASN1_OBJECT) *policies); -+ ASN1_OBJECT *policy); -+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, -+ STACK_OF(ASN1_OBJECT) *policies); - int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); - - int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); -@@ -500,35 +520,37 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); - void X509_VERIFY_PARAM_table_cleanup(void); - - int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, -- STACK_OF(X509) *certs, -- STACK_OF(ASN1_OBJECT) *policy_oids, -- unsigned int flags); -+ STACK_OF(X509) *certs, -+ STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); - - void X509_policy_tree_free(X509_POLICY_TREE *tree); - - int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); --X509_POLICY_LEVEL * -- X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); -+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, -+ int i); - --STACK_OF(X509_POLICY_NODE) * -- X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); -+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const -+ X509_POLICY_TREE -+ *tree); - --STACK_OF(X509_POLICY_NODE) * -- X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); -+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const -+ X509_POLICY_TREE -+ *tree); - - int X509_policy_level_node_count(X509_POLICY_LEVEL *level); - --X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i); -+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, -+ int i); - - const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); - --STACK_OF(POLICYQUALINFO) * -- X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); --const X509_POLICY_NODE * -- X509_policy_node_get0_parent(const X509_POLICY_NODE *node); -+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const -+ X509_POLICY_NODE -+ *node); -+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE -+ *node); - - #ifdef __cplusplus - } - #endif - #endif -- -diff --git a/Cryptlib/Include/openssl/x509v3.h b/Cryptlib/Include/openssl/x509v3.h -index 9ef83da..0eeaa50 100644 ---- a/Cryptlib/Include/openssl/x509v3.h -+++ b/Cryptlib/Include/openssl/x509v3.h -@@ -1,6 +1,7 @@ - /* x509v3.h */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,11 +57,11 @@ - * - */ - #ifndef HEADER_X509V3_H --#define HEADER_X509V3_H -+# define HEADER_X509V3_H - --#include --#include --#include -+# include -+# include -+# include - - #ifdef __cplusplus - extern "C" { -@@ -72,62 +73,66 @@ struct v3_ext_ctx; - - /* Useful typedefs */ - --typedef void * (*X509V3_EXT_NEW)(void); --typedef void (*X509V3_EXT_FREE)(void *); --typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); --typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); --typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); --typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); --typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); --typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); --typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); --typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); -+typedef void *(*X509V3_EXT_NEW)(void); -+typedef void (*X509V3_EXT_FREE) (void *); -+typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); -+typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); -+typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (struct v3_ext_method *method, -+ void *ext, -+ STACK_OF(CONF_VALUE) -+ *extlist); -+typedef void *(*X509V3_EXT_V2I)(struct v3_ext_method *method, -+ struct v3_ext_ctx *ctx, -+ STACK_OF(CONF_VALUE) *values); -+typedef char *(*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); -+typedef void *(*X509V3_EXT_S2I)(struct v3_ext_method *method, -+ struct v3_ext_ctx *ctx, const char *str); -+typedef int (*X509V3_EXT_I2R) (struct v3_ext_method *method, void *ext, -+ BIO *out, int indent); -+typedef void *(*X509V3_EXT_R2I)(struct v3_ext_method *method, -+ struct v3_ext_ctx *ctx, const char *str); - - /* V3 extension structure */ - - struct v3_ext_method { --int ext_nid; --int ext_flags; -+ int ext_nid; -+ int ext_flags; - /* If this is set the following four fields are ignored */ --ASN1_ITEM_EXP *it; -+ ASN1_ITEM_EXP *it; - /* Old style ASN1 calls */ --X509V3_EXT_NEW ext_new; --X509V3_EXT_FREE ext_free; --X509V3_EXT_D2I d2i; --X509V3_EXT_I2D i2d; -- -+ X509V3_EXT_NEW ext_new; -+ X509V3_EXT_FREE ext_free; -+ X509V3_EXT_D2I d2i; -+ X509V3_EXT_I2D i2d; - /* The following pair is used for string extensions */ --X509V3_EXT_I2S i2s; --X509V3_EXT_S2I s2i; -- -+ X509V3_EXT_I2S i2s; -+ X509V3_EXT_S2I s2i; - /* The following pair is used for multi-valued extensions */ --X509V3_EXT_I2V i2v; --X509V3_EXT_V2I v2i; -- -+ X509V3_EXT_I2V i2v; -+ X509V3_EXT_V2I v2i; - /* The following are used for raw extensions */ --X509V3_EXT_I2R i2r; --X509V3_EXT_R2I r2i; -- --void *usr_data; /* Any extension specific data */ -+ X509V3_EXT_I2R i2r; -+ X509V3_EXT_R2I r2i; -+ void *usr_data; /* Any extension specific data */ - }; - - typedef struct X509V3_CONF_METHOD_st { --char * (*get_string)(void *db, char *section, char *value); --STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); --void (*free_string)(void *db, char * string); --void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); -+ char *(*get_string) (void *db, char *section, char *value); -+ STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section); -+ void (*free_string) (void *db, char *string); -+ void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); - } X509V3_CONF_METHOD; - - /* Context specific info */ - struct v3_ext_ctx { --#define CTX_TEST 0x1 --int flags; --X509 *issuer_cert; --X509 *subject_cert; --X509_REQ *subject_req; --X509_CRL *crl; --X509V3_CONF_METHOD *db_meth; --void *db; -+# define CTX_TEST 0x1 -+ int flags; -+ X509 *issuer_cert; -+ X509 *subject_cert; -+ X509_REQ *subject_req; -+ X509_CRL *crl; -+ X509V3_CONF_METHOD *db_meth; -+ void *db; - /* Maybe more here */ - }; - -@@ -136,72 +141,69 @@ typedef struct v3_ext_method X509V3_EXT_METHOD; - DECLARE_STACK_OF(X509V3_EXT_METHOD) - - /* ext_flags values */ --#define X509V3_EXT_DYNAMIC 0x1 --#define X509V3_EXT_CTX_DEP 0x2 --#define X509V3_EXT_MULTILINE 0x4 -+# define X509V3_EXT_DYNAMIC 0x1 -+# define X509V3_EXT_CTX_DEP 0x2 -+# define X509V3_EXT_MULTILINE 0x4 - - typedef BIT_STRING_BITNAME ENUMERATED_NAMES; - - typedef struct BASIC_CONSTRAINTS_st { --int ca; --ASN1_INTEGER *pathlen; -+ int ca; -+ ASN1_INTEGER *pathlen; - } BASIC_CONSTRAINTS; - -- - typedef struct PKEY_USAGE_PERIOD_st { --ASN1_GENERALIZEDTIME *notBefore; --ASN1_GENERALIZEDTIME *notAfter; -+ ASN1_GENERALIZEDTIME *notBefore; -+ ASN1_GENERALIZEDTIME *notAfter; - } PKEY_USAGE_PERIOD; - - typedef struct otherName_st { --ASN1_OBJECT *type_id; --ASN1_TYPE *value; -+ ASN1_OBJECT *type_id; -+ ASN1_TYPE *value; - } OTHERNAME; - - typedef struct EDIPartyName_st { -- ASN1_STRING *nameAssigner; -- ASN1_STRING *partyName; -+ ASN1_STRING *nameAssigner; -+ ASN1_STRING *partyName; - } EDIPARTYNAME; - - typedef struct GENERAL_NAME_st { -- --#define GEN_OTHERNAME 0 --#define GEN_EMAIL 1 --#define GEN_DNS 2 --#define GEN_X400 3 --#define GEN_DIRNAME 4 --#define GEN_EDIPARTY 5 --#define GEN_URI 6 --#define GEN_IPADD 7 --#define GEN_RID 8 -- --int type; --union { -- char *ptr; -- OTHERNAME *otherName; /* otherName */ -- ASN1_IA5STRING *rfc822Name; -- ASN1_IA5STRING *dNSName; -- ASN1_TYPE *x400Address; -- X509_NAME *directoryName; -- EDIPARTYNAME *ediPartyName; -- ASN1_IA5STRING *uniformResourceIdentifier; -- ASN1_OCTET_STRING *iPAddress; -- ASN1_OBJECT *registeredID; -- -- /* Old names */ -- ASN1_OCTET_STRING *ip; /* iPAddress */ -- X509_NAME *dirn; /* dirn */ -- ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ -- ASN1_OBJECT *rid; /* registeredID */ -- ASN1_TYPE *other; /* x400Address */ --} d; -+# define GEN_OTHERNAME 0 -+# define GEN_EMAIL 1 -+# define GEN_DNS 2 -+# define GEN_X400 3 -+# define GEN_DIRNAME 4 -+# define GEN_EDIPARTY 5 -+# define GEN_URI 6 -+# define GEN_IPADD 7 -+# define GEN_RID 8 -+ int type; -+ union { -+ char *ptr; -+ OTHERNAME *otherName; /* otherName */ -+ ASN1_IA5STRING *rfc822Name; -+ ASN1_IA5STRING *dNSName; -+ ASN1_TYPE *x400Address; -+ X509_NAME *directoryName; -+ EDIPARTYNAME *ediPartyName; -+ ASN1_IA5STRING *uniformResourceIdentifier; -+ ASN1_OCTET_STRING *iPAddress; -+ ASN1_OBJECT *registeredID; -+ /* Old names */ -+ ASN1_OCTET_STRING *ip; /* iPAddress */ -+ X509_NAME *dirn; /* dirn */ -+ ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, -+ * uniformResourceIdentifier */ -+ ASN1_OBJECT *rid; /* registeredID */ -+ ASN1_TYPE *other; /* x400Address */ -+ } d; - } GENERAL_NAME; - - typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; - - typedef struct ACCESS_DESCRIPTION_st { -- ASN1_OBJECT *method; -- GENERAL_NAME *location; -+ ASN1_OBJECT *method; -+ GENERAL_NAME *location; - } ACCESS_DESCRIPTION; - - typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; -@@ -215,17 +217,17 @@ DECLARE_STACK_OF(ACCESS_DESCRIPTION) - DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) - - typedef struct DIST_POINT_NAME_st { --int type; --union { -- GENERAL_NAMES *fullname; -- STACK_OF(X509_NAME_ENTRY) *relativename; --} name; -+ int type; -+ union { -+ GENERAL_NAMES *fullname; -+ STACK_OF(X509_NAME_ENTRY) *relativename; -+ } name; - } DIST_POINT_NAME; - - typedef struct DIST_POINT_st { --DIST_POINT_NAME *distpoint; --ASN1_BIT_STRING *reasons; --GENERAL_NAMES *CRLissuer; -+ DIST_POINT_NAME *distpoint; -+ ASN1_BIT_STRING *reasons; -+ GENERAL_NAMES *CRLissuer; - } DIST_POINT; - - typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; -@@ -234,51 +236,51 @@ DECLARE_STACK_OF(DIST_POINT) - DECLARE_ASN1_SET_OF(DIST_POINT) - - typedef struct AUTHORITY_KEYID_st { --ASN1_OCTET_STRING *keyid; --GENERAL_NAMES *issuer; --ASN1_INTEGER *serial; -+ ASN1_OCTET_STRING *keyid; -+ GENERAL_NAMES *issuer; -+ ASN1_INTEGER *serial; - } AUTHORITY_KEYID; - - /* Strong extranet structures */ - - typedef struct SXNET_ID_st { -- ASN1_INTEGER *zone; -- ASN1_OCTET_STRING *user; -+ ASN1_INTEGER *zone; -+ ASN1_OCTET_STRING *user; - } SXNETID; - - DECLARE_STACK_OF(SXNETID) - DECLARE_ASN1_SET_OF(SXNETID) - - typedef struct SXNET_st { -- ASN1_INTEGER *version; -- STACK_OF(SXNETID) *ids; -+ ASN1_INTEGER *version; -+ STACK_OF(SXNETID) *ids; - } SXNET; - - typedef struct NOTICEREF_st { -- ASN1_STRING *organization; -- STACK_OF(ASN1_INTEGER) *noticenos; -+ ASN1_STRING *organization; -+ STACK_OF(ASN1_INTEGER) *noticenos; - } NOTICEREF; - - typedef struct USERNOTICE_st { -- NOTICEREF *noticeref; -- ASN1_STRING *exptext; -+ NOTICEREF *noticeref; -+ ASN1_STRING *exptext; - } USERNOTICE; - - typedef struct POLICYQUALINFO_st { -- ASN1_OBJECT *pqualid; -- union { -- ASN1_IA5STRING *cpsuri; -- USERNOTICE *usernotice; -- ASN1_TYPE *other; -- } d; -+ ASN1_OBJECT *pqualid; -+ union { -+ ASN1_IA5STRING *cpsuri; -+ USERNOTICE *usernotice; -+ ASN1_TYPE *other; -+ } d; - } POLICYQUALINFO; - - DECLARE_STACK_OF(POLICYQUALINFO) - DECLARE_ASN1_SET_OF(POLICYQUALINFO) - - typedef struct POLICYINFO_st { -- ASN1_OBJECT *policyid; -- STACK_OF(POLICYQUALINFO) *qualifiers; -+ ASN1_OBJECT *policyid; -+ STACK_OF(POLICYQUALINFO) *qualifiers; - } POLICYINFO; - - typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; -@@ -287,8 +289,8 @@ DECLARE_STACK_OF(POLICYINFO) - DECLARE_ASN1_SET_OF(POLICYINFO) - - typedef struct POLICY_MAPPING_st { -- ASN1_OBJECT *issuerDomainPolicy; -- ASN1_OBJECT *subjectDomainPolicy; -+ ASN1_OBJECT *issuerDomainPolicy; -+ ASN1_OBJECT *subjectDomainPolicy; - } POLICY_MAPPING; - - DECLARE_STACK_OF(POLICY_MAPPING) -@@ -296,160 +298,155 @@ DECLARE_STACK_OF(POLICY_MAPPING) - typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; - - typedef struct GENERAL_SUBTREE_st { -- GENERAL_NAME *base; -- ASN1_INTEGER *minimum; -- ASN1_INTEGER *maximum; -+ GENERAL_NAME *base; -+ ASN1_INTEGER *minimum; -+ ASN1_INTEGER *maximum; - } GENERAL_SUBTREE; - - DECLARE_STACK_OF(GENERAL_SUBTREE) - - typedef struct NAME_CONSTRAINTS_st { -- STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; -- STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; -+ STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; -+ STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; - } NAME_CONSTRAINTS; - - typedef struct POLICY_CONSTRAINTS_st { -- ASN1_INTEGER *requireExplicitPolicy; -- ASN1_INTEGER *inhibitPolicyMapping; -+ ASN1_INTEGER *requireExplicitPolicy; -+ ASN1_INTEGER *inhibitPolicyMapping; - } POLICY_CONSTRAINTS; - - /* Proxy certificate structures, see RFC 3820 */ --typedef struct PROXY_POLICY_st -- { -- ASN1_OBJECT *policyLanguage; -- ASN1_OCTET_STRING *policy; -- } PROXY_POLICY; -- --typedef struct PROXY_CERT_INFO_EXTENSION_st -- { -- ASN1_INTEGER *pcPathLengthConstraint; -- PROXY_POLICY *proxyPolicy; -- } PROXY_CERT_INFO_EXTENSION; -+typedef struct PROXY_POLICY_st { -+ ASN1_OBJECT *policyLanguage; -+ ASN1_OCTET_STRING *policy; -+} PROXY_POLICY; -+ -+typedef struct PROXY_CERT_INFO_EXTENSION_st { -+ ASN1_INTEGER *pcPathLengthConstraint; -+ PROXY_POLICY *proxyPolicy; -+} PROXY_CERT_INFO_EXTENSION; - - DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) - DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) - -- --#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ -+# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ - ",name:", val->name, ",value:", val->value); - --#define X509V3_set_ctx_test(ctx) \ -- X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) --#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; -- --#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ -- 0,0,0,0, \ -- 0,0, \ -- (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ -- (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ -- NULL, NULL, \ -- table} -+# define X509V3_set_ctx_test(ctx) \ -+ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) -+# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; - --#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ -- 0,0,0,0, \ -- (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ -- (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ -- 0,0,0,0, \ -- NULL} -+# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ -+ 0,0,0,0, \ -+ 0,0, \ -+ (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ -+ (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ -+ NULL, NULL, \ -+ table} - --#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} -+# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ -+ 0,0,0,0, \ -+ (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ -+ (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ -+ 0,0,0,0, \ -+ NULL} - -+# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} - - /* X509_PURPOSE stuff */ - --#define EXFLAG_BCONS 0x1 --#define EXFLAG_KUSAGE 0x2 --#define EXFLAG_XKUSAGE 0x4 --#define EXFLAG_NSCERT 0x8 -+# define EXFLAG_BCONS 0x1 -+# define EXFLAG_KUSAGE 0x2 -+# define EXFLAG_XKUSAGE 0x4 -+# define EXFLAG_NSCERT 0x8 - --#define EXFLAG_CA 0x10 -+# define EXFLAG_CA 0x10 - /* Really self issued not necessarily self signed */ --#define EXFLAG_SI 0x20 --#define EXFLAG_SS 0x20 --#define EXFLAG_V1 0x40 --#define EXFLAG_INVALID 0x80 --#define EXFLAG_SET 0x100 --#define EXFLAG_CRITICAL 0x200 --#define EXFLAG_PROXY 0x400 -- --#define EXFLAG_INVALID_POLICY 0x800 -- --#define KU_DIGITAL_SIGNATURE 0x0080 --#define KU_NON_REPUDIATION 0x0040 --#define KU_KEY_ENCIPHERMENT 0x0020 --#define KU_DATA_ENCIPHERMENT 0x0010 --#define KU_KEY_AGREEMENT 0x0008 --#define KU_KEY_CERT_SIGN 0x0004 --#define KU_CRL_SIGN 0x0002 --#define KU_ENCIPHER_ONLY 0x0001 --#define KU_DECIPHER_ONLY 0x8000 -- --#define NS_SSL_CLIENT 0x80 --#define NS_SSL_SERVER 0x40 --#define NS_SMIME 0x20 --#define NS_OBJSIGN 0x10 --#define NS_SSL_CA 0x04 --#define NS_SMIME_CA 0x02 --#define NS_OBJSIGN_CA 0x01 --#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) -- --#define XKU_SSL_SERVER 0x1 --#define XKU_SSL_CLIENT 0x2 --#define XKU_SMIME 0x4 --#define XKU_CODE_SIGN 0x8 --#define XKU_SGC 0x10 --#define XKU_OCSP_SIGN 0x20 --#define XKU_TIMESTAMP 0x40 --#define XKU_DVCS 0x80 -- --#define X509_PURPOSE_DYNAMIC 0x1 --#define X509_PURPOSE_DYNAMIC_NAME 0x2 -+# define EXFLAG_SI 0x20 -+# define EXFLAG_SS 0x20 -+# define EXFLAG_V1 0x40 -+# define EXFLAG_INVALID 0x80 -+# define EXFLAG_SET 0x100 -+# define EXFLAG_CRITICAL 0x200 -+# define EXFLAG_PROXY 0x400 -+ -+# define EXFLAG_INVALID_POLICY 0x800 -+ -+# define KU_DIGITAL_SIGNATURE 0x0080 -+# define KU_NON_REPUDIATION 0x0040 -+# define KU_KEY_ENCIPHERMENT 0x0020 -+# define KU_DATA_ENCIPHERMENT 0x0010 -+# define KU_KEY_AGREEMENT 0x0008 -+# define KU_KEY_CERT_SIGN 0x0004 -+# define KU_CRL_SIGN 0x0002 -+# define KU_ENCIPHER_ONLY 0x0001 -+# define KU_DECIPHER_ONLY 0x8000 -+ -+# define NS_SSL_CLIENT 0x80 -+# define NS_SSL_SERVER 0x40 -+# define NS_SMIME 0x20 -+# define NS_OBJSIGN 0x10 -+# define NS_SSL_CA 0x04 -+# define NS_SMIME_CA 0x02 -+# define NS_OBJSIGN_CA 0x01 -+# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) -+ -+# define XKU_SSL_SERVER 0x1 -+# define XKU_SSL_CLIENT 0x2 -+# define XKU_SMIME 0x4 -+# define XKU_CODE_SIGN 0x8 -+# define XKU_SGC 0x10 -+# define XKU_OCSP_SIGN 0x20 -+# define XKU_TIMESTAMP 0x40 -+# define XKU_DVCS 0x80 -+ -+# define X509_PURPOSE_DYNAMIC 0x1 -+# define X509_PURPOSE_DYNAMIC_NAME 0x2 - - typedef struct x509_purpose_st { -- int purpose; -- int trust; /* Default trust ID */ -- int flags; -- int (*check_purpose)(const struct x509_purpose_st *, -- const X509 *, int); -- char *name; -- char *sname; -- void *usr_data; -+ int purpose; -+ int trust; /* Default trust ID */ -+ int flags; -+ int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); -+ char *name; -+ char *sname; -+ void *usr_data; - } X509_PURPOSE; - --#define X509_PURPOSE_SSL_CLIENT 1 --#define X509_PURPOSE_SSL_SERVER 2 --#define X509_PURPOSE_NS_SSL_SERVER 3 --#define X509_PURPOSE_SMIME_SIGN 4 --#define X509_PURPOSE_SMIME_ENCRYPT 5 --#define X509_PURPOSE_CRL_SIGN 6 --#define X509_PURPOSE_ANY 7 --#define X509_PURPOSE_OCSP_HELPER 8 -+# define X509_PURPOSE_SSL_CLIENT 1 -+# define X509_PURPOSE_SSL_SERVER 2 -+# define X509_PURPOSE_NS_SSL_SERVER 3 -+# define X509_PURPOSE_SMIME_SIGN 4 -+# define X509_PURPOSE_SMIME_ENCRYPT 5 -+# define X509_PURPOSE_CRL_SIGN 6 -+# define X509_PURPOSE_ANY 7 -+# define X509_PURPOSE_OCSP_HELPER 8 - --#define X509_PURPOSE_MIN 1 --#define X509_PURPOSE_MAX 8 -+# define X509_PURPOSE_MIN 1 -+# define X509_PURPOSE_MAX 8 - - /* Flags for X509V3_EXT_print() */ - --#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) -+# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) - /* Return error for unknown extensions */ --#define X509V3_EXT_DEFAULT 0 -+# define X509V3_EXT_DEFAULT 0 - /* Print error for unknown extensions */ --#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) -+# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) - /* ASN1 parse unknown extensions */ --#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) -+# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) - /* BIO_dump unknown extensions */ --#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) -+# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) - - /* Flags for X509V3_add1_i2d */ - --#define X509V3_ADD_OP_MASK 0xfL --#define X509V3_ADD_DEFAULT 0L --#define X509V3_ADD_APPEND 1L --#define X509V3_ADD_REPLACE 2L --#define X509V3_ADD_REPLACE_EXISTING 3L --#define X509V3_ADD_KEEP_EXISTING 4L --#define X509V3_ADD_DELETE 5L --#define X509V3_ADD_SILENT 0x10 -+# define X509V3_ADD_OP_MASK 0xfL -+# define X509V3_ADD_DEFAULT 0L -+# define X509V3_ADD_APPEND 1L -+# define X509V3_ADD_REPLACE 2L -+# define X509V3_ADD_REPLACE_EXISTING 3L -+# define X509V3_ADD_KEEP_EXISTING 4L -+# define X509V3_ADD_DELETE 5L -+# define X509V3_ADD_SILENT 0x10 - - DECLARE_STACK_OF(X509_PURPOSE) - -@@ -458,9 +455,11 @@ DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) - DECLARE_ASN1_FUNCTIONS(SXNET) - DECLARE_ASN1_FUNCTIONS(SXNETID) - --int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); --int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); --int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); -+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); -+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, -+ int userlen); -+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, -+ int userlen); - - ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); - ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); -@@ -472,31 +471,36 @@ DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) - - DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) - -- - ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval); - STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, -- ASN1_BIT_STRING *bits, -- STACK_OF(CONF_VALUE) *extlist); -+ ASN1_BIT_STRING *bits, -+ STACK_OF(CONF_VALUE) *extlist); - --STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); -+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, -+ GENERAL_NAME *gen, -+ STACK_OF(CONF_VALUE) *ret); - int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); - - DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) - - STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, -- GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); --GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -+ GENERAL_NAMES *gen, -+ STACK_OF(CONF_VALUE) *extlist); -+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval); - - DECLARE_ASN1_FUNCTIONS(OTHERNAME) - DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) - --char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); --ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); -+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, -+ ASN1_OCTET_STRING *ia5); -+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, char *str); - - DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) --int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); -+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a); - - DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) - DECLARE_ASN1_FUNCTIONS(POLICYINFO) -@@ -524,53 +528,66 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) - DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) - DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) - --#ifdef HEADER_CONF_H -+# ifdef HEADER_CONF_H - GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -- CONF_VALUE *cnf); --GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); -+ CONF_VALUE *cnf); -+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, -+ X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -+ CONF_VALUE *cnf, int is_nc); - void X509V3_conf_free(CONF_VALUE *val); - --X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); --X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); --int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); --int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); --int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); --int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); -- --X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); --X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); --int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); --int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); --int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); -+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, -+ char *value); -+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, -+ char *value); -+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, -+ STACK_OF(X509_EXTENSION) **sk); -+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, -+ X509 *cert); -+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, -+ X509_REQ *req); -+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, -+ X509_CRL *crl); -+ -+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, -+ char *value); -+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, -+ char *value); -+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, -+ X509 *cert); -+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, -+ X509_REQ *req); -+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, -+ X509_CRL *crl); - - int X509V3_add_value_bool_nf(char *name, int asn1_bool, -- STACK_OF(CONF_VALUE) **extlist); -+ STACK_OF(CONF_VALUE) **extlist); - int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); - int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); - void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); - void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); --#endif -+# endif - --char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); --STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); -+char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); -+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section); - void X509V3_string_free(X509V3_CTX *ctx, char *str); --void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); -+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); - void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, -- X509_REQ *req, X509_CRL *crl, int flags); -+ X509_REQ *req, X509_CRL *crl, int flags); - - int X509V3_add_value(const char *name, const char *value, -- STACK_OF(CONF_VALUE) **extlist); -+ STACK_OF(CONF_VALUE) **extlist); - int X509V3_add_value_uchar(const char *name, const unsigned char *value, -- STACK_OF(CONF_VALUE) **extlist); -+ STACK_OF(CONF_VALUE) **extlist); - int X509V3_add_value_bool(const char *name, int asn1_bool, -- STACK_OF(CONF_VALUE) **extlist); -+ STACK_OF(CONF_VALUE) **extlist); - int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, -- STACK_OF(CONF_VALUE) **extlist); --char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); --ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); --char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); --char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); -+ STACK_OF(CONF_VALUE) **extlist); -+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); -+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); -+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); -+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, -+ ASN1_ENUMERATED *aint); - int X509V3_EXT_add(X509V3_EXT_METHOD *ext); - int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); - int X509V3_EXT_add_alias(int nid_to, int nid_from); -@@ -581,22 +598,26 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); - int X509V3_add_standard_extensions(void); - STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); - void *X509V3_EXT_d2i(X509_EXTENSION *ext); --void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); -- -+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, -+ int *idx); - - X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); --int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, -+ int crit, unsigned long flags); - - char *hex_to_string(unsigned char *buffer, long len); - unsigned char *string_to_hex(char *str, long *len); - int name_cmp(const char *name, const char *cmp); - - void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, -- int ml); --int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); -+ int ml); -+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, -+ int indent); - int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - --int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); -+int X509V3_extensions_print(BIO *out, char *title, -+ STACK_OF(X509_EXTENSION) *exts, -+ unsigned long flag, int indent); - - int X509_check_ca(X509 *x); - int X509_check_purpose(X509 *x, int id, int ca); -@@ -604,12 +625,12 @@ int X509_supported_extension(X509_EXTENSION *ex); - int X509_PURPOSE_set(int *p, int purpose); - int X509_check_issued(X509 *issuer, X509 *subject); - int X509_PURPOSE_get_count(void); --X509_PURPOSE * X509_PURPOSE_get0(int idx); -+X509_PURPOSE *X509_PURPOSE_get0(int idx); - int X509_PURPOSE_get_by_sname(char *sname); - int X509_PURPOSE_get_by_id(int id); - int X509_PURPOSE_add(int id, int trust, int flags, -- int (*ck)(const X509_PURPOSE *, const X509 *, int), -- char *name, char *sname, void *arg); -+ int (*ck) (const X509_PURPOSE *, const X509 *, int), -+ char *name, char *sname, void *arg); - char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); - char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); - int X509_PURPOSE_get_trust(X509_PURPOSE *xp); -@@ -618,50 +639,50 @@ int X509_PURPOSE_get_id(X509_PURPOSE *); - - STACK *X509_get1_email(X509 *x); - STACK *X509_REQ_get1_email(X509_REQ *x); --void X509_email_free(STACK *sk); -+void X509_email_free(STACK * sk); - STACK *X509_get1_ocsp(X509 *x); - - ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); - ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); - int a2i_ipadd(unsigned char *ipout, const char *ipasc); --int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, -- unsigned long chtype); -+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, -+ unsigned long chtype); - - void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); - --#ifndef OPENSSL_NO_RFC3779 -+# ifndef OPENSSL_NO_RFC3779 - - typedef struct ASRange_st { -- ASN1_INTEGER *min, *max; -+ ASN1_INTEGER *min, *max; - } ASRange; - --#define ASIdOrRange_id 0 --#define ASIdOrRange_range 1 -+# define ASIdOrRange_id 0 -+# define ASIdOrRange_range 1 - - typedef struct ASIdOrRange_st { -- int type; -- union { -- ASN1_INTEGER *id; -- ASRange *range; -- } u; -+ int type; -+ union { -+ ASN1_INTEGER *id; -+ ASRange *range; -+ } u; - } ASIdOrRange; - - typedef STACK_OF(ASIdOrRange) ASIdOrRanges; - DECLARE_STACK_OF(ASIdOrRange) - --#define ASIdentifierChoice_inherit 0 --#define ASIdentifierChoice_asIdsOrRanges 1 -+# define ASIdentifierChoice_inherit 0 -+# define ASIdentifierChoice_asIdsOrRanges 1 - - typedef struct ASIdentifierChoice_st { -- int type; -- union { -- ASN1_NULL *inherit; -- ASIdOrRanges *asIdsOrRanges; -- } u; -+ int type; -+ union { -+ ASN1_NULL *inherit; -+ ASIdOrRanges *asIdsOrRanges; -+ } u; - } ASIdentifierChoice; - - typedef struct ASIdentifiers_st { -- ASIdentifierChoice *asnum, *rdi; -+ ASIdentifierChoice *asnum, *rdi; - } ASIdentifiers; - - DECLARE_ASN1_FUNCTIONS(ASRange) -@@ -669,39 +690,38 @@ DECLARE_ASN1_FUNCTIONS(ASIdOrRange) - DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) - DECLARE_ASN1_FUNCTIONS(ASIdentifiers) - -- - typedef struct IPAddressRange_st { -- ASN1_BIT_STRING *min, *max; -+ ASN1_BIT_STRING *min, *max; - } IPAddressRange; - --#define IPAddressOrRange_addressPrefix 0 --#define IPAddressOrRange_addressRange 1 -+# define IPAddressOrRange_addressPrefix 0 -+# define IPAddressOrRange_addressRange 1 - - typedef struct IPAddressOrRange_st { -- int type; -- union { -- ASN1_BIT_STRING *addressPrefix; -- IPAddressRange *addressRange; -- } u; -+ int type; -+ union { -+ ASN1_BIT_STRING *addressPrefix; -+ IPAddressRange *addressRange; -+ } u; - } IPAddressOrRange; - - typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; - DECLARE_STACK_OF(IPAddressOrRange) - --#define IPAddressChoice_inherit 0 --#define IPAddressChoice_addressesOrRanges 1 -+# define IPAddressChoice_inherit 0 -+# define IPAddressChoice_addressesOrRanges 1 - - typedef struct IPAddressChoice_st { -- int type; -- union { -- ASN1_NULL *inherit; -- IPAddressOrRanges *addressesOrRanges; -- } u; -+ int type; -+ union { -+ ASN1_NULL *inherit; -+ IPAddressOrRanges *addressesOrRanges; -+ } u; - } IPAddressChoice; - - typedef struct IPAddressFamily_st { -- ASN1_OCTET_STRING *addressFamily; -- IPAddressChoice *ipAddressChoice; -+ ASN1_OCTET_STRING *addressFamily; -+ IPAddressChoice *ipAddressChoice; - } IPAddressFamily; - - typedef STACK_OF(IPAddressFamily) IPAddrBlocks; -@@ -715,8 +735,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) - /* - * API tag for elements of the ASIdentifer SEQUENCE. - */ --#define V3_ASID_ASNUM 0 --#define V3_ASID_RDI 1 -+# define V3_ASID_ASNUM 0 -+# define V3_ASID_RDI 1 - - /* - * AFI values, assigned by IANA. It'd be nice to make the AFI -@@ -724,8 +744,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) - * that would need to be defined for other address families for it to - * be worth the trouble. - */ --#define IANA_AFI_IPV4 1 --#define IANA_AFI_IPV6 2 -+# define IANA_AFI_IPV4 1 -+# define IANA_AFI_IPV6 2 - - /* - * Utilities to construct and extract values from RFC3779 extensions, -@@ -734,19 +754,19 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) - */ - int v3_asid_add_inherit(ASIdentifiers *asid, int which); - int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, -- ASN1_INTEGER *min, ASN1_INTEGER *max); -+ ASN1_INTEGER *min, ASN1_INTEGER *max); - int v3_addr_add_inherit(IPAddrBlocks *addr, -- const unsigned afi, const unsigned *safi); -+ const unsigned afi, const unsigned *safi); - int v3_addr_add_prefix(IPAddrBlocks *addr, -- const unsigned afi, const unsigned *safi, -- unsigned char *a, const int prefixlen); -+ const unsigned afi, const unsigned *safi, -+ unsigned char *a, const int prefixlen); - int v3_addr_add_range(IPAddrBlocks *addr, -- const unsigned afi, const unsigned *safi, -- unsigned char *min, unsigned char *max); -+ const unsigned afi, const unsigned *safi, -+ unsigned char *min, unsigned char *max); - unsigned v3_addr_get_afi(const IPAddressFamily *f); - int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, -- unsigned char *min, unsigned char *max, -- const int length); -+ unsigned char *min, unsigned char *max, -+ const int length); - - /* - * Canonical forms. -@@ -770,16 +790,15 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); - int v3_asid_validate_path(X509_STORE_CTX *); - int v3_addr_validate_path(X509_STORE_CTX *); - int v3_asid_validate_resource_set(STACK_OF(X509) *chain, -- ASIdentifiers *ext, -- int allow_inheritance); -+ ASIdentifiers *ext, int allow_inheritance); - int v3_addr_validate_resource_set(STACK_OF(X509) *chain, -- IPAddrBlocks *ext, -- int allow_inheritance); -+ IPAddrBlocks *ext, int allow_inheritance); - --#endif /* OPENSSL_NO_RFC3779 */ -+# endif /* OPENSSL_NO_RFC3779 */ - - /* BEGIN ERROR CODES */ --/* The following lines are auto generated by the script mkerr.pl. Any changes -+/* -+ * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - void ERR_load_X509V3_strings(void); -@@ -787,134 +806,134 @@ void ERR_load_X509V3_strings(void); - /* Error codes for the X509V3 functions. */ - - /* Function codes. */ --#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 --#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 --#define X509V3_F_COPY_EMAIL 122 --#define X509V3_F_COPY_ISSUER 123 --#define X509V3_F_DO_DIRNAME 144 --#define X509V3_F_DO_EXT_CONF 124 --#define X509V3_F_DO_EXT_I2D 135 --#define X509V3_F_DO_EXT_NCONF 151 --#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 --#define X509V3_F_HEX_TO_STRING 111 --#define X509V3_F_I2S_ASN1_ENUMERATED 121 --#define X509V3_F_I2S_ASN1_IA5STRING 149 --#define X509V3_F_I2S_ASN1_INTEGER 120 --#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 --#define X509V3_F_NOTICE_SECTION 132 --#define X509V3_F_NREF_NOS 133 --#define X509V3_F_POLICY_SECTION 131 --#define X509V3_F_PROCESS_PCI_VALUE 150 --#define X509V3_F_R2I_CERTPOL 130 --#define X509V3_F_R2I_PCI 155 --#define X509V3_F_S2I_ASN1_IA5STRING 100 --#define X509V3_F_S2I_ASN1_INTEGER 108 --#define X509V3_F_S2I_ASN1_OCTET_STRING 112 --#define X509V3_F_S2I_ASN1_SKEY_ID 114 --#define X509V3_F_S2I_SKEY_ID 115 --#define X509V3_F_STRING_TO_HEX 113 --#define X509V3_F_SXNET_ADD_ID_ASC 125 --#define X509V3_F_SXNET_ADD_ID_INTEGER 126 --#define X509V3_F_SXNET_ADD_ID_ULONG 127 --#define X509V3_F_SXNET_GET_ID_ASC 128 --#define X509V3_F_SXNET_GET_ID_ULONG 129 --#define X509V3_F_V2I_ASIDENTIFIERS 158 --#define X509V3_F_V2I_ASN1_BIT_STRING 101 --#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 --#define X509V3_F_V2I_AUTHORITY_KEYID 119 --#define X509V3_F_V2I_BASIC_CONSTRAINTS 102 --#define X509V3_F_V2I_CRLD 134 --#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 --#define X509V3_F_V2I_GENERAL_NAMES 118 --#define X509V3_F_V2I_GENERAL_NAME_EX 117 --#define X509V3_F_V2I_IPADDRBLOCKS 159 --#define X509V3_F_V2I_ISSUER_ALT 153 --#define X509V3_F_V2I_NAME_CONSTRAINTS 147 --#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 --#define X509V3_F_V2I_POLICY_MAPPINGS 145 --#define X509V3_F_V2I_SUBJECT_ALT 154 --#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 --#define X509V3_F_V3_GENERIC_EXTENSION 116 --#define X509V3_F_X509V3_ADD1_I2D 140 --#define X509V3_F_X509V3_ADD_VALUE 105 --#define X509V3_F_X509V3_EXT_ADD 104 --#define X509V3_F_X509V3_EXT_ADD_ALIAS 106 --#define X509V3_F_X509V3_EXT_CONF 107 --#define X509V3_F_X509V3_EXT_I2D 136 --#define X509V3_F_X509V3_EXT_NCONF 152 --#define X509V3_F_X509V3_GET_SECTION 142 --#define X509V3_F_X509V3_GET_STRING 143 --#define X509V3_F_X509V3_GET_VALUE_BOOL 110 --#define X509V3_F_X509V3_PARSE_LIST 109 --#define X509V3_F_X509_PURPOSE_ADD 137 --#define X509V3_F_X509_PURPOSE_SET 141 -+# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 -+# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 -+# define X509V3_F_COPY_EMAIL 122 -+# define X509V3_F_COPY_ISSUER 123 -+# define X509V3_F_DO_DIRNAME 144 -+# define X509V3_F_DO_EXT_CONF 124 -+# define X509V3_F_DO_EXT_I2D 135 -+# define X509V3_F_DO_EXT_NCONF 151 -+# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 -+# define X509V3_F_HEX_TO_STRING 111 -+# define X509V3_F_I2S_ASN1_ENUMERATED 121 -+# define X509V3_F_I2S_ASN1_IA5STRING 149 -+# define X509V3_F_I2S_ASN1_INTEGER 120 -+# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 -+# define X509V3_F_NOTICE_SECTION 132 -+# define X509V3_F_NREF_NOS 133 -+# define X509V3_F_POLICY_SECTION 131 -+# define X509V3_F_PROCESS_PCI_VALUE 150 -+# define X509V3_F_R2I_CERTPOL 130 -+# define X509V3_F_R2I_PCI 155 -+# define X509V3_F_S2I_ASN1_IA5STRING 100 -+# define X509V3_F_S2I_ASN1_INTEGER 108 -+# define X509V3_F_S2I_ASN1_OCTET_STRING 112 -+# define X509V3_F_S2I_ASN1_SKEY_ID 114 -+# define X509V3_F_S2I_SKEY_ID 115 -+# define X509V3_F_STRING_TO_HEX 113 -+# define X509V3_F_SXNET_ADD_ID_ASC 125 -+# define X509V3_F_SXNET_ADD_ID_INTEGER 126 -+# define X509V3_F_SXNET_ADD_ID_ULONG 127 -+# define X509V3_F_SXNET_GET_ID_ASC 128 -+# define X509V3_F_SXNET_GET_ID_ULONG 129 -+# define X509V3_F_V2I_ASIDENTIFIERS 158 -+# define X509V3_F_V2I_ASN1_BIT_STRING 101 -+# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 -+# define X509V3_F_V2I_AUTHORITY_KEYID 119 -+# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 -+# define X509V3_F_V2I_CRLD 134 -+# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 -+# define X509V3_F_V2I_GENERAL_NAMES 118 -+# define X509V3_F_V2I_GENERAL_NAME_EX 117 -+# define X509V3_F_V2I_IPADDRBLOCKS 159 -+# define X509V3_F_V2I_ISSUER_ALT 153 -+# define X509V3_F_V2I_NAME_CONSTRAINTS 147 -+# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 -+# define X509V3_F_V2I_POLICY_MAPPINGS 145 -+# define X509V3_F_V2I_SUBJECT_ALT 154 -+# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 -+# define X509V3_F_V3_GENERIC_EXTENSION 116 -+# define X509V3_F_X509V3_ADD1_I2D 140 -+# define X509V3_F_X509V3_ADD_VALUE 105 -+# define X509V3_F_X509V3_EXT_ADD 104 -+# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 -+# define X509V3_F_X509V3_EXT_CONF 107 -+# define X509V3_F_X509V3_EXT_I2D 136 -+# define X509V3_F_X509V3_EXT_NCONF 152 -+# define X509V3_F_X509V3_GET_SECTION 142 -+# define X509V3_F_X509V3_GET_STRING 143 -+# define X509V3_F_X509V3_GET_VALUE_BOOL 110 -+# define X509V3_F_X509V3_PARSE_LIST 109 -+# define X509V3_F_X509_PURPOSE_ADD 137 -+# define X509V3_F_X509_PURPOSE_SET 141 - - /* Reason codes. */ --#define X509V3_R_BAD_IP_ADDRESS 118 --#define X509V3_R_BAD_OBJECT 119 --#define X509V3_R_BN_DEC2BN_ERROR 100 --#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 --#define X509V3_R_DIRNAME_ERROR 149 --#define X509V3_R_DUPLICATE_ZONE_ID 133 --#define X509V3_R_ERROR_CONVERTING_ZONE 131 --#define X509V3_R_ERROR_CREATING_EXTENSION 144 --#define X509V3_R_ERROR_IN_EXTENSION 128 --#define X509V3_R_EXPECTED_A_SECTION_NAME 137 --#define X509V3_R_EXTENSION_EXISTS 145 --#define X509V3_R_EXTENSION_NAME_ERROR 115 --#define X509V3_R_EXTENSION_NOT_FOUND 102 --#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 --#define X509V3_R_EXTENSION_VALUE_ERROR 116 --#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 --#define X509V3_R_ILLEGAL_HEX_DIGIT 113 --#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 --#define X509V3_R_INVALID_ASNUMBER 160 --#define X509V3_R_INVALID_ASRANGE 161 --#define X509V3_R_INVALID_BOOLEAN_STRING 104 --#define X509V3_R_INVALID_EXTENSION_STRING 105 --#define X509V3_R_INVALID_INHERITANCE 162 --#define X509V3_R_INVALID_IPADDRESS 163 --#define X509V3_R_INVALID_NAME 106 --#define X509V3_R_INVALID_NULL_ARGUMENT 107 --#define X509V3_R_INVALID_NULL_NAME 108 --#define X509V3_R_INVALID_NULL_VALUE 109 --#define X509V3_R_INVALID_NUMBER 140 --#define X509V3_R_INVALID_NUMBERS 141 --#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 --#define X509V3_R_INVALID_OPTION 138 --#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 --#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 --#define X509V3_R_INVALID_PURPOSE 146 --#define X509V3_R_INVALID_SAFI 164 --#define X509V3_R_INVALID_SECTION 135 --#define X509V3_R_INVALID_SYNTAX 143 --#define X509V3_R_ISSUER_DECODE_ERROR 126 --#define X509V3_R_MISSING_VALUE 124 --#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 --#define X509V3_R_NO_CONFIG_DATABASE 136 --#define X509V3_R_NO_ISSUER_CERTIFICATE 121 --#define X509V3_R_NO_ISSUER_DETAILS 127 --#define X509V3_R_NO_POLICY_IDENTIFIER 139 --#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 --#define X509V3_R_NO_PUBLIC_KEY 114 --#define X509V3_R_NO_SUBJECT_DETAILS 125 --#define X509V3_R_ODD_NUMBER_OF_DIGITS 112 --#define X509V3_R_OPERATION_NOT_DEFINED 148 --#define X509V3_R_OTHERNAME_ERROR 147 --#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 --#define X509V3_R_POLICY_PATH_LENGTH 156 --#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 --#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 --#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 --#define X509V3_R_SECTION_NOT_FOUND 150 --#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 --#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 --#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 --#define X509V3_R_UNKNOWN_EXTENSION 129 --#define X509V3_R_UNKNOWN_EXTENSION_NAME 130 --#define X509V3_R_UNKNOWN_OPTION 120 --#define X509V3_R_UNSUPPORTED_OPTION 117 --#define X509V3_R_USER_TOO_LONG 132 -+# define X509V3_R_BAD_IP_ADDRESS 118 -+# define X509V3_R_BAD_OBJECT 119 -+# define X509V3_R_BN_DEC2BN_ERROR 100 -+# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 -+# define X509V3_R_DIRNAME_ERROR 149 -+# define X509V3_R_DUPLICATE_ZONE_ID 133 -+# define X509V3_R_ERROR_CONVERTING_ZONE 131 -+# define X509V3_R_ERROR_CREATING_EXTENSION 144 -+# define X509V3_R_ERROR_IN_EXTENSION 128 -+# define X509V3_R_EXPECTED_A_SECTION_NAME 137 -+# define X509V3_R_EXTENSION_EXISTS 145 -+# define X509V3_R_EXTENSION_NAME_ERROR 115 -+# define X509V3_R_EXTENSION_NOT_FOUND 102 -+# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 -+# define X509V3_R_EXTENSION_VALUE_ERROR 116 -+# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 -+# define X509V3_R_ILLEGAL_HEX_DIGIT 113 -+# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 -+# define X509V3_R_INVALID_ASNUMBER 160 -+# define X509V3_R_INVALID_ASRANGE 161 -+# define X509V3_R_INVALID_BOOLEAN_STRING 104 -+# define X509V3_R_INVALID_EXTENSION_STRING 105 -+# define X509V3_R_INVALID_INHERITANCE 162 -+# define X509V3_R_INVALID_IPADDRESS 163 -+# define X509V3_R_INVALID_NAME 106 -+# define X509V3_R_INVALID_NULL_ARGUMENT 107 -+# define X509V3_R_INVALID_NULL_NAME 108 -+# define X509V3_R_INVALID_NULL_VALUE 109 -+# define X509V3_R_INVALID_NUMBER 140 -+# define X509V3_R_INVALID_NUMBERS 141 -+# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 -+# define X509V3_R_INVALID_OPTION 138 -+# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 -+# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 -+# define X509V3_R_INVALID_PURPOSE 146 -+# define X509V3_R_INVALID_SAFI 164 -+# define X509V3_R_INVALID_SECTION 135 -+# define X509V3_R_INVALID_SYNTAX 143 -+# define X509V3_R_ISSUER_DECODE_ERROR 126 -+# define X509V3_R_MISSING_VALUE 124 -+# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 -+# define X509V3_R_NO_CONFIG_DATABASE 136 -+# define X509V3_R_NO_ISSUER_CERTIFICATE 121 -+# define X509V3_R_NO_ISSUER_DETAILS 127 -+# define X509V3_R_NO_POLICY_IDENTIFIER 139 -+# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 -+# define X509V3_R_NO_PUBLIC_KEY 114 -+# define X509V3_R_NO_SUBJECT_DETAILS 125 -+# define X509V3_R_ODD_NUMBER_OF_DIGITS 112 -+# define X509V3_R_OPERATION_NOT_DEFINED 148 -+# define X509V3_R_OTHERNAME_ERROR 147 -+# define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 -+# define X509V3_R_POLICY_PATH_LENGTH 156 -+# define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 -+# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 -+# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 -+# define X509V3_R_SECTION_NOT_FOUND 150 -+# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 -+# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 -+# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 -+# define X509V3_R_UNKNOWN_EXTENSION 129 -+# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 -+# define X509V3_R_UNKNOWN_OPTION 120 -+# define X509V3_R_UNSUPPORTED_OPTION 117 -+# define X509V3_R_USER_TOO_LONG 132 - - #ifdef __cplusplus - } -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c -index 373864c..dff5cd8 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,73 +61,74 @@ - - #if !defined(OPENSSL_FIPS_AES_ASM) - void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, const int enc) { -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, const int enc) -+{ - -- unsigned long n; -- unsigned long len = length; -- unsigned char tmp[AES_BLOCK_SIZE]; -- const unsigned char *iv = ivec; -+ unsigned long n; -+ unsigned long len = length; -+ unsigned char tmp[AES_BLOCK_SIZE]; -+ const unsigned char *iv = ivec; - -- assert(in && out && key && ivec); -- assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); -+ assert(in && out && key && ivec); -+ assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); - -- if (AES_ENCRYPT == enc) { -- while (len >= AES_BLOCK_SIZE) { -- for(n=0; n < AES_BLOCK_SIZE; ++n) -- out[n] = in[n] ^ iv[n]; -- AES_encrypt(out, out, key); -- iv = out; -- len -= AES_BLOCK_SIZE; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -- if (len) { -- for(n=0; n < len; ++n) -- out[n] = in[n] ^ iv[n]; -- for(n=len; n < AES_BLOCK_SIZE; ++n) -- out[n] = iv[n]; -- AES_encrypt(out, out, key); -- iv = out; -- } -- memcpy(ivec,iv,AES_BLOCK_SIZE); -- } else if (in != out) { -- while (len >= AES_BLOCK_SIZE) { -- AES_decrypt(in, out, key); -- for(n=0; n < AES_BLOCK_SIZE; ++n) -- out[n] ^= iv[n]; -- iv = in; -- len -= AES_BLOCK_SIZE; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -- if (len) { -- AES_decrypt(in,tmp,key); -- for(n=0; n < len; ++n) -- out[n] = tmp[n] ^ iv[n]; -- iv = in; -- } -- memcpy(ivec,iv,AES_BLOCK_SIZE); -- } else { -- while (len >= AES_BLOCK_SIZE) { -- memcpy(tmp, in, AES_BLOCK_SIZE); -- AES_decrypt(in, out, key); -- for(n=0; n < AES_BLOCK_SIZE; ++n) -- out[n] ^= ivec[n]; -- memcpy(ivec, tmp, AES_BLOCK_SIZE); -- len -= AES_BLOCK_SIZE; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -- if (len) { -- memcpy(tmp, in, AES_BLOCK_SIZE); -- AES_decrypt(tmp, out, key); -- for(n=0; n < len; ++n) -- out[n] ^= ivec[n]; -- for(n=len; n < AES_BLOCK_SIZE; ++n) -- out[n] = tmp[n]; -- memcpy(ivec, tmp, AES_BLOCK_SIZE); -- } -- } -+ if (AES_ENCRYPT == enc) { -+ while (len >= AES_BLOCK_SIZE) { -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] = in[n] ^ iv[n]; -+ AES_encrypt(out, out, key); -+ iv = out; -+ len -= AES_BLOCK_SIZE; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } -+ if (len) { -+ for (n = 0; n < len; ++n) -+ out[n] = in[n] ^ iv[n]; -+ for (n = len; n < AES_BLOCK_SIZE; ++n) -+ out[n] = iv[n]; -+ AES_encrypt(out, out, key); -+ iv = out; -+ } -+ memcpy(ivec, iv, AES_BLOCK_SIZE); -+ } else if (in != out) { -+ while (len >= AES_BLOCK_SIZE) { -+ AES_decrypt(in, out, key); -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] ^= iv[n]; -+ iv = in; -+ len -= AES_BLOCK_SIZE; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } -+ if (len) { -+ AES_decrypt(in, tmp, key); -+ for (n = 0; n < len; ++n) -+ out[n] = tmp[n] ^ iv[n]; -+ iv = in; -+ } -+ memcpy(ivec, iv, AES_BLOCK_SIZE); -+ } else { -+ while (len >= AES_BLOCK_SIZE) { -+ memcpy(tmp, in, AES_BLOCK_SIZE); -+ AES_decrypt(in, out, key); -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] ^= ivec[n]; -+ memcpy(ivec, tmp, AES_BLOCK_SIZE); -+ len -= AES_BLOCK_SIZE; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } -+ if (len) { -+ memcpy(tmp, in, AES_BLOCK_SIZE); -+ AES_decrypt(tmp, out, key); -+ for (n = 0; n < len; ++n) -+ out[n] ^= ivec[n]; -+ for (n = len; n < AES_BLOCK_SIZE; ++n) -+ out[n] = tmp[n]; -+ memcpy(ivec, tmp, AES_BLOCK_SIZE); -+ } -+ } - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c -index 9384ba6..ded1aa0 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,21 +54,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -83,10 +83,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -98,7 +98,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -116,109 +116,113 @@ - #include "aes_locl.h" - #include "e_os.h" - --/* The input and output encrypted as though 128bit cfb mode is being -- * used. The extra state information to record how much of the -- * 128bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 128bit cfb mode is being used. -+ * The extra state information to record how much of the 128bit block we have -+ * used is contained in *num; - */ - - void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, int *num, const int enc) { -- -- unsigned int n; -- unsigned long l = length; -- unsigned char c; -- -- assert(in && out && key && ivec && num); -- -- n = *num; -- -- if (enc) { -- while (l--) { -- if (n == 0) { -- AES_encrypt(ivec, ivec, key); -- } -- ivec[n] = *(out++) = *(in++) ^ ivec[n]; -- n = (n+1) % AES_BLOCK_SIZE; -- } -- } else { -- while (l--) { -- if (n == 0) { -- AES_encrypt(ivec, ivec, key); -- } -- c = *(in); -- *(out++) = *(in++) ^ ivec[n]; -- ivec[n] = c; -- n = (n+1) % AES_BLOCK_SIZE; -- } -- } -- -- *num=n; -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, int *num, const int enc) -+{ -+ -+ unsigned int n; -+ unsigned long l = length; -+ unsigned char c; -+ -+ assert(in && out && key && ivec && num); -+ -+ n = *num; -+ -+ if (enc) { -+ while (l--) { -+ if (n == 0) { -+ AES_encrypt(ivec, ivec, key); -+ } -+ ivec[n] = *(out++) = *(in++) ^ ivec[n]; -+ n = (n + 1) % AES_BLOCK_SIZE; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ AES_encrypt(ivec, ivec, key); -+ } -+ c = *(in); -+ *(out++) = *(in++) ^ ivec[n]; -+ ivec[n] = c; -+ n = (n + 1) % AES_BLOCK_SIZE; -+ } -+ } -+ -+ *num = n; - } - --/* This expects a single block of size nbits for both in and out. Note that -- it corrupts any extra bits in the last byte of out */ --void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, -- const int nbits,const AES_KEY *key, -- unsigned char *ivec,const int enc) -- { -- int n,rem,num; -- unsigned char ovec[AES_BLOCK_SIZE*2]; -- -- if (nbits<=0 || nbits>128) return; -- -- /* fill in the first half of the new IV with the current IV */ -- memcpy(ovec,ivec,AES_BLOCK_SIZE); -- /* construct the new IV */ -- AES_encrypt(ivec,ivec,key); -- num = (nbits+7)/8; -- if (enc) /* encrypt the input */ -- for(n=0 ; n < num ; ++n) -- out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]); -- else /* decrypt the input */ -- for(n=0 ; n < num ; ++n) -- out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; -- /* shift ovec left... */ -- rem = nbits%8; -- num = nbits/8; -- if(rem==0) -- memcpy(ivec,ovec+num,AES_BLOCK_SIZE); -- else -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- ivec[n] = ovec[n+num]<>(8-rem); -+/* -+ * This expects a single block of size nbits for both in and out. Note that -+ * it corrupts any extra bits in the last byte of out -+ */ -+void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out, -+ const int nbits, const AES_KEY *key, -+ unsigned char *ivec, const int enc) -+{ -+ int n, rem, num; -+ unsigned char ovec[AES_BLOCK_SIZE * 2]; -+ -+ if (nbits <= 0 || nbits > 128) -+ return; -+ -+ /* fill in the first half of the new IV with the current IV */ -+ memcpy(ovec, ivec, AES_BLOCK_SIZE); -+ /* construct the new IV */ -+ AES_encrypt(ivec, ivec, key); -+ num = (nbits + 7) / 8; -+ if (enc) /* encrypt the input */ -+ for (n = 0; n < num; ++n) -+ out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n] ^ ivec[n]); -+ else /* decrypt the input */ -+ for (n = 0; n < num; ++n) -+ out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n]) ^ ivec[n]; -+ /* shift ovec left... */ -+ rem = nbits % 8; -+ num = nbits / 8; -+ if (rem == 0) -+ memcpy(ivec, ovec + num, AES_BLOCK_SIZE); -+ else -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); - - /* it is not necessary to cleanse ovec, since the IV is not secret */ -- } -+} - - /* N.B. This expects the input to be packed, MS bit first */ - void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, int *num, const int enc) -- { -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, int *num, const int enc) -+{ - unsigned int n; -- unsigned char c[1],d[1]; -+ unsigned char c[1], d[1]; - - assert(in && out && key && ivec && num); - assert(*num == 0); - -- for(n=0 ; n < length ; ++n) -- { -- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; -- AES_cfbr_encrypt_block(c,d,1,key,ivec,enc); -- out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); -- } -+ for (n = 0; n < length; ++n) { -+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; -+ AES_cfbr_encrypt_block(c, d, 1, key, ivec, enc); -+ out[n / 8] = -+ (out[n / 8] & ~(1 << (7 - n % 8))) | ((d[0] & 0x80) >> (n % 8)); - } -+} - - void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, int *num, const int enc) -- { -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, int *num, const int enc) -+{ - unsigned int n; - - assert(in && out && key && ivec && num); - assert(*num == 0); - -- for(n=0 ; n < length ; ++n) -- AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); -- } -- -+ for (n = 0; n < length; ++n) -+ AES_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc); -+} -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c -index cffdd4d..cf73de8 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_core.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_core.c -@@ -43,7 +43,7 @@ - - #include "aes_locl.h" - --/* -+/*- - Te0[x] = S [x].[02, 01, 01, 03]; - Te1[x] = S [x].[03, 02, 01, 01]; - Te2[x] = S [x].[01, 03, 02, 01]; -@@ -620,165 +620,166 @@ static const u8 Td4[256] = { - 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, - }; - static const u32 rcon[] = { -- 0x01000000, 0x02000000, 0x04000000, 0x08000000, -- 0x10000000, 0x20000000, 0x40000000, 0x80000000, -- 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -+ 0x01000000, 0x02000000, 0x04000000, 0x08000000, -+ 0x10000000, 0x20000000, 0x40000000, 0x80000000, -+ 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ - }; - - /** - * Expand the cipher key into the encryption key schedule. - */ - int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -- AES_KEY *key) { -- -- u32 *rk; -- int i = 0; -- u32 temp; -+ AES_KEY *key) -+{ -+ u32 *rk; -+ int i = 0; -+ u32 temp; - - #ifdef OPENSSL_FIPS -- FIPS_selftest_check(); -+ FIPS_selftest_check(); - #endif - -- if (!userKey || !key) -- return -1; -- if (bits != 128 && bits != 192 && bits != 256) -- return -2; -+ if (!userKey || !key) -+ return -1; -+ if (bits != 128 && bits != 192 && bits != 256) -+ return -2; - -- rk = key->rd_key; -+ rk = key->rd_key; - -- if (bits==128) -- key->rounds = 10; -- else if (bits==192) -- key->rounds = 12; -- else -- key->rounds = 14; -+ if (bits==128) -+ key->rounds = 10; -+ else if (bits==192) -+ key->rounds = 12; -+ else -+ key->rounds = 14; - -- rk[0] = GETU32(userKey ); -- rk[1] = GETU32(userKey + 4); -- rk[2] = GETU32(userKey + 8); -- rk[3] = GETU32(userKey + 12); -- if (bits == 128) { -- while (1) { -- temp = rk[3]; -- rk[4] = rk[0] ^ -- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -- (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -- (Te1[(temp >> 24) ] & 0x000000ff) ^ -- rcon[i]; -- rk[5] = rk[1] ^ rk[4]; -- rk[6] = rk[2] ^ rk[5]; -- rk[7] = rk[3] ^ rk[6]; -- if (++i == 10) { -- return 0; -- } -- rk += 4; -- } -- } -- rk[4] = GETU32(userKey + 16); -- rk[5] = GETU32(userKey + 20); -- if (bits == 192) { -- while (1) { -- temp = rk[ 5]; -- rk[ 6] = rk[ 0] ^ -- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -- (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -- (Te1[(temp >> 24) ] & 0x000000ff) ^ -- rcon[i]; -- rk[ 7] = rk[ 1] ^ rk[ 6]; -- rk[ 8] = rk[ 2] ^ rk[ 7]; -- rk[ 9] = rk[ 3] ^ rk[ 8]; -- if (++i == 8) { -- return 0; -- } -- rk[10] = rk[ 4] ^ rk[ 9]; -- rk[11] = rk[ 5] ^ rk[10]; -- rk += 6; -- } -- } -- rk[6] = GETU32(userKey + 24); -- rk[7] = GETU32(userKey + 28); -- if (bits == 256) { -- while (1) { -- temp = rk[ 7]; -- rk[ 8] = rk[ 0] ^ -- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -- (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -- (Te1[(temp >> 24) ] & 0x000000ff) ^ -- rcon[i]; -- rk[ 9] = rk[ 1] ^ rk[ 8]; -- rk[10] = rk[ 2] ^ rk[ 9]; -- rk[11] = rk[ 3] ^ rk[10]; -- if (++i == 7) { -- return 0; -- } -- temp = rk[11]; -- rk[12] = rk[ 4] ^ -- (Te2[(temp >> 24) ] & 0xff000000) ^ -- (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ -- (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ -- (Te1[(temp ) & 0xff] & 0x000000ff); -- rk[13] = rk[ 5] ^ rk[12]; -- rk[14] = rk[ 6] ^ rk[13]; -- rk[15] = rk[ 7] ^ rk[14]; -+ rk[0] = GETU32(userKey ); -+ rk[1] = GETU32(userKey + 4); -+ rk[2] = GETU32(userKey + 8); -+ rk[3] = GETU32(userKey + 12); -+ if (bits == 128) { -+ while (1) { -+ temp = rk[3]; -+ rk[4] = rk[0] ^ -+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -+ (Te1[(temp >> 24) ] & 0x000000ff) ^ -+ rcon[i]; -+ rk[5] = rk[1] ^ rk[4]; -+ rk[6] = rk[2] ^ rk[5]; -+ rk[7] = rk[3] ^ rk[6]; -+ if (++i == 10) { -+ return 0; -+ } -+ rk += 4; -+ } -+ } -+ rk[4] = GETU32(userKey + 16); -+ rk[5] = GETU32(userKey + 20); -+ if (bits == 192) { -+ while (1) { -+ temp = rk[ 5]; -+ rk[ 6] = rk[ 0] ^ -+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -+ (Te1[(temp >> 24) ] & 0x000000ff) ^ -+ rcon[i]; -+ rk[ 7] = rk[ 1] ^ rk[ 6]; -+ rk[ 8] = rk[ 2] ^ rk[ 7]; -+ rk[ 9] = rk[ 3] ^ rk[ 8]; -+ if (++i == 8) { -+ return 0; -+ } -+ rk[10] = rk[ 4] ^ rk[ 9]; -+ rk[11] = rk[ 5] ^ rk[10]; -+ rk += 6; -+ } -+ } -+ rk[6] = GETU32(userKey + 24); -+ rk[7] = GETU32(userKey + 28); -+ if (bits == 256) { -+ while (1) { -+ temp = rk[ 7]; -+ rk[ 8] = rk[ 0] ^ -+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -+ (Te1[(temp >> 24) ] & 0x000000ff) ^ -+ rcon[i]; -+ rk[ 9] = rk[ 1] ^ rk[ 8]; -+ rk[10] = rk[ 2] ^ rk[ 9]; -+ rk[11] = rk[ 3] ^ rk[10]; -+ if (++i == 7) { -+ return 0; -+ } -+ temp = rk[11]; -+ rk[12] = rk[ 4] ^ -+ (Te2[(temp >> 24) ] & 0xff000000) ^ -+ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(temp ) & 0xff] & 0x000000ff); -+ rk[13] = rk[ 5] ^ rk[12]; -+ rk[14] = rk[ 6] ^ rk[13]; -+ rk[15] = rk[ 7] ^ rk[14]; - -- rk += 8; -- } -- } -- return 0; -+ rk += 8; -+ } -+ } -+ return 0; - } - - /** - * Expand the cipher key into the decryption key schedule. - */ - int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -- AES_KEY *key) { -+ AES_KEY *key) -+{ - -- u32 *rk; -- int i, j, status; -- u32 temp; -+ u32 *rk; -+ int i, j, status; -+ u32 temp; - -- /* first, start with an encryption schedule */ -- status = AES_set_encrypt_key(userKey, bits, key); -- if (status < 0) -- return status; -+ /* first, start with an encryption schedule */ -+ status = AES_set_encrypt_key(userKey, bits, key); -+ if (status < 0) -+ return status; - -- rk = key->rd_key; -+ rk = key->rd_key; - -- /* invert the order of the round keys: */ -- for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { -- temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; -- temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; -- temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; -- temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; -- } -- /* apply the inverse MixColumn transform to all round keys but the first and the last: */ -- for (i = 1; i < (key->rounds); i++) { -- rk += 4; -- rk[0] = -- Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ -- Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ -- Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ -- Td3[Te1[(rk[0] ) & 0xff] & 0xff]; -- rk[1] = -- Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ -- Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ -- Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ -- Td3[Te1[(rk[1] ) & 0xff] & 0xff]; -- rk[2] = -- Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ -- Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ -- Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ -- Td3[Te1[(rk[2] ) & 0xff] & 0xff]; -- rk[3] = -- Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ -- Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ -- Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ -- Td3[Te1[(rk[3] ) & 0xff] & 0xff]; -- } -- return 0; -+ /* invert the order of the round keys: */ -+ for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { -+ temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; -+ temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; -+ temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; -+ temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; -+ } -+ /* apply the inverse MixColumn transform to all round keys but the first and the last: */ -+ for (i = 1; i < (key->rounds); i++) { -+ rk += 4; -+ rk[0] = -+ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ -+ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ -+ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ -+ Td3[Te1[(rk[0] ) & 0xff] & 0xff]; -+ rk[1] = -+ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ -+ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ -+ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ -+ Td3[Te1[(rk[1] ) & 0xff] & 0xff]; -+ rk[2] = -+ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ -+ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ -+ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ -+ Td3[Te1[(rk[2] ) & 0xff] & 0xff]; -+ rk[3] = -+ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ -+ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ -+ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ -+ Td3[Te1[(rk[3] ) & 0xff] & 0xff]; -+ } -+ return 0; - } - - #ifndef AES_ASM -@@ -787,71 +788,71 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - * in and out can overlap - */ - void AES_encrypt(const unsigned char *in, unsigned char *out, -- const AES_KEY *key) { -+ const AES_KEY *key) { - -- const u32 *rk; -- u32 s0, s1, s2, s3, t0, t1, t2, t3; -+ const u32 *rk; -+ u32 s0, s1, s2, s3, t0, t1, t2, t3; - #ifndef FULL_UNROLL -- int r; -+ int r; - #endif /* ?FULL_UNROLL */ - -- assert(in && out && key); -- rk = key->rd_key; -+ assert(in && out && key); -+ rk = key->rd_key; - -- /* -- * map byte array block to cipher state -- * and add initial round key: -- */ -- s0 = GETU32(in ) ^ rk[0]; -- s1 = GETU32(in + 4) ^ rk[1]; -- s2 = GETU32(in + 8) ^ rk[2]; -- s3 = GETU32(in + 12) ^ rk[3]; -+ /* -+ * map byte array block to cipher state -+ * and add initial round key: -+ */ -+ s0 = GETU32(in ) ^ rk[0]; -+ s1 = GETU32(in + 4) ^ rk[1]; -+ s2 = GETU32(in + 8) ^ rk[2]; -+ s3 = GETU32(in + 12) ^ rk[3]; - #ifdef FULL_UNROLL -- /* round 1: */ -- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; -- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; -- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; -- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; -- /* round 2: */ -- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; -- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; -- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; -- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; -- /* round 3: */ -- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; -- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; -- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; -- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; -- /* round 4: */ -- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; -- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; -- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; -- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; -- /* round 5: */ -- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; -- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; -- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; -- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; -- /* round 6: */ -- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; -- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; -- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; -- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; -- /* round 7: */ -- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; -- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; -- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; -- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; -- /* round 8: */ -- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; -- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; -- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; -- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; -- /* round 9: */ -- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; -- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; -- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; -- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; -+ /* round 1: */ -+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; -+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; -+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; -+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; -+ /* round 2: */ -+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; -+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; -+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; -+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; -+ /* round 3: */ -+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; -+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; -+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; -+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; -+ /* round 4: */ -+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; -+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; -+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; -+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; -+ /* round 5: */ -+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; -+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; -+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; -+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; -+ /* round 6: */ -+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; -+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; -+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; -+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; -+ /* round 7: */ -+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; -+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; -+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; -+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; -+ /* round 8: */ -+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; -+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; -+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; -+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; -+ /* round 9: */ -+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; -+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; -+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; -+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; - if (key->rounds > 10) { - /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; -@@ -940,37 +941,37 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, - } - #endif /* ?FULL_UNROLL */ - /* -- * apply last round and -- * map cipher state to byte array block: -- */ -- s0 = -- (Te2[(t0 >> 24) ] & 0xff000000) ^ -- (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ -- (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ -- (Te1[(t3 ) & 0xff] & 0x000000ff) ^ -- rk[0]; -- PUTU32(out , s0); -- s1 = -- (Te2[(t1 >> 24) ] & 0xff000000) ^ -- (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ -- (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ -- (Te1[(t0 ) & 0xff] & 0x000000ff) ^ -- rk[1]; -- PUTU32(out + 4, s1); -- s2 = -- (Te2[(t2 >> 24) ] & 0xff000000) ^ -- (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ -- (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ -- (Te1[(t1 ) & 0xff] & 0x000000ff) ^ -- rk[2]; -- PUTU32(out + 8, s2); -- s3 = -- (Te2[(t3 >> 24) ] & 0xff000000) ^ -- (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ -- (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ -- (Te1[(t2 ) & 0xff] & 0x000000ff) ^ -- rk[3]; -- PUTU32(out + 12, s3); -+ * apply last round and -+ * map cipher state to byte array block: -+ */ -+ s0 = -+ (Te2[(t0 >> 24) ] & 0xff000000) ^ -+ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(t3 ) & 0xff] & 0x000000ff) ^ -+ rk[0]; -+ PUTU32(out , s0); -+ s1 = -+ (Te2[(t1 >> 24) ] & 0xff000000) ^ -+ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(t0 ) & 0xff] & 0x000000ff) ^ -+ rk[1]; -+ PUTU32(out + 4, s1); -+ s2 = -+ (Te2[(t2 >> 24) ] & 0xff000000) ^ -+ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(t1 ) & 0xff] & 0x000000ff) ^ -+ rk[2]; -+ PUTU32(out + 8, s2); -+ s3 = -+ (Te2[(t3 >> 24) ] & 0xff000000) ^ -+ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(t2 ) & 0xff] & 0x000000ff) ^ -+ rk[3]; -+ PUTU32(out + 12, s3); - } - - /* -@@ -978,21 +979,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, - * in and out can overlap - */ - void AES_decrypt(const unsigned char *in, unsigned char *out, -- const AES_KEY *key) { -+ const AES_KEY *key) -+{ - -- const u32 *rk; -- u32 s0, s1, s2, s3, t0, t1, t2, t3; -+ const u32 *rk; -+ u32 s0, s1, s2, s3, t0, t1, t2, t3; - #ifndef FULL_UNROLL -- int r; -+ int r; - #endif /* ?FULL_UNROLL */ - -- assert(in && out && key); -- rk = key->rd_key; -+ assert(in && out && key); -+ rk = key->rd_key; - -- /* -- * map byte array block to cipher state -- * and add initial round key: -- */ -+ /* -+ * map byte array block to cipher state -+ * and add initial round key: -+ */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; -@@ -1067,7 +1069,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; - } - } -- rk += key->rounds << 2; -+ rk += key->rounds << 2; - #else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: -@@ -1131,37 +1133,37 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, - } - #endif /* ?FULL_UNROLL */ - /* -- * apply last round and -- * map cipher state to byte array block: -- */ -- s0 = -- (Td4[(t0 >> 24) ] << 24) ^ -- (Td4[(t3 >> 16) & 0xff] << 16) ^ -- (Td4[(t2 >> 8) & 0xff] << 8) ^ -- (Td4[(t1 ) & 0xff]) ^ -- rk[0]; -- PUTU32(out , s0); -- s1 = -- (Td4[(t1 >> 24) ] << 24) ^ -- (Td4[(t0 >> 16) & 0xff] << 16) ^ -- (Td4[(t3 >> 8) & 0xff] << 8) ^ -- (Td4[(t2 ) & 0xff]) ^ -- rk[1]; -- PUTU32(out + 4, s1); -- s2 = -- (Td4[(t2 >> 24) ] << 24) ^ -- (Td4[(t1 >> 16) & 0xff] << 16) ^ -- (Td4[(t0 >> 8) & 0xff] << 8) ^ -- (Td4[(t3 ) & 0xff]) ^ -- rk[2]; -- PUTU32(out + 8, s2); -- s3 = -- (Td4[(t3 >> 24) ] << 24) ^ -- (Td4[(t2 >> 16) & 0xff] << 16) ^ -- (Td4[(t1 >> 8) & 0xff] << 8) ^ -- (Td4[(t0 ) & 0xff]) ^ -- rk[3]; -- PUTU32(out + 12, s3); -+ * apply last round and -+ * map cipher state to byte array block: -+ */ -+ s0 = -+ (Td4[(t0 >> 24) ] << 24) ^ -+ (Td4[(t3 >> 16) & 0xff] << 16) ^ -+ (Td4[(t2 >> 8) & 0xff] << 8) ^ -+ (Td4[(t1 ) & 0xff]) ^ -+ rk[0]; -+ PUTU32(out , s0); -+ s1 = -+ (Td4[(t1 >> 24) ] << 24) ^ -+ (Td4[(t0 >> 16) & 0xff] << 16) ^ -+ (Td4[(t3 >> 8) & 0xff] << 8) ^ -+ (Td4[(t2 ) & 0xff]) ^ -+ rk[1]; -+ PUTU32(out + 4, s1); -+ s2 = -+ (Td4[(t2 >> 24) ] << 24) ^ -+ (Td4[(t1 >> 16) & 0xff] << 16) ^ -+ (Td4[(t0 >> 8) & 0xff] << 8) ^ -+ (Td4[(t3 ) & 0xff]) ^ -+ rk[2]; -+ PUTU32(out + 8, s2); -+ s3 = -+ (Td4[(t3 >> 24) ] << 24) ^ -+ (Td4[(t2 >> 16) & 0xff] << 16) ^ -+ (Td4[(t1 >> 8) & 0xff] << 8) ^ -+ (Td4[(t0 ) & 0xff]) ^ -+ rk[3]; -+ PUTU32(out + 12, s3); - } - - #endif /* AES_ASM */ -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c -index f36982b..fa82b2c 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -59,81 +59,87 @@ - #include - #include "aes_locl.h" - --/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code -- * is endian-neutral. */ -+/* -+ * NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code is -+ * endian-neutral. -+ */ - - /* increment counter (128-bit int) by 1 */ --static void AES_ctr128_inc(unsigned char *counter) { -- unsigned long c; -- -- /* Grab bottom dword of counter and increment */ -- c = GETU32(counter + 12); -- c++; c &= 0xFFFFFFFF; -- PUTU32(counter + 12, c); -- -- /* if no overflow, we're done */ -- if (c) -- return; -- -- /* Grab 1st dword of counter and increment */ -- c = GETU32(counter + 8); -- c++; c &= 0xFFFFFFFF; -- PUTU32(counter + 8, c); -- -- /* if no overflow, we're done */ -- if (c) -- return; -- -- /* Grab 2nd dword of counter and increment */ -- c = GETU32(counter + 4); -- c++; c &= 0xFFFFFFFF; -- PUTU32(counter + 4, c); -- -- /* if no overflow, we're done */ -- if (c) -- return; -- -- /* Grab top dword of counter and increment */ -- c = GETU32(counter + 0); -- c++; c &= 0xFFFFFFFF; -- PUTU32(counter + 0, c); -+static void AES_ctr128_inc(unsigned char *counter) -+{ -+ unsigned long c; -+ -+ /* Grab bottom dword of counter and increment */ -+ c = GETU32(counter + 12); -+ c++; -+ c &= 0xFFFFFFFF; -+ PUTU32(counter + 12, c); -+ -+ /* if no overflow, we're done */ -+ if (c) -+ return; -+ -+ /* Grab 1st dword of counter and increment */ -+ c = GETU32(counter + 8); -+ c++; -+ c &= 0xFFFFFFFF; -+ PUTU32(counter + 8, c); -+ -+ /* if no overflow, we're done */ -+ if (c) -+ return; -+ -+ /* Grab 2nd dword of counter and increment */ -+ c = GETU32(counter + 4); -+ c++; -+ c &= 0xFFFFFFFF; -+ PUTU32(counter + 4, c); -+ -+ /* if no overflow, we're done */ -+ if (c) -+ return; -+ -+ /* Grab top dword of counter and increment */ -+ c = GETU32(counter + 0); -+ c++; -+ c &= 0xFFFFFFFF; -+ PUTU32(counter + 0, c); - } - --/* The input encrypted as though 128bit counter mode is being -- * used. The extra state information to record how much of the -- * 128bit block we have used is contained in *num, and the -- * encrypted counter is kept in ecount_buf. Both *num and -- * ecount_buf must be initialised with zeros before the first -- * call to AES_ctr128_encrypt(). -- * -- * This algorithm assumes that the counter is in the x lower bits -- * of the IV (ivec), and that the application has full control over -- * overflow and the rest of the IV. This implementation takes NO -- * responsability for checking that the counter doesn't overflow -- * into the rest of the IV when incremented. -+/* -+ * The input encrypted as though 128bit counter mode is being used. The -+ * extra state information to record how much of the 128bit block we have -+ * used is contained in *num, and the encrypted counter is kept in -+ * ecount_buf. Both *num and ecount_buf must be initialised with zeros -+ * before the first call to AES_ctr128_encrypt(). This algorithm assumes -+ * that the counter is in the x lower bits of the IV (ivec), and that the -+ * application has full control over overflow and the rest of the IV. This -+ * implementation takes NO responsability for checking that the counter -+ * doesn't overflow into the rest of the IV when incremented. - */ - void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char ivec[AES_BLOCK_SIZE], -- unsigned char ecount_buf[AES_BLOCK_SIZE], -- unsigned int *num) { -- -- unsigned int n; -- unsigned long l=length; -- -- assert(in && out && key && counter && num); -- assert(*num < AES_BLOCK_SIZE); -- -- n = *num; -- -- while (l--) { -- if (n == 0) { -- AES_encrypt(ivec, ecount_buf, key); -- AES_ctr128_inc(ivec); -- } -- *(out++) = *(in++) ^ ecount_buf[n]; -- n = (n+1) % AES_BLOCK_SIZE; -- } -- -- *num=n; -+ const unsigned long length, const AES_KEY *key, -+ unsigned char ivec[AES_BLOCK_SIZE], -+ unsigned char ecount_buf[AES_BLOCK_SIZE], -+ unsigned int *num) -+{ -+ -+ unsigned int n; -+ unsigned long l = length; -+ -+ assert(in && out && key && counter && num); -+ assert(*num < AES_BLOCK_SIZE); -+ -+ n = *num; -+ -+ while (l--) { -+ if (n == 0) { -+ AES_encrypt(ivec, ecount_buf, key); -+ AES_ctr128_inc(ivec); -+ } -+ *(out++) = *(in++) ^ ecount_buf[n]; -+ n = (n + 1) % AES_BLOCK_SIZE; -+ } -+ -+ *num = n; - } -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c -index 28aa561..2e0d20c 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,14 +60,14 @@ - #include "aes_locl.h" - - void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, -- const AES_KEY *key, const int enc) { -+ const AES_KEY *key, const int enc) -+{ - -- assert(in && out && key); -- assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); -+ assert(in && out && key); -+ assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); - -- if (AES_ENCRYPT == enc) -- AES_encrypt(in, out, key); -- else -- AES_decrypt(in, out, key); -+ if (AES_ENCRYPT == enc) -+ AES_encrypt(in, out, key); -+ else -+ AES_decrypt(in, out, key); - } -- -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c -index 45d7096..0fa28c3 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,152 +56,147 @@ - - #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) - typedef struct { -- unsigned long data[N_WORDS]; -+ unsigned long data[N_WORDS]; - } aes_block_t; - - /* XXX: probably some better way to do this */ - #if defined(__i386__) || defined(__x86_64__) --#define UNALIGNED_MEMOPS_ARE_FAST 1 -+# define UNALIGNED_MEMOPS_ARE_FAST 1 - #else --#define UNALIGNED_MEMOPS_ARE_FAST 0 -+# define UNALIGNED_MEMOPS_ARE_FAST 0 - #endif - - #if UNALIGNED_MEMOPS_ARE_FAST --#define load_block(d, s) (d) = *(const aes_block_t *)(s) --#define store_block(d, s) *(aes_block_t *)(d) = (s) -+# define load_block(d, s) (d) = *(const aes_block_t *)(s) -+# define store_block(d, s) *(aes_block_t *)(d) = (s) - #else --#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) --#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) -+# define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) -+# define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) - #endif - - /* N.B. The IV for this mode is _twice_ the block size */ - - void AES_ige_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, const int enc) -- { -- unsigned long n; -- unsigned long len; -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, const int enc) -+{ -+ unsigned long n; -+ unsigned long len; - -- OPENSSL_assert(in && out && key && ivec); -- OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); -- OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); -+ OPENSSL_assert(in && out && key && ivec); -+ OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); -+ OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); - -- len = length / AES_BLOCK_SIZE; -+ len = length / AES_BLOCK_SIZE; - -- if (AES_ENCRYPT == enc) -- { -- if (in != out && -- (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) -- { -- aes_block_t *ivp = (aes_block_t *)ivec; -- aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); -+ if (AES_ENCRYPT == enc) { -+ if (in != out && -+ (UNALIGNED_MEMOPS_ARE_FAST -+ || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == -+ 0)) { -+ aes_block_t *ivp = (aes_block_t *) ivec; -+ aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); - -- while (len) -- { -- aes_block_t *inp = (aes_block_t *)in; -- aes_block_t *outp = (aes_block_t *)out; -+ while (len) { -+ aes_block_t *inp = (aes_block_t *) in; -+ aes_block_t *outp = (aes_block_t *) out; - -- for(n=0 ; n < N_WORDS; ++n) -- outp->data[n] = inp->data[n] ^ ivp->data[n]; -- AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key); -- for(n=0 ; n < N_WORDS; ++n) -- outp->data[n] ^= iv2p->data[n]; -- ivp = outp; -- iv2p = inp; -- --len; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -- memcpy(ivec, ivp->data, AES_BLOCK_SIZE); -- memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); -- } -- else -- { -- aes_block_t tmp, tmp2; -- aes_block_t iv; -- aes_block_t iv2; -+ for (n = 0; n < N_WORDS; ++n) -+ outp->data[n] = inp->data[n] ^ ivp->data[n]; -+ AES_encrypt((unsigned char *)outp->data, -+ (unsigned char *)outp->data, key); -+ for (n = 0; n < N_WORDS; ++n) -+ outp->data[n] ^= iv2p->data[n]; -+ ivp = outp; -+ iv2p = inp; -+ --len; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } -+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE); -+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); -+ } else { -+ aes_block_t tmp, tmp2; -+ aes_block_t iv; -+ aes_block_t iv2; - -- load_block(iv, ivec); -- load_block(iv2, ivec + AES_BLOCK_SIZE); -+ load_block(iv, ivec); -+ load_block(iv2, ivec + AES_BLOCK_SIZE); - -- while (len) -- { -- load_block(tmp, in); -- for(n=0 ; n < N_WORDS; ++n) -- tmp2.data[n] = tmp.data[n] ^ iv.data[n]; -- AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key); -- for(n=0 ; n < N_WORDS; ++n) -- tmp2.data[n] ^= iv2.data[n]; -- store_block(out, tmp2); -- iv = tmp2; -- iv2 = tmp; -- --len; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -- memcpy(ivec, iv.data, AES_BLOCK_SIZE); -- memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); -- } -- } -- else -- { -- if (in != out && -- (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) -- { -- aes_block_t *ivp = (aes_block_t *)ivec; -- aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); -+ while (len) { -+ load_block(tmp, in); -+ for (n = 0; n < N_WORDS; ++n) -+ tmp2.data[n] = tmp.data[n] ^ iv.data[n]; -+ AES_encrypt((unsigned char *)tmp2.data, -+ (unsigned char *)tmp2.data, key); -+ for (n = 0; n < N_WORDS; ++n) -+ tmp2.data[n] ^= iv2.data[n]; -+ store_block(out, tmp2); -+ iv = tmp2; -+ iv2 = tmp; -+ --len; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } -+ memcpy(ivec, iv.data, AES_BLOCK_SIZE); -+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); -+ } -+ } else { -+ if (in != out && -+ (UNALIGNED_MEMOPS_ARE_FAST -+ || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == -+ 0)) { -+ aes_block_t *ivp = (aes_block_t *) ivec; -+ aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); - -- while (len) -- { -- aes_block_t tmp; -- aes_block_t *inp = (aes_block_t *)in; -- aes_block_t *outp = (aes_block_t *)out; -+ while (len) { -+ aes_block_t tmp; -+ aes_block_t *inp = (aes_block_t *) in; -+ aes_block_t *outp = (aes_block_t *) out; - -- for(n=0 ; n < N_WORDS; ++n) -- tmp.data[n] = inp->data[n] ^ iv2p->data[n]; -- AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key); -- for(n=0 ; n < N_WORDS; ++n) -- outp->data[n] ^= ivp->data[n]; -- ivp = inp; -- iv2p = outp; -- --len; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -- memcpy(ivec, ivp->data, AES_BLOCK_SIZE); -- memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); -- } -- else -- { -- aes_block_t tmp, tmp2; -- aes_block_t iv; -- aes_block_t iv2; -+ for (n = 0; n < N_WORDS; ++n) -+ tmp.data[n] = inp->data[n] ^ iv2p->data[n]; -+ AES_decrypt((unsigned char *)tmp.data, -+ (unsigned char *)outp->data, key); -+ for (n = 0; n < N_WORDS; ++n) -+ outp->data[n] ^= ivp->data[n]; -+ ivp = inp; -+ iv2p = outp; -+ --len; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } -+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE); -+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); -+ } else { -+ aes_block_t tmp, tmp2; -+ aes_block_t iv; -+ aes_block_t iv2; - -- load_block(iv, ivec); -- load_block(iv2, ivec + AES_BLOCK_SIZE); -+ load_block(iv, ivec); -+ load_block(iv2, ivec + AES_BLOCK_SIZE); - -- while (len) -- { -- load_block(tmp, in); -- tmp2 = tmp; -- for(n=0 ; n < N_WORDS; ++n) -- tmp.data[n] ^= iv2.data[n]; -- AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key); -- for(n=0 ; n < N_WORDS; ++n) -- tmp.data[n] ^= iv.data[n]; -- store_block(out, tmp); -- iv = tmp2; -- iv2 = tmp; -- --len; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -- memcpy(ivec, iv.data, AES_BLOCK_SIZE); -- memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); -- } -- } -- } -+ while (len) { -+ load_block(tmp, in); -+ tmp2 = tmp; -+ for (n = 0; n < N_WORDS; ++n) -+ tmp.data[n] ^= iv2.data[n]; -+ AES_decrypt((unsigned char *)tmp.data, -+ (unsigned char *)tmp.data, key); -+ for (n = 0; n < N_WORDS; ++n) -+ tmp.data[n] ^= iv.data[n]; -+ store_block(out, tmp); -+ iv = tmp2; -+ iv2 = tmp; -+ --len; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } -+ memcpy(ivec, iv.data, AES_BLOCK_SIZE); -+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); -+ } -+ } -+} - - /* - * Note that its effectively impossible to do biIGE in anything other -@@ -211,113 +206,118 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - /* N.B. The IV for this mode is _four times_ the block size */ - - void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- const AES_KEY *key2, const unsigned char *ivec, -- const int enc) -- { -- unsigned long n; -- unsigned long len = length; -- unsigned char tmp[AES_BLOCK_SIZE]; -- unsigned char tmp2[AES_BLOCK_SIZE]; -- unsigned char tmp3[AES_BLOCK_SIZE]; -- unsigned char prev[AES_BLOCK_SIZE]; -- const unsigned char *iv; -- const unsigned char *iv2; -+ const unsigned long length, const AES_KEY *key, -+ const AES_KEY *key2, const unsigned char *ivec, -+ const int enc) -+{ -+ unsigned long n; -+ unsigned long len = length; -+ unsigned char tmp[AES_BLOCK_SIZE]; -+ unsigned char tmp2[AES_BLOCK_SIZE]; -+ unsigned char tmp3[AES_BLOCK_SIZE]; -+ unsigned char prev[AES_BLOCK_SIZE]; -+ const unsigned char *iv; -+ const unsigned char *iv2; - -- OPENSSL_assert(in && out && key && ivec); -- OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); -- OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); -+ OPENSSL_assert(in && out && key && ivec); -+ OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); -+ OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); - -- if (AES_ENCRYPT == enc) -- { -- /* XXX: Do a separate case for when in != out (strictly should -- check for overlap, too) */ -+ if (AES_ENCRYPT == enc) { -+ /* -+ * XXX: Do a separate case for when in != out (strictly should check -+ * for overlap, too) -+ */ - -- /* First the forward pass */ -- iv = ivec; -- iv2 = ivec + AES_BLOCK_SIZE; -- while (len >= AES_BLOCK_SIZE) -- { -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- out[n] = in[n] ^ iv[n]; -- AES_encrypt(out, out, key); -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- out[n] ^= iv2[n]; -- iv = out; -- memcpy(prev, in, AES_BLOCK_SIZE); -- iv2 = prev; -- len -= AES_BLOCK_SIZE; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -+ /* First the forward pass */ -+ iv = ivec; -+ iv2 = ivec + AES_BLOCK_SIZE; -+ while (len >= AES_BLOCK_SIZE) { -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] = in[n] ^ iv[n]; -+ AES_encrypt(out, out, key); -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] ^= iv2[n]; -+ iv = out; -+ memcpy(prev, in, AES_BLOCK_SIZE); -+ iv2 = prev; -+ len -= AES_BLOCK_SIZE; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } - -- /* And now backwards */ -- iv = ivec + AES_BLOCK_SIZE*2; -- iv2 = ivec + AES_BLOCK_SIZE*3; -- len = length; -- while(len >= AES_BLOCK_SIZE) -- { -- out -= AES_BLOCK_SIZE; -- /* XXX: reduce copies by alternating between buffers */ -- memcpy(tmp, out, AES_BLOCK_SIZE); -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- out[n] ^= iv[n]; -- /* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */ -- AES_encrypt(out, out, key); -- /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ -- /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- out[n] ^= iv2[n]; -- /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ -- iv = out; -- memcpy(prev, tmp, AES_BLOCK_SIZE); -- iv2 = prev; -- len -= AES_BLOCK_SIZE; -- } -- } -- else -- { -- /* First backwards */ -- iv = ivec + AES_BLOCK_SIZE*2; -- iv2 = ivec + AES_BLOCK_SIZE*3; -- in += length; -- out += length; -- while (len >= AES_BLOCK_SIZE) -- { -- in -= AES_BLOCK_SIZE; -- out -= AES_BLOCK_SIZE; -- memcpy(tmp, in, AES_BLOCK_SIZE); -- memcpy(tmp2, in, AES_BLOCK_SIZE); -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- tmp[n] ^= iv2[n]; -- AES_decrypt(tmp, out, key); -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- out[n] ^= iv[n]; -- memcpy(tmp3, tmp2, AES_BLOCK_SIZE); -- iv = tmp3; -- iv2 = out; -- len -= AES_BLOCK_SIZE; -- } -+ /* And now backwards */ -+ iv = ivec + AES_BLOCK_SIZE * 2; -+ iv2 = ivec + AES_BLOCK_SIZE * 3; -+ len = length; -+ while (len >= AES_BLOCK_SIZE) { -+ out -= AES_BLOCK_SIZE; -+ /* -+ * XXX: reduce copies by alternating between buffers -+ */ -+ memcpy(tmp, out, AES_BLOCK_SIZE); -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] ^= iv[n]; -+ /* -+ * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); -+ */ -+ AES_encrypt(out, out, key); -+ /* -+ * hexdump(stdout,"enc", out, AES_BLOCK_SIZE); -+ */ -+ /* -+ * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); -+ */ -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] ^= iv2[n]; -+ /* -+ * hexdump(stdout,"out", out, AES_BLOCK_SIZE); -+ */ -+ iv = out; -+ memcpy(prev, tmp, AES_BLOCK_SIZE); -+ iv2 = prev; -+ len -= AES_BLOCK_SIZE; -+ } -+ } else { -+ /* First backwards */ -+ iv = ivec + AES_BLOCK_SIZE * 2; -+ iv2 = ivec + AES_BLOCK_SIZE * 3; -+ in += length; -+ out += length; -+ while (len >= AES_BLOCK_SIZE) { -+ in -= AES_BLOCK_SIZE; -+ out -= AES_BLOCK_SIZE; -+ memcpy(tmp, in, AES_BLOCK_SIZE); -+ memcpy(tmp2, in, AES_BLOCK_SIZE); -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ tmp[n] ^= iv2[n]; -+ AES_decrypt(tmp, out, key); -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] ^= iv[n]; -+ memcpy(tmp3, tmp2, AES_BLOCK_SIZE); -+ iv = tmp3; -+ iv2 = out; -+ len -= AES_BLOCK_SIZE; -+ } - -- /* And now forwards */ -- iv = ivec; -- iv2 = ivec + AES_BLOCK_SIZE; -- len = length; -- while (len >= AES_BLOCK_SIZE) -- { -- memcpy(tmp, out, AES_BLOCK_SIZE); -- memcpy(tmp2, out, AES_BLOCK_SIZE); -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- tmp[n] ^= iv2[n]; -- AES_decrypt(tmp, out, key); -- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) -- out[n] ^= iv[n]; -- memcpy(tmp3, tmp2, AES_BLOCK_SIZE); -- iv = tmp3; -- iv2 = out; -- len -= AES_BLOCK_SIZE; -- in += AES_BLOCK_SIZE; -- out += AES_BLOCK_SIZE; -- } -- } -- } -+ /* And now forwards */ -+ iv = ivec; -+ iv2 = ivec + AES_BLOCK_SIZE; -+ len = length; -+ while (len >= AES_BLOCK_SIZE) { -+ memcpy(tmp, out, AES_BLOCK_SIZE); -+ memcpy(tmp2, out, AES_BLOCK_SIZE); -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ tmp[n] ^= iv2[n]; -+ AES_decrypt(tmp, out, key); -+ for (n = 0; n < AES_BLOCK_SIZE; ++n) -+ out[n] ^= iv[n]; -+ memcpy(tmp3, tmp2, AES_BLOCK_SIZE); -+ iv = tmp3; -+ iv2 = out; -+ len -= AES_BLOCK_SIZE; -+ in += AES_BLOCK_SIZE; -+ out += AES_BLOCK_SIZE; -+ } -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c -index 4fead1b..68a48ba 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,12 +53,13 @@ - #include - #include "aes_locl.h" - --const char AES_version[]="AES" OPENSSL_VERSION_PTEXT; -+const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT; - --const char *AES_options(void) { -+const char *AES_options(void) -+{ - #ifdef FULL_UNROLL -- return "aes(full)"; --#else -- return "aes(partial)"; -+ return "aes(full)"; -+#else -+ return "aes(partial)"; - #endif - } -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c -index f358bb3..07b2610 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,21 +54,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -83,10 +83,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -98,7 +98,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -115,28 +115,30 @@ - #include - #include "aes_locl.h" - --/* The input and output encrypted as though 128bit ofb mode is being -- * used. The extra state information to record how much of the -- * 128bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 128bit ofb mode is being used. -+ * The extra state information to record how much of the 128bit block we have -+ * used is contained in *num; - */ - void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, -- const unsigned long length, const AES_KEY *key, -- unsigned char *ivec, int *num) { -+ const unsigned long length, const AES_KEY *key, -+ unsigned char *ivec, int *num) -+{ - -- unsigned int n; -- unsigned long l=length; -+ unsigned int n; -+ unsigned long l = length; - -- assert(in && out && key && ivec && num); -+ assert(in && out && key && ivec && num); - -- n = *num; -+ n = *num; - -- while (l--) { -- if (n == 0) { -- AES_encrypt(ivec, ivec, key); -- } -- *(out++) = *(in++) ^ ivec[n]; -- n = (n+1) % AES_BLOCK_SIZE; -- } -+ while (l--) { -+ if (n == 0) { -+ AES_encrypt(ivec, ivec, key); -+ } -+ *(out++) = *(in++) ^ ivec[n]; -+ n = (n + 1) % AES_BLOCK_SIZE; -+ } - -- *num=n; -+ *num = n; - } -diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c -index e2d73d3..b1ab8e2 100644 ---- a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c -+++ b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c -@@ -1,5 +1,6 @@ - /* crypto/aes/aes_wrap.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,204 +57,194 @@ - #include - - static const unsigned char default_iv[] = { -- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, -+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, - }; - - int AES_wrap_key(AES_KEY *key, const unsigned char *iv, -- unsigned char *out, -- const unsigned char *in, unsigned int inlen) -- { -- unsigned char *A, B[16], *R; -- unsigned int i, j, t; -- if ((inlen & 0x7) || (inlen < 8)) -- return -1; -- A = B; -- t = 1; -- memcpy(out + 8, in, inlen); -- if (!iv) -- iv = default_iv; -- -- memcpy(A, iv, 8); -- -- for (j = 0; j < 6; j++) -- { -- R = out + 8; -- for (i = 0; i < inlen; i += 8, t++, R += 8) -- { -- memcpy(B + 8, R, 8); -- AES_encrypt(B, B, key); -- A[7] ^= (unsigned char)(t & 0xff); -- if (t > 0xff) -- { -- A[6] ^= (unsigned char)((t >> 8) & 0xff); -- A[5] ^= (unsigned char)((t >> 16) & 0xff); -- A[4] ^= (unsigned char)((t >> 24) & 0xff); -- } -- memcpy(R, B + 8, 8); -- } -- } -- memcpy(out, A, 8); -- return inlen + 8; -- } -+ unsigned char *out, -+ const unsigned char *in, unsigned int inlen) -+{ -+ unsigned char *A, B[16], *R; -+ unsigned int i, j, t; -+ if ((inlen & 0x7) || (inlen < 8)) -+ return -1; -+ A = B; -+ t = 1; -+ memcpy(out + 8, in, inlen); -+ if (!iv) -+ iv = default_iv; -+ -+ memcpy(A, iv, 8); -+ -+ for (j = 0; j < 6; j++) { -+ R = out + 8; -+ for (i = 0; i < inlen; i += 8, t++, R += 8) { -+ memcpy(B + 8, R, 8); -+ AES_encrypt(B, B, key); -+ A[7] ^= (unsigned char)(t & 0xff); -+ if (t > 0xff) { -+ A[6] ^= (unsigned char)((t >> 8) & 0xff); -+ A[5] ^= (unsigned char)((t >> 16) & 0xff); -+ A[4] ^= (unsigned char)((t >> 24) & 0xff); -+ } -+ memcpy(R, B + 8, 8); -+ } -+ } -+ memcpy(out, A, 8); -+ return inlen + 8; -+} - - int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, -- unsigned char *out, -- const unsigned char *in, unsigned int inlen) -- { -- unsigned char *A, B[16], *R; -- unsigned int i, j, t; -- inlen -= 8; -- if (inlen & 0x7) -- return -1; -- if (inlen < 8) -- return -1; -- A = B; -- t = 6 * (inlen >> 3); -- memcpy(A, in, 8); -- memcpy(out, in + 8, inlen); -- for (j = 0; j < 6; j++) -- { -- R = out + inlen - 8; -- for (i = 0; i < inlen; i += 8, t--, R -= 8) -- { -- A[7] ^= (unsigned char)(t & 0xff); -- if (t > 0xff) -- { -- A[6] ^= (unsigned char)((t >> 8) & 0xff); -- A[5] ^= (unsigned char)((t >> 16) & 0xff); -- A[4] ^= (unsigned char)((t >> 24) & 0xff); -- } -- memcpy(B + 8, R, 8); -- AES_decrypt(B, B, key); -- memcpy(R, B + 8, 8); -- } -- } -- if (!iv) -- iv = default_iv; -- if (memcmp(A, iv, 8)) -- { -- OPENSSL_cleanse(out, inlen); -- return 0; -- } -- return inlen; -- } -+ unsigned char *out, -+ const unsigned char *in, unsigned int inlen) -+{ -+ unsigned char *A, B[16], *R; -+ unsigned int i, j, t; -+ inlen -= 8; -+ if (inlen & 0x7) -+ return -1; -+ if (inlen < 8) -+ return -1; -+ A = B; -+ t = 6 * (inlen >> 3); -+ memcpy(A, in, 8); -+ memcpy(out, in + 8, inlen); -+ for (j = 0; j < 6; j++) { -+ R = out + inlen - 8; -+ for (i = 0; i < inlen; i += 8, t--, R -= 8) { -+ A[7] ^= (unsigned char)(t & 0xff); -+ if (t > 0xff) { -+ A[6] ^= (unsigned char)((t >> 8) & 0xff); -+ A[5] ^= (unsigned char)((t >> 16) & 0xff); -+ A[4] ^= (unsigned char)((t >> 24) & 0xff); -+ } -+ memcpy(B + 8, R, 8); -+ AES_decrypt(B, B, key); -+ memcpy(R, B + 8, 8); -+ } -+ } -+ if (!iv) -+ iv = default_iv; -+ if (memcmp(A, iv, 8)) { -+ OPENSSL_cleanse(out, inlen); -+ return 0; -+ } -+ return inlen; -+} - - #ifdef AES_WRAP_TEST - - int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, -- const unsigned char *iv, -- const unsigned char *eout, -- const unsigned char *key, int keylen) -- { -- unsigned char *otmp = NULL, *ptmp = NULL; -- int r, ret = 0; -- AES_KEY wctx; -- otmp = OPENSSL_malloc(keylen + 8); -- ptmp = OPENSSL_malloc(keylen); -- if (!otmp || !ptmp) -- return 0; -- if (AES_set_encrypt_key(kek, keybits, &wctx)) -- goto err; -- r = AES_wrap_key(&wctx, iv, otmp, key, keylen); -- if (r <= 0) -- goto err; -- -- if (eout && memcmp(eout, otmp, keylen)) -- goto err; -- -- if (AES_set_decrypt_key(kek, keybits, &wctx)) -- goto err; -- r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); -- -- if (memcmp(key, ptmp, keylen)) -- goto err; -- -- ret = 1; -- -- err: -- if (otmp) -- OPENSSL_free(otmp); -- if (ptmp) -- OPENSSL_free(ptmp); -- -- return ret; -- -- } -- -+ const unsigned char *iv, -+ const unsigned char *eout, -+ const unsigned char *key, int keylen) -+{ -+ unsigned char *otmp = NULL, *ptmp = NULL; -+ int r, ret = 0; -+ AES_KEY wctx; -+ otmp = OPENSSL_malloc(keylen + 8); -+ ptmp = OPENSSL_malloc(keylen); -+ if (!otmp || !ptmp) -+ return 0; -+ if (AES_set_encrypt_key(kek, keybits, &wctx)) -+ goto err; -+ r = AES_wrap_key(&wctx, iv, otmp, key, keylen); -+ if (r <= 0) -+ goto err; -+ -+ if (eout && memcmp(eout, otmp, keylen)) -+ goto err; -+ -+ if (AES_set_decrypt_key(kek, keybits, &wctx)) -+ goto err; -+ r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); -+ -+ if (memcmp(key, ptmp, keylen)) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ if (otmp) -+ OPENSSL_free(otmp); -+ if (ptmp) -+ OPENSSL_free(ptmp); -+ -+ return ret; - -+} - - int main(int argc, char **argv) - { - --static const unsigned char kek[] = { -- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, -- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, -- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f --}; -- --static const unsigned char key[] = { -- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, -- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, -- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f --}; -- --static const unsigned char e1[] = { -- 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, -- 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, -- 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 --}; -- --static const unsigned char e2[] = { -- 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, -- 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, -- 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d --}; -- --static const unsigned char e3[] = { -- 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, -- 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, -- 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 --}; -- --static const unsigned char e4[] = { -- 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, -- 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, -- 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, -- 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 --}; -- --static const unsigned char e5[] = { -- 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, -- 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, -- 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, -- 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 --}; -- --static const unsigned char e6[] = { -- 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, -- 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, -- 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, -- 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, -- 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 --}; -- -- AES_KEY wctx, xctx; -- int ret; -- ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); -- fprintf(stderr, "Key test result %d\n", ret); -- ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); -- fprintf(stderr, "Key test result %d\n", ret); -- ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); -- fprintf(stderr, "Key test result %d\n", ret); -- ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); -- fprintf(stderr, "Key test result %d\n", ret); -- ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); -- fprintf(stderr, "Key test result %d\n", ret); -- ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); -- fprintf(stderr, "Key test result %d\n", ret); -+ static const unsigned char kek[] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, -+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, -+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f -+ }; -+ -+ static const unsigned char key[] = { -+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, -+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -+ }; -+ -+ static const unsigned char e1[] = { -+ 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, -+ 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, -+ 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 -+ }; -+ -+ static const unsigned char e2[] = { -+ 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, -+ 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, -+ 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d -+ }; -+ -+ static const unsigned char e3[] = { -+ 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, -+ 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, -+ 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 -+ }; -+ -+ static const unsigned char e4[] = { -+ 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, -+ 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, -+ 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, -+ 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 -+ }; -+ -+ static const unsigned char e5[] = { -+ 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, -+ 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, -+ 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, -+ 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 -+ }; -+ -+ static const unsigned char e6[] = { -+ 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, -+ 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, -+ 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, -+ 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, -+ 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 -+ }; -+ -+ AES_KEY wctx, xctx; -+ int ret; -+ ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); -+ fprintf(stderr, "Key test result %d\n", ret); -+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); -+ fprintf(stderr, "Key test result %d\n", ret); -+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); -+ fprintf(stderr, "Key test result %d\n", ret); -+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); -+ fprintf(stderr, "Key test result %d\n", ret); -+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); -+ fprintf(stderr, "Key test result %d\n", ret); -+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); -+ fprintf(stderr, "Key test result %d\n", ret); - } -- -- -+ - #endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c -index 0fb9ce0..ef1caa4 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,165 +61,176 @@ - #include - - int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) --{ return M_ASN1_BIT_STRING_set(x, d, len); } -+{ -+ return M_ASN1_BIT_STRING_set(x, d, len); -+} - - int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) -- { -- int ret,j,bits,len; -- unsigned char *p,*d; -- -- if (a == NULL) return(0); -- -- len=a->length; -- -- if (len > 0) -- { -- if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) -- { -- bits=(int)a->flags&0x07; -- } -- else -- { -- for ( ; len > 0; len--) -- { -- if (a->data[len-1]) break; -- } -- j=a->data[len-1]; -- if (j & 0x01) bits=0; -- else if (j & 0x02) bits=1; -- else if (j & 0x04) bits=2; -- else if (j & 0x08) bits=3; -- else if (j & 0x10) bits=4; -- else if (j & 0x20) bits=5; -- else if (j & 0x40) bits=6; -- else if (j & 0x80) bits=7; -- else bits=0; /* should not happen */ -- } -- } -- else -- bits=0; -- -- ret=1+len; -- if (pp == NULL) return(ret); -- -- p= *pp; -- -- *(p++)=(unsigned char)bits; -- d=a->data; -- memcpy(p,d,len); -- p+=len; -- if (len > 0) p[-1]&=(0xff<length; -+ -+ if (len > 0) { -+ if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) { -+ bits = (int)a->flags & 0x07; -+ } else { -+ for (; len > 0; len--) { -+ if (a->data[len - 1]) -+ break; -+ } -+ j = a->data[len - 1]; -+ if (j & 0x01) -+ bits = 0; -+ else if (j & 0x02) -+ bits = 1; -+ else if (j & 0x04) -+ bits = 2; -+ else if (j & 0x08) -+ bits = 3; -+ else if (j & 0x10) -+ bits = 4; -+ else if (j & 0x20) -+ bits = 5; -+ else if (j & 0x40) -+ bits = 6; -+ else if (j & 0x80) -+ bits = 7; -+ else -+ bits = 0; /* should not happen */ -+ } -+ } else -+ bits = 0; -+ -+ ret = 1 + len; -+ if (pp == NULL) -+ return (ret); -+ -+ p = *pp; -+ -+ *(p++) = (unsigned char)bits; -+ d = a->data; -+ memcpy(p, d, len); -+ p += len; -+ if (len > 0) -+ p[-1] &= (0xff << bits); -+ *pp = p; -+ return (ret); -+} - - ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, -- const unsigned char **pp, long len) -- { -- ASN1_BIT_STRING *ret=NULL; -- const unsigned char *p; -- unsigned char *s; -- int i; -- -- if (len < 1) -- { -- i=ASN1_R_STRING_TOO_SHORT; -- goto err; -- } -- -- if ((a == NULL) || ((*a) == NULL)) -- { -- if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); -- } -- else -- ret=(*a); -- -- p= *pp; -- i= *(p++); -- /* We do this to preserve the settings. If we modify -- * the settings, via the _set_bit function, we will recalculate -- * on output */ -- ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ -- ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ -- -- if (len-- > 1) /* using one because of the bits left byte */ -- { -- s=(unsigned char *)OPENSSL_malloc((int)len); -- if (s == NULL) -- { -- i=ERR_R_MALLOC_FAILURE; -- goto err; -- } -- memcpy(s,p,(int)len); -- s[len-1]&=(0xff<length=(int)len; -- if (ret->data != NULL) OPENSSL_free(ret->data); -- ret->data=s; -- ret->type=V_ASN1_BIT_STRING; -- if (a != NULL) (*a)=ret; -- *pp=p; -- return(ret); --err: -- ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i); -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- M_ASN1_BIT_STRING_free(ret); -- return(NULL); -- } -- --/* These next 2 functions from Goetz Babin-Ebell -+ const unsigned char **pp, long len) -+{ -+ ASN1_BIT_STRING *ret = NULL; -+ const unsigned char *p; -+ unsigned char *s; -+ int i; -+ -+ if (len < 1) { -+ i = ASN1_R_STRING_TOO_SHORT; -+ goto err; -+ } -+ -+ if ((a == NULL) || ((*a) == NULL)) { -+ if ((ret = M_ASN1_BIT_STRING_new()) == NULL) -+ return (NULL); -+ } else -+ ret = (*a); -+ -+ p = *pp; -+ i = *(p++); -+ if (i > 7) { -+ i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT; -+ goto err; -+ } -+ /* -+ * We do this to preserve the settings. If we modify the settings, via -+ * the _set_bit function, we will recalculate on output -+ */ -+ ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */ -+ ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ -+ -+ if (len-- > 1) { /* using one because of the bits left byte */ -+ s = (unsigned char *)OPENSSL_malloc((int)len); -+ if (s == NULL) { -+ i = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ memcpy(s, p, (int)len); -+ s[len - 1] &= (0xff << i); -+ p += len; -+ } else -+ s = NULL; -+ -+ ret->length = (int)len; -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ ret->data = s; -+ ret->type = V_ASN1_BIT_STRING; -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_BIT_STRING_free(ret); -+ return (NULL); -+} -+ -+/* -+ * These next 2 functions from Goetz Babin-Ebell - */ - int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) -- { -- int w,v,iv; -- unsigned char *c; -- -- w=n/8; -- v=1<<(7-(n&0x07)); -- iv= ~v; -- if (!value) v=0; -- -- if (a == NULL) -- return 0; -- -- a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ -- -- if ((a->length < (w+1)) || (a->data == NULL)) -- { -- if (!value) return(1); /* Don't need to set */ -- if (a->data == NULL) -- c=(unsigned char *)OPENSSL_malloc(w+1); -- else -- c=(unsigned char *)OPENSSL_realloc_clean(a->data, -- a->length, -- w+1); -- if (c == NULL) -- { -- ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); -- a->data=c; -- a->length=w+1; -- } -- a->data[w]=((a->data[w])&iv)|v; -- while ((a->length > 0) && (a->data[a->length-1] == 0)) -- a->length--; -- return(1); -- } -+{ -+ int w, v, iv; -+ unsigned char *c; -+ -+ w = n / 8; -+ v = 1 << (7 - (n & 0x07)); -+ iv = ~v; -+ if (!value) -+ v = 0; -+ -+ if (a == NULL) -+ return 0; -+ -+ a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ -+ -+ if ((a->length < (w + 1)) || (a->data == NULL)) { -+ if (!value) -+ return (1); /* Don't need to set */ -+ if (a->data == NULL) -+ c = (unsigned char *)OPENSSL_malloc(w + 1); -+ else -+ c = (unsigned char *)OPENSSL_realloc_clean(a->data, -+ a->length, w + 1); -+ if (c == NULL) { -+ ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (w + 1 - a->length > 0) -+ memset(c + a->length, 0, w + 1 - a->length); -+ a->data = c; -+ a->length = w + 1; -+ } -+ a->data[w] = ((a->data[w]) & iv) | v; -+ while ((a->length > 0) && (a->data[a->length - 1] == 0)) -+ a->length--; -+ return (1); -+} - - int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) -- { -- int w,v; -- -- w=n/8; -- v=1<<(7-(n&0x07)); -- if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL)) -- return(0); -- return((a->data[w]&v) != 0); -- } -- -+{ -+ int w, v; -+ -+ w = n / 8; -+ v = 1 << (7 - (n & 0x07)); -+ if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) -+ return (0); -+ return ((a->data[w] & v) != 0); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c -index 331acdf..1b85bc9 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,54 +61,51 @@ - #include - - int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) -- { -- int r; -- unsigned char *p; -+{ -+ int r; -+ unsigned char *p; - -- r=ASN1_object_size(0,1,V_ASN1_BOOLEAN); -- if (pp == NULL) return(r); -- p= *pp; -+ r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); -+ if (pp == NULL) -+ return (r); -+ p = *pp; - -- ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL); -- *(p++)= (unsigned char)a; -- *pp=p; -- return(r); -- } -+ ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); -+ *(p++) = (unsigned char)a; -+ *pp = p; -+ return (r); -+} - - int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) -- { -- int ret= -1; -- const unsigned char *p; -- long len; -- int inf,tag,xclass; -- int i=0; -- -- p= *pp; -- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); -- if (inf & 0x80) -- { -- i=ASN1_R_BAD_OBJECT_HEADER; -- goto err; -- } -- -- if (tag != V_ASN1_BOOLEAN) -- { -- i=ASN1_R_EXPECTING_A_BOOLEAN; -- goto err; -- } -+{ -+ int ret = -1; -+ const unsigned char *p; -+ long len; -+ int inf, tag, xclass; -+ int i = 0; - -- if (len != 1) -- { -- i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH; -- goto err; -- } -- ret= (int)*(p++); -- if (a != NULL) (*a)=ret; -- *pp=p; -- return(ret); --err: -- ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i); -- return(ret); -- } -+ p = *pp; -+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); -+ if (inf & 0x80) { -+ i = ASN1_R_BAD_OBJECT_HEADER; -+ goto err; -+ } - -+ if (tag != V_ASN1_BOOLEAN) { -+ i = ASN1_R_EXPECTING_A_BOOLEAN; -+ goto err; -+ } - -+ if (len != 1) { -+ i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH; -+ goto err; -+ } -+ ret = (int)*(p++); -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c -index 92d630c..12715a7 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,254 +61,246 @@ - #include - - static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c); --/* type is a 'bitmap' of acceptable string types. -+/* -+ * type is a 'bitmap' of acceptable string types. - */ - ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, -- long length, int type) -- { -- ASN1_STRING *ret=NULL; -- const unsigned char *p; -- unsigned char *s; -- long len; -- int inf,tag,xclass; -- int i=0; -+ long length, int type) -+{ -+ ASN1_STRING *ret = NULL; -+ const unsigned char *p; -+ unsigned char *s; -+ long len; -+ int inf, tag, xclass; -+ int i = 0; - -- p= *pp; -- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); -- if (inf & 0x80) goto err; -+ p = *pp; -+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); -+ if (inf & 0x80) -+ goto err; - -- if (tag >= 32) -- { -- i=ASN1_R_TAG_VALUE_TOO_HIGH; -- goto err; -- } -- if (!(ASN1_tag2bit(tag) & type)) -- { -- i=ASN1_R_WRONG_TYPE; -- goto err; -- } -+ if (tag >= 32) { -+ i = ASN1_R_TAG_VALUE_TOO_HIGH; -+ goto err; -+ } -+ if (!(ASN1_tag2bit(tag) & type)) { -+ i = ASN1_R_WRONG_TYPE; -+ goto err; -+ } - -- /* If a bit-string, exit early */ -- if (tag == V_ASN1_BIT_STRING) -- return(d2i_ASN1_BIT_STRING(a,pp,length)); -+ /* If a bit-string, exit early */ -+ if (tag == V_ASN1_BIT_STRING) -+ return (d2i_ASN1_BIT_STRING(a, pp, length)); - -- if ((a == NULL) || ((*a) == NULL)) -- { -- if ((ret=ASN1_STRING_new()) == NULL) return(NULL); -- } -- else -- ret=(*a); -+ if ((a == NULL) || ((*a) == NULL)) { -+ if ((ret = ASN1_STRING_new()) == NULL) -+ return (NULL); -+ } else -+ ret = (*a); - -- if (len != 0) -- { -- s=(unsigned char *)OPENSSL_malloc((int)len+1); -- if (s == NULL) -- { -- i=ERR_R_MALLOC_FAILURE; -- goto err; -- } -- memcpy(s,p,(int)len); -- s[len]='\0'; -- p+=len; -- } -- else -- s=NULL; -+ if (len != 0) { -+ s = (unsigned char *)OPENSSL_malloc((int)len + 1); -+ if (s == NULL) { -+ i = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ memcpy(s, p, (int)len); -+ s[len] = '\0'; -+ p += len; -+ } else -+ s = NULL; - -- if (ret->data != NULL) OPENSSL_free(ret->data); -- ret->length=(int)len; -- ret->data=s; -- ret->type=tag; -- if (a != NULL) (*a)=ret; -- *pp=p; -- return(ret); --err: -- ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i); -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- ASN1_STRING_free(ret); -- return(NULL); -- } -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ ret->length = (int)len; -+ ret->data = s; -+ ret->type = tag; -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ ASN1_STRING_free(ret); -+ return (NULL); -+} - - int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) -- { -- int ret,r,constructed; -- unsigned char *p; -+{ -+ int ret, r, constructed; -+ unsigned char *p; - -- if (a == NULL) return(0); -+ if (a == NULL) -+ return (0); - -- if (tag == V_ASN1_BIT_STRING) -- return(i2d_ASN1_BIT_STRING(a,pp)); -- -- ret=a->length; -- r=ASN1_object_size(0,ret,tag); -- if (pp == NULL) return(r); -- p= *pp; -+ if (tag == V_ASN1_BIT_STRING) -+ return (i2d_ASN1_BIT_STRING(a, pp)); - -- if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) -- constructed=1; -- else -- constructed=0; -- ASN1_put_object(&p,constructed,ret,tag,xclass); -- memcpy(p,a->data,a->length); -- p+=a->length; -- *pp= p; -- return(r); -- } -+ ret = a->length; -+ r = ASN1_object_size(0, ret, tag); -+ if (pp == NULL) -+ return (r); -+ p = *pp; - --ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, -- long length, int Ptag, int Pclass) -- { -- ASN1_STRING *ret=NULL; -- const unsigned char *p; -- unsigned char *s; -- long len; -- int inf,tag,xclass; -- int i=0; -+ if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) -+ constructed = 1; -+ else -+ constructed = 0; -+ ASN1_put_object(&p, constructed, ret, tag, xclass); -+ memcpy(p, a->data, a->length); -+ p += a->length; -+ *pp = p; -+ return (r); -+} - -- if ((a == NULL) || ((*a) == NULL)) -- { -- if ((ret=ASN1_STRING_new()) == NULL) return(NULL); -- } -- else -- ret=(*a); -+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, -+ long length, int Ptag, int Pclass) -+{ -+ ASN1_STRING *ret = NULL; -+ const unsigned char *p; -+ unsigned char *s; -+ long len; -+ int inf, tag, xclass; -+ int i = 0; - -- p= *pp; -- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); -- if (inf & 0x80) -- { -- i=ASN1_R_BAD_OBJECT_HEADER; -- goto err; -- } -+ if ((a == NULL) || ((*a) == NULL)) { -+ if ((ret = ASN1_STRING_new()) == NULL) -+ return (NULL); -+ } else -+ ret = (*a); - -- if (tag != Ptag) -- { -- i=ASN1_R_WRONG_TAG; -- goto err; -- } -+ p = *pp; -+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); -+ if (inf & 0x80) { -+ i = ASN1_R_BAD_OBJECT_HEADER; -+ goto err; -+ } - -- if (inf & V_ASN1_CONSTRUCTED) -- { -- ASN1_const_CTX c; -+ if (tag != Ptag) { -+ i = ASN1_R_WRONG_TAG; -+ goto err; -+ } - -- c.pp=pp; -- c.p=p; -- c.inf=inf; -- c.slen=len; -- c.tag=Ptag; -- c.xclass=Pclass; -- c.max=(length == 0)?0:(p+length); -- if (!asn1_collate_primitive(ret,&c)) -- goto err; -- else -- { -- p=c.p; -- } -- } -- else -- { -- if (len != 0) -- { -- if ((ret->length < len) || (ret->data == NULL)) -- { -- if (ret->data != NULL) OPENSSL_free(ret->data); -- s=(unsigned char *)OPENSSL_malloc((int)len + 1); -- if (s == NULL) -- { -- i=ERR_R_MALLOC_FAILURE; -- goto err; -- } -- } -- else -- s=ret->data; -- memcpy(s,p,(int)len); -- s[len] = '\0'; -- p+=len; -- } -- else -- { -- s=NULL; -- if (ret->data != NULL) OPENSSL_free(ret->data); -- } -+ if (inf & V_ASN1_CONSTRUCTED) { -+ ASN1_const_CTX c; - -- ret->length=(int)len; -- ret->data=s; -- ret->type=Ptag; -- } -+ c.pp = pp; -+ c.p = p; -+ c.inf = inf; -+ c.slen = len; -+ c.tag = Ptag; -+ c.xclass = Pclass; -+ c.max = (length == 0) ? 0 : (p + length); -+ if (!asn1_collate_primitive(ret, &c)) -+ goto err; -+ else { -+ p = c.p; -+ } -+ } else { -+ if (len != 0) { -+ if ((ret->length < len) || (ret->data == NULL)) { -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ s = (unsigned char *)OPENSSL_malloc((int)len + 1); -+ if (s == NULL) { -+ i = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ } else -+ s = ret->data; -+ memcpy(s, p, (int)len); -+ s[len] = '\0'; -+ p += len; -+ } else { -+ s = NULL; -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ } - -- if (a != NULL) (*a)=ret; -- *pp=p; -- return(ret); --err: -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- ASN1_STRING_free(ret); -- ASN1err(ASN1_F_D2I_ASN1_BYTES,i); -- return(NULL); -- } -+ ret->length = (int)len; -+ ret->data = s; -+ ret->type = Ptag; -+ } - -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ ASN1_STRING_free(ret); -+ ASN1err(ASN1_F_D2I_ASN1_BYTES, i); -+ return (NULL); -+} - --/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse -- * them into the one structure that is then returned */ --/* There have been a few bug fixes for this function from -- * Paul Keogh , many thanks to him */ -+/* -+ * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them -+ * into the one structure that is then returned -+ */ -+/* -+ * There have been a few bug fixes for this function from Paul Keogh -+ * , many thanks to him -+ */ - static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) -- { -- ASN1_STRING *os=NULL; -- BUF_MEM b; -- int num; -- -- b.length=0; -- b.max=0; -- b.data=NULL; -+{ -+ ASN1_STRING *os = NULL; -+ BUF_MEM b; -+ int num; - -- if (a == NULL) -- { -- c->error=ERR_R_PASSED_NULL_PARAMETER; -- goto err; -- } -+ b.length = 0; -+ b.max = 0; -+ b.data = NULL; - -- num=0; -- for (;;) -- { -- if (c->inf & 1) -- { -- c->eos=ASN1_const_check_infinite_end(&c->p, -- (long)(c->max-c->p)); -- if (c->eos) break; -- } -- else -- { -- if (c->slen <= 0) break; -- } -+ if (a == NULL) { -+ c->error = ERR_R_PASSED_NULL_PARAMETER; -+ goto err; -+ } - -- c->q=c->p; -- if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) -- == NULL) -- { -- c->error=ERR_R_ASN1_LIB; -- goto err; -- } -+ num = 0; -+ for (;;) { -+ if (c->inf & 1) { -+ c->eos = ASN1_const_check_infinite_end(&c->p, -+ (long)(c->max - c->p)); -+ if (c->eos) -+ break; -+ } else { -+ if (c->slen <= 0) -+ break; -+ } - -- if (!BUF_MEM_grow_clean(&b,num+os->length)) -- { -- c->error=ERR_R_BUF_LIB; -- goto err; -- } -- memcpy(&(b.data[num]),os->data,os->length); -- if (!(c->inf & 1)) -- c->slen-=(c->p-c->q); -- num+=os->length; -- } -+ c->q = c->p; -+ if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass) -+ == NULL) { -+ c->error = ERR_R_ASN1_LIB; -+ goto err; -+ } - -- if (!asn1_const_Finish(c)) goto err; -+ if (!BUF_MEM_grow_clean(&b, num + os->length)) { -+ c->error = ERR_R_BUF_LIB; -+ goto err; -+ } -+ memcpy(&(b.data[num]), os->data, os->length); -+ if (!(c->inf & 1)) -+ c->slen -= (c->p - c->q); -+ num += os->length; -+ } - -- a->length=num; -- if (a->data != NULL) OPENSSL_free(a->data); -- a->data=(unsigned char *)b.data; -- if (os != NULL) ASN1_STRING_free(os); -- return(1); --err: -- ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error); -- if (os != NULL) ASN1_STRING_free(os); -- if (b.data != NULL) OPENSSL_free(b.data); -- return(0); -- } -+ if (!asn1_const_Finish(c)) -+ goto err; - -+ a->length = num; -+ if (a->data != NULL) -+ OPENSSL_free(a->data); -+ a->data = (unsigned char *)b.data; -+ if (os != NULL) -+ ASN1_STRING_free(os); -+ return (1); -+ err: -+ ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error); -+ if (os != NULL) -+ ASN1_STRING_free(os); -+ if (b.data != NULL) -+ OPENSSL_free(b.data); -+ return (0); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c -index 52b2ebd..a1864b4 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,222 +65,204 @@ - static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); - - #ifndef NO_OLD_ASN1 --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - --void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) -- { -- BIO *b; -- void *ret; -+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) -+{ -+ BIO *b; -+ void *ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); -- return(NULL); -- } -- BIO_set_fp(b,in,BIO_NOCLOSE); -- ret=ASN1_d2i_bio(xnew,d2i,b,x); -- BIO_free(b); -- return(ret); -- } --#endif -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB); -+ return (NULL); -+ } -+ BIO_set_fp(b, in, BIO_NOCLOSE); -+ ret = ASN1_d2i_bio(xnew, d2i, b, x); -+ BIO_free(b); -+ return (ret); -+} -+# endif - --void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) -- { -- BUF_MEM *b = NULL; -- const unsigned char *p; -- void *ret=NULL; -- int len; -+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) -+{ -+ BUF_MEM *b = NULL; -+ const unsigned char *p; -+ void *ret = NULL; -+ int len; - -- len = asn1_d2i_read_bio(in, &b); -- if(len < 0) goto err; -+ len = asn1_d2i_read_bio(in, &b); -+ if (len < 0) -+ goto err; - -- p=(unsigned char *)b->data; -- ret=d2i(x,&p,len); --err: -- if (b != NULL) BUF_MEM_free(b); -- return(ret); -- } -+ p = (unsigned char *)b->data; -+ ret = d2i(x, &p, len); -+ err: -+ if (b != NULL) -+ BUF_MEM_free(b); -+ return (ret); -+} - - #endif - - void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) -- { -- BUF_MEM *b = NULL; -- const unsigned char *p; -- void *ret=NULL; -- int len; -+{ -+ BUF_MEM *b = NULL; -+ const unsigned char *p; -+ void *ret = NULL; -+ int len; - -- len = asn1_d2i_read_bio(in, &b); -- if(len < 0) goto err; -+ len = asn1_d2i_read_bio(in, &b); -+ if (len < 0) -+ goto err; - -- p=(const unsigned char *)b->data; -- ret=ASN1_item_d2i(x,&p,len, it); --err: -- if (b != NULL) BUF_MEM_free(b); -- return(ret); -- } -+ p = (const unsigned char *)b->data; -+ ret = ASN1_item_d2i(x, &p, len, it); -+ err: -+ if (b != NULL) -+ BUF_MEM_free(b); -+ return (ret); -+} - - #ifndef OPENSSL_NO_FP_API - void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) -- { -- BIO *b; -- char *ret; -+{ -+ BIO *b; -+ char *ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB); -- return(NULL); -- } -- BIO_set_fp(b,in,BIO_NOCLOSE); -- ret=ASN1_item_d2i_bio(it,b,x); -- BIO_free(b); -- return(ret); -- } -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB); -+ return (NULL); -+ } -+ BIO_set_fp(b, in, BIO_NOCLOSE); -+ ret = ASN1_item_d2i_bio(it, b, x); -+ BIO_free(b); -+ return (ret); -+} - #endif - - #define HEADER_SIZE 8 - static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) -- { -- BUF_MEM *b; -- unsigned char *p; -- int i; -- ASN1_const_CTX c; -- size_t want=HEADER_SIZE; -- int eos=0; -- size_t off=0; -- size_t len=0; -+{ -+ BUF_MEM *b; -+ unsigned char *p; -+ int i; -+ ASN1_const_CTX c; -+ size_t want = HEADER_SIZE; -+ int eos = 0; -+ size_t off = 0; -+ size_t len = 0; - -- b=BUF_MEM_new(); -- if (b == NULL) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); -- return -1; -- } -+ b = BUF_MEM_new(); -+ if (b == NULL) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } - -- ERR_clear_error(); -- for (;;) -- { -- if (want >= (len-off)) -- { -- want-=(len-off); -+ ERR_clear_error(); -+ for (;;) { -+ if (want >= (len - off)) { -+ want -= (len - off); - -- if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- i=BIO_read(in,&(b->data[len]),want); -- if ((i < 0) && ((len-off) == 0)) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA); -- goto err; -- } -- if (i > 0) -- { -- if (len+i < len) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); -- goto err; -- } -- len+=i; -- } -- } -- /* else data already loaded */ -+ if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ i = BIO_read(in, &(b->data[len]), want); -+ if ((i < 0) && ((len - off) == 0)) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); -+ goto err; -+ } -+ if (i > 0) { -+ if (len + i < len) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); -+ goto err; -+ } -+ len += i; -+ } -+ } -+ /* else data already loaded */ - -- p=(unsigned char *)&(b->data[off]); -- c.p=p; -- c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass), -- len-off); -- if (c.inf & 0x80) -- { -- unsigned long e; -+ p = (unsigned char *)&(b->data[off]); -+ c.p = p; -+ c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass), -+ len - off); -+ if (c.inf & 0x80) { -+ unsigned long e; - -- e=ERR_GET_REASON(ERR_peek_error()); -- if (e != ASN1_R_TOO_LONG) -- goto err; -- else -- ERR_clear_error(); /* clear error */ -- } -- i=c.p-p;/* header length */ -- off+=i; /* end of data */ -+ e = ERR_GET_REASON(ERR_peek_error()); -+ if (e != ASN1_R_TOO_LONG) -+ goto err; -+ else -+ ERR_clear_error(); /* clear error */ -+ } -+ i = c.p - p; /* header length */ -+ off += i; /* end of data */ - -- if (c.inf & 1) -- { -- /* no data body so go round again */ -- eos++; -- if (eos < 0) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG); -- goto err; -- } -- want=HEADER_SIZE; -- } -- else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) -- { -- /* eos value, so go back and read another header */ -- eos--; -- if (eos <= 0) -- break; -- else -- want=HEADER_SIZE; -- } -- else -- { -- /* suck in c.slen bytes of data */ -- want=c.slen; -- if (want > (len-off)) -- { -- want-=(len-off); -- if (want > INT_MAX /* BIO_read takes an int length */ || -- len+want < len) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); -- goto err; -- } -- if (!BUF_MEM_grow_clean(b,len+want)) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- while (want > 0) -- { -- i=BIO_read(in,&(b->data[len]),want); -- if (i <= 0) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, -- ASN1_R_NOT_ENOUGH_DATA); -- goto err; -- } -- /* This can't overflow because -- * |len+want| didn't overflow. */ -- len+=i; -- want-=i; -- } -- } -- if (off + c.slen < off) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); -- goto err; -- } -- off+=c.slen; -- if (eos <= 0) -- { -- break; -- } -- else -- want=HEADER_SIZE; -- } -- } -+ if (c.inf & 1) { -+ /* no data body so go round again */ -+ eos++; -+ if (eos < 0) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); -+ goto err; -+ } -+ want = HEADER_SIZE; -+ } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) { -+ /* eos value, so go back and read another header */ -+ eos--; -+ if (eos <= 0) -+ break; -+ else -+ want = HEADER_SIZE; -+ } else { -+ /* suck in c.slen bytes of data */ -+ want = c.slen; -+ if (want > (len - off)) { -+ want -= (len - off); -+ if (want > INT_MAX /* BIO_read takes an int length */ || -+ len + want < len) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); -+ goto err; -+ } -+ if (!BUF_MEM_grow_clean(b, len + want)) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ while (want > 0) { -+ i = BIO_read(in, &(b->data[len]), want); -+ if (i <= 0) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, -+ ASN1_R_NOT_ENOUGH_DATA); -+ goto err; -+ } -+ /* -+ * This can't overflow because |len+want| didn't -+ * overflow. -+ */ -+ len += i; -+ want -= i; -+ } -+ } -+ if (off + c.slen < off) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); -+ goto err; -+ } -+ off += c.slen; -+ if (eos <= 0) { -+ break; -+ } else -+ want = HEADER_SIZE; -+ } -+ } - -- if (off > INT_MAX) -- { -- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); -- goto err; -- } -+ if (off > INT_MAX) { -+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); -+ goto err; -+ } - -- *pb = b; -- return off; --err: -- if (b != NULL) BUF_MEM_free(b); -- return -1; -- } -+ *pb = b; -+ return off; -+ err: -+ if (b != NULL) -+ BUF_MEM_free(b); -+ return -1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c -index d00d9e2..2c0a9ba 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -73,39 +73,37 @@ - #ifndef NO_ASN1_OLD - - int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, -- unsigned char *md, unsigned int *len) -- { -- int i; -- unsigned char *str,*p; -+ unsigned char *md, unsigned int *len) -+{ -+ int i; -+ unsigned char *str, *p; - -- i=i2d(data,NULL); -- if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) -- { -- ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- p=str; -- i2d(data,&p); -+ i = i2d(data, NULL); -+ if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) { -+ ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ p = str; -+ i2d(data, &p); - -- EVP_Digest(str, i, md, len, type, NULL); -- OPENSSL_free(str); -- return(1); -- } -+ EVP_Digest(str, i, md, len, type, NULL); -+ OPENSSL_free(str); -+ return (1); -+} - - #endif - -- - int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, -- unsigned char *md, unsigned int *len) -- { -- int i; -- unsigned char *str = NULL; -- -- i=ASN1_item_i2d(asn,&str, it); -- if (!str) return(0); -+ unsigned char *md, unsigned int *len) -+{ -+ int i; -+ unsigned char *str = NULL; - -- EVP_Digest(str, i, md, len, type, NULL); -- OPENSSL_free(str); -- return(1); -- } -+ i = ASN1_item_i2d(asn, &str, it); -+ if (!str) -+ return (0); - -+ EVP_Digest(str, i, md, len, type, NULL); -+ OPENSSL_free(str); -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c -index 199d50f..35e6540 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,47 +63,55 @@ - #ifndef NO_OLD_ASN1 - - void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x) -- { -- unsigned char *b,*p; -- const unsigned char *p2; -- int i; -- char *ret; -+{ -+ unsigned char *b, *p; -+ const unsigned char *p2; -+ int i; -+ char *ret; - -- if (x == NULL) return(NULL); -+ if (x == NULL) -+ return (NULL); - -- i=i2d(x,NULL); -- b=OPENSSL_malloc(i+10); -- if (b == NULL) -- { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } -- p= b; -- i=i2d(x,&p); -- p2= b; -- ret=d2i(NULL,&p2,i); -- OPENSSL_free(b); -- return(ret); -- } -+ i = i2d(x, NULL); -+ b = OPENSSL_malloc(i + 10); -+ if (b == NULL) { -+ ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ p = b; -+ i = i2d(x, &p); -+ p2 = b; -+ ret = d2i(NULL, &p2, i); -+ OPENSSL_free(b); -+ return (ret); -+} - - #endif - --/* ASN1_ITEM version of dup: this follows the model above except we don't need -- * to allocate the buffer. At some point this could be rewritten to directly dup -- * the underlying structure instead of doing and encode and decode. -+/* -+ * ASN1_ITEM version of dup: this follows the model above except we don't -+ * need to allocate the buffer. At some point this could be rewritten to -+ * directly dup the underlying structure instead of doing and encode and -+ * decode. - */ - - void *ASN1_item_dup(const ASN1_ITEM *it, void *x) -- { -- unsigned char *b = NULL; -- const unsigned char *p; -- long i; -- void *ret; -+{ -+ unsigned char *b = NULL; -+ const unsigned char *p; -+ long i; -+ void *ret; - -- if (x == NULL) return(NULL); -+ if (x == NULL) -+ return (NULL); - -- i=ASN1_item_i2d(x,&b,it); -- if (b == NULL) -- { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } -- p= b; -- ret=ASN1_item_d2i(NULL,&p,i, it); -- OPENSSL_free(b); -- return(ret); -- } -+ i = ASN1_item_i2d(x, &b, it); -+ if (b == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ p = b; -+ ret = ASN1_item_d2i(NULL, &p, i, it); -+ OPENSSL_free(b); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c -index fe9aa13..c3498ac 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,122 +61,121 @@ - #include - #include - --/* -+/* - * Code for ENUMERATED type: identical to INTEGER apart from a different tag. - * for comments on encoding see a_int.c - */ - - int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) -- { -- int j,k; -- unsigned int i; -- unsigned char buf[sizeof(long)+1]; -- long d; -+{ -+ int j, k; -+ unsigned int i; -+ unsigned char buf[sizeof(long) + 1]; -+ long d; - -- a->type=V_ASN1_ENUMERATED; -- if (a->length < (int)(sizeof(long)+1)) -- { -- if (a->data != NULL) -- OPENSSL_free(a->data); -- if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) -- memset((char *)a->data,0,sizeof(long)+1); -- } -- if (a->data == NULL) -- { -- ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- d=v; -- if (d < 0) -- { -- d= -d; -- a->type=V_ASN1_NEG_ENUMERATED; -- } -+ a->type = V_ASN1_ENUMERATED; -+ if (a->length < (int)(sizeof(long) + 1)) { -+ if (a->data != NULL) -+ OPENSSL_free(a->data); -+ if ((a->data = -+ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) -+ memset((char *)a->data, 0, sizeof(long) + 1); -+ } -+ if (a->data == NULL) { -+ ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ d = v; -+ if (d < 0) { -+ d = -d; -+ a->type = V_ASN1_NEG_ENUMERATED; -+ } - -- for (i=0; i>=8; -- } -- j=0; -- for (k=i-1; k >=0; k--) -- a->data[j++]=buf[k]; -- a->length=j; -- return(1); -- } -+ for (i = 0; i < sizeof(long); i++) { -+ if (d == 0) -+ break; -+ buf[i] = (int)d & 0xff; -+ d >>= 8; -+ } -+ j = 0; -+ for (k = i - 1; k >= 0; k--) -+ a->data[j++] = buf[k]; -+ a->length = j; -+ return (1); -+} - - long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) -- { -- int neg=0,i; -- long r=0; -+{ -+ int neg = 0, i; -+ long r = 0; -+ -+ if (a == NULL) -+ return (0L); -+ i = a->type; -+ if (i == V_ASN1_NEG_ENUMERATED) -+ neg = 1; -+ else if (i != V_ASN1_ENUMERATED) -+ return -1; - -- if (a == NULL) return(0L); -- i=a->type; -- if (i == V_ASN1_NEG_ENUMERATED) -- neg=1; -- else if (i != V_ASN1_ENUMERATED) -- return -1; -- -- if (a->length > (int)sizeof(long)) -- { -- /* hmm... a bit ugly */ -- return(0xffffffffL); -- } -- if (a->data == NULL) -- return 0; -+ if (a->length > (int)sizeof(long)) { -+ /* hmm... a bit ugly */ -+ return (0xffffffffL); -+ } -+ if (a->data == NULL) -+ return 0; - -- for (i=0; ilength; i++) -- { -- r<<=8; -- r|=(unsigned char)a->data[i]; -- } -- if (neg) r= -r; -- return(r); -- } -+ for (i = 0; i < a->length; i++) { -+ r <<= 8; -+ r |= (unsigned char)a->data[i]; -+ } -+ if (neg) -+ r = -r; -+ return (r); -+} - - ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) -- { -- ASN1_ENUMERATED *ret; -- int len,j; -+{ -+ ASN1_ENUMERATED *ret; -+ int len, j; - -- if (ai == NULL) -- ret=M_ASN1_ENUMERATED_new(); -- else -- ret=ai; -- if (ret == NULL) -- { -- ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; -- else ret->type=V_ASN1_ENUMERATED; -- j=BN_num_bits(bn); -- len=((j == 0)?0:((j/8)+1)); -- if (ret->length < len+4) -- { -- unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); -- if (!new_data) -- { -- ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ret->data=new_data; -- } -+ if (ai == NULL) -+ ret = M_ASN1_ENUMERATED_new(); -+ else -+ ret = ai; -+ if (ret == NULL) { -+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ if (BN_is_negative(bn)) -+ ret->type = V_ASN1_NEG_ENUMERATED; -+ else -+ ret->type = V_ASN1_ENUMERATED; -+ j = BN_num_bits(bn); -+ len = ((j == 0) ? 0 : ((j / 8) + 1)); -+ if (ret->length < len + 4) { -+ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); -+ if (!new_data) { -+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ret->data = new_data; -+ } - -- ret->length=BN_bn2bin(bn,ret->data); -- return(ret); --err: -- if (ret != ai) M_ASN1_ENUMERATED_free(ret); -- return(NULL); -- } -+ ret->length = BN_bn2bin(bn, ret->data); -+ return (ret); -+ err: -+ if (ret != ai) -+ M_ASN1_ENUMERATED_free(ret); -+ return (NULL); -+} - - BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) -- { -- BIGNUM *ret; -+{ -+ BIGNUM *ret; - -- if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) -- ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); -- else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); -- return(ret); -- } -+ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) -+ ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB); -+ else if (ai->type == V_ASN1_NEG_ENUMERATED) -+ BN_set_negative(ret, 1); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c -index def7906..b504f2e 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,14 +49,16 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */ -+/* -+ * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME -+ */ - - #include - #include -@@ -67,180 +69,187 @@ - #if 0 - - int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) -- { --#ifdef CHARSET_EBCDIC -- /* KLUDGE! We convert to ascii before writing DER */ -- int len; -- char tmp[24]; -- ASN1_STRING tmpstr = *(ASN1_STRING *)a; -- -- len = tmpstr.length; -- ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); -- tmpstr.data = tmp; -- -- a = (ASN1_GENERALIZEDTIME *) &tmpstr; --#endif -- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, -- V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL)); -- } -- -+{ -+# ifdef CHARSET_EBCDIC -+ /* KLUDGE! We convert to ascii before writing DER */ -+ int len; -+ char tmp[24]; -+ ASN1_STRING tmpstr = *(ASN1_STRING *)a; -+ -+ len = tmpstr.length; -+ ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); -+ tmpstr.data = tmp; -+ -+ a = (ASN1_GENERALIZEDTIME *)&tmpstr; -+# endif -+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, -+ V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL)); -+} - - ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, -- unsigned char **pp, long length) -- { -- ASN1_GENERALIZEDTIME *ret=NULL; -- -- ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, -- V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL); -- if (ret == NULL) -- { -- ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR); -- return(NULL); -- } --#ifdef CHARSET_EBCDIC -- ascii2ebcdic(ret->data, ret->data, ret->length); --#endif -- if (!ASN1_GENERALIZEDTIME_check(ret)) -- { -- ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT); -- goto err; -- } -- -- return(ret); --err: -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- M_ASN1_GENERALIZEDTIME_free(ret); -- return(NULL); -- } -+ unsigned char **pp, -+ long length) -+{ -+ ASN1_GENERALIZEDTIME *ret = NULL; -+ -+ ret = -+ (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, -+ V_ASN1_GENERALIZEDTIME, -+ V_ASN1_UNIVERSAL); -+ if (ret == NULL) { -+ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR); -+ return (NULL); -+ } -+# ifdef CHARSET_EBCDIC -+ ascii2ebcdic(ret->data, ret->data, ret->length); -+# endif -+ if (!ASN1_GENERALIZEDTIME_check(ret)) { -+ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT); -+ goto err; -+ } -+ -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_GENERALIZEDTIME_free(ret); -+ return (NULL); -+} - - #endif - - int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) -- { -- static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; -- static int max[9]={99, 99,12,31,23,59,59,12,59}; -- char *a; -- int n,i,l,o; -- -- if (d->type != V_ASN1_GENERALIZEDTIME) return(0); -- l=d->length; -- a=(char *)d->data; -- o=0; -- /* GENERALIZEDTIME is similar to UTCTIME except the year is -- * represented as YYYY. This stuff treats everything as a two digit -- * field so make first two fields 00 to 99 -- */ -- if (l < 13) goto err; -- for (i=0; i<7; i++) -- { -- if ((i == 6) && ((a[o] == 'Z') || -- (a[o] == '+') || (a[o] == '-'))) -- { i++; break; } -- if ((a[o] < '0') || (a[o] > '9')) goto err; -- n= a[o]-'0'; -- if (++o > l) goto err; -- -- if ((a[o] < '0') || (a[o] > '9')) goto err; -- n=(n*10)+ a[o]-'0'; -- if (++o > l) goto err; -- -- if ((n < min[i]) || (n > max[i])) goto err; -- } -- /* Optional fractional seconds: decimal point followed by one -- * or more digits. -- */ -- if (a[o] == '.') -- { -- if (++o > l) goto err; -- i = o; -- while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) -- o++; -- /* Must have at least one digit after decimal point */ -- if (i == o) goto err; -- } -- -- if (a[o] == 'Z') -- o++; -- else if ((a[o] == '+') || (a[o] == '-')) -- { -- o++; -- if (o+4 > l) goto err; -- for (i=7; i<9; i++) -- { -- if ((a[o] < '0') || (a[o] > '9')) goto err; -- n= a[o]-'0'; -- o++; -- if ((a[o] < '0') || (a[o] > '9')) goto err; -- n=(n*10)+ a[o]-'0'; -- if ((n < min[i]) || (n > max[i])) goto err; -- o++; -- } -- } -- return(o == l); --err: -- return(0); -- } -+{ -+ static int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; -+ static int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; -+ char *a; -+ int n, i, l, o; -+ -+ if (d->type != V_ASN1_GENERALIZEDTIME) -+ return (0); -+ l = d->length; -+ a = (char *)d->data; -+ o = 0; -+ /* -+ * GENERALIZEDTIME is similar to UTCTIME except the year is represented -+ * as YYYY. This stuff treats everything as a two digit field so make -+ * first two fields 00 to 99 -+ */ -+ if (l < 13) -+ goto err; -+ for (i = 0; i < 7; i++) { -+ if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { -+ i++; -+ break; -+ } -+ if ((a[o] < '0') || (a[o] > '9')) -+ goto err; -+ n = a[o] - '0'; -+ if (++o > l) -+ goto err; -+ -+ if ((a[o] < '0') || (a[o] > '9')) -+ goto err; -+ n = (n * 10) + a[o] - '0'; -+ if (++o > l) -+ goto err; -+ -+ if ((n < min[i]) || (n > max[i])) -+ goto err; -+ } -+ /* -+ * Optional fractional seconds: decimal point followed by one or more -+ * digits. -+ */ -+ if (a[o] == '.') { -+ if (++o > l) -+ goto err; -+ i = o; -+ while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) -+ o++; -+ /* Must have at least one digit after decimal point */ -+ if (i == o) -+ goto err; -+ } -+ -+ if (a[o] == 'Z') -+ o++; -+ else if ((a[o] == '+') || (a[o] == '-')) { -+ o++; -+ if (o + 4 > l) -+ goto err; -+ for (i = 7; i < 9; i++) { -+ if ((a[o] < '0') || (a[o] > '9')) -+ goto err; -+ n = a[o] - '0'; -+ o++; -+ if ((a[o] < '0') || (a[o] > '9')) -+ goto err; -+ n = (n * 10) + a[o] - '0'; -+ if ((n < min[i]) || (n > max[i])) -+ goto err; -+ o++; -+ } -+ } -+ return (o == l); -+ err: -+ return (0); -+} - - int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) -- { -- ASN1_GENERALIZEDTIME t; -- -- t.type=V_ASN1_GENERALIZEDTIME; -- t.length=strlen(str); -- t.data=(unsigned char *)str; -- if (ASN1_GENERALIZEDTIME_check(&t)) -- { -- if (s != NULL) -- { -- if (!ASN1_STRING_set((ASN1_STRING *)s, -- (unsigned char *)str,t.length)) -- return 0; -- s->type=V_ASN1_GENERALIZEDTIME; -- } -- return(1); -- } -- else -- return(0); -- } -+{ -+ ASN1_GENERALIZEDTIME t; -+ -+ t.type = V_ASN1_GENERALIZEDTIME; -+ t.length = strlen(str); -+ t.data = (unsigned char *)str; -+ if (ASN1_GENERALIZEDTIME_check(&t)) { -+ if (s != NULL) { -+ if (!ASN1_STRING_set((ASN1_STRING *)s, -+ (unsigned char *)str, t.length)) -+ return 0; -+ s->type = V_ASN1_GENERALIZEDTIME; -+ } -+ return (1); -+ } else -+ return (0); -+} - - ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, -- time_t t) -- { -- char *p; -- struct tm *ts; -- struct tm data; -- size_t len = 20; -- -- if (s == NULL) -- s=M_ASN1_GENERALIZEDTIME_new(); -- if (s == NULL) -- return(NULL); -- -- ts=OPENSSL_gmtime(&t, &data); -- if (ts == NULL) -- return(NULL); -- -- p=(char *)s->data; -- if ((p == NULL) || ((size_t)s->length < len)) -- { -- p=OPENSSL_malloc(len); -- if (p == NULL) -- { -- ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- if (s->data != NULL) -- OPENSSL_free(s->data); -- s->data=(unsigned char *)p; -- } -- -- BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, -- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); -- s->length=strlen(p); -- s->type=V_ASN1_GENERALIZEDTIME; -+ time_t t) -+{ -+ char *p; -+ struct tm *ts; -+ struct tm data; -+ size_t len = 20; -+ -+ if (s == NULL) -+ s = M_ASN1_GENERALIZEDTIME_new(); -+ if (s == NULL) -+ return (NULL); -+ -+ ts = OPENSSL_gmtime(&t, &data); -+ if (ts == NULL) -+ return (NULL); -+ -+ p = (char *)s->data; -+ if ((p == NULL) || ((size_t)s->length < len)) { -+ p = OPENSSL_malloc(len); -+ if (p == NULL) { -+ ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ if (s->data != NULL) -+ OPENSSL_free(s->data); -+ s->data = (unsigned char *)p; -+ } -+ -+ BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, -+ ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, -+ ts->tm_sec); -+ s->length = strlen(p); -+ s->type = V_ASN1_GENERALIZEDTIME; - #ifdef CHARSET_EBCDIC_not -- ebcdic2ascii(s->data, s->data, s->length); -+ ebcdic2ascii(s->data, s->data, s->length); - #endif -- return(s); -- } -+ return (s); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c -index d1c2a7b..e67afdc 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,59 +61,58 @@ - #include - #include - --int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp) -- { -- M_ASN1_I2D_vars(a); -+int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp) -+{ -+ M_ASN1_I2D_vars(a); - -- M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING); -- M_ASN1_I2D_len(a->data, a->meth->i2d); -+ M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING); -+ M_ASN1_I2D_len(a->data, a->meth->i2d); - -- M_ASN1_I2D_seq_total(); -+ M_ASN1_I2D_seq_total(); - -- M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING); -- M_ASN1_I2D_put(a->data, a->meth->i2d); -+ M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING); -+ M_ASN1_I2D_put(a->data, a->meth->i2d); - -- M_ASN1_I2D_finish(); -- } -+ M_ASN1_I2D_finish(); -+} - --ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp, -- long length) -- { -- M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new); -+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp, -+ long length) -+{ -+ M_ASN1_D2I_vars(a, ASN1_HEADER *, ASN1_HEADER_new); - -- M_ASN1_D2I_Init(); -- M_ASN1_D2I_start_sequence(); -- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING); -- if (ret->meth != NULL) -- { -- M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i); -- } -- else -- { -- if (a != NULL) (*a)=ret; -- return(ret); -- } -- M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER); -- } -+ M_ASN1_D2I_Init(); -+ M_ASN1_D2I_start_sequence(); -+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->header, d2i_ASN1_OCTET_STRING); -+ if (ret->meth != NULL) { -+ M_ASN1_D2I_get_x(void, ret->data, ret->meth->d2i); -+ } else { -+ if (a != NULL) -+ (*a) = ret; -+ return (ret); -+ } -+ M_ASN1_D2I_Finish(a, ASN1_HEADER_free, ASN1_F_D2I_ASN1_HEADER); -+} - - ASN1_HEADER *ASN1_HEADER_new(void) -- { -- ASN1_HEADER *ret=NULL; -- ASN1_CTX c; -+{ -+ ASN1_HEADER *ret = NULL; -+ ASN1_CTX c; - -- M_ASN1_New_Malloc(ret,ASN1_HEADER); -- M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new); -- ret->meth=NULL; -- ret->data=NULL; -- return(ret); -- M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW); -- } -+ M_ASN1_New_Malloc(ret, ASN1_HEADER); -+ M_ASN1_New(ret->header, M_ASN1_OCTET_STRING_new); -+ ret->meth = NULL; -+ ret->data = NULL; -+ return (ret); -+ M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW); -+} - --void ASN1_HEADER_free(ASN1_HEADER *a) -- { -- if (a == NULL) return; -- M_ASN1_OCTET_STRING_free(a->header); -- if (a->meth != NULL) -- a->meth->destroy(a->data); -- OPENSSL_free(a); -- } -+void ASN1_HEADER_free(ASN1_HEADER * a) -+{ -+ if (a == NULL) -+ return; -+ M_ASN1_OCTET_STRING_free(a->header); -+ if (a->meth != NULL) -+ a->meth->destroy(a->data); -+ OPENSSL_free(a); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c -index a3ad76d..0f56cd4 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,101 +63,95 @@ - - #ifndef NO_OLD_ASN1 - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) -- { -- BIO *b; -- int ret; -+{ -+ BIO *b; -+ int ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,out,BIO_NOCLOSE); -- ret=ASN1_i2d_bio(i2d,b,x); -- BIO_free(b); -- return(ret); -- } --#endif -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, out, BIO_NOCLOSE); -+ ret = ASN1_i2d_bio(i2d, b, x); -+ BIO_free(b); -+ return (ret); -+} -+# endif - - int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) -- { -- char *b; -- unsigned char *p; -- int i,j=0,n,ret=1; -+{ -+ char *b; -+ unsigned char *p; -+ int i, j = 0, n, ret = 1; -+ -+ n = i2d(x, NULL); -+ b = (char *)OPENSSL_malloc(n); -+ if (b == NULL) { -+ ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } - -- n=i2d(x,NULL); -- b=(char *)OPENSSL_malloc(n); -- if (b == NULL) -- { -- ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); -- return(0); -- } -+ p = (unsigned char *)b; -+ i2d(x, &p); - -- p=(unsigned char *)b; -- i2d(x,&p); -- -- for (;;) -- { -- i=BIO_write(out,&(b[j]),n); -- if (i == n) break; -- if (i <= 0) -- { -- ret=0; -- break; -- } -- j+=i; -- n-=i; -- } -- OPENSSL_free(b); -- return(ret); -- } -+ for (;;) { -+ i = BIO_write(out, &(b[j]), n); -+ if (i == n) -+ break; -+ if (i <= 0) { -+ ret = 0; -+ break; -+ } -+ j += i; -+ n -= i; -+ } -+ OPENSSL_free(b); -+ return (ret); -+} - - #endif - - #ifndef OPENSSL_NO_FP_API - int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) -- { -- BIO *b; -- int ret; -+{ -+ BIO *b; -+ int ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,out,BIO_NOCLOSE); -- ret=ASN1_item_i2d_bio(it,b,x); -- BIO_free(b); -- return(ret); -- } -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, out, BIO_NOCLOSE); -+ ret = ASN1_item_i2d_bio(it, b, x); -+ BIO_free(b); -+ return (ret); -+} - #endif - - int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) -- { -- unsigned char *b = NULL; -- int i,j=0,n,ret=1; -+{ -+ unsigned char *b = NULL; -+ int i, j = 0, n, ret = 1; - -- n = ASN1_item_i2d(x, &b, it); -- if (b == NULL) -- { -- ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE); -- return(0); -- } -+ n = ASN1_item_i2d(x, &b, it); -+ if (b == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } - -- for (;;) -- { -- i=BIO_write(out,&(b[j]),n); -- if (i == n) break; -- if (i <= 0) -- { -- ret=0; -- break; -- } -- j+=i; -- n-=i; -- } -- OPENSSL_free(b); -- return(ret); -- } -+ for (;;) { -+ i = BIO_write(out, &(b[j]), n); -+ if (i == n) -+ break; -+ if (i <= 0) { -+ ret = 0; -+ break; -+ } -+ j += i; -+ n -= i; -+ } -+ OPENSSL_free(b); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c -index ee26c31..b788617 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,45 +62,45 @@ - #include - - ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) --{ return M_ASN1_INTEGER_dup(x);} -+{ -+ return M_ASN1_INTEGER_dup(x); -+} - - int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) -- { -- int neg, ret; -- /* Compare signs */ -- neg = x->type & V_ASN1_NEG; -- if (neg != (y->type & V_ASN1_NEG)) -- { -- if (neg) -- return -1; -- else -- return 1; -- } -- -- ret = ASN1_STRING_cmp(x, y); -- -- if (neg) -- return -ret; -- else -- return ret; -- } -- -- --/* -+{ -+ int neg, ret; -+ /* Compare signs */ -+ neg = x->type & V_ASN1_NEG; -+ if (neg != (y->type & V_ASN1_NEG)) { -+ if (neg) -+ return -1; -+ else -+ return 1; -+ } -+ -+ ret = ASN1_STRING_cmp(x, y); -+ -+ if (neg) -+ return -ret; -+ else -+ return ret; -+} -+ -+/*- - * This converts an ASN1 INTEGER into its content encoding. - * The internal representation is an ASN1_STRING whose data is a big endian - * representation of the value, ignoring the sign. The sign is determined by -- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. -+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. - * - * Positive integers are no problem: they are almost the same as the DER - * encoding, except if the first byte is >= 0x80 we need to add a zero pad. - * - * Negative integers are a bit trickier... - * The DER representation of negative integers is in 2s complement form. -- * The internal form is converted by complementing each octet and finally -+ * The internal form is converted by complementing each octet and finally - * adding one to the result. This can be done less messily with a little trick. - * If the internal form has trailing zeroes then they will become FF by the -- * complement and 0 by the add one (due to carry) so just copy as many trailing -+ * complement and 0 by the add one (due to carry) so just copy as many trailing - * zeros to the destination as there are in the source. The carry will add one - * to the last none zero octet: so complement this octet and add one and finally - * complement any left over until you get to the start of the string. -@@ -112,347 +112,351 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) - */ - - int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) -- { -- int pad=0,ret,i,neg; -- unsigned char *p,*n,pb=0; -- -- if (a == NULL) return(0); -- neg=a->type & V_ASN1_NEG; -- if (a->length == 0) -- ret=1; -- else -- { -- ret=a->length; -- i=a->data[0]; -- if (!neg && (i > 127)) { -- pad=1; -- pb=0; -- } else if(neg) { -- if(i>128) { -- pad=1; -- pb=0xFF; -- } else if(i == 128) { -- /* -- * Special case: if any other bytes non zero we pad: -- * otherwise we don't. -- */ -- for(i = 1; i < a->length; i++) if(a->data[i]) { -- pad=1; -- pb=0xFF; -- break; -- } -- } -- } -- ret+=pad; -- } -- if (pp == NULL) return(ret); -- p= *pp; -- -- if (pad) *(p++)=pb; -- if (a->length == 0) *(p++)=0; -- else if (!neg) memcpy(p,a->data,(unsigned int)a->length); -- else { -- /* Begin at the end of the encoding */ -- n=a->data + a->length - 1; -- p += a->length - 1; -- i = a->length; -- /* Copy zeros to destination as long as source is zero */ -- while(!*n) { -- *(p--) = 0; -- n--; -- i--; -- } -- /* Complement and increment next octet */ -- *(p--) = ((*(n--)) ^ 0xff) + 1; -- i--; -- /* Complement any octets left */ -- for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; -- } -- -- *pp+=ret; -- return(ret); -- } -+{ -+ int pad = 0, ret, i, neg; -+ unsigned char *p, *n, pb = 0; -+ -+ if (a == NULL) -+ return (0); -+ neg = a->type & V_ASN1_NEG; -+ if (a->length == 0) -+ ret = 1; -+ else { -+ ret = a->length; -+ i = a->data[0]; -+ if (!neg && (i > 127)) { -+ pad = 1; -+ pb = 0; -+ } else if (neg) { -+ if (i > 128) { -+ pad = 1; -+ pb = 0xFF; -+ } else if (i == 128) { -+ /* -+ * Special case: if any other bytes non zero we pad: -+ * otherwise we don't. -+ */ -+ for (i = 1; i < a->length; i++) -+ if (a->data[i]) { -+ pad = 1; -+ pb = 0xFF; -+ break; -+ } -+ } -+ } -+ ret += pad; -+ } -+ if (pp == NULL) -+ return (ret); -+ p = *pp; -+ -+ if (pad) -+ *(p++) = pb; -+ if (a->length == 0) -+ *(p++) = 0; -+ else if (!neg) -+ memcpy(p, a->data, (unsigned int)a->length); -+ else { -+ /* Begin at the end of the encoding */ -+ n = a->data + a->length - 1; -+ p += a->length - 1; -+ i = a->length; -+ /* Copy zeros to destination as long as source is zero */ -+ while (!*n) { -+ *(p--) = 0; -+ n--; -+ i--; -+ } -+ /* Complement and increment next octet */ -+ *(p--) = ((*(n--)) ^ 0xff) + 1; -+ i--; -+ /* Complement any octets left */ -+ for (; i > 0; i--) -+ *(p--) = *(n--) ^ 0xff; -+ } -+ -+ *pp += ret; -+ return (ret); -+} - - /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ - - ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, -- long len) -- { -- ASN1_INTEGER *ret=NULL; -- const unsigned char *p, *pend; -- unsigned char *to,*s; -- int i; -- -- if ((a == NULL) || ((*a) == NULL)) -- { -- if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); -- ret->type=V_ASN1_INTEGER; -- } -- else -- ret=(*a); -- -- p= *pp; -- pend = p + len; -- -- /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it -- * signifies a missing NULL parameter. */ -- s=(unsigned char *)OPENSSL_malloc((int)len+1); -- if (s == NULL) -- { -- i=ERR_R_MALLOC_FAILURE; -- goto err; -- } -- to=s; -- if(!len) { -- /* Strictly speaking this is an illegal INTEGER but we -- * tolerate it. -- */ -- ret->type=V_ASN1_INTEGER; -- } else if (*p & 0x80) /* a negative number */ -- { -- ret->type=V_ASN1_NEG_INTEGER; -- if ((*p == 0xff) && (len != 1)) { -- p++; -- len--; -- } -- i = len; -- p += i - 1; -- to += i - 1; -- while((!*p) && i) { -- *(to--) = 0; -- i--; -- p--; -- } -- /* Special case: if all zeros then the number will be of -- * the form FF followed by n zero bytes: this corresponds to -- * 1 followed by n zero bytes. We've already written n zeros -- * so we just append an extra one and set the first byte to -- * a 1. This is treated separately because it is the only case -- * where the number of bytes is larger than len. -- */ -- if(!i) { -- *s = 1; -- s[len] = 0; -- len++; -- } else { -- *(to--) = (*(p--) ^ 0xff) + 1; -- i--; -- for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; -- } -- } else { -- ret->type=V_ASN1_INTEGER; -- if ((*p == 0) && (len != 1)) -- { -- p++; -- len--; -- } -- memcpy(s,p,(int)len); -- } -- -- if (ret->data != NULL) OPENSSL_free(ret->data); -- ret->data=s; -- ret->length=(int)len; -- if (a != NULL) (*a)=ret; -- *pp=pend; -- return(ret); --err: -- ASN1err(ASN1_F_C2I_ASN1_INTEGER,i); -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- M_ASN1_INTEGER_free(ret); -- return(NULL); -- } -- -- --/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of -- * ASN1 integers: some broken software can encode a positive INTEGER -- * with its MSB set as negative (it doesn't add a padding zero). -+ long len) -+{ -+ ASN1_INTEGER *ret = NULL; -+ const unsigned char *p, *pend; -+ unsigned char *to, *s; -+ int i; -+ -+ if ((a == NULL) || ((*a) == NULL)) { -+ if ((ret = M_ASN1_INTEGER_new()) == NULL) -+ return (NULL); -+ ret->type = V_ASN1_INTEGER; -+ } else -+ ret = (*a); -+ -+ p = *pp; -+ pend = p + len; -+ -+ /* -+ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies -+ * a missing NULL parameter. -+ */ -+ s = (unsigned char *)OPENSSL_malloc((int)len + 1); -+ if (s == NULL) { -+ i = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ to = s; -+ if (!len) { -+ /* -+ * Strictly speaking this is an illegal INTEGER but we tolerate it. -+ */ -+ ret->type = V_ASN1_INTEGER; -+ } else if (*p & 0x80) { /* a negative number */ -+ ret->type = V_ASN1_NEG_INTEGER; -+ if ((*p == 0xff) && (len != 1)) { -+ p++; -+ len--; -+ } -+ i = len; -+ p += i - 1; -+ to += i - 1; -+ while ((!*p) && i) { -+ *(to--) = 0; -+ i--; -+ p--; -+ } -+ /* -+ * Special case: if all zeros then the number will be of the form FF -+ * followed by n zero bytes: this corresponds to 1 followed by n zero -+ * bytes. We've already written n zeros so we just append an extra -+ * one and set the first byte to a 1. This is treated separately -+ * because it is the only case where the number of bytes is larger -+ * than len. -+ */ -+ if (!i) { -+ *s = 1; -+ s[len] = 0; -+ len++; -+ } else { -+ *(to--) = (*(p--) ^ 0xff) + 1; -+ i--; -+ for (; i > 0; i--) -+ *(to--) = *(p--) ^ 0xff; -+ } -+ } else { -+ ret->type = V_ASN1_INTEGER; -+ if ((*p == 0) && (len != 1)) { -+ p++; -+ len--; -+ } -+ memcpy(s, p, (int)len); -+ } -+ -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ ret->data = s; -+ ret->length = (int)len; -+ if (a != NULL) -+ (*a) = ret; -+ *pp = pend; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_INTEGER_free(ret); -+ return (NULL); -+} -+ -+/* -+ * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1 -+ * integers: some broken software can encode a positive INTEGER with its MSB -+ * set as negative (it doesn't add a padding zero). - */ - - ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, -- long length) -- { -- ASN1_INTEGER *ret=NULL; -- const unsigned char *p; -- unsigned char *s; -- long len; -- int inf,tag,xclass; -- int i; -- -- if ((a == NULL) || ((*a) == NULL)) -- { -- if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); -- ret->type=V_ASN1_INTEGER; -- } -- else -- ret=(*a); -- -- p= *pp; -- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); -- if (inf & 0x80) -- { -- i=ASN1_R_BAD_OBJECT_HEADER; -- goto err; -- } -- -- if (tag != V_ASN1_INTEGER) -- { -- i=ASN1_R_EXPECTING_AN_INTEGER; -- goto err; -- } -- -- /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it -- * signifies a missing NULL parameter. */ -- s=(unsigned char *)OPENSSL_malloc((int)len+1); -- if (s == NULL) -- { -- i=ERR_R_MALLOC_FAILURE; -- goto err; -- } -- ret->type=V_ASN1_INTEGER; -- if(len) { -- if ((*p == 0) && (len != 1)) -- { -- p++; -- len--; -- } -- memcpy(s,p,(int)len); -- p+=len; -- } -- -- if (ret->data != NULL) OPENSSL_free(ret->data); -- ret->data=s; -- ret->length=(int)len; -- if (a != NULL) (*a)=ret; -- *pp=p; -- return(ret); --err: -- ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- M_ASN1_INTEGER_free(ret); -- return(NULL); -- } -+ long length) -+{ -+ ASN1_INTEGER *ret = NULL; -+ const unsigned char *p; -+ unsigned char *s; -+ long len; -+ int inf, tag, xclass; -+ int i; -+ -+ if ((a == NULL) || ((*a) == NULL)) { -+ if ((ret = M_ASN1_INTEGER_new()) == NULL) -+ return (NULL); -+ ret->type = V_ASN1_INTEGER; -+ } else -+ ret = (*a); -+ -+ p = *pp; -+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); -+ if (inf & 0x80) { -+ i = ASN1_R_BAD_OBJECT_HEADER; -+ goto err; -+ } -+ -+ if (tag != V_ASN1_INTEGER) { -+ i = ASN1_R_EXPECTING_AN_INTEGER; -+ goto err; -+ } -+ -+ /* -+ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies -+ * a missing NULL parameter. -+ */ -+ s = (unsigned char *)OPENSSL_malloc((int)len + 1); -+ if (s == NULL) { -+ i = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ ret->type = V_ASN1_INTEGER; -+ if (len) { -+ if ((*p == 0) && (len != 1)) { -+ p++; -+ len--; -+ } -+ memcpy(s, p, (int)len); -+ p += len; -+ } -+ -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ ret->data = s; -+ ret->length = (int)len; -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_INTEGER_free(ret); -+ return (NULL); -+} - - int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) -- { -- int j,k; -- unsigned int i; -- unsigned char buf[sizeof(long)+1]; -- long d; -- -- a->type=V_ASN1_INTEGER; -- if (a->length < (int)(sizeof(long)+1)) -- { -- if (a->data != NULL) -- OPENSSL_free(a->data); -- if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) -- memset((char *)a->data,0,sizeof(long)+1); -- } -- if (a->data == NULL) -- { -- ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- d=v; -- if (d < 0) -- { -- d= -d; -- a->type=V_ASN1_NEG_INTEGER; -- } -- -- for (i=0; i>=8; -- } -- j=0; -- for (k=i-1; k >=0; k--) -- a->data[j++]=buf[k]; -- a->length=j; -- return(1); -- } -+{ -+ int j, k; -+ unsigned int i; -+ unsigned char buf[sizeof(long) + 1]; -+ long d; -+ -+ a->type = V_ASN1_INTEGER; -+ if (a->length < (int)(sizeof(long) + 1)) { -+ if (a->data != NULL) -+ OPENSSL_free(a->data); -+ if ((a->data = -+ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) -+ memset((char *)a->data, 0, sizeof(long) + 1); -+ } -+ if (a->data == NULL) { -+ ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ d = v; -+ if (d < 0) { -+ d = -d; -+ a->type = V_ASN1_NEG_INTEGER; -+ } -+ -+ for (i = 0; i < sizeof(long); i++) { -+ if (d == 0) -+ break; -+ buf[i] = (int)d & 0xff; -+ d >>= 8; -+ } -+ j = 0; -+ for (k = i - 1; k >= 0; k--) -+ a->data[j++] = buf[k]; -+ a->length = j; -+ return (1); -+} - - long ASN1_INTEGER_get(ASN1_INTEGER *a) -- { -- int neg=0,i; -- long r=0; -- -- if (a == NULL) return(0L); -- i=a->type; -- if (i == V_ASN1_NEG_INTEGER) -- neg=1; -- else if (i != V_ASN1_INTEGER) -- return -1; -- -- if (a->length > (int)sizeof(long)) -- { -- /* hmm... a bit ugly */ -- return(0xffffffffL); -- } -- if (a->data == NULL) -- return 0; -- -- for (i=0; ilength; i++) -- { -- r<<=8; -- r|=(unsigned char)a->data[i]; -- } -- if (neg) r= -r; -- return(r); -- } -+{ -+ int neg = 0, i; -+ long r = 0; -+ -+ if (a == NULL) -+ return (0L); -+ i = a->type; -+ if (i == V_ASN1_NEG_INTEGER) -+ neg = 1; -+ else if (i != V_ASN1_INTEGER) -+ return -1; -+ -+ if (a->length > (int)sizeof(long)) { -+ /* hmm... a bit ugly */ -+ return (0xffffffffL); -+ } -+ if (a->data == NULL) -+ return 0; -+ -+ for (i = 0; i < a->length; i++) { -+ r <<= 8; -+ r |= (unsigned char)a->data[i]; -+ } -+ if (neg) -+ r = -r; -+ return (r); -+} - - ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) -- { -- ASN1_INTEGER *ret; -- int len,j; -- -- if (ai == NULL) -- ret=M_ASN1_INTEGER_new(); -- else -- ret=ai; -- if (ret == NULL) -- { -- ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- if (BN_is_negative(bn)) -- ret->type = V_ASN1_NEG_INTEGER; -- else ret->type=V_ASN1_INTEGER; -- j=BN_num_bits(bn); -- len=((j == 0)?0:((j/8)+1)); -- if (ret->length < len+4) -- { -- unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); -- if (!new_data) -- { -- ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ret->data=new_data; -- } -- ret->length=BN_bn2bin(bn,ret->data); -- /* Correct zero case */ -- if(!ret->length) -- { -- ret->data[0] = 0; -- ret->length = 1; -- } -- return(ret); --err: -- if (ret != ai) M_ASN1_INTEGER_free(ret); -- return(NULL); -- } -+{ -+ ASN1_INTEGER *ret; -+ int len, j; -+ -+ if (ai == NULL) -+ ret = M_ASN1_INTEGER_new(); -+ else -+ ret = ai; -+ if (ret == NULL) { -+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ if (BN_is_negative(bn)) -+ ret->type = V_ASN1_NEG_INTEGER; -+ else -+ ret->type = V_ASN1_INTEGER; -+ j = BN_num_bits(bn); -+ len = ((j == 0) ? 0 : ((j / 8) + 1)); -+ if (ret->length < len + 4) { -+ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); -+ if (!new_data) { -+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ret->data = new_data; -+ } -+ ret->length = BN_bn2bin(bn, ret->data); -+ /* Correct zero case */ -+ if (!ret->length) { -+ ret->data[0] = 0; -+ ret->length = 1; -+ } -+ return (ret); -+ err: -+ if (ret != ai) -+ M_ASN1_INTEGER_free(ret); -+ return (NULL); -+} - - BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) -- { -- BIGNUM *ret; -+{ -+ BIGNUM *ret; - -- if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) -- ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); -- else if(ai->type == V_ASN1_NEG_INTEGER) -- BN_set_negative(ret, 1); -- return(ret); -- } -+ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) -+ ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB); -+ else if (ai->type == V_ASN1_NEG_INTEGER) -+ BN_set_negative(ret, 1); -+ return (ret); -+} - - IMPLEMENT_STACK_OF(ASN1_INTEGER) -+ - IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c -index 1538e0a..6935efe 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c -@@ -1,6 +1,7 @@ - /* a_mbstr.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,7 +63,8 @@ - #include - - static int traverse_string(const unsigned char *p, int len, int inform, -- int (*rfunc)(unsigned long value, void *in), void *arg); -+ int (*rfunc) (unsigned long value, void *in), -+ void *arg); - static int in_utf8(unsigned long value, void *arg); - static int out_utf8(unsigned long value, void *arg); - static int type_str(unsigned long value, void *arg); -@@ -72,212 +74,221 @@ static int cpy_univ(unsigned long value, void *arg); - static int cpy_utf8(unsigned long value, void *arg); - static int is_printable(unsigned long value); - --/* These functions take a string in UTF8, ASCII or multibyte form and -- * a mask of permissible ASN1 string types. It then works out the minimal -- * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) -- * and creates a string of the correct type with the supplied data. -- * Yes this is horrible: it has to be :-( -- * The 'ncopy' form checks minimum and maximum size limits too. -+/* -+ * These functions take a string in UTF8, ASCII or multibyte form and a mask -+ * of permissible ASN1 string types. It then works out the minimal type -+ * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and -+ * creates a string of the correct type with the supplied data. Yes this is -+ * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum -+ * size limits too. - */ - - int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, -- int inform, unsigned long mask) -+ int inform, unsigned long mask) - { -- return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); -+ return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); - } - - int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, -- int inform, unsigned long mask, -- long minsize, long maxsize) -+ int inform, unsigned long mask, -+ long minsize, long maxsize) - { -- int str_type; -- int ret; -- char free_out; -- int outform, outlen = 0; -- ASN1_STRING *dest; -- unsigned char *p; -- int nchar; -- char strbuf[32]; -- int (*cpyfunc)(unsigned long,void *) = NULL; -- if(len == -1) len = strlen((const char *)in); -- if(!mask) mask = DIRSTRING_TYPE; -- -- /* First do a string check and work out the number of characters */ -- switch(inform) { -- -- case MBSTRING_BMP: -- if(len & 1) { -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, -- ASN1_R_INVALID_BMPSTRING_LENGTH); -- return -1; -- } -- nchar = len >> 1; -- break; -- -- case MBSTRING_UNIV: -- if(len & 3) { -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, -- ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); -- return -1; -- } -- nchar = len >> 2; -- break; -- -- case MBSTRING_UTF8: -- nchar = 0; -- /* This counts the characters and does utf8 syntax checking */ -- ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); -- if(ret < 0) { -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, -- ASN1_R_INVALID_UTF8STRING); -- return -1; -- } -- break; -- -- case MBSTRING_ASC: -- nchar = len; -- break; -- -- default: -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); -- return -1; -- } -- -- if((minsize > 0) && (nchar < minsize)) { -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); -- BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); -- ERR_add_error_data(2, "minsize=", strbuf); -- return -1; -- } -- -- if((maxsize > 0) && (nchar > maxsize)) { -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); -- BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); -- ERR_add_error_data(2, "maxsize=", strbuf); -- return -1; -- } -- -- /* Now work out minimal type (if any) */ -- if(traverse_string(in, len, inform, type_str, &mask) < 0) { -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); -- return -1; -- } -- -- -- /* Now work out output format and string type */ -- outform = MBSTRING_ASC; -- if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING; -- else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING; -- else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING; -- else if(mask & B_ASN1_BMPSTRING) { -- str_type = V_ASN1_BMPSTRING; -- outform = MBSTRING_BMP; -- } else if(mask & B_ASN1_UNIVERSALSTRING) { -- str_type = V_ASN1_UNIVERSALSTRING; -- outform = MBSTRING_UNIV; -- } else { -- str_type = V_ASN1_UTF8STRING; -- outform = MBSTRING_UTF8; -- } -- if(!out) return str_type; -- if(*out) { -- free_out = 0; -- dest = *out; -- if(dest->data) { -- dest->length = 0; -- OPENSSL_free(dest->data); -- dest->data = NULL; -- } -- dest->type = str_type; -- } else { -- free_out = 1; -- dest = ASN1_STRING_type_new(str_type); -- if(!dest) { -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, -- ERR_R_MALLOC_FAILURE); -- return -1; -- } -- *out = dest; -- } -- /* If both the same type just copy across */ -- if(inform == outform) { -- if(!ASN1_STRING_set(dest, in, len)) { -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); -- return -1; -- } -- return str_type; -- } -- -- /* Work out how much space the destination will need */ -- switch(outform) { -- case MBSTRING_ASC: -- outlen = nchar; -- cpyfunc = cpy_asc; -- break; -- -- case MBSTRING_BMP: -- outlen = nchar << 1; -- cpyfunc = cpy_bmp; -- break; -- -- case MBSTRING_UNIV: -- outlen = nchar << 2; -- cpyfunc = cpy_univ; -- break; -- -- case MBSTRING_UTF8: -- outlen = 0; -- traverse_string(in, len, inform, out_utf8, &outlen); -- cpyfunc = cpy_utf8; -- break; -- } -- if(!(p = OPENSSL_malloc(outlen + 1))) { -- if(free_out) ASN1_STRING_free(dest); -- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); -- return -1; -- } -- dest->length = outlen; -- dest->data = p; -- p[outlen] = 0; -- traverse_string(in, len, inform, cpyfunc, &p); -- return str_type; -+ int str_type; -+ int ret; -+ char free_out; -+ int outform, outlen = 0; -+ ASN1_STRING *dest; -+ unsigned char *p; -+ int nchar; -+ char strbuf[32]; -+ int (*cpyfunc) (unsigned long, void *) = NULL; -+ if (len == -1) -+ len = strlen((const char *)in); -+ if (!mask) -+ mask = DIRSTRING_TYPE; -+ -+ /* First do a string check and work out the number of characters */ -+ switch (inform) { -+ -+ case MBSTRING_BMP: -+ if (len & 1) { -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, -+ ASN1_R_INVALID_BMPSTRING_LENGTH); -+ return -1; -+ } -+ nchar = len >> 1; -+ break; -+ -+ case MBSTRING_UNIV: -+ if (len & 3) { -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, -+ ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); -+ return -1; -+ } -+ nchar = len >> 2; -+ break; -+ -+ case MBSTRING_UTF8: -+ nchar = 0; -+ /* This counts the characters and does utf8 syntax checking */ -+ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); -+ if (ret < 0) { -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING); -+ return -1; -+ } -+ break; -+ -+ case MBSTRING_ASC: -+ nchar = len; -+ break; -+ -+ default: -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); -+ return -1; -+ } -+ -+ if ((minsize > 0) && (nchar < minsize)) { -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); -+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); -+ ERR_add_error_data(2, "minsize=", strbuf); -+ return -1; -+ } -+ -+ if ((maxsize > 0) && (nchar > maxsize)) { -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); -+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); -+ ERR_add_error_data(2, "maxsize=", strbuf); -+ return -1; -+ } -+ -+ /* Now work out minimal type (if any) */ -+ if (traverse_string(in, len, inform, type_str, &mask) < 0) { -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); -+ return -1; -+ } -+ -+ /* Now work out output format and string type */ -+ outform = MBSTRING_ASC; -+ if (mask & B_ASN1_PRINTABLESTRING) -+ str_type = V_ASN1_PRINTABLESTRING; -+ else if (mask & B_ASN1_IA5STRING) -+ str_type = V_ASN1_IA5STRING; -+ else if (mask & B_ASN1_T61STRING) -+ str_type = V_ASN1_T61STRING; -+ else if (mask & B_ASN1_BMPSTRING) { -+ str_type = V_ASN1_BMPSTRING; -+ outform = MBSTRING_BMP; -+ } else if (mask & B_ASN1_UNIVERSALSTRING) { -+ str_type = V_ASN1_UNIVERSALSTRING; -+ outform = MBSTRING_UNIV; -+ } else { -+ str_type = V_ASN1_UTF8STRING; -+ outform = MBSTRING_UTF8; -+ } -+ if (!out) -+ return str_type; -+ if (*out) { -+ free_out = 0; -+ dest = *out; -+ if (dest->data) { -+ dest->length = 0; -+ OPENSSL_free(dest->data); -+ dest->data = NULL; -+ } -+ dest->type = str_type; -+ } else { -+ free_out = 1; -+ dest = ASN1_STRING_type_new(str_type); -+ if (!dest) { -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ *out = dest; -+ } -+ /* If both the same type just copy across */ -+ if (inform == outform) { -+ if (!ASN1_STRING_set(dest, in, len)) { -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ return str_type; -+ } -+ -+ /* Work out how much space the destination will need */ -+ switch (outform) { -+ case MBSTRING_ASC: -+ outlen = nchar; -+ cpyfunc = cpy_asc; -+ break; -+ -+ case MBSTRING_BMP: -+ outlen = nchar << 1; -+ cpyfunc = cpy_bmp; -+ break; -+ -+ case MBSTRING_UNIV: -+ outlen = nchar << 2; -+ cpyfunc = cpy_univ; -+ break; -+ -+ case MBSTRING_UTF8: -+ outlen = 0; -+ traverse_string(in, len, inform, out_utf8, &outlen); -+ cpyfunc = cpy_utf8; -+ break; -+ } -+ if (!(p = OPENSSL_malloc(outlen + 1))) { -+ if (free_out) -+ ASN1_STRING_free(dest); -+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ dest->length = outlen; -+ dest->data = p; -+ p[outlen] = 0; -+ traverse_string(in, len, inform, cpyfunc, &p); -+ return str_type; - } - --/* This function traverses a string and passes the value of each character -- * to an optional function along with a void * argument. -+/* -+ * This function traverses a string and passes the value of each character to -+ * an optional function along with a void * argument. - */ - - static int traverse_string(const unsigned char *p, int len, int inform, -- int (*rfunc)(unsigned long value, void *in), void *arg) -+ int (*rfunc) (unsigned long value, void *in), -+ void *arg) - { -- unsigned long value; -- int ret; -- while(len) { -- if(inform == MBSTRING_ASC) { -- value = *p++; -- len--; -- } else if(inform == MBSTRING_BMP) { -- value = *p++ << 8; -- value |= *p++; -- len -= 2; -- } else if(inform == MBSTRING_UNIV) { -- value = ((unsigned long)*p++) << 24; -- value |= ((unsigned long)*p++) << 16; -- value |= *p++ << 8; -- value |= *p++; -- len -= 4; -- } else { -- ret = UTF8_getc(p, len, &value); -- if(ret < 0) return -1; -- len -= ret; -- p += ret; -- } -- if(rfunc) { -- ret = rfunc(value, arg); -- if(ret <= 0) return ret; -- } -- } -- return 1; -+ unsigned long value; -+ int ret; -+ while (len) { -+ if (inform == MBSTRING_ASC) { -+ value = *p++; -+ len--; -+ } else if (inform == MBSTRING_BMP) { -+ value = *p++ << 8; -+ value |= *p++; -+ len -= 2; -+ } else if (inform == MBSTRING_UNIV) { -+ value = ((unsigned long)*p++) << 24; -+ value |= ((unsigned long)*p++) << 16; -+ value |= *p++ << 8; -+ value |= *p++; -+ len -= 4; -+ } else { -+ ret = UTF8_getc(p, len, &value); -+ if (ret < 0) -+ return -1; -+ len -= ret; -+ p += ret; -+ } -+ if (rfunc) { -+ ret = rfunc(value, arg); -+ if (ret <= 0) -+ return ret; -+ } -+ } -+ return 1; - } - - /* Various utility functions for traverse_string */ -@@ -286,115 +297,127 @@ static int traverse_string(const unsigned char *p, int len, int inform, - - static int in_utf8(unsigned long value, void *arg) - { -- int *nchar; -- nchar = arg; -- (*nchar)++; -- return 1; -+ int *nchar; -+ nchar = arg; -+ (*nchar)++; -+ return 1; - } - - /* Determine size of output as a UTF8 String */ - - static int out_utf8(unsigned long value, void *arg) - { -- int *outlen; -- outlen = arg; -- *outlen += UTF8_putc(NULL, -1, value); -- return 1; -+ int *outlen; -+ outlen = arg; -+ *outlen += UTF8_putc(NULL, -1, value); -+ return 1; - } - --/* Determine the "type" of a string: check each character against a -- * supplied "mask". -+/* -+ * Determine the "type" of a string: check each character against a supplied -+ * "mask". - */ - - static int type_str(unsigned long value, void *arg) - { -- unsigned long types; -- types = *((unsigned long *)arg); -- if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) -- types &= ~B_ASN1_PRINTABLESTRING; -- if((types & B_ASN1_IA5STRING) && (value > 127)) -- types &= ~B_ASN1_IA5STRING; -- if((types & B_ASN1_T61STRING) && (value > 0xff)) -- types &= ~B_ASN1_T61STRING; -- if((types & B_ASN1_BMPSTRING) && (value > 0xffff)) -- types &= ~B_ASN1_BMPSTRING; -- if(!types) return -1; -- *((unsigned long *)arg) = types; -- return 1; -+ unsigned long types; -+ types = *((unsigned long *)arg); -+ if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) -+ types &= ~B_ASN1_PRINTABLESTRING; -+ if ((types & B_ASN1_IA5STRING) && (value > 127)) -+ types &= ~B_ASN1_IA5STRING; -+ if ((types & B_ASN1_T61STRING) && (value > 0xff)) -+ types &= ~B_ASN1_T61STRING; -+ if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) -+ types &= ~B_ASN1_BMPSTRING; -+ if (!types) -+ return -1; -+ *((unsigned long *)arg) = types; -+ return 1; - } - - /* Copy one byte per character ASCII like strings */ - - static int cpy_asc(unsigned long value, void *arg) - { -- unsigned char **p, *q; -- p = arg; -- q = *p; -- *q = (unsigned char) value; -- (*p)++; -- return 1; -+ unsigned char **p, *q; -+ p = arg; -+ q = *p; -+ *q = (unsigned char)value; -+ (*p)++; -+ return 1; - } - - /* Copy two byte per character BMPStrings */ - - static int cpy_bmp(unsigned long value, void *arg) - { -- unsigned char **p, *q; -- p = arg; -- q = *p; -- *q++ = (unsigned char) ((value >> 8) & 0xff); -- *q = (unsigned char) (value & 0xff); -- *p += 2; -- return 1; -+ unsigned char **p, *q; -+ p = arg; -+ q = *p; -+ *q++ = (unsigned char)((value >> 8) & 0xff); -+ *q = (unsigned char)(value & 0xff); -+ *p += 2; -+ return 1; - } - - /* Copy four byte per character UniversalStrings */ - - static int cpy_univ(unsigned long value, void *arg) - { -- unsigned char **p, *q; -- p = arg; -- q = *p; -- *q++ = (unsigned char) ((value >> 24) & 0xff); -- *q++ = (unsigned char) ((value >> 16) & 0xff); -- *q++ = (unsigned char) ((value >> 8) & 0xff); -- *q = (unsigned char) (value & 0xff); -- *p += 4; -- return 1; -+ unsigned char **p, *q; -+ p = arg; -+ q = *p; -+ *q++ = (unsigned char)((value >> 24) & 0xff); -+ *q++ = (unsigned char)((value >> 16) & 0xff); -+ *q++ = (unsigned char)((value >> 8) & 0xff); -+ *q = (unsigned char)(value & 0xff); -+ *p += 4; -+ return 1; - } - - /* Copy to a UTF8String */ - - static int cpy_utf8(unsigned long value, void *arg) - { -- unsigned char **p; -- int ret; -- p = arg; -- /* We already know there is enough room so pass 0xff as the length */ -- ret = UTF8_putc(*p, 0xff, value); -- *p += ret; -- return 1; -+ unsigned char **p; -+ int ret; -+ p = arg; -+ /* We already know there is enough room so pass 0xff as the length */ -+ ret = UTF8_putc(*p, 0xff, value); -+ *p += ret; -+ return 1; - } - - /* Return 1 if the character is permitted in a PrintableString */ - static int is_printable(unsigned long value) - { -- int ch; -- if(value > 0x7f) return 0; -- ch = (int) value; -- /* Note: we can't use 'isalnum' because certain accented -- * characters may count as alphanumeric in some environments. -- */ -+ int ch; -+ if (value > 0x7f) -+ return 0; -+ ch = (int)value; -+ /* -+ * Note: we can't use 'isalnum' because certain accented characters may -+ * count as alphanumeric in some environments. -+ */ - #ifndef CHARSET_EBCDIC -- if((ch >= 'a') && (ch <= 'z')) return 1; -- if((ch >= 'A') && (ch <= 'Z')) return 1; -- if((ch >= '0') && (ch <= '9')) return 1; -- if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; --#else /*CHARSET_EBCDIC*/ -- if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1; -- if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1; -- if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1; -- if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1; --#endif /*CHARSET_EBCDIC*/ -- return 0; -+ if ((ch >= 'a') && (ch <= 'z')) -+ return 1; -+ if ((ch >= 'A') && (ch <= 'Z')) -+ return 1; -+ if ((ch >= '0') && (ch <= '9')) -+ return 1; -+ if ((ch == ' ') || strchr("'()+,-./:=?", ch)) -+ return 1; -+#else /* CHARSET_EBCDIC */ -+ if ((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) -+ return 1; -+ if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) -+ return 1; -+ if ((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) -+ return 1; -+ if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) -+ return 1; -+#endif /* CHARSET_EBCDIC */ -+ return 0; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c -index 50bea91..9c5efab 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,24 +61,26 @@ - #include - #include - --static ASN1_METHOD ia5string_meth={ -- (I2D_OF(void)) i2d_ASN1_IA5STRING, -- (D2I_OF(void)) d2i_ASN1_IA5STRING, -- (void *(*)(void))ASN1_STRING_new, -- (void (*)(void *))ASN1_STRING_free}; -+static ASN1_METHOD ia5string_meth = { -+ (I2D_OF(void)) i2d_ASN1_IA5STRING, -+ (D2I_OF(void)) d2i_ASN1_IA5STRING, -+ (void *(*)(void))ASN1_STRING_new, -+ (void (*)(void *))ASN1_STRING_free -+}; - --static ASN1_METHOD bit_string_meth={ -- (I2D_OF(void)) i2d_ASN1_BIT_STRING, -- (D2I_OF(void)) d2i_ASN1_BIT_STRING, -- (void *(*)(void))ASN1_STRING_new, -- (void (*)(void *))ASN1_STRING_free}; -+static ASN1_METHOD bit_string_meth = { -+ (I2D_OF(void)) i2d_ASN1_BIT_STRING, -+ (D2I_OF(void)) d2i_ASN1_BIT_STRING, -+ (void *(*)(void))ASN1_STRING_new, -+ (void (*)(void *))ASN1_STRING_free -+}; - - ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void) -- { -- return(&ia5string_meth); -- } -+{ -+ return (&ia5string_meth); -+} - - ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void) -- { -- return(&bit_string_meth); -- } -+{ -+ return (&bit_string_meth); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c -index e50501a..aa1847c 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,345 +65,332 @@ - #include - - int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) -- { -- unsigned char *p; -- int objsize; -+{ -+ unsigned char *p; -+ int objsize; - -- if ((a == NULL) || (a->data == NULL)) return(0); -+ if ((a == NULL) || (a->data == NULL)) -+ return (0); - -- objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT); -- if (pp == NULL) return objsize; -+ objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); -+ if (pp == NULL) -+ return objsize; - -- p= *pp; -- ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); -- memcpy(p,a->data,a->length); -- p+=a->length; -+ p = *pp; -+ ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); -+ memcpy(p, a->data, a->length); -+ p += a->length; - -- *pp=p; -- return(objsize); -- } -+ *pp = p; -+ return (objsize); -+} - - int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) -- { -- int i,first,len=0,c, use_bn; -- char ftmp[24], *tmp = ftmp; -- int tmpsize = sizeof ftmp; -- const char *p; -- unsigned long l; -- BIGNUM *bl = NULL; -+{ -+ int i, first, len = 0, c, use_bn; -+ char ftmp[24], *tmp = ftmp; -+ int tmpsize = sizeof ftmp; -+ const char *p; -+ unsigned long l; -+ BIGNUM *bl = NULL; - -- if (num == 0) -- return(0); -- else if (num == -1) -- num=strlen(buf); -+ if (num == 0) -+ return (0); -+ else if (num == -1) -+ num = strlen(buf); - -- p=buf; -- c= *(p++); -- num--; -- if ((c >= '0') && (c <= '2')) -- { -- first= c-'0'; -- } -- else -- { -- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE); -- goto err; -- } -+ p = buf; -+ c = *(p++); -+ num--; -+ if ((c >= '0') && (c <= '2')) { -+ first = c - '0'; -+ } else { -+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE); -+ goto err; -+ } - -- if (num <= 0) -- { -- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER); -- goto err; -- } -- c= *(p++); -- num--; -- for (;;) -- { -- if (num <= 0) break; -- if ((c != '.') && (c != ' ')) -- { -- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR); -- goto err; -- } -- l=0; -- use_bn = 0; -- for (;;) -- { -- if (num <= 0) break; -- num--; -- c= *(p++); -- if ((c == ' ') || (c == '.')) -- break; -- if ((c < '0') || (c > '9')) -- { -- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); -- goto err; -- } -- if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) -- { -- use_bn = 1; -- if (!bl) -- bl = BN_new(); -- if (!bl || !BN_set_word(bl, l)) -- goto err; -- } -- if (use_bn) -- { -- if (!BN_mul_word(bl, 10L) -- || !BN_add_word(bl, c-'0')) -- goto err; -- } -- else -- l=l*10L+(long)(c-'0'); -- } -- if (len == 0) -- { -- if ((first < 2) && (l >= 40)) -- { -- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); -- goto err; -- } -- if (use_bn) -- { -- if (!BN_add_word(bl, first * 40)) -- goto err; -- } -- else -- l+=(long)first*40; -- } -- i=0; -- if (use_bn) -- { -- int blsize; -- blsize = BN_num_bits(bl); -- blsize = (blsize + 6)/7; -- if (blsize > tmpsize) -- { -- if (tmp != ftmp) -- OPENSSL_free(tmp); -- tmpsize = blsize + 32; -- tmp = OPENSSL_malloc(tmpsize); -- if (!tmp) -- goto err; -- } -- while(blsize--) -- tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); -- } -- else -- { -- -- for (;;) -- { -- tmp[i++]=(unsigned char)l&0x7f; -- l>>=7L; -- if (l == 0L) break; -- } -+ if (num <= 0) { -+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER); -+ goto err; -+ } -+ c = *(p++); -+ num--; -+ for (;;) { -+ if (num <= 0) -+ break; -+ if ((c != '.') && (c != ' ')) { -+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR); -+ goto err; -+ } -+ l = 0; -+ use_bn = 0; -+ for (;;) { -+ if (num <= 0) -+ break; -+ num--; -+ c = *(p++); -+ if ((c == ' ') || (c == '.')) -+ break; -+ if ((c < '0') || (c > '9')) { -+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT); -+ goto err; -+ } -+ if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { -+ use_bn = 1; -+ if (!bl) -+ bl = BN_new(); -+ if (!bl || !BN_set_word(bl, l)) -+ goto err; -+ } -+ if (use_bn) { -+ if (!BN_mul_word(bl, 10L) -+ || !BN_add_word(bl, c - '0')) -+ goto err; -+ } else -+ l = l * 10L + (long)(c - '0'); -+ } -+ if (len == 0) { -+ if ((first < 2) && (l >= 40)) { -+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, -+ ASN1_R_SECOND_NUMBER_TOO_LARGE); -+ goto err; -+ } -+ if (use_bn) { -+ if (!BN_add_word(bl, first * 40)) -+ goto err; -+ } else -+ l += (long)first *40; -+ } -+ i = 0; -+ if (use_bn) { -+ int blsize; -+ blsize = BN_num_bits(bl); -+ blsize = (blsize + 6) / 7; -+ if (blsize > tmpsize) { -+ if (tmp != ftmp) -+ OPENSSL_free(tmp); -+ tmpsize = blsize + 32; -+ tmp = OPENSSL_malloc(tmpsize); -+ if (!tmp) -+ goto err; -+ } -+ while (blsize--) -+ tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); -+ } else { - -- } -- if (out != NULL) -- { -- if (len+i > olen) -- { -- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL); -- goto err; -- } -- while (--i > 0) -- out[len++]=tmp[i]|0x80; -- out[len++]=tmp[0]; -- } -- else -- len+=i; -- } -- if (tmp != ftmp) -- OPENSSL_free(tmp); -- if (bl) -- BN_free(bl); -- return(len); --err: -- if (tmp != ftmp) -- OPENSSL_free(tmp); -- if (bl) -- BN_free(bl); -- return(0); -- } -+ for (;;) { -+ tmp[i++] = (unsigned char)l & 0x7f; -+ l >>= 7L; -+ if (l == 0L) -+ break; -+ } -+ -+ } -+ if (out != NULL) { -+ if (len + i > olen) { -+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL); -+ goto err; -+ } -+ while (--i > 0) -+ out[len++] = tmp[i] | 0x80; -+ out[len++] = tmp[0]; -+ } else -+ len += i; -+ } -+ if (tmp != ftmp) -+ OPENSSL_free(tmp); -+ if (bl) -+ BN_free(bl); -+ return (len); -+ err: -+ if (tmp != ftmp) -+ OPENSSL_free(tmp); -+ if (bl) -+ BN_free(bl); -+ return (0); -+} - - int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) - { -- return OBJ_obj2txt(buf, buf_len, a, 0); -+ return OBJ_obj2txt(buf, buf_len, a, 0); - } - - int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) -- { -- char buf[80], *p = buf; -- int i; -+{ -+ char buf[80], *p = buf; -+ int i; - -- if ((a == NULL) || (a->data == NULL)) -- return(BIO_write(bp,"NULL",4)); -- i=i2t_ASN1_OBJECT(buf,sizeof buf,a); -- if (i > (int)(sizeof(buf) - 1)) -- { -- p = OPENSSL_malloc(i + 1); -- if (!p) -- return -1; -- i2t_ASN1_OBJECT(p,i + 1,a); -- } -- if (i <= 0) -- return BIO_write(bp, "", 9); -- BIO_write(bp,p,i); -- if (p != buf) -- OPENSSL_free(p); -- return(i); -- } -+ if ((a == NULL) || (a->data == NULL)) -+ return (BIO_write(bp, "NULL", 4)); -+ i = i2t_ASN1_OBJECT(buf, sizeof buf, a); -+ if (i > (int)(sizeof(buf) - 1)) { -+ p = OPENSSL_malloc(i + 1); -+ if (!p) -+ return -1; -+ i2t_ASN1_OBJECT(p, i + 1, a); -+ } -+ if (i <= 0) -+ return BIO_write(bp, "", 9); -+ BIO_write(bp, p, i); -+ if (p != buf) -+ OPENSSL_free(p); -+ return (i); -+} - - ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, -- long length) -+ long length) - { -- const unsigned char *p; -- long len; -- int tag,xclass; -- int inf,i; -- ASN1_OBJECT *ret = NULL; -- p= *pp; -- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); -- if (inf & 0x80) -- { -- i=ASN1_R_BAD_OBJECT_HEADER; -- goto err; -- } -+ const unsigned char *p; -+ long len; -+ int tag, xclass; -+ int inf, i; -+ ASN1_OBJECT *ret = NULL; -+ p = *pp; -+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); -+ if (inf & 0x80) { -+ i = ASN1_R_BAD_OBJECT_HEADER; -+ goto err; -+ } - -- if (tag != V_ASN1_OBJECT) -- { -- i=ASN1_R_EXPECTING_AN_OBJECT; -- goto err; -- } -- ret = c2i_ASN1_OBJECT(a, &p, len); -- if(ret) *pp = p; -- return ret; --err: -- ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- ASN1_OBJECT_free(ret); -- return(NULL); -+ if (tag != V_ASN1_OBJECT) { -+ i = ASN1_R_EXPECTING_AN_OBJECT; -+ goto err; -+ } -+ ret = c2i_ASN1_OBJECT(a, &p, len); -+ if (ret) -+ *pp = p; -+ return ret; -+ err: -+ ASN1err(ASN1_F_D2I_ASN1_OBJECT, i); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ ASN1_OBJECT_free(ret); -+ return (NULL); - } - - ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, -- long len) -- { -- ASN1_OBJECT *ret=NULL; -- const unsigned char *p; -- int i, length; -+ long len) -+{ -+ ASN1_OBJECT *ret = NULL; -+ const unsigned char *p; -+ int i, length; - -- /* Sanity check OID encoding. -- * Need at least one content octet. -- * MSB must be clear in the last octet. -- * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 -- */ -- if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || -- p[len - 1] & 0x80) -- { -- ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); -- return NULL; -- } -- /* Now 0 < len <= INT_MAX, so the cast is safe. */ -- length = (int)len; -- for (i = 0; i < length; i++, p++) -- { -- if (*p == 0x80 && (!i || !(p[-1] & 0x80))) -- { -- ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); -- return NULL; -- } -- } -+ /* -+ * Sanity check OID encoding. Need at least one content octet. MSB must -+ * be clear in the last octet. can't have leading 0x80 in subidentifiers, -+ * see: X.690 8.19.2 -+ */ -+ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || -+ p[len - 1] & 0x80) { -+ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); -+ return NULL; -+ } -+ /* Now 0 < len <= INT_MAX, so the cast is safe. */ -+ length = (int)len; -+ for (i = 0; i < length; i++, p++) { -+ if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { -+ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); -+ return NULL; -+ } -+ } - -- /* only the ASN1_OBJECTs from the 'table' will have values -- * for ->sn or ->ln */ -- if ((a == NULL) || ((*a) == NULL) || -- !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) -- { -- if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); -- } -- else ret=(*a); -+ /* -+ * only the ASN1_OBJECTs from the 'table' will have values for ->sn or -+ * ->ln -+ */ -+ if ((a == NULL) || ((*a) == NULL) || -+ !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { -+ if ((ret = ASN1_OBJECT_new()) == NULL) -+ return (NULL); -+ } else -+ ret = (*a); - -- p= *pp; -- if ((ret->data == NULL) || (ret->length < length)) -- { -- if (ret->data != NULL) OPENSSL_free(ret->data); -- ret->data=(unsigned char *)OPENSSL_malloc(length); -- ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; -- if (ret->data == NULL) -- { i=ERR_R_MALLOC_FAILURE; goto err; } -- } -- memcpy(ret->data,p,length); -- ret->length=length; -- ret->sn=NULL; -- ret->ln=NULL; -- /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ -- p+=length; -+ p = *pp; -+ if ((ret->data == NULL) || (ret->length < length)) { -+ if (ret->data != NULL) -+ OPENSSL_free(ret->data); -+ ret->data = (unsigned char *)OPENSSL_malloc(length); -+ ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; -+ if (ret->data == NULL) { -+ i = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ } -+ memcpy(ret->data, p, length); -+ ret->length = length; -+ ret->sn = NULL; -+ ret->ln = NULL; -+ /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ -+ p += length; - -- if (a != NULL) (*a)=ret; -- *pp=p; -- return(ret); --err: -- ASN1err(ASN1_F_C2I_ASN1_OBJECT,i); -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- ASN1_OBJECT_free(ret); -- return(NULL); -- } -+ if (a != NULL) -+ (*a) = ret; -+ *pp = p; -+ return (ret); -+ err: -+ ASN1err(ASN1_F_C2I_ASN1_OBJECT, i); -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ ASN1_OBJECT_free(ret); -+ return (NULL); -+} - - ASN1_OBJECT *ASN1_OBJECT_new(void) -- { -- ASN1_OBJECT *ret; -+{ -+ ASN1_OBJECT *ret; - -- ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); -- if (ret == NULL) -- { -- ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- ret->length=0; -- ret->data=NULL; -- ret->nid=0; -- ret->sn=NULL; -- ret->ln=NULL; -- ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; -- return(ret); -- } -+ ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); -+ if (ret == NULL) { -+ ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ ret->length = 0; -+ ret->data = NULL; -+ ret->nid = 0; -+ ret->sn = NULL; -+ ret->ln = NULL; -+ ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; -+ return (ret); -+} - - void ASN1_OBJECT_free(ASN1_OBJECT *a) -- { -- if (a == NULL) return; -- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) -- { --#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */ -- if (a->sn != NULL) OPENSSL_free((void *)a->sn); -- if (a->ln != NULL) OPENSSL_free((void *)a->ln); -+{ -+ if (a == NULL) -+ return; -+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { -+#ifndef CONST_STRICT /* disable purely for compile-time strict -+ * const checking. Doing this on a "real" -+ * compile will cause memory leaks */ -+ if (a->sn != NULL) -+ OPENSSL_free((void *)a->sn); -+ if (a->ln != NULL) -+ OPENSSL_free((void *)a->ln); - #endif -- a->sn=a->ln=NULL; -- } -- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) -- { -- if (a->data != NULL) OPENSSL_free(a->data); -- a->data=NULL; -- a->length=0; -- } -- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) -- OPENSSL_free(a); -- } -+ a->sn = a->ln = NULL; -+ } -+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { -+ if (a->data != NULL) -+ OPENSSL_free(a->data); -+ a->data = NULL; -+ a->length = 0; -+ } -+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) -+ OPENSSL_free(a); -+} - - ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, -- const char *sn, const char *ln) -- { -- ASN1_OBJECT o; -+ const char *sn, const char *ln) -+{ -+ ASN1_OBJECT o; - -- o.sn=sn; -- o.ln=ln; -- o.data=data; -- o.nid=nid; -- o.length=len; -- o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| -- ASN1_OBJECT_FLAG_DYNAMIC_DATA; -- return(OBJ_dup(&o)); -- } -+ o.sn = sn; -+ o.ln = ln; -+ o.data = data; -+ o.nid = nid; -+ o.length = len; -+ o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | -+ ASN1_OBJECT_FLAG_DYNAMIC_DATA; -+ return (OBJ_dup(&o)); -+} - - IMPLEMENT_STACK_OF(ASN1_OBJECT) -+ - IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c -index 24fd0f8..6ea1950 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,11 +61,17 @@ - #include - - ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) --{ return M_ASN1_OCTET_STRING_dup(x); } -+{ -+ return M_ASN1_OCTET_STRING_dup(x); -+} - - int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) --{ return M_ASN1_OCTET_STRING_cmp(a, b); } -- --int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) --{ return M_ASN1_OCTET_STRING_set(x, d, len); } -+{ -+ return M_ASN1_OCTET_STRING_cmp(a, b); -+} - -+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, -+ int len) -+{ -+ return M_ASN1_OCTET_STRING_set(x, d, len); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c -index d18e772..d83e4ad 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_print.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_print.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,67 +61,69 @@ - #include - - int ASN1_PRINTABLE_type(const unsigned char *s, int len) -- { -- int c; -- int ia5=0; -- int t61=0; -+{ -+ int c; -+ int ia5 = 0; -+ int t61 = 0; - -- if (len <= 0) len= -1; -- if (s == NULL) return(V_ASN1_PRINTABLESTRING); -+ if (len <= 0) -+ len = -1; -+ if (s == NULL) -+ return (V_ASN1_PRINTABLESTRING); - -- while ((*s) && (len-- != 0)) -- { -- c= *(s++); -+ while ((*s) && (len-- != 0)) { -+ c = *(s++); - #ifndef CHARSET_EBCDIC -- if (!( ((c >= 'a') && (c <= 'z')) || -- ((c >= 'A') && (c <= 'Z')) || -- (c == ' ') || -- ((c >= '0') && (c <= '9')) || -- (c == ' ') || (c == '\'') || -- (c == '(') || (c == ')') || -- (c == '+') || (c == ',') || -- (c == '-') || (c == '.') || -- (c == '/') || (c == ':') || -- (c == '=') || (c == '?'))) -- ia5=1; -- if (c&0x80) -- t61=1; -+ if (!(((c >= 'a') && (c <= 'z')) || -+ ((c >= 'A') && (c <= 'Z')) || -+ (c == ' ') || -+ ((c >= '0') && (c <= '9')) || -+ (c == ' ') || (c == '\'') || -+ (c == '(') || (c == ')') || -+ (c == '+') || (c == ',') || -+ (c == '-') || (c == '.') || -+ (c == '/') || (c == ':') || (c == '=') || (c == '?'))) -+ ia5 = 1; -+ if (c & 0x80) -+ t61 = 1; - #else -- if (!isalnum(c) && (c != ' ') && -- strchr("'()+,-./:=?", c) == NULL) -- ia5=1; -- if (os_toascii[c] & 0x80) -- t61=1; -+ if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL) -+ ia5 = 1; -+ if (os_toascii[c] & 0x80) -+ t61 = 1; - #endif -- } -- if (t61) return(V_ASN1_T61STRING); -- if (ia5) return(V_ASN1_IA5STRING); -- return(V_ASN1_PRINTABLESTRING); -- } -+ } -+ if (t61) -+ return (V_ASN1_T61STRING); -+ if (ia5) -+ return (V_ASN1_IA5STRING); -+ return (V_ASN1_PRINTABLESTRING); -+} - - int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) -- { -- int i; -- unsigned char *p; -+{ -+ int i; -+ unsigned char *p; - -- if (s->type != V_ASN1_UNIVERSALSTRING) return(0); -- if ((s->length%4) != 0) return(0); -- p=s->data; -- for (i=0; ilength; i+=4) -- { -- if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) -- break; -- else -- p+=4; -- } -- if (i < s->length) return(0); -- p=s->data; -- for (i=3; ilength; i+=4) -- { -- *(p++)=s->data[i]; -- } -- *(p)='\0'; -- s->length/=4; -- s->type=ASN1_PRINTABLE_type(s->data,s->length); -- return(1); -- } -+ if (s->type != V_ASN1_UNIVERSALSTRING) -+ return (0); -+ if ((s->length % 4) != 0) -+ return (0); -+ p = s->data; -+ for (i = 0; i < s->length; i += 4) { -+ if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) -+ break; -+ else -+ p += 4; -+ } -+ if (i < s->length) -+ return (0); -+ p = s->data; -+ for (i = 3; i < s->length; i += 4) { -+ *(p++) = s->data[i]; -+ } -+ *(p) = '\0'; -+ s->length /= 4; -+ s->type = ASN1_PRINTABLE_type(s->data, s->length); -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c -index 958558c..18bb408 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_set.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_set.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,177 +62,175 @@ - - #ifndef NO_ASN1_OLD - --typedef struct -- { -+typedef struct { - unsigned char *pbData; - int cbData; -- } MYBLOB; -+} MYBLOB; - --/* SetBlobCmp -- * This function compares two elements of SET_OF block -+/* -+ * SetBlobCmp This function compares two elements of SET_OF block - */ --static int SetBlobCmp(const void *elem1, const void *elem2 ) -- { -+static int SetBlobCmp(const void *elem1, const void *elem2) -+{ - const MYBLOB *b1 = (const MYBLOB *)elem1; - const MYBLOB *b2 = (const MYBLOB *)elem2; - int r; - - r = memcmp(b1->pbData, b2->pbData, -- b1->cbData < b2->cbData ? b1->cbData : b2->cbData); -- if(r != 0) -- return r; -- return b1->cbData-b2->cbData; -+ b1->cbData < b2->cbData ? b1->cbData : b2->cbData); -+ if (r != 0) -+ return r; -+ return b1->cbData - b2->cbData; -+} -+ -+/* -+ * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) -+ */ -+int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, -+ int ex_class, int is_set) -+{ -+ int ret = 0, r; -+ int i; -+ unsigned char *p; -+ unsigned char *pStart, *pTempMem; -+ MYBLOB *rgSetBlob; -+ int totSize; -+ -+ if (a == NULL) -+ return (0); -+ for (i = sk_num(a) - 1; i >= 0; i--) -+ ret += i2d(sk_value(a, i), NULL); -+ r = ASN1_object_size(1, ret, ex_tag); -+ if (pp == NULL) -+ return (r); -+ -+ p = *pp; -+ ASN1_put_object(&p, 1, ret, ex_tag, ex_class); -+ -+/* Modified by gp@nsj.co.jp */ -+ /* And then again by Ben */ -+ /* And again by Steve */ -+ -+ if (!is_set || (sk_num(a) < 2)) { -+ for (i = 0; i < sk_num(a); i++) -+ i2d(sk_value(a, i), &p); -+ -+ *pp = p; -+ return (r); - } - --/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ --int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, -- int ex_class, int is_set) -- { -- int ret=0,r; -- int i; -- unsigned char *p; -- unsigned char *pStart, *pTempMem; -- MYBLOB *rgSetBlob; -- int totSize; -- -- if (a == NULL) return(0); -- for (i=sk_num(a)-1; i>=0; i--) -- ret+=i2d(sk_value(a,i),NULL); -- r=ASN1_object_size(1,ret,ex_tag); -- if (pp == NULL) return(r); -- -- p= *pp; -- ASN1_put_object(&p,1,ret,ex_tag,ex_class); -+ pStart = p; /* Catch the beg of Setblobs */ -+ /* In this array we will store the SET blobs */ -+ rgSetBlob = (MYBLOB *) OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB)); -+ if (rgSetBlob == NULL) { -+ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } - --/* Modified by gp@nsj.co.jp */ -- /* And then again by Ben */ -- /* And again by Steve */ -- -- if(!is_set || (sk_num(a) < 2)) -- { -- for (i=0; i c.max) -- { -- ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR); -- goto err; -- } -- /* check for infinite constructed - it can be as long -- * as the amount of data passed to us */ -- if (c.inf == (V_ASN1_CONSTRUCTED+1)) -- c.slen=length+ *pp-c.p; -- c.max=c.p+c.slen; -- -- while (c.p < c.max) -- { -- char *s; -- -- if (M_ASN1_D2I_end_sequence()) break; -- /* XXX: This was called with 4 arguments, incorrectly, it seems -- if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */ -- if ((s=d2i(NULL,&c.p,c.slen)) == NULL) -- { -- ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); -- asn1_add_error(*pp,(int)(c.q- *pp)); -- goto err; -- } -- if (!sk_push(ret,s)) goto err; -- } -- if (a != NULL) (*a)=ret; -- *pp=c.p; -- return(ret); --err: -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- { -- if (free_func != NULL) -- sk_pop_free(ret,free_func); -- else -- sk_free(ret); -- } -- return(NULL); -- } -+ } else -+ ret = (*a); -+ -+ c.p = *pp; -+ c.max = (length == 0) ? 0 : (c.p + length); -+ -+ c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p); -+ if (c.inf & 0x80) -+ goto err; -+ if (ex_class != c.xclass) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS); -+ goto err; -+ } -+ if (ex_tag != c.tag) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG); -+ goto err; -+ } -+ if ((c.slen + c.p) > c.max) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR); -+ goto err; -+ } -+ /* -+ * check for infinite constructed - it can be as long as the amount of -+ * data passed to us -+ */ -+ if (c.inf == (V_ASN1_CONSTRUCTED + 1)) -+ c.slen = length + *pp - c.p; -+ c.max = c.p + c.slen; -+ -+ while (c.p < c.max) { -+ char *s; -+ -+ if (M_ASN1_D2I_end_sequence()) -+ break; -+ /* -+ * XXX: This was called with 4 arguments, incorrectly, it seems if -+ * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) -+ */ -+ if ((s = d2i(NULL, &c.p, c.slen)) == NULL) { -+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT); -+ asn1_add_error(*pp, (int)(c.q - *pp)); -+ goto err; -+ } -+ if (!sk_push(ret, s)) -+ goto err; -+ } -+ if (a != NULL) -+ (*a) = ret; -+ *pp = c.p; -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) { -+ if (free_func != NULL) -+ sk_pop_free(ret, free_func); -+ else -+ sk_free(ret); -+ } -+ return (NULL); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c -index 4dee45f..92a5a6c 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -127,174 +127,179 @@ - #ifndef NO_ASN1_OLD - - int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, -- ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, -- const EVP_MD *type) -- { -- EVP_MD_CTX ctx; -- unsigned char *p,*buf_in=NULL,*buf_out=NULL; -- int i,inl=0,outl=0,outll=0; -- X509_ALGOR *a; -+ ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, -+ const EVP_MD *type) -+{ -+ EVP_MD_CTX ctx; -+ unsigned char *p, *buf_in = NULL, *buf_out = NULL; -+ int i, inl = 0, outl = 0, outll = 0; -+ X509_ALGOR *a; - -- EVP_MD_CTX_init(&ctx); -- for (i=0; i<2; i++) -- { -- if (i == 0) -- a=algor1; -- else -- a=algor2; -- if (a == NULL) continue; -- if (type->pkey_type == NID_dsaWithSHA1) -- { -- /* special case: RFC 2459 tells us to omit 'parameters' -- * with id-dsa-with-sha1 */ -- ASN1_TYPE_free(a->parameter); -- a->parameter = NULL; -- } -- else if ((a->parameter == NULL) || -- (a->parameter->type != V_ASN1_NULL)) -- { -- ASN1_TYPE_free(a->parameter); -- if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; -- a->parameter->type=V_ASN1_NULL; -- } -- ASN1_OBJECT_free(a->algorithm); -- a->algorithm=OBJ_nid2obj(type->pkey_type); -- if (a->algorithm == NULL) -- { -- ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); -- goto err; -- } -- if (a->algorithm->length == 0) -- { -- ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -- goto err; -- } -- } -- inl=i2d(data,NULL); -- buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl); -- outll=outl=EVP_PKEY_size(pkey); -- buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); -- if ((buf_in == NULL) || (buf_out == NULL)) -- { -- outl=0; -- ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- p=buf_in; -+ EVP_MD_CTX_init(&ctx); -+ for (i = 0; i < 2; i++) { -+ if (i == 0) -+ a = algor1; -+ else -+ a = algor2; -+ if (a == NULL) -+ continue; -+ if (type->pkey_type == NID_dsaWithSHA1) { -+ /* -+ * special case: RFC 2459 tells us to omit 'parameters' with -+ * id-dsa-with-sha1 -+ */ -+ ASN1_TYPE_free(a->parameter); -+ a->parameter = NULL; -+ } else if ((a->parameter == NULL) || -+ (a->parameter->type != V_ASN1_NULL)) { -+ ASN1_TYPE_free(a->parameter); -+ if ((a->parameter = ASN1_TYPE_new()) == NULL) -+ goto err; -+ a->parameter->type = V_ASN1_NULL; -+ } -+ ASN1_OBJECT_free(a->algorithm); -+ a->algorithm = OBJ_nid2obj(type->pkey_type); -+ if (a->algorithm == NULL) { -+ ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); -+ goto err; -+ } -+ if (a->algorithm->length == 0) { -+ ASN1err(ASN1_F_ASN1_SIGN, -+ ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -+ goto err; -+ } -+ } -+ inl = i2d(data, NULL); -+ buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl); -+ outll = outl = EVP_PKEY_size(pkey); -+ buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); -+ if ((buf_in == NULL) || (buf_out == NULL)) { -+ outl = 0; -+ ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ p = buf_in; - -- i2d(data,&p); -- EVP_SignInit_ex(&ctx,type, NULL); -- EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); -- if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, -- (unsigned int *)&outl,pkey)) -- { -- outl=0; -- ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); -- goto err; -- } -- if (signature->data != NULL) OPENSSL_free(signature->data); -- signature->data=buf_out; -- buf_out=NULL; -- signature->length=outl; -- /* In the interests of compatibility, I'll make sure that -- * the bit string has a 'not-used bits' value of 0 -- */ -- signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); -- signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; --err: -- EVP_MD_CTX_cleanup(&ctx); -- if (buf_in != NULL) -- { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } -- if (buf_out != NULL) -- { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } -- return(outl); -- } -+ i2d(data, &p); -+ EVP_SignInit_ex(&ctx, type, NULL); -+ EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); -+ if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, -+ (unsigned int *)&outl, pkey)) { -+ outl = 0; -+ ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); -+ goto err; -+ } -+ if (signature->data != NULL) -+ OPENSSL_free(signature->data); -+ signature->data = buf_out; -+ buf_out = NULL; -+ signature->length = outl; -+ /* -+ * In the interests of compatibility, I'll make sure that the bit string -+ * has a 'not-used bits' value of 0 -+ */ -+ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); -+ signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ err: -+ EVP_MD_CTX_cleanup(&ctx); -+ if (buf_in != NULL) { -+ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); -+ OPENSSL_free(buf_in); -+ } -+ if (buf_out != NULL) { -+ OPENSSL_cleanse((char *)buf_out, outll); -+ OPENSSL_free(buf_out); -+ } -+ return (outl); -+} - - #endif - --int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, -- ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, -- const EVP_MD *type) -- { -- EVP_MD_CTX ctx; -- unsigned char *buf_in=NULL,*buf_out=NULL; -- int i,inl=0,outl=0,outll=0; -- X509_ALGOR *a; -+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, -+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, -+ EVP_PKEY *pkey, const EVP_MD *type) -+{ -+ EVP_MD_CTX ctx; -+ unsigned char *buf_in = NULL, *buf_out = NULL; -+ int i, inl = 0, outl = 0, outll = 0; -+ X509_ALGOR *a; - -- EVP_MD_CTX_init(&ctx); -- for (i=0; i<2; i++) -- { -- if (i == 0) -- a=algor1; -- else -- a=algor2; -- if (a == NULL) continue; -- if (type->pkey_type == NID_dsaWithSHA1 || -- type->pkey_type == NID_ecdsa_with_SHA1) -- { -- /* special case: RFC 3279 tells us to omit 'parameters' -- * with id-dsa-with-sha1 and ecdsa-with-SHA1 */ -- ASN1_TYPE_free(a->parameter); -- a->parameter = NULL; -- } -- else if ((a->parameter == NULL) || -- (a->parameter->type != V_ASN1_NULL)) -- { -- ASN1_TYPE_free(a->parameter); -- if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; -- a->parameter->type=V_ASN1_NULL; -- } -- ASN1_OBJECT_free(a->algorithm); -- a->algorithm=OBJ_nid2obj(type->pkey_type); -- if (a->algorithm == NULL) -- { -- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); -- goto err; -- } -- if (a->algorithm->length == 0) -- { -- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -- goto err; -- } -- } -- inl=ASN1_item_i2d(asn,&buf_in, it); -- outll=outl=EVP_PKEY_size(pkey); -- buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); -- if ((buf_in == NULL) || (buf_out == NULL)) -- { -- outl=0; -- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ EVP_MD_CTX_init(&ctx); -+ for (i = 0; i < 2; i++) { -+ if (i == 0) -+ a = algor1; -+ else -+ a = algor2; -+ if (a == NULL) -+ continue; -+ if (type->pkey_type == NID_dsaWithSHA1 || -+ type->pkey_type == NID_ecdsa_with_SHA1) { -+ /* -+ * special case: RFC 3279 tells us to omit 'parameters' with -+ * id-dsa-with-sha1 and ecdsa-with-SHA1 -+ */ -+ ASN1_TYPE_free(a->parameter); -+ a->parameter = NULL; -+ } else if ((a->parameter == NULL) || -+ (a->parameter->type != V_ASN1_NULL)) { -+ ASN1_TYPE_free(a->parameter); -+ if ((a->parameter = ASN1_TYPE_new()) == NULL) -+ goto err; -+ a->parameter->type = V_ASN1_NULL; -+ } -+ ASN1_OBJECT_free(a->algorithm); -+ a->algorithm = OBJ_nid2obj(type->pkey_type); -+ if (a->algorithm == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); -+ goto err; -+ } -+ if (a->algorithm->length == 0) { -+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, -+ ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -+ goto err; -+ } -+ } -+ inl = ASN1_item_i2d(asn, &buf_in, it); -+ outll = outl = EVP_PKEY_size(pkey); -+ buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); -+ if ((buf_in == NULL) || (buf_out == NULL)) { -+ outl = 0; -+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- if (!EVP_SignInit_ex(&ctx,type, NULL)) -- { -- outl=0; -- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); -- goto err; -- } -- EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); -- if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, -- (unsigned int *)&outl,pkey)) -- { -- outl=0; -- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); -- goto err; -- } -- if (signature->data != NULL) OPENSSL_free(signature->data); -- signature->data=buf_out; -- buf_out=NULL; -- signature->length=outl; -- /* In the interests of compatibility, I'll make sure that -- * the bit string has a 'not-used bits' value of 0 -- */ -- signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); -- signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; --err: -- EVP_MD_CTX_cleanup(&ctx); -- if (buf_in != NULL) -- { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } -- if (buf_out != NULL) -- { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } -- return(outl); -- } -+ if (!EVP_SignInit_ex(&ctx, type, NULL)) { -+ outl = 0; -+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); -+ goto err; -+ } -+ EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); -+ if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, -+ (unsigned int *)&outl, pkey)) { -+ outl = 0; -+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); -+ goto err; -+ } -+ if (signature->data != NULL) -+ OPENSSL_free(signature->data); -+ signature->data = buf_out; -+ buf_out = NULL; -+ signature->length = outl; -+ /* -+ * In the interests of compatibility, I'll make sure that the bit string -+ * has a 'not-used bits' value of 0 -+ */ -+ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); -+ signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ err: -+ EVP_MD_CTX_cleanup(&ctx); -+ if (buf_in != NULL) { -+ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); -+ OPENSSL_free(buf_in); -+ } -+ if (buf_out != NULL) { -+ OPENSSL_cleanse((char *)buf_out, outll); -+ OPENSSL_free(buf_out); -+ } -+ return (outl); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -index ead37ac..f650708 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c -@@ -1,6 +1,7 @@ - /* a_strex.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,511 +66,583 @@ - - #include "charmap.h" - --/* ASN1_STRING_print_ex() and X509_NAME_print_ex(). -- * Enhanced string and name printing routines handling -- * multibyte characters, RFC2253 and a host of other -- * options. -+/* -+ * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name -+ * printing routines handling multibyte characters, RFC2253 and a host of -+ * other options. - */ - -- --#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) -+#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) - - #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ -- ASN1_STRFLGS_ESC_QUOTE | \ -- ASN1_STRFLGS_ESC_CTRL | \ -- ASN1_STRFLGS_ESC_MSB) -- -+ ASN1_STRFLGS_ESC_QUOTE | \ -+ ASN1_STRFLGS_ESC_CTRL | \ -+ ASN1_STRFLGS_ESC_MSB) - --/* Three IO functions for sending data to memory, a BIO and -- * and a FILE pointer. -+/* -+ * Three IO functions for sending data to memory, a BIO and and a FILE -+ * pointer. - */ --#if 0 /* never used */ -+#if 0 /* never used */ - static int send_mem_chars(void *arg, const void *buf, int len) - { -- unsigned char **out = arg; -- if(!out) return 1; -- memcpy(*out, buf, len); -- *out += len; -- return 1; -+ unsigned char **out = arg; -+ if (!out) -+ return 1; -+ memcpy(*out, buf, len); -+ *out += len; -+ return 1; - } - #endif - - static int send_bio_chars(void *arg, const void *buf, int len) - { -- if(!arg) return 1; -- if(BIO_write(arg, buf, len) != len) return 0; -- return 1; -+ if (!arg) -+ return 1; -+ if (BIO_write(arg, buf, len) != len) -+ return 0; -+ return 1; - } - - static int send_fp_chars(void *arg, const void *buf, int len) - { -- if(!arg) return 1; -- if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; -- return 1; -+ if (!arg) -+ return 1; -+ if (fwrite(buf, 1, len, arg) != (unsigned int)len) -+ return 0; -+ return 1; - } - --typedef int char_io(void *arg, const void *buf, int len); -+typedef int char_io (void *arg, const void *buf, int len); - --/* This function handles display of -- * strings, one character at a time. -- * It is passed an unsigned long for each -- * character because it could come from 2 or even -- * 4 byte forms. -+/* -+ * This function handles display of strings, one character at a time. It is -+ * passed an unsigned long for each character because it could come from 2 or -+ * even 4 byte forms. - */ - --static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) -+static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, -+ char_io *io_ch, void *arg) - { -- unsigned char chflgs, chtmp; -- char tmphex[HEX_SIZE(long)+3]; -- -- if(c > 0xffffffffL) -- return -1; -- if(c > 0xffff) { -- BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); -- if(!io_ch(arg, tmphex, 10)) return -1; -- return 10; -- } -- if(c > 0xff) { -- BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); -- if(!io_ch(arg, tmphex, 6)) return -1; -- return 6; -- } -- chtmp = (unsigned char)c; -- if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB; -- else chflgs = char_type[chtmp] & flags; -- if(chflgs & CHARTYPE_BS_ESC) { -- /* If we don't escape with quotes, signal we need quotes */ -- if(chflgs & ASN1_STRFLGS_ESC_QUOTE) { -- if(do_quotes) *do_quotes = 1; -- if(!io_ch(arg, &chtmp, 1)) return -1; -- return 1; -- } -- if(!io_ch(arg, "\\", 1)) return -1; -- if(!io_ch(arg, &chtmp, 1)) return -1; -- return 2; -- } -- if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { -- BIO_snprintf(tmphex, 11, "\\%02X", chtmp); -- if(!io_ch(arg, tmphex, 3)) return -1; -- return 3; -- } -- /* If we get this far and do any escaping at all must escape -- * the escape character itself: backslash. -- */ -- if (chtmp == '\\' && flags & ESC_FLAGS) { -- if(!io_ch(arg, "\\\\", 2)) return -1; -- return 2; -- } -- if(!io_ch(arg, &chtmp, 1)) return -1; -- return 1; -+ unsigned char chflgs, chtmp; -+ char tmphex[HEX_SIZE(long) + 3]; -+ -+ if (c > 0xffffffffL) -+ return -1; -+ if (c > 0xffff) { -+ BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); -+ if (!io_ch(arg, tmphex, 10)) -+ return -1; -+ return 10; -+ } -+ if (c > 0xff) { -+ BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); -+ if (!io_ch(arg, tmphex, 6)) -+ return -1; -+ return 6; -+ } -+ chtmp = (unsigned char)c; -+ if (chtmp > 0x7f) -+ chflgs = flags & ASN1_STRFLGS_ESC_MSB; -+ else -+ chflgs = char_type[chtmp] & flags; -+ if (chflgs & CHARTYPE_BS_ESC) { -+ /* If we don't escape with quotes, signal we need quotes */ -+ if (chflgs & ASN1_STRFLGS_ESC_QUOTE) { -+ if (do_quotes) -+ *do_quotes = 1; -+ if (!io_ch(arg, &chtmp, 1)) -+ return -1; -+ return 1; -+ } -+ if (!io_ch(arg, "\\", 1)) -+ return -1; -+ if (!io_ch(arg, &chtmp, 1)) -+ return -1; -+ return 2; -+ } -+ if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) { -+ BIO_snprintf(tmphex, 11, "\\%02X", chtmp); -+ if (!io_ch(arg, tmphex, 3)) -+ return -1; -+ return 3; -+ } -+ /* -+ * If we get this far and do any escaping at all must escape the escape -+ * character itself: backslash. -+ */ -+ if (chtmp == '\\' && flags & ESC_FLAGS) { -+ if (!io_ch(arg, "\\\\", 2)) -+ return -1; -+ return 2; -+ } -+ if (!io_ch(arg, &chtmp, 1)) -+ return -1; -+ return 1; - } - --#define BUF_TYPE_WIDTH_MASK 0x7 --#define BUF_TYPE_CONVUTF8 0x8 -+#define BUF_TYPE_WIDTH_MASK 0x7 -+#define BUF_TYPE_CONVUTF8 0x8 - --/* This function sends each character in a buffer to -- * do_esc_char(). It interprets the content formats -- * and converts to or from UTF8 as appropriate. -+/* -+ * This function sends each character in a buffer to do_esc_char(). It -+ * interprets the content formats and converts to or from UTF8 as -+ * appropriate. - */ - - static int do_buf(unsigned char *buf, int buflen, -- int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) -+ int type, unsigned char flags, char *quotes, char_io *io_ch, -+ void *arg) - { -- int i, outlen, len; -- unsigned char orflags, *p, *q; -- unsigned long c; -- p = buf; -- q = buf + buflen; -- outlen = 0; -- while(p != q) { -- if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; -- else orflags = 0; -- switch(type & BUF_TYPE_WIDTH_MASK) { -- case 4: -- c = ((unsigned long)*p++) << 24; -- c |= ((unsigned long)*p++) << 16; -- c |= ((unsigned long)*p++) << 8; -- c |= *p++; -- break; -- -- case 2: -- c = ((unsigned long)*p++) << 8; -- c |= *p++; -- break; -- -- case 1: -- c = *p++; -- break; -- -- case 0: -- i = UTF8_getc(p, buflen, &c); -- if(i < 0) return -1; /* Invalid UTF8String */ -- p += i; -- break; -- default: -- return -1; /* invalid width */ -- } -- if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; -- if(type & BUF_TYPE_CONVUTF8) { -- unsigned char utfbuf[6]; -- int utflen; -- utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); -- for(i = 0; i < utflen; i++) { -- /* We don't need to worry about setting orflags correctly -- * because if utflen==1 its value will be correct anyway -- * otherwise each character will be > 0x7f and so the -- * character will never be escaped on first and last. -- */ -- len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg); -- if(len < 0) return -1; -- outlen += len; -- } -- } else { -- len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg); -- if(len < 0) return -1; -- outlen += len; -- } -- } -- return outlen; -+ int i, outlen, len; -+ unsigned char orflags, *p, *q; -+ unsigned long c; -+ p = buf; -+ q = buf + buflen; -+ outlen = 0; -+ while (p != q) { -+ if (p == buf && flags & ASN1_STRFLGS_ESC_2253) -+ orflags = CHARTYPE_FIRST_ESC_2253; -+ else -+ orflags = 0; -+ switch (type & BUF_TYPE_WIDTH_MASK) { -+ case 4: -+ c = ((unsigned long)*p++) << 24; -+ c |= ((unsigned long)*p++) << 16; -+ c |= ((unsigned long)*p++) << 8; -+ c |= *p++; -+ break; -+ -+ case 2: -+ c = ((unsigned long)*p++) << 8; -+ c |= *p++; -+ break; -+ -+ case 1: -+ c = *p++; -+ break; -+ -+ case 0: -+ i = UTF8_getc(p, buflen, &c); -+ if (i < 0) -+ return -1; /* Invalid UTF8String */ -+ p += i; -+ break; -+ default: -+ return -1; /* invalid width */ -+ } -+ if (p == q && flags & ASN1_STRFLGS_ESC_2253) -+ orflags = CHARTYPE_LAST_ESC_2253; -+ if (type & BUF_TYPE_CONVUTF8) { -+ unsigned char utfbuf[6]; -+ int utflen; -+ utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); -+ for (i = 0; i < utflen; i++) { -+ /* -+ * We don't need to worry about setting orflags correctly -+ * because if utflen==1 its value will be correct anyway -+ * otherwise each character will be > 0x7f and so the -+ * character will never be escaped on first and last. -+ */ -+ len = -+ do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), -+ quotes, io_ch, arg); -+ if (len < 0) -+ return -1; -+ outlen += len; -+ } -+ } else { -+ len = -+ do_esc_char(c, (unsigned char)(flags | orflags), quotes, -+ io_ch, arg); -+ if (len < 0) -+ return -1; -+ outlen += len; -+ } -+ } -+ return outlen; - } - - /* This function hex dumps a buffer of characters */ - --static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) -+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, -+ int buflen) - { -- static const char hexdig[] = "0123456789ABCDEF"; -- unsigned char *p, *q; -- char hextmp[2]; -- if(arg) { -- p = buf; -- q = buf + buflen; -- while(p != q) { -- hextmp[0] = hexdig[*p >> 4]; -- hextmp[1] = hexdig[*p & 0xf]; -- if(!io_ch(arg, hextmp, 2)) return -1; -- p++; -- } -- } -- return buflen << 1; -+ static const char hexdig[] = "0123456789ABCDEF"; -+ unsigned char *p, *q; -+ char hextmp[2]; -+ if (arg) { -+ p = buf; -+ q = buf + buflen; -+ while (p != q) { -+ hextmp[0] = hexdig[*p >> 4]; -+ hextmp[1] = hexdig[*p & 0xf]; -+ if (!io_ch(arg, hextmp, 2)) -+ return -1; -+ p++; -+ } -+ } -+ return buflen << 1; - } - --/* "dump" a string. This is done when the type is unknown, -- * or the flags request it. We can either dump the content -- * octets or the entire DER encoding. This uses the RFC2253 -- * #01234 format. -+/* -+ * "dump" a string. This is done when the type is unknown, or the flags -+ * request it. We can either dump the content octets or the entire DER -+ * encoding. This uses the RFC2253 #01234 format. - */ - --static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) -+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, -+ ASN1_STRING *str) - { -- /* Placing the ASN1_STRING in a temp ASN1_TYPE allows -- * the DER encoding to readily obtained -- */ -- ASN1_TYPE t; -- unsigned char *der_buf, *p; -- int outlen, der_len; -- -- if(!io_ch(arg, "#", 1)) return -1; -- /* If we don't dump DER encoding just dump content octets */ -- if(!(lflags & ASN1_STRFLGS_DUMP_DER)) { -- outlen = do_hex_dump(io_ch, arg, str->data, str->length); -- if(outlen < 0) return -1; -- return outlen + 1; -- } -- t.type = str->type; -- t.value.ptr = (char *)str; -- der_len = i2d_ASN1_TYPE(&t, NULL); -- der_buf = OPENSSL_malloc(der_len); -- if(!der_buf) return -1; -- p = der_buf; -- i2d_ASN1_TYPE(&t, &p); -- outlen = do_hex_dump(io_ch, arg, der_buf, der_len); -- OPENSSL_free(der_buf); -- if(outlen < 0) return -1; -- return outlen + 1; -+ /* -+ * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to -+ * readily obtained -+ */ -+ ASN1_TYPE t; -+ unsigned char *der_buf, *p; -+ int outlen, der_len; -+ -+ if (!io_ch(arg, "#", 1)) -+ return -1; -+ /* If we don't dump DER encoding just dump content octets */ -+ if (!(lflags & ASN1_STRFLGS_DUMP_DER)) { -+ outlen = do_hex_dump(io_ch, arg, str->data, str->length); -+ if (outlen < 0) -+ return -1; -+ return outlen + 1; -+ } -+ t.type = str->type; -+ t.value.ptr = (char *)str; -+ der_len = i2d_ASN1_TYPE(&t, NULL); -+ der_buf = OPENSSL_malloc(der_len); -+ if (!der_buf) -+ return -1; -+ p = der_buf; -+ i2d_ASN1_TYPE(&t, &p); -+ outlen = do_hex_dump(io_ch, arg, der_buf, der_len); -+ OPENSSL_free(der_buf); -+ if (outlen < 0) -+ return -1; -+ return outlen + 1; - } - --/* Lookup table to convert tags to character widths, -- * 0 = UTF8 encoded, -1 is used for non string types -- * otherwise it is the number of bytes per character -+/* -+ * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is -+ * used for non string types otherwise it is the number of bytes per -+ * character - */ - - static const signed char tag2nbyte[] = { -- -1, -1, -1, -1, -1, /* 0-4 */ -- -1, -1, -1, -1, -1, /* 5-9 */ -- -1, -1, 0, -1, /* 10-13 */ -- -1, -1, -1, -1, /* 15-17 */ -- -1, 1, 1, /* 18-20 */ -- -1, 1, 1, 1, /* 21-24 */ -- -1, 1, -1, /* 25-27 */ -- 4, -1, 2 /* 28-30 */ -+ -1, -1, -1, -1, -1, /* 0-4 */ -+ -1, -1, -1, -1, -1, /* 5-9 */ -+ -1, -1, 0, -1, /* 10-13 */ -+ -1, -1, -1, -1, /* 15-17 */ -+ -1, 1, 1, /* 18-20 */ -+ -1, 1, 1, 1, /* 21-24 */ -+ -1, 1, -1, /* 25-27 */ -+ 4, -1, 2 /* 28-30 */ - }; - --/* This is the main function, print out an -- * ASN1_STRING taking note of various escape -- * and display options. Returns number of -- * characters written or -1 if an error -- * occurred. -+/* -+ * This is the main function, print out an ASN1_STRING taking note of various -+ * escape and display options. Returns number of characters written or -1 if -+ * an error occurred. - */ - --static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) -+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, -+ ASN1_STRING *str) - { -- int outlen, len; -- int type; -- char quotes; -- unsigned char flags; -- quotes = 0; -- /* Keep a copy of escape flags */ -- flags = (unsigned char)(lflags & ESC_FLAGS); -- -- type = str->type; -- -- outlen = 0; -- -- -- if(lflags & ASN1_STRFLGS_SHOW_TYPE) { -- const char *tagname; -- tagname = ASN1_tag2str(type); -- outlen += strlen(tagname); -- if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; -- outlen++; -- } -- -- /* Decide what to do with type, either dump content or display it */ -- -- /* Dump everything */ -- if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; -- /* Ignore the string type */ -- else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; -- else { -- /* Else determine width based on type */ -- if((type > 0) && (type < 31)) type = tag2nbyte[type]; -- else type = -1; -- if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; -- } -- -- if(type == -1) { -- len = do_dump(lflags, io_ch, arg, str); -- if(len < 0) return -1; -- outlen += len; -- return outlen; -- } -- -- if(lflags & ASN1_STRFLGS_UTF8_CONVERT) { -- /* Note: if string is UTF8 and we want -- * to convert to UTF8 then we just interpret -- * it as 1 byte per character to avoid converting -- * twice. -- */ -- if(!type) type = 1; -- else type |= BUF_TYPE_CONVUTF8; -- } -- -- len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); -- if(len < 0) return -1; -- outlen += len; -- if(quotes) outlen += 2; -- if(!arg) return outlen; -- if(quotes && !io_ch(arg, "\"", 1)) return -1; -- if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) -- return -1; -- if(quotes && !io_ch(arg, "\"", 1)) return -1; -- return outlen; -+ int outlen, len; -+ int type; -+ char quotes; -+ unsigned char flags; -+ quotes = 0; -+ /* Keep a copy of escape flags */ -+ flags = (unsigned char)(lflags & ESC_FLAGS); -+ -+ type = str->type; -+ -+ outlen = 0; -+ -+ if (lflags & ASN1_STRFLGS_SHOW_TYPE) { -+ const char *tagname; -+ tagname = ASN1_tag2str(type); -+ outlen += strlen(tagname); -+ if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) -+ return -1; -+ outlen++; -+ } -+ -+ /* Decide what to do with type, either dump content or display it */ -+ -+ /* Dump everything */ -+ if (lflags & ASN1_STRFLGS_DUMP_ALL) -+ type = -1; -+ /* Ignore the string type */ -+ else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) -+ type = 1; -+ else { -+ /* Else determine width based on type */ -+ if ((type > 0) && (type < 31)) -+ type = tag2nbyte[type]; -+ else -+ type = -1; -+ if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) -+ type = 1; -+ } -+ -+ if (type == -1) { -+ len = do_dump(lflags, io_ch, arg, str); -+ if (len < 0) -+ return -1; -+ outlen += len; -+ return outlen; -+ } -+ -+ if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { -+ /* -+ * Note: if string is UTF8 and we want to convert to UTF8 then we -+ * just interpret it as 1 byte per character to avoid converting -+ * twice. -+ */ -+ if (!type) -+ type = 1; -+ else -+ type |= BUF_TYPE_CONVUTF8; -+ } -+ -+ len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); -+ if (len < 0) -+ return -1; -+ outlen += len; -+ if (quotes) -+ outlen += 2; -+ if (!arg) -+ return outlen; -+ if (quotes && !io_ch(arg, "\"", 1)) -+ return -1; -+ if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) -+ return -1; -+ if (quotes && !io_ch(arg, "\"", 1)) -+ return -1; -+ return outlen; - } - - /* Used for line indenting: print 'indent' spaces */ - - static int do_indent(char_io *io_ch, void *arg, int indent) - { -- int i; -- for(i = 0; i < indent; i++) -- if(!io_ch(arg, " ", 1)) return 0; -- return 1; -+ int i; -+ for (i = 0; i < indent; i++) -+ if (!io_ch(arg, " ", 1)) -+ return 0; -+ return 1; - } - --#define FN_WIDTH_LN 25 --#define FN_WIDTH_SN 10 -+#define FN_WIDTH_LN 25 -+#define FN_WIDTH_SN 10 - - static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, -- int indent, unsigned long flags) -+ int indent, unsigned long flags) - { -- int i, prev = -1, orflags, cnt; -- int fn_opt, fn_nid; -- ASN1_OBJECT *fn; -- ASN1_STRING *val; -- X509_NAME_ENTRY *ent; -- char objtmp[80]; -- const char *objbuf; -- int outlen, len; -- char *sep_dn, *sep_mv, *sep_eq; -- int sep_dn_len, sep_mv_len, sep_eq_len; -- if(indent < 0) indent = 0; -- outlen = indent; -- if(!do_indent(io_ch, arg, indent)) return -1; -- switch (flags & XN_FLAG_SEP_MASK) -- { -- case XN_FLAG_SEP_MULTILINE: -- sep_dn = "\n"; -- sep_dn_len = 1; -- sep_mv = " + "; -- sep_mv_len = 3; -- break; -- -- case XN_FLAG_SEP_COMMA_PLUS: -- sep_dn = ","; -- sep_dn_len = 1; -- sep_mv = "+"; -- sep_mv_len = 1; -- indent = 0; -- break; -- -- case XN_FLAG_SEP_CPLUS_SPC: -- sep_dn = ", "; -- sep_dn_len = 2; -- sep_mv = " + "; -- sep_mv_len = 3; -- indent = 0; -- break; -- -- case XN_FLAG_SEP_SPLUS_SPC: -- sep_dn = "; "; -- sep_dn_len = 2; -- sep_mv = " + "; -- sep_mv_len = 3; -- indent = 0; -- break; -- -- default: -- return -1; -- } -- -- if(flags & XN_FLAG_SPC_EQ) { -- sep_eq = " = "; -- sep_eq_len = 3; -- } else { -- sep_eq = "="; -- sep_eq_len = 1; -- } -- -- fn_opt = flags & XN_FLAG_FN_MASK; -- -- cnt = X509_NAME_entry_count(n); -- for(i = 0; i < cnt; i++) { -- if(flags & XN_FLAG_DN_REV) -- ent = X509_NAME_get_entry(n, cnt - i - 1); -- else ent = X509_NAME_get_entry(n, i); -- if(prev != -1) { -- if(prev == ent->set) { -- if(!io_ch(arg, sep_mv, sep_mv_len)) return -1; -- outlen += sep_mv_len; -- } else { -- if(!io_ch(arg, sep_dn, sep_dn_len)) return -1; -- outlen += sep_dn_len; -- if(!do_indent(io_ch, arg, indent)) return -1; -- outlen += indent; -- } -- } -- prev = ent->set; -- fn = X509_NAME_ENTRY_get_object(ent); -- val = X509_NAME_ENTRY_get_data(ent); -- fn_nid = OBJ_obj2nid(fn); -- if(fn_opt != XN_FLAG_FN_NONE) { -- int objlen, fld_len; -- if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { -- OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); -- fld_len = 0; /* XXX: what should this be? */ -- objbuf = objtmp; -- } else { -- if(fn_opt == XN_FLAG_FN_SN) { -- fld_len = FN_WIDTH_SN; -- objbuf = OBJ_nid2sn(fn_nid); -- } else if(fn_opt == XN_FLAG_FN_LN) { -- fld_len = FN_WIDTH_LN; -- objbuf = OBJ_nid2ln(fn_nid); -- } else { -- fld_len = 0; /* XXX: what should this be? */ -- objbuf = ""; -- } -- } -- objlen = strlen(objbuf); -- if(!io_ch(arg, objbuf, objlen)) return -1; -- if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { -- if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; -- outlen += fld_len - objlen; -- } -- if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; -- outlen += objlen + sep_eq_len; -- } -- /* If the field name is unknown then fix up the DER dump -- * flag. We might want to limit this further so it will -- * DER dump on anything other than a few 'standard' fields. -- */ -- if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) -- orflags = ASN1_STRFLGS_DUMP_ALL; -- else orflags = 0; -- -- len = do_print_ex(io_ch, arg, flags | orflags, val); -- if(len < 0) return -1; -- outlen += len; -- } -- return outlen; -+ int i, prev = -1, orflags, cnt; -+ int fn_opt, fn_nid; -+ ASN1_OBJECT *fn; -+ ASN1_STRING *val; -+ X509_NAME_ENTRY *ent; -+ char objtmp[80]; -+ const char *objbuf; -+ int outlen, len; -+ char *sep_dn, *sep_mv, *sep_eq; -+ int sep_dn_len, sep_mv_len, sep_eq_len; -+ if (indent < 0) -+ indent = 0; -+ outlen = indent; -+ if (!do_indent(io_ch, arg, indent)) -+ return -1; -+ switch (flags & XN_FLAG_SEP_MASK) { -+ case XN_FLAG_SEP_MULTILINE: -+ sep_dn = "\n"; -+ sep_dn_len = 1; -+ sep_mv = " + "; -+ sep_mv_len = 3; -+ break; -+ -+ case XN_FLAG_SEP_COMMA_PLUS: -+ sep_dn = ","; -+ sep_dn_len = 1; -+ sep_mv = "+"; -+ sep_mv_len = 1; -+ indent = 0; -+ break; -+ -+ case XN_FLAG_SEP_CPLUS_SPC: -+ sep_dn = ", "; -+ sep_dn_len = 2; -+ sep_mv = " + "; -+ sep_mv_len = 3; -+ indent = 0; -+ break; -+ -+ case XN_FLAG_SEP_SPLUS_SPC: -+ sep_dn = "; "; -+ sep_dn_len = 2; -+ sep_mv = " + "; -+ sep_mv_len = 3; -+ indent = 0; -+ break; -+ -+ default: -+ return -1; -+ } -+ -+ if (flags & XN_FLAG_SPC_EQ) { -+ sep_eq = " = "; -+ sep_eq_len = 3; -+ } else { -+ sep_eq = "="; -+ sep_eq_len = 1; -+ } -+ -+ fn_opt = flags & XN_FLAG_FN_MASK; -+ -+ cnt = X509_NAME_entry_count(n); -+ for (i = 0; i < cnt; i++) { -+ if (flags & XN_FLAG_DN_REV) -+ ent = X509_NAME_get_entry(n, cnt - i - 1); -+ else -+ ent = X509_NAME_get_entry(n, i); -+ if (prev != -1) { -+ if (prev == ent->set) { -+ if (!io_ch(arg, sep_mv, sep_mv_len)) -+ return -1; -+ outlen += sep_mv_len; -+ } else { -+ if (!io_ch(arg, sep_dn, sep_dn_len)) -+ return -1; -+ outlen += sep_dn_len; -+ if (!do_indent(io_ch, arg, indent)) -+ return -1; -+ outlen += indent; -+ } -+ } -+ prev = ent->set; -+ fn = X509_NAME_ENTRY_get_object(ent); -+ val = X509_NAME_ENTRY_get_data(ent); -+ fn_nid = OBJ_obj2nid(fn); -+ if (fn_opt != XN_FLAG_FN_NONE) { -+ int objlen, fld_len; -+ if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { -+ OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); -+ fld_len = 0; /* XXX: what should this be? */ -+ objbuf = objtmp; -+ } else { -+ if (fn_opt == XN_FLAG_FN_SN) { -+ fld_len = FN_WIDTH_SN; -+ objbuf = OBJ_nid2sn(fn_nid); -+ } else if (fn_opt == XN_FLAG_FN_LN) { -+ fld_len = FN_WIDTH_LN; -+ objbuf = OBJ_nid2ln(fn_nid); -+ } else { -+ fld_len = 0; /* XXX: what should this be? */ -+ objbuf = ""; -+ } -+ } -+ objlen = strlen(objbuf); -+ if (!io_ch(arg, objbuf, objlen)) -+ return -1; -+ if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { -+ if (!do_indent(io_ch, arg, fld_len - objlen)) -+ return -1; -+ outlen += fld_len - objlen; -+ } -+ if (!io_ch(arg, sep_eq, sep_eq_len)) -+ return -1; -+ outlen += objlen + sep_eq_len; -+ } -+ /* -+ * If the field name is unknown then fix up the DER dump flag. We -+ * might want to limit this further so it will DER dump on anything -+ * other than a few 'standard' fields. -+ */ -+ if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) -+ orflags = ASN1_STRFLGS_DUMP_ALL; -+ else -+ orflags = 0; -+ -+ len = do_print_ex(io_ch, arg, flags | orflags, val); -+ if (len < 0) -+ return -1; -+ outlen += len; -+ } -+ return outlen; - } - - /* Wrappers round the main functions */ - --int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) -+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, -+ unsigned long flags) - { -- if(flags == XN_FLAG_COMPAT) -- return X509_NAME_print(out, nm, indent); -- return do_name_ex(send_bio_chars, out, nm, indent, flags); -+ if (flags == XN_FLAG_COMPAT) -+ return X509_NAME_print(out, nm, indent); -+ return do_name_ex(send_bio_chars, out, nm, indent, flags); - } - - #ifndef OPENSSL_NO_FP_API --int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) -+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, -+ unsigned long flags) - { -- if(flags == XN_FLAG_COMPAT) -- { -- BIO *btmp; -- int ret; -- btmp = BIO_new_fp(fp, BIO_NOCLOSE); -- if(!btmp) return -1; -- ret = X509_NAME_print(btmp, nm, indent); -- BIO_free(btmp); -- return ret; -- } -- return do_name_ex(send_fp_chars, fp, nm, indent, flags); -+ if (flags == XN_FLAG_COMPAT) { -+ BIO *btmp; -+ int ret; -+ btmp = BIO_new_fp(fp, BIO_NOCLOSE); -+ if (!btmp) -+ return -1; -+ ret = X509_NAME_print(btmp, nm, indent); -+ BIO_free(btmp); -+ return ret; -+ } -+ return do_name_ex(send_fp_chars, fp, nm, indent, flags); - } - #endif - - int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) - { -- return do_print_ex(send_bio_chars, out, flags, str); -+ return do_print_ex(send_bio_chars, out, flags, str); - } - - #ifndef OPENSSL_NO_FP_API - int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) - { -- return do_print_ex(send_fp_chars, fp, flags, str); -+ return do_print_ex(send_fp_chars, fp, flags, str); - } - #endif - --/* Utility function: convert any string type to UTF8, returns number of bytes -+/* -+ * Utility function: convert any string type to UTF8, returns number of bytes - * in output string or a negative error code - */ - - int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) - { -- ASN1_STRING stmp, *str = &stmp; -- int mbflag, type, ret; -- if(!in) return -1; -- type = in->type; -- if((type < 0) || (type > 30)) return -1; -- mbflag = tag2nbyte[type]; -- if(mbflag == -1) return -1; -- mbflag |= MBSTRING_FLAG; -- stmp.data = NULL; -- stmp.length = 0; -- ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); -- if(ret < 0) return ret; -- *out = stmp.data; -- return stmp.length; -+ ASN1_STRING stmp, *str = &stmp; -+ int mbflag, type, ret; -+ if (!in) -+ return -1; -+ type = in->type; -+ if ((type < 0) || (type > 30)) -+ return -1; -+ mbflag = tag2nbyte[type]; -+ if (mbflag == -1) -+ return -1; -+ mbflag |= MBSTRING_FLAG; -+ stmp.data = NULL; -+ stmp.length = 0; -+ ret = -+ ASN1_mbstring_copy(&str, in->data, in->length, mbflag, -+ B_ASN1_UTF8STRING); -+ if (ret < 0) -+ return ret; -+ *out = stmp.data; -+ return stmp.length; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -index 9b7d688..1796fba 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c -@@ -1,6 +1,7 @@ - /* a_strnid.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,32 +63,32 @@ - #include - #include - -- - static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; - static void st_free(ASN1_STRING_TABLE *tbl); --static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, -- const ASN1_STRING_TABLE * const *b); -+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, -+ const ASN1_STRING_TABLE *const *b); - static int table_cmp(const void *a, const void *b); - -- --/* This is the global mask for the mbstring functions: this is use to -- * mask out certain types (such as BMPString and UTF8String) because -- * certain software (e.g. Netscape) has problems with them. -+/* -+ * This is the global mask for the mbstring functions: this is use to mask -+ * out certain types (such as BMPString and UTF8String) because certain -+ * software (e.g. Netscape) has problems with them. - */ - - static unsigned long global_mask = B_ASN1_UTF8STRING; - - void ASN1_STRING_set_default_mask(unsigned long mask) - { -- global_mask = mask; -+ global_mask = mask; - } - - unsigned long ASN1_STRING_get_default_mask(void) - { -- return global_mask; -+ return global_mask; - } - --/* This function sets the default to various "flavours" of configuration. -+/*- -+ * This function sets the default to various "flavours" of configuration. - * based on an ASCII string. Currently this is: - * MASK:XXXX : a numerical mask value. - * nobmp : Don't use BMPStrings (just Printable, T61). -@@ -98,159 +99,185 @@ unsigned long ASN1_STRING_get_default_mask(void) - - int ASN1_STRING_set_default_mask_asc(const char *p) - { -- unsigned long mask; -- char *end; -- if(!strncmp(p, "MASK:", 5)) { -- if(!p[5]) return 0; -- mask = strtoul(p + 5, &end, 0); -- if(*end) return 0; -- } else if(!strcmp(p, "nombstr")) -- mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); -- else if(!strcmp(p, "pkix")) -- mask = ~((unsigned long)B_ASN1_T61STRING); -- else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; -- else if(!strcmp(p, "default")) -- mask = 0xFFFFFFFFL; -- else return 0; -- ASN1_STRING_set_default_mask(mask); -- return 1; -+ unsigned long mask; -+ char *end; -+ if (!strncmp(p, "MASK:", 5)) { -+ if (!p[5]) -+ return 0; -+ mask = strtoul(p + 5, &end, 0); -+ if (*end) -+ return 0; -+ } else if (!strcmp(p, "nombstr")) -+ mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); -+ else if (!strcmp(p, "pkix")) -+ mask = ~((unsigned long)B_ASN1_T61STRING); -+ else if (!strcmp(p, "utf8only")) -+ mask = B_ASN1_UTF8STRING; -+ else if (!strcmp(p, "default")) -+ mask = 0xFFFFFFFFL; -+ else -+ return 0; -+ ASN1_STRING_set_default_mask(mask); -+ return 1; - } - --/* The following function generates an ASN1_STRING based on limits in a table. -- * Frequently the types and length of an ASN1_STRING are restricted by a -- * corresponding OID. For example certificates and certificate requests. -+/* -+ * The following function generates an ASN1_STRING based on limits in a -+ * table. Frequently the types and length of an ASN1_STRING are restricted by -+ * a corresponding OID. For example certificates and certificate requests. - */ - --ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, -- int inlen, int inform, int nid) -+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, -+ const unsigned char *in, int inlen, -+ int inform, int nid) - { -- ASN1_STRING_TABLE *tbl; -- ASN1_STRING *str = NULL; -- unsigned long mask; -- int ret; -- if(!out) out = &str; -- tbl = ASN1_STRING_TABLE_get(nid); -- if(tbl) { -- mask = tbl->mask; -- if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; -- ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, -- tbl->minsize, tbl->maxsize); -- } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); -- if(ret <= 0) return NULL; -- return *out; -+ ASN1_STRING_TABLE *tbl; -+ ASN1_STRING *str = NULL; -+ unsigned long mask; -+ int ret; -+ if (!out) -+ out = &str; -+ tbl = ASN1_STRING_TABLE_get(nid); -+ if (tbl) { -+ mask = tbl->mask; -+ if (!(tbl->flags & STABLE_NO_MASK)) -+ mask &= global_mask; -+ ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, -+ tbl->minsize, tbl->maxsize); -+ } else -+ ret = -+ ASN1_mbstring_copy(out, in, inlen, inform, -+ DIRSTRING_TYPE & global_mask); -+ if (ret <= 0) -+ return NULL; -+ return *out; - } - --/* Now the tables and helper functions for the string table: -+/* -+ * Now the tables and helper functions for the string table: - */ - - /* size limits: this stuff is taken straight from RFC3280 */ - --#define ub_name 32768 --#define ub_common_name 64 --#define ub_locality_name 128 --#define ub_state_name 128 --#define ub_organization_name 64 --#define ub_organization_unit_name 64 --#define ub_title 64 --#define ub_email_address 128 --#define ub_serial_number 64 -- -+#define ub_name 32768 -+#define ub_common_name 64 -+#define ub_locality_name 128 -+#define ub_state_name 128 -+#define ub_organization_name 64 -+#define ub_organization_unit_name 64 -+#define ub_title 64 -+#define ub_email_address 128 -+#define ub_serial_number 64 - - /* This table must be kept in NID order */ - - static ASN1_STRING_TABLE tbl_standard[] = { --{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, --{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, --{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, --{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, --{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, --{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, --{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, --{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, --{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, --{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, --{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, --{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, --{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, --{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, --{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, --{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, --{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, --{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, --{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} -+ {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, -+ {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -+ {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, -+ {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, -+ {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, -+ {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, -+ 0}, -+ {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, -+ STABLE_NO_MASK}, -+ {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, -+ {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, -+ {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, -+ {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, -+ {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, -+ {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, -+ {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, -+ STABLE_NO_MASK}, -+ {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, -+ {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, -+ {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -+ {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, -+ {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} - }; - --static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, -- const ASN1_STRING_TABLE * const *b) -+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, -+ const ASN1_STRING_TABLE *const *b) - { -- return (*a)->nid - (*b)->nid; -+ return (*a)->nid - (*b)->nid; - } - - static int table_cmp(const void *a, const void *b) - { -- const ASN1_STRING_TABLE *sa = a, *sb = b; -- return sa->nid - sb->nid; -+ const ASN1_STRING_TABLE *sa = a, *sb = b; -+ return sa->nid - sb->nid; - } - - ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) - { -- int idx; -- ASN1_STRING_TABLE *ttmp; -- ASN1_STRING_TABLE fnd; -- fnd.nid = nid; -- ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, -- (char *)tbl_standard, -- sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), -- sizeof(ASN1_STRING_TABLE), table_cmp); -- if(ttmp) return ttmp; -- if(!stable) return NULL; -- idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); -- if(idx < 0) return NULL; -- return sk_ASN1_STRING_TABLE_value(stable, idx); -+ int idx; -+ ASN1_STRING_TABLE *ttmp; -+ ASN1_STRING_TABLE fnd; -+ fnd.nid = nid; -+ ttmp = (ASN1_STRING_TABLE *)OBJ_bsearch((char *)&fnd, -+ (char *)tbl_standard, -+ sizeof(tbl_standard) / -+ sizeof(ASN1_STRING_TABLE), -+ sizeof(ASN1_STRING_TABLE), -+ table_cmp); -+ if (ttmp) -+ return ttmp; -+ if (!stable) -+ return NULL; -+ idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); -+ if (idx < 0) -+ return NULL; -+ return sk_ASN1_STRING_TABLE_value(stable, idx); - } -- -+ - int ASN1_STRING_TABLE_add(int nid, -- long minsize, long maxsize, unsigned long mask, -- unsigned long flags) -+ long minsize, long maxsize, unsigned long mask, -+ unsigned long flags) - { -- ASN1_STRING_TABLE *tmp; -- char new_nid = 0; -- flags &= ~STABLE_FLAGS_MALLOC; -- if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); -- if(!stable) { -- ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if(!(tmp = ASN1_STRING_TABLE_get(nid))) { -- tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); -- if(!tmp) { -- ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- tmp->flags = flags | STABLE_FLAGS_MALLOC; -- tmp->nid = nid; -- new_nid = 1; -- } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; -- if(minsize != -1) tmp->minsize = minsize; -- if(maxsize != -1) tmp->maxsize = maxsize; -- tmp->mask = mask; -- if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); -- return 1; -+ ASN1_STRING_TABLE *tmp; -+ char new_nid = 0; -+ flags &= ~STABLE_FLAGS_MALLOC; -+ if (!stable) -+ stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); -+ if (!stable) { -+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!(tmp = ASN1_STRING_TABLE_get(nid))) { -+ tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); -+ if (!tmp) { -+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ tmp->flags = flags | STABLE_FLAGS_MALLOC; -+ tmp->nid = nid; -+ new_nid = 1; -+ } else -+ tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; -+ if (minsize != -1) -+ tmp->minsize = minsize; -+ if (maxsize != -1) -+ tmp->maxsize = maxsize; -+ tmp->mask = mask; -+ if (new_nid) -+ sk_ASN1_STRING_TABLE_push(stable, tmp); -+ return 1; - } - - void ASN1_STRING_TABLE_cleanup(void) - { -- STACK_OF(ASN1_STRING_TABLE) *tmp; -- tmp = stable; -- if(!tmp) return; -- stable = NULL; -- sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); -+ STACK_OF(ASN1_STRING_TABLE) *tmp; -+ tmp = stable; -+ if (!tmp) -+ return; -+ stable = NULL; -+ sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); - } - - static void st_free(ASN1_STRING_TABLE *tbl) - { -- if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); -+ if (tbl->flags & STABLE_FLAGS_MALLOC) -+ OPENSSL_free(tbl); - } - - -@@ -260,30 +287,27 @@ IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) - - main() - { -- ASN1_STRING_TABLE *tmp; -- int i, last_nid = -1; -- -- for (tmp = tbl_standard, i = 0; -- i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) -- { -- if (tmp->nid < last_nid) -- { -- last_nid = 0; -- break; -- } -- last_nid = tmp->nid; -- } -- -- if (last_nid != 0) -- { -- printf("Table order OK\n"); -- exit(0); -- } -- -- for (tmp = tbl_standard, i = 0; -- i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) -- printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, -- OBJ_nid2ln(tmp->nid)); -+ ASN1_STRING_TABLE *tmp; -+ int i, last_nid = -1; -+ -+ for (tmp = tbl_standard, i = 0; -+ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) { -+ if (tmp->nid < last_nid) { -+ last_nid = 0; -+ break; -+ } -+ last_nid = tmp->nid; -+ } -+ -+ if (last_nid != 0) { -+ printf("Table order OK\n"); -+ exit(0); -+ } -+ -+ for (tmp = tbl_standard, i = 0; -+ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) -+ printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, -+ OBJ_nid2ln(tmp->nid)); - - } - -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c -index 159681f..34ac720 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_time.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_time.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,8 +53,8 @@ - * - */ - -- --/* This is an implementation of the ASN1 Time structure which is: -+/*- -+ * This is an implementation of the ASN1 Time structure which is: - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } -@@ -73,92 +73,94 @@ IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) - - #if 0 - int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) -- { --#ifdef CHARSET_EBCDIC -- /* KLUDGE! We convert to ascii before writing DER */ -- char tmp[24]; -- ASN1_STRING tmpstr; -- -- if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { -- int len; -- -- tmpstr = *(ASN1_STRING *)a; -- len = tmpstr.length; -- ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); -- tmpstr.data = tmp; -- a = (ASN1_GENERALIZEDTIME *) &tmpstr; -- } --#endif -- if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) -- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, -- a->type ,V_ASN1_UNIVERSAL)); -- ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME); -- return -1; -- } -+{ -+# ifdef CHARSET_EBCDIC -+ /* KLUDGE! We convert to ascii before writing DER */ -+ char tmp[24]; -+ ASN1_STRING tmpstr; -+ -+ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { -+ int len; -+ -+ tmpstr = *(ASN1_STRING *)a; -+ len = tmpstr.length; -+ ebcdic2ascii(tmp, tmpstr.data, -+ (len >= sizeof tmp) ? sizeof tmp : len); -+ tmpstr.data = tmp; -+ a = (ASN1_GENERALIZEDTIME *)&tmpstr; -+ } -+# endif -+ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) -+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, -+ a->type, V_ASN1_UNIVERSAL)); -+ ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME); -+ return -1; -+} - #endif - -- - ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) -- { -- struct tm *ts; -- struct tm data; -- -- ts=OPENSSL_gmtime(&t,&data); -- if (ts == NULL) -- { -- ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); -- return NULL; -- } -- if((ts->tm_year >= 50) && (ts->tm_year < 150)) -- return ASN1_UTCTIME_set(s, t); -- return ASN1_GENERALIZEDTIME_set(s,t); -- } -+{ -+ struct tm *ts; -+ struct tm data; -+ -+ ts = OPENSSL_gmtime(&t, &data); -+ if (ts == NULL) { -+ ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); -+ return NULL; -+ } -+ if ((ts->tm_year >= 50) && (ts->tm_year < 150)) -+ return ASN1_UTCTIME_set(s, t); -+ return ASN1_GENERALIZEDTIME_set(s, t); -+} - - int ASN1_TIME_check(ASN1_TIME *t) -- { -- if (t->type == V_ASN1_GENERALIZEDTIME) -- return ASN1_GENERALIZEDTIME_check(t); -- else if (t->type == V_ASN1_UTCTIME) -- return ASN1_UTCTIME_check(t); -- return 0; -- } -+{ -+ if (t->type == V_ASN1_GENERALIZEDTIME) -+ return ASN1_GENERALIZEDTIME_check(t); -+ else if (t->type == V_ASN1_UTCTIME) -+ return ASN1_UTCTIME_check(t); -+ return 0; -+} - - /* Convert an ASN1_TIME structure to GeneralizedTime */ --ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) -- { -- ASN1_GENERALIZEDTIME *ret; -- char *str; -- int newlen; -- -- if (!ASN1_TIME_check(t)) return NULL; -- -- if (!out || !*out) -- { -- if (!(ret = ASN1_GENERALIZEDTIME_new ())) -- return NULL; -- if (out) *out = ret; -- } -- else ret = *out; -- -- /* If already GeneralizedTime just copy across */ -- if (t->type == V_ASN1_GENERALIZEDTIME) -- { -- if(!ASN1_STRING_set(ret, t->data, t->length)) -- return NULL; -- return ret; -- } -- -- /* grow the string */ -- if (!ASN1_STRING_set(ret, NULL, t->length + 2)) -- return NULL; -- /* ASN1_STRING_set() allocated 'len + 1' bytes. */ -- newlen = t->length + 2 + 1; -- str = (char *)ret->data; -- /* Work out the century and prepend */ -- if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen); -- else BUF_strlcpy(str, "20", newlen); -- -- BUF_strlcat(str, (char *)t->data, newlen); -- -- return ret; -- } -+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, -+ ASN1_GENERALIZEDTIME **out) -+{ -+ ASN1_GENERALIZEDTIME *ret; -+ char *str; -+ int newlen; -+ -+ if (!ASN1_TIME_check(t)) -+ return NULL; -+ -+ if (!out || !*out) { -+ if (!(ret = ASN1_GENERALIZEDTIME_new())) -+ return NULL; -+ if (out) -+ *out = ret; -+ } else -+ ret = *out; -+ -+ /* If already GeneralizedTime just copy across */ -+ if (t->type == V_ASN1_GENERALIZEDTIME) { -+ if (!ASN1_STRING_set(ret, t->data, t->length)) -+ return NULL; -+ return ret; -+ } -+ -+ /* grow the string */ -+ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) -+ return NULL; -+ /* ASN1_STRING_set() allocated 'len + 1' bytes. */ -+ newlen = t->length + 2 + 1; -+ str = (char *)ret->data; -+ /* Work out the century and prepend */ -+ if (t->data[0] >= '5') -+ BUF_strlcpy(str, "19", newlen); -+ else -+ BUF_strlcpy(str, "20", newlen); -+ -+ BUF_strlcat(str, (char *)t->data, newlen); -+ -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c -index 36becea..69a5cf6 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_type.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_type.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,49 +62,93 @@ - #include - - int ASN1_TYPE_get(ASN1_TYPE *a) -- { -- if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) -- return(a->type); -- else -- return(0); -- } -+{ -+ if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) -+ return (a->type); -+ else -+ return (0); -+} - - void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) -- { -- if (a->value.ptr != NULL) -- { -- ASN1_TYPE **tmp_a = &a; -- ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); -- } -- a->type=type; -- a->value.ptr=value; -- } -+{ -+ if (a->value.ptr != NULL) { -+ ASN1_TYPE **tmp_a = &a; -+ ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); -+ } -+ a->type = type; -+ a->value.ptr = value; -+} - - int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) -- { -- if (!value || (type == V_ASN1_BOOLEAN)) -- { -- void *p = (void *)value; -- ASN1_TYPE_set(a, type, p); -- } -- else if (type == V_ASN1_OBJECT) -- { -- ASN1_OBJECT *odup; -- odup = OBJ_dup(value); -- if (!odup) -- return 0; -- ASN1_TYPE_set(a, type, odup); -- } -- else -- { -- ASN1_STRING *sdup; -- sdup = ASN1_STRING_dup((ASN1_STRING *)value); -- if (!sdup) -- return 0; -- ASN1_TYPE_set(a, type, sdup); -- } -- return 1; -- } -+{ -+ if (!value || (type == V_ASN1_BOOLEAN)) { -+ void *p = (void *)value; -+ ASN1_TYPE_set(a, type, p); -+ } else if (type == V_ASN1_OBJECT) { -+ ASN1_OBJECT *odup; -+ odup = OBJ_dup(value); -+ if (!odup) -+ return 0; -+ ASN1_TYPE_set(a, type, odup); -+ } else { -+ ASN1_STRING *sdup; -+ sdup = ASN1_STRING_dup((ASN1_STRING *)value); -+ if (!sdup) -+ return 0; -+ ASN1_TYPE_set(a, type, sdup); -+ } -+ return 1; -+} - - IMPLEMENT_STACK_OF(ASN1_TYPE) -+ - IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) -+ -+/* Returns 0 if they are equal, != 0 otherwise. */ -+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) -+{ -+ int result = -1; -+ -+ if (!a || !b || a->type != b->type) -+ return -1; -+ -+ switch (a->type) { -+ case V_ASN1_OBJECT: -+ result = OBJ_cmp(a->value.object, b->value.object); -+ break; -+ case V_ASN1_BOOLEAN: -+ result = a->value.boolean - b->value.boolean; -+ break; -+ case V_ASN1_NULL: -+ result = 0; /* They do not have content. */ -+ break; -+ case V_ASN1_INTEGER: -+ case V_ASN1_NEG_INTEGER: -+ case V_ASN1_ENUMERATED: -+ case V_ASN1_NEG_ENUMERATED: -+ case V_ASN1_BIT_STRING: -+ case V_ASN1_OCTET_STRING: -+ case V_ASN1_SEQUENCE: -+ case V_ASN1_SET: -+ case V_ASN1_NUMERICSTRING: -+ case V_ASN1_PRINTABLESTRING: -+ case V_ASN1_T61STRING: -+ case V_ASN1_VIDEOTEXSTRING: -+ case V_ASN1_IA5STRING: -+ case V_ASN1_UTCTIME: -+ case V_ASN1_GENERALIZEDTIME: -+ case V_ASN1_GRAPHICSTRING: -+ case V_ASN1_VISIBLESTRING: -+ case V_ASN1_GENERALSTRING: -+ case V_ASN1_UNIVERSALSTRING: -+ case V_ASN1_BMPSTRING: -+ case V_ASN1_UTF8STRING: -+ case V_ASN1_OTHER: -+ default: -+ result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr, -+ (ASN1_STRING *)b->value.ptr); -+ break; -+ } -+ -+ return result; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c -index d31c028..2aabc67 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,240 +64,241 @@ - - #if 0 - int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) -- { --#ifndef CHARSET_EBCDIC -- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, -- V_ASN1_UTCTIME,V_ASN1_UNIVERSAL)); --#else -- /* KLUDGE! We convert to ascii before writing DER */ -- int len; -- char tmp[24]; -- ASN1_STRING x = *(ASN1_STRING *)a; -- -- len = x.length; -- ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); -- x.data = tmp; -- return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); --#endif -- } -- -+{ -+# ifndef CHARSET_EBCDIC -+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, -+ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL)); -+# else -+ /* KLUDGE! We convert to ascii before writing DER */ -+ int len; -+ char tmp[24]; -+ ASN1_STRING x = *(ASN1_STRING *)a; -+ -+ len = x.length; -+ ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); -+ x.data = tmp; -+ return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); -+# endif -+} - - ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, -- long length) -- { -- ASN1_UTCTIME *ret=NULL; -- -- ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, -- V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); -- if (ret == NULL) -- { -- ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR); -- return(NULL); -- } --#ifdef CHARSET_EBCDIC -- ascii2ebcdic(ret->data, ret->data, ret->length); --#endif -- if (!ASN1_UTCTIME_check(ret)) -- { -- ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT); -- goto err; -- } -- -- return(ret); --err: -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -- M_ASN1_UTCTIME_free(ret); -- return(NULL); -- } -+ long length) -+{ -+ ASN1_UTCTIME *ret = NULL; -+ -+ ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, -+ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); -+ if (ret == NULL) { -+ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR); -+ return (NULL); -+ } -+# ifdef CHARSET_EBCDIC -+ ascii2ebcdic(ret->data, ret->data, ret->length); -+# endif -+ if (!ASN1_UTCTIME_check(ret)) { -+ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT); -+ goto err; -+ } -+ -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ M_ASN1_UTCTIME_free(ret); -+ return (NULL); -+} - - #endif - - int ASN1_UTCTIME_check(ASN1_UTCTIME *d) -- { -- static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; -- static int max[8]={99,12,31,23,59,59,12,59}; -- char *a; -- int n,i,l,o; -- -- if (d->type != V_ASN1_UTCTIME) return(0); -- l=d->length; -- a=(char *)d->data; -- o=0; -- -- if (l < 11) goto err; -- for (i=0; i<6; i++) -- { -- if ((i == 5) && ((a[o] == 'Z') || -- (a[o] == '+') || (a[o] == '-'))) -- { i++; break; } -- if ((a[o] < '0') || (a[o] > '9')) goto err; -- n= a[o]-'0'; -- if (++o > l) goto err; -- -- if ((a[o] < '0') || (a[o] > '9')) goto err; -- n=(n*10)+ a[o]-'0'; -- if (++o > l) goto err; -- -- if ((n < min[i]) || (n > max[i])) goto err; -- } -- if (a[o] == 'Z') -- o++; -- else if ((a[o] == '+') || (a[o] == '-')) -- { -- o++; -- if (o+4 > l) goto err; -- for (i=6; i<8; i++) -- { -- if ((a[o] < '0') || (a[o] > '9')) goto err; -- n= a[o]-'0'; -- o++; -- if ((a[o] < '0') || (a[o] > '9')) goto err; -- n=(n*10)+ a[o]-'0'; -- if ((n < min[i]) || (n > max[i])) goto err; -- o++; -- } -- } -- return(o == l); --err: -- return(0); -- } -+{ -+ static int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; -+ static int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 }; -+ char *a; -+ int n, i, l, o; -+ -+ if (d->type != V_ASN1_UTCTIME) -+ return (0); -+ l = d->length; -+ a = (char *)d->data; -+ o = 0; -+ -+ if (l < 11) -+ goto err; -+ for (i = 0; i < 6; i++) { -+ if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { -+ i++; -+ break; -+ } -+ if ((a[o] < '0') || (a[o] > '9')) -+ goto err; -+ n = a[o] - '0'; -+ if (++o > l) -+ goto err; -+ -+ if ((a[o] < '0') || (a[o] > '9')) -+ goto err; -+ n = (n * 10) + a[o] - '0'; -+ if (++o > l) -+ goto err; -+ -+ if ((n < min[i]) || (n > max[i])) -+ goto err; -+ } -+ if (a[o] == 'Z') -+ o++; -+ else if ((a[o] == '+') || (a[o] == '-')) { -+ o++; -+ if (o + 4 > l) -+ goto err; -+ for (i = 6; i < 8; i++) { -+ if ((a[o] < '0') || (a[o] > '9')) -+ goto err; -+ n = a[o] - '0'; -+ o++; -+ if ((a[o] < '0') || (a[o] > '9')) -+ goto err; -+ n = (n * 10) + a[o] - '0'; -+ if ((n < min[i]) || (n > max[i])) -+ goto err; -+ o++; -+ } -+ } -+ return (o == l); -+ err: -+ return (0); -+} - - int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) -- { -- ASN1_UTCTIME t; -- -- t.type=V_ASN1_UTCTIME; -- t.length=strlen(str); -- t.data=(unsigned char *)str; -- if (ASN1_UTCTIME_check(&t)) -- { -- if (s != NULL) -- { -- if (!ASN1_STRING_set((ASN1_STRING *)s, -- (unsigned char *)str,t.length)) -- return 0; -- s->type = V_ASN1_UTCTIME; -- } -- return(1); -- } -- else -- return(0); -- } -+{ -+ ASN1_UTCTIME t; -+ -+ t.type = V_ASN1_UTCTIME; -+ t.length = strlen(str); -+ t.data = (unsigned char *)str; -+ if (ASN1_UTCTIME_check(&t)) { -+ if (s != NULL) { -+ if (!ASN1_STRING_set((ASN1_STRING *)s, -+ (unsigned char *)str, t.length)) -+ return 0; -+ s->type = V_ASN1_UTCTIME; -+ } -+ return (1); -+ } else -+ return (0); -+} - - ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) -- { -- char *p; -- struct tm *ts; -- struct tm data; -- size_t len = 20; -- -- if (s == NULL) -- s=M_ASN1_UTCTIME_new(); -- if (s == NULL) -- return(NULL); -- -- ts=OPENSSL_gmtime(&t, &data); -- if (ts == NULL) -- return(NULL); -- -- p=(char *)s->data; -- if ((p == NULL) || ((size_t)s->length < len)) -- { -- p=OPENSSL_malloc(len); -- if (p == NULL) -- { -- ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- if (s->data != NULL) -- OPENSSL_free(s->data); -- s->data=(unsigned char *)p; -- } -- -- BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, -- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); -- s->length=strlen(p); -- s->type=V_ASN1_UTCTIME; -+{ -+ char *p; -+ struct tm *ts; -+ struct tm data; -+ size_t len = 20; -+ -+ if (s == NULL) -+ s = M_ASN1_UTCTIME_new(); -+ if (s == NULL) -+ return (NULL); -+ -+ ts = OPENSSL_gmtime(&t, &data); -+ if (ts == NULL) -+ return (NULL); -+ -+ p = (char *)s->data; -+ if ((p == NULL) || ((size_t)s->length < len)) { -+ p = OPENSSL_malloc(len); -+ if (p == NULL) { -+ ASN1err(ASN1_F_ASN1_UTCTIME_SET, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ if (s->data != NULL) -+ OPENSSL_free(s->data); -+ s->data = (unsigned char *)p; -+ } -+ -+ BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100, -+ ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, -+ ts->tm_sec); -+ s->length = strlen(p); -+ s->type = V_ASN1_UTCTIME; - #ifdef CHARSET_EBCDIC_not -- ebcdic2ascii(s->data, s->data, s->length); -+ ebcdic2ascii(s->data, s->data, s->length); - #endif -- return(s); -- } -- -+ return (s); -+} - - int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) -- { -- struct tm *tm; -- struct tm data; -- int offset; -- int year; -+{ -+ struct tm *tm; -+ struct tm data; -+ int offset; -+ int year; - - #define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') - -- if (s->data[12] == 'Z') -- offset=0; -- else -- { -- offset = g2(s->data+13)*60+g2(s->data+15); -- if (s->data[12] == '-') -- offset = -offset; -- } -+ if (s->data[12] == 'Z') -+ offset = 0; -+ else { -+ offset = g2(s->data + 13) * 60 + g2(s->data + 15); -+ if (s->data[12] == '-') -+ offset = -offset; -+ } - -- t -= offset*60; /* FIXME: may overflow in extreme cases */ -+ t -= offset * 60; /* FIXME: may overflow in extreme cases */ -+ -+ tm = OPENSSL_gmtime(&t, &data); - -- tm = OPENSSL_gmtime(&t, &data); -- - #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 -- year = g2(s->data); -- if (year < 50) -- year += 100; -- return_cmp(year, tm->tm_year); -- return_cmp(g2(s->data+2) - 1, tm->tm_mon); -- return_cmp(g2(s->data+4), tm->tm_mday); -- return_cmp(g2(s->data+6), tm->tm_hour); -- return_cmp(g2(s->data+8), tm->tm_min); -- return_cmp(g2(s->data+10), tm->tm_sec); -+ year = g2(s->data); -+ if (year < 50) -+ year += 100; -+ return_cmp(year, tm->tm_year); -+ return_cmp(g2(s->data + 2) - 1, tm->tm_mon); -+ return_cmp(g2(s->data + 4), tm->tm_mday); -+ return_cmp(g2(s->data + 6), tm->tm_hour); -+ return_cmp(g2(s->data + 8), tm->tm_min); -+ return_cmp(g2(s->data + 10), tm->tm_sec); - #undef g2 - #undef return_cmp - -- return 0; -- } -- -+ return 0; -+} - - #if 0 - time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) -- { -- struct tm tm; -- int offset; -- -- memset(&tm,'\0',sizeof tm); -- --#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') -- tm.tm_year=g2(s->data); -- if(tm.tm_year < 50) -- tm.tm_year+=100; -- tm.tm_mon=g2(s->data+2)-1; -- tm.tm_mday=g2(s->data+4); -- tm.tm_hour=g2(s->data+6); -- tm.tm_min=g2(s->data+8); -- tm.tm_sec=g2(s->data+10); -- if(s->data[12] == 'Z') -- offset=0; -- else -- { -- offset=g2(s->data+13)*60+g2(s->data+15); -- if(s->data[12] == '-') -- offset= -offset; -- } --#undef g2 -- -- return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone -- * instead of UTC, and unless we rewrite OpenSSL -- * in Lisp we cannot locally change the timezone -- * without possibly interfering with other parts -- * of the program. timegm, which uses UTC, is -- * non-standard. -- * Also time_t is inappropriate for general -- * UTC times because it may a 32 bit type. */ -- } -+{ -+ struct tm tm; -+ int offset; -+ -+ memset(&tm, '\0', sizeof tm); -+ -+# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') -+ tm.tm_year = g2(s->data); -+ if (tm.tm_year < 50) -+ tm.tm_year += 100; -+ tm.tm_mon = g2(s->data + 2) - 1; -+ tm.tm_mday = g2(s->data + 4); -+ tm.tm_hour = g2(s->data + 6); -+ tm.tm_min = g2(s->data + 8); -+ tm.tm_sec = g2(s->data + 10); -+ if (s->data[12] == 'Z') -+ offset = 0; -+ else { -+ offset = g2(s->data + 13) * 60 + g2(s->data + 15); -+ if (s->data[12] == '-') -+ offset = -offset; -+ } -+# undef g2 -+ -+ /* -+ * FIXME: mktime assumes the current timezone -+ * instead of UTC, and unless we rewrite OpenSSL -+ * in Lisp we cannot locally change the timezone -+ * without possibly interfering with other parts -+ * of the program. timegm, which uses UTC, is -+ * non-standard. -+ * Also time_t is inappropriate for general -+ * UTC times because it may a 32 bit type. -+ */ -+ return mktime(&tm) - offset * 60; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c -index 508e11e..23dc2e8 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,10 +60,10 @@ - #include "cryptlib.h" - #include - -- - /* UTF8 utilities */ - --/* This parses a UTF8 string one character at a time. It is passed a pointer -+/*- -+ * This parses a UTF8 string one character at a time. It is passed a pointer - * to the string and the length of the string. It sets 'value' to the value of - * the current character. It returns the number of characters read or a - * negative error code: -@@ -75,137 +75,163 @@ - - int UTF8_getc(const unsigned char *str, int len, unsigned long *val) - { -- const unsigned char *p; -- unsigned long value; -- int ret; -- if(len <= 0) return 0; -- p = str; -+ const unsigned char *p; -+ unsigned long value; -+ int ret; -+ if (len <= 0) -+ return 0; -+ p = str; - -- /* Check syntax and work out the encoded value (if correct) */ -- if((*p & 0x80) == 0) { -- value = *p++ & 0x7f; -- ret = 1; -- } else if((*p & 0xe0) == 0xc0) { -- if(len < 2) return -1; -- if((p[1] & 0xc0) != 0x80) return -3; -- value = (*p++ & 0x1f) << 6; -- value |= *p++ & 0x3f; -- if(value < 0x80) return -4; -- ret = 2; -- } else if((*p & 0xf0) == 0xe0) { -- if(len < 3) return -1; -- if( ((p[1] & 0xc0) != 0x80) -- || ((p[2] & 0xc0) != 0x80) ) return -3; -- value = (*p++ & 0xf) << 12; -- value |= (*p++ & 0x3f) << 6; -- value |= *p++ & 0x3f; -- if(value < 0x800) return -4; -- ret = 3; -- } else if((*p & 0xf8) == 0xf0) { -- if(len < 4) return -1; -- if( ((p[1] & 0xc0) != 0x80) -- || ((p[2] & 0xc0) != 0x80) -- || ((p[3] & 0xc0) != 0x80) ) return -3; -- value = ((unsigned long)(*p++ & 0x7)) << 18; -- value |= (*p++ & 0x3f) << 12; -- value |= (*p++ & 0x3f) << 6; -- value |= *p++ & 0x3f; -- if(value < 0x10000) return -4; -- ret = 4; -- } else if((*p & 0xfc) == 0xf8) { -- if(len < 5) return -1; -- if( ((p[1] & 0xc0) != 0x80) -- || ((p[2] & 0xc0) != 0x80) -- || ((p[3] & 0xc0) != 0x80) -- || ((p[4] & 0xc0) != 0x80) ) return -3; -- value = ((unsigned long)(*p++ & 0x3)) << 24; -- value |= ((unsigned long)(*p++ & 0x3f)) << 18; -- value |= ((unsigned long)(*p++ & 0x3f)) << 12; -- value |= (*p++ & 0x3f) << 6; -- value |= *p++ & 0x3f; -- if(value < 0x200000) return -4; -- ret = 5; -- } else if((*p & 0xfe) == 0xfc) { -- if(len < 6) return -1; -- if( ((p[1] & 0xc0) != 0x80) -- || ((p[2] & 0xc0) != 0x80) -- || ((p[3] & 0xc0) != 0x80) -- || ((p[4] & 0xc0) != 0x80) -- || ((p[5] & 0xc0) != 0x80) ) return -3; -- value = ((unsigned long)(*p++ & 0x1)) << 30; -- value |= ((unsigned long)(*p++ & 0x3f)) << 24; -- value |= ((unsigned long)(*p++ & 0x3f)) << 18; -- value |= ((unsigned long)(*p++ & 0x3f)) << 12; -- value |= (*p++ & 0x3f) << 6; -- value |= *p++ & 0x3f; -- if(value < 0x4000000) return -4; -- ret = 6; -- } else return -2; -- *val = value; -- return ret; -+ /* Check syntax and work out the encoded value (if correct) */ -+ if ((*p & 0x80) == 0) { -+ value = *p++ & 0x7f; -+ ret = 1; -+ } else if ((*p & 0xe0) == 0xc0) { -+ if (len < 2) -+ return -1; -+ if ((p[1] & 0xc0) != 0x80) -+ return -3; -+ value = (*p++ & 0x1f) << 6; -+ value |= *p++ & 0x3f; -+ if (value < 0x80) -+ return -4; -+ ret = 2; -+ } else if ((*p & 0xf0) == 0xe0) { -+ if (len < 3) -+ return -1; -+ if (((p[1] & 0xc0) != 0x80) -+ || ((p[2] & 0xc0) != 0x80)) -+ return -3; -+ value = (*p++ & 0xf) << 12; -+ value |= (*p++ & 0x3f) << 6; -+ value |= *p++ & 0x3f; -+ if (value < 0x800) -+ return -4; -+ ret = 3; -+ } else if ((*p & 0xf8) == 0xf0) { -+ if (len < 4) -+ return -1; -+ if (((p[1] & 0xc0) != 0x80) -+ || ((p[2] & 0xc0) != 0x80) -+ || ((p[3] & 0xc0) != 0x80)) -+ return -3; -+ value = ((unsigned long)(*p++ & 0x7)) << 18; -+ value |= (*p++ & 0x3f) << 12; -+ value |= (*p++ & 0x3f) << 6; -+ value |= *p++ & 0x3f; -+ if (value < 0x10000) -+ return -4; -+ ret = 4; -+ } else if ((*p & 0xfc) == 0xf8) { -+ if (len < 5) -+ return -1; -+ if (((p[1] & 0xc0) != 0x80) -+ || ((p[2] & 0xc0) != 0x80) -+ || ((p[3] & 0xc0) != 0x80) -+ || ((p[4] & 0xc0) != 0x80)) -+ return -3; -+ value = ((unsigned long)(*p++ & 0x3)) << 24; -+ value |= ((unsigned long)(*p++ & 0x3f)) << 18; -+ value |= ((unsigned long)(*p++ & 0x3f)) << 12; -+ value |= (*p++ & 0x3f) << 6; -+ value |= *p++ & 0x3f; -+ if (value < 0x200000) -+ return -4; -+ ret = 5; -+ } else if ((*p & 0xfe) == 0xfc) { -+ if (len < 6) -+ return -1; -+ if (((p[1] & 0xc0) != 0x80) -+ || ((p[2] & 0xc0) != 0x80) -+ || ((p[3] & 0xc0) != 0x80) -+ || ((p[4] & 0xc0) != 0x80) -+ || ((p[5] & 0xc0) != 0x80)) -+ return -3; -+ value = ((unsigned long)(*p++ & 0x1)) << 30; -+ value |= ((unsigned long)(*p++ & 0x3f)) << 24; -+ value |= ((unsigned long)(*p++ & 0x3f)) << 18; -+ value |= ((unsigned long)(*p++ & 0x3f)) << 12; -+ value |= (*p++ & 0x3f) << 6; -+ value |= *p++ & 0x3f; -+ if (value < 0x4000000) -+ return -4; -+ ret = 6; -+ } else -+ return -2; -+ *val = value; -+ return ret; - } - --/* This takes a character 'value' and writes the UTF8 encoded value in -- * 'str' where 'str' is a buffer containing 'len' characters. Returns -- * the number of characters written or -1 if 'len' is too small. 'str' can -- * be set to NULL in which case it just returns the number of characters. -- * It will need at most 6 characters. -+/* -+ * This takes a character 'value' and writes the UTF8 encoded value in 'str' -+ * where 'str' is a buffer containing 'len' characters. Returns the number of -+ * characters written or -1 if 'len' is too small. 'str' can be set to NULL -+ * in which case it just returns the number of characters. It will need at -+ * most 6 characters. - */ - - int UTF8_putc(unsigned char *str, int len, unsigned long value) - { -- if(!str) len = 6; /* Maximum we will need */ -- else if(len <= 0) return -1; -- if(value < 0x80) { -- if(str) *str = (unsigned char)value; -- return 1; -- } -- if(value < 0x800) { -- if(len < 2) return -1; -- if(str) { -- *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); -- *str = (unsigned char)((value & 0x3f) | 0x80); -- } -- return 2; -- } -- if(value < 0x10000) { -- if(len < 3) return -1; -- if(str) { -- *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); -- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); -- *str = (unsigned char)((value & 0x3f) | 0x80); -- } -- return 3; -- } -- if(value < 0x200000) { -- if(len < 4) return -1; -- if(str) { -- *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); -- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); -- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); -- *str = (unsigned char)((value & 0x3f) | 0x80); -- } -- return 4; -- } -- if(value < 0x4000000) { -- if(len < 5) return -1; -- if(str) { -- *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); -- *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); -- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); -- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); -- *str = (unsigned char)((value & 0x3f) | 0x80); -- } -- return 5; -- } -- if(len < 6) return -1; -- if(str) { -- *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); -- *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); -- *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); -- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); -- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); -- *str = (unsigned char)((value & 0x3f) | 0x80); -- } -- return 6; -+ if (!str) -+ len = 6; /* Maximum we will need */ -+ else if (len <= 0) -+ return -1; -+ if (value < 0x80) { -+ if (str) -+ *str = (unsigned char)value; -+ return 1; -+ } -+ if (value < 0x800) { -+ if (len < 2) -+ return -1; -+ if (str) { -+ *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); -+ *str = (unsigned char)((value & 0x3f) | 0x80); -+ } -+ return 2; -+ } -+ if (value < 0x10000) { -+ if (len < 3) -+ return -1; -+ if (str) { -+ *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); -+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); -+ *str = (unsigned char)((value & 0x3f) | 0x80); -+ } -+ return 3; -+ } -+ if (value < 0x200000) { -+ if (len < 4) -+ return -1; -+ if (str) { -+ *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); -+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); -+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); -+ *str = (unsigned char)((value & 0x3f) | 0x80); -+ } -+ return 4; -+ } -+ if (value < 0x4000000) { -+ if (len < 5) -+ return -1; -+ if (str) { -+ *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); -+ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); -+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); -+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); -+ *str = (unsigned char)((value & 0x3f) | 0x80); -+ } -+ return 5; -+ } -+ if (len < 6) -+ return -1; -+ if (str) { -+ *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); -+ *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); -+ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); -+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); -+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); -+ *str = (unsigned char)((value & 0x3f) | 0x80); -+ } -+ return 6; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -index 7ded69b..afbfa02 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -74,119 +74,122 @@ - #ifndef NO_ASN1_OLD - - int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, -- char *data, EVP_PKEY *pkey) -- { -- EVP_MD_CTX ctx; -- const EVP_MD *type; -- unsigned char *p,*buf_in=NULL; -- int ret= -1,i,inl; -- -- EVP_MD_CTX_init(&ctx); -- i=OBJ_obj2nid(a->algorithm); -- type=EVP_get_digestbyname(OBJ_nid2sn(i)); -- if (type == NULL) -- { -- ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); -- goto err; -- } -- -- inl=i2d(data,NULL); -- buf_in=OPENSSL_malloc((unsigned int)inl); -- if (buf_in == NULL) -- { -- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- p=buf_in; -- -- i2d(data,&p); -- if (!EVP_VerifyInit_ex(&ctx,type, NULL)) -- { -- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); -- ret=0; -- goto err; -- } -- EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); -- -- OPENSSL_cleanse(buf_in,(unsigned int)inl); -- OPENSSL_free(buf_in); -- -- if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, -- (unsigned int)signature->length,pkey) <= 0) -- { -- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); -- ret=0; -- goto err; -- } -- /* we don't need to zero the 'ctx' because we just checked -- * public information */ -- /* memset(&ctx,0,sizeof(ctx)); */ -- ret=1; --err: -- EVP_MD_CTX_cleanup(&ctx); -- return(ret); -- } -+ char *data, EVP_PKEY *pkey) -+{ -+ EVP_MD_CTX ctx; -+ const EVP_MD *type; -+ unsigned char *p, *buf_in = NULL; -+ int ret = -1, i, inl; -+ -+ EVP_MD_CTX_init(&ctx); -+ i = OBJ_obj2nid(a->algorithm); -+ type = EVP_get_digestbyname(OBJ_nid2sn(i)); -+ if (type == NULL) { -+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); -+ goto err; -+ } -+ -+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { -+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); -+ goto err; -+ } -+ -+ inl = i2d(data, NULL); -+ buf_in = OPENSSL_malloc((unsigned int)inl); -+ if (buf_in == NULL) { -+ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ p = buf_in; -+ -+ i2d(data, &p); -+ if (!EVP_VerifyInit_ex(&ctx, type, NULL)) { -+ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); -+ ret = 0; -+ goto err; -+ } -+ EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); -+ -+ OPENSSL_cleanse(buf_in, (unsigned int)inl); -+ OPENSSL_free(buf_in); -+ -+ if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, -+ (unsigned int)signature->length, pkey) <= 0) { -+ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); -+ ret = 0; -+ goto err; -+ } -+ /* -+ * we don't need to zero the 'ctx' because we just checked public -+ * information -+ */ -+ /* memset(&ctx,0,sizeof(ctx)); */ -+ ret = 1; -+ err: -+ EVP_MD_CTX_cleanup(&ctx); -+ return (ret); -+} - - #endif - -- --int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, -- void *asn, EVP_PKEY *pkey) -- { -- EVP_MD_CTX ctx; -- const EVP_MD *type; -- unsigned char *buf_in=NULL; -- int ret= -1,i,inl; -- -- if (!pkey) -- { -- ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -- return -1; -- } -- -- EVP_MD_CTX_init(&ctx); -- i=OBJ_obj2nid(a->algorithm); -- type=EVP_get_digestbyname(OBJ_nid2sn(i)); -- if (type == NULL) -- { -- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); -- goto err; -- } -- -- if (!EVP_VerifyInit_ex(&ctx,type, NULL)) -- { -- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); -- ret=0; -- goto err; -- } -- -- inl = ASN1_item_i2d(asn, &buf_in, it); -- -- if (buf_in == NULL) -- { -- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); -- -- OPENSSL_cleanse(buf_in,(unsigned int)inl); -- OPENSSL_free(buf_in); -- -- if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, -- (unsigned int)signature->length,pkey) <= 0) -- { -- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); -- ret=0; -- goto err; -- } -- /* we don't need to zero the 'ctx' because we just checked -- * public information */ -- /* memset(&ctx,0,sizeof(ctx)); */ -- ret=1; --err: -- EVP_MD_CTX_cleanup(&ctx); -- return(ret); -- } -- -- -+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, -+ ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) -+{ -+ EVP_MD_CTX ctx; -+ const EVP_MD *type; -+ unsigned char *buf_in = NULL; -+ int ret = -1, i, inl; -+ -+ if (!pkey) { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); -+ return -1; -+ } -+ -+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); -+ return -1; -+ } -+ -+ EVP_MD_CTX_init(&ctx); -+ i = OBJ_obj2nid(a->algorithm); -+ type = EVP_get_digestbyname(OBJ_nid2sn(i)); -+ if (type == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, -+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); -+ goto err; -+ } -+ -+ if (!EVP_VerifyInit_ex(&ctx, type, NULL)) { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); -+ ret = 0; -+ goto err; -+ } -+ -+ inl = ASN1_item_i2d(asn, &buf_in, it); -+ -+ if (buf_in == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); -+ -+ OPENSSL_cleanse(buf_in, (unsigned int)inl); -+ OPENSSL_free(buf_in); -+ -+ if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, -+ (unsigned int)signature->length, pkey) <= 0) { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); -+ ret = 0; -+ goto err; -+ } -+ /* -+ * we don't need to zero the 'ctx' because we just checked public -+ * information -+ */ -+ /* memset(&ctx,0,sizeof(ctx)); */ -+ ret = 1; -+ err: -+ EVP_MD_CTX_cleanup(&ctx); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c -index ba88eb3..43e4c19 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c -@@ -1,13 +1,13 @@ - /* crypto/asn1/asn1_err.c */ - /* ==================================================================== -- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. -+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,254 +66,273 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason) - --static ERR_STRING_DATA ASN1_str_functs[]= -- { --{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, --{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, --{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, --{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, --{ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, --{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, --{ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, --{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, --{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, --{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, --{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, --{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, --{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, --{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, --{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, --{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, --{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, --{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, --{ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, --{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, --{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, --{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, --{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, --{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, --{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, --{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, --{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, --{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, --{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, --{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, --{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, --{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, --{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, --{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, --{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, --{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, --{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, --{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, --{ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, --{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, --{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, --{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, --{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, --{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, --{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, --{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, --{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"}, --{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, --{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, --{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, --{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, --{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, --{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, --{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, --{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, --{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, --{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, --{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, --{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, --{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, --{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, --{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, --{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, --{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, --{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, --{ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, --{ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, --{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, --{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, --{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, --{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, --{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, --{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, --{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, --{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, --{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, --{ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, --{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, --{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, --{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, --{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, --{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, --{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, --{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, --{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, --{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, --{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, --{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, --{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, --{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, --{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, --{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, --{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, --{0,NULL} -- }; -+static ERR_STRING_DATA ASN1_str_functs[] = { -+ {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, -+ {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, -+ {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, -+ {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, -+ {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, -+ {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, -+ {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, -+ {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, -+ {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, -+ {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, -+ {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, -+ {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, -+ {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, -+ {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, -+ {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, -+ {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, -+ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, -+ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, -+ {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, -+ {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, -+ {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, -+ {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, -+ {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, -+ {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, -+ {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, -+ {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, -+ {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, -+ {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, -+ {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, -+ {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, -+ {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, -+ {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, -+ {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, -+ {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, -+ {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, -+ {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, -+ {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, -+ {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, -+ {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, -+ {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, -+ {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, -+ {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, -+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, -+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, -+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, -+ {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, -+ {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), -+ "ASN1_TYPE_get_int_octetstring"}, -+ {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, -+ {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, -+ {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, -+ {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, -+ {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, -+ {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, -+ {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, -+ {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, -+ {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, -+ {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, -+ {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, -+ {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, -+ {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, -+ {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, -+ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, -+ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, -+ {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, -+ {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, -+ {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, -+ {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, -+ {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, -+ {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, -+ {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, -+ {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, -+ {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, -+ {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, -+ {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, -+ {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, -+ {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, -+ {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, -+ {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, -+ {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, -+ {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, -+ {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, -+ {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, -+ {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, -+ {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, -+ {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, -+ {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, -+ {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, -+ {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, -+ {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, -+ {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, -+ {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, -+ {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, -+ {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA ASN1_str_reasons[]= -- { --{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"}, --{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"}, --{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"}, --{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"}, --{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"}, --{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, --{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, --{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, --{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, --{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, --{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, --{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, --{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, --{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"}, --{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, --{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, --{ERR_REASON(ASN1_R_DEPTH_EXCEEDED) ,"depth exceeded"}, --{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"}, --{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"}, --{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"}, --{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"}, --{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"}, --{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"}, --{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"}, --{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"}, --{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"}, --{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"}, --{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"}, --{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"}, --{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"}, --{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"}, --{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"}, --{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN) ,"illegal boolean"}, --{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"}, --{ERR_REASON(ASN1_R_ILLEGAL_FORMAT) ,"illegal format"}, --{ERR_REASON(ASN1_R_ILLEGAL_HEX) ,"illegal hex"}, --{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"}, --{ERR_REASON(ASN1_R_ILLEGAL_INTEGER) ,"illegal integer"}, --{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"}, --{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"}, --{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) ,"illegal null value"}, --{ERR_REASON(ASN1_R_ILLEGAL_OBJECT) ,"illegal object"}, --{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"}, --{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"}, --{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"}, --{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, --{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, --{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, --{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, --{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, --{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, --{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, --{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, --{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"}, --{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, --{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, --{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, --{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"}, --{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"}, --{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"}, --{ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"}, --{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"}, --{ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"}, --{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"}, --{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"}, --{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"}, --{ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"}, --{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"}, --{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"}, --{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"}, --{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, --{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, --{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, --{ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"}, --{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"}, --{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, --{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, --{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, --{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"}, --{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"}, --{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"}, --{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"}, --{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"}, --{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"}, --{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"}, --{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"}, --{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"}, --{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, --{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"}, --{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"}, --{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"}, --{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"}, --{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, --{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"}, --{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"}, --{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"}, --{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, --{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, --{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, --{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, --{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, --{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, --{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, --{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, --{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, --{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, --{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, --{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, --{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, --{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"}, --{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) ,"unsupported type"}, --{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"}, --{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"}, --{0,NULL} -- }; -+static ERR_STRING_DATA ASN1_str_reasons[] = { -+ {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"}, -+ {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, -+ {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"}, -+ {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"}, -+ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"}, -+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, -+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"}, -+ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"}, -+ {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), -+ "bmpstring is wrong length"}, -+ {ERR_REASON(ASN1_R_BN_LIB), "bn lib"}, -+ {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"}, -+ {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"}, -+ {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), -+ "cipher has no object identifier"}, -+ {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"}, -+ {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"}, -+ {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"}, -+ {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, -+ {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"}, -+ {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"}, -+ {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"}, -+ {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT), -+ "error parsing set element"}, -+ {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS), -+ "error setting cipher params"}, -+ {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"}, -+ {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"}, -+ {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"}, -+ {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"}, -+ {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"}, -+ {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), -+ "explicit tag not constructed"}, -+ {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"}, -+ {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"}, -+ {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS), "illegal characters"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_FORMAT), "illegal format"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), -+ "illegal options on item template"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"}, -+ {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"}, -+ {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"}, -+ {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), -+ "integer too large for long"}, -+ {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT), -+ "invalid bit string bits left"}, -+ {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"}, -+ {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"}, -+ {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"}, -+ {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"}, -+ {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"}, -+ {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"}, -+ {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"}, -+ {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"}, -+ {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), -+ "invalid universalstring length"}, -+ {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"}, -+ {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"}, -+ {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"}, -+ {ERR_REASON(ASN1_R_LIST_ERROR), "list error"}, -+ {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, -+ {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"}, -+ {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, -+ {ERR_REASON(ASN1_R_MISSING_EOC), "missing eoc"}, -+ {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"}, -+ {ERR_REASON(ASN1_R_MISSING_VALUE), "missing value"}, -+ {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, -+ {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, -+ {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, -+ {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, -+ {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, -+ {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, -+ {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"}, -+ {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"}, -+ {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE), -+ "no multipart body failure"}, -+ {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, -+ {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, -+ {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"}, -+ {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"}, -+ {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"}, -+ {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING), -+ "private key header missing"}, -+ {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"}, -+ {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"}, -+ {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"}, -+ {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), -+ "sequence or set needs config"}, -+ {ERR_REASON(ASN1_R_SHORT_LINE), "short line"}, -+ {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, -+ {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"}, -+ {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"}, -+ {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"}, -+ {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"}, -+ {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), -+ "the asn1 object identifier is not known for this md"}, -+ {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, -+ {ERR_REASON(ASN1_R_TOO_LONG), "too long"}, -+ {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"}, -+ {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"}, -+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"}, -+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), -+ "unable to decode rsa private key"}, -+ {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, -+ {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), -+ "universalstring is wrong length"}, -+ {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"}, -+ {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), -+ "unknown message digest algorithm"}, -+ {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"}, -+ {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"}, -+ {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"}, -+ {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unkown format"}, -+ {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), -+ "unsupported any defined by type"}, -+ {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, -+ {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), -+ "unsupported encryption algorithm"}, -+ {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), -+ "unsupported public key type"}, -+ {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, -+ {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"}, -+ {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_ASN1_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,ASN1_str_functs); -- ERR_load_strings(0,ASN1_str_reasons); -- } -+ if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, ASN1_str_functs); -+ ERR_load_strings(0, ASN1_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c -index 213a8e9..596b656 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c -@@ -1,6 +1,7 @@ - /* asn1_gen.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2002. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2002. - */ - /* ==================================================================== - * Copyright (c) 2002 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,796 +61,742 @@ - #include - #include - --#define ASN1_GEN_FLAG 0x10000 --#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) --#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) --#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) --#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) --#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) --#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) --#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) --#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) -+#define ASN1_GEN_FLAG 0x10000 -+#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) -+#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) -+#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) -+#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) -+#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) -+#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) -+#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) -+#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) - --#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} -+#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} - --#define ASN1_FLAG_EXP_MAX 20 -+#define ASN1_FLAG_EXP_MAX 20 - - /* Input formats */ - - /* ASCII: default */ --#define ASN1_GEN_FORMAT_ASCII 1 -+#define ASN1_GEN_FORMAT_ASCII 1 - /* UTF8 */ --#define ASN1_GEN_FORMAT_UTF8 2 -+#define ASN1_GEN_FORMAT_UTF8 2 - /* Hex */ --#define ASN1_GEN_FORMAT_HEX 3 -+#define ASN1_GEN_FORMAT_HEX 3 - /* List of bits */ --#define ASN1_GEN_FORMAT_BITLIST 4 -- -- --struct tag_name_st -- { -- const char *strnam; -- int len; -- int tag; -- }; -- --typedef struct -- { -- int exp_tag; -- int exp_class; -- int exp_constructed; -- int exp_pad; -- long exp_len; -- } tag_exp_type; -- --typedef struct -- { -- int imp_tag; -- int imp_class; -- int utype; -- int format; -- const char *str; -- tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; -- int exp_count; -- } tag_exp_arg; -+#define ASN1_GEN_FORMAT_BITLIST 4 -+ -+struct tag_name_st { -+ const char *strnam; -+ int len; -+ int tag; -+}; -+ -+typedef struct { -+ int exp_tag; -+ int exp_class; -+ int exp_constructed; -+ int exp_pad; -+ long exp_len; -+} tag_exp_type; -+ -+typedef struct { -+ int imp_tag; -+ int imp_class; -+ int utype; -+ int format; -+ const char *str; -+ tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; -+ int exp_count; -+} tag_exp_arg; - - static int bitstr_cb(const char *elem, int len, void *bitstr); - static int asn1_cb(const char *elem, int len, void *bitstr); --static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok); --static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass); -+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, -+ int exp_constructed, int exp_pad, int imp_ok); -+static int parse_tagging(const char *vstart, int vlen, int *ptag, -+ int *pclass); - static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); - static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); - static int asn1_str2tag(const char *tagstr, int len); - - ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) -- { -- X509V3_CTX cnf; -+{ -+ X509V3_CTX cnf; - -- if (!nconf) -- return ASN1_generate_v3(str, NULL); -+ if (!nconf) -+ return ASN1_generate_v3(str, NULL); - -- X509V3_set_nconf(&cnf, nconf); -- return ASN1_generate_v3(str, &cnf); -- } -+ X509V3_set_nconf(&cnf, nconf); -+ return ASN1_generate_v3(str, &cnf); -+} - - ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) -- { -- ASN1_TYPE *ret; -- tag_exp_arg asn1_tags; -- tag_exp_type *etmp; -- -- int i, len; -- -- unsigned char *orig_der = NULL, *new_der = NULL; -- const unsigned char *cpy_start; -- unsigned char *p; -- const unsigned char *cp; -- int cpy_len; -- long hdr_len; -- int hdr_constructed = 0, hdr_tag, hdr_class; -- int r; -- -- asn1_tags.imp_tag = -1; -- asn1_tags.imp_class = -1; -- asn1_tags.format = ASN1_GEN_FORMAT_ASCII; -- asn1_tags.exp_count = 0; -- if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) -- return NULL; -- -- if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET)) -- { -- if (!cnf) -- { -- ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); -- return NULL; -- } -- ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); -- } -- else -- ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); -- -- if (!ret) -- return NULL; -- -- /* If no tagging return base type */ -- if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) -- return ret; -- -- /* Generate the encoding */ -- cpy_len = i2d_ASN1_TYPE(ret, &orig_der); -- ASN1_TYPE_free(ret); -- ret = NULL; -- /* Set point to start copying for modified encoding */ -- cpy_start = orig_der; -- -- /* Do we need IMPLICIT tagging? */ -- if (asn1_tags.imp_tag != -1) -- { -- /* If IMPLICIT we will replace the underlying tag */ -- /* Skip existing tag+len */ -- r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len); -- if (r & 0x80) -- goto err; -- /* Update copy length */ -- cpy_len -= cpy_start - orig_der; -- /* For IMPLICIT tagging the length should match the -- * original length and constructed flag should be -- * consistent. -- */ -- if (r & 0x1) -- { -- /* Indefinite length constructed */ -- hdr_constructed = 2; -- hdr_len = 0; -- } -- else -- /* Just retain constructed flag */ -- hdr_constructed = r & V_ASN1_CONSTRUCTED; -- /* Work out new length with IMPLICIT tag: ignore constructed -- * because it will mess up if indefinite length -- */ -- len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); -- } -- else -- len = cpy_len; -- -- /* Work out length in any EXPLICIT, starting from end */ -- -- for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--) -- { -- /* Content length: number of content octets + any padding */ -- len += etmp->exp_pad; -- etmp->exp_len = len; -- /* Total object length: length including new header */ -- len = ASN1_object_size(0, len, etmp->exp_tag); -- } -- -- /* Allocate buffer for new encoding */ -- -- new_der = OPENSSL_malloc(len); -- if (!new_der) -- goto err; -- -- /* Generate tagged encoding */ -- -- p = new_der; -- -- /* Output explicit tags first */ -- -- for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++) -- { -- ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, -- etmp->exp_tag, etmp->exp_class); -- if (etmp->exp_pad) -- *p++ = 0; -- } -- -- /* If IMPLICIT, output tag */ -- -- if (asn1_tags.imp_tag != -1) -- ASN1_put_object(&p, hdr_constructed, hdr_len, -- asn1_tags.imp_tag, asn1_tags.imp_class); -- -- /* Copy across original encoding */ -- memcpy(p, cpy_start, cpy_len); -- -- cp = new_der; -- -- /* Obtain new ASN1_TYPE structure */ -- ret = d2i_ASN1_TYPE(NULL, &cp, len); -- -- err: -- if (orig_der) -- OPENSSL_free(orig_der); -- if (new_der) -- OPENSSL_free(new_der); -- -- return ret; -- -- } -+{ -+ ASN1_TYPE *ret; -+ tag_exp_arg asn1_tags; -+ tag_exp_type *etmp; -+ -+ int i, len; -+ -+ unsigned char *orig_der = NULL, *new_der = NULL; -+ const unsigned char *cpy_start; -+ unsigned char *p; -+ const unsigned char *cp; -+ int cpy_len; -+ long hdr_len; -+ int hdr_constructed = 0, hdr_tag, hdr_class; -+ int r; -+ -+ asn1_tags.imp_tag = -1; -+ asn1_tags.imp_class = -1; -+ asn1_tags.format = ASN1_GEN_FORMAT_ASCII; -+ asn1_tags.exp_count = 0; -+ if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) -+ return NULL; -+ -+ if ((asn1_tags.utype == V_ASN1_SEQUENCE) -+ || (asn1_tags.utype == V_ASN1_SET)) { -+ if (!cnf) { -+ ASN1err(ASN1_F_ASN1_GENERATE_V3, -+ ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); -+ return NULL; -+ } -+ ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); -+ } else -+ ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); -+ -+ if (!ret) -+ return NULL; -+ -+ /* If no tagging return base type */ -+ if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) -+ return ret; -+ -+ /* Generate the encoding */ -+ cpy_len = i2d_ASN1_TYPE(ret, &orig_der); -+ ASN1_TYPE_free(ret); -+ ret = NULL; -+ /* Set point to start copying for modified encoding */ -+ cpy_start = orig_der; -+ -+ /* Do we need IMPLICIT tagging? */ -+ if (asn1_tags.imp_tag != -1) { -+ /* If IMPLICIT we will replace the underlying tag */ -+ /* Skip existing tag+len */ -+ r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, -+ cpy_len); -+ if (r & 0x80) -+ goto err; -+ /* Update copy length */ -+ cpy_len -= cpy_start - orig_der; -+ /* -+ * For IMPLICIT tagging the length should match the original length -+ * and constructed flag should be consistent. -+ */ -+ if (r & 0x1) { -+ /* Indefinite length constructed */ -+ hdr_constructed = 2; -+ hdr_len = 0; -+ } else -+ /* Just retain constructed flag */ -+ hdr_constructed = r & V_ASN1_CONSTRUCTED; -+ /* -+ * Work out new length with IMPLICIT tag: ignore constructed because -+ * it will mess up if indefinite length -+ */ -+ len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); -+ } else -+ len = cpy_len; -+ -+ /* Work out length in any EXPLICIT, starting from end */ -+ -+ for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; -+ i < asn1_tags.exp_count; i++, etmp--) { -+ /* Content length: number of content octets + any padding */ -+ len += etmp->exp_pad; -+ etmp->exp_len = len; -+ /* Total object length: length including new header */ -+ len = ASN1_object_size(0, len, etmp->exp_tag); -+ } -+ -+ /* Allocate buffer for new encoding */ -+ -+ new_der = OPENSSL_malloc(len); -+ if (!new_der) -+ goto err; -+ -+ /* Generate tagged encoding */ -+ -+ p = new_der; -+ -+ /* Output explicit tags first */ -+ -+ for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; -+ i++, etmp++) { -+ ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, -+ etmp->exp_tag, etmp->exp_class); -+ if (etmp->exp_pad) -+ *p++ = 0; -+ } -+ -+ /* If IMPLICIT, output tag */ -+ -+ if (asn1_tags.imp_tag != -1) -+ ASN1_put_object(&p, hdr_constructed, hdr_len, -+ asn1_tags.imp_tag, asn1_tags.imp_class); -+ -+ /* Copy across original encoding */ -+ memcpy(p, cpy_start, cpy_len); -+ -+ cp = new_der; -+ -+ /* Obtain new ASN1_TYPE structure */ -+ ret = d2i_ASN1_TYPE(NULL, &cp, len); -+ -+ err: -+ if (orig_der) -+ OPENSSL_free(orig_der); -+ if (new_der) -+ OPENSSL_free(new_der); -+ -+ return ret; -+ -+} - - static int asn1_cb(const char *elem, int len, void *bitstr) -- { -- tag_exp_arg *arg = bitstr; -- int i; -- int utype; -- int vlen = 0; -- const char *p, *vstart = NULL; -- -- int tmp_tag, tmp_class; -- -- for(i = 0, p = elem; i < len; p++, i++) -- { -- /* Look for the ':' in name value pairs */ -- if (*p == ':') -- { -- vstart = p + 1; -- vlen = len - (vstart - elem); -- len = p - elem; -- break; -- } -- } -- -- utype = asn1_str2tag(elem, len); -- -- if (utype == -1) -- { -- ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); -- ERR_add_error_data(2, "tag=", elem); -- return -1; -- } -- -- /* If this is not a modifier mark end of string and exit */ -- if (!(utype & ASN1_GEN_FLAG)) -- { -- arg->utype = utype; -- arg->str = vstart; -- /* If no value and not end of string, error */ -- if (!vstart && elem[len]) -- { -- ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); -- return -1; -- } -- return 0; -- } -- -- switch(utype) -- { -- -- case ASN1_GEN_FLAG_IMP: -- /* Check for illegal multiple IMPLICIT tagging */ -- if (arg->imp_tag != -1) -- { -- ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); -- return -1; -- } -- if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) -- return -1; -- break; -- -- case ASN1_GEN_FLAG_EXP: -- -- if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) -- return -1; -- if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) -- return -1; -- break; -- -- case ASN1_GEN_FLAG_SEQWRAP: -- if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) -- return -1; -- break; -- -- case ASN1_GEN_FLAG_SETWRAP: -- if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) -- return -1; -- break; -- -- case ASN1_GEN_FLAG_BITWRAP: -- if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) -- return -1; -- break; -- -- case ASN1_GEN_FLAG_OCTWRAP: -- if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) -- return -1; -- break; -- -- case ASN1_GEN_FLAG_FORMAT: -- if (!strncmp(vstart, "ASCII", 5)) -- arg->format = ASN1_GEN_FORMAT_ASCII; -- else if (!strncmp(vstart, "UTF8", 4)) -- arg->format = ASN1_GEN_FORMAT_UTF8; -- else if (!strncmp(vstart, "HEX", 3)) -- arg->format = ASN1_GEN_FORMAT_HEX; -- else if (!strncmp(vstart, "BITLIST", 3)) -- arg->format = ASN1_GEN_FORMAT_BITLIST; -- else -- { -- ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); -- return -1; -- } -- break; -- -- } -- -- return 1; -- -- } -+{ -+ tag_exp_arg *arg = bitstr; -+ int i; -+ int utype; -+ int vlen = 0; -+ const char *p, *vstart = NULL; -+ -+ int tmp_tag, tmp_class; -+ -+ for (i = 0, p = elem; i < len; p++, i++) { -+ /* Look for the ':' in name value pairs */ -+ if (*p == ':') { -+ vstart = p + 1; -+ vlen = len - (vstart - elem); -+ len = p - elem; -+ break; -+ } -+ } -+ -+ utype = asn1_str2tag(elem, len); -+ -+ if (utype == -1) { -+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); -+ ERR_add_error_data(2, "tag=", elem); -+ return -1; -+ } -+ -+ /* If this is not a modifier mark end of string and exit */ -+ if (!(utype & ASN1_GEN_FLAG)) { -+ arg->utype = utype; -+ arg->str = vstart; -+ /* If no value and not end of string, error */ -+ if (!vstart && elem[len]) { -+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); -+ return -1; -+ } -+ return 0; -+ } -+ -+ switch (utype) { -+ -+ case ASN1_GEN_FLAG_IMP: -+ /* Check for illegal multiple IMPLICIT tagging */ -+ if (arg->imp_tag != -1) { -+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); -+ return -1; -+ } -+ if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) -+ return -1; -+ break; -+ -+ case ASN1_GEN_FLAG_EXP: -+ -+ if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) -+ return -1; -+ if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) -+ return -1; -+ break; -+ -+ case ASN1_GEN_FLAG_SEQWRAP: -+ if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) -+ return -1; -+ break; -+ -+ case ASN1_GEN_FLAG_SETWRAP: -+ if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) -+ return -1; -+ break; -+ -+ case ASN1_GEN_FLAG_BITWRAP: -+ if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) -+ return -1; -+ break; -+ -+ case ASN1_GEN_FLAG_OCTWRAP: -+ if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) -+ return -1; -+ break; -+ -+ case ASN1_GEN_FLAG_FORMAT: -+ if (!strncmp(vstart, "ASCII", 5)) -+ arg->format = ASN1_GEN_FORMAT_ASCII; -+ else if (!strncmp(vstart, "UTF8", 4)) -+ arg->format = ASN1_GEN_FORMAT_UTF8; -+ else if (!strncmp(vstart, "HEX", 3)) -+ arg->format = ASN1_GEN_FORMAT_HEX; -+ else if (!strncmp(vstart, "BITLIST", 3)) -+ arg->format = ASN1_GEN_FORMAT_BITLIST; -+ else { -+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); -+ return -1; -+ } -+ break; -+ -+ } -+ -+ return 1; -+ -+} - - static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) -- { -- char erch[2]; -- long tag_num; -- char *eptr; -- if (!vstart) -- return 0; -- tag_num = strtoul(vstart, &eptr, 10); -- /* Check we haven't gone past max length: should be impossible */ -- if (eptr && *eptr && (eptr > vstart + vlen)) -- return 0; -- if (tag_num < 0) -- { -- ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); -- return 0; -- } -- *ptag = tag_num; -- /* If we have non numeric characters, parse them */ -- if (eptr) -- vlen -= eptr - vstart; -- else -- vlen = 0; -- if (vlen) -- { -- switch (*eptr) -- { -- -- case 'U': -- *pclass = V_ASN1_UNIVERSAL; -- break; -- -- case 'A': -- *pclass = V_ASN1_APPLICATION; -- break; -- -- case 'P': -- *pclass = V_ASN1_PRIVATE; -- break; -- -- case 'C': -- *pclass = V_ASN1_CONTEXT_SPECIFIC; -- break; -- -- default: -- erch[0] = *eptr; -- erch[1] = 0; -- ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); -- ERR_add_error_data(2, "Char=", erch); -- return 0; -- break; -- -- } -- } -- else -- *pclass = V_ASN1_CONTEXT_SPECIFIC; -- -- return 1; -- -- } -+{ -+ char erch[2]; -+ long tag_num; -+ char *eptr; -+ if (!vstart) -+ return 0; -+ tag_num = strtoul(vstart, &eptr, 10); -+ /* Check we haven't gone past max length: should be impossible */ -+ if (eptr && *eptr && (eptr > vstart + vlen)) -+ return 0; -+ if (tag_num < 0) { -+ ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); -+ return 0; -+ } -+ *ptag = tag_num; -+ /* If we have non numeric characters, parse them */ -+ if (eptr) -+ vlen -= eptr - vstart; -+ else -+ vlen = 0; -+ if (vlen) { -+ switch (*eptr) { -+ -+ case 'U': -+ *pclass = V_ASN1_UNIVERSAL; -+ break; -+ -+ case 'A': -+ *pclass = V_ASN1_APPLICATION; -+ break; -+ -+ case 'P': -+ *pclass = V_ASN1_PRIVATE; -+ break; -+ -+ case 'C': -+ *pclass = V_ASN1_CONTEXT_SPECIFIC; -+ break; -+ -+ default: -+ erch[0] = *eptr; -+ erch[1] = 0; -+ ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); -+ ERR_add_error_data(2, "Char=", erch); -+ return 0; -+ break; -+ -+ } -+ } else -+ *pclass = V_ASN1_CONTEXT_SPECIFIC; -+ -+ return 1; -+ -+} - - /* Handle multiple types: SET and SEQUENCE */ - - static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) -- { -- ASN1_TYPE *ret = NULL, *typ = NULL; -- STACK_OF(ASN1_TYPE) *sk = NULL; -- STACK_OF(CONF_VALUE) *sect = NULL; -- unsigned char *der = NULL, *p; -- int derlen; -- int i, is_set; -- sk = sk_ASN1_TYPE_new_null(); -- if (!sk) -- goto bad; -- if (section) -- { -- if (!cnf) -- goto bad; -- sect = X509V3_get_section(cnf, (char *)section); -- if (!sect) -- goto bad; -- for (i = 0; i < sk_CONF_VALUE_num(sect); i++) -- { -- typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); -- if (!typ) -- goto bad; -- if (!sk_ASN1_TYPE_push(sk, typ)) -- goto bad; -- typ = NULL; -- } -- } -- -- /* Now we has a STACK of the components, convert to the correct form */ -- -- if (utype == V_ASN1_SET) -- is_set = 1; -- else -- is_set = 0; -- -- -- derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, -- V_ASN1_UNIVERSAL, is_set); -- der = OPENSSL_malloc(derlen); -- if (!der) -- goto bad; -- p = der; -- i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, -- V_ASN1_UNIVERSAL, is_set); -- -- if (!(ret = ASN1_TYPE_new())) -- goto bad; -- -- if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) -- goto bad; -- -- ret->type = utype; -- -- ret->value.asn1_string->data = der; -- ret->value.asn1_string->length = derlen; -- -- der = NULL; -- -- bad: -- -- if (der) -- OPENSSL_free(der); -- -- if (sk) -- sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); -- if (typ) -- ASN1_TYPE_free(typ); -- if (sect) -- X509V3_section_free(cnf, sect); -- -- return ret; -- } -- --static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok) -- { -- tag_exp_type *exp_tmp; -- /* Can only have IMPLICIT if permitted */ -- if ((arg->imp_tag != -1) && !imp_ok) -- { -- ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); -- return 0; -- } -- -- if (arg->exp_count == ASN1_FLAG_EXP_MAX) -- { -- ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); -- return 0; -- } -- -- exp_tmp = &arg->exp_list[arg->exp_count++]; -- -- /* If IMPLICIT set tag to implicit value then -- * reset implicit tag since it has been used. -- */ -- if (arg->imp_tag != -1) -- { -- exp_tmp->exp_tag = arg->imp_tag; -- exp_tmp->exp_class = arg->imp_class; -- arg->imp_tag = -1; -- arg->imp_class = -1; -- } -- else -- { -- exp_tmp->exp_tag = exp_tag; -- exp_tmp->exp_class = exp_class; -- } -- exp_tmp->exp_constructed = exp_constructed; -- exp_tmp->exp_pad = exp_pad; -- -- return 1; -- } -- -+{ -+ ASN1_TYPE *ret = NULL, *typ = NULL; -+ STACK_OF(ASN1_TYPE) *sk = NULL; -+ STACK_OF(CONF_VALUE) *sect = NULL; -+ unsigned char *der = NULL, *p; -+ int derlen; -+ int i, is_set; -+ sk = sk_ASN1_TYPE_new_null(); -+ if (!sk) -+ goto bad; -+ if (section) { -+ if (!cnf) -+ goto bad; -+ sect = X509V3_get_section(cnf, (char *)section); -+ if (!sect) -+ goto bad; -+ for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { -+ typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); -+ if (!typ) -+ goto bad; -+ if (!sk_ASN1_TYPE_push(sk, typ)) -+ goto bad; -+ typ = NULL; -+ } -+ } -+ -+ /* -+ * Now we has a STACK of the components, convert to the correct form -+ */ -+ -+ if (utype == V_ASN1_SET) -+ is_set = 1; -+ else -+ is_set = 0; -+ -+ derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, -+ V_ASN1_UNIVERSAL, is_set); -+ der = OPENSSL_malloc(derlen); -+ if (!der) -+ goto bad; -+ p = der; -+ i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, -+ V_ASN1_UNIVERSAL, is_set); -+ -+ if (!(ret = ASN1_TYPE_new())) -+ goto bad; -+ -+ if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) -+ goto bad; -+ -+ ret->type = utype; -+ -+ ret->value.asn1_string->data = der; -+ ret->value.asn1_string->length = derlen; -+ -+ der = NULL; -+ -+ bad: -+ -+ if (der) -+ OPENSSL_free(der); -+ -+ if (sk) -+ sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); -+ if (typ) -+ ASN1_TYPE_free(typ); -+ if (sect) -+ X509V3_section_free(cnf, sect); -+ -+ return ret; -+} -+ -+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, -+ int exp_constructed, int exp_pad, int imp_ok) -+{ -+ tag_exp_type *exp_tmp; -+ /* Can only have IMPLICIT if permitted */ -+ if ((arg->imp_tag != -1) && !imp_ok) { -+ ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); -+ return 0; -+ } -+ -+ if (arg->exp_count == ASN1_FLAG_EXP_MAX) { -+ ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); -+ return 0; -+ } -+ -+ exp_tmp = &arg->exp_list[arg->exp_count++]; -+ -+ /* -+ * If IMPLICIT set tag to implicit value then reset implicit tag since it -+ * has been used. -+ */ -+ if (arg->imp_tag != -1) { -+ exp_tmp->exp_tag = arg->imp_tag; -+ exp_tmp->exp_class = arg->imp_class; -+ arg->imp_tag = -1; -+ arg->imp_class = -1; -+ } else { -+ exp_tmp->exp_tag = exp_tag; -+ exp_tmp->exp_class = exp_class; -+ } -+ exp_tmp->exp_constructed = exp_constructed; -+ exp_tmp->exp_pad = exp_pad; -+ -+ return 1; -+} - - static int asn1_str2tag(const char *tagstr, int len) -- { -- unsigned int i; -- static struct tag_name_st *tntmp, tnst [] = { -- ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), -- ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), -- ASN1_GEN_STR("NULL", V_ASN1_NULL), -- ASN1_GEN_STR("INT", V_ASN1_INTEGER), -- ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), -- ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), -- ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), -- ASN1_GEN_STR("OID", V_ASN1_OBJECT), -- ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), -- ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), -- ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), -- ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), -- ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), -- ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), -- ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), -- ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), -- ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), -- ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), -- ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), -- ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), -- ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), -- ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), -- ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), -- ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), -- ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), -- ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), -- ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), -- ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), -- ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), -- ASN1_GEN_STR("T61", V_ASN1_T61STRING), -- ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), -- ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), -- ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), -- ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), -- -- /* Special cases */ -- ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), -- ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), -- ASN1_GEN_STR("SET", V_ASN1_SET), -- /* type modifiers */ -- /* Explicit tag */ -- ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), -- ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), -- /* Implicit tag */ -- ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), -- ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), -- /* OCTET STRING wrapper */ -- ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), -- /* SEQUENCE wrapper */ -- ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), -- /* SET wrapper */ -- ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), -- /* BIT STRING wrapper */ -- ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), -- ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), -- ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), -- }; -- -- if (len == -1) -- len = strlen(tagstr); -- -- tntmp = tnst; -- for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) -- { -- if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) -- return tntmp->tag; -- } -- -- return -1; -- } -+{ -+ unsigned int i; -+ static struct tag_name_st *tntmp, tnst[] = { -+ ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), -+ ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), -+ ASN1_GEN_STR("NULL", V_ASN1_NULL), -+ ASN1_GEN_STR("INT", V_ASN1_INTEGER), -+ ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), -+ ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), -+ ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), -+ ASN1_GEN_STR("OID", V_ASN1_OBJECT), -+ ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), -+ ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), -+ ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), -+ ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), -+ ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), -+ ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), -+ ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), -+ ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), -+ ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), -+ ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), -+ ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), -+ ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), -+ ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), -+ ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), -+ ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), -+ ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), -+ ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), -+ ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), -+ ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), -+ ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), -+ ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), -+ ASN1_GEN_STR("T61", V_ASN1_T61STRING), -+ ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), -+ ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), -+ ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), -+ ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), -+ -+ /* Special cases */ -+ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), -+ ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), -+ ASN1_GEN_STR("SET", V_ASN1_SET), -+ /* type modifiers */ -+ /* Explicit tag */ -+ ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), -+ ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), -+ /* Implicit tag */ -+ ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), -+ ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), -+ /* OCTET STRING wrapper */ -+ ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), -+ /* SEQUENCE wrapper */ -+ ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), -+ /* SET wrapper */ -+ ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), -+ /* BIT STRING wrapper */ -+ ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), -+ ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), -+ ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), -+ }; -+ -+ if (len == -1) -+ len = strlen(tagstr); -+ -+ tntmp = tnst; -+ for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { -+ if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) -+ return tntmp->tag; -+ } -+ -+ return -1; -+} - - static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) -- { -- ASN1_TYPE *atmp = NULL; -- -- CONF_VALUE vtmp; -- -- unsigned char *rdata; -- long rdlen; -- -- int no_unused = 1; -- -- if (!(atmp = ASN1_TYPE_new())) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- if (!str) -- str = ""; -- -- switch(utype) -- { -- -- case V_ASN1_NULL: -- if (str && *str) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); -- goto bad_form; -- } -- break; -- -- case V_ASN1_BOOLEAN: -- if (format != ASN1_GEN_FORMAT_ASCII) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); -- goto bad_form; -- } -- vtmp.name = NULL; -- vtmp.section = NULL; -- vtmp.value = (char *)str; -- if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); -- goto bad_str; -- } -- break; -- -- case V_ASN1_INTEGER: -- case V_ASN1_ENUMERATED: -- if (format != ASN1_GEN_FORMAT_ASCII) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); -- goto bad_form; -- } -- if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); -- goto bad_str; -- } -- break; -- -- case V_ASN1_OBJECT: -- if (format != ASN1_GEN_FORMAT_ASCII) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); -- goto bad_form; -- } -- if (!(atmp->value.object = OBJ_txt2obj(str, 0))) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); -- goto bad_str; -- } -- break; -- -- case V_ASN1_UTCTIME: -- case V_ASN1_GENERALIZEDTIME: -- if (format != ASN1_GEN_FORMAT_ASCII) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); -- goto bad_form; -- } -- if (!(atmp->value.asn1_string = ASN1_STRING_new())) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -- goto bad_str; -- } -- if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -- goto bad_str; -- } -- atmp->value.asn1_string->type = utype; -- if (!ASN1_TIME_check(atmp->value.asn1_string)) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); -- goto bad_str; -- } -- -- break; -- -- case V_ASN1_BMPSTRING: -- case V_ASN1_PRINTABLESTRING: -- case V_ASN1_IA5STRING: -- case V_ASN1_T61STRING: -- case V_ASN1_UTF8STRING: -- case V_ASN1_VISIBLESTRING: -- case V_ASN1_UNIVERSALSTRING: -- case V_ASN1_GENERALSTRING: -- -- if (format == ASN1_GEN_FORMAT_ASCII) -- format = MBSTRING_ASC; -- else if (format == ASN1_GEN_FORMAT_UTF8) -- format = MBSTRING_UTF8; -- else -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); -- goto bad_form; -- } -- -- -- if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, -- -1, format, ASN1_tag2bit(utype)) <= 0) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -- goto bad_str; -- } -- -- -- break; -- -- case V_ASN1_BIT_STRING: -- -- case V_ASN1_OCTET_STRING: -- -- if (!(atmp->value.asn1_string = ASN1_STRING_new())) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -- goto bad_form; -- } -- -- if (format == ASN1_GEN_FORMAT_HEX) -- { -- -- if (!(rdata = string_to_hex((char *)str, &rdlen))) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); -- goto bad_str; -- } -- -- atmp->value.asn1_string->data = rdata; -- atmp->value.asn1_string->length = rdlen; -- atmp->value.asn1_string->type = utype; -- -- } -- else if (format == ASN1_GEN_FORMAT_ASCII) -- ASN1_STRING_set(atmp->value.asn1_string, str, -1); -- else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING)) -- { -- if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); -- goto bad_str; -- } -- no_unused = 0; -- -- } -- else -- { -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); -- goto bad_form; -- } -- -- if ((utype == V_ASN1_BIT_STRING) && no_unused) -- { -- atmp->value.asn1_string->flags -- &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); -- atmp->value.asn1_string->flags -- |= ASN1_STRING_FLAG_BITS_LEFT; -- } -- -- -- break; -- -- default: -- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); -- goto bad_str; -- break; -- } -- -- -- atmp->type = utype; -- return atmp; -- -- -- bad_str: -- ERR_add_error_data(2, "string=", str); -- bad_form: -- -- ASN1_TYPE_free(atmp); -- return NULL; -- -- } -+{ -+ ASN1_TYPE *atmp = NULL; -+ -+ CONF_VALUE vtmp; -+ -+ unsigned char *rdata; -+ long rdlen; -+ -+ int no_unused = 1; -+ -+ if (!(atmp = ASN1_TYPE_new())) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ if (!str) -+ str = ""; -+ -+ switch (utype) { -+ -+ case V_ASN1_NULL: -+ if (str && *str) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); -+ goto bad_form; -+ } -+ break; -+ -+ case V_ASN1_BOOLEAN: -+ if (format != ASN1_GEN_FORMAT_ASCII) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); -+ goto bad_form; -+ } -+ vtmp.name = NULL; -+ vtmp.section = NULL; -+ vtmp.value = (char *)str; -+ if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); -+ goto bad_str; -+ } -+ break; -+ -+ case V_ASN1_INTEGER: -+ case V_ASN1_ENUMERATED: -+ if (format != ASN1_GEN_FORMAT_ASCII) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); -+ goto bad_form; -+ } -+ if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); -+ goto bad_str; -+ } -+ break; -+ -+ case V_ASN1_OBJECT: -+ if (format != ASN1_GEN_FORMAT_ASCII) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); -+ goto bad_form; -+ } -+ if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); -+ goto bad_str; -+ } -+ break; -+ -+ case V_ASN1_UTCTIME: -+ case V_ASN1_GENERALIZEDTIME: -+ if (format != ASN1_GEN_FORMAT_ASCII) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); -+ goto bad_form; -+ } -+ if (!(atmp->value.asn1_string = ASN1_STRING_new())) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -+ goto bad_str; -+ } -+ if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -+ goto bad_str; -+ } -+ atmp->value.asn1_string->type = utype; -+ if (!ASN1_TIME_check(atmp->value.asn1_string)) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); -+ goto bad_str; -+ } -+ -+ break; -+ -+ case V_ASN1_BMPSTRING: -+ case V_ASN1_PRINTABLESTRING: -+ case V_ASN1_IA5STRING: -+ case V_ASN1_T61STRING: -+ case V_ASN1_UTF8STRING: -+ case V_ASN1_VISIBLESTRING: -+ case V_ASN1_UNIVERSALSTRING: -+ case V_ASN1_GENERALSTRING: -+ -+ if (format == ASN1_GEN_FORMAT_ASCII) -+ format = MBSTRING_ASC; -+ else if (format == ASN1_GEN_FORMAT_UTF8) -+ format = MBSTRING_UTF8; -+ else { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); -+ goto bad_form; -+ } -+ -+ if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, -+ -1, format, ASN1_tag2bit(utype)) <= 0) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -+ goto bad_str; -+ } -+ -+ break; -+ -+ case V_ASN1_BIT_STRING: -+ -+ case V_ASN1_OCTET_STRING: -+ -+ if (!(atmp->value.asn1_string = ASN1_STRING_new())) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); -+ goto bad_form; -+ } -+ -+ if (format == ASN1_GEN_FORMAT_HEX) { -+ -+ if (!(rdata = string_to_hex((char *)str, &rdlen))) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); -+ goto bad_str; -+ } -+ -+ atmp->value.asn1_string->data = rdata; -+ atmp->value.asn1_string->length = rdlen; -+ atmp->value.asn1_string->type = utype; -+ -+ } else if (format == ASN1_GEN_FORMAT_ASCII) -+ ASN1_STRING_set(atmp->value.asn1_string, str, -1); -+ else if ((format == ASN1_GEN_FORMAT_BITLIST) -+ && (utype == V_ASN1_BIT_STRING)) { -+ if (!CONF_parse_list -+ (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); -+ goto bad_str; -+ } -+ no_unused = 0; -+ -+ } else { -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); -+ goto bad_form; -+ } -+ -+ if ((utype == V_ASN1_BIT_STRING) && no_unused) { -+ atmp->value.asn1_string->flags -+ &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); -+ atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ } -+ -+ break; -+ -+ default: -+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); -+ goto bad_str; -+ break; -+ } -+ -+ atmp->type = utype; -+ return atmp; -+ -+ bad_str: -+ ERR_add_error_data(2, "string=", str); -+ bad_form: -+ -+ ASN1_TYPE_free(atmp); -+ return NULL; -+ -+} - - static int bitstr_cb(const char *elem, int len, void *bitstr) -- { -- long bitnum; -- char *eptr; -- if (!elem) -- return 0; -- bitnum = strtoul(elem, &eptr, 10); -- if (eptr && *eptr && (eptr != elem + len)) -- return 0; -- if (bitnum < 0) -- { -- ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); -- return 0; -- } -- if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) -- { -- ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- return 1; -- } -- -+{ -+ long bitnum; -+ char *eptr; -+ if (!elem) -+ return 0; -+ bitnum = strtoul(elem, &eptr, 10); -+ if (eptr && *eptr && (eptr != elem + len)) -+ return 0; -+ if (bitnum < 0) { -+ ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); -+ return 0; -+ } -+ if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { -+ ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -index d345155..dd667f2 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,412 +62,405 @@ - #include - #include - --static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max); -+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, -+ int max); - static void asn1_put_length(unsigned char **pp, int length); --const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT; -+const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT; - - static int _asn1_check_infinite_end(const unsigned char **p, long len) -- { -- /* If there is 0 or 1 byte left, the length check should pick -- * things up */ -- if (len <= 0) -- return(1); -- else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) -- { -- (*p)+=2; -- return(1); -- } -- return(0); -- } -+{ -+ /* -+ * If there is 0 or 1 byte left, the length check should pick things up -+ */ -+ if (len <= 0) -+ return (1); -+ else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { -+ (*p) += 2; -+ return (1); -+ } -+ return (0); -+} - - int ASN1_check_infinite_end(unsigned char **p, long len) -- { -- return _asn1_check_infinite_end((const unsigned char **)p, len); -- } -+{ -+ return _asn1_check_infinite_end((const unsigned char **)p, len); -+} - - int ASN1_const_check_infinite_end(const unsigned char **p, long len) -- { -- return _asn1_check_infinite_end(p, len); -- } -- -+{ -+ return _asn1_check_infinite_end(p, len); -+} - - int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, -- int *pclass, long omax) -- { -- int i,ret; -- long l; -- const unsigned char *p= *pp; -- int tag,xclass,inf; -- long max=omax; -- -- if (!max) goto err; -- ret=(*p&V_ASN1_CONSTRUCTED); -- xclass=(*p&V_ASN1_PRIVATE); -- i= *p&V_ASN1_PRIMITIVE_TAG; -- if (i == V_ASN1_PRIMITIVE_TAG) -- { /* high-tag */ -- p++; -- if (--max == 0) goto err; -- l=0; -- while (*p&0x80) -- { -- l<<=7L; -- l|= *(p++)&0x7f; -- if (--max == 0) goto err; -- if (l > (INT_MAX >> 7L)) goto err; -- } -- l<<=7L; -- l|= *(p++)&0x7f; -- tag=(int)l; -- if (--max == 0) goto err; -- } -- else -- { -- tag=i; -- p++; -- if (--max == 0) goto err; -- } -- *ptag=tag; -- *pclass=xclass; -- if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; -- -- if (inf && !(ret & V_ASN1_CONSTRUCTED)) -- goto err; -+ int *pclass, long omax) -+{ -+ int i, ret; -+ long l; -+ const unsigned char *p = *pp; -+ int tag, xclass, inf; -+ long max = omax; -+ -+ if (!max) -+ goto err; -+ ret = (*p & V_ASN1_CONSTRUCTED); -+ xclass = (*p & V_ASN1_PRIVATE); -+ i = *p & V_ASN1_PRIMITIVE_TAG; -+ if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */ -+ p++; -+ if (--max == 0) -+ goto err; -+ l = 0; -+ while (*p & 0x80) { -+ l <<= 7L; -+ l |= *(p++) & 0x7f; -+ if (--max == 0) -+ goto err; -+ if (l > (INT_MAX >> 7L)) -+ goto err; -+ } -+ l <<= 7L; -+ l |= *(p++) & 0x7f; -+ tag = (int)l; -+ if (--max == 0) -+ goto err; -+ } else { -+ tag = i; -+ p++; -+ if (--max == 0) -+ goto err; -+ } -+ *ptag = tag; -+ *pclass = xclass; -+ if (!asn1_get_length(&p, &inf, plength, (int)max)) -+ goto err; -+ -+ if (inf && !(ret & V_ASN1_CONSTRUCTED)) -+ goto err; - - #if 0 -- fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", -- (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), -- (int)(omax+ *pp)); -+ fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", -+ (int)p, *plength, omax, (int)*pp, (int)(p + *plength), -+ (int)(omax + *pp)); - - #endif -- if (*plength > (omax - (p - *pp))) -- { -- ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); -- /* Set this so that even if things are not long enough -- * the values are set correctly */ -- ret|=0x80; -- } -- *pp=p; -- return(ret|inf); --err: -- ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG); -- return(0x80); -- } -- --static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max) -- { -- const unsigned char *p= *pp; -- unsigned long ret=0; -- unsigned int i; -- -- if (max-- < 1) return(0); -- if (*p == 0x80) -- { -- *inf=1; -- ret=0; -- p++; -- } -- else -- { -- *inf=0; -- i= *p&0x7f; -- if (*(p++) & 0x80) -- { -- if (i > sizeof(long)) -- return 0; -- if (max-- == 0) return(0); -- while (i-- > 0) -- { -- ret<<=8L; -- ret|= *(p++); -- if (max-- == 0) return(0); -- } -- } -- else -- ret=i; -- } -- if (ret > LONG_MAX) -- return 0; -- *pp=p; -- *rl=(long)ret; -- return(1); -- } -- --/* class 0 is constructed -- * constructed == 2 for indefinite length constructed */ -+ if (*plength > (omax - (p - *pp))) { -+ ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG); -+ /* -+ * Set this so that even if things are not long enough the values are -+ * set correctly -+ */ -+ ret |= 0x80; -+ } -+ *pp = p; -+ return (ret | inf); -+ err: -+ ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG); -+ return (0x80); -+} -+ -+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, -+ int max) -+{ -+ const unsigned char *p = *pp; -+ unsigned long ret = 0; -+ unsigned int i; -+ -+ if (max-- < 1) -+ return (0); -+ if (*p == 0x80) { -+ *inf = 1; -+ ret = 0; -+ p++; -+ } else { -+ *inf = 0; -+ i = *p & 0x7f; -+ if (*(p++) & 0x80) { -+ if (i > sizeof(long)) -+ return 0; -+ if (max-- == 0) -+ return (0); -+ while (i-- > 0) { -+ ret <<= 8L; -+ ret |= *(p++); -+ if (max-- == 0) -+ return (0); -+ } -+ } else -+ ret = i; -+ } -+ if (ret > LONG_MAX) -+ return 0; -+ *pp = p; -+ *rl = (long)ret; -+ return (1); -+} -+ -+/* -+ * class 0 is constructed constructed == 2 for indefinite length constructed -+ */ - void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, -- int xclass) -- { -- unsigned char *p= *pp; -- int i, ttag; -- -- i=(constructed)?V_ASN1_CONSTRUCTED:0; -- i|=(xclass&V_ASN1_PRIVATE); -- if (tag < 31) -- *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG); -- else -- { -- *(p++)=i|V_ASN1_PRIMITIVE_TAG; -- for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7; -- ttag = i; -- while(i-- > 0) -- { -- p[i] = tag & 0x7f; -- if(i != (ttag - 1)) p[i] |= 0x80; -- tag >>= 7; -- } -- p += ttag; -- } -- if (constructed == 2) -- *(p++)=0x80; -- else -- asn1_put_length(&p,length); -- *pp=p; -- } -+ int xclass) -+{ -+ unsigned char *p = *pp; -+ int i, ttag; -+ -+ i = (constructed) ? V_ASN1_CONSTRUCTED : 0; -+ i |= (xclass & V_ASN1_PRIVATE); -+ if (tag < 31) -+ *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); -+ else { -+ *(p++) = i | V_ASN1_PRIMITIVE_TAG; -+ for (i = 0, ttag = tag; ttag > 0; i++) -+ ttag >>= 7; -+ ttag = i; -+ while (i-- > 0) { -+ p[i] = tag & 0x7f; -+ if (i != (ttag - 1)) -+ p[i] |= 0x80; -+ tag >>= 7; -+ } -+ p += ttag; -+ } -+ if (constructed == 2) -+ *(p++) = 0x80; -+ else -+ asn1_put_length(&p, length); -+ *pp = p; -+} - - int ASN1_put_eoc(unsigned char **pp) -- { -- unsigned char *p = *pp; -- *p++ = 0; -- *p++ = 0; -- *pp = p; -- return 2; -- } -+{ -+ unsigned char *p = *pp; -+ *p++ = 0; -+ *p++ = 0; -+ *pp = p; -+ return 2; -+} - - static void asn1_put_length(unsigned char **pp, int length) -- { -- unsigned char *p= *pp; -- int i,l; -- if (length <= 127) -- *(p++)=(unsigned char)length; -- else -- { -- l=length; -- for (i=0; l > 0; i++) -- l>>=8; -- *(p++)=i|0x80; -- l=i; -- while (i-- > 0) -- { -- p[i]=length&0xff; -- length>>=8; -- } -- p+=l; -- } -- *pp=p; -- } -+{ -+ unsigned char *p = *pp; -+ int i, l; -+ if (length <= 127) -+ *(p++) = (unsigned char)length; -+ else { -+ l = length; -+ for (i = 0; l > 0; i++) -+ l >>= 8; -+ *(p++) = i | 0x80; -+ l = i; -+ while (i-- > 0) { -+ p[i] = length & 0xff; -+ length >>= 8; -+ } -+ p += l; -+ } -+ *pp = p; -+} - - int ASN1_object_size(int constructed, int length, int tag) -- { -- int ret; -- -- ret=length; -- ret++; -- if (tag >= 31) -- { -- while (tag > 0) -- { -- tag>>=7; -- ret++; -- } -- } -- if (constructed == 2) -- return ret + 3; -- ret++; -- if (length > 127) -- { -- while (length > 0) -- { -- length>>=8; -- ret++; -- } -- } -- return(ret); -- } -+{ -+ int ret; -+ -+ ret = length; -+ ret++; -+ if (tag >= 31) { -+ while (tag > 0) { -+ tag >>= 7; -+ ret++; -+ } -+ } -+ if (constructed == 2) -+ return ret + 3; -+ ret++; -+ if (length > 127) { -+ while (length > 0) { -+ length >>= 8; -+ ret++; -+ } -+ } -+ return (ret); -+} - - static int _asn1_Finish(ASN1_const_CTX *c) -- { -- if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) -- { -- if (!ASN1_const_check_infinite_end(&c->p,c->slen)) -- { -- c->error=ERR_R_MISSING_ASN1_EOS; -- return(0); -- } -- } -- if ( ((c->slen != 0) && !(c->inf & 1)) || -- ((c->slen < 0) && (c->inf & 1))) -- { -- c->error=ERR_R_ASN1_LENGTH_MISMATCH; -- return(0); -- } -- return(1); -- } -+{ -+ if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) { -+ if (!ASN1_const_check_infinite_end(&c->p, c->slen)) { -+ c->error = ERR_R_MISSING_ASN1_EOS; -+ return (0); -+ } -+ } -+ if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) { -+ c->error = ERR_R_ASN1_LENGTH_MISMATCH; -+ return (0); -+ } -+ return (1); -+} - - int asn1_Finish(ASN1_CTX *c) -- { -- return _asn1_Finish((ASN1_const_CTX *)c); -- } -+{ -+ return _asn1_Finish((ASN1_const_CTX *)c); -+} - - int asn1_const_Finish(ASN1_const_CTX *c) -- { -- return _asn1_Finish(c); -- } -+{ -+ return _asn1_Finish(c); -+} - - int asn1_GetSequence(ASN1_const_CTX *c, long *length) -- { -- const unsigned char *q; -- -- q=c->p; -- c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass), -- *length); -- if (c->inf & 0x80) -- { -- c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL; -- return(0); -- } -- if (c->tag != V_ASN1_SEQUENCE) -- { -- c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE; -- return(0); -- } -- (*length)-=(c->p-q); -- if (c->max && (*length < 0)) -- { -- c->error=ERR_R_ASN1_LENGTH_MISMATCH; -- return(0); -- } -- if (c->inf == (1|V_ASN1_CONSTRUCTED)) -- c->slen= *length+ *(c->pp)-c->p; -- c->eos=0; -- return(1); -- } -+{ -+ const unsigned char *q; -+ -+ q = c->p; -+ c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass), -+ *length); -+ if (c->inf & 0x80) { -+ c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL; -+ return (0); -+ } -+ if (c->tag != V_ASN1_SEQUENCE) { -+ c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE; -+ return (0); -+ } -+ (*length) -= (c->p - q); -+ if (c->max && (*length < 0)) { -+ c->error = ERR_R_ASN1_LENGTH_MISMATCH; -+ return (0); -+ } -+ if (c->inf == (1 | V_ASN1_CONSTRUCTED)) -+ c->slen = *length + *(c->pp) - c->p; -+ c->eos = 0; -+ return (1); -+} - - ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str) -- { -- ASN1_STRING *ret; -- -- if (str == NULL) return(NULL); -- if ((ret=ASN1_STRING_type_new(str->type)) == NULL) -- return(NULL); -- if (!ASN1_STRING_set(ret,str->data,str->length)) -- { -- ASN1_STRING_free(ret); -- return(NULL); -- } -- ret->flags = str->flags; -- return(ret); -- } -+{ -+ ASN1_STRING *ret; -+ -+ if (str == NULL) -+ return (NULL); -+ if ((ret = ASN1_STRING_type_new(str->type)) == NULL) -+ return (NULL); -+ if (!ASN1_STRING_set(ret, str->data, str->length)) { -+ ASN1_STRING_free(ret); -+ return (NULL); -+ } -+ ret->flags = str->flags; -+ return (ret); -+} - - int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) -- { -- unsigned char *c; -- const char *data=_data; -- -- if (len < 0) -- { -- if (data == NULL) -- return(0); -- else -- len=strlen(data); -- } -- if ((str->length < len) || (str->data == NULL)) -- { -- c=str->data; -- if (c == NULL) -- str->data=OPENSSL_malloc(len+1); -- else -- str->data=OPENSSL_realloc(c,len+1); -- -- if (str->data == NULL) -- { -- ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE); -- str->data=c; -- return(0); -- } -- } -- str->length=len; -- if (data != NULL) -- { -- memcpy(str->data,data,len); -- /* an allowance for strings :-) */ -- str->data[len]='\0'; -- } -- return(1); -- } -+{ -+ unsigned char *c; -+ const char *data = _data; -+ -+ if (len < 0) { -+ if (data == NULL) -+ return (0); -+ else -+ len = strlen(data); -+ } -+ if ((str->length < len) || (str->data == NULL)) { -+ c = str->data; -+ if (c == NULL) -+ str->data = OPENSSL_malloc(len + 1); -+ else -+ str->data = OPENSSL_realloc(c, len + 1); -+ -+ if (str->data == NULL) { -+ ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); -+ str->data = c; -+ return (0); -+ } -+ } -+ str->length = len; -+ if (data != NULL) { -+ memcpy(str->data, data, len); -+ /* an allowance for strings :-) */ -+ str->data[len] = '\0'; -+ } -+ return (1); -+} - - void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) -- { -- if (str->data) -- OPENSSL_free(str->data); -- str->data = data; -- str->length = len; -- } -+{ -+ if (str->data) -+ OPENSSL_free(str->data); -+ str->data = data; -+ str->length = len; -+} - - ASN1_STRING *ASN1_STRING_new(void) -- { -- return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); -- } -- -+{ -+ return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); -+} - - ASN1_STRING *ASN1_STRING_type_new(int type) -- { -- ASN1_STRING *ret; -- -- ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); -- if (ret == NULL) -- { -- ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- ret->length=0; -- ret->type=type; -- ret->data=NULL; -- ret->flags=0; -- return(ret); -- } -+{ -+ ASN1_STRING *ret; -+ -+ ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); -+ if (ret == NULL) { -+ ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ ret->length = 0; -+ ret->type = type; -+ ret->data = NULL; -+ ret->flags = 0; -+ return (ret); -+} - - void ASN1_STRING_free(ASN1_STRING *a) -- { -- if (a == NULL) return; -- if (a->data != NULL) OPENSSL_free(a->data); -- OPENSSL_free(a); -- } -+{ -+ if (a == NULL) -+ return; -+ if (a->data != NULL) -+ OPENSSL_free(a->data); -+ OPENSSL_free(a); -+} - - int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) -- { -- int i; -- -- i=(a->length-b->length); -- if (i == 0) -- { -- i=memcmp(a->data,b->data,a->length); -- if (i == 0) -- return(a->type-b->type); -- else -- return(i); -- } -- else -- return(i); -- } -+{ -+ int i; -+ -+ i = (a->length - b->length); -+ if (i == 0) { -+ i = memcmp(a->data, b->data, a->length); -+ if (i == 0) -+ return (a->type - b->type); -+ else -+ return (i); -+ } else -+ return (i); -+} - - void asn1_add_error(const unsigned char *address, int offset) -- { -- char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; -+{ -+ char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; - -- BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address); -- BIO_snprintf(buf2,sizeof buf2,"%d",offset); -- ERR_add_error_data(4,"address=",buf1," offset=",buf2); -- } -+ BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); -+ BIO_snprintf(buf2, sizeof buf2, "%d", offset); -+ ERR_add_error_data(4, "address=", buf1, " offset=", buf2); -+} - - int ASN1_STRING_length(ASN1_STRING *x) --{ return M_ASN1_STRING_length(x); } -+{ -+ return M_ASN1_STRING_length(x); -+} - - void ASN1_STRING_length_set(ASN1_STRING *x, int len) --{ M_ASN1_STRING_length_set(x, len); return; } -+{ -+ M_ASN1_STRING_length_set(x, len); -+ return; -+} - - int ASN1_STRING_type(ASN1_STRING *x) --{ return M_ASN1_STRING_type(x); } -- --unsigned char * ASN1_STRING_data(ASN1_STRING *x) --{ return M_ASN1_STRING_data(x); } -+{ -+ return M_ASN1_STRING_type(x); -+} -+ -+unsigned char *ASN1_STRING_data(ASN1_STRING *x) -+{ -+ return M_ASN1_STRING_data(x); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c -index cb08e15..e15e341 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,383 +62,350 @@ - #include - #include - --static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed, -- int indent); -+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, -+ int indent); - static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, -- int offset, int depth, int indent, int dump); -+ int offset, int depth, int indent, int dump); - static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, -- int indent) -- { -- static const char fmt[]="%-18s"; -- static const char fmt2[]="%2d %-15s"; -- char str[128]; -- const char *p,*p2=NULL; -+ int indent) -+{ -+ static const char fmt[] = "%-18s"; -+ static const char fmt2[] = "%2d %-15s"; -+ char str[128]; -+ const char *p, *p2 = NULL; - -- if (constructed & V_ASN1_CONSTRUCTED) -- p="cons: "; -- else -- p="prim: "; -- if (BIO_write(bp,p,6) < 6) goto err; -- BIO_indent(bp,indent,128); -+ if (constructed & V_ASN1_CONSTRUCTED) -+ p = "cons: "; -+ else -+ p = "prim: "; -+ if (BIO_write(bp, p, 6) < 6) -+ goto err; -+ BIO_indent(bp, indent, 128); - -- p=str; -- if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) -- BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag); -- else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) -- BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); -- else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) -- BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); -- else if (tag > 30) -- BIO_snprintf(str,sizeof str,"",tag); -- else -- p = ASN1_tag2str(tag); -+ p = str; -+ if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) -+ BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); -+ else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) -+ BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); -+ else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) -+ BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); -+ else if (tag > 30) -+ BIO_snprintf(str, sizeof str, "", tag); -+ else -+ p = ASN1_tag2str(tag); - -- if (p2 != NULL) -- { -- if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err; -- } -- else -- { -- if (BIO_printf(bp,fmt,p) <= 0) goto err; -- } -- return(1); --err: -- return(0); -- } -+ if (p2 != NULL) { -+ if (BIO_printf(bp, fmt2, tag, p2) <= 0) -+ goto err; -+ } else { -+ if (BIO_printf(bp, fmt, p) <= 0) -+ goto err; -+ } -+ return (1); -+ err: -+ return (0); -+} - - int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) -- { -- return(asn1_parse2(bp,&pp,len,0,0,indent,0)); -- } -+{ -+ return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0)); -+} - --int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump) -- { -- return(asn1_parse2(bp,&pp,len,0,0,indent,dump)); -- } -+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, -+ int dump) -+{ -+ return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump)); -+} - --static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, -- int depth, int indent, int dump) -- { -- const unsigned char *p,*ep,*tot,*op,*opp; -- long len; -- int tag,xclass,ret=0; -- int nl,hl,j,r; -- ASN1_OBJECT *o=NULL; -- ASN1_OCTET_STRING *os=NULL; -- /* ASN1_BMPSTRING *bmp=NULL;*/ -- int dump_indent; -+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, -+ int offset, int depth, int indent, int dump) -+{ -+ const unsigned char *p, *ep, *tot, *op, *opp; -+ long len; -+ int tag, xclass, ret = 0; -+ int nl, hl, j, r; -+ ASN1_OBJECT *o = NULL; -+ ASN1_OCTET_STRING *os = NULL; -+ /* ASN1_BMPSTRING *bmp=NULL; */ -+ int dump_indent; - - #if 0 -- dump_indent = indent; -+ dump_indent = indent; - #else -- dump_indent = 6; /* Because we know BIO_dump_indent() */ -+ dump_indent = 6; /* Because we know BIO_dump_indent() */ - #endif -- p= *pp; -- tot=p+length; -- op=p-1; -- while ((p < tot) && (op < p)) -- { -- op=p; -- j=ASN1_get_object(&p,&len,&tag,&xclass,length); -+ p = *pp; -+ tot = p + length; -+ op = p - 1; -+ while ((p < tot) && (op < p)) { -+ op = p; -+ j = ASN1_get_object(&p, &len, &tag, &xclass, length); - #ifdef LINT -- j=j; -+ j = j; - #endif -- if (j & 0x80) -- { -- if (BIO_write(bp,"Error in encoding\n",18) <= 0) -- goto end; -- ret=0; -- goto end; -- } -- hl=(p-op); -- length-=hl; -- /* if j == 0x21 it is a constructed indefinite length object */ -- if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp)) -- <= 0) goto end; -+ if (j & 0x80) { -+ if (BIO_write(bp, "Error in encoding\n", 18) <= 0) -+ goto end; -+ ret = 0; -+ goto end; -+ } -+ hl = (p - op); -+ length -= hl; -+ /* -+ * if j == 0x21 it is a constructed indefinite length object -+ */ -+ if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp)) -+ <= 0) -+ goto end; - -- if (j != (V_ASN1_CONSTRUCTED | 1)) -- { -- if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ", -- depth,(long)hl,len) <= 0) -- goto end; -- } -- else -- { -- if (BIO_printf(bp,"d=%-2d hl=%ld l=inf ", -- depth,(long)hl) <= 0) -- goto end; -- } -- if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0)) -- goto end; -- if (j & V_ASN1_CONSTRUCTED) -- { -- ep=p+len; -- if (BIO_write(bp,"\n",1) <= 0) goto end; -- if (len > length) -- { -- BIO_printf(bp, -- "length is greater than %ld\n",length); -- ret=0; -- goto end; -- } -- if ((j == 0x21) && (len == 0)) -- { -- for (;;) -- { -- r=asn1_parse2(bp,&p,(long)(tot-p), -- offset+(p - *pp),depth+1, -- indent,dump); -- if (r == 0) { ret=0; goto end; } -- if ((r == 2) || (p >= tot)) break; -- } -- } -- else -- while (p < ep) -- { -- r=asn1_parse2(bp,&p,(long)len, -- offset+(p - *pp),depth+1, -- indent,dump); -- if (r == 0) { ret=0; goto end; } -- } -- } -- else if (xclass != 0) -- { -- p+=len; -- if (BIO_write(bp,"\n",1) <= 0) goto end; -- } -- else -- { -- nl=0; -- if ( (tag == V_ASN1_PRINTABLESTRING) || -- (tag == V_ASN1_T61STRING) || -- (tag == V_ASN1_IA5STRING) || -- (tag == V_ASN1_VISIBLESTRING) || -- (tag == V_ASN1_NUMERICSTRING) || -- (tag == V_ASN1_UTF8STRING) || -- (tag == V_ASN1_UTCTIME) || -- (tag == V_ASN1_GENERALIZEDTIME)) -- { -- if (BIO_write(bp,":",1) <= 0) goto end; -- if ((len > 0) && -- BIO_write(bp,(const char *)p,(int)len) -- != (int)len) -- goto end; -- } -- else if (tag == V_ASN1_OBJECT) -- { -- opp=op; -- if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) -- { -- if (BIO_write(bp,":",1) <= 0) goto end; -- i2a_ASN1_OBJECT(bp,o); -- } -- else -- { -- if (BIO_write(bp,":BAD OBJECT",11) <= 0) -- goto end; -- } -- } -- else if (tag == V_ASN1_BOOLEAN) -- { -- int ii; -+ if (j != (V_ASN1_CONSTRUCTED | 1)) { -+ if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ", -+ depth, (long)hl, len) <= 0) -+ goto end; -+ } else { -+ if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", depth, (long)hl) <= 0) -+ goto end; -+ } -+ if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) -+ goto end; -+ if (j & V_ASN1_CONSTRUCTED) { -+ ep = p + len; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto end; -+ if (len > length) { -+ BIO_printf(bp, "length is greater than %ld\n", length); -+ ret = 0; -+ goto end; -+ } -+ if ((j == 0x21) && (len == 0)) { -+ for (;;) { -+ r = asn1_parse2(bp, &p, (long)(tot - p), -+ offset + (p - *pp), depth + 1, -+ indent, dump); -+ if (r == 0) { -+ ret = 0; -+ goto end; -+ } -+ if ((r == 2) || (p >= tot)) -+ break; -+ } -+ } else -+ while (p < ep) { -+ r = asn1_parse2(bp, &p, (long)len, -+ offset + (p - *pp), depth + 1, -+ indent, dump); -+ if (r == 0) { -+ ret = 0; -+ goto end; -+ } -+ } -+ } else if (xclass != 0) { -+ p += len; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto end; -+ } else { -+ nl = 0; -+ if ((tag == V_ASN1_PRINTABLESTRING) || -+ (tag == V_ASN1_T61STRING) || -+ (tag == V_ASN1_IA5STRING) || -+ (tag == V_ASN1_VISIBLESTRING) || -+ (tag == V_ASN1_NUMERICSTRING) || -+ (tag == V_ASN1_UTF8STRING) || -+ (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { -+ if (BIO_write(bp, ":", 1) <= 0) -+ goto end; -+ if ((len > 0) && BIO_write(bp, (const char *)p, (int)len) -+ != (int)len) -+ goto end; -+ } else if (tag == V_ASN1_OBJECT) { -+ opp = op; -+ if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) { -+ if (BIO_write(bp, ":", 1) <= 0) -+ goto end; -+ i2a_ASN1_OBJECT(bp, o); -+ } else { -+ if (BIO_write(bp, ":BAD OBJECT", 11) <= 0) -+ goto end; -+ } -+ } else if (tag == V_ASN1_BOOLEAN) { -+ int ii; - -- opp=op; -- ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); -- if (ii < 0) -- { -- if (BIO_write(bp,"Bad boolean\n",12) <= 0) -- goto end; -- } -- BIO_printf(bp,":%d",ii); -- } -- else if (tag == V_ASN1_BMPSTRING) -- { -- /* do the BMP thang */ -- } -- else if (tag == V_ASN1_OCTET_STRING) -- { -- int i,printable=1; -+ opp = op; -+ ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl); -+ if (ii < 0) { -+ if (BIO_write(bp, "Bad boolean\n", 12) <= 0) -+ goto end; -+ } -+ BIO_printf(bp, ":%d", ii); -+ } else if (tag == V_ASN1_BMPSTRING) { -+ /* do the BMP thang */ -+ } else if (tag == V_ASN1_OCTET_STRING) { -+ int i, printable = 1; - -- opp=op; -- os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); -- if (os != NULL && os->length > 0) -- { -- opp = os->data; -- /* testing whether the octet string is -- * printable */ -- for (i=0; ilength; i++) -- { -- if (( (opp[i] < ' ') && -- (opp[i] != '\n') && -- (opp[i] != '\r') && -- (opp[i] != '\t')) || -- (opp[i] > '~')) -- { -- printable=0; -- break; -- } -- } -- if (printable) -- /* printable string */ -- { -- if (BIO_write(bp,":",1) <= 0) -- goto end; -- if (BIO_write(bp,(const char *)opp, -- os->length) <= 0) -- goto end; -- } -- else if (!dump) -- /* not printable => print octet string -- * as hex dump */ -- { -- if (BIO_write(bp,"[HEX DUMP]:",11) <= 0) -- goto end; -- for (i=0; ilength; i++) -- { -- if (BIO_printf(bp,"%02X" -- , opp[i]) <= 0) -- goto end; -- } -- } -- else -- /* print the normal dump */ -- { -- if (!nl) -- { -- if (BIO_write(bp,"\n",1) <= 0) -- goto end; -- } -- if (BIO_dump_indent(bp, -- (const char *)opp, -- ((dump == -1 || dump > -- os->length)?os->length:dump), -- dump_indent) <= 0) -- goto end; -- nl=1; -- } -- } -- if (os != NULL) -- { -- M_ASN1_OCTET_STRING_free(os); -- os=NULL; -- } -- } -- else if (tag == V_ASN1_INTEGER) -- { -- ASN1_INTEGER *bs; -- int i; -+ opp = op; -+ os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl); -+ if (os != NULL && os->length > 0) { -+ opp = os->data; -+ /* -+ * testing whether the octet string is printable -+ */ -+ for (i = 0; i < os->length; i++) { -+ if (((opp[i] < ' ') && -+ (opp[i] != '\n') && -+ (opp[i] != '\r') && -+ (opp[i] != '\t')) || (opp[i] > '~')) { -+ printable = 0; -+ break; -+ } -+ } -+ if (printable) -+ /* printable string */ -+ { -+ if (BIO_write(bp, ":", 1) <= 0) -+ goto end; -+ if (BIO_write(bp, (const char *)opp, os->length) <= 0) -+ goto end; -+ } else if (!dump) -+ /* -+ * not printable => print octet string as hex dump -+ */ -+ { -+ if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0) -+ goto end; -+ for (i = 0; i < os->length; i++) { -+ if (BIO_printf(bp, "%02X", opp[i]) <= 0) -+ goto end; -+ } -+ } else -+ /* print the normal dump */ -+ { -+ if (!nl) { -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto end; -+ } -+ if (BIO_dump_indent(bp, -+ (const char *)opp, -+ ((dump == -1 || dump > -+ os-> -+ length) ? os->length : dump), -+ dump_indent) <= 0) -+ goto end; -+ nl = 1; -+ } -+ } -+ if (os != NULL) { -+ M_ASN1_OCTET_STRING_free(os); -+ os = NULL; -+ } -+ } else if (tag == V_ASN1_INTEGER) { -+ ASN1_INTEGER *bs; -+ int i; - -- opp=op; -- bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); -- if (bs != NULL) -- { -- if (BIO_write(bp,":",1) <= 0) goto end; -- if (bs->type == V_ASN1_NEG_INTEGER) -- if (BIO_write(bp,"-",1) <= 0) -- goto end; -- for (i=0; ilength; i++) -- { -- if (BIO_printf(bp,"%02X", -- bs->data[i]) <= 0) -- goto end; -- } -- if (bs->length == 0) -- { -- if (BIO_write(bp,"00",2) <= 0) -- goto end; -- } -- } -- else -- { -- if (BIO_write(bp,"BAD INTEGER",11) <= 0) -- goto end; -- } -- M_ASN1_INTEGER_free(bs); -- } -- else if (tag == V_ASN1_ENUMERATED) -- { -- ASN1_ENUMERATED *bs; -- int i; -+ opp = op; -+ bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); -+ if (bs != NULL) { -+ if (BIO_write(bp, ":", 1) <= 0) -+ goto end; -+ if (bs->type == V_ASN1_NEG_INTEGER) -+ if (BIO_write(bp, "-", 1) <= 0) -+ goto end; -+ for (i = 0; i < bs->length; i++) { -+ if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) -+ goto end; -+ } -+ if (bs->length == 0) { -+ if (BIO_write(bp, "00", 2) <= 0) -+ goto end; -+ } -+ } else { -+ if (BIO_write(bp, "BAD INTEGER", 11) <= 0) -+ goto end; -+ } -+ M_ASN1_INTEGER_free(bs); -+ } else if (tag == V_ASN1_ENUMERATED) { -+ ASN1_ENUMERATED *bs; -+ int i; - -- opp=op; -- bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); -- if (bs != NULL) -- { -- if (BIO_write(bp,":",1) <= 0) goto end; -- if (bs->type == V_ASN1_NEG_ENUMERATED) -- if (BIO_write(bp,"-",1) <= 0) -- goto end; -- for (i=0; ilength; i++) -- { -- if (BIO_printf(bp,"%02X", -- bs->data[i]) <= 0) -- goto end; -- } -- if (bs->length == 0) -- { -- if (BIO_write(bp,"00",2) <= 0) -- goto end; -- } -- } -- else -- { -- if (BIO_write(bp,"BAD ENUMERATED",11) <= 0) -- goto end; -- } -- M_ASN1_ENUMERATED_free(bs); -- } -- else if (len > 0 && dump) -- { -- if (!nl) -- { -- if (BIO_write(bp,"\n",1) <= 0) -- goto end; -- } -- if (BIO_dump_indent(bp,(const char *)p, -- ((dump == -1 || dump > len)?len:dump), -- dump_indent) <= 0) -- goto end; -- nl=1; -- } -+ opp = op; -+ bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); -+ if (bs != NULL) { -+ if (BIO_write(bp, ":", 1) <= 0) -+ goto end; -+ if (bs->type == V_ASN1_NEG_ENUMERATED) -+ if (BIO_write(bp, "-", 1) <= 0) -+ goto end; -+ for (i = 0; i < bs->length; i++) { -+ if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) -+ goto end; -+ } -+ if (bs->length == 0) { -+ if (BIO_write(bp, "00", 2) <= 0) -+ goto end; -+ } -+ } else { -+ if (BIO_write(bp, "BAD ENUMERATED", 11) <= 0) -+ goto end; -+ } -+ M_ASN1_ENUMERATED_free(bs); -+ } else if (len > 0 && dump) { -+ if (!nl) { -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto end; -+ } -+ if (BIO_dump_indent(bp, (const char *)p, -+ ((dump == -1 || dump > len) ? len : dump), -+ dump_indent) <= 0) -+ goto end; -+ nl = 1; -+ } - -- if (!nl) -- { -- if (BIO_write(bp,"\n",1) <= 0) goto end; -- } -- p+=len; -- if ((tag == V_ASN1_EOC) && (xclass == 0)) -- { -- ret=2; /* End of sequence */ -- goto end; -- } -- } -- length-=len; -- } -- ret=1; --end: -- if (o != NULL) ASN1_OBJECT_free(o); -- if (os != NULL) M_ASN1_OCTET_STRING_free(os); -- *pp=p; -- return(ret); -- } -+ if (!nl) { -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto end; -+ } -+ p += len; -+ if ((tag == V_ASN1_EOC) && (xclass == 0)) { -+ ret = 2; /* End of sequence */ -+ goto end; -+ } -+ } -+ length -= len; -+ } -+ ret = 1; -+ end: -+ if (o != NULL) -+ ASN1_OBJECT_free(o); -+ if (os != NULL) -+ M_ASN1_OCTET_STRING_free(os); -+ *pp = p; -+ return (ret); -+} - - const char *ASN1_tag2str(int tag) - { -- static const char *tag2str[] = { -- "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ -- "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ -- "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ -- "", "", "SEQUENCE", "SET", /* 15-17 */ -- "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */ -- "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */ -- "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */ -- "UNIVERSALSTRING", "", "BMPSTRING" /* 28-30 */ -- }; -+ static const char *tag2str[] = { -+ /* 0-4 */ -+ "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", -+ /* 5-9 */ -+ "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", -+ /* 10-13 */ -+ "ENUMERATED", "", "UTF8STRING", "", -+ /* 15-17 */ -+ "", "", "SEQUENCE", "SET", -+ /* 18-20 */ -+ "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", -+ /* 21-24 */ -+ "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", -+ /* 25-27 */ -+ "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", -+ /* 28-30 */ -+ "UNIVERSALSTRING", "", "BMPSTRING" -+ }; - -- if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) -- tag &= ~0x100; -+ if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) -+ tag &= ~0x100; - -- if(tag < 0 || tag > 30) return "(unknown)"; -- return tag2str[tag]; -+ if (tag < 0 || tag > 30) -+ return "(unknown)"; -+ return tag2str[tag]; - } -- -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -index 095887f..e7c5696 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c -@@ -1,5 +1,6 @@ - /* asn_mime.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,42 +61,43 @@ - #include - #include - --/* Generalised MIME like utilities for streaming ASN1. Although many -- * have a PKCS7/CMS like flavour others are more general purpose. -+/* -+ * Generalised MIME like utilities for streaming ASN1. Although many have a -+ * PKCS7/CMS like flavour others are more general purpose. - */ - --/* MIME format structures -- * Note that all are translated to lower case apart from -- * parameter values. Quotes are stripped off -+/* -+ * MIME format structures Note that all are translated to lower case apart -+ * from parameter values. Quotes are stripped off - */ - - typedef struct { --char *param_name; /* Param name e.g. "micalg" */ --char *param_value; /* Param value e.g. "sha1" */ -+ char *param_name; /* Param name e.g. "micalg" */ -+ char *param_value; /* Param value e.g. "sha1" */ - } MIME_PARAM; - - DECLARE_STACK_OF(MIME_PARAM) - IMPLEMENT_STACK_OF(MIME_PARAM) - - typedef struct { --char *name; /* Name of line e.g. "content-type" */ --char *value; /* Value of line e.g. "text/plain" */ --STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ -+ char *name; /* Name of line e.g. "content-type" */ -+ char *value; /* Value of line e.g. "text/plain" */ -+ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ - } MIME_HEADER; - - DECLARE_STACK_OF(MIME_HEADER) - IMPLEMENT_STACK_OF(MIME_HEADER) - --static char * strip_ends(char *name); --static char * strip_start(char *name); --static char * strip_end(char *name); -+static char *strip_ends(char *name); -+static char *strip_start(char *name); -+static char *strip_end(char *name); - static MIME_HEADER *mime_hdr_new(char *name, char *value); - static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); - static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); --static int mime_hdr_cmp(const MIME_HEADER * const *a, -- const MIME_HEADER * const *b); --static int mime_param_cmp(const MIME_PARAM * const *a, -- const MIME_PARAM * const *b); -+static int mime_hdr_cmp(const MIME_HEADER *const *a, -+ const MIME_HEADER *const *b); -+static int mime_param_cmp(const MIME_PARAM *const *a, -+ const MIME_PARAM *const *b); - static void mime_param_free(MIME_PARAM *param); - static int mime_bound_check(char *line, int linelen, char *bound, int blen); - static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -@@ -105,777 +107,799 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); - static void mime_hdr_free(MIME_HEADER *hdr); - - #define MAX_SMLEN 1024 --#define mime_debug(x) /* x */ -+#define mime_debug(x) /* x */ - - /* Base 64 read and write of ASN1 structure */ - - static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, -- const ASN1_ITEM *it) -- { -- BIO *b64; -- int r; -- b64 = BIO_new(BIO_f_base64()); -- if(!b64) -- { -- ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- /* prepend the b64 BIO so all data is base64 encoded. -- */ -- out = BIO_push(b64, out); -- r = ASN1_item_i2d_bio(it, out, val); -- (void)BIO_flush(out); -- BIO_pop(out); -- BIO_free(b64); -- return r; -- } -+ const ASN1_ITEM *it) -+{ -+ BIO *b64; -+ int r; -+ b64 = BIO_new(BIO_f_base64()); -+ if (!b64) { -+ ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ /* -+ * prepend the b64 BIO so all data is base64 encoded. -+ */ -+ out = BIO_push(b64, out); -+ r = ASN1_item_i2d_bio(it, out, val); -+ (void)BIO_flush(out); -+ BIO_pop(out); -+ BIO_free(b64); -+ return r; -+} - - static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) - { -- BIO *b64; -- ASN1_VALUE *val; -- if(!(b64 = BIO_new(BIO_f_base64()))) { -- ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- bio = BIO_push(b64, bio); -- val = ASN1_item_d2i_bio(it, bio, NULL); -- if(!val) -- ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR); -- (void)BIO_flush(bio); -- bio = BIO_pop(bio); -- BIO_free(b64); -- return val; -+ BIO *b64; -+ ASN1_VALUE *val; -+ if (!(b64 = BIO_new(BIO_f_base64()))) { -+ ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ bio = BIO_push(b64, bio); -+ val = ASN1_item_d2i_bio(it, bio, NULL); -+ if (!val) -+ ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR); -+ (void)BIO_flush(bio); -+ bio = BIO_pop(bio); -+ BIO_free(b64); -+ return val; - } - - /* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */ - - static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) -- { -- int i, have_unknown = 0, write_comma, md_nid; -- have_unknown = 0; -- write_comma = 0; -- for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) -- { -- if (write_comma) -- BIO_write(out, ",", 1); -- write_comma = 1; -- md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); -- switch(md_nid) -- { -- case NID_sha1: -- BIO_puts(out, "sha1"); -- break; -- -- case NID_md5: -- BIO_puts(out, "md5"); -- break; -- -- case NID_sha256: -- BIO_puts(out, "sha-256"); -- break; -- -- case NID_sha384: -- BIO_puts(out, "sha-384"); -- break; -- -- case NID_sha512: -- BIO_puts(out, "sha-512"); -- break; -- -- default: -- if (have_unknown) -- write_comma = 0; -- else -- { -- BIO_puts(out, "unknown"); -- have_unknown = 1; -- } -- break; -- -- } -- } -- -- return 1; -- -- } -+{ -+ int i, have_unknown = 0, write_comma, md_nid; -+ have_unknown = 0; -+ write_comma = 0; -+ for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) { -+ if (write_comma) -+ BIO_write(out, ",", 1); -+ write_comma = 1; -+ md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); -+ switch (md_nid) { -+ case NID_sha1: -+ BIO_puts(out, "sha1"); -+ break; -+ -+ case NID_md5: -+ BIO_puts(out, "md5"); -+ break; -+ -+ case NID_sha256: -+ BIO_puts(out, "sha-256"); -+ break; -+ -+ case NID_sha384: -+ BIO_puts(out, "sha-384"); -+ break; -+ -+ case NID_sha512: -+ BIO_puts(out, "sha-512"); -+ break; -+ -+ default: -+ if (have_unknown) -+ write_comma = 0; -+ else { -+ BIO_puts(out, "unknown"); -+ have_unknown = 1; -+ } -+ break; -+ -+ } -+ } -+ -+ return 1; -+ -+} - - /* SMIME sender */ - - int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, -- int ctype_nid, int econt_nid, -- STACK_OF(X509_ALGOR) *mdalgs, -- asn1_output_data_fn *data_fn, -- const ASN1_ITEM *it) -+ int ctype_nid, int econt_nid, -+ STACK_OF(X509_ALGOR) *mdalgs, -+ asn1_output_data_fn * data_fn, const ASN1_ITEM *it) - { -- char bound[33], c; -- int i; -- const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; -- const char *msg_type=NULL; -- if (flags & SMIME_OLDMIME) -- mime_prefix = "application/x-pkcs7-"; -- else -- mime_prefix = "application/pkcs7-"; -- -- if (flags & SMIME_CRLFEOL) -- mime_eol = "\r\n"; -- else -- mime_eol = "\n"; -- if((flags & SMIME_DETACHED) && data) { -- /* We want multipart/signed */ -- /* Generate a random boundary */ -- RAND_pseudo_bytes((unsigned char *)bound, 32); -- for(i = 0; i < 32; i++) { -- c = bound[i] & 0xf; -- if(c < 10) c += '0'; -- else c += 'A' - 10; -- bound[i] = c; -- } -- bound[32] = 0; -- BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); -- BIO_printf(bio, "Content-Type: multipart/signed;"); -- BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); -- BIO_puts(bio, " micalg=\""); -- asn1_write_micalg(bio, mdalgs); -- BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", -- bound, mime_eol, mime_eol); -- BIO_printf(bio, "This is an S/MIME signed message%s%s", -- mime_eol, mime_eol); -- /* Now write out the first part */ -- BIO_printf(bio, "------%s%s", bound, mime_eol); -- if (!data_fn(bio, data, val, flags, it)) -- return 0; -- BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); -- -- /* Headers for signature */ -- -- BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); -- BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); -- BIO_printf(bio, "Content-Transfer-Encoding: base64%s", -- mime_eol); -- BIO_printf(bio, "Content-Disposition: attachment;"); -- BIO_printf(bio, " filename=\"smime.p7s\"%s%s", -- mime_eol, mime_eol); -- B64_write_ASN1(bio, val, NULL, 0, it); -- BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, -- mime_eol, mime_eol); -- return 1; -- } -- -- /* Determine smime-type header */ -- -- if (ctype_nid == NID_pkcs7_enveloped) -- msg_type = "enveloped-data"; -- else if (ctype_nid == NID_pkcs7_signed) -- { -- if (econt_nid == NID_id_smime_ct_receipt) -- msg_type = "signed-receipt"; -- else if (sk_X509_ALGOR_num(mdalgs) >= 0) -- msg_type = "signed-data"; -- else -- msg_type = "certs-only"; -- } -- else if (ctype_nid == NID_id_smime_ct_compressedData) -- { -- msg_type = "compressed-data"; -- cname = "smime.p7z"; -- } -- /* MIME headers */ -- BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); -- BIO_printf(bio, "Content-Disposition: attachment;"); -- BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol); -- BIO_printf(bio, "Content-Type: %smime;", mime_prefix); -- if (msg_type) -- BIO_printf(bio, " smime-type=%s;", msg_type); -- BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); -- BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", -- mime_eol, mime_eol); -- if (!B64_write_ASN1(bio, val, data, flags, it)) -- return 0; -- BIO_printf(bio, "%s", mime_eol); -- return 1; -+ char bound[33], c; -+ int i; -+ const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; -+ const char *msg_type = NULL; -+ if (flags & SMIME_OLDMIME) -+ mime_prefix = "application/x-pkcs7-"; -+ else -+ mime_prefix = "application/pkcs7-"; -+ -+ if (flags & SMIME_CRLFEOL) -+ mime_eol = "\r\n"; -+ else -+ mime_eol = "\n"; -+ if ((flags & SMIME_DETACHED) && data) { -+ /* We want multipart/signed */ -+ /* Generate a random boundary */ -+ RAND_pseudo_bytes((unsigned char *)bound, 32); -+ for (i = 0; i < 32; i++) { -+ c = bound[i] & 0xf; -+ if (c < 10) -+ c += '0'; -+ else -+ c += 'A' - 10; -+ bound[i] = c; -+ } -+ bound[32] = 0; -+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); -+ BIO_printf(bio, "Content-Type: multipart/signed;"); -+ BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); -+ BIO_puts(bio, " micalg=\""); -+ asn1_write_micalg(bio, mdalgs); -+ BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", -+ bound, mime_eol, mime_eol); -+ BIO_printf(bio, "This is an S/MIME signed message%s%s", -+ mime_eol, mime_eol); -+ /* Now write out the first part */ -+ BIO_printf(bio, "------%s%s", bound, mime_eol); -+ if (!data_fn(bio, data, val, flags, it)) -+ return 0; -+ BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); -+ -+ /* Headers for signature */ -+ -+ BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); -+ BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); -+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol); -+ BIO_printf(bio, "Content-Disposition: attachment;"); -+ BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol); -+ B64_write_ASN1(bio, val, NULL, 0, it); -+ BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound, -+ mime_eol, mime_eol); -+ return 1; -+ } -+ -+ /* Determine smime-type header */ -+ -+ if (ctype_nid == NID_pkcs7_enveloped) -+ msg_type = "enveloped-data"; -+ else if (ctype_nid == NID_pkcs7_signed) { -+ if (econt_nid == NID_id_smime_ct_receipt) -+ msg_type = "signed-receipt"; -+ else if (sk_X509_ALGOR_num(mdalgs) >= 0) -+ msg_type = "signed-data"; -+ else -+ msg_type = "certs-only"; -+ } else if (ctype_nid == NID_id_smime_ct_compressedData) { -+ msg_type = "compressed-data"; -+ cname = "smime.p7z"; -+ } -+ /* MIME headers */ -+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); -+ BIO_printf(bio, "Content-Disposition: attachment;"); -+ BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol); -+ BIO_printf(bio, "Content-Type: %smime;", mime_prefix); -+ if (msg_type) -+ BIO_printf(bio, " smime-type=%s;", msg_type); -+ BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); -+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", -+ mime_eol, mime_eol); -+ if (!B64_write_ASN1(bio, val, data, flags, it)) -+ return 0; -+ BIO_printf(bio, "%s", mime_eol); -+ return 1; - } - - #if 0 - - /* Handle output of ASN1 data */ - -- - static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, -- const ASN1_ITEM *it) -- { -- BIO *tmpbio; -- const ASN1_AUX *aux = it->funcs; -- ASN1_STREAM_ARG sarg; -+ const ASN1_ITEM *it) -+{ -+ BIO *tmpbio; -+ const ASN1_AUX *aux = it->funcs; -+ ASN1_STREAM_ARG sarg; - -- if (!(flags & SMIME_DETACHED)) -- { -- SMIME_crlf_copy(data, out, flags); -- return 1; -- } -+ if (!(flags & SMIME_DETACHED)) { -+ SMIME_crlf_copy(data, out, flags); -+ return 1; -+ } - -- if (!aux || !aux->asn1_cb) -- { -- ASN1err(ASN1_F_ASN1_OUTPUT_DATA, -- ASN1_R_STREAMING_NOT_SUPPORTED); -- return 0; -- } -+ if (!aux || !aux->asn1_cb) { -+ ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED); -+ return 0; -+ } - -- sarg.out = out; -- sarg.ndef_bio = NULL; -- sarg.boundary = NULL; -+ sarg.out = out; -+ sarg.ndef_bio = NULL; -+ sarg.boundary = NULL; - -- /* Let ASN1 code prepend any needed BIOs */ -+ /* Let ASN1 code prepend any needed BIOs */ - -- if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0) -- return 0; -+ if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0) -+ return 0; - -- /* Copy data across, passing through filter BIOs for processing */ -- SMIME_crlf_copy(data, sarg.ndef_bio, flags); -+ /* Copy data across, passing through filter BIOs for processing */ -+ SMIME_crlf_copy(data, sarg.ndef_bio, flags); - -- /* Finalize structure */ -- if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) -- return 0; -+ /* Finalize structure */ -+ if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) -+ return 0; - -- /* Now remove any digests prepended to the BIO */ -+ /* Now remove any digests prepended to the BIO */ - -- while (sarg.ndef_bio != out) -- { -- tmpbio = BIO_pop(sarg.ndef_bio); -- BIO_free(sarg.ndef_bio); -- sarg.ndef_bio = tmpbio; -- } -+ while (sarg.ndef_bio != out) { -+ tmpbio = BIO_pop(sarg.ndef_bio); -+ BIO_free(sarg.ndef_bio); -+ sarg.ndef_bio = tmpbio; -+ } - -- return 1; -+ return 1; - -- } -+} - - #endif - --/* SMIME reader: handle multipart/signed and opaque signing. -- * in multipart case the content is placed in a memory BIO -- * pointed to by "bcont". In opaque this is set to NULL -+/* -+ * SMIME reader: handle multipart/signed and opaque signing. in multipart -+ * case the content is placed in a memory BIO pointed to by "bcont". In -+ * opaque this is set to NULL - */ - - ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) - { -- BIO *asnin; -- STACK_OF(MIME_HEADER) *headers = NULL; -- STACK_OF(BIO) *parts = NULL; -- MIME_HEADER *hdr; -- MIME_PARAM *prm; -- ASN1_VALUE *val; -- int ret; -- -- if(bcont) *bcont = NULL; -- -- if (!(headers = mime_parse_hdr(bio))) { -- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR); -- return NULL; -- } -- -- if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); -- return NULL; -- } -- -- /* Handle multipart/signed */ -- -- if(!strcmp(hdr->value, "multipart/signed")) { -- /* Split into two parts */ -- prm = mime_param_find(hdr, "boundary"); -- if(!prm || !prm->param_value) { -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); -- return NULL; -- } -- ret = multi_split(bio, prm->param_value, &parts); -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- if(!ret || (sk_BIO_num(parts) != 2) ) { -- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); -- sk_BIO_pop_free(parts, BIO_vfree); -- return NULL; -- } -- -- /* Parse the signature piece */ -- asnin = sk_BIO_value(parts, 1); -- -- if (!(headers = mime_parse_hdr(asnin))) { -- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR); -- sk_BIO_pop_free(parts, BIO_vfree); -- return NULL; -- } -- -- /* Get content type */ -- -- if(!(hdr = mime_hdr_find(headers, "content-type")) || -- !hdr->value) { -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); -- return NULL; -- } -- -- if(strcmp(hdr->value, "application/x-pkcs7-signature") && -- strcmp(hdr->value, "application/pkcs7-signature")) { -- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE); -- ERR_add_error_data(2, "type: ", hdr->value); -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- sk_BIO_pop_free(parts, BIO_vfree); -- return NULL; -- } -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- /* Read in ASN1 */ -- if(!(val = b64_read_asn1(asnin, it))) { -- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR); -- sk_BIO_pop_free(parts, BIO_vfree); -- return NULL; -- } -- -- if(bcont) { -- *bcont = sk_BIO_value(parts, 0); -- BIO_free(asnin); -- sk_BIO_free(parts); -- } else sk_BIO_pop_free(parts, BIO_vfree); -- return val; -- } -- -- /* OK, if not multipart/signed try opaque signature */ -- -- if (strcmp (hdr->value, "application/x-pkcs7-mime") && -- strcmp (hdr->value, "application/pkcs7-mime")) { -- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE); -- ERR_add_error_data(2, "type: ", hdr->value); -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- return NULL; -- } -- -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- -- if(!(val = b64_read_asn1(bio, it))) { -- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); -- return NULL; -- } -- return val; -+ BIO *asnin; -+ STACK_OF(MIME_HEADER) *headers = NULL; -+ STACK_OF(BIO) *parts = NULL; -+ MIME_HEADER *hdr; -+ MIME_PARAM *prm; -+ ASN1_VALUE *val; -+ int ret; -+ -+ if (bcont) -+ *bcont = NULL; -+ -+ if (!(headers = mime_parse_hdr(bio))) { -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR); -+ return NULL; -+ } -+ -+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); -+ return NULL; -+ } -+ -+ /* Handle multipart/signed */ -+ -+ if (!strcmp(hdr->value, "multipart/signed")) { -+ /* Split into two parts */ -+ prm = mime_param_find(hdr, "boundary"); -+ if (!prm || !prm->param_value) { -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); -+ return NULL; -+ } -+ ret = multi_split(bio, prm->param_value, &parts); -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ if (!ret || (sk_BIO_num(parts) != 2)) { -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); -+ sk_BIO_pop_free(parts, BIO_vfree); -+ return NULL; -+ } -+ -+ /* Parse the signature piece */ -+ asnin = sk_BIO_value(parts, 1); -+ -+ if (!(headers = mime_parse_hdr(asnin))) { -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR); -+ sk_BIO_pop_free(parts, BIO_vfree); -+ return NULL; -+ } -+ -+ /* Get content type */ -+ -+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); -+ return NULL; -+ } -+ -+ if (strcmp(hdr->value, "application/x-pkcs7-signature") && -+ strcmp(hdr->value, "application/pkcs7-signature")) { -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE); -+ ERR_add_error_data(2, "type: ", hdr->value); -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ sk_BIO_pop_free(parts, BIO_vfree); -+ return NULL; -+ } -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ /* Read in ASN1 */ -+ if (!(val = b64_read_asn1(asnin, it))) { -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); -+ sk_BIO_pop_free(parts, BIO_vfree); -+ return NULL; -+ } -+ -+ if (bcont) { -+ *bcont = sk_BIO_value(parts, 0); -+ BIO_free(asnin); -+ sk_BIO_free(parts); -+ } else -+ sk_BIO_pop_free(parts, BIO_vfree); -+ return val; -+ } -+ -+ /* OK, if not multipart/signed try opaque signature */ -+ -+ if (strcmp(hdr->value, "application/x-pkcs7-mime") && -+ strcmp(hdr->value, "application/pkcs7-mime")) { -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE); -+ ERR_add_error_data(2, "type: ", hdr->value); -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ return NULL; -+ } -+ -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ -+ if (!(val = b64_read_asn1(bio, it))) { -+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); -+ return NULL; -+ } -+ return val; - - } - - /* Copy text from one BIO to another making the output CRLF at EOL */ - int SMIME_crlf_copy(BIO *in, BIO *out, int flags) - { -- BIO *bf; -- char eol; -- int len; -- char linebuf[MAX_SMLEN]; -- /* Buffer output so we don't write one line at a time. This is -- * useful when streaming as we don't end up with one OCTET STRING -- * per line. -- */ -- bf = BIO_new(BIO_f_buffer()); -- if (!bf) -- return 0; -- out = BIO_push(bf, out); -- if(flags & SMIME_BINARY) -- { -- while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) -- BIO_write(out, linebuf, len); -- } -- else -- { -- if(flags & SMIME_TEXT) -- BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); -- while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) -- { -- eol = strip_eol(linebuf, &len); -- if (len) -- BIO_write(out, linebuf, len); -- if(eol) BIO_write(out, "\r\n", 2); -- } -- } -- (void)BIO_flush(out); -- BIO_pop(out); -- BIO_free(bf); -- return 1; -+ BIO *bf; -+ char eol; -+ int len; -+ char linebuf[MAX_SMLEN]; -+ /* -+ * Buffer output so we don't write one line at a time. This is useful -+ * when streaming as we don't end up with one OCTET STRING per line. -+ */ -+ bf = BIO_new(BIO_f_buffer()); -+ if (!bf) -+ return 0; -+ out = BIO_push(bf, out); -+ if (flags & SMIME_BINARY) { -+ while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) -+ BIO_write(out, linebuf, len); -+ } else { -+ if (flags & SMIME_TEXT) -+ BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); -+ while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { -+ eol = strip_eol(linebuf, &len); -+ if (len) -+ BIO_write(out, linebuf, len); -+ if (eol) -+ BIO_write(out, "\r\n", 2); -+ } -+ } -+ (void)BIO_flush(out); -+ BIO_pop(out); -+ BIO_free(bf); -+ return 1; - } - - /* Strip off headers if they are text/plain */ - int SMIME_text(BIO *in, BIO *out) - { -- char iobuf[4096]; -- int len; -- STACK_OF(MIME_HEADER) *headers; -- MIME_HEADER *hdr; -- -- if (!(headers = mime_parse_hdr(in))) { -- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR); -- return 0; -- } -- if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { -- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE); -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- return 0; -- } -- if (strcmp (hdr->value, "text/plain")) { -- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE); -- ERR_add_error_data(2, "type: ", hdr->value); -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- return 0; -- } -- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -- while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) -- BIO_write(out, iobuf, len); -- if (len < 0) -- return 0; -- return 1; -+ char iobuf[4096]; -+ int len; -+ STACK_OF(MIME_HEADER) *headers; -+ MIME_HEADER *hdr; -+ -+ if (!(headers = mime_parse_hdr(in))) { -+ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR); -+ return 0; -+ } -+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { -+ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE); -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ return 0; -+ } -+ if (strcmp(hdr->value, "text/plain")) { -+ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE); -+ ERR_add_error_data(2, "type: ", hdr->value); -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ return 0; -+ } -+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); -+ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) -+ BIO_write(out, iobuf, len); -+ if (len < 0) -+ return 0; -+ return 1; - } - --/* Split a multipart/XXX message body into component parts: result is -+/* -+ * Split a multipart/XXX message body into component parts: result is - * canonical parts in a STACK of bios - */ - - static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) - { -- char linebuf[MAX_SMLEN]; -- int len, blen; -- int eol = 0, next_eol = 0; -- BIO *bpart = NULL; -- STACK_OF(BIO) *parts; -- char state, part, first; -- -- blen = strlen(bound); -- part = 0; -- state = 0; -- first = 1; -- parts = sk_BIO_new_null(); -- *ret = parts; -- while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { -- state = mime_bound_check(linebuf, len, bound, blen); -- if(state == 1) { -- first = 1; -- part++; -- } else if(state == 2) { -- sk_BIO_push(parts, bpart); -- return 1; -- } else if(part) { -- /* Strip CR+LF from linebuf */ -- next_eol = strip_eol(linebuf, &len); -- if(first) { -- first = 0; -- if(bpart) sk_BIO_push(parts, bpart); -- bpart = BIO_new(BIO_s_mem()); -- BIO_set_mem_eof_return(bpart, 0); -- } else if (eol) -- BIO_write(bpart, "\r\n", 2); -- eol = next_eol; -- if (len) -- BIO_write(bpart, linebuf, len); -- } -- } -- return 0; -+ char linebuf[MAX_SMLEN]; -+ int len, blen; -+ int eol = 0, next_eol = 0; -+ BIO *bpart = NULL; -+ STACK_OF(BIO) *parts; -+ char state, part, first; -+ -+ blen = strlen(bound); -+ part = 0; -+ state = 0; -+ first = 1; -+ parts = sk_BIO_new_null(); -+ *ret = parts; -+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { -+ state = mime_bound_check(linebuf, len, bound, blen); -+ if (state == 1) { -+ first = 1; -+ part++; -+ } else if (state == 2) { -+ sk_BIO_push(parts, bpart); -+ return 1; -+ } else if (part) { -+ /* Strip CR+LF from linebuf */ -+ next_eol = strip_eol(linebuf, &len); -+ if (first) { -+ first = 0; -+ if (bpart) -+ sk_BIO_push(parts, bpart); -+ bpart = BIO_new(BIO_s_mem()); -+ BIO_set_mem_eof_return(bpart, 0); -+ } else if (eol) -+ BIO_write(bpart, "\r\n", 2); -+ eol = next_eol; -+ if (len) -+ BIO_write(bpart, linebuf, len); -+ } -+ } -+ return 0; - } - - /* This is the big one: parse MIME header lines up to message body */ - --#define MIME_INVALID 0 --#define MIME_START 1 --#define MIME_TYPE 2 --#define MIME_NAME 3 --#define MIME_VALUE 4 --#define MIME_QUOTE 5 --#define MIME_COMMENT 6 -- -+#define MIME_INVALID 0 -+#define MIME_START 1 -+#define MIME_TYPE 2 -+#define MIME_NAME 3 -+#define MIME_VALUE 4 -+#define MIME_QUOTE 5 -+#define MIME_COMMENT 6 - - static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) - { -- char *p, *q, c; -- char *ntmp; -- char linebuf[MAX_SMLEN]; -- MIME_HEADER *mhdr = NULL; -- STACK_OF(MIME_HEADER) *headers; -- int len, state, save_state = 0; -- -- headers = sk_MIME_HEADER_new(mime_hdr_cmp); -- if (!headers) -- return NULL; -- while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { -- /* If whitespace at line start then continuation line */ -- if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; -- else state = MIME_START; -- ntmp = NULL; -- /* Go through all characters */ -- for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { -- -- /* State machine to handle MIME headers -- * if this looks horrible that's because it *is* -- */ -- -- switch(state) { -- case MIME_START: -- if(c == ':') { -- state = MIME_TYPE; -- *p = 0; -- ntmp = strip_ends(q); -- q = p + 1; -- } -- break; -- -- case MIME_TYPE: -- if(c == ';') { -- mime_debug("Found End Value\n"); -- *p = 0; -- mhdr = mime_hdr_new(ntmp, strip_ends(q)); -- sk_MIME_HEADER_push(headers, mhdr); -- ntmp = NULL; -- q = p + 1; -- state = MIME_NAME; -- } else if(c == '(') { -- save_state = state; -- state = MIME_COMMENT; -- } -- break; -- -- case MIME_COMMENT: -- if(c == ')') { -- state = save_state; -- } -- break; -- -- case MIME_NAME: -- if(c == '=') { -- state = MIME_VALUE; -- *p = 0; -- ntmp = strip_ends(q); -- q = p + 1; -- } -- break ; -- -- case MIME_VALUE: -- if(c == ';') { -- state = MIME_NAME; -- *p = 0; -- mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); -- ntmp = NULL; -- q = p + 1; -- } else if (c == '"') { -- mime_debug("Found Quote\n"); -- state = MIME_QUOTE; -- } else if(c == '(') { -- save_state = state; -- state = MIME_COMMENT; -- } -- break; -- -- case MIME_QUOTE: -- if(c == '"') { -- mime_debug("Found Match Quote\n"); -- state = MIME_VALUE; -- } -- break; -- } -- } -- -- if(state == MIME_TYPE) { -- mhdr = mime_hdr_new(ntmp, strip_ends(q)); -- sk_MIME_HEADER_push(headers, mhdr); -- } else if(state == MIME_VALUE) -- mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); -- if(p == linebuf) break; /* Blank line means end of headers */ --} -- --return headers; -+ char *p, *q, c; -+ char *ntmp; -+ char linebuf[MAX_SMLEN]; -+ MIME_HEADER *mhdr = NULL; -+ STACK_OF(MIME_HEADER) *headers; -+ int len, state, save_state = 0; -+ -+ headers = sk_MIME_HEADER_new(mime_hdr_cmp); -+ if (!headers) -+ return NULL; -+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { -+ /* If whitespace at line start then continuation line */ -+ if (mhdr && isspace((unsigned char)linebuf[0])) -+ state = MIME_NAME; -+ else -+ state = MIME_START; -+ ntmp = NULL; -+ /* Go through all characters */ -+ for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n'); -+ p++) { -+ -+ /* -+ * State machine to handle MIME headers if this looks horrible -+ * that's because it *is* -+ */ -+ -+ switch (state) { -+ case MIME_START: -+ if (c == ':') { -+ state = MIME_TYPE; -+ *p = 0; -+ ntmp = strip_ends(q); -+ q = p + 1; -+ } -+ break; -+ -+ case MIME_TYPE: -+ if (c == ';') { -+ mime_debug("Found End Value\n"); -+ *p = 0; -+ mhdr = mime_hdr_new(ntmp, strip_ends(q)); -+ sk_MIME_HEADER_push(headers, mhdr); -+ ntmp = NULL; -+ q = p + 1; -+ state = MIME_NAME; -+ } else if (c == '(') { -+ save_state = state; -+ state = MIME_COMMENT; -+ } -+ break; -+ -+ case MIME_COMMENT: -+ if (c == ')') { -+ state = save_state; -+ } -+ break; -+ -+ case MIME_NAME: -+ if (c == '=') { -+ state = MIME_VALUE; -+ *p = 0; -+ ntmp = strip_ends(q); -+ q = p + 1; -+ } -+ break; -+ -+ case MIME_VALUE: -+ if (c == ';') { -+ state = MIME_NAME; -+ *p = 0; -+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); -+ ntmp = NULL; -+ q = p + 1; -+ } else if (c == '"') { -+ mime_debug("Found Quote\n"); -+ state = MIME_QUOTE; -+ } else if (c == '(') { -+ save_state = state; -+ state = MIME_COMMENT; -+ } -+ break; -+ -+ case MIME_QUOTE: -+ if (c == '"') { -+ mime_debug("Found Match Quote\n"); -+ state = MIME_VALUE; -+ } -+ break; -+ } -+ } -+ -+ if (state == MIME_TYPE) { -+ mhdr = mime_hdr_new(ntmp, strip_ends(q)); -+ sk_MIME_HEADER_push(headers, mhdr); -+ } else if (state == MIME_VALUE) -+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); -+ if (p == linebuf) -+ break; /* Blank line means end of headers */ -+ } -+ -+ return headers; - - } - - static char *strip_ends(char *name) - { -- return strip_end(strip_start(name)); -+ return strip_end(strip_start(name)); - } - - /* Strip a parameter of whitespace from start of param */ - static char *strip_start(char *name) - { -- char *p, c; -- /* Look for first non white space or quote */ -- for(p = name; (c = *p) ;p++) { -- if(c == '"') { -- /* Next char is start of string if non null */ -- if(p[1]) return p + 1; -- /* Else null string */ -- return NULL; -- } -- if(!isspace((unsigned char)c)) return p; -- } -- return NULL; -+ char *p, c; -+ /* Look for first non white space or quote */ -+ for (p = name; (c = *p); p++) { -+ if (c == '"') { -+ /* Next char is start of string if non null */ -+ if (p[1]) -+ return p + 1; -+ /* Else null string */ -+ return NULL; -+ } -+ if (!isspace((unsigned char)c)) -+ return p; -+ } -+ return NULL; - } - - /* As above but strip from end of string : maybe should handle brackets? */ - static char *strip_end(char *name) - { -- char *p, c; -- if(!name) return NULL; -- /* Look for first non white space or quote */ -- for(p = name + strlen(name) - 1; p >= name ;p--) { -- c = *p; -- if(c == '"') { -- if(p - 1 == name) return NULL; -- *p = 0; -- return name; -- } -- if(isspace((unsigned char)c)) *p = 0; -- else return name; -- } -- return NULL; -+ char *p, c; -+ if (!name) -+ return NULL; -+ /* Look for first non white space or quote */ -+ for (p = name + strlen(name) - 1; p >= name; p--) { -+ c = *p; -+ if (c == '"') { -+ if (p - 1 == name) -+ return NULL; -+ *p = 0; -+ return name; -+ } -+ if (isspace((unsigned char)c)) -+ *p = 0; -+ else -+ return name; -+ } -+ return NULL; - } - - static MIME_HEADER *mime_hdr_new(char *name, char *value) - { -- MIME_HEADER *mhdr; -- char *tmpname, *tmpval, *p; -- int c; -- if(name) { -- if(!(tmpname = BUF_strdup(name))) return NULL; -- for(p = tmpname ; *p; p++) { -- c = *p; -- if(isupper(c)) { -- c = tolower(c); -- *p = c; -- } -- } -- } else tmpname = NULL; -- if(value) { -- if(!(tmpval = BUF_strdup(value))) return NULL; -- for(p = tmpval ; *p; p++) { -- c = *p; -- if(isupper(c)) { -- c = tolower(c); -- *p = c; -- } -- } -- } else tmpval = NULL; -- mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER)); -- if(!mhdr) return NULL; -- mhdr->name = tmpname; -- mhdr->value = tmpval; -- if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL; -- return mhdr; -+ MIME_HEADER *mhdr; -+ char *tmpname, *tmpval, *p; -+ int c; -+ if (name) { -+ if (!(tmpname = BUF_strdup(name))) -+ return NULL; -+ for (p = tmpname; *p; p++) { -+ c = *p; -+ if (isupper(c)) { -+ c = tolower(c); -+ *p = c; -+ } -+ } -+ } else -+ tmpname = NULL; -+ if (value) { -+ if (!(tmpval = BUF_strdup(value))) -+ return NULL; -+ for (p = tmpval; *p; p++) { -+ c = *p; -+ if (isupper(c)) { -+ c = tolower(c); -+ *p = c; -+ } -+ } -+ } else -+ tmpval = NULL; -+ mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER)); -+ if (!mhdr) -+ return NULL; -+ mhdr->name = tmpname; -+ mhdr->value = tmpval; -+ if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) -+ return NULL; -+ return mhdr; - } -- -+ - static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) - { -- char *tmpname, *tmpval, *p; -- int c; -- MIME_PARAM *mparam; -- if(name) { -- tmpname = BUF_strdup(name); -- if(!tmpname) return 0; -- for(p = tmpname ; *p; p++) { -- c = *p; -- if(isupper(c)) { -- c = tolower(c); -- *p = c; -- } -- } -- } else tmpname = NULL; -- if(value) { -- tmpval = BUF_strdup(value); -- if(!tmpval) return 0; -- } else tmpval = NULL; -- /* Parameter values are case sensitive so leave as is */ -- mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM)); -- if(!mparam) return 0; -- mparam->param_name = tmpname; -- mparam->param_value = tmpval; -- sk_MIME_PARAM_push(mhdr->params, mparam); -- return 1; -+ char *tmpname, *tmpval, *p; -+ int c; -+ MIME_PARAM *mparam; -+ if (name) { -+ tmpname = BUF_strdup(name); -+ if (!tmpname) -+ return 0; -+ for (p = tmpname; *p; p++) { -+ c = *p; -+ if (isupper(c)) { -+ c = tolower(c); -+ *p = c; -+ } -+ } -+ } else -+ tmpname = NULL; -+ if (value) { -+ tmpval = BUF_strdup(value); -+ if (!tmpval) -+ return 0; -+ } else -+ tmpval = NULL; -+ /* Parameter values are case sensitive so leave as is */ -+ mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM)); -+ if (!mparam) -+ return 0; -+ mparam->param_name = tmpname; -+ mparam->param_value = tmpval; -+ sk_MIME_PARAM_push(mhdr->params, mparam); -+ return 1; - } - --static int mime_hdr_cmp(const MIME_HEADER * const *a, -- const MIME_HEADER * const *b) -+static int mime_hdr_cmp(const MIME_HEADER *const *a, -+ const MIME_HEADER *const *b) - { -- if (!(*a)->name || !(*b)->name) -- return !!(*a)->name - !!(*b)->name; -+ if (!(*a)->name || !(*b)->name) -+ return ! !(*a)->name - ! !(*b)->name; - -- return(strcmp((*a)->name, (*b)->name)); -+ return (strcmp((*a)->name, (*b)->name)); - } - --static int mime_param_cmp(const MIME_PARAM * const *a, -- const MIME_PARAM * const *b) -+static int mime_param_cmp(const MIME_PARAM *const *a, -+ const MIME_PARAM *const *b) - { -- if (!(*a)->param_name || !(*b)->param_name) -- return !!(*a)->param_name - !!(*b)->param_name; -- return(strcmp((*a)->param_name, (*b)->param_name)); -+ if (!(*a)->param_name || !(*b)->param_name) -+ return ! !(*a)->param_name - ! !(*b)->param_name; -+ return (strcmp((*a)->param_name, (*b)->param_name)); - } - - /* Find a header with a given name (if possible) */ - - static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) - { -- MIME_HEADER htmp; -- int idx; -- htmp.name = name; -- idx = sk_MIME_HEADER_find(hdrs, &htmp); -- if(idx < 0) return NULL; -- return sk_MIME_HEADER_value(hdrs, idx); -+ MIME_HEADER htmp; -+ int idx; -+ htmp.name = name; -+ idx = sk_MIME_HEADER_find(hdrs, &htmp); -+ if (idx < 0) -+ return NULL; -+ return sk_MIME_HEADER_value(hdrs, idx); - } - - static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) - { -- MIME_PARAM param; -- int idx; -- param.param_name = name; -- idx = sk_MIME_PARAM_find(hdr->params, ¶m); -- if(idx < 0) return NULL; -- return sk_MIME_PARAM_value(hdr->params, idx); -+ MIME_PARAM param; -+ int idx; -+ param.param_name = name; -+ idx = sk_MIME_PARAM_find(hdr->params, ¶m); -+ if (idx < 0) -+ return NULL; -+ return sk_MIME_PARAM_value(hdr->params, idx); - } - - static void mime_hdr_free(MIME_HEADER *hdr) - { -- if(hdr->name) OPENSSL_free(hdr->name); -- if(hdr->value) OPENSSL_free(hdr->value); -- if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); -- OPENSSL_free(hdr); -+ if (hdr->name) -+ OPENSSL_free(hdr->name); -+ if (hdr->value) -+ OPENSSL_free(hdr->value); -+ if (hdr->params) -+ sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); -+ OPENSSL_free(hdr); - } - - static void mime_param_free(MIME_PARAM *param) - { -- if(param->param_name) OPENSSL_free(param->param_name); -- if(param->param_value) OPENSSL_free(param->param_value); -- OPENSSL_free(param); -+ if (param->param_name) -+ OPENSSL_free(param->param_name); -+ if (param->param_value) -+ OPENSSL_free(param->param_value); -+ OPENSSL_free(param); - } - --/* Check for a multipart boundary. Returns: -+/*- -+ * Check for a multipart boundary. Returns: - * 0 : no boundary - * 1 : part boundary - * 2 : final boundary - */ - static int mime_bound_check(char *line, int linelen, char *bound, int blen) - { -- if(linelen == -1) linelen = strlen(line); -- if(blen == -1) blen = strlen(bound); -- /* Quickly eliminate if line length too short */ -- if(blen + 2 > linelen) return 0; -- /* Check for part boundary */ -- if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { -- if(!strncmp(line + blen + 2, "--", 2)) return 2; -- else return 1; -- } -- return 0; -+ if (linelen == -1) -+ linelen = strlen(line); -+ if (blen == -1) -+ blen = strlen(bound); -+ /* Quickly eliminate if line length too short */ -+ if (blen + 2 > linelen) -+ return 0; -+ /* Check for part boundary */ -+ if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { -+ if (!strncmp(line + blen + 2, "--", 2)) -+ return 2; -+ else -+ return 1; -+ } -+ return 0; - } - - static int strip_eol(char *linebuf, int *plen) -- { -- int len = *plen; -- char *p, c; -- int is_eol = 0; -- p = linebuf + len - 1; -- for (p = linebuf + len - 1; len > 0; len--, p--) -- { -- c = *p; -- if (c == '\n') -- is_eol = 1; -- else if (c != '\r') -- break; -- } -- *plen = len; -- return is_eol; -- } -+{ -+ int len = *plen; -+ char *p, c; -+ int is_eol = 0; -+ p = linebuf + len - 1; -+ for (p = linebuf + len - 1; len > 0; len--, p--) { -+ c = *p; -+ if (c == '\n') -+ is_eol = 1; -+ else if (c != '\r') -+ break; -+ } -+ *plen = len; -+ return is_eol; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c -index 1ea6a59..fab2dd9 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c -@@ -1,6 +1,7 @@ - /* asn_moid.c */ --/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -69,92 +70,84 @@ - static int do_create(char *value, char *name); - - static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) -- { -- int i; -- const char *oid_section; -- STACK_OF(CONF_VALUE) *sktmp; -- CONF_VALUE *oval; -- oid_section = CONF_imodule_get_value(md); -- if(!(sktmp = NCONF_get_section(cnf, oid_section))) -- { -- ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); -- return 0; -- } -- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) -- { -- oval = sk_CONF_VALUE_value(sktmp, i); -- if(!do_create(oval->value, oval->name)) -- { -- ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); -- return 0; -- } -- } -- return 1; -- } -+{ -+ int i; -+ const char *oid_section; -+ STACK_OF(CONF_VALUE) *sktmp; -+ CONF_VALUE *oval; -+ oid_section = CONF_imodule_get_value(md); -+ if (!(sktmp = NCONF_get_section(cnf, oid_section))) { -+ ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); -+ return 0; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { -+ oval = sk_CONF_VALUE_value(sktmp, i); -+ if (!do_create(oval->value, oval->name)) { -+ ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); -+ return 0; -+ } -+ } -+ return 1; -+} - - static void oid_module_finish(CONF_IMODULE *md) -- { -- OBJ_cleanup(); -- } -+{ -+ OBJ_cleanup(); -+} - - void ASN1_add_oid_module(void) -- { -- CONF_module_add("oid_section", oid_module_init, oid_module_finish); -- } -+{ -+ CONF_module_add("oid_section", oid_module_init, oid_module_finish); -+} - --/* Create an OID based on a name value pair. Accept two formats. -+/*- -+ * Create an OID based on a name value pair. Accept two formats. - * shortname = 1.2.3.4 - * shortname = some long name, 1.2.3.4 - */ - -- - static int do_create(char *value, char *name) -- { -- int nid; -- ASN1_OBJECT *oid; -- char *ln, *ostr, *p, *lntmp; -- p = strrchr(value, ','); -- if (!p) -- { -- ln = name; -- ostr = value; -- } -- else -- { -- ln = NULL; -- ostr = p + 1; -- if (!*ostr) -- return 0; -- while(isspace((unsigned char)*ostr)) ostr++; -- } -+{ -+ int nid; -+ ASN1_OBJECT *oid; -+ char *ln, *ostr, *p, *lntmp; -+ p = strrchr(value, ','); -+ if (!p) { -+ ln = name; -+ ostr = value; -+ } else { -+ ln = NULL; -+ ostr = p + 1; -+ if (!*ostr) -+ return 0; -+ while (isspace((unsigned char)*ostr)) -+ ostr++; -+ } - -- nid = OBJ_create(ostr, name, ln); -+ nid = OBJ_create(ostr, name, ln); - -- if (nid == NID_undef) -- return 0; -+ if (nid == NID_undef) -+ return 0; - -- if (p) -- { -- ln = value; -- while(isspace((unsigned char)*ln)) ln++; -- p--; -- while(isspace((unsigned char)*p)) -- { -- if (p == ln) -- return 0; -- p--; -- } -- p++; -- lntmp = OPENSSL_malloc((p - ln) + 1); -- if (lntmp == NULL) -- return 0; -- memcpy(lntmp, ln, p - ln); -- lntmp[p - ln] = 0; -- oid = OBJ_nid2obj(nid); -- oid->ln = lntmp; -- } -+ if (p) { -+ ln = value; -+ while (isspace((unsigned char)*ln)) -+ ln++; -+ p--; -+ while (isspace((unsigned char)*p)) { -+ if (p == ln) -+ return 0; -+ p--; -+ } -+ p++; -+ lntmp = OPENSSL_malloc((p - ln) + 1); -+ if (lntmp == NULL) -+ return 0; -+ memcpy(lntmp, ln, p - ln); -+ lntmp[p - ln] = 0; -+ oid = OBJ_nid2obj(nid); -+ oid->ln = lntmp; -+ } - -- return 1; -- } -- -- -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -index c373714..0f460d0 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c -@@ -1,6 +1,7 @@ - /* asn_pack.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -67,90 +68,94 @@ - /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ - - STACK *ASN1_seq_unpack(const unsigned char *buf, int len, -- d2i_of_void *d2i,void (*free_func)(void *)) -+ d2i_of_void *d2i, void (*free_func) (void *)) - { - STACK *sk; - const unsigned char *pbuf; -- pbuf = buf; -+ pbuf = buf; - if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, -- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) -- ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR); -+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) -+ ASN1err(ASN1_F_ASN1_SEQ_UNPACK, ASN1_R_DECODE_ERROR); - return sk; - } - --/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a -+/* -+ * Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a - * OPENSSL_malloc'ed buffer - */ - --unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, -- unsigned char **buf, int *len) -+unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d, -+ unsigned char **buf, int *len) - { -- int safelen; -- unsigned char *safe, *p; -- if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE, -- V_ASN1_UNIVERSAL, IS_SEQUENCE))) { -- ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR); -- return NULL; -- } -- if (!(safe = OPENSSL_malloc (safelen))) { -- ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- p = safe; -- i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, -- IS_SEQUENCE); -- if (len) *len = safelen; -- if (buf) *buf = safe; -- return safe; -+ int safelen; -+ unsigned char *safe, *p; -+ if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE, -+ V_ASN1_UNIVERSAL, IS_SEQUENCE))) { -+ ASN1err(ASN1_F_ASN1_SEQ_PACK, ASN1_R_ENCODE_ERROR); -+ return NULL; -+ } -+ if (!(safe = OPENSSL_malloc(safelen))) { -+ ASN1err(ASN1_F_ASN1_SEQ_PACK, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ p = safe; -+ i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, -+ IS_SEQUENCE); -+ if (len) -+ *len = safelen; -+ if (buf) -+ *buf = safe; -+ return safe; - } - - /* Extract an ASN1 object from an ASN1_STRING */ - - void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i) - { -- const unsigned char *p; -- char *ret; -+ const unsigned char *p; -+ char *ret; - -- p = oct->data; -- if(!(ret = d2i(NULL, &p, oct->length))) -- ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR); -- return ret; -+ p = oct->data; -+ if (!(ret = d2i(NULL, &p, oct->length))) -+ ASN1err(ASN1_F_ASN1_UNPACK_STRING, ASN1_R_DECODE_ERROR); -+ return ret; - } - - /* Pack an ASN1 object into an ASN1_STRING */ - - ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) - { -- unsigned char *p; -- ASN1_STRING *octmp; -- -- if (!oct || !*oct) { -- if (!(octmp = ASN1_STRING_new ())) { -- ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- if (oct) *oct = octmp; -- } else octmp = *oct; -- -- if (!(octmp->length = i2d(obj, NULL))) { -- ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); -- goto err; -- } -- if (!(p = OPENSSL_malloc (octmp->length))) { -- ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- octmp->data = p; -- i2d (obj, &p); -- return octmp; -- err: -- if (!oct || !*oct) -- { -- ASN1_STRING_free(octmp); -- if (oct) -- *oct = NULL; -- } -- return NULL; -+ unsigned char *p; -+ ASN1_STRING *octmp; -+ -+ if (!oct || !*oct) { -+ if (!(octmp = ASN1_STRING_new())) { -+ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ if (oct) -+ *oct = octmp; -+ } else -+ octmp = *oct; -+ -+ if (!(octmp->length = i2d(obj, NULL))) { -+ ASN1err(ASN1_F_ASN1_PACK_STRING, ASN1_R_ENCODE_ERROR); -+ goto err; -+ } -+ if (!(p = OPENSSL_malloc(octmp->length))) { -+ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ octmp->data = p; -+ i2d(obj, &p); -+ return octmp; -+ err: -+ if (!oct || !*oct) { -+ ASN1_STRING_free(octmp); -+ if (oct) -+ *oct = NULL; -+ } -+ return NULL; - } - - #endif -@@ -159,41 +164,43 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) - - ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) - { -- ASN1_STRING *octmp; -- -- if (!oct || !*oct) { -- if (!(octmp = ASN1_STRING_new ())) { -- ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- if (oct) *oct = octmp; -- } else octmp = *oct; -- -- if(octmp->data) { -- OPENSSL_free(octmp->data); -- octmp->data = NULL; -- } -- -- if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { -- ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR); -- return NULL; -- } -- if (!octmp->data) { -- ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- return octmp; -+ ASN1_STRING *octmp; -+ -+ if (!oct || !*oct) { -+ if (!(octmp = ASN1_STRING_new())) { -+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ if (oct) -+ *oct = octmp; -+ } else -+ octmp = *oct; -+ -+ if (octmp->data) { -+ OPENSSL_free(octmp->data); -+ octmp->data = NULL; -+ } -+ -+ if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { -+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); -+ return NULL; -+ } -+ if (!octmp->data) { -+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ return octmp; - } - - /* Extract an ASN1 object from an ASN1_STRING */ - - void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) - { -- const unsigned char *p; -- void *ret; -+ const unsigned char *p; -+ void *ret; - -- p = oct->data; -- if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) -- ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR); -- return ret; -+ p = oct->data; -+ if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) -+ ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR); -+ return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c -index 207ccda..3218862 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,99 +63,107 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_EC --#include -+# include - #endif - - EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, -- long length) -- { -- EVP_PKEY *ret; -+ long length) -+{ -+ EVP_PKEY *ret; - -- if ((a == NULL) || (*a == NULL)) -- { -- if ((ret=EVP_PKEY_new()) == NULL) -- { -- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB); -- return(NULL); -- } -- } -- else ret= *a; -+ if ((a == NULL) || (*a == NULL)) { -+ if ((ret = EVP_PKEY_new()) == NULL) { -+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB); -+ return (NULL); -+ } -+ } else -+ ret = *a; - -- ret->save_type=type; -- ret->type=EVP_PKEY_type(type); -- switch (ret->type) -- { -+ ret->save_type = type; -+ ret->type = EVP_PKEY_type(type); -+ switch (ret->type) { - #ifndef OPENSSL_NO_RSA -- case EVP_PKEY_RSA: -- if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL, -- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ -- { -- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); -- goto err; -- } -- break; -+ case EVP_PKEY_RSA: -+ /* TMP UGLY CAST */ -+ if ((ret->pkey.rsa = d2i_RSAPrivateKey(NULL, -+ (const unsigned char **)pp, -+ length)) == NULL) { -+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ break; - #endif - #ifndef OPENSSL_NO_DSA -- case EVP_PKEY_DSA: -- if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL, -- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ -- { -- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); -- goto err; -- } -- break; -+ case EVP_PKEY_DSA: -+ /* TMP UGLY CAST */ -+ if ((ret->pkey.dsa = d2i_DSAPrivateKey(NULL, -+ (const unsigned char **)pp, -+ length)) == NULL) { -+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ break; - #endif - #ifndef OPENSSL_NO_EC -- case EVP_PKEY_EC: -- if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, -- (const unsigned char **)pp, length)) == NULL) -- { -- ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); -- goto err; -- } -- break; -+ case EVP_PKEY_EC: -+ if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, -+ (const unsigned char **)pp, -+ length)) == NULL) { -+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ break; - #endif -- default: -- ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); -- goto err; -- /* break; */ -- } -- if (a != NULL) (*a)=ret; -- return(ret); --err: -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret); -- return(NULL); -- } -+ default: -+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); -+ goto err; -+ /* break; */ -+ } -+ if (a != NULL) -+ (*a) = ret; -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ EVP_PKEY_free(ret); -+ return (NULL); -+} - --/* This works like d2i_PrivateKey() except it automatically works out the type */ -+/* -+ * This works like d2i_PrivateKey() except it automatically works out the -+ * type -+ */ - - EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, -- long length) -+ long length) - { -- STACK_OF(ASN1_TYPE) *inkey; -- const unsigned char *p; -- int keytype; -- p = *pp; -- /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): -- * by analyzing it we can determine the passed structure: this -- * assumes the input is surrounded by an ASN1 SEQUENCE. -- */ -- inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, -- ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -- /* Since we only need to discern "traditional format" RSA and DSA -- * keys we can just count the elements. -- */ -- if(sk_ASN1_TYPE_num(inkey) == 6) -- keytype = EVP_PKEY_DSA; -- else if (sk_ASN1_TYPE_num(inkey) == 4) -- keytype = EVP_PKEY_EC; -- else keytype = EVP_PKEY_RSA; -- sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); -- return d2i_PrivateKey(keytype, a, pp, length); -+ STACK_OF(ASN1_TYPE) *inkey; -+ const unsigned char *p; -+ int keytype; -+ p = *pp; -+ /* -+ * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by -+ * analyzing it we can determine the passed structure: this assumes the -+ * input is surrounded by an ASN1 SEQUENCE. -+ */ -+ inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, -+ ASN1_TYPE_free, V_ASN1_SEQUENCE, -+ V_ASN1_UNIVERSAL); -+ /* -+ * Since we only need to discern "traditional format" RSA and DSA keys we -+ * can just count the elements. -+ */ -+ if (sk_ASN1_TYPE_num(inkey) == 6) -+ keytype = EVP_PKEY_DSA; -+ else if (sk_ASN1_TYPE_num(inkey) == 4) -+ keytype = EVP_PKEY_EC; -+ else -+ keytype = EVP_PKEY_RSA; -+ sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); -+ return d2i_PrivateKey(keytype, a, pp, length); - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c -index 3694f51..1f05fee 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,73 +63,71 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_EC --#include -+# include - #endif - - EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, -- long length) -- { -- EVP_PKEY *ret; -+ long length) -+{ -+ EVP_PKEY *ret; - -- if ((a == NULL) || (*a == NULL)) -- { -- if ((ret=EVP_PKEY_new()) == NULL) -- { -- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB); -- return(NULL); -- } -- } -- else ret= *a; -+ if ((a == NULL) || (*a == NULL)) { -+ if ((ret = EVP_PKEY_new()) == NULL) { -+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB); -+ return (NULL); -+ } -+ } else -+ ret = *a; - -- ret->save_type=type; -- ret->type=EVP_PKEY_type(type); -- switch (ret->type) -- { -+ ret->save_type = type; -+ ret->type = EVP_PKEY_type(type); -+ switch (ret->type) { - #ifndef OPENSSL_NO_RSA -- case EVP_PKEY_RSA: -- if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL, -- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ -- { -- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); -- goto err; -- } -- break; -+ case EVP_PKEY_RSA: -+ /* TMP UGLY CAST */ -+ if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, -+ (const unsigned char **)pp, -+ length)) == NULL) { -+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ break; - #endif - #ifndef OPENSSL_NO_DSA -- case EVP_PKEY_DSA: -- if (!d2i_DSAPublicKey(&(ret->pkey.dsa), -- (const unsigned char **)pp,length)) /* TMP UGLY CAST */ -- { -- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); -- goto err; -- } -- break; -+ case EVP_PKEY_DSA: -+ /* TMP UGLY CAST */ -+ if (!d2i_DSAPublicKey(&(ret->pkey.dsa), -+ (const unsigned char **)pp, length)) { -+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ break; - #endif - #ifndef OPENSSL_NO_EC -- case EVP_PKEY_EC: -- if (!o2i_ECPublicKey(&(ret->pkey.ec), -- (const unsigned char **)pp, length)) -- { -- ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); -- goto err; -- } -- break; -+ case EVP_PKEY_EC: -+ if (!o2i_ECPublicKey(&(ret->pkey.ec), -+ (const unsigned char **)pp, length)) { -+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ break; - #endif -- default: -- ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); -- goto err; -- /* break; */ -- } -- if (a != NULL) (*a)=ret; -- return(ret); --err: -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret); -- return(NULL); -- } -- -+ default: -+ ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); -+ goto err; -+ /* break; */ -+ } -+ if (a != NULL) -+ (*a) = ret; -+ return (ret); -+ err: -+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ EVP_PKEY_free(ret); -+ return (NULL); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -index 1b94459..5876afa 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,132 +62,134 @@ - #include - - int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) -- { -- ASN1_STRING *os; -- -- if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); -- if (!M_ASN1_OCTET_STRING_set(os,data,len)) -- { -- M_ASN1_OCTET_STRING_free(os); -- return 0; -- } -- ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); -- return(1); -- } -+{ -+ ASN1_STRING *os; -+ -+ if ((os = M_ASN1_OCTET_STRING_new()) == NULL) -+ return (0); -+ if (!M_ASN1_OCTET_STRING_set(os, data, len)) { -+ M_ASN1_OCTET_STRING_free(os); -+ return 0; -+ } -+ ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os); -+ return (1); -+} - - /* int max_len: for returned value */ --int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, -- int max_len) -- { -- int ret,num; -- unsigned char *p; -- -- if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) -- { -- ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG); -- return(-1); -- } -- p=M_ASN1_STRING_data(a->value.octet_string); -- ret=M_ASN1_STRING_length(a->value.octet_string); -- if (ret < max_len) -- num=ret; -- else -- num=max_len; -- memcpy(data,p,num); -- return(ret); -- } -+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len) -+{ -+ int ret, num; -+ unsigned char *p; -+ -+ if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) { -+ ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG); -+ return (-1); -+ } -+ p = M_ASN1_STRING_data(a->value.octet_string); -+ ret = M_ASN1_STRING_length(a->value.octet_string); -+ if (ret < max_len) -+ num = ret; -+ else -+ num = max_len; -+ memcpy(data, p, num); -+ return (ret); -+} - - int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, -- int len) -- { -- int n,size; -- ASN1_OCTET_STRING os,*osp; -- ASN1_INTEGER in; -- unsigned char *p; -- unsigned char buf[32]; /* when they have 256bit longs, -- * I'll be in trouble */ -- in.data=buf; -- in.length=32; -- os.data=data; -- os.type=V_ASN1_OCTET_STRING; -- os.length=len; -- ASN1_INTEGER_set(&in,num); -- n = i2d_ASN1_INTEGER(&in,NULL); -- n+=M_i2d_ASN1_OCTET_STRING(&os,NULL); -- -- size=ASN1_object_size(1,n,V_ASN1_SEQUENCE); -- -- if ((osp=ASN1_STRING_new()) == NULL) return(0); -- /* Grow the 'string' */ -- if (!ASN1_STRING_set(osp,NULL,size)) -- { -- ASN1_STRING_free(osp); -- return(0); -- } -- -- M_ASN1_STRING_length_set(osp, size); -- p=M_ASN1_STRING_data(osp); -- -- ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); -- i2d_ASN1_INTEGER(&in,&p); -- M_i2d_ASN1_OCTET_STRING(&os,&p); -- -- ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp); -- return(1); -- } -- --/* we return the actual length..., num may be missing, in which -- * case, set it to zero */ -+ int len) -+{ -+ int n, size; -+ ASN1_OCTET_STRING os, *osp; -+ ASN1_INTEGER in; -+ unsigned char *p; -+ unsigned char buf[32]; /* when they have 256bit longs, I'll be in -+ * trouble */ -+ in.data = buf; -+ in.length = 32; -+ os.data = data; -+ os.type = V_ASN1_OCTET_STRING; -+ os.length = len; -+ ASN1_INTEGER_set(&in, num); -+ n = i2d_ASN1_INTEGER(&in, NULL); -+ n += M_i2d_ASN1_OCTET_STRING(&os, NULL); -+ -+ size = ASN1_object_size(1, n, V_ASN1_SEQUENCE); -+ -+ if ((osp = ASN1_STRING_new()) == NULL) -+ return (0); -+ /* Grow the 'string' */ -+ if (!ASN1_STRING_set(osp, NULL, size)) { -+ ASN1_STRING_free(osp); -+ return (0); -+ } -+ -+ M_ASN1_STRING_length_set(osp, size); -+ p = M_ASN1_STRING_data(osp); -+ -+ ASN1_put_object(&p, 1, n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -+ i2d_ASN1_INTEGER(&in, &p); -+ M_i2d_ASN1_OCTET_STRING(&os, &p); -+ -+ ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp); -+ return (1); -+} -+ -+/* -+ * we return the actual length..., num may be missing, in which case, set it -+ * to zero -+ */ - /* int max_len: for returned value */ --int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data, -- int max_len) -- { -- int ret= -1,n; -- ASN1_INTEGER *ai=NULL; -- ASN1_OCTET_STRING *os=NULL; -- const unsigned char *p; -- long length; -- ASN1_const_CTX c; -- -- if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) -- { -- goto err; -- } -- p=M_ASN1_STRING_data(a->value.sequence); -- length=M_ASN1_STRING_length(a->value.sequence); -- -- c.pp= &p; -- c.p=p; -- c.max=p+length; -- c.error=ASN1_R_DATA_IS_WRONG; -- -- M_ASN1_D2I_start_sequence(); -- c.q=c.p; -- if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err; -- c.slen-=(c.p-c.q); -- c.q=c.p; -- if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err; -- c.slen-=(c.p-c.q); -- if (!M_ASN1_D2I_end_sequence()) goto err; -- -- if (num != NULL) -- *num=ASN1_INTEGER_get(ai); -- -- ret=M_ASN1_STRING_length(os); -- if (max_len > ret) -- n=ret; -- else -- n=max_len; -- -- if (data != NULL) -- memcpy(data,M_ASN1_STRING_data(os),n); -- if (0) -- { --err: -- ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG); -- } -- if (os != NULL) M_ASN1_OCTET_STRING_free(os); -- if (ai != NULL) M_ASN1_INTEGER_free(ai); -- return(ret); -- } -- -+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, -+ unsigned char *data, int max_len) -+{ -+ int ret = -1, n; -+ ASN1_INTEGER *ai = NULL; -+ ASN1_OCTET_STRING *os = NULL; -+ const unsigned char *p; -+ long length; -+ ASN1_const_CTX c; -+ -+ if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { -+ goto err; -+ } -+ p = M_ASN1_STRING_data(a->value.sequence); -+ length = M_ASN1_STRING_length(a->value.sequence); -+ -+ c.pp = &p; -+ c.p = p; -+ c.max = p + length; -+ c.error = ASN1_R_DATA_IS_WRONG; -+ -+ M_ASN1_D2I_start_sequence(); -+ c.q = c.p; -+ if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL) -+ goto err; -+ c.slen -= (c.p - c.q); -+ c.q = c.p; -+ if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL) -+ goto err; -+ c.slen -= (c.p - c.q); -+ if (!M_ASN1_D2I_end_sequence()) -+ goto err; -+ -+ if (num != NULL) -+ *num = ASN1_INTEGER_get(ai); -+ -+ ret = M_ASN1_STRING_length(os); -+ if (max_len > ret) -+ n = ret; -+ else -+ n = max_len; -+ -+ if (data != NULL) -+ memcpy(data, M_ASN1_STRING_data(os), n); -+ if (0) { -+ err: -+ ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG); -+ } -+ if (os != NULL) -+ M_ASN1_OCTET_STRING_free(os); -+ if (ai != NULL) -+ M_ASN1_INTEGER_free(ai); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c -index 56e3cc8..591c3b5 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,144 +64,140 @@ - /* Based on a_int.c: equivalent ENUMERATED functions */ - - int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) -- { -- int i,n=0; -- static const char *h="0123456789ABCDEF"; -- char buf[2]; -+{ -+ int i, n = 0; -+ static const char *h = "0123456789ABCDEF"; -+ char buf[2]; - -- if (a == NULL) return(0); -+ if (a == NULL) -+ return (0); - -- if (a->length == 0) -- { -- if (BIO_write(bp,"00",2) != 2) goto err; -- n=2; -- } -- else -- { -- for (i=0; ilength; i++) -- { -- if ((i != 0) && (i%35 == 0)) -- { -- if (BIO_write(bp,"\\\n",2) != 2) goto err; -- n+=2; -- } -- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; -- buf[1]=h[((unsigned char)a->data[i] )&0x0f]; -- if (BIO_write(bp,buf,2) != 2) goto err; -- n+=2; -- } -- } -- return(n); --err: -- return(-1); -- } -+ if (a->length == 0) { -+ if (BIO_write(bp, "00", 2) != 2) -+ goto err; -+ n = 2; -+ } else { -+ for (i = 0; i < a->length; i++) { -+ if ((i != 0) && (i % 35 == 0)) { -+ if (BIO_write(bp, "\\\n", 2) != 2) -+ goto err; -+ n += 2; -+ } -+ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; -+ buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; -+ if (BIO_write(bp, buf, 2) != 2) -+ goto err; -+ n += 2; -+ } -+ } -+ return (n); -+ err: -+ return (-1); -+} - - int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) -- { -- int ret=0; -- int i,j,k,m,n,again,bufsize; -- unsigned char *s=NULL,*sp; -- unsigned char *bufp; -- int num=0,slen=0,first=1; -- -- bs->type=V_ASN1_ENUMERATED; -+{ -+ int ret = 0; -+ int i, j, k, m, n, again, bufsize; -+ unsigned char *s = NULL, *sp; -+ unsigned char *bufp; -+ int num = 0, slen = 0, first = 1; - -- bufsize=BIO_gets(bp,buf,size); -- for (;;) -- { -- if (bufsize < 1) goto err_sl; -- i=bufsize; -- if (buf[i-1] == '\n') buf[--i]='\0'; -- if (i == 0) goto err_sl; -- if (buf[i-1] == '\r') buf[--i]='\0'; -- if (i == 0) goto err_sl; -- again=(buf[i-1] == '\\'); -+ bs->type = V_ASN1_ENUMERATED; - -- for (j=0; j= '0') && (buf[j] <= '9')) || -- ((buf[j] >= 'a') && (buf[j] <= 'f')) || -- ((buf[j] >= 'A') && (buf[j] <= 'F')))) -- { -- i=j; -- break; -- } -- } -- buf[i]='\0'; -- /* We have now cleared all the crap off the end of the -- * line */ -- if (i < 2) goto err_sl; -+ bufsize = BIO_gets(bp, buf, size); -+ for (;;) { -+ if (bufsize < 1) -+ goto err_sl; -+ i = bufsize; -+ if (buf[i - 1] == '\n') -+ buf[--i] = '\0'; -+ if (i == 0) -+ goto err_sl; -+ if (buf[i - 1] == '\r') -+ buf[--i] = '\0'; -+ if (i == 0) -+ goto err_sl; -+ again = (buf[i - 1] == '\\'); - -- bufp=(unsigned char *)buf; -- if (first) -- { -- first=0; -- if ((bufp[0] == '0') && (buf[1] == '0')) -- { -- bufp+=2; -- i-=2; -- } -- } -- k=0; -- i-=again; -- if (i%2 != 0) -- { -- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS); -- goto err; -- } -- i/=2; -- if (num+i > slen) -- { -- if (s == NULL) -- sp=(unsigned char *)OPENSSL_malloc( -- (unsigned int)num+i*2); -- else -- sp=(unsigned char *)OPENSSL_realloc(s, -- (unsigned int)num+i*2); -- if (sp == NULL) -- { -- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); -- if (s != NULL) OPENSSL_free(s); -- goto err; -- } -- s=sp; -- slen=num+i*2; -- } -- for (j=0; j= '0') && (m <= '9')) -- m-='0'; -- else if ((m >= 'a') && (m <= 'f')) -- m=m-'a'+10; -- else if ((m >= 'A') && (m <= 'F')) -- m=m-'A'+10; -- else -- { -- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS); -- goto err; -- } -- s[num+j]<<=4; -- s[num+j]|=m; -- } -- } -- num+=i; -- if (again) -- bufsize=BIO_gets(bp,buf,size); -- else -- break; -- } -- bs->length=num; -- bs->data=s; -- ret=1; --err: -- if (0) -- { --err_sl: -- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE); -- } -- return(ret); -- } -+ for (j = 0; j < i; j++) { -+ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || -+ ((buf[j] >= 'a') && (buf[j] <= 'f')) || -+ ((buf[j] >= 'A') && (buf[j] <= 'F')))) { -+ i = j; -+ break; -+ } -+ } -+ buf[i] = '\0'; -+ /* -+ * We have now cleared all the crap off the end of the line -+ */ -+ if (i < 2) -+ goto err_sl; - -+ bufp = (unsigned char *)buf; -+ if (first) { -+ first = 0; -+ if ((bufp[0] == '0') && (buf[1] == '0')) { -+ bufp += 2; -+ i -= 2; -+ } -+ } -+ k = 0; -+ i -= again; -+ if (i % 2 != 0) { -+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS); -+ goto err; -+ } -+ i /= 2; -+ if (num + i > slen) { -+ if (s == NULL) -+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + -+ i * 2); -+ else -+ sp = (unsigned char *)OPENSSL_realloc(s, -+ (unsigned int)num + -+ i * 2); -+ if (sp == NULL) { -+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); -+ if (s != NULL) -+ OPENSSL_free(s); -+ goto err; -+ } -+ s = sp; -+ slen = num + i * 2; -+ } -+ for (j = 0; j < i; j++, k += 2) { -+ for (n = 0; n < 2; n++) { -+ m = bufp[k + n]; -+ if ((m >= '0') && (m <= '9')) -+ m -= '0'; -+ else if ((m >= 'a') && (m <= 'f')) -+ m = m - 'a' + 10; -+ else if ((m >= 'A') && (m <= 'F')) -+ m = m - 'A' + 10; -+ else { -+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, -+ ASN1_R_NON_HEX_CHARACTERS); -+ goto err; -+ } -+ s[num + j] <<= 4; -+ s[num + j] |= m; -+ } -+ } -+ num += i; -+ if (again) -+ bufsize = BIO_gets(bp, buf, size); -+ else -+ break; -+ } -+ bs->length = num; -+ bs->data = s; -+ ret = 1; -+ err: -+ if (0) { -+ err_sl: -+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); -+ } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c -index 9494e59..4a81f81 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/f_int.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/f_int.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,158 +62,154 @@ - #include - - int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) -- { -- int i,n=0; -- static const char *h="0123456789ABCDEF"; -- char buf[2]; -+{ -+ int i, n = 0; -+ static const char *h = "0123456789ABCDEF"; -+ char buf[2]; - -- if (a == NULL) return(0); -+ if (a == NULL) -+ return (0); - -- if (a->type & V_ASN1_NEG) -- { -- if (BIO_write(bp, "-", 1) != 1) goto err; -- n = 1; -- } -+ if (a->type & V_ASN1_NEG) { -+ if (BIO_write(bp, "-", 1) != 1) -+ goto err; -+ n = 1; -+ } - -- if (a->length == 0) -- { -- if (BIO_write(bp,"00",2) != 2) goto err; -- n += 2; -- } -- else -- { -- for (i=0; ilength; i++) -- { -- if ((i != 0) && (i%35 == 0)) -- { -- if (BIO_write(bp,"\\\n",2) != 2) goto err; -- n+=2; -- } -- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; -- buf[1]=h[((unsigned char)a->data[i] )&0x0f]; -- if (BIO_write(bp,buf,2) != 2) goto err; -- n+=2; -- } -- } -- return(n); --err: -- return(-1); -- } -+ if (a->length == 0) { -+ if (BIO_write(bp, "00", 2) != 2) -+ goto err; -+ n += 2; -+ } else { -+ for (i = 0; i < a->length; i++) { -+ if ((i != 0) && (i % 35 == 0)) { -+ if (BIO_write(bp, "\\\n", 2) != 2) -+ goto err; -+ n += 2; -+ } -+ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; -+ buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; -+ if (BIO_write(bp, buf, 2) != 2) -+ goto err; -+ n += 2; -+ } -+ } -+ return (n); -+ err: -+ return (-1); -+} - - int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) -- { -- int ret=0; -- int i,j,k,m,n,again,bufsize; -- unsigned char *s=NULL,*sp; -- unsigned char *bufp; -- int num=0,slen=0,first=1; -+{ -+ int ret = 0; -+ int i, j, k, m, n, again, bufsize; -+ unsigned char *s = NULL, *sp; -+ unsigned char *bufp; -+ int num = 0, slen = 0, first = 1; - -- bs->type=V_ASN1_INTEGER; -+ bs->type = V_ASN1_INTEGER; - -- bufsize=BIO_gets(bp,buf,size); -- for (;;) -- { -- if (bufsize < 1) goto err_sl; -- i=bufsize; -- if (buf[i-1] == '\n') buf[--i]='\0'; -- if (i == 0) goto err_sl; -- if (buf[i-1] == '\r') buf[--i]='\0'; -- if (i == 0) goto err_sl; -- again=(buf[i-1] == '\\'); -+ bufsize = BIO_gets(bp, buf, size); -+ for (;;) { -+ if (bufsize < 1) -+ goto err_sl; -+ i = bufsize; -+ if (buf[i - 1] == '\n') -+ buf[--i] = '\0'; -+ if (i == 0) -+ goto err_sl; -+ if (buf[i - 1] == '\r') -+ buf[--i] = '\0'; -+ if (i == 0) -+ goto err_sl; -+ again = (buf[i - 1] == '\\'); - -- for (j=0; j= '0') && (buf[j] <= '9')) || -- ((buf[j] >= 'a') && (buf[j] <= 'f')) || -- ((buf[j] >= 'A') && (buf[j] <= 'F')))) -+ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || -+ ((buf[j] >= 'a') && (buf[j] <= 'f')) || -+ ((buf[j] >= 'A') && (buf[j] <= 'F')))) - #else -- /* This #ifdef is not strictly necessary, since -- * the characters A...F a...f 0...9 are contiguous -- * (yes, even in EBCDIC - but not the whole alphabet). -- * Nevertheless, isxdigit() is faster. -- */ -- if (!isxdigit(buf[j])) -+ /* -+ * This #ifdef is not strictly necessary, since the characters -+ * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but -+ * not the whole alphabet). Nevertheless, isxdigit() is faster. -+ */ -+ if (!isxdigit(buf[j])) - #endif -- { -- i=j; -- break; -- } -- } -- buf[i]='\0'; -- /* We have now cleared all the crap off the end of the -- * line */ -- if (i < 2) goto err_sl; -- -- bufp=(unsigned char *)buf; -- if (first) -- { -- first=0; -- if ((bufp[0] == '0') && (buf[1] == '0')) -- { -- bufp+=2; -- i-=2; -- } -- } -- k=0; -- i-=again; -- if (i%2 != 0) -- { -- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS); -- goto err; -- } -- i/=2; -- if (num+i > slen) -- { -- if (s == NULL) -- sp=(unsigned char *)OPENSSL_malloc( -- (unsigned int)num+i*2); -- else -- sp=OPENSSL_realloc_clean(s,slen,num+i*2); -- if (sp == NULL) -- { -- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); -- if (s != NULL) OPENSSL_free(s); -- goto err; -- } -- s=sp; -- slen=num+i*2; -- } -- for (j=0; j= '0') && (m <= '9')) -- m-='0'; -- else if ((m >= 'a') && (m <= 'f')) -- m=m-'a'+10; -- else if ((m >= 'A') && (m <= 'F')) -- m=m-'A'+10; -- else -- { -- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS); -- goto err; -- } -- s[num+j]<<=4; -- s[num+j]|=m; -- } -- } -- num+=i; -- if (again) -- bufsize=BIO_gets(bp,buf,size); -- else -- break; -- } -- bs->length=num; -- bs->data=s; -- ret=1; --err: -- if (0) -- { --err_sl: -- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE); -- } -- return(ret); -- } -+ { -+ i = j; -+ break; -+ } -+ } -+ buf[i] = '\0'; -+ /* -+ * We have now cleared all the crap off the end of the line -+ */ -+ if (i < 2) -+ goto err_sl; - -+ bufp = (unsigned char *)buf; -+ if (first) { -+ first = 0; -+ if ((bufp[0] == '0') && (buf[1] == '0')) { -+ bufp += 2; -+ i -= 2; -+ } -+ } -+ k = 0; -+ i -= again; -+ if (i % 2 != 0) { -+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS); -+ goto err; -+ } -+ i /= 2; -+ if (num + i > slen) { -+ if (s == NULL) -+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + -+ i * 2); -+ else -+ sp = OPENSSL_realloc_clean(s, slen, num + i * 2); -+ if (sp == NULL) { -+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); -+ if (s != NULL) -+ OPENSSL_free(s); -+ goto err; -+ } -+ s = sp; -+ slen = num + i * 2; -+ } -+ for (j = 0; j < i; j++, k += 2) { -+ for (n = 0; n < 2; n++) { -+ m = bufp[k + n]; -+ if ((m >= '0') && (m <= '9')) -+ m -= '0'; -+ else if ((m >= 'a') && (m <= 'f')) -+ m = m - 'a' + 10; -+ else if ((m >= 'A') && (m <= 'F')) -+ m = m - 'A' + 10; -+ else { -+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, -+ ASN1_R_NON_HEX_CHARACTERS); -+ goto err; -+ } -+ s[num + j] <<= 4; -+ s[num + j] |= m; -+ } -+ } -+ num += i; -+ if (again) -+ bufsize = BIO_gets(bp, buf, size); -+ else -+ break; -+ } -+ bs->length = num; -+ bs->data = s; -+ ret = 1; -+ err: -+ if (0) { -+ err_sl: -+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); -+ } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c -index 968698a..6a6cf34 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/f_string.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/f_string.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,151 +62,148 @@ - #include - - int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type) -- { -- int i,n=0; -- static const char *h="0123456789ABCDEF"; -- char buf[2]; -+{ -+ int i, n = 0; -+ static const char *h = "0123456789ABCDEF"; -+ char buf[2]; - -- if (a == NULL) return(0); -+ if (a == NULL) -+ return (0); - -- if (a->length == 0) -- { -- if (BIO_write(bp,"0",1) != 1) goto err; -- n=1; -- } -- else -- { -- for (i=0; ilength; i++) -- { -- if ((i != 0) && (i%35 == 0)) -- { -- if (BIO_write(bp,"\\\n",2) != 2) goto err; -- n+=2; -- } -- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; -- buf[1]=h[((unsigned char)a->data[i] )&0x0f]; -- if (BIO_write(bp,buf,2) != 2) goto err; -- n+=2; -- } -- } -- return(n); --err: -- return(-1); -- } -+ if (a->length == 0) { -+ if (BIO_write(bp, "0", 1) != 1) -+ goto err; -+ n = 1; -+ } else { -+ for (i = 0; i < a->length; i++) { -+ if ((i != 0) && (i % 35 == 0)) { -+ if (BIO_write(bp, "\\\n", 2) != 2) -+ goto err; -+ n += 2; -+ } -+ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; -+ buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; -+ if (BIO_write(bp, buf, 2) != 2) -+ goto err; -+ n += 2; -+ } -+ } -+ return (n); -+ err: -+ return (-1); -+} - - int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) -- { -- int ret=0; -- int i,j,k,m,n,again,bufsize; -- unsigned char *s=NULL,*sp; -- unsigned char *bufp; -- int num=0,slen=0,first=1; -+{ -+ int ret = 0; -+ int i, j, k, m, n, again, bufsize; -+ unsigned char *s = NULL, *sp; -+ unsigned char *bufp; -+ int num = 0, slen = 0, first = 1; - -- bufsize=BIO_gets(bp,buf,size); -- for (;;) -- { -- if (bufsize < 1) -- { -- if (first) -- break; -- else -- goto err_sl; -- } -- first=0; -+ bufsize = BIO_gets(bp, buf, size); -+ for (;;) { -+ if (bufsize < 1) { -+ if (first) -+ break; -+ else -+ goto err_sl; -+ } -+ first = 0; - -- i=bufsize; -- if (buf[i-1] == '\n') buf[--i]='\0'; -- if (i == 0) goto err_sl; -- if (buf[i-1] == '\r') buf[--i]='\0'; -- if (i == 0) goto err_sl; -- again=(buf[i-1] == '\\'); -+ i = bufsize; -+ if (buf[i - 1] == '\n') -+ buf[--i] = '\0'; -+ if (i == 0) -+ goto err_sl; -+ if (buf[i - 1] == '\r') -+ buf[--i] = '\0'; -+ if (i == 0) -+ goto err_sl; -+ again = (buf[i - 1] == '\\'); - -- for (j=i-1; j>0; j--) -- { -+ for (j = i - 1; j > 0; j--) { - #ifndef CHARSET_EBCDIC -- if (!( ((buf[j] >= '0') && (buf[j] <= '9')) || -- ((buf[j] >= 'a') && (buf[j] <= 'f')) || -- ((buf[j] >= 'A') && (buf[j] <= 'F')))) -+ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || -+ ((buf[j] >= 'a') && (buf[j] <= 'f')) || -+ ((buf[j] >= 'A') && (buf[j] <= 'F')))) - #else -- /* This #ifdef is not strictly necessary, since -- * the characters A...F a...f 0...9 are contiguous -- * (yes, even in EBCDIC - but not the whole alphabet). -- * Nevertheless, isxdigit() is faster. -- */ -- if (!isxdigit(buf[j])) -+ /* -+ * This #ifdef is not strictly necessary, since the characters -+ * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but -+ * not the whole alphabet). Nevertheless, isxdigit() is faster. -+ */ -+ if (!isxdigit(buf[j])) - #endif -- { -- i=j; -- break; -- } -- } -- buf[i]='\0'; -- /* We have now cleared all the crap off the end of the -- * line */ -- if (i < 2) goto err_sl; -- -- bufp=(unsigned char *)buf; -+ { -+ i = j; -+ break; -+ } -+ } -+ buf[i] = '\0'; -+ /* -+ * We have now cleared all the crap off the end of the line -+ */ -+ if (i < 2) -+ goto err_sl; - -- k=0; -- i-=again; -- if (i%2 != 0) -- { -- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS); -- goto err; -- } -- i/=2; -- if (num+i > slen) -- { -- if (s == NULL) -- sp=(unsigned char *)OPENSSL_malloc( -- (unsigned int)num+i*2); -- else -- sp=(unsigned char *)OPENSSL_realloc(s, -- (unsigned int)num+i*2); -- if (sp == NULL) -- { -- ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE); -- if (s != NULL) OPENSSL_free(s); -- goto err; -- } -- s=sp; -- slen=num+i*2; -- } -- for (j=0; j= '0') && (m <= '9')) -- m-='0'; -- else if ((m >= 'a') && (m <= 'f')) -- m=m-'a'+10; -- else if ((m >= 'A') && (m <= 'F')) -- m=m-'A'+10; -- else -- { -- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS); -- goto err; -- } -- s[num+j]<<=4; -- s[num+j]|=m; -- } -- } -- num+=i; -- if (again) -- bufsize=BIO_gets(bp,buf,size); -- else -- break; -- } -- bs->length=num; -- bs->data=s; -- ret=1; --err: -- if (0) -- { --err_sl: -- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE); -- } -- return(ret); -- } -+ bufp = (unsigned char *)buf; - -+ k = 0; -+ i -= again; -+ if (i % 2 != 0) { -+ ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS); -+ goto err; -+ } -+ i /= 2; -+ if (num + i > slen) { -+ if (s == NULL) -+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + -+ i * 2); -+ else -+ sp = (unsigned char *)OPENSSL_realloc(s, -+ (unsigned int)num + -+ i * 2); -+ if (sp == NULL) { -+ ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE); -+ if (s != NULL) -+ OPENSSL_free(s); -+ goto err; -+ } -+ s = sp; -+ slen = num + i * 2; -+ } -+ for (j = 0; j < i; j++, k += 2) { -+ for (n = 0; n < 2; n++) { -+ m = bufp[k + n]; -+ if ((m >= '0') && (m <= '9')) -+ m -= '0'; -+ else if ((m >= 'a') && (m <= 'f')) -+ m = m - 'a' + 10; -+ else if ((m >= 'A') && (m <= 'F')) -+ m = m - 'A' + 10; -+ else { -+ ASN1err(ASN1_F_A2I_ASN1_STRING, -+ ASN1_R_NON_HEX_CHARACTERS); -+ goto err; -+ } -+ s[num + j] <<= 4; -+ s[num + j] |= m; -+ } -+ } -+ num += i; -+ if (again) -+ bufsize = BIO_gets(bp, buf, size); -+ else -+ break; -+ } -+ bs->length = num; -+ bs->data = s; -+ ret = 1; -+ err: -+ if (0) { -+ err_sl: -+ ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); -+ } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c -index 0be52c5..2919e48 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,38 +62,33 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_EC --#include -+# include - #endif - - int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) -- { -+{ - #ifndef OPENSSL_NO_RSA -- if (a->type == EVP_PKEY_RSA) -- { -- return(i2d_RSAPrivateKey(a->pkey.rsa,pp)); -- } -- else -+ if (a->type == EVP_PKEY_RSA) { -+ return (i2d_RSAPrivateKey(a->pkey.rsa, pp)); -+ } else - #endif - #ifndef OPENSSL_NO_DSA -- if (a->type == EVP_PKEY_DSA) -- { -- return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); -- } -+ if (a->type == EVP_PKEY_DSA) { -+ return (i2d_DSAPrivateKey(a->pkey.dsa, pp)); -+ } - #endif - #ifndef OPENSSL_NO_EC -- if (a->type == EVP_PKEY_EC) -- { -- return(i2d_ECPrivateKey(a->pkey.ec, pp)); -- } -+ if (a->type == EVP_PKEY_EC) { -+ return (i2d_ECPrivateKey(a->pkey.ec, pp)); -+ } - #endif - -- ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); -- return(-1); -- } -- -+ ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); -+ return (-1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c -index 34286db..b8ed355 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,34 +62,32 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_EC --#include -+# include - #endif - - int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) -- { -- switch (a->type) -- { -+{ -+ switch (a->type) { - #ifndef OPENSSL_NO_RSA -- case EVP_PKEY_RSA: -- return(i2d_RSAPublicKey(a->pkey.rsa,pp)); -+ case EVP_PKEY_RSA: -+ return (i2d_RSAPublicKey(a->pkey.rsa, pp)); - #endif - #ifndef OPENSSL_NO_DSA -- case EVP_PKEY_DSA: -- return(i2d_DSAPublicKey(a->pkey.dsa,pp)); -+ case EVP_PKEY_DSA: -+ return (i2d_DSAPublicKey(a->pkey.dsa, pp)); - #endif - #ifndef OPENSSL_NO_EC -- case EVP_PKEY_EC: -- return(i2o_ECPublicKey(a->pkey.ec, pp)); -+ case EVP_PKEY_EC: -+ return (i2o_ECPublicKey(a->pkey.ec, pp)); - #endif -- default: -- ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); -- return(-1); -- } -- } -- -+ default: -+ ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); -+ return (-1); -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c -index e7d0439..f7b874e 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,37 +59,34 @@ - #include - #include "cryptlib.h" - #ifndef OPENSSL_NO_RSA --#include --#include --#include --#include --#include --#include -- -- --#ifndef OPENSSL_NO_RC4 -- --typedef struct netscape_pkey_st -- { -- long version; -- X509_ALGOR *algor; -- ASN1_OCTET_STRING *private_key; -- } NETSCAPE_PKEY; -- --typedef struct netscape_encrypted_pkey_st -- { -- ASN1_OCTET_STRING *os; -- /* This is the same structure as DigestInfo so use it: -- * although this isn't really anything to do with -- * digests. -- */ -- X509_SIG *enckey; -- } NETSCAPE_ENCRYPTED_PKEY; -+# include -+# include -+# include -+# include -+# include -+# include -+ -+# ifndef OPENSSL_NO_RC4 -+ -+typedef struct netscape_pkey_st { -+ long version; -+ X509_ALGOR *algor; -+ ASN1_OCTET_STRING *private_key; -+} NETSCAPE_PKEY; -+ -+typedef struct netscape_encrypted_pkey_st { -+ ASN1_OCTET_STRING *os; -+ /* -+ * This is the same structure as DigestInfo so use it: although this -+ * isn't really anything to do with digests. -+ */ -+ X509_SIG *enckey; -+} NETSCAPE_ENCRYPTED_PKEY; - - - ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { -- ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), -- ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) -+ ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) - } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) - - DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) -@@ -97,9 +94,9 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_P - IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) - - ASN1_SEQUENCE(NETSCAPE_PKEY) = { -- ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), -- ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), -- ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) -+ ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), -+ ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), -+ ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) - } ASN1_SEQUENCE_END(NETSCAPE_PKEY) - - DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) -@@ -107,237 +104,232 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) - IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) - - static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, -- int (*cb)(char *buf, int len, const char *prompt, -- int verify), -- int sgckey); -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey); - - int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, -- int (*cb)(char *buf, int len, const char *prompt, -- int verify)) -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify)) - { -- return i2d_RSA_NET(a, pp, cb, 0); -+ return i2d_RSA_NET(a, pp, cb, 0); - } - - int i2d_RSA_NET(const RSA *a, unsigned char **pp, -- int (*cb)(char *buf, int len, const char *prompt, int verify), -- int sgckey) -- { -- int i, j, ret = 0; -- int rsalen, pkeylen, olen; -- NETSCAPE_PKEY *pkey = NULL; -- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; -- unsigned char buf[256],*zz; -- unsigned char key[EVP_MAX_KEY_LENGTH]; -- EVP_CIPHER_CTX ctx; -- -- if (a == NULL) return(0); -- -- if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err; -- if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err; -- pkey->version = 0; -- -- pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption); -- if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; -- pkey->algor->parameter->type=V_ASN1_NULL; -- -- rsalen = i2d_RSAPrivateKey(a, NULL); -- -- /* Fake some octet strings just for the initial length -- * calculation. -- */ -- -- pkey->private_key->length=rsalen; -- -- pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL); -- -- enckey->enckey->digest->length = pkeylen; -- -- enckey->os->length = 11; /* "private-key" */ -- -- enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4); -- if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; -- enckey->enckey->algor->parameter->type=V_ASN1_NULL; -- -- if (pp == NULL) -- { -- olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); -- NETSCAPE_PKEY_free(pkey); -- NETSCAPE_ENCRYPTED_PKEY_free(enckey); -- return olen; -- } -- -- -- /* Since its RC4 encrypted length is actual length */ -- if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL) -- { -- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- pkey->private_key->data = zz; -- /* Write out private key encoding */ -- i2d_RSAPrivateKey(a,&zz); -- -- if ((zz=OPENSSL_malloc(pkeylen)) == NULL) -- { -- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!ASN1_STRING_set(enckey->os, "private-key", -1)) -- { -- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- enckey->enckey->digest->data = zz; -- i2d_NETSCAPE_PKEY(pkey,&zz); -- -- /* Wipe the private key encoding */ -- OPENSSL_cleanse(pkey->private_key->data, rsalen); -- -- if (cb == NULL) -- cb=EVP_read_pw_string; -- i=cb((char *)buf,256,"Enter Private Key password:",1); -- if (i != 0) -- { -- ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ); -- goto err; -- } -- i = strlen((char *)buf); -- /* If the key is used for SGC the algorithm is modified a little. */ -- if(sgckey) { -- EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); -- memcpy(buf + 16, "SGCKEYSALT", 10); -- i = 26; -- } -- -- EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); -- OPENSSL_cleanse(buf,256); -- -- /* Encrypt private key in place */ -- zz = enckey->enckey->digest->data; -- EVP_CIPHER_CTX_init(&ctx); -- EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL); -- EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen); -- EVP_EncryptFinal_ex(&ctx,zz + i,&j); -- EVP_CIPHER_CTX_cleanup(&ctx); -- -- ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); --err: -- NETSCAPE_ENCRYPTED_PKEY_free(enckey); -- NETSCAPE_PKEY_free(pkey); -- return(ret); -- } -- -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey) -+{ -+ int i, j, ret = 0; -+ int rsalen, pkeylen, olen; -+ NETSCAPE_PKEY *pkey = NULL; -+ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; -+ unsigned char buf[256], *zz; -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ EVP_CIPHER_CTX ctx; -+ -+ if (a == NULL) -+ return (0); -+ -+ if ((pkey = NETSCAPE_PKEY_new()) == NULL) -+ goto err; -+ if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) -+ goto err; -+ pkey->version = 0; -+ -+ pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); -+ if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL) -+ goto err; -+ pkey->algor->parameter->type = V_ASN1_NULL; -+ -+ rsalen = i2d_RSAPrivateKey(a, NULL); -+ -+ /* -+ * Fake some octet strings just for the initial length calculation. -+ */ -+ -+ pkey->private_key->length = rsalen; -+ -+ pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); -+ -+ enckey->enckey->digest->length = pkeylen; -+ -+ enckey->os->length = 11; /* "private-key" */ -+ -+ enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); -+ if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL) -+ goto err; -+ enckey->enckey->algor->parameter->type = V_ASN1_NULL; -+ -+ if (pp == NULL) { -+ olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); -+ NETSCAPE_PKEY_free(pkey); -+ NETSCAPE_ENCRYPTED_PKEY_free(enckey); -+ return olen; -+ } -+ -+ /* Since its RC4 encrypted length is actual length */ -+ if ((zz = (unsigned char *)OPENSSL_malloc(rsalen)) == NULL) { -+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ pkey->private_key->data = zz; -+ /* Write out private key encoding */ -+ i2d_RSAPrivateKey(a, &zz); -+ -+ if ((zz = OPENSSL_malloc(pkeylen)) == NULL) { -+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { -+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ enckey->enckey->digest->data = zz; -+ i2d_NETSCAPE_PKEY(pkey, &zz); -+ -+ /* Wipe the private key encoding */ -+ OPENSSL_cleanse(pkey->private_key->data, rsalen); -+ -+ if (cb == NULL) -+ cb = EVP_read_pw_string; -+ i = cb((char *)buf, 256, "Enter Private Key password:", 1); -+ if (i != 0) { -+ ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); -+ goto err; -+ } -+ i = strlen((char *)buf); -+ /* If the key is used for SGC the algorithm is modified a little. */ -+ if (sgckey) { -+ EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); -+ memcpy(buf + 16, "SGCKEYSALT", 10); -+ i = 26; -+ } -+ -+ EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL); -+ OPENSSL_cleanse(buf, 256); -+ -+ /* Encrypt private key in place */ -+ zz = enckey->enckey->digest->data; -+ EVP_CIPHER_CTX_init(&ctx); -+ EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL); -+ EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen); -+ EVP_EncryptFinal_ex(&ctx, zz + i, &j); -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ -+ ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); -+ err: -+ NETSCAPE_ENCRYPTED_PKEY_free(enckey); -+ NETSCAPE_PKEY_free(pkey); -+ return (ret); -+} - - RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, -- int (*cb)(char *buf, int len, const char *prompt, -- int verify)) -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify)) - { -- return d2i_RSA_NET(a, pp, length, cb, 0); -+ return d2i_RSA_NET(a, pp, length, cb, 0); - } - - RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, -- int (*cb)(char *buf, int len, const char *prompt, int verify), -- int sgckey) -- { -- RSA *ret=NULL; -- const unsigned char *p; -- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; -- -- p = *pp; -- -- enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); -- if(!enckey) { -- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR); -- return NULL; -- } -- -- if ((enckey->os->length != 11) || (strncmp("private-key", -- (char *)enckey->os->data,11) != 0)) -- { -- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING); -- NETSCAPE_ENCRYPTED_PKEY_free(enckey); -- return NULL; -- } -- if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) -- { -- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); -- goto err; -- } -- if (cb == NULL) -- cb=EVP_read_pw_string; -- if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; -- -- *pp = p; -- -- err: -- NETSCAPE_ENCRYPTED_PKEY_free(enckey); -- return ret; -- -- } -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey) -+{ -+ RSA *ret = NULL; -+ const unsigned char *p; -+ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; -+ -+ p = *pp; -+ -+ enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); -+ if (!enckey) { -+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR); -+ return NULL; -+ } -+ -+ if ((enckey->os->length != 11) || (strncmp("private-key", -+ (char *)enckey->os->data, -+ 11) != 0)) { -+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); -+ NETSCAPE_ENCRYPTED_PKEY_free(enckey); -+ return NULL; -+ } -+ if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { -+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); -+ goto err; -+ } -+ if (cb == NULL) -+ cb = EVP_read_pw_string; -+ if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL) -+ goto err; -+ -+ *pp = p; -+ -+ err: -+ NETSCAPE_ENCRYPTED_PKEY_free(enckey); -+ return ret; -+ -+} - - static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, -- int (*cb)(char *buf, int len, const char *prompt, -- int verify), int sgckey) -- { -- NETSCAPE_PKEY *pkey=NULL; -- RSA *ret=NULL; -- int i,j; -- unsigned char buf[256]; -- const unsigned char *zz; -- unsigned char key[EVP_MAX_KEY_LENGTH]; -- EVP_CIPHER_CTX ctx; -- -- i=cb((char *)buf,256,"Enter Private Key password:",0); -- if (i != 0) -- { -- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ); -- goto err; -- } -- -- i = strlen((char *)buf); -- if(sgckey){ -- EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); -- memcpy(buf + 16, "SGCKEYSALT", 10); -- i = 26; -- } -- -- EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); -- OPENSSL_cleanse(buf,256); -- -- EVP_CIPHER_CTX_init(&ctx); -- EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); -- EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); -- EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j); -- EVP_CIPHER_CTX_cleanup(&ctx); -- os->length=i+j; -- -- zz=os->data; -- -- if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) -- { -- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); -- goto err; -- } -- -- zz=pkey->private_key->data; -- if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) -- { -- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); -- goto err; -- } --err: -- NETSCAPE_PKEY_free(pkey); -- return(ret); -- } -- --#endif /* OPENSSL_NO_RC4 */ -- --#else /* !OPENSSL_NO_RSA */ -+ int (*cb) (char *buf, int len, const char *prompt, -+ int verify), int sgckey) -+{ -+ NETSCAPE_PKEY *pkey = NULL; -+ RSA *ret = NULL; -+ int i, j; -+ unsigned char buf[256]; -+ const unsigned char *zz; -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ EVP_CIPHER_CTX ctx; -+ -+ i = cb((char *)buf, 256, "Enter Private Key password:", 0); -+ if (i != 0) { -+ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ); -+ goto err; -+ } -+ -+ i = strlen((char *)buf); -+ if (sgckey) { -+ EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); -+ memcpy(buf + 16, "SGCKEYSALT", 10); -+ i = 26; -+ } -+ -+ EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL); -+ OPENSSL_cleanse(buf, 256); -+ -+ EVP_CIPHER_CTX_init(&ctx); -+ EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL); -+ EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length); -+ EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j); -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ os->length = i + j; -+ -+ zz = os->data; -+ -+ if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) { -+ ASN1err(ASN1_F_D2I_RSA_NET_2, -+ ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); -+ goto err; -+ } -+ -+ zz = pkey->private_key->data; -+ if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) { -+ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY); -+ goto err; -+ } -+ err: -+ NETSCAPE_PKEY_free(pkey); -+ return (ret); -+} -+ -+# endif /* OPENSSL_NO_RC4 */ -+ -+#else /* !OPENSSL_NO_RSA */ - - # if PEDANTIC --static void *dummy=&dummy; -+static void *dummy = &dummy; - # endif - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c -index e551c57..186e8b0 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c -@@ -1,6 +1,7 @@ - /* nsseq.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,19 +65,19 @@ - - static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- if(operation == ASN1_OP_NEW_POST) { -- NETSCAPE_CERT_SEQUENCE *nsseq; -- nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; -- nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); -- } -- return 1; -+ if (operation == ASN1_OP_NEW_POST) { -+ NETSCAPE_CERT_SEQUENCE *nsseq; -+ nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; -+ nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); -+ } -+ return 1; - } - - /* Netscape certificate sequence structure */ - - ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = { -- ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), -- ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) -+ ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), -+ ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) - } ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) - - IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c -index c4582f8..096ccdd 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c -@@ -1,6 +1,7 @@ - /* p5_pbe.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,67 +66,71 @@ - /* PKCS#5 password based encryption structure */ - - ASN1_SEQUENCE(PBEPARAM) = { -- ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), -- ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) -+ ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) - } ASN1_SEQUENCE_END(PBEPARAM) - - IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) - - /* Return an algorithm identifier for a PKCS#5 PBE algorithm */ - --X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, -- int saltlen) -+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen) - { -- PBEPARAM *pbe=NULL; -- ASN1_OBJECT *al; -- X509_ALGOR *algor; -- ASN1_TYPE *astype=NULL; -+ PBEPARAM *pbe = NULL; -+ ASN1_OBJECT *al; -+ X509_ALGOR *algor; -+ ASN1_TYPE *astype = NULL; - -- if (!(pbe = PBEPARAM_new ())) { -- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if(iter <= 0) iter = PKCS5_DEFAULT_ITER; -- if (!ASN1_INTEGER_set(pbe->iter, iter)) { -- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!saltlen) saltlen = PKCS5_SALT_LEN; -- if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { -- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- pbe->salt->length = saltlen; -- if (salt) memcpy (pbe->salt->data, salt, saltlen); -- else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) -- goto err; -+ if (!(pbe = PBEPARAM_new())) { -+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (iter <= 0) -+ iter = PKCS5_DEFAULT_ITER; -+ if (!ASN1_INTEGER_set(pbe->iter, iter)) { -+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!saltlen) -+ saltlen = PKCS5_SALT_LEN; -+ if (!(pbe->salt->data = OPENSSL_malloc(saltlen))) { -+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ pbe->salt->length = saltlen; -+ if (salt) -+ memcpy(pbe->salt->data, salt, saltlen); -+ else if (RAND_pseudo_bytes(pbe->salt->data, saltlen) < 0) -+ goto err; - -- if (!(astype = ASN1_TYPE_new())) { -- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ if (!(astype = ASN1_TYPE_new())) { -+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- astype->type = V_ASN1_SEQUENCE; -- if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, -- &astype->value.sequence)) { -- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- PBEPARAM_free (pbe); -- pbe = NULL; -- -- al = OBJ_nid2obj(alg); /* never need to free al */ -- if (!(algor = X509_ALGOR_new())) { -- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ASN1_OBJECT_free(algor->algorithm); -- algor->algorithm = al; -- algor->parameter = astype; -+ astype->type = V_ASN1_SEQUENCE; -+ if (!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, -+ &astype->value.sequence)) { -+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ PBEPARAM_free(pbe); -+ pbe = NULL; - -- return (algor); --err: -- if (pbe != NULL) PBEPARAM_free(pbe); -- if (astype != NULL) ASN1_TYPE_free(astype); -- return NULL; -+ al = OBJ_nid2obj(alg); /* never need to free al */ -+ if (!(algor = X509_ALGOR_new())) { -+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ASN1_OBJECT_free(algor->algorithm); -+ algor->algorithm = al; -+ algor->parameter = astype; -+ -+ return (algor); -+ err: -+ if (pbe != NULL) -+ PBEPARAM_free(pbe); -+ if (astype != NULL) -+ ASN1_TYPE_free(astype); -+ return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c -index 2b0516a..5054f0c 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c -@@ -1,6 +1,7 @@ - /* p5_pbev2.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999-2004. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999-2004. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,141 +66,157 @@ - /* PKCS#5 v2.0 password based encryption structures */ - - ASN1_SEQUENCE(PBE2PARAM) = { -- ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), -- ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) -+ ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), -+ ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) - } ASN1_SEQUENCE_END(PBE2PARAM) - - IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) - - ASN1_SEQUENCE(PBKDF2PARAM) = { -- ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), -- ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), -- ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), -- ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) -+ ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), -+ ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), -+ ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), -+ ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) - } ASN1_SEQUENCE_END(PBKDF2PARAM) - - IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) - --/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: -- * yes I know this is horrible! -+/* -+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know -+ * this is horrible! - */ - - X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, -- unsigned char *salt, int saltlen) -+ unsigned char *salt, int saltlen) - { -- X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; -- int alg_nid; -- EVP_CIPHER_CTX ctx; -- unsigned char iv[EVP_MAX_IV_LENGTH]; -- PBKDF2PARAM *kdf = NULL; -- PBE2PARAM *pbe2 = NULL; -- ASN1_OCTET_STRING *osalt = NULL; -- ASN1_OBJECT *obj; -+ X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; -+ int alg_nid; -+ EVP_CIPHER_CTX ctx; -+ unsigned char iv[EVP_MAX_IV_LENGTH]; -+ PBKDF2PARAM *kdf = NULL; -+ PBE2PARAM *pbe2 = NULL; -+ ASN1_OCTET_STRING *osalt = NULL; -+ ASN1_OBJECT *obj; -+ -+ alg_nid = EVP_CIPHER_type(cipher); -+ if (alg_nid == NID_undef) { -+ ASN1err(ASN1_F_PKCS5_PBE2_SET, -+ ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); -+ goto err; -+ } -+ obj = OBJ_nid2obj(alg_nid); -+ -+ if (!(pbe2 = PBE2PARAM_new())) -+ goto merr; -+ -+ /* Setup the AlgorithmIdentifier for the encryption scheme */ -+ scheme = pbe2->encryption; -+ -+ scheme->algorithm = obj; -+ if (!(scheme->parameter = ASN1_TYPE_new())) -+ goto merr; -+ -+ /* Create random IV */ -+ if (EVP_CIPHER_iv_length(cipher) && -+ RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) -+ goto err; -+ -+ EVP_CIPHER_CTX_init(&ctx); -+ -+ /* Dummy cipherinit to just setup the IV */ -+ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); -+ if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { -+ ASN1err(ASN1_F_PKCS5_PBE2_SET, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ goto err; -+ } -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ -+ if (!(kdf = PBKDF2PARAM_new())) -+ goto merr; -+ if (!(osalt = M_ASN1_OCTET_STRING_new())) -+ goto merr; -+ -+ if (!saltlen) -+ saltlen = PKCS5_SALT_LEN; -+ if (!(osalt->data = OPENSSL_malloc(saltlen))) -+ goto merr; -+ osalt->length = saltlen; -+ if (salt) -+ memcpy(osalt->data, salt, saltlen); -+ else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0) -+ goto merr; -+ -+ if (iter <= 0) -+ iter = PKCS5_DEFAULT_ITER; -+ if (!ASN1_INTEGER_set(kdf->iter, iter)) -+ goto merr; -+ -+ /* Now include salt in kdf structure */ -+ kdf->salt->value.octet_string = osalt; -+ kdf->salt->type = V_ASN1_OCTET_STRING; -+ osalt = NULL; -+ -+ /* If its RC2 then we'd better setup the key length */ -+ -+ if (alg_nid == NID_rc2_cbc) { -+ if (!(kdf->keylength = M_ASN1_INTEGER_new())) -+ goto merr; -+ if (!ASN1_INTEGER_set(kdf->keylength, EVP_CIPHER_key_length(cipher))) -+ goto merr; -+ } -+ -+ /* prf can stay NULL because we are using hmacWithSHA1 */ -+ -+ /* Now setup the PBE2PARAM keyfunc structure */ -+ -+ pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); -+ -+ /* Encode PBKDF2PARAM into parameter of pbe2 */ -+ -+ if (!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) -+ goto merr; -+ -+ if (!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, -+ &pbe2->keyfunc->parameter->value.sequence)) -+ goto merr; -+ pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; -+ -+ PBKDF2PARAM_free(kdf); -+ kdf = NULL; -+ -+ /* Now set up top level AlgorithmIdentifier */ -+ -+ if (!(ret = X509_ALGOR_new())) -+ goto merr; -+ if (!(ret->parameter = ASN1_TYPE_new())) -+ goto merr; -+ -+ ret->algorithm = OBJ_nid2obj(NID_pbes2); -+ -+ /* Encode PBE2PARAM into parameter */ - -- alg_nid = EVP_CIPHER_type(cipher); -- if(alg_nid == NID_undef) { -- ASN1err(ASN1_F_PKCS5_PBE2_SET, -- ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); -- goto err; -- } -- obj = OBJ_nid2obj(alg_nid); -+ if (!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, -+ &ret->parameter->value.sequence)) -+ goto merr; -+ ret->parameter->type = V_ASN1_SEQUENCE; - -- if(!(pbe2 = PBE2PARAM_new())) goto merr; -+ PBE2PARAM_free(pbe2); -+ pbe2 = NULL; - -- /* Setup the AlgorithmIdentifier for the encryption scheme */ -- scheme = pbe2->encryption; -+ return ret; - -- scheme->algorithm = obj; -- if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; -+ merr: -+ ASN1err(ASN1_F_PKCS5_PBE2_SET, ERR_R_MALLOC_FAILURE); - -- /* Create random IV */ -- if (EVP_CIPHER_iv_length(cipher) && -- RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) -- goto err; -+ err: -+ PBE2PARAM_free(pbe2); -+ /* Note 'scheme' is freed as part of pbe2 */ -+ M_ASN1_OCTET_STRING_free(osalt); -+ PBKDF2PARAM_free(kdf); -+ X509_ALGOR_free(kalg); -+ X509_ALGOR_free(ret); - -- EVP_CIPHER_CTX_init(&ctx); -- -- /* Dummy cipherinit to just setup the IV */ -- EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); -- if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { -- ASN1err(ASN1_F_PKCS5_PBE2_SET, -- ASN1_R_ERROR_SETTING_CIPHER_PARAMS); -- EVP_CIPHER_CTX_cleanup(&ctx); -- goto err; -- } -- EVP_CIPHER_CTX_cleanup(&ctx); -- -- if(!(kdf = PBKDF2PARAM_new())) goto merr; -- if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr; -- -- if (!saltlen) saltlen = PKCS5_SALT_LEN; -- if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr; -- osalt->length = saltlen; -- if (salt) memcpy (osalt->data, salt, saltlen); -- else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr; -- -- if(iter <= 0) iter = PKCS5_DEFAULT_ITER; -- if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr; -- -- /* Now include salt in kdf structure */ -- kdf->salt->value.octet_string = osalt; -- kdf->salt->type = V_ASN1_OCTET_STRING; -- osalt = NULL; -- -- /* If its RC2 then we'd better setup the key length */ -- -- if(alg_nid == NID_rc2_cbc) { -- if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr; -- if(!ASN1_INTEGER_set (kdf->keylength, -- EVP_CIPHER_key_length(cipher))) goto merr; -- } -- -- /* prf can stay NULL because we are using hmacWithSHA1 */ -- -- /* Now setup the PBE2PARAM keyfunc structure */ -- -- pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); -- -- /* Encode PBKDF2PARAM into parameter of pbe2 */ -- -- if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; -- -- if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, -- &pbe2->keyfunc->parameter->value.sequence)) goto merr; -- pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; -- -- PBKDF2PARAM_free(kdf); -- kdf = NULL; -- -- /* Now set up top level AlgorithmIdentifier */ -- -- if(!(ret = X509_ALGOR_new())) goto merr; -- if(!(ret->parameter = ASN1_TYPE_new())) goto merr; -- -- ret->algorithm = OBJ_nid2obj(NID_pbes2); -- -- /* Encode PBE2PARAM into parameter */ -- -- if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, -- &ret->parameter->value.sequence)) goto merr; -- ret->parameter->type = V_ASN1_SEQUENCE; -- -- PBE2PARAM_free(pbe2); -- pbe2 = NULL; -- -- return ret; -- -- merr: -- ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE); -- -- err: -- PBE2PARAM_free(pbe2); -- /* Note 'scheme' is freed as part of pbe2 */ -- M_ASN1_OCTET_STRING_free(osalt); -- PBKDF2PARAM_free(kdf); -- X509_ALGOR_free(kalg); -- X509_ALGOR_free(ret); -- -- return NULL; -+ return NULL; - - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c -index 0a19575..6cd36ce 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c -@@ -1,6 +1,7 @@ - /* p8_pkey.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,21 +65,22 @@ - /* Minor tweak to operation: zero private key data */ - static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ -- if(operation == ASN1_OP_FREE_PRE) { -- PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; -- if (key->pkey->value.octet_string) -- OPENSSL_cleanse(key->pkey->value.octet_string->data, -- key->pkey->value.octet_string->length); -- } -- return 1; -+ /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ -+ if (operation == ASN1_OP_FREE_PRE) { -+ PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; -+ if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING -+ && key->pkey->value.octet_string != NULL) -+ OPENSSL_cleanse(key->pkey->value.octet_string->data, -+ key->pkey->value.octet_string->length); -+ } -+ return 1; - } - - ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { -- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), -- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), -- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), -- ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) -+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), -+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), -+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), -+ ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) - } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c -index 2e59a25..d5cf3c7 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c -@@ -1,6 +1,7 @@ - /* t_bitst.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,41 +63,43 @@ - #include - - int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, -- BIT_STRING_BITNAME *tbl, int indent) -+ BIT_STRING_BITNAME *tbl, int indent) - { -- BIT_STRING_BITNAME *bnam; -- char first = 1; -- BIO_printf(out, "%*s", indent, ""); -- for(bnam = tbl; bnam->lname; bnam++) { -- if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { -- if(!first) BIO_puts(out, ", "); -- BIO_puts(out, bnam->lname); -- first = 0; -- } -- } -- BIO_puts(out, "\n"); -- return 1; -+ BIT_STRING_BITNAME *bnam; -+ char first = 1; -+ BIO_printf(out, "%*s", indent, ""); -+ for (bnam = tbl; bnam->lname; bnam++) { -+ if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { -+ if (!first) -+ BIO_puts(out, ", "); -+ BIO_puts(out, bnam->lname); -+ first = 0; -+ } -+ } -+ BIO_puts(out, "\n"); -+ return 1; - } - - int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, -- BIT_STRING_BITNAME *tbl) -+ BIT_STRING_BITNAME *tbl) - { -- int bitnum; -- bitnum = ASN1_BIT_STRING_num_asc(name, tbl); -- if(bitnum < 0) return 0; -- if(bs) { -- if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) -- return 0; -- } -- return 1; -+ int bitnum; -+ bitnum = ASN1_BIT_STRING_num_asc(name, tbl); -+ if (bitnum < 0) -+ return 0; -+ if (bs) { -+ if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) -+ return 0; -+ } -+ return 1; - } - - int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl) - { -- BIT_STRING_BITNAME *bnam; -- for(bnam = tbl; bnam->lname; bnam++) { -- if(!strcmp(bnam->sname, name) || -- !strcmp(bnam->lname, name) ) return bnam->bitnum; -- } -- return -1; -+ BIT_STRING_BITNAME *bnam; -+ for (bnam = tbl; bnam->lname; bnam++) { -+ if (!strcmp(bnam->sname, name) || !strcmp(bnam->lname, name)) -+ return bnam->bitnum; -+ } -+ return -1; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c -index ee5a687..75a753b 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c -@@ -1,6 +1,7 @@ - /* t_crl.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -66,68 +67,68 @@ - - #ifndef OPENSSL_NO_FP_API - int X509_CRL_print_fp(FILE *fp, X509_CRL *x) -- { -- BIO *b; -- int ret; -+{ -+ BIO *b; -+ int ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=X509_CRL_print(b, x); -- BIO_free(b); -- return(ret); -- } -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = X509_CRL_print(b, x); -+ BIO_free(b); -+ return (ret); -+} - #endif - - int X509_CRL_print(BIO *out, X509_CRL *x) - { -- STACK_OF(X509_REVOKED) *rev; -- X509_REVOKED *r; -- long l; -- int i; -- char *p; -+ STACK_OF(X509_REVOKED) *rev; -+ X509_REVOKED *r; -+ long l; -+ int i; -+ char *p; - -- BIO_printf(out, "Certificate Revocation List (CRL):\n"); -- l = X509_CRL_get_version(x); -- BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l); -- i = OBJ_obj2nid(x->sig_alg->algorithm); -- BIO_printf(out, "%8sSignature Algorithm: %s\n", "", -- (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); -- p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0); -- BIO_printf(out,"%8sIssuer: %s\n","",p); -- OPENSSL_free(p); -- BIO_printf(out,"%8sLast Update: ",""); -- ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x)); -- BIO_printf(out,"\n%8sNext Update: ",""); -- if (X509_CRL_get_nextUpdate(x)) -- ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x)); -- else BIO_printf(out,"NONE"); -- BIO_printf(out,"\n"); -+ BIO_printf(out, "Certificate Revocation List (CRL):\n"); -+ l = X509_CRL_get_version(x); -+ BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); -+ i = OBJ_obj2nid(x->sig_alg->algorithm); -+ BIO_printf(out, "%8sSignature Algorithm: %s\n", "", -+ (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); -+ p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); -+ BIO_printf(out, "%8sIssuer: %s\n", "", p); -+ OPENSSL_free(p); -+ BIO_printf(out, "%8sLast Update: ", ""); -+ ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x)); -+ BIO_printf(out, "\n%8sNext Update: ", ""); -+ if (X509_CRL_get_nextUpdate(x)) -+ ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x)); -+ else -+ BIO_printf(out, "NONE"); -+ BIO_printf(out, "\n"); - -- X509V3_extensions_print(out, "CRL extensions", -- x->crl->extensions, 0, 8); -+ X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); - -- rev = X509_CRL_get_REVOKED(x); -+ rev = X509_CRL_get_REVOKED(x); - -- if(sk_X509_REVOKED_num(rev) > 0) -- BIO_printf(out, "Revoked Certificates:\n"); -- else BIO_printf(out, "No Revoked Certificates.\n"); -+ if (sk_X509_REVOKED_num(rev) > 0) -+ BIO_printf(out, "Revoked Certificates:\n"); -+ else -+ BIO_printf(out, "No Revoked Certificates.\n"); - -- for(i = 0; i < sk_X509_REVOKED_num(rev); i++) { -- r = sk_X509_REVOKED_value(rev, i); -- BIO_printf(out," Serial Number: "); -- i2a_ASN1_INTEGER(out,r->serialNumber); -- BIO_printf(out,"\n Revocation Date: "); -- ASN1_TIME_print(out,r->revocationDate); -- BIO_printf(out,"\n"); -- X509V3_extensions_print(out, "CRL entry extensions", -- r->extensions, 0, 8); -- } -- X509_signature_print(out, x->sig_alg, x->signature); -+ for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { -+ r = sk_X509_REVOKED_value(rev, i); -+ BIO_printf(out, " Serial Number: "); -+ i2a_ASN1_INTEGER(out, r->serialNumber); -+ BIO_printf(out, "\n Revocation Date: "); -+ ASN1_TIME_print(out, r->revocationDate); -+ BIO_printf(out, "\n"); -+ X509V3_extensions_print(out, "CRL entry extensions", -+ r->extensions, 0, 8); -+ } -+ X509_signature_print(out, x->sig_alg, x->signature); - -- return 1; -+ return 1; - - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -index bc23f56..4821821 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,7 +57,7 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * Binary polynomial ECC support in OpenSSL originally developed by -+ * Binary polynomial ECC support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -@@ -67,768 +67,732 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DH --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_EC --#include -+# include - #endif - --static int print(BIO *fp,const char *str, const BIGNUM *num, -- unsigned char *buf,int off); -+static int print(BIO *fp, const char *str, const BIGNUM *num, -+ unsigned char *buf, int off); - #ifndef OPENSSL_NO_EC - static int print_bin(BIO *fp, const char *str, const unsigned char *num, -- size_t len, int off); -+ size_t len, int off); - #endif - #ifndef OPENSSL_NO_RSA --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int RSA_print_fp(FILE *fp, const RSA *x, int off) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=RSA_print(b,x,off); -- BIO_free(b); -- return(ret); -- } --#endif -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = RSA_print(b, x, off); -+ BIO_free(b); -+ return (ret); -+} -+# endif - - int RSA_print(BIO *bp, const RSA *x, int off) -- { -- char str[128]; -- const char *s; -- unsigned char *m=NULL; -- int ret=0, mod_len = 0; -- size_t buf_len=0, i; -- -- if (x->n) -- buf_len = (size_t)BN_num_bytes(x->n); -- if (x->e) -- if (buf_len < (i = (size_t)BN_num_bytes(x->e))) -- buf_len = i; -- if (x->d) -- if (buf_len < (i = (size_t)BN_num_bytes(x->d))) -- buf_len = i; -- if (x->p) -- if (buf_len < (i = (size_t)BN_num_bytes(x->p))) -- buf_len = i; -- if (x->q) -- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) -- buf_len = i; -- if (x->dmp1) -- if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) -- buf_len = i; -- if (x->dmq1) -- if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) -- buf_len = i; -- if (x->iqmp) -- if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) -- buf_len = i; -- -- m=(unsigned char *)OPENSSL_malloc(buf_len+10); -- if (m == NULL) -- { -- RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (x->n != NULL) -- mod_len = BN_num_bits(x->n); -- -- if (x->d != NULL) -- { -- if(!BIO_indent(bp,off,128)) -- goto err; -- if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) -- <= 0) goto err; -- } -- -- if (x->d == NULL) -- BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len); -- else -- BUF_strlcpy(str,"modulus:",sizeof str); -- if (!print(bp,str,x->n,m,off)) goto err; -- s=(x->d == NULL)?"Exponent:":"publicExponent:"; -- if ((x->e != NULL) && !print(bp,s,x->e,m,off)) -- goto err; -- if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off)) -- goto err; -- if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off)) -- goto err; -- if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off)) -- goto err; -- if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off)) -- goto err; -- if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off)) -- goto err; -- if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off)) -- goto err; -- ret=1; --err: -- if (m != NULL) OPENSSL_free(m); -- return(ret); -- } --#endif /* OPENSSL_NO_RSA */ -+{ -+ char str[128]; -+ const char *s; -+ unsigned char *m = NULL; -+ int ret = 0, mod_len = 0; -+ size_t buf_len = 0, i; -+ -+ if (x->n) -+ buf_len = (size_t)BN_num_bytes(x->n); -+ if (x->e) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->e))) -+ buf_len = i; -+ if (x->d) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->d))) -+ buf_len = i; -+ if (x->p) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->p))) -+ buf_len = i; -+ if (x->q) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->q))) -+ buf_len = i; -+ if (x->dmp1) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) -+ buf_len = i; -+ if (x->dmq1) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) -+ buf_len = i; -+ if (x->iqmp) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) -+ buf_len = i; -+ -+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); -+ if (m == NULL) { -+ RSAerr(RSA_F_RSA_PRINT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (x->n != NULL) -+ mod_len = BN_num_bits(x->n); -+ -+ if (x->d != NULL) { -+ if (!BIO_indent(bp, off, 128)) -+ goto err; -+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) -+ <= 0) -+ goto err; -+ } -+ -+ if (x->d == NULL) -+ BIO_snprintf(str, sizeof str, "Modulus (%d bit):", mod_len); -+ else -+ BUF_strlcpy(str, "modulus:", sizeof str); -+ if (!print(bp, str, x->n, m, off)) -+ goto err; -+ s = (x->d == NULL) ? "Exponent:" : "publicExponent:"; -+ if ((x->e != NULL) && !print(bp, s, x->e, m, off)) -+ goto err; -+ if ((x->d != NULL) && !print(bp, "privateExponent:", x->d, m, off)) -+ goto err; -+ if ((x->p != NULL) && !print(bp, "prime1:", x->p, m, off)) -+ goto err; -+ if ((x->q != NULL) && !print(bp, "prime2:", x->q, m, off)) -+ goto err; -+ if ((x->dmp1 != NULL) && !print(bp, "exponent1:", x->dmp1, m, off)) -+ goto err; -+ if ((x->dmq1 != NULL) && !print(bp, "exponent2:", x->dmq1, m, off)) -+ goto err; -+ if ((x->iqmp != NULL) && !print(bp, "coefficient:", x->iqmp, m, off)) -+ goto err; -+ ret = 1; -+ err: -+ if (m != NULL) -+ OPENSSL_free(m); -+ return (ret); -+} -+#endif /* OPENSSL_NO_RSA */ - - #ifndef OPENSSL_NO_DSA --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int DSA_print_fp(FILE *fp, const DSA *x, int off) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=DSA_print(b,x,off); -- BIO_free(b); -- return(ret); -- } --#endif -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = DSA_print(b, x, off); -+ BIO_free(b); -+ return (ret); -+} -+# endif - - int DSA_print(BIO *bp, const DSA *x, int off) -- { -- unsigned char *m=NULL; -- int ret=0; -- size_t buf_len=0,i; -- -- if (x->p) -- buf_len = (size_t)BN_num_bytes(x->p); -- if (x->q) -- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) -- buf_len = i; -- if (x->g) -- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) -- buf_len = i; -- if (x->priv_key) -- if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) -- buf_len = i; -- if (x->pub_key) -- if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) -- buf_len = i; -- -- m=(unsigned char *)OPENSSL_malloc(buf_len+10); -- if (m == NULL) -- { -- DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (x->priv_key != NULL) -- { -- if(!BIO_indent(bp,off,128)) -- goto err; -- if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) -- <= 0) goto err; -- } -- -- if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off)) -- goto err; -- if ((x->pub_key != NULL) && !print(bp,"pub: ",x->pub_key,m,off)) -- goto err; -- if ((x->p != NULL) && !print(bp,"P: ",x->p,m,off)) goto err; -- if ((x->q != NULL) && !print(bp,"Q: ",x->q,m,off)) goto err; -- if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err; -- ret=1; --err: -- if (m != NULL) OPENSSL_free(m); -- return(ret); -- } --#endif /* !OPENSSL_NO_DSA */ -+{ -+ unsigned char *m = NULL; -+ int ret = 0; -+ size_t buf_len = 0, i; -+ -+ if (x->p) -+ buf_len = (size_t)BN_num_bytes(x->p); -+ if (x->q) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->q))) -+ buf_len = i; -+ if (x->g) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->g))) -+ buf_len = i; -+ if (x->priv_key) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) -+ buf_len = i; -+ if (x->pub_key) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) -+ buf_len = i; -+ -+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); -+ if (m == NULL) { -+ DSAerr(DSA_F_DSA_PRINT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (x->priv_key != NULL) { -+ if (!BIO_indent(bp, off, 128)) -+ goto err; -+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(x->p)) -+ <= 0) -+ goto err; -+ } -+ -+ if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, m, off)) -+ goto err; -+ if ((x->pub_key != NULL) && !print(bp, "pub: ", x->pub_key, m, off)) -+ goto err; -+ if ((x->p != NULL) && !print(bp, "P: ", x->p, m, off)) -+ goto err; -+ if ((x->q != NULL) && !print(bp, "Q: ", x->q, m, off)) -+ goto err; -+ if ((x->g != NULL) && !print(bp, "G: ", x->g, m, off)) -+ goto err; -+ ret = 1; -+ err: -+ if (m != NULL) -+ OPENSSL_free(m); -+ return (ret); -+} -+#endif /* !OPENSSL_NO_DSA */ - - #ifndef OPENSSL_NO_EC --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b, fp, BIO_NOCLOSE); -- ret = ECPKParameters_print(b, x, off); -- BIO_free(b); -- return(ret); -- } -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = ECPKParameters_print(b, x, off); -+ BIO_free(b); -+ return (ret); -+} - - int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); -- return(0); -- } -- BIO_set_fp(b, fp, BIO_NOCLOSE); -- ret = EC_KEY_print(b, x, off); -- BIO_free(b); -- return(ret); -- } --#endif -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = EC_KEY_print(b, x, off); -+ BIO_free(b); -+ return (ret); -+} -+# endif - - int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) -- { -- unsigned char *buffer=NULL; -- size_t buf_len=0, i; -- int ret=0, reason=ERR_R_BIO_LIB; -- BN_CTX *ctx=NULL; -- const EC_POINT *point=NULL; -- BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, -- *order=NULL, *cofactor=NULL; -- const unsigned char *seed; -- size_t seed_len=0; -- -- static const char *gen_compressed = "Generator (compressed):"; -- static const char *gen_uncompressed = "Generator (uncompressed):"; -- static const char *gen_hybrid = "Generator (hybrid):"; -- -- if (!x) -- { -- reason = ERR_R_PASSED_NULL_PARAMETER; -- goto err; -- } -- -- if (EC_GROUP_get_asn1_flag(x)) -- { -- /* the curve parameter are given by an asn1 OID */ -- int nid; -- -- if (!BIO_indent(bp, off, 128)) -- goto err; -- -- nid = EC_GROUP_get_curve_name(x); -- if (nid == 0) -- goto err; -- -- if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) -- goto err; -- if (BIO_printf(bp, "\n") <= 0) -- goto err; -- } -- else -- { -- /* explicit parameters */ -- int is_char_two = 0; -- point_conversion_form_t form; -- int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); -- -- if (tmp_nid == NID_X9_62_characteristic_two_field) -- is_char_two = 1; -- -- if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || -- (b = BN_new()) == NULL || (order = BN_new()) == NULL || -- (cofactor = BN_new()) == NULL) -- { -- reason = ERR_R_MALLOC_FAILURE; -- goto err; -- } -- -- if (is_char_two) -- { -- if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) -- { -- reason = ERR_R_EC_LIB; -- goto err; -- } -- } -- else /* prime field */ -- { -- if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) -- { -- reason = ERR_R_EC_LIB; -- goto err; -- } -- } -- -- if ((point = EC_GROUP_get0_generator(x)) == NULL) -- { -- reason = ERR_R_EC_LIB; -- goto err; -- } -- if (!EC_GROUP_get_order(x, order, NULL) || -- !EC_GROUP_get_cofactor(x, cofactor, NULL)) -- { -- reason = ERR_R_EC_LIB; -- goto err; -- } -- -- form = EC_GROUP_get_point_conversion_form(x); -- -- if ((gen = EC_POINT_point2bn(x, point, -- form, NULL, ctx)) == NULL) -- { -- reason = ERR_R_EC_LIB; -- goto err; -- } -- -- buf_len = (size_t)BN_num_bytes(p); -- if (buf_len < (i = (size_t)BN_num_bytes(a))) -- buf_len = i; -- if (buf_len < (i = (size_t)BN_num_bytes(b))) -- buf_len = i; -- if (buf_len < (i = (size_t)BN_num_bytes(gen))) -- buf_len = i; -- if (buf_len < (i = (size_t)BN_num_bytes(order))) -- buf_len = i; -- if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) -- buf_len = i; -- -- if ((seed = EC_GROUP_get0_seed(x)) != NULL) -- seed_len = EC_GROUP_get_seed_len(x); -- -- buf_len += 10; -- if ((buffer = OPENSSL_malloc(buf_len)) == NULL) -- { -- reason = ERR_R_MALLOC_FAILURE; -- goto err; -- } -- -- if (!BIO_indent(bp, off, 128)) -- goto err; -- -- /* print the 'short name' of the field type */ -- if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) -- <= 0) -- goto err; -- -- if (is_char_two) -- { -- /* print the 'short name' of the base type OID */ -- int basis_type = EC_GROUP_get_basis_type(x); -- if (basis_type == 0) -- goto err; -- -- if (!BIO_indent(bp, off, 128)) -- goto err; -- -- if (BIO_printf(bp, "Basis Type: %s\n", -- OBJ_nid2sn(basis_type)) <= 0) -- goto err; -- -- /* print the polynomial */ -- if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, -- off)) -- goto err; -- } -- else -- { -- if ((p != NULL) && !print(bp, "Prime:", p, buffer,off)) -- goto err; -- } -- if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) -- goto err; -- if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) -- goto err; -- if (form == POINT_CONVERSION_COMPRESSED) -- { -- if ((gen != NULL) && !print(bp, gen_compressed, gen, -- buffer, off)) -- goto err; -- } -- else if (form == POINT_CONVERSION_UNCOMPRESSED) -- { -- if ((gen != NULL) && !print(bp, gen_uncompressed, gen, -- buffer, off)) -- goto err; -- } -- else /* form == POINT_CONVERSION_HYBRID */ -- { -- if ((gen != NULL) && !print(bp, gen_hybrid, gen, -- buffer, off)) -- goto err; -- } -- if ((order != NULL) && !print(bp, "Order: ", order, -- buffer, off)) goto err; -- if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, -- buffer, off)) goto err; -- if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) -- goto err; -- } -- ret=1; --err: -- if (!ret) -- ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); -- if (p) -- BN_free(p); -- if (a) -- BN_free(a); -- if (b) -- BN_free(b); -- if (gen) -- BN_free(gen); -- if (order) -- BN_free(order); -- if (cofactor) -- BN_free(cofactor); -- if (ctx) -- BN_CTX_free(ctx); -- if (buffer != NULL) -- OPENSSL_free(buffer); -- return(ret); -- } -+{ -+ unsigned char *buffer = NULL; -+ size_t buf_len = 0, i; -+ int ret = 0, reason = ERR_R_BIO_LIB; -+ BN_CTX *ctx = NULL; -+ const EC_POINT *point = NULL; -+ BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, -+ *order = NULL, *cofactor = NULL; -+ const unsigned char *seed; -+ size_t seed_len = 0; -+ -+ static const char *gen_compressed = "Generator (compressed):"; -+ static const char *gen_uncompressed = "Generator (uncompressed):"; -+ static const char *gen_hybrid = "Generator (hybrid):"; -+ -+ if (!x) { -+ reason = ERR_R_PASSED_NULL_PARAMETER; -+ goto err; -+ } -+ -+ if (EC_GROUP_get_asn1_flag(x)) { -+ /* the curve parameter are given by an asn1 OID */ -+ int nid; -+ -+ if (!BIO_indent(bp, off, 128)) -+ goto err; -+ -+ nid = EC_GROUP_get_curve_name(x); -+ if (nid == 0) -+ goto err; -+ -+ if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) -+ goto err; -+ if (BIO_printf(bp, "\n") <= 0) -+ goto err; -+ } else { -+ /* explicit parameters */ -+ int is_char_two = 0; -+ point_conversion_form_t form; -+ int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); -+ -+ if (tmp_nid == NID_X9_62_characteristic_two_field) -+ is_char_two = 1; -+ -+ if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || -+ (b = BN_new()) == NULL || (order = BN_new()) == NULL || -+ (cofactor = BN_new()) == NULL) { -+ reason = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ -+ if (is_char_two) { -+ if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) { -+ reason = ERR_R_EC_LIB; -+ goto err; -+ } -+ } else { /* prime field */ -+ -+ if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) { -+ reason = ERR_R_EC_LIB; -+ goto err; -+ } -+ } -+ -+ if ((point = EC_GROUP_get0_generator(x)) == NULL) { -+ reason = ERR_R_EC_LIB; -+ goto err; -+ } -+ if (!EC_GROUP_get_order(x, order, NULL) || -+ !EC_GROUP_get_cofactor(x, cofactor, NULL)) { -+ reason = ERR_R_EC_LIB; -+ goto err; -+ } -+ -+ form = EC_GROUP_get_point_conversion_form(x); -+ -+ if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) { -+ reason = ERR_R_EC_LIB; -+ goto err; -+ } -+ -+ buf_len = (size_t)BN_num_bytes(p); -+ if (buf_len < (i = (size_t)BN_num_bytes(a))) -+ buf_len = i; -+ if (buf_len < (i = (size_t)BN_num_bytes(b))) -+ buf_len = i; -+ if (buf_len < (i = (size_t)BN_num_bytes(gen))) -+ buf_len = i; -+ if (buf_len < (i = (size_t)BN_num_bytes(order))) -+ buf_len = i; -+ if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) -+ buf_len = i; -+ -+ if ((seed = EC_GROUP_get0_seed(x)) != NULL) -+ seed_len = EC_GROUP_get_seed_len(x); -+ -+ buf_len += 10; -+ if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { -+ reason = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ -+ if (!BIO_indent(bp, off, 128)) -+ goto err; -+ -+ /* print the 'short name' of the field type */ -+ if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) -+ <= 0) -+ goto err; -+ -+ if (is_char_two) { -+ /* print the 'short name' of the base type OID */ -+ int basis_type = EC_GROUP_get_basis_type(x); -+ if (basis_type == 0) -+ goto err; -+ -+ if (!BIO_indent(bp, off, 128)) -+ goto err; -+ -+ if (BIO_printf(bp, "Basis Type: %s\n", -+ OBJ_nid2sn(basis_type)) <= 0) -+ goto err; -+ -+ /* print the polynomial */ -+ if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, off)) -+ goto err; -+ } else { -+ if ((p != NULL) && !print(bp, "Prime:", p, buffer, off)) -+ goto err; -+ } -+ if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) -+ goto err; -+ if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) -+ goto err; -+ if (form == POINT_CONVERSION_COMPRESSED) { -+ if ((gen != NULL) && !print(bp, gen_compressed, gen, buffer, off)) -+ goto err; -+ } else if (form == POINT_CONVERSION_UNCOMPRESSED) { -+ if ((gen != NULL) && !print(bp, gen_uncompressed, gen, -+ buffer, off)) -+ goto err; -+ } else { /* form == POINT_CONVERSION_HYBRID */ -+ -+ if ((gen != NULL) && !print(bp, gen_hybrid, gen, buffer, off)) -+ goto err; -+ } -+ if ((order != NULL) && !print(bp, "Order: ", order, buffer, off)) -+ goto err; -+ if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, -+ buffer, off)) -+ goto err; -+ if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) -+ goto err; -+ } -+ ret = 1; -+ err: -+ if (!ret) -+ ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); -+ if (p) -+ BN_free(p); -+ if (a) -+ BN_free(a); -+ if (b) -+ BN_free(b); -+ if (gen) -+ BN_free(gen); -+ if (order) -+ BN_free(order); -+ if (cofactor) -+ BN_free(cofactor); -+ if (ctx) -+ BN_CTX_free(ctx); -+ if (buffer != NULL) -+ OPENSSL_free(buffer); -+ return (ret); -+} - - int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) -- { -- unsigned char *buffer=NULL; -- size_t buf_len=0, i; -- int ret=0, reason=ERR_R_BIO_LIB; -- BIGNUM *pub_key=NULL, *order=NULL; -- BN_CTX *ctx=NULL; -- const EC_GROUP *group; -- const EC_POINT *public_key; -- const BIGNUM *priv_key; -- -- if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) -- { -- reason = ERR_R_PASSED_NULL_PARAMETER; -- goto err; -- } -- -- public_key = EC_KEY_get0_public_key(x); -- if ((pub_key = EC_POINT_point2bn(group, public_key, -- EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) -- { -- reason = ERR_R_EC_LIB; -- goto err; -- } -- -- buf_len = (size_t)BN_num_bytes(pub_key); -- priv_key = EC_KEY_get0_private_key(x); -- if (priv_key != NULL) -- { -- if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) -- buf_len = i; -- } -- -- buf_len += 10; -- if ((buffer = OPENSSL_malloc(buf_len)) == NULL) -- { -- reason = ERR_R_MALLOC_FAILURE; -- goto err; -- } -- -- if (priv_key != NULL) -- { -- if (!BIO_indent(bp, off, 128)) -- goto err; -- if ((order = BN_new()) == NULL) -- goto err; -- if (!EC_GROUP_get_order(group, order, NULL)) -- goto err; -- if (BIO_printf(bp, "Private-Key: (%d bit)\n", -- BN_num_bits(order)) <= 0) goto err; -- } -- -- if ((priv_key != NULL) && !print(bp, "priv:", priv_key, -- buffer, off)) -- goto err; -- if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, -- buffer, off)) -- goto err; -- if (!ECPKParameters_print(bp, group, off)) -- goto err; -- ret=1; --err: -- if (!ret) -- ECerr(EC_F_EC_KEY_PRINT, reason); -- if (pub_key) -- BN_free(pub_key); -- if (order) -- BN_free(order); -- if (ctx) -- BN_CTX_free(ctx); -- if (buffer != NULL) -- OPENSSL_free(buffer); -- return(ret); -- } --#endif /* OPENSSL_NO_EC */ -- --static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, -- int off) -- { -- int n,i; -- const char *neg; -- -- if (num == NULL) return(1); -- neg = (BN_is_negative(num))?"-":""; -- if(!BIO_indent(bp,off,128)) -- return 0; -- if (BN_is_zero(num)) -- { -- if (BIO_printf(bp, "%s 0\n", number) <= 0) -- return 0; -- return 1; -- } -- -- if (BN_num_bytes(num) <= BN_BYTES) -- { -- if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg, -- (unsigned long)num->d[0],neg,(unsigned long)num->d[0]) -- <= 0) return(0); -- } -- else -- { -- buf[0]=0; -- if (BIO_printf(bp,"%s%s",number, -- (neg[0] == '-')?" (Negative)":"") <= 0) -- return(0); -- n=BN_bn2bin(num,&buf[1]); -- -- if (buf[1] & 0x80) -- n++; -- else buf++; -- -- for (i=0; i buf_len) -+ buf_len = i; -+ } -+ -+ buf_len += 10; -+ if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { -+ reason = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ -+ if (priv_key != NULL) { -+ if (!BIO_indent(bp, off, 128)) -+ goto err; -+ if ((order = BN_new()) == NULL) -+ goto err; -+ if (!EC_GROUP_get_order(group, order, NULL)) -+ goto err; -+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", -+ BN_num_bits(order)) <= 0) -+ goto err; -+ } -+ -+ if ((priv_key != NULL) && !print(bp, "priv:", priv_key, buffer, off)) -+ goto err; -+ if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, buffer, off)) -+ goto err; -+ if (!ECPKParameters_print(bp, group, off)) -+ goto err; -+ ret = 1; -+ err: -+ if (!ret) -+ ECerr(EC_F_EC_KEY_PRINT, reason); -+ if (pub_key) -+ BN_free(pub_key); -+ if (order) -+ BN_free(order); -+ if (ctx) -+ BN_CTX_free(ctx); -+ if (buffer != NULL) -+ OPENSSL_free(buffer); -+ return (ret); -+} -+#endif /* OPENSSL_NO_EC */ -+ -+static int print(BIO *bp, const char *number, const BIGNUM *num, -+ unsigned char *buf, int off) -+{ -+ int n, i; -+ const char *neg; -+ -+ if (num == NULL) -+ return (1); -+ neg = (BN_is_negative(num)) ? "-" : ""; -+ if (!BIO_indent(bp, off, 128)) -+ return 0; -+ if (BN_is_zero(num)) { -+ if (BIO_printf(bp, "%s 0\n", number) <= 0) -+ return 0; -+ return 1; -+ } -+ -+ if (BN_num_bytes(num) <= BN_BYTES) { -+ if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg, -+ (unsigned long)num->d[0], neg, -+ (unsigned long)num->d[0]) -+ <= 0) -+ return (0); -+ } else { -+ buf[0] = 0; -+ if (BIO_printf(bp, "%s%s", number, -+ (neg[0] == '-') ? " (Negative)" : "") <= 0) -+ return (0); -+ n = BN_bn2bin(num, &buf[1]); -+ -+ if (buf[1] & 0x80) -+ n++; -+ else -+ buf++; -+ -+ for (i = 0; i < n; i++) { -+ if ((i % 15) == 0) { -+ if (BIO_puts(bp, "\n") <= 0 || !BIO_indent(bp, off + 4, 128)) -+ return 0; -+ } -+ if (BIO_printf(bp, "%02x%s", buf[i], ((i + 1) == n) ? "" : ":") -+ <= 0) -+ return (0); -+ } -+ if (BIO_write(bp, "\n", 1) <= 0) -+ return (0); -+ } -+ return (1); -+} - - #ifndef OPENSSL_NO_EC - static int print_bin(BIO *fp, const char *name, const unsigned char *buf, -- size_t len, int off) -- { -- size_t i; -- char str[128]; -- -- if (buf == NULL) -- return 1; -- if (off) -- { -- if (off > 128) -- off=128; -- memset(str,' ',off); -- if (BIO_write(fp, str, off) <= 0) -- return 0; -- } -- -- if (BIO_printf(fp,"%s", name) <= 0) -- return 0; -- -- for (i=0; i 128) -+ off = 128; -+ memset(str, ' ', off); -+ if (BIO_write(fp, str, off) <= 0) -+ return 0; -+ } -+ -+ if (BIO_printf(fp, "%s", name) <= 0) -+ return 0; -+ -+ for (i = 0; i < len; i++) { -+ if ((i % 15) == 0) { -+ str[0] = '\n'; -+ memset(&(str[1]), ' ', off + 4); -+ if (BIO_write(fp, str, off + 1 + 4) <= 0) -+ return 0; -+ } -+ if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= -+ 0) -+ return 0; -+ } -+ if (BIO_write(fp, "\n", 1) <= 0) -+ return 0; -+ -+ return 1; -+} - #endif - - #ifndef OPENSSL_NO_DH --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int DHparams_print_fp(FILE *fp, const DH *x) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=DHparams_print(b, x); -- BIO_free(b); -- return(ret); -- } --#endif -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = DHparams_print(b, x); -+ BIO_free(b); -+ return (ret); -+} -+# endif - - int DHparams_print(BIO *bp, const DH *x) -- { -- unsigned char *m=NULL; -- int reason=ERR_R_BUF_LIB,ret=0; -- size_t buf_len=0, i; -- -- if (x->p) -- buf_len = (size_t)BN_num_bytes(x->p); -- else -- { -- reason = ERR_R_PASSED_NULL_PARAMETER; -- goto err; -- } -- if (x->g) -- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) -- buf_len = i; -- m=(unsigned char *)OPENSSL_malloc(buf_len+10); -- if (m == NULL) -- { -- reason=ERR_R_MALLOC_FAILURE; -- goto err; -- } -- -- if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n", -- BN_num_bits(x->p)) <= 0) -- goto err; -- if (!print(bp,"prime:",x->p,m,4)) goto err; -- if (!print(bp,"generator:",x->g,m,4)) goto err; -- if (x->length != 0) -- { -- if (BIO_printf(bp," recommended-private-length: %d bits\n", -- (int)x->length) <= 0) goto err; -- } -- ret=1; -- if (0) -- { --err: -- DHerr(DH_F_DHPARAMS_PRINT,reason); -- } -- if (m != NULL) OPENSSL_free(m); -- return(ret); -- } -+{ -+ unsigned char *m = NULL; -+ int reason = ERR_R_BUF_LIB, ret = 0; -+ size_t buf_len = 0, i; -+ -+ if (x->p) -+ buf_len = (size_t)BN_num_bytes(x->p); -+ else { -+ reason = ERR_R_PASSED_NULL_PARAMETER; -+ goto err; -+ } -+ if (x->g) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->g))) -+ buf_len = i; -+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); -+ if (m == NULL) { -+ reason = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ -+ if (BIO_printf(bp, "Diffie-Hellman-Parameters: (%d bit)\n", -+ BN_num_bits(x->p)) <= 0) -+ goto err; -+ if (!print(bp, "prime:", x->p, m, 4)) -+ goto err; -+ if (!print(bp, "generator:", x->g, m, 4)) -+ goto err; -+ if (x->length != 0) { -+ if (BIO_printf(bp, " recommended-private-length: %d bits\n", -+ (int)x->length) <= 0) -+ goto err; -+ } -+ ret = 1; -+ if (0) { -+ err: -+ DHerr(DH_F_DHPARAMS_PRINT, reason); -+ } -+ if (m != NULL) -+ OPENSSL_free(m); -+ return (ret); -+} - #endif - - #ifndef OPENSSL_NO_DSA --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int DSAparams_print_fp(FILE *fp, const DSA *x) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=DSAparams_print(b, x); -- BIO_free(b); -- return(ret); -- } --#endif -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = DSAparams_print(b, x); -+ BIO_free(b); -+ return (ret); -+} -+# endif - - int DSAparams_print(BIO *bp, const DSA *x) -- { -- unsigned char *m=NULL; -- int ret=0; -- size_t buf_len=0,i; -- -- if (x->p) -- buf_len = (size_t)BN_num_bytes(x->p); -- else -- { -- DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS); -- goto err; -- } -- if (x->q) -- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) -- buf_len = i; -- if (x->g) -- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) -- buf_len = i; -- m=(unsigned char *)OPENSSL_malloc(buf_len+10); -- if (m == NULL) -- { -- DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n", -- BN_num_bits(x->p)) <= 0) -- goto err; -- if (!print(bp,"p:",x->p,m,4)) goto err; -- if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err; -- if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err; -- ret=1; --err: -- if (m != NULL) OPENSSL_free(m); -- return(ret); -- } -- --#endif /* !OPENSSL_NO_DSA */ -+{ -+ unsigned char *m = NULL; -+ int ret = 0; -+ size_t buf_len = 0, i; -+ -+ if (x->p) -+ buf_len = (size_t)BN_num_bytes(x->p); -+ else { -+ DSAerr(DSA_F_DSAPARAMS_PRINT, DSA_R_MISSING_PARAMETERS); -+ goto err; -+ } -+ if (x->q) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->q))) -+ buf_len = i; -+ if (x->g) -+ if (buf_len < (i = (size_t)BN_num_bytes(x->g))) -+ buf_len = i; -+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); -+ if (m == NULL) { -+ DSAerr(DSA_F_DSAPARAMS_PRINT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (BIO_printf(bp, "DSA-Parameters: (%d bit)\n", BN_num_bits(x->p)) <= 0) -+ goto err; -+ if (!print(bp, "p:", x->p, m, 4)) -+ goto err; -+ if ((x->q != NULL) && !print(bp, "q:", x->q, m, 4)) -+ goto err; -+ if ((x->g != NULL) && !print(bp, "g:", x->g, m, 4)) -+ goto err; -+ ret = 1; -+ err: -+ if (m != NULL) -+ OPENSSL_free(m); -+ return (ret); -+} -+ -+#endif /* !OPENSSL_NO_DSA */ - - #ifndef OPENSSL_NO_EC --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int ECParameters_print_fp(FILE *fp, const EC_KEY *x) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); -- return(0); -- } -- BIO_set_fp(b, fp, BIO_NOCLOSE); -- ret = ECParameters_print(b, x); -- BIO_free(b); -- return(ret); -- } --#endif -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = ECParameters_print(b, x); -+ BIO_free(b); -+ return (ret); -+} -+# endif - - int ECParameters_print(BIO *bp, const EC_KEY *x) -- { -- int reason=ERR_R_EC_LIB, ret=0; -- BIGNUM *order=NULL; -- const EC_GROUP *group; -- -- if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) -- { -- reason = ERR_R_PASSED_NULL_PARAMETER;; -- goto err; -- } -- -- if ((order = BN_new()) == NULL) -- { -- reason = ERR_R_MALLOC_FAILURE; -- goto err; -- } -- -- if (!EC_GROUP_get_order(group, order, NULL)) -- { -- reason = ERR_R_EC_LIB; -- goto err; -- } -- -- if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", -- BN_num_bits(order)) <= 0) -- goto err; -- if (!ECPKParameters_print(bp, group, 4)) -- goto err; -- ret=1; --err: -- if (order) -- BN_free(order); -- ECerr(EC_F_ECPARAMETERS_PRINT, reason); -- return(ret); -- } -- -+{ -+ int reason = ERR_R_EC_LIB, ret = 0; -+ BIGNUM *order = NULL; -+ const EC_GROUP *group; -+ -+ if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { -+ reason = ERR_R_PASSED_NULL_PARAMETER;; -+ goto err; -+ } -+ -+ if ((order = BN_new()) == NULL) { -+ reason = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ -+ if (!EC_GROUP_get_order(group, order, NULL)) { -+ reason = ERR_R_EC_LIB; -+ goto err; -+ } -+ -+ if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", -+ BN_num_bits(order)) <= 0) -+ goto err; -+ if (!ECPKParameters_print(bp, group, 4)) -+ goto err; -+ ret = 1; -+ err: -+ if (order) -+ BN_free(order); -+ ECerr(EC_F_ECPARAMETERS_PRINT, reason); -+ return (ret); -+} -+ - #endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c -index 5557e06..b578b68 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_req.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,227 +64,210 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - - #ifndef OPENSSL_NO_FP_API - int X509_REQ_print_fp(FILE *fp, X509_REQ *x) -- { -- BIO *b; -- int ret; -+{ -+ BIO *b; -+ int ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=X509_REQ_print(b, x); -- BIO_free(b); -- return(ret); -- } -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = X509_REQ_print(b, x); -+ BIO_free(b); -+ return (ret); -+} - #endif - --int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag) -- { -- unsigned long l; -- int i; -- const char *neg; -- X509_REQ_INFO *ri; -- EVP_PKEY *pkey; -- STACK_OF(X509_ATTRIBUTE) *sk; -- STACK_OF(X509_EXTENSION) *exts; -- char mlch = ' '; -- int nmindent = 0; -- -- if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { -- mlch = '\n'; -- nmindent = 12; -- } -+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, -+ unsigned long cflag) -+{ -+ unsigned long l; -+ int i; -+ const char *neg; -+ X509_REQ_INFO *ri; -+ EVP_PKEY *pkey; -+ STACK_OF(X509_ATTRIBUTE) *sk; -+ STACK_OF(X509_EXTENSION) *exts; -+ char mlch = ' '; -+ int nmindent = 0; - -- if(nmflags == X509_FLAG_COMPAT) -- nmindent = 16; -+ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { -+ mlch = '\n'; -+ nmindent = 12; -+ } - -+ if (nmflags == X509_FLAG_COMPAT) -+ nmindent = 16; - -- ri=x->req_info; -- if(!(cflag & X509_FLAG_NO_HEADER)) -- { -- if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err; -- if (BIO_write(bp," Data:\n",10) <= 0) goto err; -- } -- if(!(cflag & X509_FLAG_NO_VERSION)) -- { -- neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":""; -- l=0; -- for (i=0; iversion->length; i++) -- { l<<=8; l+=ri->version->data[i]; } -- if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg, -- l) <= 0) -- goto err; -- } -- if(!(cflag & X509_FLAG_NO_SUBJECT)) -- { -- if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; -- if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err; -- if (BIO_write(bp,"\n",1) <= 0) goto err; -- } -- if(!(cflag & X509_FLAG_NO_PUBKEY)) -- { -- if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) -- goto err; -- if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) -- goto err; -- if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) -- goto err; -- if (BIO_puts(bp, "\n") <= 0) -- goto err; -+ ri = x->req_info; -+ if (!(cflag & X509_FLAG_NO_HEADER)) { -+ if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) -+ goto err; -+ if (BIO_write(bp, " Data:\n", 10) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_VERSION)) { -+ neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : ""; -+ l = 0; -+ for (i = 0; i < ri->version->length; i++) { -+ l <<= 8; -+ l += ri->version->data[i]; -+ } -+ if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg, l, neg, -+ l) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_SUBJECT)) { -+ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) -+ goto err; -+ if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_PUBKEY)) { -+ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) -+ goto err; -+ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) -+ goto err; -+ if (BIO_puts(bp, "\n") <= 0) -+ goto err; - -- pkey=X509_REQ_get_pubkey(x); -- if (pkey == NULL) -- { -- BIO_printf(bp,"%12sUnable to load Public Key\n",""); -- ERR_print_errors(bp); -- } -- else -+ pkey = X509_REQ_get_pubkey(x); -+ if (pkey == NULL) { -+ BIO_printf(bp, "%12sUnable to load Public Key\n", ""); -+ ERR_print_errors(bp); -+ } else - #ifndef OPENSSL_NO_RSA -- if (pkey->type == EVP_PKEY_RSA) -- { -- BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", -- BN_num_bits(pkey->pkey.rsa->n)); -- RSA_print(bp,pkey->pkey.rsa,16); -- } -- else -+ if (pkey->type == EVP_PKEY_RSA) { -+ BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "", -+ BN_num_bits(pkey->pkey.rsa->n)); -+ RSA_print(bp, pkey->pkey.rsa, 16); -+ } else - #endif - #ifndef OPENSSL_NO_DSA -- if (pkey->type == EVP_PKEY_DSA) -- { -- BIO_printf(bp,"%12sDSA Public Key:\n",""); -- DSA_print(bp,pkey->pkey.dsa,16); -- } -- else -+ if (pkey->type == EVP_PKEY_DSA) { -+ BIO_printf(bp, "%12sDSA Public Key:\n", ""); -+ DSA_print(bp, pkey->pkey.dsa, 16); -+ } else - #endif - #ifndef OPENSSL_NO_EC -- if (pkey->type == EVP_PKEY_EC) -- { -- BIO_printf(bp, "%12sEC Public Key: \n",""); -- EC_KEY_print(bp, pkey->pkey.ec, 16); -- } -- else -+ if (pkey->type == EVP_PKEY_EC) { -+ BIO_printf(bp, "%12sEC Public Key: \n", ""); -+ EC_KEY_print(bp, pkey->pkey.ec, 16); -+ } else - #endif -- BIO_printf(bp,"%12sUnknown Public Key:\n",""); -+ BIO_printf(bp, "%12sUnknown Public Key:\n", ""); - -- EVP_PKEY_free(pkey); -- } -+ EVP_PKEY_free(pkey); -+ } - -- if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) -- { -- /* may not be */ -- if(BIO_printf(bp,"%8sAttributes:\n","") <= 0) -- goto err; -+ if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { -+ /* may not be */ -+ if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) -+ goto err; - -- sk=x->req_info->attributes; -- if (sk_X509_ATTRIBUTE_num(sk) == 0) -- { -- if(BIO_printf(bp,"%12sa0:00\n","") <= 0) -- goto err; -- } -- else -- { -- for (i=0; ireq_info->attributes; -+ if (sk_X509_ATTRIBUTE_num(sk) == 0) { -+ if (BIO_printf(bp, "%12sa0:00\n", "") <= 0) -+ goto err; -+ } else { -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { -+ ASN1_TYPE *at; -+ X509_ATTRIBUTE *a; -+ ASN1_BIT_STRING *bs = NULL; -+ ASN1_TYPE *t; -+ int j, type = 0, count = 1, ii = 0; - -- a=sk_X509_ATTRIBUTE_value(sk,i); -- if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) -- continue; -- if(BIO_printf(bp,"%12s","") <= 0) -- goto err; -- if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) -- { -- if (a->single) -- { -- t=a->value.single; -- type=t->type; -- bs=t->value.bit_string; -- } -- else -- { -- ii=0; -- count=sk_ASN1_TYPE_num(a->value.set); --get_next: -- at=sk_ASN1_TYPE_value(a->value.set,ii); -- type=at->type; -- bs=at->value.asn1_string; -- } -- } -- for (j=25-j; j>0; j--) -- if (BIO_write(bp," ",1) != 1) goto err; -- if (BIO_puts(bp,":") <= 0) goto err; -- if ( (type == V_ASN1_PRINTABLESTRING) || -- (type == V_ASN1_T61STRING) || -- (type == V_ASN1_IA5STRING)) -- { -- if (BIO_write(bp,(char *)bs->data,bs->length) -- != bs->length) -- goto err; -- BIO_puts(bp,"\n"); -- } -- else -- { -- BIO_puts(bp,"unable to print attribute\n"); -- } -- if (++ii < count) goto get_next; -- } -- } -- } -- if(!(cflag & X509_FLAG_NO_EXTENSIONS)) -- { -- exts = X509_REQ_get_extensions(x); -- if(exts) -- { -- BIO_printf(bp,"%8sRequested Extensions:\n",""); -- for (i=0; ivalue); -- } -- if (BIO_write(bp,"\n",1) <= 0) goto err; -- } -- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); -- } -- } -+ a = sk_X509_ATTRIBUTE_value(sk, i); -+ if (X509_REQ_extension_nid(OBJ_obj2nid(a->object))) -+ continue; -+ if (BIO_printf(bp, "%12s", "") <= 0) -+ goto err; -+ if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { -+ if (a->single) { -+ t = a->value.single; -+ type = t->type; -+ bs = t->value.bit_string; -+ } else { -+ ii = 0; -+ count = sk_ASN1_TYPE_num(a->value.set); -+ get_next: -+ at = sk_ASN1_TYPE_value(a->value.set, ii); -+ type = at->type; -+ bs = at->value.asn1_string; -+ } -+ } -+ for (j = 25 - j; j > 0; j--) -+ if (BIO_write(bp, " ", 1) != 1) -+ goto err; -+ if (BIO_puts(bp, ":") <= 0) -+ goto err; -+ if ((type == V_ASN1_PRINTABLESTRING) || -+ (type == V_ASN1_T61STRING) || -+ (type == V_ASN1_IA5STRING)) { -+ if (BIO_write(bp, (char *)bs->data, bs->length) -+ != bs->length) -+ goto err; -+ BIO_puts(bp, "\n"); -+ } else { -+ BIO_puts(bp, "unable to print attribute\n"); -+ } -+ if (++ii < count) -+ goto get_next; -+ } -+ } -+ } -+ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { -+ exts = X509_REQ_get_extensions(x); -+ if (exts) { -+ BIO_printf(bp, "%8sRequested Extensions:\n", ""); -+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { -+ ASN1_OBJECT *obj; -+ X509_EXTENSION *ex; -+ int j; -+ ex = sk_X509_EXTENSION_value(exts, i); -+ if (BIO_printf(bp, "%12s", "") <= 0) -+ goto err; -+ obj = X509_EXTENSION_get_object(ex); -+ i2a_ASN1_OBJECT(bp, obj); -+ j = X509_EXTENSION_get_critical(ex); -+ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) -+ goto err; -+ if (!X509V3_EXT_print(bp, ex, cflag, 16)) { -+ BIO_printf(bp, "%16s", ""); -+ M_ASN1_OCTET_STRING_print(bp, ex->value); -+ } -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); -+ } -+ } - -- if(!(cflag & X509_FLAG_NO_SIGDUMP)) -- { -- if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; -- } -+ if (!(cflag & X509_FLAG_NO_SIGDUMP)) { -+ if (!X509_signature_print(bp, x->sig_alg, x->signature)) -+ goto err; -+ } - -- return(1); --err: -- X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB); -- return(0); -- } -+ return (1); -+ err: -+ X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB); -+ return (0); -+} - - int X509_REQ_print(BIO *bp, X509_REQ *x) -- { -- return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -- } -+{ -+ return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c -index a73369b..b0ce089 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c -@@ -1,6 +1,7 @@ - /* t_spki.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,10 +62,10 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #include - -@@ -72,61 +73,56 @@ - - int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) - { -- EVP_PKEY *pkey; -- ASN1_IA5STRING *chal; -- int i, n; -- char *s; -- BIO_printf(out, "Netscape SPKI:\n"); -- i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); -- BIO_printf(out," Public Key Algorithm: %s\n", -- (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); -- pkey = X509_PUBKEY_get(spki->spkac->pubkey); -- if(!pkey) BIO_printf(out, " Unable to load public key\n"); -- else { -+ EVP_PKEY *pkey; -+ ASN1_IA5STRING *chal; -+ int i, n; -+ char *s; -+ BIO_printf(out, "Netscape SPKI:\n"); -+ i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); -+ BIO_printf(out, " Public Key Algorithm: %s\n", -+ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); -+ pkey = X509_PUBKEY_get(spki->spkac->pubkey); -+ if (!pkey) -+ BIO_printf(out, " Unable to load public key\n"); -+ else { - #ifndef OPENSSL_NO_RSA -- if (pkey->type == EVP_PKEY_RSA) -- { -- BIO_printf(out," RSA Public Key: (%d bit)\n", -- BN_num_bits(pkey->pkey.rsa->n)); -- RSA_print(out,pkey->pkey.rsa,2); -- } -- else -+ if (pkey->type == EVP_PKEY_RSA) { -+ BIO_printf(out, " RSA Public Key: (%d bit)\n", -+ BN_num_bits(pkey->pkey.rsa->n)); -+ RSA_print(out, pkey->pkey.rsa, 2); -+ } else - #endif - #ifndef OPENSSL_NO_DSA -- if (pkey->type == EVP_PKEY_DSA) -- { -- BIO_printf(out," DSA Public Key:\n"); -- DSA_print(out,pkey->pkey.dsa,2); -- } -- else -+ if (pkey->type == EVP_PKEY_DSA) { -+ BIO_printf(out, " DSA Public Key:\n"); -+ DSA_print(out, pkey->pkey.dsa, 2); -+ } else - #endif - #ifndef OPENSSL_NO_EC -- if (pkey->type == EVP_PKEY_EC) -- { -- BIO_printf(out, " EC Public Key:\n"); -- EC_KEY_print(out, pkey->pkey.ec,2); -- } -- else -+ if (pkey->type == EVP_PKEY_EC) { -+ BIO_printf(out, " EC Public Key:\n"); -+ EC_KEY_print(out, pkey->pkey.ec, 2); -+ } else - #endif - -- BIO_printf(out," Unknown Public Key:\n"); -- EVP_PKEY_free(pkey); -- } -- chal = spki->spkac->challenge; -- if(chal->length) -- BIO_printf(out, " Challenge String: %s\n", chal->data); -- i=OBJ_obj2nid(spki->sig_algor->algorithm); -- BIO_printf(out," Signature Algorithm: %s", -- (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); -+ BIO_printf(out, " Unknown Public Key:\n"); -+ EVP_PKEY_free(pkey); -+ } -+ chal = spki->spkac->challenge; -+ if (chal->length) -+ BIO_printf(out, " Challenge String: %s\n", chal->data); -+ i = OBJ_obj2nid(spki->sig_algor->algorithm); -+ BIO_printf(out, " Signature Algorithm: %s", -+ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); - -- n=spki->signature->length; -- s=(char *)spki->signature->data; -- for (i=0; isignature->length; -+ s = (char *)spki->signature->data; -+ for (i = 0; i < n; i++) { -+ if ((i % 18) == 0) -+ BIO_write(out, "\n ", 7); -+ BIO_printf(out, "%02x%s", (unsigned char)s[i], -+ ((i + 1) == n) ? "" : ":"); -+ } -+ BIO_write(out, "\n", 1); -+ return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c -index f9dad0e..53f631d 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,13 +61,13 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_EC --#include -+# include - #endif - #include - #include -@@ -75,446 +75,455 @@ - - #ifndef OPENSSL_NO_FP_API - int X509_print_fp(FILE *fp, X509 *x) -- { -- return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -- } -+{ -+ return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -+} - --int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=X509_print_ex(b, x, nmflag, cflag); -- BIO_free(b); -- return(ret); -- } -+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, -+ unsigned long cflag) -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = X509_print_ex(b, x, nmflag, cflag); -+ BIO_free(b); -+ return (ret); -+} - #endif - - int X509_print(BIO *bp, X509 *x) - { -- return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -+ return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); - } - --int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) -- { -- long l; -- int ret=0,i; -- char *m=NULL,mlch = ' '; -- int nmindent = 0; -- X509_CINF *ci; -- ASN1_INTEGER *bs; -- EVP_PKEY *pkey=NULL; -- const char *neg; -- ASN1_STRING *str=NULL; -- -- if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { -- mlch = '\n'; -- nmindent = 12; -- } -- -- if(nmflags == X509_FLAG_COMPAT) -- nmindent = 16; -- -- ci=x->cert_info; -- if(!(cflag & X509_FLAG_NO_HEADER)) -- { -- if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; -- if (BIO_write(bp," Data:\n",10) <= 0) goto err; -- } -- if(!(cflag & X509_FLAG_NO_VERSION)) -- { -- l=X509_get_version(x); -- if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; -- } -- if(!(cflag & X509_FLAG_NO_SERIAL)) -- { -- -- if (BIO_write(bp," Serial Number:",22) <= 0) goto err; -- -- bs=X509_get_serialNumber(x); -- if (bs->length <= 4) -- { -- l=ASN1_INTEGER_get(bs); -- if (l < 0) -- { -- l= -l; -- neg="-"; -- } -- else -- neg=""; -- if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) -- goto err; -- } -- else -- { -- neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; -- if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; -- -- for (i=0; ilength; i++) -- { -- if (BIO_printf(bp,"%02x%c",bs->data[i], -- ((i+1 == bs->length)?'\n':':')) <= 0) -- goto err; -- } -- } -- -- } -- -- if(!(cflag & X509_FLAG_NO_SIGNAME)) -- { -- if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) -- goto err; -- if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) -- goto err; -- if (BIO_puts(bp, "\n") <= 0) -- goto err; -- } -- -- if(!(cflag & X509_FLAG_NO_ISSUER)) -- { -- if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; -- if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err; -- if (BIO_write(bp,"\n",1) <= 0) goto err; -- } -- if(!(cflag & X509_FLAG_NO_VALIDITY)) -- { -- if (BIO_write(bp," Validity\n",17) <= 0) goto err; -- if (BIO_write(bp," Not Before: ",24) <= 0) goto err; -- if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; -- if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; -- if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; -- if (BIO_write(bp,"\n",1) <= 0) goto err; -- } -- if(!(cflag & X509_FLAG_NO_SUBJECT)) -- { -- if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; -- if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err; -- if (BIO_write(bp,"\n",1) <= 0) goto err; -- } -- if(!(cflag & X509_FLAG_NO_PUBKEY)) -- { -- if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) -- goto err; -- if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) -- goto err; -- if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) -- goto err; -- if (BIO_puts(bp, "\n") <= 0) -- goto err; -- -- pkey=X509_get_pubkey(x); -- if (pkey == NULL) -- { -- BIO_printf(bp,"%12sUnable to load Public Key\n",""); -- ERR_print_errors(bp); -- } -- else -+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, -+ unsigned long cflag) -+{ -+ long l; -+ int ret = 0, i; -+ char *m = NULL, mlch = ' '; -+ int nmindent = 0; -+ X509_CINF *ci; -+ ASN1_INTEGER *bs; -+ EVP_PKEY *pkey = NULL; -+ const char *neg; -+ ASN1_STRING *str = NULL; -+ -+ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { -+ mlch = '\n'; -+ nmindent = 12; -+ } -+ -+ if (nmflags == X509_FLAG_COMPAT) -+ nmindent = 16; -+ -+ ci = x->cert_info; -+ if (!(cflag & X509_FLAG_NO_HEADER)) { -+ if (BIO_write(bp, "Certificate:\n", 13) <= 0) -+ goto err; -+ if (BIO_write(bp, " Data:\n", 10) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_VERSION)) { -+ l = X509_get_version(x); -+ if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_SERIAL)) { -+ -+ if (BIO_write(bp, " Serial Number:", 22) <= 0) -+ goto err; -+ -+ bs = X509_get_serialNumber(x); -+ if (bs->length <= 4) { -+ l = ASN1_INTEGER_get(bs); -+ if (l < 0) { -+ l = -l; -+ neg = "-"; -+ } else -+ neg = ""; -+ if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0) -+ goto err; -+ } else { -+ neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; -+ if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) -+ goto err; -+ -+ for (i = 0; i < bs->length; i++) { -+ if (BIO_printf(bp, "%02x%c", bs->data[i], -+ ((i + 1 == bs->length) ? '\n' : ':')) <= 0) -+ goto err; -+ } -+ } -+ -+ } -+ -+ if (!(cflag & X509_FLAG_NO_SIGNAME)) { -+ if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) -+ goto err; -+ if (BIO_puts(bp, "\n") <= 0) -+ goto err; -+ } -+ -+ if (!(cflag & X509_FLAG_NO_ISSUER)) { -+ if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) -+ goto err; -+ if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) -+ < 0) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_VALIDITY)) { -+ if (BIO_write(bp, " Validity\n", 17) <= 0) -+ goto err; -+ if (BIO_write(bp, " Not Before: ", 24) <= 0) -+ goto err; -+ if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) -+ goto err; -+ if (BIO_write(bp, "\n Not After : ", 25) <= 0) -+ goto err; -+ if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_SUBJECT)) { -+ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) -+ goto err; -+ if (X509_NAME_print_ex -+ (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_PUBKEY)) { -+ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) -+ goto err; -+ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) -+ goto err; -+ if (BIO_puts(bp, "\n") <= 0) -+ goto err; -+ -+ pkey = X509_get_pubkey(x); -+ if (pkey == NULL) { -+ BIO_printf(bp, "%12sUnable to load Public Key\n", ""); -+ ERR_print_errors(bp); -+ } else - #ifndef OPENSSL_NO_RSA -- if (pkey->type == EVP_PKEY_RSA) -- { -- BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", -- BN_num_bits(pkey->pkey.rsa->n)); -- RSA_print(bp,pkey->pkey.rsa,16); -- } -- else -+ if (pkey->type == EVP_PKEY_RSA) { -+ BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "", -+ BN_num_bits(pkey->pkey.rsa->n)); -+ RSA_print(bp, pkey->pkey.rsa, 16); -+ } else - #endif - #ifndef OPENSSL_NO_DSA -- if (pkey->type == EVP_PKEY_DSA) -- { -- BIO_printf(bp,"%12sDSA Public Key:\n",""); -- DSA_print(bp,pkey->pkey.dsa,16); -- } -- else -+ if (pkey->type == EVP_PKEY_DSA) { -+ BIO_printf(bp, "%12sDSA Public Key:\n", ""); -+ DSA_print(bp, pkey->pkey.dsa, 16); -+ } else - #endif - #ifndef OPENSSL_NO_EC -- if (pkey->type == EVP_PKEY_EC) -- { -- BIO_printf(bp, "%12sEC Public Key:\n",""); -- EC_KEY_print(bp, pkey->pkey.ec, 16); -- } -- else -+ if (pkey->type == EVP_PKEY_EC) { -+ BIO_printf(bp, "%12sEC Public Key:\n", ""); -+ EC_KEY_print(bp, pkey->pkey.ec, 16); -+ } else - #endif -- BIO_printf(bp,"%12sUnknown Public Key:\n",""); -- -- EVP_PKEY_free(pkey); -- } -- -- if (!(cflag & X509_FLAG_NO_EXTENSIONS)) -- X509V3_extensions_print(bp, "X509v3 extensions", -- ci->extensions, cflag, 8); -- -- if(!(cflag & X509_FLAG_NO_SIGDUMP)) -- { -- if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err; -- } -- if(!(cflag & X509_FLAG_NO_AUX)) -- { -- if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err; -- } -- ret=1; --err: -- if (str != NULL) ASN1_STRING_free(str); -- if (m != NULL) OPENSSL_free(m); -- return(ret); -- } -- --int X509_ocspid_print (BIO *bp, X509 *x) -- { -- unsigned char *der=NULL ; -- unsigned char *dertmp; -- int derlen; -- int i; -- unsigned char SHA1md[SHA_DIGEST_LENGTH]; -- -- /* display the hash of the subject as it would appear -- in OCSP requests */ -- if (BIO_printf(bp," Subject OCSP hash: ") <= 0) -- goto err; -- derlen = i2d_X509_NAME(x->cert_info->subject, NULL); -- if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL) -- goto err; -- i2d_X509_NAME(x->cert_info->subject, &dertmp); -- -- EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); -- for (i=0; i < SHA_DIGEST_LENGTH; i++) -- { -- if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; -- } -- OPENSSL_free (der); -- der=NULL; -- -- /* display the hash of the public key as it would appear -- in OCSP requests */ -- if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) -- goto err; -- -- EVP_Digest(x->cert_info->key->public_key->data, -- x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL); -- for (i=0; i < SHA_DIGEST_LENGTH; i++) -- { -- if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) -- goto err; -- } -- BIO_printf(bp,"\n"); -- -- return (1); --err: -- if (der != NULL) OPENSSL_free(der); -- return(0); -- } -+ BIO_printf(bp, "%12sUnknown Public Key:\n", ""); -+ -+ EVP_PKEY_free(pkey); -+ } -+ -+ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) -+ X509V3_extensions_print(bp, "X509v3 extensions", -+ ci->extensions, cflag, 8); -+ -+ if (!(cflag & X509_FLAG_NO_SIGDUMP)) { -+ if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) -+ goto err; -+ } -+ if (!(cflag & X509_FLAG_NO_AUX)) { -+ if (!X509_CERT_AUX_print(bp, x->aux, 0)) -+ goto err; -+ } -+ ret = 1; -+ err: -+ if (str != NULL) -+ ASN1_STRING_free(str); -+ if (m != NULL) -+ OPENSSL_free(m); -+ return (ret); -+} -+ -+int X509_ocspid_print(BIO *bp, X509 *x) -+{ -+ unsigned char *der = NULL; -+ unsigned char *dertmp; -+ int derlen; -+ int i; -+ unsigned char SHA1md[SHA_DIGEST_LENGTH]; -+ -+ /* -+ * display the hash of the subject as it would appear in OCSP requests -+ */ -+ if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) -+ goto err; -+ derlen = i2d_X509_NAME(x->cert_info->subject, NULL); -+ if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL) -+ goto err; -+ i2d_X509_NAME(x->cert_info->subject, &dertmp); -+ -+ EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); -+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) { -+ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) -+ goto err; -+ } -+ OPENSSL_free(der); -+ der = NULL; -+ -+ /* -+ * display the hash of the public key as it would appear in OCSP requests -+ */ -+ if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) -+ goto err; -+ -+ EVP_Digest(x->cert_info->key->public_key->data, -+ x->cert_info->key->public_key->length, SHA1md, NULL, -+ EVP_sha1(), NULL); -+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) { -+ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) -+ goto err; -+ } -+ BIO_printf(bp, "\n"); -+ -+ return (1); -+ err: -+ if (der != NULL) -+ OPENSSL_free(der); -+ return (0); -+} - - int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) - { -- unsigned char *s; -- int i, n; -- if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0; -- if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; -- -- n=sig->length; -- s=sig->data; -- for (i=0; ialgorithm) <= 0) -+ return 0; -+ -+ n = sig->length; -+ s = sig->data; -+ for (i = 0; i < n; i++) { -+ if ((i % 18) == 0) -+ if (BIO_write(bp, "\n ", 9) <= 0) -+ return 0; -+ if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) -+ return 0; -+ } -+ if (BIO_write(bp, "\n", 1) != 1) -+ return 0; -+ return 1; - } - - int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) -- { -- int i,n; -- char buf[80],*p; -- -- if (v == NULL) return(0); -- n=0; -- p=(char *)v->data; -- for (i=0; ilength; i++) -- { -- if ((p[i] > '~') || ((p[i] < ' ') && -- (p[i] != '\n') && (p[i] != '\r'))) -- buf[n]='.'; -- else -- buf[n]=p[i]; -- n++; -- if (n >= 80) -- { -- if (BIO_write(bp,buf,n) <= 0) -- return(0); -- n=0; -- } -- } -- if (n > 0) -- if (BIO_write(bp,buf,n) <= 0) -- return(0); -- return(1); -- } -+{ -+ int i, n; -+ char buf[80], *p; -+ -+ if (v == NULL) -+ return (0); -+ n = 0; -+ p = (char *)v->data; -+ for (i = 0; i < v->length; i++) { -+ if ((p[i] > '~') || ((p[i] < ' ') && -+ (p[i] != '\n') && (p[i] != '\r'))) -+ buf[n] = '.'; -+ else -+ buf[n] = p[i]; -+ n++; -+ if (n >= 80) { -+ if (BIO_write(bp, buf, n) <= 0) -+ return (0); -+ n = 0; -+ } -+ } -+ if (n > 0) -+ if (BIO_write(bp, buf, n) <= 0) -+ return (0); -+ return (1); -+} - - int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm) - { -- if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm); -- if(tm->type == V_ASN1_GENERALIZEDTIME) -- return ASN1_GENERALIZEDTIME_print(bp, tm); -- BIO_write(bp,"Bad time value",14); -- return(0); -+ if (tm->type == V_ASN1_UTCTIME) -+ return ASN1_UTCTIME_print(bp, tm); -+ if (tm->type == V_ASN1_GENERALIZEDTIME) -+ return ASN1_GENERALIZEDTIME_print(bp, tm); -+ BIO_write(bp, "Bad time value", 14); -+ return (0); - } - --static const char *mon[12]= -- { -- "Jan","Feb","Mar","Apr","May","Jun", -- "Jul","Aug","Sep","Oct","Nov","Dec" -- }; -+static const char *mon[12] = { -+ "Jan", "Feb", "Mar", "Apr", "May", "Jun", -+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" -+}; - - int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) -- { -- char *v; -- int gmt=0; -- int i; -- int y=0,M=0,d=0,h=0,m=0,s=0; -- char *f = NULL; -- int f_len = 0; -- -- i=tm->length; -- v=(char *)tm->data; -- -- if (i < 12) goto err; -- if (v[i-1] == 'Z') gmt=1; -- for (i=0; i<12; i++) -- if ((v[i] > '9') || (v[i] < '0')) goto err; -- y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0'); -- M= (v[4]-'0')*10+(v[5]-'0'); -- if ((M > 12) || (M < 1)) goto err; -- d= (v[6]-'0')*10+(v[7]-'0'); -- h= (v[8]-'0')*10+(v[9]-'0'); -- m= (v[10]-'0')*10+(v[11]-'0'); -- if (tm->length >= 14 && -- (v[12] >= '0') && (v[12] <= '9') && -- (v[13] >= '0') && (v[13] <= '9')) -- { -- s= (v[12]-'0')*10+(v[13]-'0'); -- /* Check for fractions of seconds. */ -- if (tm->length >= 15 && v[14] == '.') -- { -- int l = tm->length; -- f = &v[14]; /* The decimal point. */ -- f_len = 1; -- while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') -- ++f_len; -- } -- } -- -- if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s", -- mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0) -- return(0); -- else -- return(1); --err: -- BIO_write(bp,"Bad time value",14); -- return(0); -- } -+{ -+ char *v; -+ int gmt = 0; -+ int i; -+ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; -+ char *f = NULL; -+ int f_len = 0; -+ -+ i = tm->length; -+ v = (char *)tm->data; -+ -+ if (i < 12) -+ goto err; -+ if (v[i - 1] == 'Z') -+ gmt = 1; -+ for (i = 0; i < 12; i++) -+ if ((v[i] > '9') || (v[i] < '0')) -+ goto err; -+ y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 -+ + (v[2] - '0') * 10 + (v[3] - '0'); -+ M = (v[4] - '0') * 10 + (v[5] - '0'); -+ if ((M > 12) || (M < 1)) -+ goto err; -+ d = (v[6] - '0') * 10 + (v[7] - '0'); -+ h = (v[8] - '0') * 10 + (v[9] - '0'); -+ m = (v[10] - '0') * 10 + (v[11] - '0'); -+ if (tm->length >= 14 && -+ (v[12] >= '0') && (v[12] <= '9') && -+ (v[13] >= '0') && (v[13] <= '9')) { -+ s = (v[12] - '0') * 10 + (v[13] - '0'); -+ /* Check for fractions of seconds. */ -+ if (tm->length >= 15 && v[14] == '.') { -+ int l = tm->length; -+ f = &v[14]; /* The decimal point. */ -+ f_len = 1; -+ while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') -+ ++f_len; -+ } -+ } -+ -+ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", -+ mon[M - 1], d, h, m, s, f_len, f, y, -+ (gmt) ? " GMT" : "") <= 0) -+ return (0); -+ else -+ return (1); -+ err: -+ BIO_write(bp, "Bad time value", 14); -+ return (0); -+} - - int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) -- { -- char *v; -- int gmt=0; -- int i; -- int y=0,M=0,d=0,h=0,m=0,s=0; -- -- i=tm->length; -- v=(char *)tm->data; -- -- if (i < 10) goto err; -- if (v[i-1] == 'Z') gmt=1; -- for (i=0; i<10; i++) -- if ((v[i] > '9') || (v[i] < '0')) goto err; -- y= (v[0]-'0')*10+(v[1]-'0'); -- if (y < 50) y+=100; -- M= (v[2]-'0')*10+(v[3]-'0'); -- if ((M > 12) || (M < 1)) goto err; -- d= (v[4]-'0')*10+(v[5]-'0'); -- h= (v[6]-'0')*10+(v[7]-'0'); -- m= (v[8]-'0')*10+(v[9]-'0'); -- if (tm->length >=12 && -- (v[10] >= '0') && (v[10] <= '9') && -- (v[11] >= '0') && (v[11] <= '9')) -- s= (v[10]-'0')*10+(v[11]-'0'); -- -- if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", -- mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0) -- return(0); -- else -- return(1); --err: -- BIO_write(bp,"Bad time value",14); -- return(0); -- } -+{ -+ char *v; -+ int gmt = 0; -+ int i; -+ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; -+ -+ i = tm->length; -+ v = (char *)tm->data; -+ -+ if (i < 10) -+ goto err; -+ if (v[i - 1] == 'Z') -+ gmt = 1; -+ for (i = 0; i < 10; i++) -+ if ((v[i] > '9') || (v[i] < '0')) -+ goto err; -+ y = (v[0] - '0') * 10 + (v[1] - '0'); -+ if (y < 50) -+ y += 100; -+ M = (v[2] - '0') * 10 + (v[3] - '0'); -+ if ((M > 12) || (M < 1)) -+ goto err; -+ d = (v[4] - '0') * 10 + (v[5] - '0'); -+ h = (v[6] - '0') * 10 + (v[7] - '0'); -+ m = (v[8] - '0') * 10 + (v[9] - '0'); -+ if (tm->length >= 12 && -+ (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) -+ s = (v[10] - '0') * 10 + (v[11] - '0'); -+ -+ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", -+ mon[M - 1], d, h, m, s, y + 1900, -+ (gmt) ? " GMT" : "") <= 0) -+ return (0); -+ else -+ return (1); -+ err: -+ BIO_write(bp, "Bad time value", 14); -+ return (0); -+} - - int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) -- { -- char *s,*c,*b; -- int ret=0,l,i; -- -- l=80-2-obase; -- -- b=X509_NAME_oneline(name,NULL,0); -- if (!b) -- return 0; -- if (!*b) -- { -- OPENSSL_free(b); -- return 1; -- } -- s=b+1; /* skip the first slash */ -- -- c=s; -- for (;;) -- { -+{ -+ char *s, *c, *b; -+ int ret = 0, l, i; -+ -+ l = 80 - 2 - obase; -+ -+ b = X509_NAME_oneline(name, NULL, 0); -+ if (!b) -+ return 0; -+ if (!*b) { -+ OPENSSL_free(b); -+ return 1; -+ } -+ s = b + 1; /* skip the first slash */ -+ -+ c = s; -+ for (;;) { - #ifndef CHARSET_EBCDIC -- if ( ((*s == '/') && -- ((s[1] >= 'A') && (s[1] <= 'Z') && ( -- (s[2] == '=') || -- ((s[2] >= 'A') && (s[2] <= 'Z') && -- (s[3] == '=')) -- ))) || -- (*s == '\0')) -+ if (((*s == '/') && -+ ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') || -+ ((s[2] >= 'A') -+ && (s[2] <= 'Z') -+ && (s[3] == '=')) -+ ))) || (*s == '\0')) - #else -- if ( ((*s == '/') && -- (isupper(s[1]) && ( -- (s[2] == '=') || -- (isupper(s[2]) && -- (s[3] == '=')) -- ))) || -- (*s == '\0')) -+ if (((*s == '/') && -+ (isupper(s[1]) && ((s[2] == '=') || -+ (isupper(s[2]) && (s[3] == '=')) -+ ))) || (*s == '\0')) - #endif -- { -- i=s-c; -- if (BIO_write(bp,c,i) != i) goto err; -- c=s+1; /* skip following slash */ -- if (*s != '\0') -- { -- if (BIO_write(bp,", ",2) != 2) goto err; -- } -- l--; -- } -- if (*s == '\0') break; -- s++; -- l--; -- } -- -- ret=1; -- if (0) -- { --err: -- X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB); -- } -- OPENSSL_free(b); -- return(ret); -- } -+ { -+ i = s - c; -+ if (BIO_write(bp, c, i) != i) -+ goto err; -+ c = s + 1; /* skip following slash */ -+ if (*s != '\0') { -+ if (BIO_write(bp, ", ", 2) != 2) -+ goto err; -+ } -+ l--; -+ } -+ if (*s == '\0') -+ break; -+ s++; -+ l--; -+ } -+ -+ ret = 1; -+ if (0) { -+ err: -+ X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB); -+ } -+ OPENSSL_free(b); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c -index 8b18801..f4b8f94 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c -@@ -1,6 +1,7 @@ - /* t_x509a.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,49 +63,53 @@ - #include - #include - --/* X509_CERT_AUX and string set routines -+/* -+ * X509_CERT_AUX and string set routines - */ - - int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) - { -- char oidstr[80], first; -- int i; -- if(!aux) return 1; -- if(aux->trust) { -- first = 1; -- BIO_printf(out, "%*sTrusted Uses:\n%*s", -- indent, "", indent + 2, ""); -- for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { -- if(!first) BIO_puts(out, ", "); -- else first = 0; -- OBJ_obj2txt(oidstr, sizeof oidstr, -- sk_ASN1_OBJECT_value(aux->trust, i), 0); -- BIO_puts(out, oidstr); -- } -- BIO_puts(out, "\n"); -- } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); -- if(aux->reject) { -- first = 1; -- BIO_printf(out, "%*sRejected Uses:\n%*s", -- indent, "", indent + 2, ""); -- for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { -- if(!first) BIO_puts(out, ", "); -- else first = 0; -- OBJ_obj2txt(oidstr, sizeof oidstr, -- sk_ASN1_OBJECT_value(aux->reject, i), 0); -- BIO_puts(out, oidstr); -- } -- BIO_puts(out, "\n"); -- } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); -- if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "", -- aux->alias->data); -- if(aux->keyid) { -- BIO_printf(out, "%*sKey Id: ", indent, ""); -- for(i = 0; i < aux->keyid->length; i++) -- BIO_printf(out, "%s%02X", -- i ? ":" : "", -- aux->keyid->data[i]); -- BIO_write(out,"\n",1); -- } -- return 1; -+ char oidstr[80], first; -+ int i; -+ if (!aux) -+ return 1; -+ if (aux->trust) { -+ first = 1; -+ BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); -+ for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { -+ if (!first) -+ BIO_puts(out, ", "); -+ else -+ first = 0; -+ OBJ_obj2txt(oidstr, sizeof oidstr, -+ sk_ASN1_OBJECT_value(aux->trust, i), 0); -+ BIO_puts(out, oidstr); -+ } -+ BIO_puts(out, "\n"); -+ } else -+ BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); -+ if (aux->reject) { -+ first = 1; -+ BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); -+ for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { -+ if (!first) -+ BIO_puts(out, ", "); -+ else -+ first = 0; -+ OBJ_obj2txt(oidstr, sizeof oidstr, -+ sk_ASN1_OBJECT_value(aux->reject, i), 0); -+ BIO_puts(out, oidstr); -+ } -+ BIO_puts(out, "\n"); -+ } else -+ BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); -+ if (aux->alias) -+ BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data); -+ if (aux->keyid) { -+ BIO_printf(out, "%*sKey Id: ", indent, ""); -+ for (i = 0; i < aux->keyid->length; i++) -+ BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]); -+ BIO_write(out, "\n", 1); -+ } -+ return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c -index a228c0d..6e4a325 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c -@@ -1,6 +1,7 @@ - /* tasn_dec.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include - #include -@@ -69,1275 +69,1158 @@ static int asn1_check_eoc(const unsigned char **in, long len); - static int asn1_find_end(const unsigned char **in, long len, char inf); - - static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, -- char inf, int tag, int aclass, int depth); -+ char inf, int tag, int aclass, int depth); - - static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); - - static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, -- char *inf, char *cst, -- const unsigned char **in, long len, -- int exptag, int expclass, char opt, -- ASN1_TLC *ctx); -+ char *inf, char *cst, -+ const unsigned char **in, long len, -+ int exptag, int expclass, char opt, ASN1_TLC *ctx); - - static int asn1_template_ex_d2i(ASN1_VALUE **pval, -- const unsigned char **in, long len, -- const ASN1_TEMPLATE *tt, char opt, -- ASN1_TLC *ctx); -+ const unsigned char **in, long len, -+ const ASN1_TEMPLATE *tt, char opt, -+ ASN1_TLC *ctx); - static int asn1_template_noexp_d2i(ASN1_VALUE **val, -- const unsigned char **in, long len, -- const ASN1_TEMPLATE *tt, char opt, -- ASN1_TLC *ctx); -+ const unsigned char **in, long len, -+ const ASN1_TEMPLATE *tt, char opt, -+ ASN1_TLC *ctx); - static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, -- const unsigned char **in, long len, -- const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx); -+ const unsigned char **in, long len, -+ const ASN1_ITEM *it, -+ int tag, int aclass, char opt, -+ ASN1_TLC *ctx); - - /* Table to convert tags to bit values, used for MSTRING type */ - static const unsigned long tag2bit[32] = { --0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ --B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ --B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ --B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ --B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ --B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ --B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ --B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ --B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */ -- }; -+ /* tags 0 - 3 */ -+ 0, 0, 0, B_ASN1_BIT_STRING, -+ /* tags 4- 7 */ -+ B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN, -+ /* tags 8-11 */ -+ B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, -+ /* tags 12-15 */ -+ B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, -+ /* tags 16-19 */ -+ B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING, -+ /* tags 20-22 */ -+ B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING, -+ /* tags 23-24 */ -+ B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, -+ /* tags 25-27 */ -+ B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING, -+ /* tags 28-31 */ -+ B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN, -+}; - - unsigned long ASN1_tag2bit(int tag) -- { -- if ((tag < 0) || (tag > 30)) return 0; -- return tag2bit[tag]; -- } -+{ -+ if ((tag < 0) || (tag > 30)) -+ return 0; -+ return tag2bit[tag]; -+} - - /* Macro to initialize and invalidate the cache */ - --#define asn1_tlc_clear(c) if (c) (c)->valid = 0 -+#define asn1_tlc_clear(c) if (c) (c)->valid = 0 - --/* Decode an ASN1 item, this currently behaves just -- * like a standard 'd2i' function. 'in' points to -- * a buffer to read the data from, in future we will -- * have more advanced versions that can input data -- * a piece at a time and this will simply be a special -- * case. -+/* -+ * Decode an ASN1 item, this currently behaves just like a standard 'd2i' -+ * function. 'in' points to a buffer to read the data from, in future we -+ * will have more advanced versions that can input data a piece at a time and -+ * this will simply be a special case. - */ - - ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, -- const unsigned char **in, long len, const ASN1_ITEM *it) -- { -- ASN1_TLC c; -- ASN1_VALUE *ptmpval = NULL; -- if (!pval) -- pval = &ptmpval; -- c.valid = 0; -- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) -- return *pval; -- return NULL; -- } -+ const unsigned char **in, long len, -+ const ASN1_ITEM *it) -+{ -+ ASN1_TLC c; -+ ASN1_VALUE *ptmpval = NULL; -+ if (!pval) -+ pval = &ptmpval; -+ c.valid = 0; -+ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) -+ return *pval; -+ return NULL; -+} - - int ASN1_template_d2i(ASN1_VALUE **pval, -- const unsigned char **in, long len, const ASN1_TEMPLATE *tt) -- { -- ASN1_TLC c; -- c.valid = 0; -- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); -- } -- -- --/* Decode an item, taking care of IMPLICIT tagging, if any. -- * If 'opt' set and tag mismatch return -1 to handle OPTIONAL -+ const unsigned char **in, long len, -+ const ASN1_TEMPLATE *tt) -+{ -+ ASN1_TLC c; -+ c.valid = 0; -+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); -+} -+ -+/* -+ * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and -+ * tag mismatch return -1 to handle OPTIONAL - */ - - int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, -- const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx) -- { -- const ASN1_TEMPLATE *tt, *errtt = NULL; -- const ASN1_COMPAT_FUNCS *cf; -- const ASN1_EXTERN_FUNCS *ef; -- const ASN1_AUX *aux = it->funcs; -- ASN1_aux_cb *asn1_cb; -- const unsigned char *p = NULL, *q; -- unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ -- unsigned char imphack = 0, oclass; -- char seq_eoc, seq_nolen, cst, isopt; -- long tmplen; -- int i; -- int otag; -- int ret = 0; -- ASN1_VALUE **pchptr, *ptmpval; -- if (!pval) -- return 0; -- if (aux && aux->asn1_cb) -- asn1_cb = aux->asn1_cb; -- else asn1_cb = 0; -- -- switch(it->itype) -- { -- case ASN1_ITYPE_PRIMITIVE: -- if (it->templates) -- { -- /* tagging or OPTIONAL is currently illegal on an item -- * template because the flags can't get passed down. -- * In practice this isn't a problem: we include the -- * relevant flags from the item template in the -- * template itself. -- */ -- if ((tag != -1) || opt) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); -- goto err; -- } -- return asn1_template_ex_d2i(pval, in, len, -- it->templates, opt, ctx); -- } -- return asn1_d2i_ex_primitive(pval, in, len, it, -- tag, aclass, opt, ctx); -- break; -- -- case ASN1_ITYPE_MSTRING: -- p = *in; -- /* Just read in tag and class */ -- ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, -- &p, len, -1, 0, 1, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- -- /* Must be UNIVERSAL class */ -- if (oclass != V_ASN1_UNIVERSAL) -- { -- /* If OPTIONAL, assume this is OK */ -- if (opt) return -1; -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ASN1_R_MSTRING_NOT_UNIVERSAL); -- goto err; -- } -- /* Check tag matches bit map */ -- if (!(ASN1_tag2bit(otag) & it->utype)) -- { -- /* If OPTIONAL, assume this is OK */ -- if (opt) -- return -1; -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ASN1_R_MSTRING_WRONG_TAG); -- goto err; -- } -- return asn1_d2i_ex_primitive(pval, in, len, -- it, otag, 0, 0, ctx); -- -- case ASN1_ITYPE_EXTERN: -- /* Use new style d2i */ -- ef = it->funcs; -- return ef->asn1_ex_d2i(pval, in, len, -- it, tag, aclass, opt, ctx); -- -- case ASN1_ITYPE_COMPAT: -- /* we must resort to old style evil hackery */ -- cf = it->funcs; -- -- /* If OPTIONAL see if it is there */ -- if (opt) -- { -- int exptag; -- p = *in; -- if (tag == -1) -- exptag = it->utype; -- else exptag = tag; -- /* Don't care about anything other than presence -- * of expected tag */ -- -- ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, -- &p, len, exptag, aclass, 1, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- if (ret == -1) -- return -1; -- } -- -- /* This is the old style evil hack IMPLICIT handling: -- * since the underlying code is expecting a tag and -- * class other than the one present we change the -- * buffer temporarily then change it back afterwards. -- * This doesn't and never did work for tags > 30. -- * -- * Yes this is *horrible* but it is only needed for -- * old style d2i which will hopefully not be around -- * for much longer. -- * FIXME: should copy the buffer then modify it so -- * the input buffer can be const: we should *always* -- * copy because the old style d2i might modify the -- * buffer. -- */ -- -- if (tag != -1) -- { -- wp = *(unsigned char **)in; -- imphack = *wp; -- if (p == NULL) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) -- | it->utype); -- } -- -- ptmpval = cf->asn1_d2i(pval, in, len); -- -- if (tag != -1) -- *wp = imphack; -- -- if (ptmpval) -- return 1; -- -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -- goto err; -- -- -- case ASN1_ITYPE_CHOICE: -- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) -- goto auxerr; -- -- /* Allocate structure */ -- if (!*pval && !ASN1_item_ex_new(pval, it)) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- /* CHOICE type, try each possibility in turn */ -- p = *in; -- for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) -- { -- pchptr = asn1_get_field_ptr(pval, tt); -- /* We mark field as OPTIONAL so its absence -- * can be recognised. -- */ -- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); -- /* If field not present, try the next one */ -- if (ret == -1) -- continue; -- /* If positive return, read OK, break loop */ -- if (ret > 0) -- break; -- /* Otherwise must be an ASN1 parsing error */ -- errtt = tt; -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- -- /* Did we fall off the end without reading anything? */ -- if (i == it->tcount) -- { -- /* If OPTIONAL, this is OK */ -- if (opt) -- { -- /* Free and zero it */ -- ASN1_item_ex_free(pval, it); -- return -1; -- } -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ASN1_R_NO_MATCHING_CHOICE_TYPE); -- goto err; -- } -- -- asn1_set_choice_selector(pval, i, it); -- *in = p; -- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) -- goto auxerr; -- return 1; -- -- case ASN1_ITYPE_NDEF_SEQUENCE: -- case ASN1_ITYPE_SEQUENCE: -- p = *in; -- tmplen = len; -- -- /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ -- if (tag == -1) -- { -- tag = V_ASN1_SEQUENCE; -- aclass = V_ASN1_UNIVERSAL; -- } -- /* Get SEQUENCE length and update len, p */ -- ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, -- &p, len, tag, aclass, opt, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- else if (ret == -1) -- return -1; -- if (aux && (aux->flags & ASN1_AFLG_BROKEN)) -- { -- len = tmplen - (p - *in); -- seq_nolen = 1; -- } -- /* If indefinite we don't do a length check */ -- else seq_nolen = seq_eoc; -- if (!cst) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ASN1_R_SEQUENCE_NOT_CONSTRUCTED); -- goto err; -- } -- -- if (!*pval && !ASN1_item_ex_new(pval, it)) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- -- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) -- goto auxerr; -- -- /* Get each field entry */ -- for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) -- { -- const ASN1_TEMPLATE *seqtt; -- ASN1_VALUE **pseqval; -- seqtt = asn1_do_adb(pval, tt, 1); -- if (!seqtt) -- goto err; -- pseqval = asn1_get_field_ptr(pval, seqtt); -- /* Have we ran out of data? */ -- if (!len) -- break; -- q = p; -- if (asn1_check_eoc(&p, len)) -- { -- if (!seq_eoc) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ASN1_R_UNEXPECTED_EOC); -- goto err; -- } -- len -= p - q; -- seq_eoc = 0; -- q = p; -- break; -- } -- /* This determines the OPTIONAL flag value. The field -- * cannot be omitted if it is the last of a SEQUENCE -- * and there is still data to be read. This isn't -- * strictly necessary but it increases efficiency in -- * some cases. -- */ -- if (i == (it->tcount - 1)) -- isopt = 0; -- else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); -- /* attempt to read in field, allowing each to be -- * OPTIONAL */ -- -- ret = asn1_template_ex_d2i(pseqval, &p, len, -- seqtt, isopt, ctx); -- if (!ret) -- { -- errtt = seqtt; -- goto err; -- } -- else if (ret == -1) -- { -- /* OPTIONAL component absent. -- * Free and zero the field. -- */ -- ASN1_template_free(pseqval, seqtt); -- continue; -- } -- /* Update length */ -- len -= p - q; -- } -- -- /* Check for EOC if expecting one */ -- if (seq_eoc && !asn1_check_eoc(&p, len)) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); -- goto err; -- } -- /* Check all data read */ -- if (!seq_nolen && len) -- { -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ASN1_R_SEQUENCE_LENGTH_MISMATCH); -- goto err; -- } -- -- /* If we get here we've got no more data in the SEQUENCE, -- * however we may not have read all fields so check all -- * remaining are OPTIONAL and clear any that are. -- */ -- for (; i < it->tcount; tt++, i++) -- { -- const ASN1_TEMPLATE *seqtt; -- seqtt = asn1_do_adb(pval, tt, 1); -- if (!seqtt) -- goto err; -- if (seqtt->flags & ASN1_TFLG_OPTIONAL) -- { -- ASN1_VALUE **pseqval; -- pseqval = asn1_get_field_ptr(pval, seqtt); -- ASN1_template_free(pseqval, seqtt); -- } -- else -- { -- errtt = seqtt; -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -- ASN1_R_FIELD_MISSING); -- goto err; -- } -- } -- /* Save encoding */ -- if (!asn1_enc_save(pval, *in, p - *in, it)) -- goto auxerr; -- *in = p; -- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) -- goto auxerr; -- return 1; -- -- default: -- return 0; -- } -- auxerr: -- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); -- err: -- ASN1_item_ex_free(pval, it); -- if (errtt) -- ERR_add_error_data(4, "Field=", errtt->field_name, -- ", Type=", it->sname); -- else -- ERR_add_error_data(2, "Type=", it->sname); -- return 0; -- } -- --/* Templates are handled with two separate functions. -- * One handles any EXPLICIT tag and the other handles the rest. -+ const ASN1_ITEM *it, -+ int tag, int aclass, char opt, ASN1_TLC *ctx) -+{ -+ const ASN1_TEMPLATE *tt, *errtt = NULL; -+ const ASN1_COMPAT_FUNCS *cf; -+ const ASN1_EXTERN_FUNCS *ef; -+ const ASN1_AUX *aux = it->funcs; -+ ASN1_aux_cb *asn1_cb; -+ const unsigned char *p = NULL, *q; -+ unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ -+ unsigned char imphack = 0, oclass; -+ char seq_eoc, seq_nolen, cst, isopt; -+ long tmplen; -+ int i; -+ int otag; -+ int ret = 0; -+ ASN1_VALUE **pchptr, *ptmpval; -+ if (!pval) -+ return 0; -+ if (aux && aux->asn1_cb) -+ asn1_cb = aux->asn1_cb; -+ else -+ asn1_cb = 0; -+ -+ switch (it->itype) { -+ case ASN1_ITYPE_PRIMITIVE: -+ if (it->templates) { -+ /* -+ * tagging or OPTIONAL is currently illegal on an item template -+ * because the flags can't get passed down. In practice this -+ * isn't a problem: we include the relevant flags from the item -+ * template in the template itself. -+ */ -+ if ((tag != -1) || opt) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, -+ ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); -+ goto err; -+ } -+ return asn1_template_ex_d2i(pval, in, len, -+ it->templates, opt, ctx); -+ } -+ return asn1_d2i_ex_primitive(pval, in, len, it, -+ tag, aclass, opt, ctx); -+ break; -+ -+ case ASN1_ITYPE_MSTRING: -+ p = *in; -+ /* Just read in tag and class */ -+ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, -+ &p, len, -1, 0, 1, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ -+ /* Must be UNIVERSAL class */ -+ if (oclass != V_ASN1_UNIVERSAL) { -+ /* If OPTIONAL, assume this is OK */ -+ if (opt) -+ return -1; -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); -+ goto err; -+ } -+ /* Check tag matches bit map */ -+ if (!(ASN1_tag2bit(otag) & it->utype)) { -+ /* If OPTIONAL, assume this is OK */ -+ if (opt) -+ return -1; -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG); -+ goto err; -+ } -+ return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); -+ -+ case ASN1_ITYPE_EXTERN: -+ /* Use new style d2i */ -+ ef = it->funcs; -+ return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); -+ -+ case ASN1_ITYPE_COMPAT: -+ /* we must resort to old style evil hackery */ -+ cf = it->funcs; -+ -+ /* If OPTIONAL see if it is there */ -+ if (opt) { -+ int exptag; -+ p = *in; -+ if (tag == -1) -+ exptag = it->utype; -+ else -+ exptag = tag; -+ /* -+ * Don't care about anything other than presence of expected tag -+ */ -+ -+ ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, -+ &p, len, exptag, aclass, 1, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ if (ret == -1) -+ return -1; -+ } -+ -+ /* -+ * This is the old style evil hack IMPLICIT handling: since the -+ * underlying code is expecting a tag and class other than the one -+ * present we change the buffer temporarily then change it back -+ * afterwards. This doesn't and never did work for tags > 30. Yes -+ * this is *horrible* but it is only needed for old style d2i which -+ * will hopefully not be around for much longer. FIXME: should copy -+ * the buffer then modify it so the input buffer can be const: we -+ * should *always* copy because the old style d2i might modify the -+ * buffer. -+ */ -+ -+ if (tag != -1) { -+ wp = *(unsigned char **)in; -+ imphack = *wp; -+ if (p == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) -+ | it->utype); -+ } -+ -+ ptmpval = cf->asn1_d2i(pval, in, len); -+ -+ if (tag != -1) -+ *wp = imphack; -+ -+ if (ptmpval) -+ return 1; -+ -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ -+ case ASN1_ITYPE_CHOICE: -+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) -+ goto auxerr; -+ if (*pval) { -+ /* Free up and zero CHOICE value if initialised */ -+ i = asn1_get_choice_selector(pval, it); -+ if ((i >= 0) && (i < it->tcount)) { -+ tt = it->templates + i; -+ pchptr = asn1_get_field_ptr(pval, tt); -+ ASN1_template_free(pchptr, tt); -+ asn1_set_choice_selector(pval, -1, it); -+ } -+ } else if (!ASN1_item_ex_new(pval, it)) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ /* CHOICE type, try each possibility in turn */ -+ p = *in; -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { -+ pchptr = asn1_get_field_ptr(pval, tt); -+ /* -+ * We mark field as OPTIONAL so its absence can be recognised. -+ */ -+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); -+ /* If field not present, try the next one */ -+ if (ret == -1) -+ continue; -+ /* If positive return, read OK, break loop */ -+ if (ret > 0) -+ break; -+ /* Otherwise must be an ASN1 parsing error */ -+ errtt = tt; -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ -+ /* Did we fall off the end without reading anything? */ -+ if (i == it->tcount) { -+ /* If OPTIONAL, this is OK */ -+ if (opt) { -+ /* Free and zero it */ -+ ASN1_item_ex_free(pval, it); -+ return -1; -+ } -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); -+ goto err; -+ } -+ -+ asn1_set_choice_selector(pval, i, it); -+ *in = p; -+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) -+ goto auxerr; -+ return 1; -+ -+ case ASN1_ITYPE_NDEF_SEQUENCE: -+ case ASN1_ITYPE_SEQUENCE: -+ p = *in; -+ tmplen = len; -+ -+ /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ -+ if (tag == -1) { -+ tag = V_ASN1_SEQUENCE; -+ aclass = V_ASN1_UNIVERSAL; -+ } -+ /* Get SEQUENCE length and update len, p */ -+ ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, -+ &p, len, tag, aclass, opt, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } else if (ret == -1) -+ return -1; -+ if (aux && (aux->flags & ASN1_AFLG_BROKEN)) { -+ len = tmplen - (p - *in); -+ seq_nolen = 1; -+ } -+ /* If indefinite we don't do a length check */ -+ else -+ seq_nolen = seq_eoc; -+ if (!cst) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); -+ goto err; -+ } -+ -+ if (!*pval && !ASN1_item_ex_new(pval, it)) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ -+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) -+ goto auxerr; -+ -+ /* Free up and zero any ADB found */ -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { -+ if (tt->flags & ASN1_TFLG_ADB_MASK) { -+ const ASN1_TEMPLATE *seqtt; -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ ASN1_template_free(pseqval, seqtt); -+ } -+ } -+ -+ /* Get each field entry */ -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { -+ const ASN1_TEMPLATE *seqtt; -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ if (!seqtt) -+ goto err; -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ /* Have we ran out of data? */ -+ if (!len) -+ break; -+ q = p; -+ if (asn1_check_eoc(&p, len)) { -+ if (!seq_eoc) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC); -+ goto err; -+ } -+ len -= p - q; -+ seq_eoc = 0; -+ q = p; -+ break; -+ } -+ /* -+ * This determines the OPTIONAL flag value. The field cannot be -+ * omitted if it is the last of a SEQUENCE and there is still -+ * data to be read. This isn't strictly necessary but it -+ * increases efficiency in some cases. -+ */ -+ if (i == (it->tcount - 1)) -+ isopt = 0; -+ else -+ isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); -+ /* -+ * attempt to read in field, allowing each to be OPTIONAL -+ */ -+ -+ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); -+ if (!ret) { -+ errtt = seqtt; -+ goto err; -+ } else if (ret == -1) { -+ /* -+ * OPTIONAL component absent. Free and zero the field. -+ */ -+ ASN1_template_free(pseqval, seqtt); -+ continue; -+ } -+ /* Update length */ -+ len -= p - q; -+ } -+ -+ /* Check for EOC if expecting one */ -+ if (seq_eoc && !asn1_check_eoc(&p, len)) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); -+ goto err; -+ } -+ /* Check all data read */ -+ if (!seq_nolen && len) { -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); -+ goto err; -+ } -+ -+ /* -+ * If we get here we've got no more data in the SEQUENCE, however we -+ * may not have read all fields so check all remaining are OPTIONAL -+ * and clear any that are. -+ */ -+ for (; i < it->tcount; tt++, i++) { -+ const ASN1_TEMPLATE *seqtt; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ if (!seqtt) -+ goto err; -+ if (seqtt->flags & ASN1_TFLG_OPTIONAL) { -+ ASN1_VALUE **pseqval; -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ ASN1_template_free(pseqval, seqtt); -+ } else { -+ errtt = seqtt; -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING); -+ goto err; -+ } -+ } -+ /* Save encoding */ -+ if (!asn1_enc_save(pval, *in, p - *in, it)) -+ goto auxerr; -+ *in = p; -+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) -+ goto auxerr; -+ return 1; -+ -+ default: -+ return 0; -+ } -+ auxerr: -+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); -+ err: -+ ASN1_item_ex_free(pval, it); -+ if (errtt) -+ ERR_add_error_data(4, "Field=", errtt->field_name, -+ ", Type=", it->sname); -+ else -+ ERR_add_error_data(2, "Type=", it->sname); -+ return 0; -+} -+ -+/* -+ * Templates are handled with two separate functions. One handles any -+ * EXPLICIT tag and the other handles the rest. - */ - - static int asn1_template_ex_d2i(ASN1_VALUE **val, -- const unsigned char **in, long inlen, -- const ASN1_TEMPLATE *tt, char opt, -- ASN1_TLC *ctx) -- { -- int flags, aclass; -- int ret; -- long len; -- const unsigned char *p, *q; -- char exp_eoc; -- if (!val) -- return 0; -- flags = tt->flags; -- aclass = flags & ASN1_TFLG_TAG_CLASS; -- -- p = *in; -- -- /* Check if EXPLICIT tag expected */ -- if (flags & ASN1_TFLG_EXPTAG) -- { -- char cst; -- /* Need to work out amount of data available to the inner -- * content and where it starts: so read in EXPLICIT header to -- * get the info. -- */ -- ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, -- &p, inlen, tt->tag, aclass, opt, ctx); -- q = p; -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- return 0; -- } -- else if (ret == -1) -- return -1; -- if (!cst) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, -- ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); -- return 0; -- } -- /* We've found the field so it can't be OPTIONAL now */ -- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- return 0; -- } -- /* We read the field in OK so update length */ -- len -= p - q; -- if (exp_eoc) -- { -- /* If NDEF we must have an EOC here */ -- if (!asn1_check_eoc(&p, len)) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, -- ASN1_R_MISSING_EOC); -- goto err; -- } -- } -- else -- { -- /* Otherwise we must hit the EXPLICIT tag end or its -- * an error */ -- if (len) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, -- ASN1_R_EXPLICIT_LENGTH_MISMATCH); -- goto err; -- } -- } -- } -- else -- return asn1_template_noexp_d2i(val, in, inlen, -- tt, opt, ctx); -- -- *in = p; -- return 1; -- -- err: -- ASN1_template_free(val, tt); -- return 0; -- } -+ const unsigned char **in, long inlen, -+ const ASN1_TEMPLATE *tt, char opt, -+ ASN1_TLC *ctx) -+{ -+ int flags, aclass; -+ int ret; -+ long len; -+ const unsigned char *p, *q; -+ char exp_eoc; -+ if (!val) -+ return 0; -+ flags = tt->flags; -+ aclass = flags & ASN1_TFLG_TAG_CLASS; -+ -+ p = *in; -+ -+ /* Check if EXPLICIT tag expected */ -+ if (flags & ASN1_TFLG_EXPTAG) { -+ char cst; -+ /* -+ * Need to work out amount of data available to the inner content and -+ * where it starts: so read in EXPLICIT header to get the info. -+ */ -+ ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, -+ &p, inlen, tt->tag, aclass, opt, ctx); -+ q = p; -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ return 0; -+ } else if (ret == -1) -+ return -1; -+ if (!cst) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, -+ ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); -+ return 0; -+ } -+ /* We've found the field so it can't be OPTIONAL now */ -+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ return 0; -+ } -+ /* We read the field in OK so update length */ -+ len -= p - q; -+ if (exp_eoc) { -+ /* If NDEF we must have an EOC here */ -+ if (!asn1_check_eoc(&p, len)) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC); -+ goto err; -+ } -+ } else { -+ /* -+ * Otherwise we must hit the EXPLICIT tag end or its an error -+ */ -+ if (len) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, -+ ASN1_R_EXPLICIT_LENGTH_MISMATCH); -+ goto err; -+ } -+ } -+ } else -+ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); -+ -+ *in = p; -+ return 1; -+ -+ err: -+ ASN1_template_free(val, tt); -+ return 0; -+} - - static int asn1_template_noexp_d2i(ASN1_VALUE **val, -- const unsigned char **in, long len, -- const ASN1_TEMPLATE *tt, char opt, -- ASN1_TLC *ctx) -- { -- int flags, aclass; -- int ret; -- const unsigned char *p, *q; -- if (!val) -- return 0; -- flags = tt->flags; -- aclass = flags & ASN1_TFLG_TAG_CLASS; -- -- p = *in; -- q = p; -- -- if (flags & ASN1_TFLG_SK_MASK) -- { -- /* SET OF, SEQUENCE OF */ -- int sktag, skaclass; -- char sk_eoc; -- /* First work out expected inner tag value */ -- if (flags & ASN1_TFLG_IMPTAG) -- { -- sktag = tt->tag; -- skaclass = aclass; -- } -- else -- { -- skaclass = V_ASN1_UNIVERSAL; -- if (flags & ASN1_TFLG_SET_OF) -- sktag = V_ASN1_SET; -- else -- sktag = V_ASN1_SEQUENCE; -- } -- /* Get the tag */ -- ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, -- &p, len, sktag, skaclass, opt, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- return 0; -- } -- else if (ret == -1) -- return -1; -- if (!*val) -- *val = (ASN1_VALUE *)sk_new_null(); -- else -- { -- /* We've got a valid STACK: free up any items present */ -- STACK *sktmp = (STACK *)*val; -- ASN1_VALUE *vtmp; -- while(sk_num(sktmp) > 0) -- { -- vtmp = (ASN1_VALUE *)sk_pop(sktmp); -- ASN1_item_ex_free(&vtmp, -- ASN1_ITEM_ptr(tt->item)); -- } -- } -- -- if (!*val) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* Read as many items as we can */ -- while(len > 0) -- { -- ASN1_VALUE *skfield; -- q = p; -- /* See if EOC found */ -- if (asn1_check_eoc(&p, len)) -- { -- if (!sk_eoc) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -- ASN1_R_UNEXPECTED_EOC); -- goto err; -- } -- len -= p - q; -- sk_eoc = 0; -- break; -- } -- skfield = NULL; -- if (!ASN1_item_ex_d2i(&skfield, &p, len, -- ASN1_ITEM_ptr(tt->item), -- -1, 0, 0, ctx)) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- len -= p - q; -- if (!sk_push((STACK *)*val, (char *)skfield)) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- if (sk_eoc) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC); -- goto err; -- } -- } -- else if (flags & ASN1_TFLG_IMPTAG) -- { -- /* IMPLICIT tagging */ -- ret = ASN1_item_ex_d2i(val, &p, len, -- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- else if (ret == -1) -- return -1; -- } -- else -- { -- /* Nothing special */ -- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -- -1, 0, opt, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -- ERR_R_NESTED_ASN1_ERROR); -- goto err; -- } -- else if (ret == -1) -- return -1; -- } -- -- *in = p; -- return 1; -- -- err: -- ASN1_template_free(val, tt); -- return 0; -- } -+ const unsigned char **in, long len, -+ const ASN1_TEMPLATE *tt, char opt, -+ ASN1_TLC *ctx) -+{ -+ int flags, aclass; -+ int ret; -+ const unsigned char *p, *q; -+ if (!val) -+ return 0; -+ flags = tt->flags; -+ aclass = flags & ASN1_TFLG_TAG_CLASS; -+ -+ p = *in; -+ q = p; -+ -+ if (flags & ASN1_TFLG_SK_MASK) { -+ /* SET OF, SEQUENCE OF */ -+ int sktag, skaclass; -+ char sk_eoc; -+ /* First work out expected inner tag value */ -+ if (flags & ASN1_TFLG_IMPTAG) { -+ sktag = tt->tag; -+ skaclass = aclass; -+ } else { -+ skaclass = V_ASN1_UNIVERSAL; -+ if (flags & ASN1_TFLG_SET_OF) -+ sktag = V_ASN1_SET; -+ else -+ sktag = V_ASN1_SEQUENCE; -+ } -+ /* Get the tag */ -+ ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, -+ &p, len, sktag, skaclass, opt, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); -+ return 0; -+ } else if (ret == -1) -+ return -1; -+ if (!*val) -+ *val = (ASN1_VALUE *)sk_new_null(); -+ else { -+ /* -+ * We've got a valid STACK: free up any items present -+ */ -+ STACK *sktmp = (STACK *) * val; -+ ASN1_VALUE *vtmp; -+ while (sk_num(sktmp) > 0) { -+ vtmp = (ASN1_VALUE *)sk_pop(sktmp); -+ ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); -+ } -+ } -+ -+ if (!*val) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Read as many items as we can */ -+ while (len > 0) { -+ ASN1_VALUE *skfield; -+ q = p; -+ /* See if EOC found */ -+ if (asn1_check_eoc(&p, len)) { -+ if (!sk_eoc) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -+ ASN1_R_UNEXPECTED_EOC); -+ goto err; -+ } -+ len -= p - q; -+ sk_eoc = 0; -+ break; -+ } -+ skfield = NULL; -+ if (!ASN1_item_ex_d2i(&skfield, &p, len, -+ ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, -+ ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } -+ len -= p - q; -+ if (!sk_push((STACK *) * val, (char *)skfield)) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ if (sk_eoc) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC); -+ goto err; -+ } -+ } else if (flags & ASN1_TFLG_IMPTAG) { -+ /* IMPLICIT tagging */ -+ ret = ASN1_item_ex_d2i(val, &p, len, -+ ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, -+ ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } else if (ret == -1) -+ return -1; -+ } else { -+ /* Nothing special */ -+ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -+ -1, 0, opt, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); -+ goto err; -+ } else if (ret == -1) -+ return -1; -+ } -+ -+ *in = p; -+ return 1; -+ -+ err: -+ ASN1_template_free(val, tt); -+ return 0; -+} - - static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, -- const unsigned char **in, long inlen, -- const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx) -- { -- int ret = 0, utype; -- long plen; -- char cst, inf, free_cont = 0; -- const unsigned char *p; -- BUF_MEM buf; -- const unsigned char *cont = NULL; -- long len; -- if (!pval) -- { -- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); -- return 0; /* Should never happen */ -- } -- -- if (it->itype == ASN1_ITYPE_MSTRING) -- { -- utype = tag; -- tag = -1; -- } -- else -- utype = it->utype; -- -- if (utype == V_ASN1_ANY) -- { -- /* If type is ANY need to figure out type from tag */ -- unsigned char oclass; -- if (tag >= 0) -- { -- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, -- ASN1_R_ILLEGAL_TAGGED_ANY); -- return 0; -- } -- if (opt) -- { -- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, -- ASN1_R_ILLEGAL_OPTIONAL_ANY); -- return 0; -- } -- p = *in; -- ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, -- &p, inlen, -1, 0, 0, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, -- ERR_R_NESTED_ASN1_ERROR); -- return 0; -- } -- if (oclass != V_ASN1_UNIVERSAL) -- utype = V_ASN1_OTHER; -- } -- if (tag == -1) -- { -- tag = utype; -- aclass = V_ASN1_UNIVERSAL; -- } -- p = *in; -- /* Check header */ -- ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, -- &p, inlen, tag, aclass, opt, ctx); -- if (!ret) -- { -- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); -- return 0; -- } -- else if (ret == -1) -- return -1; -- ret = 0; -- /* SEQUENCE, SET and "OTHER" are left in encoded form */ -- if ((utype == V_ASN1_SEQUENCE) -- || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) -- { -- /* Clear context cache for type OTHER because the auto clear -- * when we have a exact match wont work -- */ -- if (utype == V_ASN1_OTHER) -- { -- asn1_tlc_clear(ctx); -- } -- /* SEQUENCE and SET must be constructed */ -- else if (!cst) -- { -- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, -- ASN1_R_TYPE_NOT_CONSTRUCTED); -- return 0; -- } -- -- cont = *in; -- /* If indefinite length constructed find the real end */ -- if (inf) -- { -- if (!asn1_find_end(&p, plen, inf)) -- goto err; -- len = p - cont; -- } -- else -- { -- len = p - cont + plen; -- p += plen; -- buf.data = NULL; -- } -- } -- else if (cst) -- { -- buf.length = 0; -- buf.max = 0; -- buf.data = NULL; -- /* Should really check the internal tags are correct but -- * some things may get this wrong. The relevant specs -- * say that constructed string types should be OCTET STRINGs -- * internally irrespective of the type. So instead just check -- * for UNIVERSAL class and ignore the tag. -- */ -- if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) -- { -- free_cont = 1; -- goto err; -- } -- len = buf.length; -- /* Append a final null to string */ -- if (!BUF_MEM_grow_clean(&buf, len + 1)) -- { -- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- buf.data[len] = 0; -- cont = (const unsigned char *)buf.data; -- free_cont = 1; -- } -- else -- { -- cont = p; -- len = plen; -- p += plen; -- } -- -- /* We now have content length and type: translate into a structure */ -- if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) -- goto err; -- -- *in = p; -- ret = 1; -- err: -- if (free_cont && buf.data) OPENSSL_free(buf.data); -- return ret; -- } -+ const unsigned char **in, long inlen, -+ const ASN1_ITEM *it, -+ int tag, int aclass, char opt, ASN1_TLC *ctx) -+{ -+ int ret = 0, utype; -+ long plen; -+ char cst, inf, free_cont = 0; -+ const unsigned char *p; -+ BUF_MEM buf; -+ const unsigned char *cont = NULL; -+ long len; -+ if (!pval) { -+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); -+ return 0; /* Should never happen */ -+ } -+ -+ if (it->itype == ASN1_ITYPE_MSTRING) { -+ utype = tag; -+ tag = -1; -+ } else -+ utype = it->utype; -+ -+ if (utype == V_ASN1_ANY) { -+ /* If type is ANY need to figure out type from tag */ -+ unsigned char oclass; -+ if (tag >= 0) { -+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY); -+ return 0; -+ } -+ if (opt) { -+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, -+ ASN1_R_ILLEGAL_OPTIONAL_ANY); -+ return 0; -+ } -+ p = *in; -+ ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, -+ &p, inlen, -1, 0, 0, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); -+ return 0; -+ } -+ if (oclass != V_ASN1_UNIVERSAL) -+ utype = V_ASN1_OTHER; -+ } -+ if (tag == -1) { -+ tag = utype; -+ aclass = V_ASN1_UNIVERSAL; -+ } -+ p = *in; -+ /* Check header */ -+ ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, -+ &p, inlen, tag, aclass, opt, ctx); -+ if (!ret) { -+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); -+ return 0; -+ } else if (ret == -1) -+ return -1; -+ ret = 0; -+ /* SEQUENCE, SET and "OTHER" are left in encoded form */ -+ if ((utype == V_ASN1_SEQUENCE) -+ || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { -+ /* -+ * Clear context cache for type OTHER because the auto clear when we -+ * have a exact match wont work -+ */ -+ if (utype == V_ASN1_OTHER) { -+ asn1_tlc_clear(ctx); -+ } -+ /* SEQUENCE and SET must be constructed */ -+ else if (!cst) { -+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, -+ ASN1_R_TYPE_NOT_CONSTRUCTED); -+ return 0; -+ } -+ -+ cont = *in; -+ /* If indefinite length constructed find the real end */ -+ if (inf) { -+ if (!asn1_find_end(&p, plen, inf)) -+ goto err; -+ len = p - cont; -+ } else { -+ len = p - cont + plen; -+ p += plen; -+ buf.data = NULL; -+ } -+ } else if (cst) { -+ if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN -+ || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER -+ || utype == V_ASN1_ENUMERATED) { -+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE); -+ return 0; -+ } -+ buf.length = 0; -+ buf.max = 0; -+ buf.data = NULL; -+ /* -+ * Should really check the internal tags are correct but some things -+ * may get this wrong. The relevant specs say that constructed string -+ * types should be OCTET STRINGs internally irrespective of the type. -+ * So instead just check for UNIVERSAL class and ignore the tag. -+ */ -+ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { -+ free_cont = 1; -+ goto err; -+ } -+ len = buf.length; -+ /* Append a final null to string */ -+ if (!BUF_MEM_grow_clean(&buf, len + 1)) { -+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ buf.data[len] = 0; -+ cont = (const unsigned char *)buf.data; -+ free_cont = 1; -+ } else { -+ cont = p; -+ len = plen; -+ p += plen; -+ } -+ -+ /* We now have content length and type: translate into a structure */ -+ if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) -+ goto err; -+ -+ *in = p; -+ ret = 1; -+ err: -+ if (free_cont && buf.data) -+ OPENSSL_free(buf.data); -+ return ret; -+} - - /* Translate ASN1 content octets into a structure */ - - int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -- int utype, char *free_cont, const ASN1_ITEM *it) -- { -- ASN1_VALUE **opval = NULL; -- ASN1_STRING *stmp; -- ASN1_TYPE *typ = NULL; -- int ret = 0; -- const ASN1_PRIMITIVE_FUNCS *pf; -- ASN1_INTEGER **tint; -- pf = it->funcs; -- -- if (pf && pf->prim_c2i) -- return pf->prim_c2i(pval, cont, len, utype, free_cont, it); -- /* If ANY type clear type and set pointer to internal value */ -- if (it->utype == V_ASN1_ANY) -- { -- if (!*pval) -- { -- typ = ASN1_TYPE_new(); -- if (typ == NULL) -- goto err; -- *pval = (ASN1_VALUE *)typ; -- } -- else -- typ = (ASN1_TYPE *)*pval; -- -- if (utype != typ->type) -- ASN1_TYPE_set(typ, utype, NULL); -- opval = pval; -- pval = &typ->value.asn1_value; -- } -- switch(utype) -- { -- case V_ASN1_OBJECT: -- if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) -- goto err; -- break; -- -- case V_ASN1_NULL: -- if (len) -- { -- ASN1err(ASN1_F_ASN1_EX_C2I, -- ASN1_R_NULL_IS_WRONG_LENGTH); -- goto err; -- } -- *pval = (ASN1_VALUE *)1; -- break; -- -- case V_ASN1_BOOLEAN: -- if (len != 1) -- { -- ASN1err(ASN1_F_ASN1_EX_C2I, -- ASN1_R_BOOLEAN_IS_WRONG_LENGTH); -- goto err; -- } -- else -- { -- ASN1_BOOLEAN *tbool; -- tbool = (ASN1_BOOLEAN *)pval; -- *tbool = *cont; -- } -- break; -- -- case V_ASN1_BIT_STRING: -- if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) -- goto err; -- break; -- -- case V_ASN1_INTEGER: -- case V_ASN1_NEG_INTEGER: -- case V_ASN1_ENUMERATED: -- case V_ASN1_NEG_ENUMERATED: -- tint = (ASN1_INTEGER **)pval; -- if (!c2i_ASN1_INTEGER(tint, &cont, len)) -- goto err; -- /* Fixup type to match the expected form */ -- (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); -- break; -- -- case V_ASN1_OCTET_STRING: -- case V_ASN1_NUMERICSTRING: -- case V_ASN1_PRINTABLESTRING: -- case V_ASN1_T61STRING: -- case V_ASN1_VIDEOTEXSTRING: -- case V_ASN1_IA5STRING: -- case V_ASN1_UTCTIME: -- case V_ASN1_GENERALIZEDTIME: -- case V_ASN1_GRAPHICSTRING: -- case V_ASN1_VISIBLESTRING: -- case V_ASN1_GENERALSTRING: -- case V_ASN1_UNIVERSALSTRING: -- case V_ASN1_BMPSTRING: -- case V_ASN1_UTF8STRING: -- case V_ASN1_OTHER: -- case V_ASN1_SET: -- case V_ASN1_SEQUENCE: -- default: -- if (utype == V_ASN1_BMPSTRING && (len & 1)) -- { -- ASN1err(ASN1_F_ASN1_EX_C2I, -- ASN1_R_BMPSTRING_IS_WRONG_LENGTH); -- goto err; -- } -- if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) -- { -- ASN1err(ASN1_F_ASN1_EX_C2I, -- ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); -- goto err; -- } -- /* All based on ASN1_STRING and handled the same */ -- if (!*pval) -- { -- stmp = ASN1_STRING_type_new(utype); -- if (!stmp) -- { -- ASN1err(ASN1_F_ASN1_EX_C2I, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- *pval = (ASN1_VALUE *)stmp; -- } -- else -- { -- stmp = (ASN1_STRING *)*pval; -- stmp->type = utype; -- } -- /* If we've already allocated a buffer use it */ -- if (*free_cont) -- { -- if (stmp->data) -- OPENSSL_free(stmp->data); -- stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ -- stmp->length = len; -- *free_cont = 0; -- } -- else -- { -- if (!ASN1_STRING_set(stmp, cont, len)) -- { -- ASN1err(ASN1_F_ASN1_EX_C2I, -- ERR_R_MALLOC_FAILURE); -- ASN1_STRING_free(stmp); -- *pval = NULL; -- goto err; -- } -- } -- break; -- } -- /* If ASN1_ANY and NULL type fix up value */ -- if (typ && (utype == V_ASN1_NULL)) -- typ->value.ptr = NULL; -- -- ret = 1; -- err: -- if (!ret) -- { -- ASN1_TYPE_free(typ); -- if (opval) -- *opval = NULL; -- } -- return ret; -- } -- -- --/* This function finds the end of an ASN1 structure when passed its maximum -- * length, whether it is indefinite length and a pointer to the content. -- * This is more efficient than calling asn1_collect because it does not -- * recurse on each indefinite length header. -+ int utype, char *free_cont, const ASN1_ITEM *it) -+{ -+ ASN1_VALUE **opval = NULL; -+ ASN1_STRING *stmp; -+ ASN1_TYPE *typ = NULL; -+ int ret = 0; -+ const ASN1_PRIMITIVE_FUNCS *pf; -+ ASN1_INTEGER **tint; -+ pf = it->funcs; -+ -+ if (pf && pf->prim_c2i) -+ return pf->prim_c2i(pval, cont, len, utype, free_cont, it); -+ /* If ANY type clear type and set pointer to internal value */ -+ if (it->utype == V_ASN1_ANY) { -+ if (!*pval) { -+ typ = ASN1_TYPE_new(); -+ if (typ == NULL) -+ goto err; -+ *pval = (ASN1_VALUE *)typ; -+ } else -+ typ = (ASN1_TYPE *)*pval; -+ -+ if (utype != typ->type) -+ ASN1_TYPE_set(typ, utype, NULL); -+ opval = pval; -+ pval = &typ->value.asn1_value; -+ } -+ switch (utype) { -+ case V_ASN1_OBJECT: -+ if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) -+ goto err; -+ break; -+ -+ case V_ASN1_NULL: -+ if (len) { -+ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH); -+ goto err; -+ } -+ *pval = (ASN1_VALUE *)1; -+ break; -+ -+ case V_ASN1_BOOLEAN: -+ if (len != 1) { -+ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); -+ goto err; -+ } else { -+ ASN1_BOOLEAN *tbool; -+ tbool = (ASN1_BOOLEAN *)pval; -+ *tbool = *cont; -+ } -+ break; -+ -+ case V_ASN1_BIT_STRING: -+ if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) -+ goto err; -+ break; -+ -+ case V_ASN1_INTEGER: -+ case V_ASN1_NEG_INTEGER: -+ case V_ASN1_ENUMERATED: -+ case V_ASN1_NEG_ENUMERATED: -+ tint = (ASN1_INTEGER **)pval; -+ if (!c2i_ASN1_INTEGER(tint, &cont, len)) -+ goto err; -+ /* Fixup type to match the expected form */ -+ (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); -+ break; -+ -+ case V_ASN1_OCTET_STRING: -+ case V_ASN1_NUMERICSTRING: -+ case V_ASN1_PRINTABLESTRING: -+ case V_ASN1_T61STRING: -+ case V_ASN1_VIDEOTEXSTRING: -+ case V_ASN1_IA5STRING: -+ case V_ASN1_UTCTIME: -+ case V_ASN1_GENERALIZEDTIME: -+ case V_ASN1_GRAPHICSTRING: -+ case V_ASN1_VISIBLESTRING: -+ case V_ASN1_GENERALSTRING: -+ case V_ASN1_UNIVERSALSTRING: -+ case V_ASN1_BMPSTRING: -+ case V_ASN1_UTF8STRING: -+ case V_ASN1_OTHER: -+ case V_ASN1_SET: -+ case V_ASN1_SEQUENCE: -+ default: -+ if (utype == V_ASN1_BMPSTRING && (len & 1)) { -+ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH); -+ goto err; -+ } -+ if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { -+ ASN1err(ASN1_F_ASN1_EX_C2I, -+ ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); -+ goto err; -+ } -+ /* All based on ASN1_STRING and handled the same */ -+ if (!*pval) { -+ stmp = ASN1_STRING_type_new(utype); -+ if (!stmp) { -+ ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ *pval = (ASN1_VALUE *)stmp; -+ } else { -+ stmp = (ASN1_STRING *)*pval; -+ stmp->type = utype; -+ } -+ /* If we've already allocated a buffer use it */ -+ if (*free_cont) { -+ if (stmp->data) -+ OPENSSL_free(stmp->data); -+ stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ -+ stmp->length = len; -+ *free_cont = 0; -+ } else { -+ if (!ASN1_STRING_set(stmp, cont, len)) { -+ ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); -+ ASN1_STRING_free(stmp); -+ *pval = NULL; -+ goto err; -+ } -+ } -+ break; -+ } -+ /* If ASN1_ANY and NULL type fix up value */ -+ if (typ && (utype == V_ASN1_NULL)) -+ typ->value.ptr = NULL; -+ -+ ret = 1; -+ err: -+ if (!ret) { -+ ASN1_TYPE_free(typ); -+ if (opval) -+ *opval = NULL; -+ } -+ return ret; -+} -+ -+/* -+ * This function finds the end of an ASN1 structure when passed its maximum -+ * length, whether it is indefinite length and a pointer to the content. This -+ * is more efficient than calling asn1_collect because it does not recurse on -+ * each indefinite length header. - */ - - static int asn1_find_end(const unsigned char **in, long len, char inf) -- { -- int expected_eoc; -- long plen; -- const unsigned char *p = *in, *q; -- /* If not indefinite length constructed just add length */ -- if (inf == 0) -- { -- *in += len; -- return 1; -- } -- expected_eoc = 1; -- /* Indefinite length constructed form. Find the end when enough EOCs -- * are found. If more indefinite length constructed headers -- * are encountered increment the expected eoc count otherwise just -- * skip to the end of the data. -- */ -- while (len > 0) -- { -- if(asn1_check_eoc(&p, len)) -- { -- expected_eoc--; -- if (expected_eoc == 0) -- break; -- len -= 2; -- continue; -- } -- q = p; -- /* Just read in a header: only care about the length */ -- if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, -- -1, 0, 0, NULL)) -- { -- ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); -- return 0; -- } -- if (inf) -- expected_eoc++; -- else -- p += plen; -- len -= p - q; -- } -- if (expected_eoc) -- { -- ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC); -- return 0; -- } -- *in = p; -- return 1; -- } --/* This function collects the asn1 data from a constructred string -- * type into a buffer. The values of 'in' and 'len' should refer -- * to the contents of the constructed type and 'inf' should be set -- * if it is indefinite length. -+{ -+ int expected_eoc; -+ long plen; -+ const unsigned char *p = *in, *q; -+ /* If not indefinite length constructed just add length */ -+ if (inf == 0) { -+ *in += len; -+ return 1; -+ } -+ expected_eoc = 1; -+ /* -+ * Indefinite length constructed form. Find the end when enough EOCs are -+ * found. If more indefinite length constructed headers are encountered -+ * increment the expected eoc count otherwise just skip to the end of the -+ * data. -+ */ -+ while (len > 0) { -+ if (asn1_check_eoc(&p, len)) { -+ expected_eoc--; -+ if (expected_eoc == 0) -+ break; -+ len -= 2; -+ continue; -+ } -+ q = p; -+ /* Just read in a header: only care about the length */ -+ if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, -+ -1, 0, 0, NULL)) { -+ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); -+ return 0; -+ } -+ if (inf) -+ expected_eoc++; -+ else -+ p += plen; -+ len -= p - q; -+ } -+ if (expected_eoc) { -+ ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC); -+ return 0; -+ } -+ *in = p; -+ return 1; -+} -+ -+/* -+ * This function collects the asn1 data from a constructred string type into -+ * a buffer. The values of 'in' and 'len' should refer to the contents of the -+ * constructed type and 'inf' should be set if it is indefinite length. - */ - - #ifndef ASN1_MAX_STRING_NEST --/* This determines how many levels of recursion are permitted in ASN1 -- * string types. If it is not limited stack overflows can occur. If set -- * to zero no recursion is allowed at all. Although zero should be adequate -- * examples exist that require a value of 1. So 5 should be more than enough. -+/* -+ * This determines how many levels of recursion are permitted in ASN1 string -+ * types. If it is not limited stack overflows can occur. If set to zero no -+ * recursion is allowed at all. Although zero should be adequate examples -+ * exist that require a value of 1. So 5 should be more than enough. - */ --#define ASN1_MAX_STRING_NEST 5 -+# define ASN1_MAX_STRING_NEST 5 - #endif - -- - static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, -- char inf, int tag, int aclass, int depth) -- { -- const unsigned char *p, *q; -- long plen; -- char cst, ininf; -- p = *in; -- inf &= 1; -- /* If no buffer and not indefinite length constructed just pass over -- * the encoded data */ -- if (!buf && !inf) -- { -- *in += len; -- return 1; -- } -- while(len > 0) -- { -- q = p; -- /* Check for EOC */ -- if (asn1_check_eoc(&p, len)) -- { -- /* EOC is illegal outside indefinite length -- * constructed form */ -- if (!inf) -- { -- ASN1err(ASN1_F_ASN1_COLLECT, -- ASN1_R_UNEXPECTED_EOC); -- return 0; -- } -- inf = 0; -- break; -- } -- -- if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, -- len, tag, aclass, 0, NULL)) -- { -- ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); -- return 0; -- } -- -- /* If indefinite length constructed update max length */ -- if (cst) -- { -- if (depth >= ASN1_MAX_STRING_NEST) -- { -- ASN1err(ASN1_F_ASN1_COLLECT, -- ASN1_R_NESTED_ASN1_STRING); -- return 0; -- } -- if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, -- depth + 1)) -- return 0; -- } -- else if (plen && !collect_data(buf, &p, plen)) -- return 0; -- len -= p - q; -- } -- if (inf) -- { -- ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); -- return 0; -- } -- *in = p; -- return 1; -- } -+ char inf, int tag, int aclass, int depth) -+{ -+ const unsigned char *p, *q; -+ long plen; -+ char cst, ininf; -+ p = *in; -+ inf &= 1; -+ /* -+ * If no buffer and not indefinite length constructed just pass over the -+ * encoded data -+ */ -+ if (!buf && !inf) { -+ *in += len; -+ return 1; -+ } -+ while (len > 0) { -+ q = p; -+ /* Check for EOC */ -+ if (asn1_check_eoc(&p, len)) { -+ /* -+ * EOC is illegal outside indefinite length constructed form -+ */ -+ if (!inf) { -+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC); -+ return 0; -+ } -+ inf = 0; -+ break; -+ } -+ -+ if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, -+ len, tag, aclass, 0, NULL)) { -+ ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); -+ return 0; -+ } -+ -+ /* If indefinite length constructed update max length */ -+ if (cst) { -+ if (depth >= ASN1_MAX_STRING_NEST) { -+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); -+ return 0; -+ } -+ if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1)) -+ return 0; -+ } else if (plen && !collect_data(buf, &p, plen)) -+ return 0; -+ len -= p - q; -+ } -+ if (inf) { -+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); -+ return 0; -+ } -+ *in = p; -+ return 1; -+} - - static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) -- { -- int len; -- if (buf) -- { -- len = buf->length; -- if (!BUF_MEM_grow_clean(buf, len + plen)) -- { -- ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- memcpy(buf->data + len, *p, plen); -- } -- *p += plen; -- return 1; -- } -+{ -+ int len; -+ if (buf) { -+ len = buf->length; -+ if (!BUF_MEM_grow_clean(buf, len + plen)) { -+ ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ memcpy(buf->data + len, *p, plen); -+ } -+ *p += plen; -+ return 1; -+} - - /* Check for ASN1 EOC and swallow it if found */ - - static int asn1_check_eoc(const unsigned char **in, long len) -- { -- const unsigned char *p; -- if (len < 2) return 0; -- p = *in; -- if (!p[0] && !p[1]) -- { -- *in += 2; -- return 1; -- } -- return 0; -- } -- --/* Check an ASN1 tag and length: a bit like ASN1_get_object -- * but it sets the length for indefinite length constructed -- * form, we don't know the exact length but we can set an -- * upper bound to the amount of data available minus the -- * header length just read. -+{ -+ const unsigned char *p; -+ if (len < 2) -+ return 0; -+ p = *in; -+ if (!p[0] && !p[1]) { -+ *in += 2; -+ return 1; -+ } -+ return 0; -+} -+ -+/* -+ * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the -+ * length for indefinite length constructed form, we don't know the exact -+ * length but we can set an upper bound to the amount of data available minus -+ * the header length just read. - */ - - static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, -- char *inf, char *cst, -- const unsigned char **in, long len, -- int exptag, int expclass, char opt, -- ASN1_TLC *ctx) -- { -- int i; -- int ptag, pclass; -- long plen; -- const unsigned char *p, *q; -- p = *in; -- q = p; -- -- if (ctx && ctx->valid) -- { -- i = ctx->ret; -- plen = ctx->plen; -- pclass = ctx->pclass; -- ptag = ctx->ptag; -- p += ctx->hdrlen; -- } -- else -- { -- i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); -- if (ctx) -- { -- ctx->ret = i; -- ctx->plen = plen; -- ctx->pclass = pclass; -- ctx->ptag = ptag; -- ctx->hdrlen = p - q; -- ctx->valid = 1; -- /* If definite length, and no error, length + -- * header can't exceed total amount of data available. -- */ -- if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) -- { -- ASN1err(ASN1_F_ASN1_CHECK_TLEN, -- ASN1_R_TOO_LONG); -- asn1_tlc_clear(ctx); -- return 0; -- } -- } -- } -- -- if (i & 0x80) -- { -- ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); -- asn1_tlc_clear(ctx); -- return 0; -- } -- if (exptag >= 0) -- { -- if ((exptag != ptag) || (expclass != pclass)) -- { -- /* If type is OPTIONAL, not an error: -- * indicate missing type. -- */ -- if (opt) return -1; -- asn1_tlc_clear(ctx); -- ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); -- return 0; -- } -- /* We have a tag and class match: -- * assume we are going to do something with it */ -- asn1_tlc_clear(ctx); -- } -- -- if (i & 1) -- plen = len - (p - q); -- -- if (inf) -- *inf = i & 1; -- -- if (cst) -- *cst = i & V_ASN1_CONSTRUCTED; -- -- if (olen) -- *olen = plen; -- -- if (oclass) -- *oclass = pclass; -- -- if (otag) -- *otag = ptag; -- -- *in = p; -- return 1; -- } -+ char *inf, char *cst, -+ const unsigned char **in, long len, -+ int exptag, int expclass, char opt, ASN1_TLC *ctx) -+{ -+ int i; -+ int ptag, pclass; -+ long plen; -+ const unsigned char *p, *q; -+ p = *in; -+ q = p; -+ -+ if (ctx && ctx->valid) { -+ i = ctx->ret; -+ plen = ctx->plen; -+ pclass = ctx->pclass; -+ ptag = ctx->ptag; -+ p += ctx->hdrlen; -+ } else { -+ i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); -+ if (ctx) { -+ ctx->ret = i; -+ ctx->plen = plen; -+ ctx->pclass = pclass; -+ ctx->ptag = ptag; -+ ctx->hdrlen = p - q; -+ ctx->valid = 1; -+ /* -+ * If definite length, and no error, length + header can't exceed -+ * total amount of data available. -+ */ -+ if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { -+ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); -+ asn1_tlc_clear(ctx); -+ return 0; -+ } -+ } -+ } -+ -+ if (i & 0x80) { -+ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); -+ asn1_tlc_clear(ctx); -+ return 0; -+ } -+ if (exptag >= 0) { -+ if ((exptag != ptag) || (expclass != pclass)) { -+ /* -+ * If type is OPTIONAL, not an error: indicate missing type. -+ */ -+ if (opt) -+ return -1; -+ asn1_tlc_clear(ctx); -+ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); -+ return 0; -+ } -+ /* -+ * We have a tag and class match: assume we are going to do something -+ * with it -+ */ -+ asn1_tlc_clear(ctx); -+ } -+ -+ if (i & 1) -+ plen = len - (p - q); -+ -+ if (inf) -+ *inf = i & 1; -+ -+ if (cst) -+ *cst = i & V_ASN1_CONSTRUCTED; -+ -+ if (olen) -+ *olen = plen; -+ -+ if (oclass) -+ *oclass = pclass; -+ -+ if (otag) -+ *otag = ptag; -+ -+ *in = p; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -index b3687f9..b93f3f6 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c -@@ -1,6 +1,7 @@ - /* tasn_enc.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include - #include "cryptlib.h" -@@ -65,631 +65,596 @@ - #include - - static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, -- const ASN1_ITEM *it, -- int tag, int aclass); -+ const ASN1_ITEM *it, int tag, int aclass); - static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, -- int skcontlen, const ASN1_ITEM *item, -- int do_sort, int iclass); -+ int skcontlen, const ASN1_ITEM *item, -+ int do_sort, int iclass); - static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, -- const ASN1_TEMPLATE *tt, -- int tag, int aclass); -+ const ASN1_TEMPLATE *tt, int tag, int aclass); - static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, -- const ASN1_ITEM *it, int flags); -+ const ASN1_ITEM *it, int flags); - --/* Top level i2d equivalents: the 'ndef' variant instructs the encoder -- * to use indefinite length constructed encoding, where appropriate -+/* -+ * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use -+ * indefinite length constructed encoding, where appropriate - */ - - int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, -- const ASN1_ITEM *it) -- { -- return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); -- } -+ const ASN1_ITEM *it) -+{ -+ return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); -+} - - int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) -- { -- return asn1_item_flags_i2d(val, out, it, 0); -- } -+{ -+ return asn1_item_flags_i2d(val, out, it, 0); -+} - --/* Encode an ASN1 item, this is use by the -- * standard 'i2d' function. 'out' points to -- * a buffer to output the data to. -- * -- * The new i2d has one additional feature. If the output -- * buffer is NULL (i.e. *out == NULL) then a buffer is -+/* -+ * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out' -+ * points to a buffer to output the data to. The new i2d has one additional -+ * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is - * allocated and populated with the encoding. - */ - - static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, -- const ASN1_ITEM *it, int flags) -- { -- if (out && !*out) -- { -- unsigned char *p, *buf; -- int len; -- len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); -- if (len <= 0) -- return len; -- buf = OPENSSL_malloc(len); -- if (!buf) -- return -1; -- p = buf; -- ASN1_item_ex_i2d(&val, &p, it, -1, flags); -- *out = buf; -- return len; -- } -- -- return ASN1_item_ex_i2d(&val, out, it, -1, flags); -- } -- --/* Encode an item, taking care of IMPLICIT tagging (if any). -- * This function performs the normal item handling: it can be -- * used in external types. -+ const ASN1_ITEM *it, int flags) -+{ -+ if (out && !*out) { -+ unsigned char *p, *buf; -+ int len; -+ len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); -+ if (len <= 0) -+ return len; -+ buf = OPENSSL_malloc(len); -+ if (!buf) -+ return -1; -+ p = buf; -+ ASN1_item_ex_i2d(&val, &p, it, -1, flags); -+ *out = buf; -+ return len; -+ } -+ -+ return ASN1_item_ex_i2d(&val, out, it, -1, flags); -+} -+ -+/* -+ * Encode an item, taking care of IMPLICIT tagging (if any). This function -+ * performs the normal item handling: it can be used in external types. - */ - - int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, -- const ASN1_ITEM *it, int tag, int aclass) -- { -- const ASN1_TEMPLATE *tt = NULL; -- unsigned char *p = NULL; -- int i, seqcontlen, seqlen, ndef = 1; -- const ASN1_COMPAT_FUNCS *cf; -- const ASN1_EXTERN_FUNCS *ef; -- const ASN1_AUX *aux = it->funcs; -- ASN1_aux_cb *asn1_cb = 0; -- -- if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) -- return 0; -- -- if (aux && aux->asn1_cb) -- asn1_cb = aux->asn1_cb; -- -- switch(it->itype) -- { -- -- case ASN1_ITYPE_PRIMITIVE: -- if (it->templates) -- return asn1_template_ex_i2d(pval, out, it->templates, -- tag, aclass); -- return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); -- break; -- -- case ASN1_ITYPE_MSTRING: -- return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); -- -- case ASN1_ITYPE_CHOICE: -- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) -- return 0; -- i = asn1_get_choice_selector(pval, it); -- if ((i >= 0) && (i < it->tcount)) -- { -- ASN1_VALUE **pchval; -- const ASN1_TEMPLATE *chtt; -- chtt = it->templates + i; -- pchval = asn1_get_field_ptr(pval, chtt); -- return asn1_template_ex_i2d(pchval, out, chtt, -- -1, aclass); -- } -- /* Fixme: error condition if selector out of range */ -- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) -- return 0; -- break; -- -- case ASN1_ITYPE_EXTERN: -- /* If new style i2d it does all the work */ -- ef = it->funcs; -- return ef->asn1_ex_i2d(pval, out, it, tag, aclass); -- -- case ASN1_ITYPE_COMPAT: -- /* old style hackery... */ -- cf = it->funcs; -- if (out) -- p = *out; -- i = cf->asn1_i2d(*pval, out); -- /* Fixup for IMPLICIT tag: note this messes up for tags > 30, -- * but so did the old code. Tags > 30 are very rare anyway. -- */ -- if (out && (tag != -1)) -- *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); -- return i; -- -- case ASN1_ITYPE_NDEF_SEQUENCE: -- /* Use indefinite length constructed if requested */ -- if (aclass & ASN1_TFLG_NDEF) ndef = 2; -- /* fall through */ -- -- case ASN1_ITYPE_SEQUENCE: -- i = asn1_enc_restore(&seqcontlen, out, pval, it); -- /* An error occurred */ -- if (i < 0) -- return 0; -- /* We have a valid cached encoding... */ -- if (i > 0) -- return seqcontlen; -- /* Otherwise carry on */ -- seqcontlen = 0; -- /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ -- if (tag == -1) -- { -- tag = V_ASN1_SEQUENCE; -- /* Retain any other flags in aclass */ -- aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) -- | V_ASN1_UNIVERSAL; -- } -- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) -- return 0; -- /* First work out sequence content length */ -- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) -- { -- const ASN1_TEMPLATE *seqtt; -- ASN1_VALUE **pseqval; -- seqtt = asn1_do_adb(pval, tt, 1); -- if (!seqtt) -- return 0; -- pseqval = asn1_get_field_ptr(pval, seqtt); -- /* FIXME: check for errors in enhanced version */ -- seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt, -- -1, aclass); -- } -- -- seqlen = ASN1_object_size(ndef, seqcontlen, tag); -- if (!out) -- return seqlen; -- /* Output SEQUENCE header */ -- ASN1_put_object(out, ndef, seqcontlen, tag, aclass); -- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) -- { -- const ASN1_TEMPLATE *seqtt; -- ASN1_VALUE **pseqval; -- seqtt = asn1_do_adb(pval, tt, 1); -- if (!seqtt) -- return 0; -- pseqval = asn1_get_field_ptr(pval, seqtt); -- /* FIXME: check for errors in enhanced version */ -- asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); -- } -- if (ndef == 2) -- ASN1_put_eoc(out); -- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) -- return 0; -- return seqlen; -- -- default: -- return 0; -- -- } -- return 0; -- } -+ const ASN1_ITEM *it, int tag, int aclass) -+{ -+ const ASN1_TEMPLATE *tt = NULL; -+ unsigned char *p = NULL; -+ int i, seqcontlen, seqlen, ndef = 1; -+ const ASN1_COMPAT_FUNCS *cf; -+ const ASN1_EXTERN_FUNCS *ef; -+ const ASN1_AUX *aux = it->funcs; -+ ASN1_aux_cb *asn1_cb = 0; -+ -+ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) -+ return 0; -+ -+ if (aux && aux->asn1_cb) -+ asn1_cb = aux->asn1_cb; -+ -+ switch (it->itype) { -+ -+ case ASN1_ITYPE_PRIMITIVE: -+ if (it->templates) -+ return asn1_template_ex_i2d(pval, out, it->templates, -+ tag, aclass); -+ return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); -+ break; -+ -+ case ASN1_ITYPE_MSTRING: -+ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); -+ -+ case ASN1_ITYPE_CHOICE: -+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) -+ return 0; -+ i = asn1_get_choice_selector(pval, it); -+ if ((i >= 0) && (i < it->tcount)) { -+ ASN1_VALUE **pchval; -+ const ASN1_TEMPLATE *chtt; -+ chtt = it->templates + i; -+ pchval = asn1_get_field_ptr(pval, chtt); -+ return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass); -+ } -+ /* Fixme: error condition if selector out of range */ -+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) -+ return 0; -+ break; -+ -+ case ASN1_ITYPE_EXTERN: -+ /* If new style i2d it does all the work */ -+ ef = it->funcs; -+ return ef->asn1_ex_i2d(pval, out, it, tag, aclass); -+ -+ case ASN1_ITYPE_COMPAT: -+ /* old style hackery... */ -+ cf = it->funcs; -+ if (out) -+ p = *out; -+ i = cf->asn1_i2d(*pval, out); -+ /* -+ * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so -+ * did the old code. Tags > 30 are very rare anyway. -+ */ -+ if (out && (tag != -1)) -+ *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); -+ return i; -+ -+ case ASN1_ITYPE_NDEF_SEQUENCE: -+ /* Use indefinite length constructed if requested */ -+ if (aclass & ASN1_TFLG_NDEF) -+ ndef = 2; -+ /* fall through */ -+ -+ case ASN1_ITYPE_SEQUENCE: -+ i = asn1_enc_restore(&seqcontlen, out, pval, it); -+ /* An error occurred */ -+ if (i < 0) -+ return 0; -+ /* We have a valid cached encoding... */ -+ if (i > 0) -+ return seqcontlen; -+ /* Otherwise carry on */ -+ seqcontlen = 0; -+ /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ -+ if (tag == -1) { -+ tag = V_ASN1_SEQUENCE; -+ /* Retain any other flags in aclass */ -+ aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) -+ | V_ASN1_UNIVERSAL; -+ } -+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) -+ return 0; -+ /* First work out sequence content length */ -+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { -+ const ASN1_TEMPLATE *seqtt; -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ if (!seqtt) -+ return 0; -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ /* FIXME: check for errors in enhanced version */ -+ seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt, -+ -1, aclass); -+ } -+ -+ seqlen = ASN1_object_size(ndef, seqcontlen, tag); -+ if (!out) -+ return seqlen; -+ /* Output SEQUENCE header */ -+ ASN1_put_object(out, ndef, seqcontlen, tag, aclass); -+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { -+ const ASN1_TEMPLATE *seqtt; -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ if (!seqtt) -+ return 0; -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ /* FIXME: check for errors in enhanced version */ -+ asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); -+ } -+ if (ndef == 2) -+ ASN1_put_eoc(out); -+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) -+ return 0; -+ return seqlen; -+ -+ default: -+ return 0; -+ -+ } -+ return 0; -+} - - int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, -- const ASN1_TEMPLATE *tt) -- { -- return asn1_template_ex_i2d(pval, out, tt, -1, 0); -- } -+ const ASN1_TEMPLATE *tt) -+{ -+ return asn1_template_ex_i2d(pval, out, tt, -1, 0); -+} - - static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, -- const ASN1_TEMPLATE *tt, int tag, int iclass) -- { -- int i, ret, flags, ttag, tclass, ndef; -- flags = tt->flags; -- /* Work out tag and class to use: tagging may come -- * either from the template or the arguments, not both -- * because this would create ambiguity. Additionally -- * the iclass argument may contain some additional flags -- * which should be noted and passed down to other levels. -- */ -- if (flags & ASN1_TFLG_TAG_MASK) -- { -- /* Error if argument and template tagging */ -- if (tag != -1) -- /* FIXME: error code here */ -- return -1; -- /* Get tagging from template */ -- ttag = tt->tag; -- tclass = flags & ASN1_TFLG_TAG_CLASS; -- } -- else if (tag != -1) -- { -- /* No template tagging, get from arguments */ -- ttag = tag; -- tclass = iclass & ASN1_TFLG_TAG_CLASS; -- } -- else -- { -- ttag = -1; -- tclass = 0; -- } -- /* -- * Remove any class mask from iflag. -- */ -- iclass &= ~ASN1_TFLG_TAG_CLASS; -- -- /* At this point 'ttag' contains the outer tag to use, -- * 'tclass' is the class and iclass is any flags passed -- * to this function. -- */ -- -- /* if template and arguments require ndef, use it */ -- if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) -- ndef = 2; -- else ndef = 1; -- -- if (flags & ASN1_TFLG_SK_MASK) -- { -- /* SET OF, SEQUENCE OF */ -- STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; -- int isset, sktag, skaclass; -- int skcontlen, sklen; -- ASN1_VALUE *skitem; -- -- if (!*pval) -- return 0; -- -- if (flags & ASN1_TFLG_SET_OF) -- { -- isset = 1; -- /* 2 means we reorder */ -- if (flags & ASN1_TFLG_SEQUENCE_OF) -- isset = 2; -- } -- else isset = 0; -- -- /* Work out inner tag value: if EXPLICIT -- * or no tagging use underlying type. -- */ -- if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) -- { -- sktag = ttag; -- skaclass = tclass; -- } -- else -- { -- skaclass = V_ASN1_UNIVERSAL; -- if (isset) -- sktag = V_ASN1_SET; -- else sktag = V_ASN1_SEQUENCE; -- } -- -- /* Determine total length of items */ -- skcontlen = 0; -- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) -- { -- skitem = sk_ASN1_VALUE_value(sk, i); -- skcontlen += ASN1_item_ex_i2d(&skitem, NULL, -- ASN1_ITEM_ptr(tt->item), -- -1, iclass); -- } -- sklen = ASN1_object_size(ndef, skcontlen, sktag); -- /* If EXPLICIT need length of surrounding tag */ -- if (flags & ASN1_TFLG_EXPTAG) -- ret = ASN1_object_size(ndef, sklen, ttag); -- else ret = sklen; -- -- if (!out) -- return ret; -- -- /* Now encode this lot... */ -- /* EXPLICIT tag */ -- if (flags & ASN1_TFLG_EXPTAG) -- ASN1_put_object(out, ndef, sklen, ttag, tclass); -- /* SET or SEQUENCE and IMPLICIT tag */ -- ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); -- /* And the stuff itself */ -- asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), -- isset, iclass); -- if (ndef == 2) -- { -- ASN1_put_eoc(out); -- if (flags & ASN1_TFLG_EXPTAG) -- ASN1_put_eoc(out); -- } -- -- return ret; -- } -- -- if (flags & ASN1_TFLG_EXPTAG) -- { -- /* EXPLICIT tagging */ -- /* Find length of tagged item */ -- i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -- -1, iclass); -- if (!i) -- return 0; -- /* Find length of EXPLICIT tag */ -- ret = ASN1_object_size(ndef, i, ttag); -- if (out) -- { -- /* Output tag and item */ -- ASN1_put_object(out, ndef, i, ttag, tclass); -- ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -- -1, iclass); -- if (ndef == 2) -- ASN1_put_eoc(out); -- } -- return ret; -- } -- -- /* Either normal or IMPLICIT tagging: combine class and flags */ -- return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -- ttag, tclass | iclass); -+ const ASN1_TEMPLATE *tt, int tag, int iclass) -+{ -+ int i, ret, flags, ttag, tclass, ndef; -+ flags = tt->flags; -+ /* -+ * Work out tag and class to use: tagging may come either from the -+ * template or the arguments, not both because this would create -+ * ambiguity. Additionally the iclass argument may contain some -+ * additional flags which should be noted and passed down to other -+ * levels. -+ */ -+ if (flags & ASN1_TFLG_TAG_MASK) { -+ /* Error if argument and template tagging */ -+ if (tag != -1) -+ /* FIXME: error code here */ -+ return -1; -+ /* Get tagging from template */ -+ ttag = tt->tag; -+ tclass = flags & ASN1_TFLG_TAG_CLASS; -+ } else if (tag != -1) { -+ /* No template tagging, get from arguments */ -+ ttag = tag; -+ tclass = iclass & ASN1_TFLG_TAG_CLASS; -+ } else { -+ ttag = -1; -+ tclass = 0; -+ } -+ /* -+ * Remove any class mask from iflag. -+ */ -+ iclass &= ~ASN1_TFLG_TAG_CLASS; -+ -+ /* -+ * At this point 'ttag' contains the outer tag to use, 'tclass' is the -+ * class and iclass is any flags passed to this function. -+ */ -+ -+ /* if template and arguments require ndef, use it */ -+ if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) -+ ndef = 2; -+ else -+ ndef = 1; -+ -+ if (flags & ASN1_TFLG_SK_MASK) { -+ /* SET OF, SEQUENCE OF */ -+ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; -+ int isset, sktag, skaclass; -+ int skcontlen, sklen; -+ ASN1_VALUE *skitem; -+ -+ if (!*pval) -+ return 0; -+ -+ if (flags & ASN1_TFLG_SET_OF) { -+ isset = 1; -+ /* 2 means we reorder */ -+ if (flags & ASN1_TFLG_SEQUENCE_OF) -+ isset = 2; -+ } else -+ isset = 0; -+ -+ /* -+ * Work out inner tag value: if EXPLICIT or no tagging use underlying -+ * type. -+ */ -+ if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) { -+ sktag = ttag; -+ skaclass = tclass; -+ } else { -+ skaclass = V_ASN1_UNIVERSAL; -+ if (isset) -+ sktag = V_ASN1_SET; -+ else -+ sktag = V_ASN1_SEQUENCE; -+ } -+ -+ /* Determine total length of items */ -+ skcontlen = 0; -+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { -+ skitem = sk_ASN1_VALUE_value(sk, i); -+ skcontlen += ASN1_item_ex_i2d(&skitem, NULL, -+ ASN1_ITEM_ptr(tt->item), -+ -1, iclass); -+ } -+ sklen = ASN1_object_size(ndef, skcontlen, sktag); -+ /* If EXPLICIT need length of surrounding tag */ -+ if (flags & ASN1_TFLG_EXPTAG) -+ ret = ASN1_object_size(ndef, sklen, ttag); -+ else -+ ret = sklen; -+ -+ if (!out) -+ return ret; -+ -+ /* Now encode this lot... */ -+ /* EXPLICIT tag */ -+ if (flags & ASN1_TFLG_EXPTAG) -+ ASN1_put_object(out, ndef, sklen, ttag, tclass); -+ /* SET or SEQUENCE and IMPLICIT tag */ -+ ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); -+ /* And the stuff itself */ -+ asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), -+ isset, iclass); -+ if (ndef == 2) { -+ ASN1_put_eoc(out); -+ if (flags & ASN1_TFLG_EXPTAG) -+ ASN1_put_eoc(out); -+ } -+ -+ return ret; -+ } -+ -+ if (flags & ASN1_TFLG_EXPTAG) { -+ /* EXPLICIT tagging */ -+ /* Find length of tagged item */ -+ i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass); -+ if (!i) -+ return 0; -+ /* Find length of EXPLICIT tag */ -+ ret = ASN1_object_size(ndef, i, ttag); -+ if (out) { -+ /* Output tag and item */ -+ ASN1_put_object(out, ndef, i, ttag, tclass); -+ ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass); -+ if (ndef == 2) -+ ASN1_put_eoc(out); -+ } -+ return ret; -+ } -+ -+ /* Either normal or IMPLICIT tagging: combine class and flags */ -+ return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -+ ttag, tclass | iclass); - - } - - /* Temporary structure used to hold DER encoding of items for SET OF */ - --typedef struct { -- unsigned char *data; -- int length; -- ASN1_VALUE *field; -+typedef struct { -+ unsigned char *data; -+ int length; -+ ASN1_VALUE *field; - } DER_ENC; - - static int der_cmp(const void *a, const void *b) -- { -- const DER_ENC *d1 = a, *d2 = b; -- int cmplen, i; -- cmplen = (d1->length < d2->length) ? d1->length : d2->length; -- i = memcmp(d1->data, d2->data, cmplen); -- if (i) -- return i; -- return d1->length - d2->length; -- } -+{ -+ const DER_ENC *d1 = a, *d2 = b; -+ int cmplen, i; -+ cmplen = (d1->length < d2->length) ? d1->length : d2->length; -+ i = memcmp(d1->data, d2->data, cmplen); -+ if (i) -+ return i; -+ return d1->length - d2->length; -+} - - /* Output the content octets of SET OF or SEQUENCE OF */ - - static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, -- int skcontlen, const ASN1_ITEM *item, -- int do_sort, int iclass) -- { -- int i; -- ASN1_VALUE *skitem; -- unsigned char *tmpdat = NULL, *p = NULL; -- DER_ENC *derlst = NULL, *tder; -- if (do_sort) -- { -- /* Don't need to sort less than 2 items */ -- if (sk_ASN1_VALUE_num(sk) < 2) -- do_sort = 0; -- else -- { -- derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) -- * sizeof(*derlst)); -- if (!derlst) -- return 0; -- tmpdat = OPENSSL_malloc(skcontlen); -- if (!tmpdat) -- { -- OPENSSL_free(derlst); -- return 0; -- } -- } -- } -- /* If not sorting just output each item */ -- if (!do_sort) -- { -- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) -- { -- skitem = sk_ASN1_VALUE_value(sk, i); -- ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); -- } -- return 1; -- } -- p = tmpdat; -- -- /* Doing sort: build up a list of each member's DER encoding */ -- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) -- { -- skitem = sk_ASN1_VALUE_value(sk, i); -- tder->data = p; -- tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); -- tder->field = skitem; -- } -- -- /* Now sort them */ -- qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); -- /* Output sorted DER encoding */ -- p = *out; -- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) -- { -- memcpy(p, tder->data, tder->length); -- p += tder->length; -- } -- *out = p; -- /* If do_sort is 2 then reorder the STACK */ -- if (do_sort == 2) -- { -- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); -- i++, tder++) -- (void)sk_ASN1_VALUE_set(sk, i, tder->field); -- } -- OPENSSL_free(derlst); -- OPENSSL_free(tmpdat); -- return 1; -- } -+ int skcontlen, const ASN1_ITEM *item, -+ int do_sort, int iclass) -+{ -+ int i; -+ ASN1_VALUE *skitem; -+ unsigned char *tmpdat = NULL, *p = NULL; -+ DER_ENC *derlst = NULL, *tder; -+ if (do_sort) { -+ /* Don't need to sort less than 2 items */ -+ if (sk_ASN1_VALUE_num(sk) < 2) -+ do_sort = 0; -+ else { -+ derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) -+ * sizeof(*derlst)); -+ if (!derlst) -+ return 0; -+ tmpdat = OPENSSL_malloc(skcontlen); -+ if (!tmpdat) { -+ OPENSSL_free(derlst); -+ return 0; -+ } -+ } -+ } -+ /* If not sorting just output each item */ -+ if (!do_sort) { -+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { -+ skitem = sk_ASN1_VALUE_value(sk, i); -+ ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); -+ } -+ return 1; -+ } -+ p = tmpdat; -+ -+ /* Doing sort: build up a list of each member's DER encoding */ -+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { -+ skitem = sk_ASN1_VALUE_value(sk, i); -+ tder->data = p; -+ tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); -+ tder->field = skitem; -+ } -+ -+ /* Now sort them */ -+ qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); -+ /* Output sorted DER encoding */ -+ p = *out; -+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { -+ memcpy(p, tder->data, tder->length); -+ p += tder->length; -+ } -+ *out = p; -+ /* If do_sort is 2 then reorder the STACK */ -+ if (do_sort == 2) { -+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) -+ (void)sk_ASN1_VALUE_set(sk, i, tder->field); -+ } -+ OPENSSL_free(derlst); -+ OPENSSL_free(tmpdat); -+ return 1; -+} - - static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, -- const ASN1_ITEM *it, int tag, int aclass) -- { -- int len; -- int utype; -- int usetag; -- int ndef = 0; -- -- utype = it->utype; -- -- /* Get length of content octets and maybe find -- * out the underlying type. -- */ -- -- len = asn1_ex_i2c(pval, NULL, &utype, it); -- -- /* If SEQUENCE, SET or OTHER then header is -- * included in pseudo content octets so don't -- * include tag+length. We need to check here -- * because the call to asn1_ex_i2c() could change -- * utype. -- */ -- if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || -- (utype == V_ASN1_OTHER)) -- usetag = 0; -- else usetag = 1; -- -- /* -1 means omit type */ -- -- if (len == -1) -- return 0; -- -- /* -2 return is special meaning use ndef */ -- if (len == -2) -- { -- ndef = 2; -- len = 0; -- } -- -- /* If not implicitly tagged get tag from underlying type */ -- if (tag == -1) tag = utype; -- -- /* Output tag+length followed by content octets */ -- if (out) -- { -- if (usetag) -- ASN1_put_object(out, ndef, len, tag, aclass); -- asn1_ex_i2c(pval, *out, &utype, it); -- if (ndef) -- ASN1_put_eoc(out); -- else -- *out += len; -- } -- -- if (usetag) -- return ASN1_object_size(ndef, len, tag); -- return len; -- } -+ const ASN1_ITEM *it, int tag, int aclass) -+{ -+ int len; -+ int utype; -+ int usetag; -+ int ndef = 0; -+ -+ utype = it->utype; -+ -+ /* -+ * Get length of content octets and maybe find out the underlying type. -+ */ -+ -+ len = asn1_ex_i2c(pval, NULL, &utype, it); -+ -+ /* -+ * If SEQUENCE, SET or OTHER then header is included in pseudo content -+ * octets so don't include tag+length. We need to check here because the -+ * call to asn1_ex_i2c() could change utype. -+ */ -+ if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || -+ (utype == V_ASN1_OTHER)) -+ usetag = 0; -+ else -+ usetag = 1; -+ -+ /* -1 means omit type */ -+ -+ if (len == -1) -+ return 0; -+ -+ /* -2 return is special meaning use ndef */ -+ if (len == -2) { -+ ndef = 2; -+ len = 0; -+ } -+ -+ /* If not implicitly tagged get tag from underlying type */ -+ if (tag == -1) -+ tag = utype; -+ -+ /* Output tag+length followed by content octets */ -+ if (out) { -+ if (usetag) -+ ASN1_put_object(out, ndef, len, tag, aclass); -+ asn1_ex_i2c(pval, *out, &utype, it); -+ if (ndef) -+ ASN1_put_eoc(out); -+ else -+ *out += len; -+ } -+ -+ if (usetag) -+ return ASN1_object_size(ndef, len, tag); -+ return len; -+} - - /* Produce content octets from a structure */ - - int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, -- const ASN1_ITEM *it) -- { -- ASN1_BOOLEAN *tbool = NULL; -- ASN1_STRING *strtmp; -- ASN1_OBJECT *otmp; -- int utype; -- unsigned char *cont, c; -- int len; -- const ASN1_PRIMITIVE_FUNCS *pf; -- pf = it->funcs; -- if (pf && pf->prim_i2c) -- return pf->prim_i2c(pval, cout, putype, it); -- -- /* Should type be omitted? */ -- if ((it->itype != ASN1_ITYPE_PRIMITIVE) -- || (it->utype != V_ASN1_BOOLEAN)) -- { -- if (!*pval) return -1; -- } -- -- if (it->itype == ASN1_ITYPE_MSTRING) -- { -- /* If MSTRING type set the underlying type */ -- strtmp = (ASN1_STRING *)*pval; -- utype = strtmp->type; -- *putype = utype; -- } -- else if (it->utype == V_ASN1_ANY) -- { -- /* If ANY set type and pointer to value */ -- ASN1_TYPE *typ; -- typ = (ASN1_TYPE *)*pval; -- utype = typ->type; -- *putype = utype; -- pval = &typ->value.asn1_value; -- } -- else utype = *putype; -- -- switch(utype) -- { -- case V_ASN1_OBJECT: -- otmp = (ASN1_OBJECT *)*pval; -- cont = otmp->data; -- len = otmp->length; -- break; -- -- case V_ASN1_NULL: -- cont = NULL; -- len = 0; -- break; -- -- case V_ASN1_BOOLEAN: -- tbool = (ASN1_BOOLEAN *)pval; -- if (*tbool == -1) -- return -1; -- if (it->utype != V_ASN1_ANY) -- { -- /* Default handling if value == size field then omit */ -- if (*tbool && (it->size > 0)) -- return -1; -- if (!*tbool && !it->size) -- return -1; -- } -- c = (unsigned char)*tbool; -- cont = &c; -- len = 1; -- break; -- -- case V_ASN1_BIT_STRING: -- return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, -- cout ? &cout : NULL); -- break; -- -- case V_ASN1_INTEGER: -- case V_ASN1_NEG_INTEGER: -- case V_ASN1_ENUMERATED: -- case V_ASN1_NEG_ENUMERATED: -- /* These are all have the same content format -- * as ASN1_INTEGER -- */ -- return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, -- cout ? &cout : NULL); -- break; -- -- case V_ASN1_OCTET_STRING: -- case V_ASN1_NUMERICSTRING: -- case V_ASN1_PRINTABLESTRING: -- case V_ASN1_T61STRING: -- case V_ASN1_VIDEOTEXSTRING: -- case V_ASN1_IA5STRING: -- case V_ASN1_UTCTIME: -- case V_ASN1_GENERALIZEDTIME: -- case V_ASN1_GRAPHICSTRING: -- case V_ASN1_VISIBLESTRING: -- case V_ASN1_GENERALSTRING: -- case V_ASN1_UNIVERSALSTRING: -- case V_ASN1_BMPSTRING: -- case V_ASN1_UTF8STRING: -- case V_ASN1_SEQUENCE: -- case V_ASN1_SET: -- default: -- /* All based on ASN1_STRING and handled the same */ -- strtmp = (ASN1_STRING *)*pval; -- /* Special handling for NDEF */ -- if ((it->size == ASN1_TFLG_NDEF) -- && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) -- { -- if (cout) -- { -- strtmp->data = cout; -- strtmp->length = 0; -- } -- /* Special return code */ -- return -2; -- } -- cont = strtmp->data; -- len = strtmp->length; -- -- break; -- -- } -- if (cout && len) -- memcpy(cout, cont, len); -- return len; -- } -+ const ASN1_ITEM *it) -+{ -+ ASN1_BOOLEAN *tbool = NULL; -+ ASN1_STRING *strtmp; -+ ASN1_OBJECT *otmp; -+ int utype; -+ unsigned char *cont, c; -+ int len; -+ const ASN1_PRIMITIVE_FUNCS *pf; -+ pf = it->funcs; -+ if (pf && pf->prim_i2c) -+ return pf->prim_i2c(pval, cout, putype, it); -+ -+ /* Should type be omitted? */ -+ if ((it->itype != ASN1_ITYPE_PRIMITIVE) -+ || (it->utype != V_ASN1_BOOLEAN)) { -+ if (!*pval) -+ return -1; -+ } -+ -+ if (it->itype == ASN1_ITYPE_MSTRING) { -+ /* If MSTRING type set the underlying type */ -+ strtmp = (ASN1_STRING *)*pval; -+ utype = strtmp->type; -+ *putype = utype; -+ } else if (it->utype == V_ASN1_ANY) { -+ /* If ANY set type and pointer to value */ -+ ASN1_TYPE *typ; -+ typ = (ASN1_TYPE *)*pval; -+ utype = typ->type; -+ *putype = utype; -+ pval = &typ->value.asn1_value; -+ } else -+ utype = *putype; -+ -+ switch (utype) { -+ case V_ASN1_OBJECT: -+ otmp = (ASN1_OBJECT *)*pval; -+ cont = otmp->data; -+ len = otmp->length; -+ break; -+ -+ case V_ASN1_NULL: -+ cont = NULL; -+ len = 0; -+ break; -+ -+ case V_ASN1_BOOLEAN: -+ tbool = (ASN1_BOOLEAN *)pval; -+ if (*tbool == -1) -+ return -1; -+ if (it->utype != V_ASN1_ANY) { -+ /* -+ * Default handling if value == size field then omit -+ */ -+ if (*tbool && (it->size > 0)) -+ return -1; -+ if (!*tbool && !it->size) -+ return -1; -+ } -+ c = (unsigned char)*tbool; -+ cont = &c; -+ len = 1; -+ break; -+ -+ case V_ASN1_BIT_STRING: -+ return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, -+ cout ? &cout : NULL); -+ break; -+ -+ case V_ASN1_INTEGER: -+ case V_ASN1_NEG_INTEGER: -+ case V_ASN1_ENUMERATED: -+ case V_ASN1_NEG_ENUMERATED: -+ /* -+ * These are all have the same content format as ASN1_INTEGER -+ */ -+ return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); -+ break; -+ -+ case V_ASN1_OCTET_STRING: -+ case V_ASN1_NUMERICSTRING: -+ case V_ASN1_PRINTABLESTRING: -+ case V_ASN1_T61STRING: -+ case V_ASN1_VIDEOTEXSTRING: -+ case V_ASN1_IA5STRING: -+ case V_ASN1_UTCTIME: -+ case V_ASN1_GENERALIZEDTIME: -+ case V_ASN1_GRAPHICSTRING: -+ case V_ASN1_VISIBLESTRING: -+ case V_ASN1_GENERALSTRING: -+ case V_ASN1_UNIVERSALSTRING: -+ case V_ASN1_BMPSTRING: -+ case V_ASN1_UTF8STRING: -+ case V_ASN1_SEQUENCE: -+ case V_ASN1_SET: -+ default: -+ /* All based on ASN1_STRING and handled the same */ -+ strtmp = (ASN1_STRING *)*pval; -+ /* Special handling for NDEF */ -+ if ((it->size == ASN1_TFLG_NDEF) -+ && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) { -+ if (cout) { -+ strtmp->data = cout; -+ strtmp->length = 0; -+ } -+ /* Special return code */ -+ return -2; -+ } -+ cont = strtmp->data; -+ len = strtmp->length; -+ -+ break; -+ -+ } -+ if (cout && len) -+ memcpy(cout, cont, len); -+ return len; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c -index d7c017f..a56d89b 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c -@@ -1,6 +1,7 @@ - /* tasn_fre.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,211 +57,193 @@ - * - */ - -- - #include - #include - #include - #include - --static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); -+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, -+ int combine); - - /* Free up an ASN1 structure */ - - void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) -- { -- asn1_item_combine_free(&val, it, 0); -- } -+{ -+ asn1_item_combine_free(&val, it, 0); -+} - - void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- asn1_item_combine_free(pval, it, 0); -- } -- --static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) -- { -- const ASN1_TEMPLATE *tt = NULL, *seqtt; -- const ASN1_EXTERN_FUNCS *ef; -- const ASN1_COMPAT_FUNCS *cf; -- const ASN1_AUX *aux = it->funcs; -- ASN1_aux_cb *asn1_cb; -- int i; -- if (!pval) -- return; -- if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) -- return; -- if (aux && aux->asn1_cb) -- asn1_cb = aux->asn1_cb; -- else -- asn1_cb = 0; -- -- switch(it->itype) -- { -- -- case ASN1_ITYPE_PRIMITIVE: -- if (it->templates) -- ASN1_template_free(pval, it->templates); -- else -- ASN1_primitive_free(pval, it); -- break; -- -- case ASN1_ITYPE_MSTRING: -- ASN1_primitive_free(pval, it); -- break; -- -- case ASN1_ITYPE_CHOICE: -- if (asn1_cb) -- { -- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); -- if (i == 2) -- return; -- } -- i = asn1_get_choice_selector(pval, it); -- if ((i >= 0) && (i < it->tcount)) -- { -- ASN1_VALUE **pchval; -- tt = it->templates + i; -- pchval = asn1_get_field_ptr(pval, tt); -- ASN1_template_free(pchval, tt); -- } -- if (asn1_cb) -- asn1_cb(ASN1_OP_FREE_POST, pval, it); -- if (!combine) -- { -- OPENSSL_free(*pval); -- *pval = NULL; -- } -- break; -- -- case ASN1_ITYPE_COMPAT: -- cf = it->funcs; -- if (cf && cf->asn1_free) -- cf->asn1_free(*pval); -- break; -- -- case ASN1_ITYPE_EXTERN: -- ef = it->funcs; -- if (ef && ef->asn1_ex_free) -- ef->asn1_ex_free(pval, it); -- break; -- -- case ASN1_ITYPE_NDEF_SEQUENCE: -- case ASN1_ITYPE_SEQUENCE: -- if (asn1_do_lock(pval, -1, it) > 0) -- return; -- if (asn1_cb) -- { -- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); -- if (i == 2) -- return; -- } -- asn1_enc_free(pval, it); -- /* If we free up as normal we will invalidate any -- * ANY DEFINED BY field and we wont be able to -- * determine the type of the field it defines. So -- * free up in reverse order. -- */ -- tt = it->templates + it->tcount - 1; -- for (i = 0; i < it->tcount; tt--, i++) -- { -- ASN1_VALUE **pseqval; -- seqtt = asn1_do_adb(pval, tt, 0); -- if (!seqtt) -- continue; -- pseqval = asn1_get_field_ptr(pval, seqtt); -- ASN1_template_free(pseqval, seqtt); -- } -- if (asn1_cb) -- asn1_cb(ASN1_OP_FREE_POST, pval, it); -- if (!combine) -- { -- OPENSSL_free(*pval); -- *pval = NULL; -- } -- break; -- } -- } -+{ -+ asn1_item_combine_free(pval, it, 0); -+} -+ -+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, -+ int combine) -+{ -+ const ASN1_TEMPLATE *tt = NULL, *seqtt; -+ const ASN1_EXTERN_FUNCS *ef; -+ const ASN1_COMPAT_FUNCS *cf; -+ const ASN1_AUX *aux = it->funcs; -+ ASN1_aux_cb *asn1_cb; -+ int i; -+ if (!pval) -+ return; -+ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) -+ return; -+ if (aux && aux->asn1_cb) -+ asn1_cb = aux->asn1_cb; -+ else -+ asn1_cb = 0; -+ -+ switch (it->itype) { -+ -+ case ASN1_ITYPE_PRIMITIVE: -+ if (it->templates) -+ ASN1_template_free(pval, it->templates); -+ else -+ ASN1_primitive_free(pval, it); -+ break; -+ -+ case ASN1_ITYPE_MSTRING: -+ ASN1_primitive_free(pval, it); -+ break; -+ -+ case ASN1_ITYPE_CHOICE: -+ if (asn1_cb) { -+ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); -+ if (i == 2) -+ return; -+ } -+ i = asn1_get_choice_selector(pval, it); -+ if ((i >= 0) && (i < it->tcount)) { -+ ASN1_VALUE **pchval; -+ tt = it->templates + i; -+ pchval = asn1_get_field_ptr(pval, tt); -+ ASN1_template_free(pchval, tt); -+ } -+ if (asn1_cb) -+ asn1_cb(ASN1_OP_FREE_POST, pval, it); -+ if (!combine) { -+ OPENSSL_free(*pval); -+ *pval = NULL; -+ } -+ break; -+ -+ case ASN1_ITYPE_COMPAT: -+ cf = it->funcs; -+ if (cf && cf->asn1_free) -+ cf->asn1_free(*pval); -+ break; -+ -+ case ASN1_ITYPE_EXTERN: -+ ef = it->funcs; -+ if (ef && ef->asn1_ex_free) -+ ef->asn1_ex_free(pval, it); -+ break; -+ -+ case ASN1_ITYPE_NDEF_SEQUENCE: -+ case ASN1_ITYPE_SEQUENCE: -+ if (asn1_do_lock(pval, -1, it) > 0) -+ return; -+ if (asn1_cb) { -+ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); -+ if (i == 2) -+ return; -+ } -+ asn1_enc_free(pval, it); -+ /* -+ * If we free up as normal we will invalidate any ANY DEFINED BY -+ * field and we wont be able to determine the type of the field it -+ * defines. So free up in reverse order. -+ */ -+ tt = it->templates + it->tcount - 1; -+ for (i = 0; i < it->tcount; tt--, i++) { -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 0); -+ if (!seqtt) -+ continue; -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ ASN1_template_free(pseqval, seqtt); -+ } -+ if (asn1_cb) -+ asn1_cb(ASN1_OP_FREE_POST, pval, it); -+ if (!combine) { -+ OPENSSL_free(*pval); -+ *pval = NULL; -+ } -+ break; -+ } -+} - - void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -- { -- int i; -- if (tt->flags & ASN1_TFLG_SK_MASK) -- { -- STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; -- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) -- { -- ASN1_VALUE *vtmp; -- vtmp = sk_ASN1_VALUE_value(sk, i); -- asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), -- 0); -- } -- sk_ASN1_VALUE_free(sk); -- *pval = NULL; -- } -- else -- asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), -- tt->flags & ASN1_TFLG_COMBINE); -- } -+{ -+ int i; -+ if (tt->flags & ASN1_TFLG_SK_MASK) { -+ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; -+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { -+ ASN1_VALUE *vtmp; -+ vtmp = sk_ASN1_VALUE_value(sk, i); -+ asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0); -+ } -+ sk_ASN1_VALUE_free(sk); -+ *pval = NULL; -+ } else -+ asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), -+ tt->flags & ASN1_TFLG_COMBINE); -+} - - void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- int utype; -- if (it) -- { -- const ASN1_PRIMITIVE_FUNCS *pf; -- pf = it->funcs; -- if (pf && pf->prim_free) -- { -- pf->prim_free(pval, it); -- return; -- } -- } -- /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ -- if (!it) -- { -- ASN1_TYPE *typ = (ASN1_TYPE *)*pval; -- utype = typ->type; -- pval = &typ->value.asn1_value; -- if (!*pval) -- return; -- } -- else if (it->itype == ASN1_ITYPE_MSTRING) -- { -- utype = -1; -- if (!*pval) -- return; -- } -- else -- { -- utype = it->utype; -- if ((utype != V_ASN1_BOOLEAN) && !*pval) -- return; -- } -- -- switch(utype) -- { -- case V_ASN1_OBJECT: -- ASN1_OBJECT_free((ASN1_OBJECT *)*pval); -- break; -- -- case V_ASN1_BOOLEAN: -- if (it) -- *(ASN1_BOOLEAN *)pval = it->size; -- else -- *(ASN1_BOOLEAN *)pval = -1; -- return; -- -- case V_ASN1_NULL: -- break; -- -- case V_ASN1_ANY: -- ASN1_primitive_free(pval, NULL); -- OPENSSL_free(*pval); -- break; -- -- default: -- ASN1_STRING_free((ASN1_STRING *)*pval); -- *pval = NULL; -- break; -- } -- *pval = NULL; -- } -+{ -+ int utype; -+ if (it) { -+ const ASN1_PRIMITIVE_FUNCS *pf; -+ pf = it->funcs; -+ if (pf && pf->prim_free) { -+ pf->prim_free(pval, it); -+ return; -+ } -+ } -+ /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ -+ if (!it) { -+ ASN1_TYPE *typ = (ASN1_TYPE *)*pval; -+ utype = typ->type; -+ pval = &typ->value.asn1_value; -+ if (!*pval) -+ return; -+ } else if (it->itype == ASN1_ITYPE_MSTRING) { -+ utype = -1; -+ if (!*pval) -+ return; -+ } else { -+ utype = it->utype; -+ if ((utype != V_ASN1_BOOLEAN) && !*pval) -+ return; -+ } -+ -+ switch (utype) { -+ case V_ASN1_OBJECT: -+ ASN1_OBJECT_free((ASN1_OBJECT *)*pval); -+ break; -+ -+ case V_ASN1_BOOLEAN: -+ if (it) -+ *(ASN1_BOOLEAN *)pval = it->size; -+ else -+ *(ASN1_BOOLEAN *)pval = -1; -+ return; -+ -+ case V_ASN1_NULL: -+ break; -+ -+ case V_ASN1_ANY: -+ ASN1_primitive_free(pval, NULL); -+ OPENSSL_free(*pval); -+ break; -+ -+ default: -+ ASN1_STRING_free((ASN1_STRING *)*pval); -+ *pval = NULL; -+ break; -+ } -+ *pval = NULL; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c -index 5c6a2eb..8c540cc 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c -@@ -1,6 +1,7 @@ - /* tasn_new.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include - #include -@@ -65,331 +65,316 @@ - #include - - static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, -- int combine); -+ int combine); - static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); - static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); - - ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) -- { -- ASN1_VALUE *ret = NULL; -- if (ASN1_item_ex_new(&ret, it) > 0) -- return ret; -- return NULL; -- } -+{ -+ ASN1_VALUE *ret = NULL; -+ if (ASN1_item_ex_new(&ret, it) > 0) -+ return ret; -+ return NULL; -+} - - /* Allocate an ASN1 structure */ - - int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- return asn1_item_ex_combine_new(pval, it, 0); -- } -+{ -+ return asn1_item_ex_combine_new(pval, it, 0); -+} - - static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, -- int combine) -- { -- const ASN1_TEMPLATE *tt = NULL; -- const ASN1_COMPAT_FUNCS *cf; -- const ASN1_EXTERN_FUNCS *ef; -- const ASN1_AUX *aux = it->funcs; -- ASN1_aux_cb *asn1_cb; -- ASN1_VALUE **pseqval; -- int i; -- if (aux && aux->asn1_cb) -- asn1_cb = aux->asn1_cb; -- else -- asn1_cb = 0; -- -- if (!combine) *pval = NULL; -+ int combine) -+{ -+ const ASN1_TEMPLATE *tt = NULL; -+ const ASN1_COMPAT_FUNCS *cf; -+ const ASN1_EXTERN_FUNCS *ef; -+ const ASN1_AUX *aux = it->funcs; -+ ASN1_aux_cb *asn1_cb; -+ ASN1_VALUE **pseqval; -+ int i; -+ if (aux && aux->asn1_cb) -+ asn1_cb = aux->asn1_cb; -+ else -+ asn1_cb = 0; -+ -+ if (!combine) -+ *pval = NULL; - - #ifdef CRYPTO_MDEBUG -- if (it->sname) -- CRYPTO_push_info(it->sname); -+ if (it->sname) -+ CRYPTO_push_info(it->sname); - #endif - -- switch(it->itype) -- { -- -- case ASN1_ITYPE_EXTERN: -- ef = it->funcs; -- if (ef && ef->asn1_ex_new) -- { -- if (!ef->asn1_ex_new(pval, it)) -- goto memerr; -- } -- break; -- -- case ASN1_ITYPE_COMPAT: -- cf = it->funcs; -- if (cf && cf->asn1_new) { -- *pval = cf->asn1_new(); -- if (!*pval) -- goto memerr; -- } -- break; -- -- case ASN1_ITYPE_PRIMITIVE: -- if (it->templates) -- { -- if (!ASN1_template_new(pval, it->templates)) -- goto memerr; -- } -- else if (!ASN1_primitive_new(pval, it)) -- goto memerr; -- break; -- -- case ASN1_ITYPE_MSTRING: -- if (!ASN1_primitive_new(pval, it)) -- goto memerr; -- break; -- -- case ASN1_ITYPE_CHOICE: -- if (asn1_cb) -- { -- i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); -- if (!i) -- goto auxerr; -- if (i==2) -- { -+ switch (it->itype) { -+ -+ case ASN1_ITYPE_EXTERN: -+ ef = it->funcs; -+ if (ef && ef->asn1_ex_new) { -+ if (!ef->asn1_ex_new(pval, it)) -+ goto memerr; -+ } -+ break; -+ -+ case ASN1_ITYPE_COMPAT: -+ cf = it->funcs; -+ if (cf && cf->asn1_new) { -+ *pval = cf->asn1_new(); -+ if (!*pval) -+ goto memerr; -+ } -+ break; -+ -+ case ASN1_ITYPE_PRIMITIVE: -+ if (it->templates) { -+ if (!ASN1_template_new(pval, it->templates)) -+ goto memerr; -+ } else if (!ASN1_primitive_new(pval, it)) -+ goto memerr; -+ break; -+ -+ case ASN1_ITYPE_MSTRING: -+ if (!ASN1_primitive_new(pval, it)) -+ goto memerr; -+ break; -+ -+ case ASN1_ITYPE_CHOICE: -+ if (asn1_cb) { -+ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); -+ if (!i) -+ goto auxerr; -+ if (i == 2) { - #ifdef CRYPTO_MDEBUG -- if (it->sname) -- CRYPTO_pop_info(); -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif -- return 1; -- } -- } -- if (!combine) -- { -- *pval = OPENSSL_malloc(it->size); -- if (!*pval) -- goto memerr; -- memset(*pval, 0, it->size); -- } -- asn1_set_choice_selector(pval, -1, it); -- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) -- goto auxerr; -- break; -- -- case ASN1_ITYPE_NDEF_SEQUENCE: -- case ASN1_ITYPE_SEQUENCE: -- if (asn1_cb) -- { -- i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); -- if (!i) -- goto auxerr; -- if (i==2) -- { -+ return 1; -+ } -+ } -+ if (!combine) { -+ *pval = OPENSSL_malloc(it->size); -+ if (!*pval) -+ goto memerr; -+ memset(*pval, 0, it->size); -+ } -+ asn1_set_choice_selector(pval, -1, it); -+ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) -+ goto auxerr; -+ break; -+ -+ case ASN1_ITYPE_NDEF_SEQUENCE: -+ case ASN1_ITYPE_SEQUENCE: -+ if (asn1_cb) { -+ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); -+ if (!i) -+ goto auxerr; -+ if (i == 2) { - #ifdef CRYPTO_MDEBUG -- if (it->sname) -- CRYPTO_pop_info(); -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif -- return 1; -- } -- } -- if (!combine) -- { -- *pval = OPENSSL_malloc(it->size); -- if (!*pval) -- goto memerr; -- memset(*pval, 0, it->size); -- asn1_do_lock(pval, 0, it); -- asn1_enc_init(pval, it); -- } -- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) -- { -- pseqval = asn1_get_field_ptr(pval, tt); -- if (!ASN1_template_new(pseqval, tt)) -- goto memerr; -- } -- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) -- goto auxerr; -- break; -- } -+ return 1; -+ } -+ } -+ if (!combine) { -+ *pval = OPENSSL_malloc(it->size); -+ if (!*pval) -+ goto memerr; -+ memset(*pval, 0, it->size); -+ asn1_do_lock(pval, 0, it); -+ asn1_enc_init(pval, it); -+ } -+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { -+ pseqval = asn1_get_field_ptr(pval, tt); -+ if (!ASN1_template_new(pseqval, tt)) -+ goto memerr; -+ } -+ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) -+ goto auxerr; -+ break; -+ } - #ifdef CRYPTO_MDEBUG -- if (it->sname) CRYPTO_pop_info(); -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif -- return 1; -+ return 1; - -- memerr: -- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); -+ memerr: -+ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); - #ifdef CRYPTO_MDEBUG -- if (it->sname) CRYPTO_pop_info(); -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif -- return 0; -+ return 0; - -- auxerr: -- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); -- ASN1_item_ex_free(pval, it); -+ auxerr: -+ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); -+ ASN1_item_ex_free(pval, it); - #ifdef CRYPTO_MDEBUG -- if (it->sname) CRYPTO_pop_info(); -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif -- return 0; -+ return 0; - -- } -+} - - static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- const ASN1_EXTERN_FUNCS *ef; -- -- switch(it->itype) -- { -- -- case ASN1_ITYPE_EXTERN: -- ef = it->funcs; -- if (ef && ef->asn1_ex_clear) -- ef->asn1_ex_clear(pval, it); -- else *pval = NULL; -- break; -- -- -- case ASN1_ITYPE_PRIMITIVE: -- if (it->templates) -- asn1_template_clear(pval, it->templates); -- else -- asn1_primitive_clear(pval, it); -- break; -- -- case ASN1_ITYPE_MSTRING: -- asn1_primitive_clear(pval, it); -- break; -- -- case ASN1_ITYPE_COMPAT: -- case ASN1_ITYPE_CHOICE: -- case ASN1_ITYPE_SEQUENCE: -- case ASN1_ITYPE_NDEF_SEQUENCE: -- *pval = NULL; -- break; -- } -- } -- -+{ -+ const ASN1_EXTERN_FUNCS *ef; -+ -+ switch (it->itype) { -+ -+ case ASN1_ITYPE_EXTERN: -+ ef = it->funcs; -+ if (ef && ef->asn1_ex_clear) -+ ef->asn1_ex_clear(pval, it); -+ else -+ *pval = NULL; -+ break; -+ -+ case ASN1_ITYPE_PRIMITIVE: -+ if (it->templates) -+ asn1_template_clear(pval, it->templates); -+ else -+ asn1_primitive_clear(pval, it); -+ break; -+ -+ case ASN1_ITYPE_MSTRING: -+ asn1_primitive_clear(pval, it); -+ break; -+ -+ case ASN1_ITYPE_COMPAT: -+ case ASN1_ITYPE_CHOICE: -+ case ASN1_ITYPE_SEQUENCE: -+ case ASN1_ITYPE_NDEF_SEQUENCE: -+ *pval = NULL; -+ break; -+ } -+} - - int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -- { -- const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); -- int ret; -- if (tt->flags & ASN1_TFLG_OPTIONAL) -- { -- asn1_template_clear(pval, tt); -- return 1; -- } -- /* If ANY DEFINED BY nothing to do */ -- -- if (tt->flags & ASN1_TFLG_ADB_MASK) -- { -- *pval = NULL; -- return 1; -- } -+{ -+ const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); -+ int ret; -+ if (tt->flags & ASN1_TFLG_OPTIONAL) { -+ asn1_template_clear(pval, tt); -+ return 1; -+ } -+ /* If ANY DEFINED BY nothing to do */ -+ -+ if (tt->flags & ASN1_TFLG_ADB_MASK) { -+ *pval = NULL; -+ return 1; -+ } - #ifdef CRYPTO_MDEBUG -- if (tt->field_name) -- CRYPTO_push_info(tt->field_name); -+ if (tt->field_name) -+ CRYPTO_push_info(tt->field_name); - #endif -- /* If SET OF or SEQUENCE OF, its a STACK */ -- if (tt->flags & ASN1_TFLG_SK_MASK) -- { -- STACK_OF(ASN1_VALUE) *skval; -- skval = sk_ASN1_VALUE_new_null(); -- if (!skval) -- { -- ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); -- ret = 0; -- goto done; -- } -- *pval = (ASN1_VALUE *)skval; -- ret = 1; -- goto done; -- } -- /* Otherwise pass it back to the item routine */ -- ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); -- done: -+ /* If SET OF or SEQUENCE OF, its a STACK */ -+ if (tt->flags & ASN1_TFLG_SK_MASK) { -+ STACK_OF(ASN1_VALUE) *skval; -+ skval = sk_ASN1_VALUE_new_null(); -+ if (!skval) { -+ ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); -+ ret = 0; -+ goto done; -+ } -+ *pval = (ASN1_VALUE *)skval; -+ ret = 1; -+ goto done; -+ } -+ /* Otherwise pass it back to the item routine */ -+ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); -+ done: - #ifdef CRYPTO_MDEBUG -- if (it->sname) -- CRYPTO_pop_info(); -+ if (it->sname) -+ CRYPTO_pop_info(); - #endif -- return ret; -- } -+ return ret; -+} - - static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -- { -- /* If ADB or STACK just NULL the field */ -- if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) -- *pval = NULL; -- else -- asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); -- } -- -- --/* NB: could probably combine most of the real XXX_new() behaviour and junk -+{ -+ /* If ADB or STACK just NULL the field */ -+ if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK)) -+ *pval = NULL; -+ else -+ asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); -+} -+ -+/* -+ * NB: could probably combine most of the real XXX_new() behaviour and junk - * all the old functions. - */ - - int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- ASN1_TYPE *typ; -- int utype; -- -- if (it && it->funcs) -- { -- const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; -- if (pf->prim_new) -- return pf->prim_new(pval, it); -- } -- -- if (!it || (it->itype == ASN1_ITYPE_MSTRING)) -- utype = -1; -- else -- utype = it->utype; -- switch(utype) -- { -- case V_ASN1_OBJECT: -- *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); -- return 1; -- -- case V_ASN1_BOOLEAN: -- if (it) -- *(ASN1_BOOLEAN *)pval = it->size; -- else -- *(ASN1_BOOLEAN *)pval = -1; -- return 1; -- -- case V_ASN1_NULL: -- *pval = (ASN1_VALUE *)1; -- return 1; -- -- case V_ASN1_ANY: -- typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); -- if (!typ) -- return 0; -- typ->value.ptr = NULL; -- typ->type = -1; -- *pval = (ASN1_VALUE *)typ; -- break; -- -- default: -- *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); -- break; -- } -- if (*pval) -- return 1; -- return 0; -- } -+{ -+ ASN1_TYPE *typ; -+ int utype; -+ -+ if (it && it->funcs) { -+ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; -+ if (pf->prim_new) -+ return pf->prim_new(pval, it); -+ } -+ -+ if (!it || (it->itype == ASN1_ITYPE_MSTRING)) -+ utype = -1; -+ else -+ utype = it->utype; -+ switch (utype) { -+ case V_ASN1_OBJECT: -+ *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); -+ return 1; -+ -+ case V_ASN1_BOOLEAN: -+ if (it) -+ *(ASN1_BOOLEAN *)pval = it->size; -+ else -+ *(ASN1_BOOLEAN *)pval = -1; -+ return 1; -+ -+ case V_ASN1_NULL: -+ *pval = (ASN1_VALUE *)1; -+ return 1; -+ -+ case V_ASN1_ANY: -+ typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); -+ if (!typ) -+ return 0; -+ typ->value.ptr = NULL; -+ typ->type = -1; -+ *pval = (ASN1_VALUE *)typ; -+ break; -+ -+ default: -+ *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); -+ break; -+ } -+ if (*pval) -+ return 1; -+ return 0; -+} - - void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- int utype; -- if (it && it->funcs) -- { -- const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; -- if (pf->prim_clear) -- pf->prim_clear(pval, it); -- else -- *pval = NULL; -- return; -- } -- if (!it || (it->itype == ASN1_ITYPE_MSTRING)) -- utype = -1; -- else -- utype = it->utype; -- if (utype == V_ASN1_BOOLEAN) -- *(ASN1_BOOLEAN *)pval = it->size; -- else *pval = NULL; -- } -+{ -+ int utype; -+ if (it && it->funcs) { -+ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; -+ if (pf->prim_clear) -+ pf->prim_clear(pval, it); -+ else -+ *pval = NULL; -+ return; -+ } -+ if (!it || (it->itype == ASN1_ITYPE_MSTRING)) -+ utype = -1; -+ else -+ utype = it->utype; -+ if (utype == V_ASN1_BOOLEAN) -+ *(ASN1_BOOLEAN *)pval = it->size; -+ else -+ *pval = NULL; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c -index 6252213..4820035 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c -@@ -1,6 +1,7 @@ - /* tasn_typ.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c -index ca9ec7a..41726d8 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c -@@ -1,6 +1,7 @@ - /* tasn_utl.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include - #include -@@ -69,211 +69,207 @@ - /* Add 'offset' to 'addr' */ - #define offset2ptr(addr, offset) (void *)(((char *) addr) + offset) - --/* Given an ASN1_ITEM CHOICE type return -- * the selector value -+/* -+ * Given an ASN1_ITEM CHOICE type return the selector value - */ - - int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- int *sel = offset2ptr(*pval, it->utype); -- return *sel; -- } -+{ -+ int *sel = offset2ptr(*pval, it->utype); -+ return *sel; -+} - --/* Given an ASN1_ITEM CHOICE type set -- * the selector value, return old value. -+/* -+ * Given an ASN1_ITEM CHOICE type set the selector value, return old value. - */ - --int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) -- { -- int *sel, ret; -- sel = offset2ptr(*pval, it->utype); -- ret = *sel; -- *sel = value; -- return ret; -- } -+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, -+ const ASN1_ITEM *it) -+{ -+ int *sel, ret; -+ sel = offset2ptr(*pval, it->utype); -+ ret = *sel; -+ *sel = value; -+ return ret; -+} - --/* Do reference counting. The value 'op' decides what to do. -- * if it is +1 then the count is incremented. If op is 0 count is -- * set to 1. If op is -1 count is decremented and the return value -- * is the current refrence count or 0 if no reference count exists. -+/* -+ * Do reference counting. The value 'op' decides what to do. if it is +1 -+ * then the count is incremented. If op is 0 count is set to 1. If op is -1 -+ * count is decremented and the return value is the current refrence count or -+ * 0 if no reference count exists. - */ - - int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) -- { -- const ASN1_AUX *aux; -- int *lck, ret; -- if ((it->itype != ASN1_ITYPE_SEQUENCE) -- && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) -- return 0; -- aux = it->funcs; -- if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) -- return 0; -- lck = offset2ptr(*pval, aux->ref_offset); -- if (op == 0) -- { -- *lck = 1; -- return 1; -- } -- ret = CRYPTO_add(lck, op, aux->ref_lock); -+{ -+ const ASN1_AUX *aux; -+ int *lck, ret; -+ if ((it->itype != ASN1_ITYPE_SEQUENCE) -+ && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) -+ return 0; -+ aux = it->funcs; -+ if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) -+ return 0; -+ lck = offset2ptr(*pval, aux->ref_offset); -+ if (op == 0) { -+ *lck = 1; -+ return 1; -+ } -+ ret = CRYPTO_add(lck, op, aux->ref_lock); - #ifdef REF_PRINT -- fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); -+ fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); - #endif - #ifdef REF_CHECK -- if (ret < 0) -- fprintf(stderr, "%s, bad reference count\n", it->sname); -+ if (ret < 0) -+ fprintf(stderr, "%s, bad reference count\n", it->sname); - #endif -- return ret; -- } -+ return ret; -+} - - static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- const ASN1_AUX *aux; -- if (!pval || !*pval) -- return NULL; -- aux = it->funcs; -- if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) -- return NULL; -- return offset2ptr(*pval, aux->enc_offset); -- } -+{ -+ const ASN1_AUX *aux; -+ if (!pval || !*pval) -+ return NULL; -+ aux = it->funcs; -+ if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) -+ return NULL; -+ return offset2ptr(*pval, aux->enc_offset); -+} - - void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- ASN1_ENCODING *enc; -- enc = asn1_get_enc_ptr(pval, it); -- if (enc) -- { -- enc->enc = NULL; -- enc->len = 0; -- enc->modified = 1; -- } -- } -+{ -+ ASN1_ENCODING *enc; -+ enc = asn1_get_enc_ptr(pval, it); -+ if (enc) { -+ enc->enc = NULL; -+ enc->len = 0; -+ enc->modified = 1; -+ } -+} - - void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- ASN1_ENCODING *enc; -- enc = asn1_get_enc_ptr(pval, it); -- if (enc) -- { -- if (enc->enc) -- OPENSSL_free(enc->enc); -- enc->enc = NULL; -- enc->len = 0; -- enc->modified = 1; -- } -- } -+{ -+ ASN1_ENCODING *enc; -+ enc = asn1_get_enc_ptr(pval, it); -+ if (enc) { -+ if (enc->enc) -+ OPENSSL_free(enc->enc); -+ enc->enc = NULL; -+ enc->len = 0; -+ enc->modified = 1; -+ } -+} - - int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, -- const ASN1_ITEM *it) -- { -- ASN1_ENCODING *enc; -- enc = asn1_get_enc_ptr(pval, it); -- if (!enc) -- return 1; -+ const ASN1_ITEM *it) -+{ -+ ASN1_ENCODING *enc; -+ enc = asn1_get_enc_ptr(pval, it); -+ if (!enc) -+ return 1; -+ -+ if (enc->enc) -+ OPENSSL_free(enc->enc); -+ enc->enc = OPENSSL_malloc(inlen); -+ if (!enc->enc) -+ return 0; -+ memcpy(enc->enc, in, inlen); -+ enc->len = inlen; -+ enc->modified = 0; - -- if (enc->enc) -- OPENSSL_free(enc->enc); -- enc->enc = OPENSSL_malloc(inlen); -- if (!enc->enc) -- return 0; -- memcpy(enc->enc, in, inlen); -- enc->len = inlen; -- enc->modified = 0; -+ return 1; -+} - -- return 1; -- } -- - int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, -- const ASN1_ITEM *it) -- { -- ASN1_ENCODING *enc; -- enc = asn1_get_enc_ptr(pval, it); -- if (!enc || enc->modified) -- return 0; -- if (out) -- { -- memcpy(*out, enc->enc, enc->len); -- *out += enc->len; -- } -- if (len) -- *len = enc->len; -- return 1; -- } -+ const ASN1_ITEM *it) -+{ -+ ASN1_ENCODING *enc; -+ enc = asn1_get_enc_ptr(pval, it); -+ if (!enc || enc->modified) -+ return 0; -+ if (out) { -+ memcpy(*out, enc->enc, enc->len); -+ *out += enc->len; -+ } -+ if (len) -+ *len = enc->len; -+ return 1; -+} - - /* Given an ASN1_TEMPLATE get a pointer to a field */ --ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -- { -- ASN1_VALUE **pvaltmp; -- if (tt->flags & ASN1_TFLG_COMBINE) -- return pval; -- pvaltmp = offset2ptr(*pval, tt->offset); -- /* NOTE for BOOLEAN types the field is just a plain -- * int so we can't return int **, so settle for -- * (int *). -- */ -- return pvaltmp; -- } -+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -+{ -+ ASN1_VALUE **pvaltmp; -+ if (tt->flags & ASN1_TFLG_COMBINE) -+ return pval; -+ pvaltmp = offset2ptr(*pval, tt->offset); -+ /* -+ * NOTE for BOOLEAN types the field is just a plain int so we can't -+ * return int **, so settle for (int *). -+ */ -+ return pvaltmp; -+} - --/* Handle ANY DEFINED BY template, find the selector, look up -- * the relevant ASN1_TEMPLATE in the table and return it. -+/* -+ * Handle ANY DEFINED BY template, find the selector, look up the relevant -+ * ASN1_TEMPLATE in the table and return it. - */ - - const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, -- int nullerr) -- { -- const ASN1_ADB *adb; -- const ASN1_ADB_TABLE *atbl; -- long selector; -- ASN1_VALUE **sfld; -- int i; -- if (!(tt->flags & ASN1_TFLG_ADB_MASK)) -- return tt; -+ int nullerr) -+{ -+ const ASN1_ADB *adb; -+ const ASN1_ADB_TABLE *atbl; -+ long selector; -+ ASN1_VALUE **sfld; -+ int i; -+ if (!(tt->flags & ASN1_TFLG_ADB_MASK)) -+ return tt; -+ -+ /* Else ANY DEFINED BY ... get the table */ -+ adb = ASN1_ADB_ptr(tt->item); - -- /* Else ANY DEFINED BY ... get the table */ -- adb = ASN1_ADB_ptr(tt->item); -+ /* Get the selector field */ -+ sfld = offset2ptr(*pval, adb->offset); - -- /* Get the selector field */ -- sfld = offset2ptr(*pval, adb->offset); -+ /* Check if NULL */ -+ if (!sfld) { -+ if (!adb->null_tt) -+ goto err; -+ return adb->null_tt; -+ } - -- /* Check if NULL */ -- if (!sfld) -- { -- if (!adb->null_tt) -- goto err; -- return adb->null_tt; -- } -+ /* -+ * Convert type to a long: NB: don't check for NID_undef here because it -+ * might be a legitimate value in the table -+ */ -+ if (tt->flags & ASN1_TFLG_ADB_OID) -+ selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); -+ else -+ selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); - -- /* Convert type to a long: -- * NB: don't check for NID_undef here because it -- * might be a legitimate value in the table -- */ -- if (tt->flags & ASN1_TFLG_ADB_OID) -- selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); -- else -- selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); -+ /* -+ * Try to find matching entry in table Maybe should check application -+ * types first to allow application override? Might also be useful to -+ * have a flag which indicates table is sorted and we can do a binary -+ * search. For now stick to a linear search. -+ */ - -- /* Try to find matching entry in table -- * Maybe should check application types first to -- * allow application override? Might also be useful -- * to have a flag which indicates table is sorted and -- * we can do a binary search. For now stick to a -- * linear search. -- */ -+ for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) -+ if (atbl->value == selector) -+ return &atbl->tt; - -- for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) -- if (atbl->value == selector) -- return &atbl->tt; -+ /* FIXME: need to search application table too */ - -- /* FIXME: need to search application table too */ -+ /* No match, return default type */ -+ if (!adb->default_tt) -+ goto err; -+ return adb->default_tt; - -- /* No match, return default type */ -- if (!adb->default_tt) -- goto err; -- return adb->default_tt; -- -- err: -- /* FIXME: should log the value or OID of unsupported type */ -- if (nullerr) -- ASN1err(ASN1_F_ASN1_DO_ADB, -- ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); -- return NULL; -- } -+ err: -+ /* FIXME: should log the value or OID of unsupported type */ -+ if (nullerr) -+ ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); -+ return NULL; -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c -index 99e5342..babc2e1 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c -@@ -1,6 +1,7 @@ - /* x_algor.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,12 +63,12 @@ - #include - - ASN1_SEQUENCE(X509_ALGOR) = { -- ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), -- ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) -+ ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), -+ ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) - } ASN1_SEQUENCE_END(X509_ALGOR) - --ASN1_ITEM_TEMPLATE(X509_ALGORS) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) -+ASN1_ITEM_TEMPLATE(X509_ALGORS) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) - ASN1_ITEM_TEMPLATE_END(X509_ALGORS) - - IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) -@@ -78,53 +79,55 @@ IMPLEMENT_STACK_OF(X509_ALGOR) - IMPLEMENT_ASN1_SET_OF(X509_ALGOR) - - int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) -- { -- if (!alg) -- return 0; -- if (ptype != V_ASN1_UNDEF) -- { -- if (alg->parameter == NULL) -- alg->parameter = ASN1_TYPE_new(); -- if (alg->parameter == NULL) -- return 0; -- } -- if (alg) -- { -- if (alg->algorithm) -- ASN1_OBJECT_free(alg->algorithm); -- alg->algorithm = aobj; -- } -- if (ptype == 0) -- return 1; -- if (ptype == V_ASN1_UNDEF) -- { -- if (alg->parameter) -- { -- ASN1_TYPE_free(alg->parameter); -- alg->parameter = NULL; -- } -- } -- else -- ASN1_TYPE_set(alg->parameter, ptype, pval); -- return 1; -- } -+{ -+ if (!alg) -+ return 0; -+ if (ptype != V_ASN1_UNDEF) { -+ if (alg->parameter == NULL) -+ alg->parameter = ASN1_TYPE_new(); -+ if (alg->parameter == NULL) -+ return 0; -+ } -+ if (alg) { -+ if (alg->algorithm) -+ ASN1_OBJECT_free(alg->algorithm); -+ alg->algorithm = aobj; -+ } -+ if (ptype == 0) -+ return 1; -+ if (ptype == V_ASN1_UNDEF) { -+ if (alg->parameter) { -+ ASN1_TYPE_free(alg->parameter); -+ alg->parameter = NULL; -+ } -+ } else -+ ASN1_TYPE_set(alg->parameter, ptype, pval); -+ return 1; -+} - - void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, -- X509_ALGOR *algor) -- { -- if (paobj) -- *paobj = algor->algorithm; -- if (pptype) -- { -- if (algor->parameter == NULL) -- { -- *pptype = V_ASN1_UNDEF; -- return; -- } -- else -- *pptype = algor->parameter->type; -- if (ppval) -- *ppval = algor->parameter->value.ptr; -- } -- } -+ X509_ALGOR *algor) -+{ -+ if (paobj) -+ *paobj = algor->algorithm; -+ if (pptype) { -+ if (algor->parameter == NULL) { -+ *pptype = V_ASN1_UNDEF; -+ return; -+ } else -+ *pptype = algor->parameter->type; -+ if (ppval) -+ *ppval = algor->parameter->value.ptr; -+ } -+} - -+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) -+{ -+ int rv; -+ rv = OBJ_cmp(a->algorithm, b->algorithm); -+ if (rv) -+ return rv; -+ if (!a->parameter && !b->parameter) -+ return 0; -+ return ASN1_TYPE_cmp(a->parameter, b->parameter); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c -index 1e3713f..93ef53b 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,18 +62,19 @@ - #include - #include - --/* X509_ATTRIBUTE: this has the following form: -+/*- -+ * X509_ATTRIBUTE: this has the following form: - * - * typedef struct x509_attributes_st -- * { -- * ASN1_OBJECT *object; -- * int single; -- * union { -- * char *ptr; -- * STACK_OF(ASN1_TYPE) *set; -- * ASN1_TYPE *single; -- * } value; -- * } X509_ATTRIBUTE; -+ * { -+ * ASN1_OBJECT *object; -+ * int single; -+ * union { -+ * char *ptr; -+ * STACK_OF(ASN1_TYPE) *set; -+ * ASN1_TYPE *single; -+ * } value; -+ * } X509_ATTRIBUTE; - * - * this needs some extra thought because the CHOICE type is - * merged with the main structure and because the value can -@@ -83,36 +84,41 @@ - */ - - ASN1_CHOICE(X509_ATTRIBUTE_SET) = { -- ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), -- ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) -+ ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), -+ ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) - } ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single) - - ASN1_SEQUENCE(X509_ATTRIBUTE) = { -- ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), -- /* CHOICE type merged with parent */ -- ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) -+ ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), -+ /* CHOICE type merged with parent */ -+ ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) - } ASN1_SEQUENCE_END(X509_ATTRIBUTE) - - IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) - IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) - - X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) -- { -- X509_ATTRIBUTE *ret=NULL; -- ASN1_TYPE *val=NULL; -+{ -+ X509_ATTRIBUTE *ret = NULL; -+ ASN1_TYPE *val = NULL; - -- if ((ret=X509_ATTRIBUTE_new()) == NULL) -- return(NULL); -- ret->object=OBJ_nid2obj(nid); -- ret->single=0; -- if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err; -- if ((val=ASN1_TYPE_new()) == NULL) goto err; -- if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err; -+ if ((ret = X509_ATTRIBUTE_new()) == NULL) -+ return (NULL); -+ ret->object = OBJ_nid2obj(nid); -+ ret->single = 0; -+ if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) -+ goto err; -+ if ((val = ASN1_TYPE_new()) == NULL) -+ goto err; -+ if (!sk_ASN1_TYPE_push(ret->value.set, val)) -+ goto err; - -- ASN1_TYPE_set(val,atrtype,value); -- return(ret); --err: -- if (ret != NULL) X509_ATTRIBUTE_free(ret); -- if (val != NULL) ASN1_TYPE_free(val); -- return(NULL); -- } -+ ASN1_TYPE_set(val, atrtype, value); -+ return (ret); -+ err: -+ if (ret != NULL) -+ X509_ATTRIBUTE_free(ret); -+ if (val != NULL) -+ ASN1_TYPE_free(val); -+ return (NULL); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c -index 9cf3204..a5a403c 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c -@@ -1,6 +1,7 @@ - /* x_bignum.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,79 +62,91 @@ - #include - #include - --/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a -- * BIGNUM directly. Currently it ignores the sign which isn't a problem since all -- * BIGNUMs used are non negative and anything that looks negative is normally due -- * to an encoding error. -+/* -+ * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER -+ * as a BIGNUM directly. Currently it ignores the sign which isn't a problem -+ * since all BIGNUMs used are non negative and anything that looks negative -+ * is normally due to an encoding error. - */ - --#define BN_SENSITIVE 1 -+#define BN_SENSITIVE 1 - - static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); - static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); - --static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); --static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); -+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, -+ const ASN1_ITEM *it); -+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -+ int utype, char *free_cont, const ASN1_ITEM *it); - - static ASN1_PRIMITIVE_FUNCS bignum_pf = { -- NULL, 0, -- bn_new, -- bn_free, -- 0, -- bn_c2i, -- bn_i2c -+ NULL, 0, -+ bn_new, -+ bn_free, -+ 0, -+ bn_c2i, -+ bn_i2c - }; - - ASN1_ITEM_start(BIGNUM) -- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" -+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" - ASN1_ITEM_end(BIGNUM) - - ASN1_ITEM_start(CBIGNUM) -- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" -+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" - ASN1_ITEM_end(CBIGNUM) - - static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- *pval = (ASN1_VALUE *)BN_new(); -- if(*pval) return 1; -- else return 0; -+ *pval = (ASN1_VALUE *)BN_new(); -+ if (*pval) -+ return 1; -+ else -+ return 0; - } - - static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- if(!*pval) return; -- if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); -- else BN_free((BIGNUM *)*pval); -- *pval = NULL; -+ if (!*pval) -+ return; -+ if (it->size & BN_SENSITIVE) -+ BN_clear_free((BIGNUM *)*pval); -+ else -+ BN_free((BIGNUM *)*pval); -+ *pval = NULL; - } - --static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) -+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, -+ const ASN1_ITEM *it) - { -- BIGNUM *bn; -- int pad; -- if(!*pval) return -1; -- bn = (BIGNUM *)*pval; -- /* If MSB set in an octet we need a padding byte */ -- if(BN_num_bits(bn) & 0x7) pad = 0; -- else pad = 1; -- if(cont) { -- if(pad) *cont++ = 0; -- BN_bn2bin(bn, cont); -- } -- return pad + BN_num_bytes(bn); -+ BIGNUM *bn; -+ int pad; -+ if (!*pval) -+ return -1; -+ bn = (BIGNUM *)*pval; -+ /* If MSB set in an octet we need a padding byte */ -+ if (BN_num_bits(bn) & 0x7) -+ pad = 0; -+ else -+ pad = 1; -+ if (cont) { -+ if (pad) -+ *cont++ = 0; -+ BN_bn2bin(bn, cont); -+ } -+ return pad + BN_num_bytes(bn); - } - - static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -- int utype, char *free_cont, const ASN1_ITEM *it) -+ int utype, char *free_cont, const ASN1_ITEM *it) - { -- BIGNUM *bn; -- if(!*pval) bn_new(pval, it); -- bn = (BIGNUM *)*pval; -- if(!BN_bin2bn(cont, len, bn)) { -- bn_free(pval, it); -- return 0; -- } -- return 1; -+ BIGNUM *bn; -+ if (!*pval) -+ bn_new(pval, it); -+ bn = (BIGNUM *)*pval; -+ if (!BN_bin2bn(cont, len, bn)) { -+ bn_free(pval, it); -+ return 0; -+ } -+ return 1; - } -- -- -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c -index 70d56a6..099b264 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,80 +61,88 @@ - #include - #include - --static int X509_REVOKED_cmp(const X509_REVOKED * const *a, -- const X509_REVOKED * const *b); -+static int X509_REVOKED_cmp(const X509_REVOKED *const *a, -+ const X509_REVOKED *const *b); - - ASN1_SEQUENCE(X509_REVOKED) = { -- ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), -- ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), -- ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) -+ ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), -+ ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), -+ ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) - } ASN1_SEQUENCE_END(X509_REVOKED) - --/* The X509_CRL_INFO structure needs a bit of customisation. -- * Since we cache the original encoding the signature wont be affected by -- * reordering of the revoked field. -+/* -+ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache -+ * the original encoding the signature wont be affected by reordering of the -+ * revoked field. - */ - static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; -- -- if(!a || !a->revoked) return 1; -- switch(operation) { -- /* Just set cmp function here. We don't sort because that -- * would affect the output of X509_CRL_print(). -- */ -- case ASN1_OP_D2I_POST: -- (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); -- break; -- } -- return 1; -+ X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; -+ -+ if (!a || !a->revoked) -+ return 1; -+ switch (operation) { -+ /* -+ * Just set cmp function here. We don't sort because that would -+ * affect the output of X509_CRL_print(). -+ */ -+ case ASN1_OP_D2I_POST: -+ (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); -+ break; -+ } -+ return 1; - } - - - ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { -- ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), -- ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), -- ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), -- ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), -- ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), -- ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), -- ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) -+ ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), -+ ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), -+ ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), -+ ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), -+ ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), -+ ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), -+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) - } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) - - ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { -- ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), -- ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), -- ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) -+ ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), -+ ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), -+ ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) - } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) - - IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) -+ - IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) -+ - IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) -+ - IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) - --static int X509_REVOKED_cmp(const X509_REVOKED * const *a, -- const X509_REVOKED * const *b) -- { -- return(ASN1_STRING_cmp( -- (ASN1_STRING *)(*a)->serialNumber, -- (ASN1_STRING *)(*b)->serialNumber)); -- } -+static int X509_REVOKED_cmp(const X509_REVOKED *const *a, -+ const X509_REVOKED *const *b) -+{ -+ return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber, -+ (ASN1_STRING *)(*b)->serialNumber)); -+} - - int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) - { -- X509_CRL_INFO *inf; -- inf = crl->crl; -- if(!inf->revoked) -- inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); -- if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { -- ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- inf->enc.modified = 1; -- return 1; -+ X509_CRL_INFO *inf; -+ inf = crl->crl; -+ if (!inf->revoked) -+ inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); -+ if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { -+ ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ inf->enc.modified = 1; -+ return 1; - } - - IMPLEMENT_STACK_OF(X509_REVOKED) -+ - IMPLEMENT_ASN1_SET_OF(X509_REVOKED) -+ - IMPLEMENT_STACK_OF(X509_CRL) -+ - IMPLEMENT_ASN1_SET_OF(X509_CRL) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c -index 3a21239..00a9580 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c -@@ -1,6 +1,7 @@ - /* x_exten.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,13 +63,13 @@ - #include - - ASN1_SEQUENCE(X509_EXTENSION) = { -- ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), -- ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), -- ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) -+ ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), -+ ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), -+ ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) - } ASN1_SEQUENCE_END(X509_EXTENSION) - --ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) -+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) - ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) - - IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c -index d44f6cd..067fd72 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_info.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_info.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,52 +63,55 @@ - #include - - X509_INFO *X509_INFO_new(void) -- { -- X509_INFO *ret=NULL; -+{ -+ X509_INFO *ret = NULL; -+ -+ ret = (X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); -+ if (ret == NULL) { -+ ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } - -- ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); -- if (ret == NULL) -- { -- ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- -- ret->enc_cipher.cipher=NULL; -- ret->enc_len=0; -- ret->enc_data=NULL; -- -- ret->references=1; -- ret->x509=NULL; -- ret->crl=NULL; -- ret->x_pkey=NULL; -- return(ret); -- } -+ ret->enc_cipher.cipher = NULL; -+ ret->enc_len = 0; -+ ret->enc_data = NULL; -+ -+ ret->references = 1; -+ ret->x509 = NULL; -+ ret->crl = NULL; -+ ret->x_pkey = NULL; -+ return (ret); -+} - - void X509_INFO_free(X509_INFO *x) -- { -- int i; -+{ -+ int i; - -- if (x == NULL) return; -+ if (x == NULL) -+ return; - -- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO); -+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO); - #ifdef REF_PRINT -- REF_PRINT("X509_INFO",x); -+ REF_PRINT("X509_INFO", x); - #endif -- if (i > 0) return; -+ if (i > 0) -+ return; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"X509_INFO_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "X509_INFO_free, bad reference count\n"); -+ abort(); -+ } - #endif - -- if (x->x509 != NULL) X509_free(x->x509); -- if (x->crl != NULL) X509_CRL_free(x->crl); -- if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey); -- if (x->enc_data != NULL) OPENSSL_free(x->enc_data); -- OPENSSL_free(x); -- } -+ if (x->x509 != NULL) -+ X509_free(x->x509); -+ if (x->crl != NULL) -+ X509_CRL_free(x->crl); -+ if (x->x_pkey != NULL) -+ X509_PKEY_free(x->x_pkey); -+ if (x->enc_data != NULL) -+ OPENSSL_free(x->enc_data); -+ OPENSSL_free(x); -+} - - IMPLEMENT_STACK_OF(X509_INFO) -- -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c -index bf35457..e0dab2b 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_long.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_long.c -@@ -1,6 +1,7 @@ - /* x_long.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,111 +62,126 @@ - #include - #include - --/* Custom primitive type for long handling. This converts between an ASN1_INTEGER -- * and a long directly. -+/* -+ * Custom primitive type for long handling. This converts between an -+ * ASN1_INTEGER and a long directly. - */ - -- - static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it); - static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); - --static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); --static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); -+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, -+ const ASN1_ITEM *it); -+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -+ int utype, char *free_cont, const ASN1_ITEM *it); - - static ASN1_PRIMITIVE_FUNCS long_pf = { -- NULL, 0, -- long_new, -- long_free, -- long_free, /* Clear should set to initial value */ -- long_c2i, -- long_i2c -+ NULL, 0, -+ long_new, -+ long_free, -+ long_free, /* Clear should set to initial value */ -+ long_c2i, -+ long_i2c - }; - - ASN1_ITEM_start(LONG) -- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG" -+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG" - ASN1_ITEM_end(LONG) - - ASN1_ITEM_start(ZLONG) -- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG" -+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG" - ASN1_ITEM_end(ZLONG) - - static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- *(long *)pval = it->size; -- return 1; -+ *(long *)pval = it->size; -+ return 1; - } - - static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- *(long *)pval = it->size; -+ *(long *)pval = it->size; - } - --static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) -+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, -+ const ASN1_ITEM *it) - { -- long ltmp; -- unsigned long utmp; -- int clen, pad, i; -- /* this exists to bypass broken gcc optimization */ -- char *cp = (char *)pval; -- -- /* use memcpy, because we may not be long aligned */ -- memcpy(<mp, cp, sizeof(long)); -- -- if(ltmp == it->size) return -1; -- /* Convert the long to positive: we subtract one if negative so -- * we can cleanly handle the padding if only the MSB of the leading -- * octet is set. -- */ -- if(ltmp < 0) utmp = -ltmp - 1; -- else utmp = ltmp; -- clen = BN_num_bits_word(utmp); -- /* If MSB of leading octet set we need to pad */ -- if(!(clen & 0x7)) pad = 1; -- else pad = 0; -- -- /* Convert number of bits to number of octets */ -- clen = (clen + 7) >> 3; -- -- if(cont) { -- if(pad) *cont++ = (ltmp < 0) ? 0xff : 0; -- for(i = clen - 1; i >= 0; i--) { -- cont[i] = (unsigned char)(utmp & 0xff); -- if(ltmp < 0) cont[i] ^= 0xff; -- utmp >>= 8; -- } -- } -- return clen + pad; -+ long ltmp; -+ unsigned long utmp; -+ int clen, pad, i; -+ /* this exists to bypass broken gcc optimization */ -+ char *cp = (char *)pval; -+ -+ /* use memcpy, because we may not be long aligned */ -+ memcpy(<mp, cp, sizeof(long)); -+ -+ if (ltmp == it->size) -+ return -1; -+ /* -+ * Convert the long to positive: we subtract one if negative so we can -+ * cleanly handle the padding if only the MSB of the leading octet is -+ * set. -+ */ -+ if (ltmp < 0) -+ utmp = -ltmp - 1; -+ else -+ utmp = ltmp; -+ clen = BN_num_bits_word(utmp); -+ /* If MSB of leading octet set we need to pad */ -+ if (!(clen & 0x7)) -+ pad = 1; -+ else -+ pad = 0; -+ -+ /* Convert number of bits to number of octets */ -+ clen = (clen + 7) >> 3; -+ -+ if (cont) { -+ if (pad) -+ *cont++ = (ltmp < 0) ? 0xff : 0; -+ for (i = clen - 1; i >= 0; i--) { -+ cont[i] = (unsigned char)(utmp & 0xff); -+ if (ltmp < 0) -+ cont[i] ^= 0xff; -+ utmp >>= 8; -+ } -+ } -+ return clen + pad; - } - - static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, -- int utype, char *free_cont, const ASN1_ITEM *it) -+ int utype, char *free_cont, const ASN1_ITEM *it) - { -- int neg, i; -- long ltmp; -- unsigned long utmp = 0; -- char *cp = (char *)pval; -- if(len > (int)sizeof(long)) { -- ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); -- return 0; -- } -- /* Is it negative? */ -- if(len && (cont[0] & 0x80)) neg = 1; -- else neg = 0; -- utmp = 0; -- for(i = 0; i < len; i++) { -- utmp <<= 8; -- if(neg) utmp |= cont[i] ^ 0xff; -- else utmp |= cont[i]; -- } -- ltmp = (long)utmp; -- if(neg) { -- ltmp++; -- ltmp = -ltmp; -- } -- if(ltmp == it->size) { -- ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); -- return 0; -- } -- memcpy(cp, <mp, sizeof(long)); -- return 1; -+ int neg, i; -+ long ltmp; -+ unsigned long utmp = 0; -+ char *cp = (char *)pval; -+ if (len > (int)sizeof(long)) { -+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); -+ return 0; -+ } -+ /* Is it negative? */ -+ if (len && (cont[0] & 0x80)) -+ neg = 1; -+ else -+ neg = 0; -+ utmp = 0; -+ for (i = 0; i < len; i++) { -+ utmp <<= 8; -+ if (neg) -+ utmp |= cont[i] ^ 0xff; -+ else -+ utmp |= cont[i]; -+ } -+ ltmp = (long)utmp; -+ if (neg) { -+ ltmp++; -+ ltmp = -ltmp; -+ } -+ if (ltmp == it->size) { -+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); -+ return 0; -+ } -+ memcpy(cp, <mp, sizeof(long)); -+ return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c -index 9a1a9f4..85be1a6 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_name.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_name.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,217 +61,250 @@ - #include - #include - --static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx); -+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, -+ long len, const ASN1_ITEM *it, int tag, -+ int aclass, char opt, ASN1_TLC *ctx); - --static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); -+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, -+ const ASN1_ITEM *it, int tag, int aclass); - static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); - static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); - - static int x509_name_encode(X509_NAME *a); - - ASN1_SEQUENCE(X509_NAME_ENTRY) = { -- ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), -- ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) -+ ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), -+ ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) - } ASN1_SEQUENCE_END(X509_NAME_ENTRY) - - IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) - IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) - --/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } -- * so declare two template wrappers for this -+/* -+ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so -+ * declare two template wrappers for this - */ - - ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) - ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) - - ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) - ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) - --/* Normally that's where it would end: we'd have two nested STACK structures -+/* -+ * Normally that's where it would end: we'd have two nested STACK structures - * representing the ASN1. Unfortunately X509_NAME uses a completely different -- * form and caches encodings so we have to process the internal form and convert -- * to the external form. -+ * form and caches encodings so we have to process the internal form and -+ * convert to the external form. - */ - - const ASN1_EXTERN_FUNCS x509_name_ff = { -- NULL, -- x509_name_ex_new, -- x509_name_ex_free, -- 0, /* Default clear behaviour is OK */ -- x509_name_ex_d2i, -- x509_name_ex_i2d -+ NULL, -+ x509_name_ex_new, -+ x509_name_ex_free, -+ 0, /* Default clear behaviour is OK */ -+ x509_name_ex_d2i, -+ x509_name_ex_i2d - }; - --IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) -+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) - - IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) -+ - IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) - - static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) - { -- X509_NAME *ret = NULL; -- ret = OPENSSL_malloc(sizeof(X509_NAME)); -- if(!ret) goto memerr; -- if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL) -- goto memerr; -- if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr; -- ret->modified=1; -- *val = (ASN1_VALUE *)ret; -- return 1; -+ X509_NAME *ret = NULL; -+ ret = OPENSSL_malloc(sizeof(X509_NAME)); -+ if (!ret) -+ goto memerr; -+ if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) -+ goto memerr; -+ if ((ret->bytes = BUF_MEM_new()) == NULL) -+ goto memerr; -+ ret->modified = 1; -+ *val = (ASN1_VALUE *)ret; -+ return 1; - - memerr: -- ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); -- if (ret) -- { -- if (ret->entries) -- sk_X509_NAME_ENTRY_free(ret->entries); -- OPENSSL_free(ret); -- } -- return 0; -+ ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); -+ if (ret) { -+ if (ret->entries) -+ sk_X509_NAME_ENTRY_free(ret->entries); -+ OPENSSL_free(ret); -+ } -+ return 0; - } - - static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- X509_NAME *a; -- if(!pval || !*pval) -- return; -- a = (X509_NAME *)*pval; -- -- BUF_MEM_free(a->bytes); -- sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free); -- OPENSSL_free(a); -- *pval = NULL; -+ X509_NAME *a; -+ if (!pval || !*pval) -+ return; -+ a = (X509_NAME *)*pval; -+ -+ BUF_MEM_free(a->bytes); -+ sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); -+ OPENSSL_free(a); -+ *pval = NULL; - } - --/* Used with sk_pop_free() to free up the internal representation. -- * NB: we only free the STACK and not its contents because it is -- * already present in the X509_NAME structure. -+/* -+ * Used with sk_pop_free() to free up the internal representation. NB: we -+ * only free the STACK and not its contents because it is already present in -+ * the X509_NAME structure. - */ - - static void sk_internal_free(void *a) - { -- sk_free(a); -+ sk_free(a); - } - --static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, -- int tag, int aclass, char opt, ASN1_TLC *ctx) -+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, -+ long len, const ASN1_ITEM *it, int tag, -+ int aclass, char opt, ASN1_TLC *ctx) - { -- const unsigned char *p = *in, *q; -- union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; -- union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL}; -- int i, j, ret; -- STACK_OF(X509_NAME_ENTRY) *entries; -- X509_NAME_ENTRY *entry; -- q = p; -- -- /* Get internal representation of Name */ -- ret = ASN1_item_ex_d2i(&intname.a, -- &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -- tag, aclass, opt, ctx); -- -- if(ret <= 0) return ret; -- -- if(*val) x509_name_ex_free(val, NULL); -- if(!x509_name_ex_new(&nm.a, NULL)) goto err; -- /* We've decoded it: now cache encoding */ -- if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err; -- memcpy(nm.x->bytes->data, q, p - q); -- -- /* Convert internal representation to X509_NAME structure */ -- for(i = 0; i < sk_num(intname.s); i++) { -- entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i); -- for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { -- entry = sk_X509_NAME_ENTRY_value(entries, j); -- entry->set = i; -- if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) -- goto err; -- } -- sk_X509_NAME_ENTRY_free(entries); -- } -- sk_free(intname.s); -- nm.x->modified = 0; -- *val = nm.a; -- *in = p; -- return ret; --err: -- if (nm.x != NULL) -- X509_NAME_free(nm.x); -- ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -- return 0; -+ const unsigned char *p = *in, *q; -+ union { -+ STACK *s; -+ ASN1_VALUE *a; -+ } intname = { -+ NULL -+ }; -+ union { -+ X509_NAME *x; -+ ASN1_VALUE *a; -+ } nm = { -+ NULL -+ }; -+ int i, j, ret; -+ STACK_OF(X509_NAME_ENTRY) *entries; -+ X509_NAME_ENTRY *entry; -+ q = p; -+ -+ /* Get internal representation of Name */ -+ ret = ASN1_item_ex_d2i(&intname.a, -+ &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -+ tag, aclass, opt, ctx); -+ -+ if (ret <= 0) -+ return ret; -+ -+ if (*val) -+ x509_name_ex_free(val, NULL); -+ if (!x509_name_ex_new(&nm.a, NULL)) -+ goto err; -+ /* We've decoded it: now cache encoding */ -+ if (!BUF_MEM_grow(nm.x->bytes, p - q)) -+ goto err; -+ memcpy(nm.x->bytes->data, q, p - q); -+ -+ /* Convert internal representation to X509_NAME structure */ -+ for (i = 0; i < sk_num(intname.s); i++) { -+ entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i); -+ for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { -+ entry = sk_X509_NAME_ENTRY_value(entries, j); -+ entry->set = i; -+ if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) -+ goto err; -+ } -+ sk_X509_NAME_ENTRY_free(entries); -+ } -+ sk_free(intname.s); -+ nm.x->modified = 0; -+ *val = nm.a; -+ *in = p; -+ return ret; -+ err: -+ if (nm.x != NULL) -+ X509_NAME_free(nm.x); -+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); -+ return 0; - } - --static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) -+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, -+ const ASN1_ITEM *it, int tag, int aclass) - { -- int ret; -- X509_NAME *a = (X509_NAME *)*val; -- if(a->modified) { -- ret = x509_name_encode((X509_NAME *)a); -- if(ret < 0) return ret; -- } -- ret = a->bytes->length; -- if(out != NULL) { -- memcpy(*out,a->bytes->data,ret); -- *out+=ret; -- } -- return ret; -+ int ret; -+ X509_NAME *a = (X509_NAME *)*val; -+ if (a->modified) { -+ ret = x509_name_encode((X509_NAME *)a); -+ if (ret < 0) -+ return ret; -+ } -+ ret = a->bytes->length; -+ if (out != NULL) { -+ memcpy(*out, a->bytes->data, ret); -+ *out += ret; -+ } -+ return ret; - } - - static int x509_name_encode(X509_NAME *a) - { -- union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; -- int len; -- unsigned char *p; -- STACK_OF(X509_NAME_ENTRY) *entries = NULL; -- X509_NAME_ENTRY *entry; -- int i, set = -1; -- intname.s = sk_new_null(); -- if(!intname.s) goto memerr; -- for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { -- entry = sk_X509_NAME_ENTRY_value(a->entries, i); -- if(entry->set != set) { -- entries = sk_X509_NAME_ENTRY_new_null(); -- if(!entries) goto memerr; -- if(!sk_push(intname.s, (char *)entries)) goto memerr; -- set = entry->set; -- } -- if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; -- } -- len = ASN1_item_ex_i2d(&intname.a, NULL, -- ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); -- if (!BUF_MEM_grow(a->bytes,len)) goto memerr; -- p=(unsigned char *)a->bytes->data; -- ASN1_item_ex_i2d(&intname.a, -- &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); -- sk_pop_free(intname.s, sk_internal_free); -- a->modified = 0; -- return len; -- memerr: -- sk_pop_free(intname.s, sk_internal_free); -- ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); -- return -1; -+ union { -+ STACK *s; -+ ASN1_VALUE *a; -+ } intname = { -+ NULL -+ }; -+ int len; -+ unsigned char *p; -+ STACK_OF(X509_NAME_ENTRY) *entries = NULL; -+ X509_NAME_ENTRY *entry; -+ int i, set = -1; -+ intname.s = sk_new_null(); -+ if (!intname.s) -+ goto memerr; -+ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { -+ entry = sk_X509_NAME_ENTRY_value(a->entries, i); -+ if (entry->set != set) { -+ entries = sk_X509_NAME_ENTRY_new_null(); -+ if (!entries) -+ goto memerr; -+ if (!sk_push(intname.s, (char *)entries)) -+ goto memerr; -+ set = entry->set; -+ } -+ if (!sk_X509_NAME_ENTRY_push(entries, entry)) -+ goto memerr; -+ } -+ len = ASN1_item_ex_i2d(&intname.a, NULL, -+ ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); -+ if (!BUF_MEM_grow(a->bytes, len)) -+ goto memerr; -+ p = (unsigned char *)a->bytes->data; -+ ASN1_item_ex_i2d(&intname.a, -+ &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); -+ sk_pop_free(intname.s, sk_internal_free); -+ a->modified = 0; -+ return len; -+ memerr: -+ sk_pop_free(intname.s, sk_internal_free); -+ ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); -+ return -1; - } - -- - int X509_NAME_set(X509_NAME **xn, X509_NAME *name) -- { -- X509_NAME *in; -- -- if (!xn || !name) return(0); -- -- if (*xn != name) -- { -- in=X509_NAME_dup(name); -- if (in != NULL) -- { -- X509_NAME_free(*xn); -- *xn=in; -- } -- } -- return(*xn != NULL); -- } -- -+{ -+ X509_NAME *in; -+ -+ if (!xn || !name) -+ return (0); -+ -+ if (*xn != name) { -+ in = X509_NAME_dup(name); -+ if (in != NULL) { -+ X509_NAME_free(*xn); -+ *xn = in; -+ } -+ } -+ return (*xn != NULL); -+} -+ - IMPLEMENT_STACK_OF(X509_NAME_ENTRY) -+ - IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c -index 8453618..2da23e4 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,87 +65,89 @@ - - /* need to implement */ - int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp) -- { -- return(0); -- } -+{ -+ return (0); -+} - - X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length) -- { -- int i; -- M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new); -+{ -+ int i; -+ M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new); - -- M_ASN1_D2I_Init(); -- M_ASN1_D2I_start_sequence(); -- M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR); -- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING); -+ M_ASN1_D2I_Init(); -+ M_ASN1_D2I_start_sequence(); -+ M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR); -+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey, d2i_ASN1_OCTET_STRING); - -- ret->cipher.cipher=EVP_get_cipherbyname( -- OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm))); -- if (ret->cipher.cipher == NULL) -- { -- c.error=ASN1_R_UNSUPPORTED_CIPHER; -- c.line=__LINE__; -- goto err; -- } -- if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) -- { -- i=ret->enc_algor->parameter->value.octet_string->length; -- if (i > EVP_MAX_IV_LENGTH) -- { -- c.error=ASN1_R_IV_TOO_LARGE; -- c.line=__LINE__; -- goto err; -- } -- memcpy(ret->cipher.iv, -- ret->enc_algor->parameter->value.octet_string->data,i); -- } -- else -- memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH); -- M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY); -- } -+ ret->cipher.cipher = -+ EVP_get_cipherbyname(OBJ_nid2ln -+ (OBJ_obj2nid(ret->enc_algor->algorithm))); -+ if (ret->cipher.cipher == NULL) { -+ c.error = ASN1_R_UNSUPPORTED_CIPHER; -+ c.line = __LINE__; -+ goto err; -+ } -+ if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) { -+ i = ret->enc_algor->parameter->value.octet_string->length; -+ if (i > EVP_MAX_IV_LENGTH) { -+ c.error = ASN1_R_IV_TOO_LARGE; -+ c.line = __LINE__; -+ goto err; -+ } -+ memcpy(ret->cipher.iv, -+ ret->enc_algor->parameter->value.octet_string->data, i); -+ } else -+ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); -+ M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY); -+} - - X509_PKEY *X509_PKEY_new(void) -- { -- X509_PKEY *ret=NULL; -- ASN1_CTX c; -+{ -+ X509_PKEY *ret = NULL; -+ ASN1_CTX c; - -- M_ASN1_New_Malloc(ret,X509_PKEY); -- ret->version=0; -- M_ASN1_New(ret->enc_algor,X509_ALGOR_new); -- M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new); -- ret->dec_pkey=NULL; -- ret->key_length=0; -- ret->key_data=NULL; -- ret->key_free=0; -- ret->cipher.cipher=NULL; -- memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH); -- ret->references=1; -- return(ret); -- M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); -- } -+ M_ASN1_New_Malloc(ret, X509_PKEY); -+ ret->version = 0; -+ M_ASN1_New(ret->enc_algor, X509_ALGOR_new); -+ M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); -+ ret->dec_pkey = NULL; -+ ret->key_length = 0; -+ ret->key_data = NULL; -+ ret->key_free = 0; -+ ret->cipher.cipher = NULL; -+ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); -+ ret->references = 1; -+ return (ret); -+ M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); -+} - - void X509_PKEY_free(X509_PKEY *x) -- { -- int i; -+{ -+ int i; - -- if (x == NULL) return; -+ if (x == NULL) -+ return; - -- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY); -+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY); - #ifdef REF_PRINT -- REF_PRINT("X509_PKEY",x); -+ REF_PRINT("X509_PKEY", x); - #endif -- if (i > 0) return; -+ if (i > 0) -+ return; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"X509_PKEY_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "X509_PKEY_free, bad reference count\n"); -+ abort(); -+ } - #endif - -- if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); -- if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey); -- if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey); -- if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data); -- OPENSSL_free(x); -- } -+ if (x->enc_algor != NULL) -+ X509_ALGOR_free(x->enc_algor); -+ if (x->enc_pkey != NULL) -+ M_ASN1_OCTET_STRING_free(x->enc_pkey); -+ if (x->dec_pkey != NULL) -+ EVP_PKEY_free(x->dec_pkey); -+ if ((x->key_data != NULL) && (x->key_free)) -+ OPENSSL_free(x->key_data); -+ OPENSSL_free(x); -+} -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -index bc8a7bf..307798c 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,483 +61,462 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - - /* Minor tweak to operation: free up EVP_PKEY */ - static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) -- { -- if (operation == ASN1_OP_FREE_POST) -- { -- X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; -- EVP_PKEY_free(pubkey->pkey); -- } -- return 1; -- } -+{ -+ if (operation == ASN1_OP_FREE_POST) { -+ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; -+ EVP_PKEY_free(pubkey->pkey); -+ } -+ return 1; -+} - - ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { -- ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), -- ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) -+ ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), -+ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) - } ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) - - IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) - - int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) -- { -- X509_PUBKEY *pk=NULL; -- X509_ALGOR *a; -- ASN1_OBJECT *o; -- unsigned char *s,*p = NULL; -- int i; -- -- if (x == NULL) return(0); -- -- if ((pk=X509_PUBKEY_new()) == NULL) goto err; -- a=pk->algor; -- -- /* set the algorithm id */ -- if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; -- ASN1_OBJECT_free(a->algorithm); -- a->algorithm=o; -- -- /* Set the parameter list */ -- if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) -- { -- if ((a->parameter == NULL) || -- (a->parameter->type != V_ASN1_NULL)) -- { -- ASN1_TYPE_free(a->parameter); -- if (!(a->parameter=ASN1_TYPE_new())) -- { -- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- a->parameter->type=V_ASN1_NULL; -- } -- } -+{ -+ X509_PUBKEY *pk = NULL; -+ X509_ALGOR *a; -+ ASN1_OBJECT *o; -+ unsigned char *s, *p = NULL; -+ int i; -+ -+ if (x == NULL) -+ return (0); -+ -+ if ((pk = X509_PUBKEY_new()) == NULL) -+ goto err; -+ a = pk->algor; -+ -+ /* set the algorithm id */ -+ if ((o = OBJ_nid2obj(pkey->type)) == NULL) -+ goto err; -+ ASN1_OBJECT_free(a->algorithm); -+ a->algorithm = o; -+ -+ /* Set the parameter list */ -+ if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) { -+ if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) { -+ ASN1_TYPE_free(a->parameter); -+ if (!(a->parameter = ASN1_TYPE_new())) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ a->parameter->type = V_ASN1_NULL; -+ } -+ } - #ifndef OPENSSL_NO_DSA -- else if (pkey->type == EVP_PKEY_DSA) -- { -- unsigned char *pp; -- DSA *dsa; -- -- dsa=pkey->pkey.dsa; -- dsa->write_params=0; -- ASN1_TYPE_free(a->parameter); -- if ((i=i2d_DSAparams(dsa,NULL)) <= 0) -- goto err; -- if (!(p=(unsigned char *)OPENSSL_malloc(i))) -- { -- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- pp=p; -- i2d_DSAparams(dsa,&pp); -- if (!(a->parameter=ASN1_TYPE_new())) -- { -- OPENSSL_free(p); -- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- a->parameter->type=V_ASN1_SEQUENCE; -- if (!(a->parameter->value.sequence=ASN1_STRING_new())) -- { -- OPENSSL_free(p); -- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) -- { -- OPENSSL_free(p); -- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- OPENSSL_free(p); -- } -+ else if (pkey->type == EVP_PKEY_DSA) { -+ unsigned char *pp; -+ DSA *dsa; -+ -+ dsa = pkey->pkey.dsa; -+ dsa->write_params = 0; -+ ASN1_TYPE_free(a->parameter); -+ if ((i = i2d_DSAparams(dsa, NULL)) <= 0) -+ goto err; -+ if (!(p = (unsigned char *)OPENSSL_malloc(i))) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ pp = p; -+ i2d_DSAparams(dsa, &pp); -+ if (!(a->parameter = ASN1_TYPE_new())) { -+ OPENSSL_free(p); -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ a->parameter->type = V_ASN1_SEQUENCE; -+ if (!(a->parameter->value.sequence = ASN1_STRING_new())) { -+ OPENSSL_free(p); -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!ASN1_STRING_set(a->parameter->value.sequence, p, i)) { -+ OPENSSL_free(p); -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ OPENSSL_free(p); -+ } - #endif - #ifndef OPENSSL_NO_EC -- else if (pkey->type == EVP_PKEY_EC) -- { -- int nid=0; -- unsigned char *pp; -- EC_KEY *ec_key; -- const EC_GROUP *group; -- -- ec_key = pkey->pkey.ec; -- ASN1_TYPE_free(a->parameter); -- -- if ((a->parameter = ASN1_TYPE_new()) == NULL) -- { -- X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); -- goto err; -- } -- -- group = EC_KEY_get0_group(ec_key); -- if (EC_GROUP_get_asn1_flag(group) -- && (nid = EC_GROUP_get_curve_name(group))) -- { -- /* just set the OID */ -- a->parameter->type = V_ASN1_OBJECT; -- a->parameter->value.object = OBJ_nid2obj(nid); -- } -- else /* explicit parameters */ -- { -- if ((i = i2d_ECParameters(ec_key, NULL)) == 0) -- { -- X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); -- goto err; -- } -- if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) -- { -- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- pp = p; -- if (!i2d_ECParameters(ec_key, &pp)) -- { -- X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); -- OPENSSL_free(p); -- goto err; -- } -- a->parameter->type = V_ASN1_SEQUENCE; -- if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) -- { -- X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); -- OPENSSL_free(p); -- goto err; -- } -- ASN1_STRING_set(a->parameter->value.sequence, p, i); -- OPENSSL_free(p); -- } -- } -+ else if (pkey->type == EVP_PKEY_EC) { -+ int nid = 0; -+ unsigned char *pp; -+ EC_KEY *ec_key; -+ const EC_GROUP *group; -+ -+ ec_key = pkey->pkey.ec; -+ ASN1_TYPE_free(a->parameter); -+ -+ if ((a->parameter = ASN1_TYPE_new()) == NULL) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(ec_key); -+ if (EC_GROUP_get_asn1_flag(group) -+ && (nid = EC_GROUP_get_curve_name(group))) { -+ /* just set the OID */ -+ a->parameter->type = V_ASN1_OBJECT; -+ a->parameter->value.object = OBJ_nid2obj(nid); -+ } else { /* explicit parameters */ -+ -+ if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); -+ goto err; -+ } -+ if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ pp = p; -+ if (!i2d_ECParameters(ec_key, &pp)) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); -+ OPENSSL_free(p); -+ goto err; -+ } -+ a->parameter->type = V_ASN1_SEQUENCE; -+ if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); -+ OPENSSL_free(p); -+ goto err; -+ } -+ ASN1_STRING_set(a->parameter->value.sequence, p, i); -+ OPENSSL_free(p); -+ } -+ } - #endif -- else if (1) -- { -- X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); -- goto err; -- } -- -- if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; -- if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) -- { -- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- p=s; -- i2d_PublicKey(pkey,&p); -- if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) -- { -- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- /* Set number of unused bits to zero */ -- pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); -- pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; -- -- OPENSSL_free(s); -+ else if (1) { -+ X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM); -+ goto err; -+ } -+ -+ if ((i = i2d_PublicKey(pkey, NULL)) <= 0) -+ goto err; -+ if ((s = (unsigned char *)OPENSSL_malloc(i + 1)) == NULL) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ p = s; -+ i2d_PublicKey(pkey, &p); -+ if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) { -+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ /* Set number of unused bits to zero */ -+ pk->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); -+ pk->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ -+ OPENSSL_free(s); - - #if 0 -- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); -- pk->pkey=pkey; -+ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); -+ pk->pkey = pkey; - #endif - -- if (*x != NULL) -- X509_PUBKEY_free(*x); -+ if (*x != NULL) -+ X509_PUBKEY_free(*x); - -- *x=pk; -+ *x = pk; - -- return 1; --err: -- if (pk != NULL) X509_PUBKEY_free(pk); -- return 0; -- } -+ return 1; -+ err: -+ if (pk != NULL) -+ X509_PUBKEY_free(pk); -+ return 0; -+} - - EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) -- { -- EVP_PKEY *ret=NULL; -- long j; -- int type; -- const unsigned char *p; -+{ -+ EVP_PKEY *ret = NULL; -+ long j; -+ int type; -+ const unsigned char *p; - #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) -- const unsigned char *cp; -- X509_ALGOR *a; -+ const unsigned char *cp; -+ X509_ALGOR *a; - #endif - -- if (key == NULL) goto err; -+ if (key == NULL) -+ goto err; -+ -+ if (key->pkey != NULL) { -+ CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); -+ return (key->pkey); -+ } - -- if (key->pkey != NULL) -- { -- CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); -- return(key->pkey); -- } -+ if (key->public_key == NULL) -+ goto err; - -- if (key->public_key == NULL) goto err; -+ type = OBJ_obj2nid(key->algor->algorithm); -+ if ((ret = EVP_PKEY_new()) == NULL) { -+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ret->type = EVP_PKEY_type(type); - -- type=OBJ_obj2nid(key->algor->algorithm); -- if ((ret = EVP_PKEY_new()) == NULL) -- { -- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ret->type = EVP_PKEY_type(type); -+ /* the parameters must be extracted before the public key (ECDSA!) */ - -- /* the parameters must be extracted before the public key (ECDSA!) */ -- - #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) -- a=key->algor; -+ a = key->algor; - #endif - -- if (0) -- ; -+ if (0) ; - #ifndef OPENSSL_NO_DSA -- else if (ret->type == EVP_PKEY_DSA) -- { -- if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) -- { -- if ((ret->pkey.dsa = DSA_new()) == NULL) -- { -- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ret->pkey.dsa->write_params=0; -- cp=p=a->parameter->value.sequence->data; -- j=a->parameter->value.sequence->length; -- if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) -- goto err; -- } -- ret->save_parameters=1; -- } -+ else if (ret->type == EVP_PKEY_DSA) { -+ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { -+ if ((ret->pkey.dsa = DSA_new()) == NULL) { -+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ret->pkey.dsa->write_params = 0; -+ cp = p = a->parameter->value.sequence->data; -+ j = a->parameter->value.sequence->length; -+ if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) -+ goto err; -+ } -+ ret->save_parameters = 1; -+ } - #endif - #ifndef OPENSSL_NO_EC -- else if (ret->type == EVP_PKEY_EC) -- { -- if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) -- { -- /* type == V_ASN1_SEQUENCE => we have explicit parameters -- * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) -- */ -- if ((ret->pkey.ec= EC_KEY_new()) == NULL) -- { -- X509err(X509_F_X509_PUBKEY_GET, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- cp = p = a->parameter->value.sequence->data; -- j = a->parameter->value.sequence->length; -- if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) -- { -- X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); -- goto err; -- } -- } -- else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) -- { -- /* type == V_ASN1_OBJECT => the parameters are given -- * by an asn1 OID -- */ -- EC_KEY *ec_key; -- EC_GROUP *group; -- -- if (ret->pkey.ec == NULL) -- ret->pkey.ec = EC_KEY_new(); -- ec_key = ret->pkey.ec; -- if (ec_key == NULL) -- goto err; -- group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); -- if (group == NULL) -- goto err; -- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); -- if (EC_KEY_set_group(ec_key, group) == 0) -- goto err; -- EC_GROUP_free(group); -- } -- /* the case implicitlyCA is currently not implemented */ -- ret->save_parameters = 1; -- } -+ else if (ret->type == EVP_PKEY_EC) { -+ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { -+ /* -+ * type == V_ASN1_SEQUENCE => we have explicit parameters (e.g. -+ * parameters in the X9_62_EC_PARAMETERS-structure ) -+ */ -+ if ((ret->pkey.ec = EC_KEY_new()) == NULL) { -+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ cp = p = a->parameter->value.sequence->data; -+ j = a->parameter->value.sequence->length; -+ if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) { -+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) { -+ /* -+ * type == V_ASN1_OBJECT => the parameters are given by an asn1 -+ * OID -+ */ -+ EC_KEY *ec_key; -+ EC_GROUP *group; -+ -+ if (ret->pkey.ec == NULL) -+ ret->pkey.ec = EC_KEY_new(); -+ ec_key = ret->pkey.ec; -+ if (ec_key == NULL) -+ goto err; -+ group = -+ EC_GROUP_new_by_curve_name(OBJ_obj2nid -+ (a->parameter->value.object)); -+ if (group == NULL) -+ goto err; -+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); -+ if (EC_KEY_set_group(ec_key, group) == 0) -+ goto err; -+ EC_GROUP_free(group); -+ } -+ /* -+ * the case implicitlyCA is currently not implemented -+ */ -+ ret->save_parameters = 1; -+ } - #endif - -- p=key->public_key->data; -- j=key->public_key->length; -- if (!d2i_PublicKey(type, &ret, &p, (long)j)) -- { -- X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); -- goto err; -- } -- -- /* Check to see if another thread set key->pkey first */ -- CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); -- if (key->pkey) -- { -- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); -- EVP_PKEY_free(ret); -- ret = key->pkey; -- } -- else -- { -- key->pkey = ret; -- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); -- } -- CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); -- return(ret); --err: -- if (ret != NULL) -- EVP_PKEY_free(ret); -- return(NULL); -- } -- --/* Now two pseudo ASN1 routines that take an EVP_PKEY structure -- * and encode or decode as X509_PUBKEY -+ p = key->public_key->data; -+ j = key->public_key->length; -+ if (!d2i_PublicKey(type, &ret, &p, (long)j)) { -+ X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); -+ goto err; -+ } -+ -+ /* Check to see if another thread set key->pkey first */ -+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); -+ if (key->pkey) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); -+ EVP_PKEY_free(ret); -+ ret = key->pkey; -+ } else { -+ key->pkey = ret; -+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); -+ } -+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); -+ return (ret); -+ err: -+ if (ret != NULL) -+ EVP_PKEY_free(ret); -+ return (NULL); -+} -+ -+/* -+ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or -+ * decode as X509_PUBKEY - */ - --EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, -- long length) -- { -- X509_PUBKEY *xpk; -- EVP_PKEY *pktmp; -- xpk = d2i_X509_PUBKEY(NULL, pp, length); -- if(!xpk) return NULL; -- pktmp = X509_PUBKEY_get(xpk); -- X509_PUBKEY_free(xpk); -- if(!pktmp) return NULL; -- if(a) -- { -- EVP_PKEY_free(*a); -- *a = pktmp; -- } -- return pktmp; -- } -+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) -+{ -+ X509_PUBKEY *xpk; -+ EVP_PKEY *pktmp; -+ xpk = d2i_X509_PUBKEY(NULL, pp, length); -+ if (!xpk) -+ return NULL; -+ pktmp = X509_PUBKEY_get(xpk); -+ X509_PUBKEY_free(xpk); -+ if (!pktmp) -+ return NULL; -+ if (a) { -+ EVP_PKEY_free(*a); -+ *a = pktmp; -+ } -+ return pktmp; -+} - - int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) -- { -- X509_PUBKEY *xpk=NULL; -- int ret; -- if(!a) return 0; -- if(!X509_PUBKEY_set(&xpk, a)) return 0; -- ret = i2d_X509_PUBKEY(xpk, pp); -- X509_PUBKEY_free(xpk); -- return ret; -- } -- --/* The following are equivalents but which return RSA and DSA -- * keys -+{ -+ X509_PUBKEY *xpk = NULL; -+ int ret; -+ if (!a) -+ return 0; -+ if (!X509_PUBKEY_set(&xpk, a)) -+ return 0; -+ ret = i2d_X509_PUBKEY(xpk, pp); -+ X509_PUBKEY_free(xpk); -+ return ret; -+} -+ -+/* -+ * The following are equivalents but which return RSA and DSA keys - */ - #ifndef OPENSSL_NO_RSA --RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, -- long length) -- { -- EVP_PKEY *pkey; -- RSA *key; -- const unsigned char *q; -- q = *pp; -- pkey = d2i_PUBKEY(NULL, &q, length); -- if (!pkey) return NULL; -- key = EVP_PKEY_get1_RSA(pkey); -- EVP_PKEY_free(pkey); -- if (!key) return NULL; -- *pp = q; -- if (a) -- { -- RSA_free(*a); -- *a = key; -- } -- return key; -- } -+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) -+{ -+ EVP_PKEY *pkey; -+ RSA *key; -+ const unsigned char *q; -+ q = *pp; -+ pkey = d2i_PUBKEY(NULL, &q, length); -+ if (!pkey) -+ return NULL; -+ key = EVP_PKEY_get1_RSA(pkey); -+ EVP_PKEY_free(pkey); -+ if (!key) -+ return NULL; -+ *pp = q; -+ if (a) { -+ RSA_free(*a); -+ *a = key; -+ } -+ return key; -+} - - int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) -- { -- EVP_PKEY *pktmp; -- int ret; -- if (!a) return 0; -- pktmp = EVP_PKEY_new(); -- if (!pktmp) -- { -- ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- EVP_PKEY_set1_RSA(pktmp, a); -- ret = i2d_PUBKEY(pktmp, pp); -- EVP_PKEY_free(pktmp); -- return ret; -- } -+{ -+ EVP_PKEY *pktmp; -+ int ret; -+ if (!a) -+ return 0; -+ pktmp = EVP_PKEY_new(); -+ if (!pktmp) { -+ ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ EVP_PKEY_set1_RSA(pktmp, a); -+ ret = i2d_PUBKEY(pktmp, pp); -+ EVP_PKEY_free(pktmp); -+ return ret; -+} - #endif - - #ifndef OPENSSL_NO_DSA --DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, -- long length) -- { -- EVP_PKEY *pkey; -- DSA *key; -- const unsigned char *q; -- q = *pp; -- pkey = d2i_PUBKEY(NULL, &q, length); -- if (!pkey) return NULL; -- key = EVP_PKEY_get1_DSA(pkey); -- EVP_PKEY_free(pkey); -- if (!key) return NULL; -- *pp = q; -- if (a) -- { -- DSA_free(*a); -- *a = key; -- } -- return key; -- } -+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) -+{ -+ EVP_PKEY *pkey; -+ DSA *key; -+ const unsigned char *q; -+ q = *pp; -+ pkey = d2i_PUBKEY(NULL, &q, length); -+ if (!pkey) -+ return NULL; -+ key = EVP_PKEY_get1_DSA(pkey); -+ EVP_PKEY_free(pkey); -+ if (!key) -+ return NULL; -+ *pp = q; -+ if (a) { -+ DSA_free(*a); -+ *a = key; -+ } -+ return key; -+} - - int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) -- { -- EVP_PKEY *pktmp; -- int ret; -- if(!a) return 0; -- pktmp = EVP_PKEY_new(); -- if(!pktmp) -- { -- ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- EVP_PKEY_set1_DSA(pktmp, a); -- ret = i2d_PUBKEY(pktmp, pp); -- EVP_PKEY_free(pktmp); -- return ret; -- } -+{ -+ EVP_PKEY *pktmp; -+ int ret; -+ if (!a) -+ return 0; -+ pktmp = EVP_PKEY_new(); -+ if (!pktmp) { -+ ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ EVP_PKEY_set1_DSA(pktmp, a); -+ ret = i2d_PUBKEY(pktmp, pp); -+ EVP_PKEY_free(pktmp); -+ return ret; -+} - #endif - - #ifndef OPENSSL_NO_EC - EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) -- { -- EVP_PKEY *pkey; -- EC_KEY *key; -- const unsigned char *q; -- q = *pp; -- pkey = d2i_PUBKEY(NULL, &q, length); -- if (!pkey) return(NULL); -- key = EVP_PKEY_get1_EC_KEY(pkey); -- EVP_PKEY_free(pkey); -- if (!key) return(NULL); -- *pp = q; -- if (a) -- { -- EC_KEY_free(*a); -- *a = key; -- } -- return(key); -- } -+{ -+ EVP_PKEY *pkey; -+ EC_KEY *key; -+ const unsigned char *q; -+ q = *pp; -+ pkey = d2i_PUBKEY(NULL, &q, length); -+ if (!pkey) -+ return (NULL); -+ key = EVP_PKEY_get1_EC_KEY(pkey); -+ EVP_PKEY_free(pkey); -+ if (!key) -+ return (NULL); -+ *pp = q; -+ if (a) { -+ EC_KEY_free(*a); -+ *a = key; -+ } -+ return (key); -+} - - int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) -- { -- EVP_PKEY *pktmp; -- int ret; -- if (!a) return(0); -- if ((pktmp = EVP_PKEY_new()) == NULL) -- { -- ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); -- return(0); -- } -- EVP_PKEY_set1_EC_KEY(pktmp, a); -- ret = i2d_PUBKEY(pktmp, pp); -- EVP_PKEY_free(pktmp); -- return(ret); -- } -+{ -+ EVP_PKEY *pktmp; -+ int ret; -+ if (!a) -+ return (0); -+ if ((pktmp = EVP_PKEY_new()) == NULL) { -+ ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ EVP_PKEY_set1_EC_KEY(pktmp, a); -+ ret = i2d_PUBKEY(pktmp, pp); -+ EVP_PKEY_free(pktmp); -+ return (ret); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c -index 59ca8ce..5b303fb 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_req.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_req.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,12 +61,13 @@ - #include - #include - --/* X509_REQ_INFO is handled in an unusual way to get round -+/*- -+ * X509_REQ_INFO is handled in an unusual way to get round - * invalid encodings. Some broken certificate requests don't - * encode the attributes field if it is empty. This is in - * violation of PKCS#10 but we need to tolerate it. We do - * this by making the attributes field OPTIONAL then using -- * the callback to initialise it to an empty STACK. -+ * the callback to initialise it to an empty STACK. - * - * This means that the field will be correctly encoded unless - * we NULL out the field. -@@ -81,32 +82,34 @@ - - static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; -+ X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; - -- if(operation == ASN1_OP_NEW_POST) { -- rinf->attributes = sk_X509_ATTRIBUTE_new_null(); -- if(!rinf->attributes) return 0; -- } -- return 1; -+ if (operation == ASN1_OP_NEW_POST) { -+ rinf->attributes = sk_X509_ATTRIBUTE_new_null(); -+ if (!rinf->attributes) -+ return 0; -+ } -+ return 1; - } - - ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { -- ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), -- ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), -- ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), -- /* This isn't really OPTIONAL but it gets round invalid -- * encodings -- */ -- ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) -+ ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), -+ ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), -+ ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), -+ /* This isn't really OPTIONAL but it gets round invalid -+ * encodings -+ */ -+ ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) - } ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) - - IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) - - ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = { -- ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), -- ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), -- ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) -+ ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), -+ ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), -+ ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) - } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) - - IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) -+ - IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c -index 42efa86..dd33720 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,8 +62,8 @@ - #include - - ASN1_SEQUENCE(X509_SIG) = { -- ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), -- ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) -+ ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), -+ ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) - } ASN1_SEQUENCE_END(X509_SIG) - - IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c -index 2aece07..1df6b87 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,15 +49,16 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -- /* This module was send to me my Pat Richards who -- * wrote it. It is under my Copyright with his permission -+ /* -+ * This module was send to me my Pat Richards who wrote it. -+ * It is under my Copyright with his permission - */ - - #include -@@ -66,16 +67,16 @@ - #include - - ASN1_SEQUENCE(NETSCAPE_SPKAC) = { -- ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), -- ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) -+ ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), -+ ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) - } ASN1_SEQUENCE_END(NETSCAPE_SPKAC) - - IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) - - ASN1_SEQUENCE(NETSCAPE_SPKI) = { -- ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), -- ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), -- ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) -+ ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), -+ ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), -+ ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) - } ASN1_SEQUENCE_END(NETSCAPE_SPKI) - - IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c -index dc17c67..ee75a1e 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_val.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_val.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,8 +62,8 @@ - #include - - ASN1_SEQUENCE(X509_VAL) = { -- ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), -- ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) -+ ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), -+ ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) - } ASN1_SEQUENCE_END(X509_VAL) - - IMPLEMENT_ASN1_FUNCTIONS(X509_VAL) -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c -index 088d550..d6958f6 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,16 +64,16 @@ - #include - - ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { -- ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), -- ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), -- ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), -- ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), -- ASN1_SIMPLE(X509_CINF, validity, X509_VAL), -- ASN1_SIMPLE(X509_CINF, subject, X509_NAME), -- ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), -- ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), -- ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), -- ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -+ ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), -+ ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), -+ ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), -+ ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), -+ ASN1_SIMPLE(X509_CINF, validity, X509_VAL), -+ ASN1_SIMPLE(X509_CINF, subject, X509_NAME), -+ ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), -+ ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), -+ ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), -+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) - } ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) - - IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) -@@ -83,120 +83,135 @@ extern void policy_cache_free(X509_POLICY_CACHE *cache); - - static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- X509 *ret = (X509 *)*pval; -+ X509 *ret = (X509 *)*pval; - -- switch(operation) { -+ switch (operation) { - -- case ASN1_OP_NEW_POST: -- ret->valid=0; -- ret->name = NULL; -- ret->ex_flags = 0; -- ret->ex_pathlen = -1; -- ret->skid = NULL; -- ret->akid = NULL; -+ case ASN1_OP_NEW_POST: -+ ret->valid = 0; -+ ret->name = NULL; -+ ret->ex_flags = 0; -+ ret->ex_pathlen = -1; -+ ret->skid = NULL; -+ ret->akid = NULL; - #ifndef OPENSSL_NO_RFC3779 -- ret->rfc3779_addr = NULL; -- ret->rfc3779_asid = NULL; -+ ret->rfc3779_addr = NULL; -+ ret->rfc3779_asid = NULL; - #endif -- ret->aux = NULL; -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); -- break; -- -- case ASN1_OP_D2I_POST: -- if (ret->name != NULL) OPENSSL_free(ret->name); -- ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); -- break; -- -- case ASN1_OP_FREE_POST: -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); -- X509_CERT_AUX_free(ret->aux); -- ASN1_OCTET_STRING_free(ret->skid); -- AUTHORITY_KEYID_free(ret->akid); -- policy_cache_free(ret->policy_cache); -+ ret->aux = NULL; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); -+ break; -+ -+ case ASN1_OP_D2I_POST: -+ if (ret->name != NULL) -+ OPENSSL_free(ret->name); -+ ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); -+ break; -+ -+ case ASN1_OP_FREE_POST: -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); -+ X509_CERT_AUX_free(ret->aux); -+ ASN1_OCTET_STRING_free(ret->skid); -+ AUTHORITY_KEYID_free(ret->akid); -+ policy_cache_free(ret->policy_cache); - #ifndef OPENSSL_NO_RFC3779 -- sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); -- ASIdentifiers_free(ret->rfc3779_asid); -+ sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); -+ ASIdentifiers_free(ret->rfc3779_asid); - #endif - -- if (ret->name != NULL) OPENSSL_free(ret->name); -- break; -+ if (ret->name != NULL) -+ OPENSSL_free(ret->name); -+ break; - -- } -+ } - -- return 1; -+ return 1; - - } - - ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { -- ASN1_SIMPLE(X509, cert_info, X509_CINF), -- ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), -- ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) -+ ASN1_SIMPLE(X509, cert_info, X509_CINF), -+ ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), -+ ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) - } ASN1_SEQUENCE_END_ref(X509, X509) - - IMPLEMENT_ASN1_FUNCTIONS(X509) -+ - IMPLEMENT_ASN1_DUP_FUNCTION(X509) - --static ASN1_METHOD meth= -- { -- (I2D_OF(void)) i2d_X509, -+static ASN1_METHOD meth = { -+ (I2D_OF(void)) i2d_X509, - (D2I_OF(void)) d2i_X509, - (void *(*)(void))X509_new, -- (void (*)(void *)) X509_free -- }; -+ (void (*)(void *))X509_free -+}; - - ASN1_METHOD *X509_asn1_meth(void) -- { -- return(&meth); -- } -+{ -+ return (&meth); -+} - - int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, -- new_func, dup_func, free_func); -- } -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, -+ new_func, dup_func, free_func); -+} - - int X509_set_ex_data(X509 *r, int idx, void *arg) -- { -- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); -- } -+{ -+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); -+} - - void *X509_get_ex_data(X509 *r, int idx) -- { -- return(CRYPTO_get_ex_data(&r->ex_data,idx)); -- } -- --/* X509_AUX ASN1 routines. X509_AUX is the name given to -- * a certificate with extra info tagged on the end. Since these -- * functions set how a certificate is trusted they should only -- * be used when the certificate comes from a reliable source -- * such as local storage. -- * -+{ -+ return (CRYPTO_get_ex_data(&r->ex_data, idx)); -+} -+ -+/* -+ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with -+ * extra info tagged on the end. Since these functions set how a certificate -+ * is trusted they should only be used when the certificate comes from a -+ * reliable source such as local storage. - */ - - X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) - { -- const unsigned char *q; -- X509 *ret; -- /* Save start position */ -- q = *pp; -- ret = d2i_X509(a, pp, length); -- /* If certificate unreadable then forget it */ -- if(!ret) return NULL; -- /* update length */ -- length -= *pp - q; -- if(!length) return ret; -- if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err; -- return ret; -- err: -- X509_free(ret); -- return NULL; -+ const unsigned char *q; -+ X509 *ret; -+ int freeret = 0; -+ -+ /* Save start position */ -+ q = *pp; -+ -+ if(!a || *a == NULL) { -+ freeret = 1; -+ } -+ ret = d2i_X509(a, pp, length); -+ /* If certificate unreadable then forget it */ -+ if (!ret) -+ return NULL; -+ /* update length */ -+ length -= *pp - q; -+ if (!length) -+ return ret; -+ if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) -+ goto err; -+ return ret; -+ err: -+ if(freeret) { -+ X509_free(ret); -+ if (a) -+ *a = NULL; -+ } -+ return NULL; - } - - int i2d_X509_AUX(X509 *a, unsigned char **pp) - { -- int length; -- length = i2d_X509(a, pp); -- if(a) length += i2d_X509_CERT_AUX(a->aux, pp); -- return length; -+ int length; -+ length = i2d_X509(a, pp); -+ if (a) -+ length += i2d_X509_CERT_AUX(a->aux, pp); -+ return length; - } -diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c -index b603f82..76bbc13 100644 ---- a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c -+++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c -@@ -1,6 +1,7 @@ - /* a_x509a.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,119 +63,131 @@ - #include - #include - --/* X509_CERT_AUX routines. These are used to encode additional -- * user modifiable data about a certificate. This data is -- * appended to the X509 encoding when the *_X509_AUX routines -- * are used. This means that the "traditional" X509 routines -- * will simply ignore the extra data. -+/* -+ * X509_CERT_AUX routines. These are used to encode additional user -+ * modifiable data about a certificate. This data is appended to the X509 -+ * encoding when the *_X509_AUX routines are used. This means that the -+ * "traditional" X509 routines will simply ignore the extra data. - */ - - static X509_CERT_AUX *aux_get(X509 *x); - - ASN1_SEQUENCE(X509_CERT_AUX) = { -- ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), -- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), -- ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), -- ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), -- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) -+ ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), -+ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), -+ ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), -+ ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), -+ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) - } ASN1_SEQUENCE_END(X509_CERT_AUX) - - IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) - - static X509_CERT_AUX *aux_get(X509 *x) - { -- if(!x) return NULL; -- if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL; -- return x->aux; -+ if (!x) -+ return NULL; -+ if (!x->aux && !(x->aux = X509_CERT_AUX_new())) -+ return NULL; -+ return x->aux; - } - - int X509_alias_set1(X509 *x, unsigned char *name, int len) - { -- X509_CERT_AUX *aux; -- if (!name) -- { -- if (!x || !x->aux || !x->aux->alias) -- return 1; -- ASN1_UTF8STRING_free(x->aux->alias); -- x->aux->alias = NULL; -- return 1; -- } -- if(!(aux = aux_get(x))) return 0; -- if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; -- return ASN1_STRING_set(aux->alias, name, len); -+ X509_CERT_AUX *aux; -+ if (!name) { -+ if (!x || !x->aux || !x->aux->alias) -+ return 1; -+ ASN1_UTF8STRING_free(x->aux->alias); -+ x->aux->alias = NULL; -+ return 1; -+ } -+ if (!(aux = aux_get(x))) -+ return 0; -+ if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) -+ return 0; -+ return ASN1_STRING_set(aux->alias, name, len); - } - - int X509_keyid_set1(X509 *x, unsigned char *id, int len) - { -- X509_CERT_AUX *aux; -- if (!id) -- { -- if (!x || !x->aux || !x->aux->keyid) -- return 1; -- ASN1_OCTET_STRING_free(x->aux->keyid); -- x->aux->keyid = NULL; -- return 1; -- } -- if(!(aux = aux_get(x))) return 0; -- if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0; -- return ASN1_STRING_set(aux->keyid, id, len); -+ X509_CERT_AUX *aux; -+ if (!id) { -+ if (!x || !x->aux || !x->aux->keyid) -+ return 1; -+ ASN1_OCTET_STRING_free(x->aux->keyid); -+ x->aux->keyid = NULL; -+ return 1; -+ } -+ if (!(aux = aux_get(x))) -+ return 0; -+ if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) -+ return 0; -+ return ASN1_STRING_set(aux->keyid, id, len); - } - - unsigned char *X509_alias_get0(X509 *x, int *len) - { -- if(!x->aux || !x->aux->alias) return NULL; -- if(len) *len = x->aux->alias->length; -- return x->aux->alias->data; -+ if (!x->aux || !x->aux->alias) -+ return NULL; -+ if (len) -+ *len = x->aux->alias->length; -+ return x->aux->alias->data; - } - - unsigned char *X509_keyid_get0(X509 *x, int *len) - { -- if(!x->aux || !x->aux->keyid) return NULL; -- if(len) *len = x->aux->keyid->length; -- return x->aux->keyid->data; -+ if (!x->aux || !x->aux->keyid) -+ return NULL; -+ if (len) -+ *len = x->aux->keyid->length; -+ return x->aux->keyid->data; - } - - int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) - { -- X509_CERT_AUX *aux; -- ASN1_OBJECT *objtmp; -- if(!(objtmp = OBJ_dup(obj))) return 0; -- if(!(aux = aux_get(x))) return 0; -- if(!aux->trust -- && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0; -- return sk_ASN1_OBJECT_push(aux->trust, objtmp); -+ X509_CERT_AUX *aux; -+ ASN1_OBJECT *objtmp; -+ if (!(objtmp = OBJ_dup(obj))) -+ return 0; -+ if (!(aux = aux_get(x))) -+ return 0; -+ if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null())) -+ return 0; -+ return sk_ASN1_OBJECT_push(aux->trust, objtmp); - } - - int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) - { -- X509_CERT_AUX *aux; -- ASN1_OBJECT *objtmp; -- if(!(objtmp = OBJ_dup(obj))) return 0; -- if(!(aux = aux_get(x))) return 0; -- if(!aux->reject -- && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0; -- return sk_ASN1_OBJECT_push(aux->reject, objtmp); -+ X509_CERT_AUX *aux; -+ ASN1_OBJECT *objtmp; -+ if (!(objtmp = OBJ_dup(obj))) -+ return 0; -+ if (!(aux = aux_get(x))) -+ return 0; -+ if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) -+ return 0; -+ return sk_ASN1_OBJECT_push(aux->reject, objtmp); - } - - void X509_trust_clear(X509 *x) - { -- if(x->aux && x->aux->trust) { -- sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); -- x->aux->trust = NULL; -- } -+ if (x->aux && x->aux->trust) { -+ sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); -+ x->aux->trust = NULL; -+ } - } - - void X509_reject_clear(X509 *x) - { -- if(x->aux && x->aux->reject) { -- sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); -- x->aux->reject = NULL; -- } -+ if (x->aux && x->aux->reject) { -+ sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); -+ x->aux->reject = NULL; -+ } - } - - ASN1_SEQUENCE(X509_CERT_PAIR) = { -- ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), -- ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) -+ ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), -+ ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) - } ASN1_SEQUENCE_END(X509_CERT_PAIR) - - IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR) -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c -index 6451c8d..ddeab6e 100644 ---- a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c -+++ b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,63 +59,65 @@ - #include - #include "bf_locl.h" - --/* The input and output encrypted as though 64bit cfb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit cfb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - --void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, -- const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt) -- { -- register BF_LONG v0,v1,t; -- register int n= *num; -- register long l=length; -- BF_LONG ti[2]; -- unsigned char *iv,c,cc; -- -- iv=(unsigned char *)ivec; -- if (encrypt) -- { -- while (l--) -- { -- if (n == 0) -- { -- n2l(iv,v0); ti[0]=v0; -- n2l(iv,v1); ti[1]=v1; -- BF_encrypt((BF_LONG *)ti,schedule); -- iv=(unsigned char *)ivec; -- t=ti[0]; l2n(t,iv); -- t=ti[1]; l2n(t,iv); -- iv=(unsigned char *)ivec; -- } -- c= *(in++)^iv[n]; -- *(out++)=c; -- iv[n]=c; -- n=(n+1)&0x07; -- } -- } -- else -- { -- while (l--) -- { -- if (n == 0) -- { -- n2l(iv,v0); ti[0]=v0; -- n2l(iv,v1); ti[1]=v1; -- BF_encrypt((BF_LONG *)ti,schedule); -- iv=(unsigned char *)ivec; -- t=ti[0]; l2n(t,iv); -- t=ti[1]; l2n(t,iv); -- iv=(unsigned char *)ivec; -- } -- cc= *(in++); -- c=iv[n]; -- iv[n]=cc; -- *(out++)=c^cc; -- n=(n+1)&0x07; -- } -- } -- v0=v1=ti[0]=ti[1]=t=c=cc=0; -- *num=n; -- } -+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, const BF_KEY *schedule, -+ unsigned char *ivec, int *num, int encrypt) -+{ -+ register BF_LONG v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ BF_LONG ti[2]; -+ unsigned char *iv, c, cc; - -+ iv = (unsigned char *)ivec; -+ if (encrypt) { -+ while (l--) { -+ if (n == 0) { -+ n2l(iv, v0); -+ ti[0] = v0; -+ n2l(iv, v1); -+ ti[1] = v1; -+ BF_encrypt((BF_LONG *)ti, schedule); -+ iv = (unsigned char *)ivec; -+ t = ti[0]; -+ l2n(t, iv); -+ t = ti[1]; -+ l2n(t, iv); -+ iv = (unsigned char *)ivec; -+ } -+ c = *(in++) ^ iv[n]; -+ *(out++) = c; -+ iv[n] = c; -+ n = (n + 1) & 0x07; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ n2l(iv, v0); -+ ti[0] = v0; -+ n2l(iv, v1); -+ ti[1] = v1; -+ BF_encrypt((BF_LONG *)ti, schedule); -+ iv = (unsigned char *)ivec; -+ t = ti[0]; -+ l2n(t, iv); -+ t = ti[1]; -+ l2n(t, iv); -+ iv = (unsigned char *)ivec; -+ } -+ cc = *(in++); -+ c = iv[n]; -+ iv[n] = cc; -+ *(out++) = c ^ cc; -+ n = (n + 1) & 0x07; -+ } -+ } -+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c -index 1607cef..967a7f5 100644 ---- a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c -+++ b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,37 +60,41 @@ - #include "bf_locl.h" - #include - --/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' -- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, -- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) -+/* -+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From -+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE -+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - --const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT; -+const char BF_version[] = "Blowfish" OPENSSL_VERSION_PTEXT; - - const char *BF_options(void) -- { -+{ - #ifdef BF_PTR -- return("blowfish(ptr)"); -+ return ("blowfish(ptr)"); - #elif defined(BF_PTR2) -- return("blowfish(ptr2)"); -+ return ("blowfish(ptr2)"); - #else -- return("blowfish(idx)"); -+ return ("blowfish(idx)"); - #endif -- } -+} - - void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, -- const BF_KEY *key, int encrypt) -- { -- BF_LONG l,d[2]; -- -- n2l(in,l); d[0]=l; -- n2l(in,l); d[1]=l; -- if (encrypt) -- BF_encrypt(d,key); -- else -- BF_decrypt(d,key); -- l=d[0]; l2n(l,out); -- l=d[1]; l2n(l,out); -- l=d[0]=d[1]=0; -- } -+ const BF_KEY *key, int encrypt) -+{ -+ BF_LONG l, d[2]; - -+ n2l(in, l); -+ d[0] = l; -+ n2l(in, l); -+ d[1] = l; -+ if (encrypt) -+ BF_encrypt(d, key); -+ else -+ BF_decrypt(d, key); -+ l = d[0]; -+ l2n(l, out); -+ l = d[1]; -+ l2n(l, out); -+ l = d[0] = d[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c -index 2d21d09..b268795 100644 ---- a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c -+++ b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,248 +59,242 @@ - #include - #include "bf_locl.h" - --/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' -- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, -- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) -+/* -+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From -+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE -+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - - #if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) --#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ -+# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ - to modify the code. - #endif - - void BF_encrypt(BF_LONG *data, const BF_KEY *key) -- { -+{ - #ifndef BF_PTR2 -- register BF_LONG l,r; -- register const BF_LONG *p,*s; -+ register BF_LONG l, r; -+ register const BF_LONG *p, *s; - -- p=key->P; -- s= &(key->S[0]); -- l=data[0]; -- r=data[1]; -+ p = key->P; -+ s = &(key->S[0]); -+ l = data[0]; -+ r = data[1]; - -- l^=p[0]; -- BF_ENC(r,l,s,p[ 1]); -- BF_ENC(l,r,s,p[ 2]); -- BF_ENC(r,l,s,p[ 3]); -- BF_ENC(l,r,s,p[ 4]); -- BF_ENC(r,l,s,p[ 5]); -- BF_ENC(l,r,s,p[ 6]); -- BF_ENC(r,l,s,p[ 7]); -- BF_ENC(l,r,s,p[ 8]); -- BF_ENC(r,l,s,p[ 9]); -- BF_ENC(l,r,s,p[10]); -- BF_ENC(r,l,s,p[11]); -- BF_ENC(l,r,s,p[12]); -- BF_ENC(r,l,s,p[13]); -- BF_ENC(l,r,s,p[14]); -- BF_ENC(r,l,s,p[15]); -- BF_ENC(l,r,s,p[16]); --#if BF_ROUNDS == 20 -- BF_ENC(r,l,s,p[17]); -- BF_ENC(l,r,s,p[18]); -- BF_ENC(r,l,s,p[19]); -- BF_ENC(l,r,s,p[20]); --#endif -- r^=p[BF_ROUNDS+1]; -+ l ^= p[0]; -+ BF_ENC(r, l, s, p[1]); -+ BF_ENC(l, r, s, p[2]); -+ BF_ENC(r, l, s, p[3]); -+ BF_ENC(l, r, s, p[4]); -+ BF_ENC(r, l, s, p[5]); -+ BF_ENC(l, r, s, p[6]); -+ BF_ENC(r, l, s, p[7]); -+ BF_ENC(l, r, s, p[8]); -+ BF_ENC(r, l, s, p[9]); -+ BF_ENC(l, r, s, p[10]); -+ BF_ENC(r, l, s, p[11]); -+ BF_ENC(l, r, s, p[12]); -+ BF_ENC(r, l, s, p[13]); -+ BF_ENC(l, r, s, p[14]); -+ BF_ENC(r, l, s, p[15]); -+ BF_ENC(l, r, s, p[16]); -+# if BF_ROUNDS == 20 -+ BF_ENC(r, l, s, p[17]); -+ BF_ENC(l, r, s, p[18]); -+ BF_ENC(r, l, s, p[19]); -+ BF_ENC(l, r, s, p[20]); -+# endif -+ r ^= p[BF_ROUNDS + 1]; - -- data[1]=l&0xffffffffL; -- data[0]=r&0xffffffffL; -+ data[1] = l & 0xffffffffL; -+ data[0] = r & 0xffffffffL; - #else -- register BF_LONG l,r,t,*k; -+ register BF_LONG l, r, t, *k; - -- l=data[0]; -- r=data[1]; -- k=(BF_LONG*)key; -+ l = data[0]; -+ r = data[1]; -+ k = (BF_LONG *)key; - -- l^=k[0]; -- BF_ENC(r,l,k, 1); -- BF_ENC(l,r,k, 2); -- BF_ENC(r,l,k, 3); -- BF_ENC(l,r,k, 4); -- BF_ENC(r,l,k, 5); -- BF_ENC(l,r,k, 6); -- BF_ENC(r,l,k, 7); -- BF_ENC(l,r,k, 8); -- BF_ENC(r,l,k, 9); -- BF_ENC(l,r,k,10); -- BF_ENC(r,l,k,11); -- BF_ENC(l,r,k,12); -- BF_ENC(r,l,k,13); -- BF_ENC(l,r,k,14); -- BF_ENC(r,l,k,15); -- BF_ENC(l,r,k,16); --#if BF_ROUNDS == 20 -- BF_ENC(r,l,k,17); -- BF_ENC(l,r,k,18); -- BF_ENC(r,l,k,19); -- BF_ENC(l,r,k,20); --#endif -- r^=k[BF_ROUNDS+1]; -+ l ^= k[0]; -+ BF_ENC(r, l, k, 1); -+ BF_ENC(l, r, k, 2); -+ BF_ENC(r, l, k, 3); -+ BF_ENC(l, r, k, 4); -+ BF_ENC(r, l, k, 5); -+ BF_ENC(l, r, k, 6); -+ BF_ENC(r, l, k, 7); -+ BF_ENC(l, r, k, 8); -+ BF_ENC(r, l, k, 9); -+ BF_ENC(l, r, k, 10); -+ BF_ENC(r, l, k, 11); -+ BF_ENC(l, r, k, 12); -+ BF_ENC(r, l, k, 13); -+ BF_ENC(l, r, k, 14); -+ BF_ENC(r, l, k, 15); -+ BF_ENC(l, r, k, 16); -+# if BF_ROUNDS == 20 -+ BF_ENC(r, l, k, 17); -+ BF_ENC(l, r, k, 18); -+ BF_ENC(r, l, k, 19); -+ BF_ENC(l, r, k, 20); -+# endif -+ r ^= k[BF_ROUNDS + 1]; - -- data[1]=l&0xffffffffL; -- data[0]=r&0xffffffffL; -+ data[1] = l & 0xffffffffL; -+ data[0] = r & 0xffffffffL; - #endif -- } -+} - - #ifndef BF_DEFAULT_OPTIONS - - void BF_decrypt(BF_LONG *data, const BF_KEY *key) -- { --#ifndef BF_PTR2 -- register BF_LONG l,r; -- register const BF_LONG *p,*s; -+{ -+# ifndef BF_PTR2 -+ register BF_LONG l, r; -+ register const BF_LONG *p, *s; - -- p=key->P; -- s= &(key->S[0]); -- l=data[0]; -- r=data[1]; -+ p = key->P; -+ s = &(key->S[0]); -+ l = data[0]; -+ r = data[1]; - -- l^=p[BF_ROUNDS+1]; --#if BF_ROUNDS == 20 -- BF_ENC(r,l,s,p[20]); -- BF_ENC(l,r,s,p[19]); -- BF_ENC(r,l,s,p[18]); -- BF_ENC(l,r,s,p[17]); --#endif -- BF_ENC(r,l,s,p[16]); -- BF_ENC(l,r,s,p[15]); -- BF_ENC(r,l,s,p[14]); -- BF_ENC(l,r,s,p[13]); -- BF_ENC(r,l,s,p[12]); -- BF_ENC(l,r,s,p[11]); -- BF_ENC(r,l,s,p[10]); -- BF_ENC(l,r,s,p[ 9]); -- BF_ENC(r,l,s,p[ 8]); -- BF_ENC(l,r,s,p[ 7]); -- BF_ENC(r,l,s,p[ 6]); -- BF_ENC(l,r,s,p[ 5]); -- BF_ENC(r,l,s,p[ 4]); -- BF_ENC(l,r,s,p[ 3]); -- BF_ENC(r,l,s,p[ 2]); -- BF_ENC(l,r,s,p[ 1]); -- r^=p[0]; -+ l ^= p[BF_ROUNDS + 1]; -+# if BF_ROUNDS == 20 -+ BF_ENC(r, l, s, p[20]); -+ BF_ENC(l, r, s, p[19]); -+ BF_ENC(r, l, s, p[18]); -+ BF_ENC(l, r, s, p[17]); -+# endif -+ BF_ENC(r, l, s, p[16]); -+ BF_ENC(l, r, s, p[15]); -+ BF_ENC(r, l, s, p[14]); -+ BF_ENC(l, r, s, p[13]); -+ BF_ENC(r, l, s, p[12]); -+ BF_ENC(l, r, s, p[11]); -+ BF_ENC(r, l, s, p[10]); -+ BF_ENC(l, r, s, p[9]); -+ BF_ENC(r, l, s, p[8]); -+ BF_ENC(l, r, s, p[7]); -+ BF_ENC(r, l, s, p[6]); -+ BF_ENC(l, r, s, p[5]); -+ BF_ENC(r, l, s, p[4]); -+ BF_ENC(l, r, s, p[3]); -+ BF_ENC(r, l, s, p[2]); -+ BF_ENC(l, r, s, p[1]); -+ r ^= p[0]; - -- data[1]=l&0xffffffffL; -- data[0]=r&0xffffffffL; --#else -- register BF_LONG l,r,t,*k; -+ data[1] = l & 0xffffffffL; -+ data[0] = r & 0xffffffffL; -+# else -+ register BF_LONG l, r, t, *k; - -- l=data[0]; -- r=data[1]; -- k=(BF_LONG *)key; -+ l = data[0]; -+ r = data[1]; -+ k = (BF_LONG *)key; - -- l^=k[BF_ROUNDS+1]; --#if BF_ROUNDS == 20 -- BF_ENC(r,l,k,20); -- BF_ENC(l,r,k,19); -- BF_ENC(r,l,k,18); -- BF_ENC(l,r,k,17); --#endif -- BF_ENC(r,l,k,16); -- BF_ENC(l,r,k,15); -- BF_ENC(r,l,k,14); -- BF_ENC(l,r,k,13); -- BF_ENC(r,l,k,12); -- BF_ENC(l,r,k,11); -- BF_ENC(r,l,k,10); -- BF_ENC(l,r,k, 9); -- BF_ENC(r,l,k, 8); -- BF_ENC(l,r,k, 7); -- BF_ENC(r,l,k, 6); -- BF_ENC(l,r,k, 5); -- BF_ENC(r,l,k, 4); -- BF_ENC(l,r,k, 3); -- BF_ENC(r,l,k, 2); -- BF_ENC(l,r,k, 1); -- r^=k[0]; -+ l ^= k[BF_ROUNDS + 1]; -+# if BF_ROUNDS == 20 -+ BF_ENC(r, l, k, 20); -+ BF_ENC(l, r, k, 19); -+ BF_ENC(r, l, k, 18); -+ BF_ENC(l, r, k, 17); -+# endif -+ BF_ENC(r, l, k, 16); -+ BF_ENC(l, r, k, 15); -+ BF_ENC(r, l, k, 14); -+ BF_ENC(l, r, k, 13); -+ BF_ENC(r, l, k, 12); -+ BF_ENC(l, r, k, 11); -+ BF_ENC(r, l, k, 10); -+ BF_ENC(l, r, k, 9); -+ BF_ENC(r, l, k, 8); -+ BF_ENC(l, r, k, 7); -+ BF_ENC(r, l, k, 6); -+ BF_ENC(l, r, k, 5); -+ BF_ENC(r, l, k, 4); -+ BF_ENC(l, r, k, 3); -+ BF_ENC(r, l, k, 2); -+ BF_ENC(l, r, k, 1); -+ r ^= k[0]; - -- data[1]=l&0xffffffffL; -- data[0]=r&0xffffffffL; --#endif -- } -+ data[1] = l & 0xffffffffL; -+ data[0] = r & 0xffffffffL; -+# endif -+} - - void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, -- const BF_KEY *schedule, unsigned char *ivec, int encrypt) -- { -- register BF_LONG tin0,tin1; -- register BF_LONG tout0,tout1,xor0,xor1; -- register long l=length; -- BF_LONG tin[2]; -+ const BF_KEY *schedule, unsigned char *ivec, int encrypt) -+{ -+ register BF_LONG tin0, tin1; -+ register BF_LONG tout0, tout1, xor0, xor1; -+ register long l = length; -+ BF_LONG tin[2]; - -- if (encrypt) -- { -- n2l(ivec,tout0); -- n2l(ivec,tout1); -- ivec-=8; -- for (l-=8; l>=0; l-=8) -- { -- n2l(in,tin0); -- n2l(in,tin1); -- tin0^=tout0; -- tin1^=tout1; -- tin[0]=tin0; -- tin[1]=tin1; -- BF_encrypt(tin,schedule); -- tout0=tin[0]; -- tout1=tin[1]; -- l2n(tout0,out); -- l2n(tout1,out); -- } -- if (l != -8) -- { -- n2ln(in,tin0,tin1,l+8); -- tin0^=tout0; -- tin1^=tout1; -- tin[0]=tin0; -- tin[1]=tin1; -- BF_encrypt(tin,schedule); -- tout0=tin[0]; -- tout1=tin[1]; -- l2n(tout0,out); -- l2n(tout1,out); -- } -- l2n(tout0,ivec); -- l2n(tout1,ivec); -- } -- else -- { -- n2l(ivec,xor0); -- n2l(ivec,xor1); -- ivec-=8; -- for (l-=8; l>=0; l-=8) -- { -- n2l(in,tin0); -- n2l(in,tin1); -- tin[0]=tin0; -- tin[1]=tin1; -- BF_decrypt(tin,schedule); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- l2n(tout0,out); -- l2n(tout1,out); -- xor0=tin0; -- xor1=tin1; -- } -- if (l != -8) -- { -- n2l(in,tin0); -- n2l(in,tin1); -- tin[0]=tin0; -- tin[1]=tin1; -- BF_decrypt(tin,schedule); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- l2nn(tout0,tout1,out,l+8); -- xor0=tin0; -- xor1=tin1; -- } -- l2n(xor0,ivec); -- l2n(xor1,ivec); -- } -- tin0=tin1=tout0=tout1=xor0=xor1=0; -- tin[0]=tin[1]=0; -- } -+ if (encrypt) { -+ n2l(ivec, tout0); -+ n2l(ivec, tout1); -+ ivec -= 8; -+ for (l -= 8; l >= 0; l -= 8) { -+ n2l(in, tin0); -+ n2l(in, tin1); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ tin[0] = tin0; -+ tin[1] = tin1; -+ BF_encrypt(tin, schedule); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ l2n(tout0, out); -+ l2n(tout1, out); -+ } -+ if (l != -8) { -+ n2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ tin[0] = tin0; -+ tin[1] = tin1; -+ BF_encrypt(tin, schedule); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ l2n(tout0, out); -+ l2n(tout1, out); -+ } -+ l2n(tout0, ivec); -+ l2n(tout1, ivec); -+ } else { -+ n2l(ivec, xor0); -+ n2l(ivec, xor1); -+ ivec -= 8; -+ for (l -= 8; l >= 0; l -= 8) { -+ n2l(in, tin0); -+ n2l(in, tin1); -+ tin[0] = tin0; -+ tin[1] = tin1; -+ BF_decrypt(tin, schedule); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2n(tout0, out); -+ l2n(tout1, out); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ if (l != -8) { -+ n2l(in, tin0); -+ n2l(in, tin1); -+ tin[0] = tin0; -+ tin[1] = tin1; -+ BF_decrypt(tin, schedule); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2nn(tout0, tout1, out, l + 8); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ l2n(xor0, ivec); -+ l2n(xor1, ivec); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c -index f2a9ff6..a8d190b 100644 ---- a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c -+++ b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,52 +59,52 @@ - #include - #include "bf_locl.h" - --/* The input and output encrypted as though 64bit ofb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit ofb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ --void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, -- const BF_KEY *schedule, unsigned char *ivec, int *num) -- { -- register BF_LONG v0,v1,t; -- register int n= *num; -- register long l=length; -- unsigned char d[8]; -- register char *dp; -- BF_LONG ti[2]; -- unsigned char *iv; -- int save=0; -- -- iv=(unsigned char *)ivec; -- n2l(iv,v0); -- n2l(iv,v1); -- ti[0]=v0; -- ti[1]=v1; -- dp=(char *)d; -- l2n(v0,dp); -- l2n(v1,dp); -- while (l--) -- { -- if (n == 0) -- { -- BF_encrypt((BF_LONG *)ti,schedule); -- dp=(char *)d; -- t=ti[0]; l2n(t,dp); -- t=ti[1]; l2n(t,dp); -- save++; -- } -- *(out++)= *(in++)^d[n]; -- n=(n+1)&0x07; -- } -- if (save) -- { -- v0=ti[0]; -- v1=ti[1]; -- iv=(unsigned char *)ivec; -- l2n(v0,iv); -- l2n(v1,iv); -- } -- t=v0=v1=ti[0]=ti[1]=0; -- *num=n; -- } -+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, -+ long length, const BF_KEY *schedule, -+ unsigned char *ivec, int *num) -+{ -+ register BF_LONG v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ unsigned char d[8]; -+ register char *dp; -+ BF_LONG ti[2]; -+ unsigned char *iv; -+ int save = 0; - -+ iv = (unsigned char *)ivec; -+ n2l(iv, v0); -+ n2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ dp = (char *)d; -+ l2n(v0, dp); -+ l2n(v1, dp); -+ while (l--) { -+ if (n == 0) { -+ BF_encrypt((BF_LONG *)ti, schedule); -+ dp = (char *)d; -+ t = ti[0]; -+ l2n(t, dp); -+ t = ti[1]; -+ l2n(t, dp); -+ save++; -+ } -+ *(out++) = *(in++) ^ d[n]; -+ n = (n + 1) & 0x07; -+ } -+ if (save) { -+ v0 = ti[0]; -+ v1 = ti[1]; -+ iv = (unsigned char *)ivec; -+ l2n(v0, iv); -+ l2n(v1, iv); -+ } -+ t = v0 = v1 = ti[0] = ti[1] = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c -index 6ac2aeb..c7b74ff 100644 ---- a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c -+++ b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,61 +61,61 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #include "bf_locl.h" - #include "bf_pi.h" - - FIPS_NON_FIPS_VCIPHER_Init(BF) -- { -- int i; -- BF_LONG *p,ri,in[2]; -- const unsigned char *d,*end; -- -- -- memcpy(key,&bf_init,sizeof(BF_KEY)); -- p=key->P; -+{ -+ int i; -+ BF_LONG *p, ri, in[2]; -+ const unsigned char *d, *end; - -- if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4; -+ memcpy(key, &bf_init, sizeof(BF_KEY)); -+ p = key->P; - -- d=data; -- end= &(data[len]); -- for (i=0; i<(BF_ROUNDS+2); i++) -- { -- ri= *(d++); -- if (d >= end) d=data; -+ if (len > ((BF_ROUNDS + 2) * 4)) -+ len = (BF_ROUNDS + 2) * 4; - -- ri<<=8; -- ri|= *(d++); -- if (d >= end) d=data; -+ d = data; -+ end = &(data[len]); -+ for (i = 0; i < (BF_ROUNDS + 2); i++) { -+ ri = *(d++); -+ if (d >= end) -+ d = data; - -- ri<<=8; -- ri|= *(d++); -- if (d >= end) d=data; -+ ri <<= 8; -+ ri |= *(d++); -+ if (d >= end) -+ d = data; - -- ri<<=8; -- ri|= *(d++); -- if (d >= end) d=data; -+ ri <<= 8; -+ ri |= *(d++); -+ if (d >= end) -+ d = data; - -- p[i]^=ri; -- } -+ ri <<= 8; -+ ri |= *(d++); -+ if (d >= end) -+ d = data; - -- in[0]=0L; -- in[1]=0L; -- for (i=0; i<(BF_ROUNDS+2); i+=2) -- { -- BF_encrypt(in,key); -- p[i ]=in[0]; -- p[i+1]=in[1]; -- } -+ p[i] ^= ri; -+ } - -- p=key->S; -- for (i=0; i<4*256; i+=2) -- { -- BF_encrypt(in,key); -- p[i ]=in[0]; -- p[i+1]=in[1]; -- } -- } -+ in[0] = 0L; -+ in[1] = 0L; -+ for (i = 0; i < (BF_ROUNDS + 2); i += 2) { -+ BF_encrypt(in, key); -+ p[i] = in[0]; -+ p[i + 1] = in[1]; -+ } - -+ p = key->S; -+ for (i = 0; i < 4 * 256; i += 2) { -+ BF_encrypt(in, key); -+ p[i] = in[0]; -+ p[i + 1] = in[1]; -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c -index c80ecc4..3293c72 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/b_dump.c -+++ b/Cryptlib/OpenSSL/crypto/bio/b_dump.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,14 +49,14 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* -+/* - * Stolen from tjh's ssl/ssl_trc.c stuff. - */ - -@@ -65,123 +65,120 @@ - #include "bio_lcl.h" - - #define TRUNCATE --#define DUMP_WIDTH 16 -+#define DUMP_WIDTH 16 - #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) - --int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), -- void *u, const char *s, int len) -- { -- return BIO_dump_indent_cb(cb, u, s, len, 0); -- } -+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), -+ void *u, const char *s, int len) -+{ -+ return BIO_dump_indent_cb(cb, u, s, len, 0); -+} - --int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), -- void *u, const char *s, int len, int indent) -- { -- int ret=0; -- char buf[288+1],tmp[20],str[128+1]; -- int i,j,rows,trc; -- unsigned char ch; -- int dump_width; -+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), -+ void *u, const char *s, int len, int indent) -+{ -+ int ret = 0; -+ char buf[288 + 1], tmp[20], str[128 + 1]; -+ int i, j, rows, trc; -+ unsigned char ch; -+ int dump_width; - -- trc=0; -+ trc = 0; - - #ifdef TRUNCATE -- for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) -- trc++; -+ for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) -+ trc++; - #endif - -- if (indent < 0) -- indent = 0; -- if (indent) -- { -- if (indent > 128) indent=128; -- memset(str,' ',indent); -- } -- str[indent]='\0'; -+ if (indent < 0) -+ indent = 0; -+ if (indent) { -+ if (indent > 128) -+ indent = 128; -+ memset(str, ' ', indent); -+ } -+ str[indent] = '\0'; - -- dump_width=DUMP_WIDTH_LESS_INDENT(indent); -- rows=(len/dump_width); -- if ((rows*dump_width)=len) -- { -- BUF_strlcat(buf," ",sizeof buf); -- } -- else -- { -- ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; -- BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch, -- j==7?'-':' '); -- BUF_strlcat(buf,tmp,sizeof buf); -- } -- } -- BUF_strlcat(buf," ",sizeof buf); -- for(j=0;j=len) -- break; -- ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; -+ dump_width = DUMP_WIDTH_LESS_INDENT(indent); -+ rows = (len / dump_width); -+ if ((rows * dump_width) < len) -+ rows++; -+ for (i = 0; i < rows; i++) { -+ buf[0] = '\0'; /* start with empty string */ -+ BUF_strlcpy(buf, str, sizeof buf); -+ BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); -+ BUF_strlcat(buf, tmp, sizeof buf); -+ for (j = 0; j < dump_width; j++) { -+ if (((i * dump_width) + j) >= len) { -+ BUF_strlcat(buf, " ", sizeof buf); -+ } else { -+ ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; -+ BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, -+ j == 7 ? '-' : ' '); -+ BUF_strlcat(buf, tmp, sizeof buf); -+ } -+ } -+ BUF_strlcat(buf, " ", sizeof buf); -+ for (j = 0; j < dump_width; j++) { -+ if (((i * dump_width) + j) >= len) -+ break; -+ ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; - #ifndef CHARSET_EBCDIC -- BIO_snprintf(tmp,sizeof tmp,"%c", -- ((ch>=' ')&&(ch<='~'))?ch:'.'); -+ BIO_snprintf(tmp, sizeof tmp, "%c", -+ ((ch >= ' ') && (ch <= '~')) ? ch : '.'); - #else -- BIO_snprintf(tmp,sizeof tmp,"%c", -- ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) -- ? os_toebcdic[ch] -- : '.'); -+ BIO_snprintf(tmp, sizeof tmp, "%c", -+ ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) -+ ? os_toebcdic[ch] -+ : '.'); - #endif -- BUF_strlcat(buf,tmp,sizeof buf); -- } -- BUF_strlcat(buf,"\n",sizeof buf); -- /* if this is the last call then update the ddt_dump thing so -- * that we will move the selection point in the debug window -- */ -- ret+=cb((void *)buf,strlen(buf),u); -- } -+ BUF_strlcat(buf, tmp, sizeof buf); -+ } -+ BUF_strlcat(buf, "\n", sizeof buf); -+ /* -+ * if this is the last call then update the ddt_dump thing so that we -+ * will move the selection point in the debug window -+ */ -+ ret += cb((void *)buf, strlen(buf), u); -+ } - #ifdef TRUNCATE -- if (trc > 0) -- { -- BIO_snprintf(buf,sizeof buf,"%s%04x - \n",str, -- len+trc); -- ret+=cb((void *)buf,strlen(buf),u); -- } -+ if (trc > 0) { -+ BIO_snprintf(buf, sizeof buf, "%s%04x - \n", str, -+ len + trc); -+ ret += cb((void *)buf, strlen(buf), u); -+ } - #endif -- return(ret); -- } -+ return (ret); -+} - - #ifndef OPENSSL_NO_FP_API - static int write_fp(const void *data, size_t len, void *fp) -- { -- return UP_fwrite(data, len, 1, fp); -- } -+{ -+ return UP_fwrite(data, len, 1, fp); -+} -+ - int BIO_dump_fp(FILE *fp, const char *s, int len) -- { -- return BIO_dump_cb(write_fp, fp, s, len); -- } -+{ -+ return BIO_dump_cb(write_fp, fp, s, len); -+} -+ - int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent) -- { -- return BIO_dump_indent_cb(write_fp, fp, s, len, indent); -- } -+{ -+ return BIO_dump_indent_cb(write_fp, fp, s, len, indent); -+} - #endif - - static int write_bio(const void *data, size_t len, void *bp) -- { -- return BIO_write((BIO *)bp, (const char *)data, len); -- } -+{ -+ return BIO_write((BIO *)bp, (const char *)data, len); -+} -+ - int BIO_dump(BIO *bp, const char *s, int len) -- { -- return BIO_dump_cb(write_bio, bp, s, len); -- } --int BIO_dump_indent(BIO *bp, const char *s, int len, int indent) -- { -- return BIO_dump_indent_cb(write_bio, bp, s, len, indent); -- } -+{ -+ return BIO_dump_cb(write_bio, bp, s, len); -+} - -+int BIO_dump_indent(BIO *bp, const char *s, int len, int indent) -+{ -+ return BIO_dump_indent_cb(write_bio, bp, s, len, indent); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c -index 4b5a132..478fa16 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,7 +61,7 @@ - #include "cryptlib.h" - #include - --static int buffer_write(BIO *h, const char *buf,int num); -+static int buffer_write(BIO *h, const char *buf, int num); - static int buffer_read(BIO *h, char *buf, int size); - static int buffer_puts(BIO *h, const char *str); - static int buffer_gets(BIO *h, char *str, int size); -@@ -69,444 +69,449 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int buffer_new(BIO *h); - static int buffer_free(BIO *data); - static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); --#define DEFAULT_BUFFER_SIZE 4096 -- --static BIO_METHOD methods_buffer= -- { -- BIO_TYPE_BUFFER, -- "buffer", -- buffer_write, -- buffer_read, -- buffer_puts, -- buffer_gets, -- buffer_ctrl, -- buffer_new, -- buffer_free, -- buffer_callback_ctrl, -- }; -+#define DEFAULT_BUFFER_SIZE 4096 -+ -+static BIO_METHOD methods_buffer = { -+ BIO_TYPE_BUFFER, -+ "buffer", -+ buffer_write, -+ buffer_read, -+ buffer_puts, -+ buffer_gets, -+ buffer_ctrl, -+ buffer_new, -+ buffer_free, -+ buffer_callback_ctrl, -+}; - - BIO_METHOD *BIO_f_buffer(void) -- { -- return(&methods_buffer); -- } -+{ -+ return (&methods_buffer); -+} - - static int buffer_new(BIO *bi) -- { -- BIO_F_BUFFER_CTX *ctx; -- -- ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); -- if (ctx == NULL) return(0); -- ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); -- if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); } -- ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); -- if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); } -- ctx->ibuf_size=DEFAULT_BUFFER_SIZE; -- ctx->obuf_size=DEFAULT_BUFFER_SIZE; -- ctx->ibuf_len=0; -- ctx->ibuf_off=0; -- ctx->obuf_len=0; -- ctx->obuf_off=0; -- -- bi->init=1; -- bi->ptr=(char *)ctx; -- bi->flags=0; -- return(1); -- } -+{ -+ BIO_F_BUFFER_CTX *ctx; -+ -+ ctx = (BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); -+ if (ctx == NULL) -+ return (0); -+ ctx->ibuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); -+ if (ctx->ibuf == NULL) { -+ OPENSSL_free(ctx); -+ return (0); -+ } -+ ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); -+ if (ctx->obuf == NULL) { -+ OPENSSL_free(ctx->ibuf); -+ OPENSSL_free(ctx); -+ return (0); -+ } -+ ctx->ibuf_size = DEFAULT_BUFFER_SIZE; -+ ctx->obuf_size = DEFAULT_BUFFER_SIZE; -+ ctx->ibuf_len = 0; -+ ctx->ibuf_off = 0; -+ ctx->obuf_len = 0; -+ ctx->obuf_off = 0; -+ -+ bi->init = 1; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ return (1); -+} - - static int buffer_free(BIO *a) -- { -- BIO_F_BUFFER_CTX *b; -- -- if (a == NULL) return(0); -- b=(BIO_F_BUFFER_CTX *)a->ptr; -- if (b->ibuf != NULL) OPENSSL_free(b->ibuf); -- if (b->obuf != NULL) OPENSSL_free(b->obuf); -- OPENSSL_free(a->ptr); -- a->ptr=NULL; -- a->init=0; -- a->flags=0; -- return(1); -- } -- -+{ -+ BIO_F_BUFFER_CTX *b; -+ -+ if (a == NULL) -+ return (0); -+ b = (BIO_F_BUFFER_CTX *)a->ptr; -+ if (b->ibuf != NULL) -+ OPENSSL_free(b->ibuf); -+ if (b->obuf != NULL) -+ OPENSSL_free(b->obuf); -+ OPENSSL_free(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); -+} -+ - static int buffer_read(BIO *b, char *out, int outl) -- { -- int i,num=0; -- BIO_F_BUFFER_CTX *ctx; -- -- if (out == NULL) return(0); -- ctx=(BIO_F_BUFFER_CTX *)b->ptr; -- -- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); -- num=0; -- BIO_clear_retry_flags(b); -- --start: -- i=ctx->ibuf_len; -- /* If there is stuff left over, grab it */ -- if (i != 0) -- { -- if (i > outl) i=outl; -- memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i); -- ctx->ibuf_off+=i; -- ctx->ibuf_len-=i; -- num+=i; -- if (outl == i) return(num); -- outl-=i; -- out+=i; -- } -- -- /* We may have done a partial read. try to do more. -- * We have nothing in the buffer. -- * If we get an error and have read some data, just return it -- * and let them retry to get the error again. -- * copy direct to parent address space */ -- if (outl > ctx->ibuf_size) -- { -- for (;;) -- { -- i=BIO_read(b->next_bio,out,outl); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- if (i < 0) return((num > 0)?num:i); -- if (i == 0) return(num); -- } -- num+=i; -- if (outl == i) return(num); -- out+=i; -- outl-=i; -- } -- } -- /* else */ -- -- /* we are going to be doing some buffering */ -- i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- if (i < 0) return((num > 0)?num:i); -- if (i == 0) return(num); -- } -- ctx->ibuf_off=0; -- ctx->ibuf_len=i; -- -- /* Lets re-read using ourselves :-) */ -- goto start; -- } -+{ -+ int i, num = 0; -+ BIO_F_BUFFER_CTX *ctx; -+ -+ if (out == NULL) -+ return (0); -+ ctx = (BIO_F_BUFFER_CTX *)b->ptr; -+ -+ if ((ctx == NULL) || (b->next_bio == NULL)) -+ return (0); -+ num = 0; -+ BIO_clear_retry_flags(b); -+ -+ start: -+ i = ctx->ibuf_len; -+ /* If there is stuff left over, grab it */ -+ if (i != 0) { -+ if (i > outl) -+ i = outl; -+ memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i); -+ ctx->ibuf_off += i; -+ ctx->ibuf_len -= i; -+ num += i; -+ if (outl == i) -+ return (num); -+ outl -= i; -+ out += i; -+ } -+ -+ /* -+ * We may have done a partial read. try to do more. We have nothing in -+ * the buffer. If we get an error and have read some data, just return it -+ * and let them retry to get the error again. copy direct to parent -+ * address space -+ */ -+ if (outl > ctx->ibuf_size) { -+ for (;;) { -+ i = BIO_read(b->next_bio, out, outl); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ if (i < 0) -+ return ((num > 0) ? num : i); -+ if (i == 0) -+ return (num); -+ } -+ num += i; -+ if (outl == i) -+ return (num); -+ out += i; -+ outl -= i; -+ } -+ } -+ /* else */ -+ -+ /* we are going to be doing some buffering */ -+ i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ if (i < 0) -+ return ((num > 0) ? num : i); -+ if (i == 0) -+ return (num); -+ } -+ ctx->ibuf_off = 0; -+ ctx->ibuf_len = i; -+ -+ /* Lets re-read using ourselves :-) */ -+ goto start; -+} - - static int buffer_write(BIO *b, const char *in, int inl) -- { -- int i,num=0; -- BIO_F_BUFFER_CTX *ctx; -- -- if ((in == NULL) || (inl <= 0)) return(0); -- ctx=(BIO_F_BUFFER_CTX *)b->ptr; -- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); -- -- BIO_clear_retry_flags(b); --start: -- i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off); -- /* add to buffer and return */ -- if (i >= inl) -- { -- memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl); -- ctx->obuf_len+=inl; -- return(num+inl); -- } -- /* else */ -- /* stuff already in buffer, so add to it first, then flush */ -- if (ctx->obuf_len != 0) -- { -- if (i > 0) /* lets fill it up if we can */ -- { -- memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i); -- in+=i; -- inl-=i; -- num+=i; -- ctx->obuf_len+=i; -- } -- /* we now have a full buffer needing flushing */ -- for (;;) -- { -- i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]), -- ctx->obuf_len); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- -- if (i < 0) return((num > 0)?num:i); -- if (i == 0) return(num); -- } -- ctx->obuf_off+=i; -- ctx->obuf_len-=i; -- if (ctx->obuf_len == 0) break; -- } -- } -- /* we only get here if the buffer has been flushed and we -- * still have stuff to write */ -- ctx->obuf_off=0; -- -- /* we now have inl bytes to write */ -- while (inl >= ctx->obuf_size) -- { -- i=BIO_write(b->next_bio,in,inl); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- if (i < 0) return((num > 0)?num:i); -- if (i == 0) return(num); -- } -- num+=i; -- in+=i; -- inl-=i; -- if (inl == 0) return(num); -- } -- -- /* copy the rest into the buffer since we have only a small -- * amount left */ -- goto start; -- } -+{ -+ int i, num = 0; -+ BIO_F_BUFFER_CTX *ctx; -+ -+ if ((in == NULL) || (inl <= 0)) -+ return (0); -+ ctx = (BIO_F_BUFFER_CTX *)b->ptr; -+ if ((ctx == NULL) || (b->next_bio == NULL)) -+ return (0); -+ -+ BIO_clear_retry_flags(b); -+ start: -+ i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off); -+ /* add to buffer and return */ -+ if (i >= inl) { -+ memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl); -+ ctx->obuf_len += inl; -+ return (num + inl); -+ } -+ /* else */ -+ /* stuff already in buffer, so add to it first, then flush */ -+ if (ctx->obuf_len != 0) { -+ if (i > 0) { /* lets fill it up if we can */ -+ memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i); -+ in += i; -+ inl -= i; -+ num += i; -+ ctx->obuf_len += i; -+ } -+ /* we now have a full buffer needing flushing */ -+ for (;;) { -+ i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]), -+ ctx->obuf_len); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ -+ if (i < 0) -+ return ((num > 0) ? num : i); -+ if (i == 0) -+ return (num); -+ } -+ ctx->obuf_off += i; -+ ctx->obuf_len -= i; -+ if (ctx->obuf_len == 0) -+ break; -+ } -+ } -+ /* -+ * we only get here if the buffer has been flushed and we still have -+ * stuff to write -+ */ -+ ctx->obuf_off = 0; -+ -+ /* we now have inl bytes to write */ -+ while (inl >= ctx->obuf_size) { -+ i = BIO_write(b->next_bio, in, inl); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ if (i < 0) -+ return ((num > 0) ? num : i); -+ if (i == 0) -+ return (num); -+ } -+ num += i; -+ in += i; -+ inl -= i; -+ if (inl == 0) -+ return (num); -+ } -+ -+ /* -+ * copy the rest into the buffer since we have only a small amount left -+ */ -+ goto start; -+} - - static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- BIO *dbio; -- BIO_F_BUFFER_CTX *ctx; -- long ret=1; -- char *p1,*p2; -- int r,i,*ip; -- int ibs,obs; -- -- ctx=(BIO_F_BUFFER_CTX *)b->ptr; -- -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- ctx->ibuf_off=0; -- ctx->ibuf_len=0; -- ctx->obuf_off=0; -- ctx->obuf_len=0; -- if (b->next_bio == NULL) return(0); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_INFO: -- ret=(long)ctx->obuf_len; -- break; -- case BIO_C_GET_BUFF_NUM_LINES: -- ret=0; -- p1=ctx->ibuf; -- for (i=0; iibuf_len; i++) -- { -- if (p1[ctx->ibuf_off + i] == '\n') ret++; -- } -- break; -- case BIO_CTRL_WPENDING: -- ret=(long)ctx->obuf_len; -- if (ret == 0) -- { -- if (b->next_bio == NULL) return(0); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- } -- break; -- case BIO_CTRL_PENDING: -- ret=(long)ctx->ibuf_len; -- if (ret == 0) -- { -- if (b->next_bio == NULL) return(0); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- } -- break; -- case BIO_C_SET_BUFF_READ_DATA: -- if (num > ctx->ibuf_size) -- { -- p1=OPENSSL_malloc((int)num); -- if (p1 == NULL) goto malloc_error; -- if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf); -- ctx->ibuf=p1; -- } -- ctx->ibuf_off=0; -- ctx->ibuf_len=(int)num; -- memcpy(ctx->ibuf,ptr,(int)num); -- ret=1; -- break; -- case BIO_C_SET_BUFF_SIZE: -- if (ptr != NULL) -- { -- ip=(int *)ptr; -- if (*ip == 0) -- { -- ibs=(int)num; -- obs=ctx->obuf_size; -- } -- else /* if (*ip == 1) */ -- { -- ibs=ctx->ibuf_size; -- obs=(int)num; -- } -- } -- else -- { -- ibs=(int)num; -- obs=(int)num; -- } -- p1=ctx->ibuf; -- p2=ctx->obuf; -- if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) -- { -- p1=(char *)OPENSSL_malloc((int)num); -- if (p1 == NULL) goto malloc_error; -- } -- if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) -- { -- p2=(char *)OPENSSL_malloc((int)num); -- if (p2 == NULL) -- { -- if (p1 != ctx->ibuf) OPENSSL_free(p1); -- goto malloc_error; -- } -- } -- if (ctx->ibuf != p1) -- { -- OPENSSL_free(ctx->ibuf); -- ctx->ibuf=p1; -- ctx->ibuf_off=0; -- ctx->ibuf_len=0; -- ctx->ibuf_size=ibs; -- } -- if (ctx->obuf != p2) -- { -- OPENSSL_free(ctx->obuf); -- ctx->obuf=p2; -- ctx->obuf_off=0; -- ctx->obuf_len=0; -- ctx->obuf_size=obs; -- } -- break; -- case BIO_C_DO_STATE_MACHINE: -- if (b->next_bio == NULL) return(0); -- BIO_clear_retry_flags(b); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- BIO_copy_next_retry(b); -- break; -- -- case BIO_CTRL_FLUSH: -- if (b->next_bio == NULL) return(0); -- if (ctx->obuf_len <= 0) -- { -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- } -- -- for (;;) -- { -- BIO_clear_retry_flags(b); -- if (ctx->obuf_len > 0) -- { -- r=BIO_write(b->next_bio, -- &(ctx->obuf[ctx->obuf_off]), -- ctx->obuf_len); -+{ -+ BIO *dbio; -+ BIO_F_BUFFER_CTX *ctx; -+ long ret = 1; -+ char *p1, *p2; -+ int r, i, *ip; -+ int ibs, obs; -+ -+ ctx = (BIO_F_BUFFER_CTX *)b->ptr; -+ -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ ctx->ibuf_off = 0; -+ ctx->ibuf_len = 0; -+ ctx->obuf_off = 0; -+ ctx->obuf_len = 0; -+ if (b->next_bio == NULL) -+ return (0); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_INFO: -+ ret = (long)ctx->obuf_len; -+ break; -+ case BIO_C_GET_BUFF_NUM_LINES: -+ ret = 0; -+ p1 = ctx->ibuf; -+ for (i = 0; i < ctx->ibuf_len; i++) { -+ if (p1[ctx->ibuf_off + i] == '\n') -+ ret++; -+ } -+ break; -+ case BIO_CTRL_WPENDING: -+ ret = (long)ctx->obuf_len; -+ if (ret == 0) { -+ if (b->next_bio == NULL) -+ return (0); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ } -+ break; -+ case BIO_CTRL_PENDING: -+ ret = (long)ctx->ibuf_len; -+ if (ret == 0) { -+ if (b->next_bio == NULL) -+ return (0); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ } -+ break; -+ case BIO_C_SET_BUFF_READ_DATA: -+ if (num > ctx->ibuf_size) { -+ p1 = OPENSSL_malloc((int)num); -+ if (p1 == NULL) -+ goto malloc_error; -+ if (ctx->ibuf != NULL) -+ OPENSSL_free(ctx->ibuf); -+ ctx->ibuf = p1; -+ } -+ ctx->ibuf_off = 0; -+ ctx->ibuf_len = (int)num; -+ memcpy(ctx->ibuf, ptr, (int)num); -+ ret = 1; -+ break; -+ case BIO_C_SET_BUFF_SIZE: -+ if (ptr != NULL) { -+ ip = (int *)ptr; -+ if (*ip == 0) { -+ ibs = (int)num; -+ obs = ctx->obuf_size; -+ } else { /* if (*ip == 1) */ -+ -+ ibs = ctx->ibuf_size; -+ obs = (int)num; -+ } -+ } else { -+ ibs = (int)num; -+ obs = (int)num; -+ } -+ p1 = ctx->ibuf; -+ p2 = ctx->obuf; -+ if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) { -+ p1 = (char *)OPENSSL_malloc((int)num); -+ if (p1 == NULL) -+ goto malloc_error; -+ } -+ if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) { -+ p2 = (char *)OPENSSL_malloc((int)num); -+ if (p2 == NULL) { -+ if (p1 != ctx->ibuf) -+ OPENSSL_free(p1); -+ goto malloc_error; -+ } -+ } -+ if (ctx->ibuf != p1) { -+ OPENSSL_free(ctx->ibuf); -+ ctx->ibuf = p1; -+ ctx->ibuf_off = 0; -+ ctx->ibuf_len = 0; -+ ctx->ibuf_size = ibs; -+ } -+ if (ctx->obuf != p2) { -+ OPENSSL_free(ctx->obuf); -+ ctx->obuf = p2; -+ ctx->obuf_off = 0; -+ ctx->obuf_len = 0; -+ ctx->obuf_size = obs; -+ } -+ break; -+ case BIO_C_DO_STATE_MACHINE: -+ if (b->next_bio == NULL) -+ return (0); -+ BIO_clear_retry_flags(b); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ BIO_copy_next_retry(b); -+ break; -+ -+ case BIO_CTRL_FLUSH: -+ if (b->next_bio == NULL) -+ return (0); -+ if (ctx->obuf_len <= 0) { -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ } -+ -+ for (;;) { -+ BIO_clear_retry_flags(b); -+ if (ctx->obuf_len > 0) { -+ r = BIO_write(b->next_bio, -+ &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); - #if 0 --fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r); -+ fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off, -+ ctx->obuf_len, r); - #endif -- BIO_copy_next_retry(b); -- if (r <= 0) return((long)r); -- ctx->obuf_off+=r; -- ctx->obuf_len-=r; -- } -- else -- { -- ctx->obuf_len=0; -- ctx->obuf_off=0; -- ret=1; -- break; -- } -- } -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_DUP: -- dbio=(BIO *)ptr; -- if ( !BIO_set_read_buffer_size(dbio,ctx->ibuf_size) || -- !BIO_set_write_buffer_size(dbio,ctx->obuf_size)) -- ret=0; -- break; -- default: -- if (b->next_bio == NULL) return(0); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- } -- return(ret); --malloc_error: -- BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE); -- return(0); -- } -+ BIO_copy_next_retry(b); -+ if (r <= 0) -+ return ((long)r); -+ ctx->obuf_off += r; -+ ctx->obuf_len -= r; -+ } else { -+ ctx->obuf_len = 0; -+ ctx->obuf_off = 0; -+ ret = 1; -+ break; -+ } -+ } -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_DUP: -+ dbio = (BIO *)ptr; -+ if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) || -+ !BIO_set_write_buffer_size(dbio, ctx->obuf_size)) -+ ret = 0; -+ break; -+ default: -+ if (b->next_bio == NULL) -+ return (0); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ } -+ return (ret); -+ malloc_error: -+ BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE); -+ return (0); -+} - - static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -- { -- long ret=1; -- -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- default: -- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); -- break; -- } -- return(ret); -- } -+{ -+ long ret = 1; -+ -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ default: -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); -+ break; -+ } -+ return (ret); -+} - - static int buffer_gets(BIO *b, char *buf, int size) -- { -- BIO_F_BUFFER_CTX *ctx; -- int num=0,i,flag; -- char *p; -- -- ctx=(BIO_F_BUFFER_CTX *)b->ptr; -- size--; /* reserve space for a '\0' */ -- BIO_clear_retry_flags(b); -- -- for (;;) -- { -- if (ctx->ibuf_len > 0) -- { -- p= &(ctx->ibuf[ctx->ibuf_off]); -- flag=0; -- for (i=0; (iibuf_len) && (iibuf_len-=i; -- ctx->ibuf_off+=i; -- if (flag || size == 0) -- { -- *buf='\0'; -- return(num); -- } -- } -- else /* read another chunk */ -- { -- i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- *buf='\0'; -- if (i < 0) return((num > 0)?num:i); -- if (i == 0) return(num); -- } -- ctx->ibuf_len=i; -- ctx->ibuf_off=0; -- } -- } -- } -+{ -+ BIO_F_BUFFER_CTX *ctx; -+ int num = 0, i, flag; -+ char *p; -+ -+ ctx = (BIO_F_BUFFER_CTX *)b->ptr; -+ size--; /* reserve space for a '\0' */ -+ BIO_clear_retry_flags(b); -+ -+ for (;;) { -+ if (ctx->ibuf_len > 0) { -+ p = &(ctx->ibuf[ctx->ibuf_off]); -+ flag = 0; -+ for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) { -+ *(buf++) = p[i]; -+ if (p[i] == '\n') { -+ flag = 1; -+ i++; -+ break; -+ } -+ } -+ num += i; -+ size -= i; -+ ctx->ibuf_len -= i; -+ ctx->ibuf_off += i; -+ if (flag || size == 0) { -+ *buf = '\0'; -+ return (num); -+ } -+ } else { /* read another chunk */ -+ -+ i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ *buf = '\0'; -+ if (i < 0) -+ return ((num > 0) ? num : i); -+ if (i == 0) -+ return (num); -+ } -+ ctx->ibuf_len = i; -+ ctx->ibuf_off = 0; -+ } -+ } -+} - - static int buffer_puts(BIO *b, const char *str) -- { -- return(buffer_write(b,str,strlen(str))); -- } -- -+{ -+ return (buffer_write(b, str, strlen(str))); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c -index 028616c..da88a8a 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,192 +62,190 @@ - #include - #include - --/* BIO_put and BIO_get both add to the digest, -- * BIO_gets returns the digest */ -+/* -+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest -+ */ - --static int nbiof_write(BIO *h,const char *buf,int num); --static int nbiof_read(BIO *h,char *buf,int size); --static int nbiof_puts(BIO *h,const char *str); --static int nbiof_gets(BIO *h,char *str,int size); --static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2); -+static int nbiof_write(BIO *h, const char *buf, int num); -+static int nbiof_read(BIO *h, char *buf, int size); -+static int nbiof_puts(BIO *h, const char *str); -+static int nbiof_gets(BIO *h, char *str, int size); -+static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int nbiof_new(BIO *h); - static int nbiof_free(BIO *data); --static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); --typedef struct nbio_test_st -- { -- /* only set if we sent a 'should retry' error */ -- int lrn; -- int lwn; -- } NBIO_TEST; -- --static BIO_METHOD methods_nbiof= -- { -- BIO_TYPE_NBIO_TEST, -- "non-blocking IO test filter", -- nbiof_write, -- nbiof_read, -- nbiof_puts, -- nbiof_gets, -- nbiof_ctrl, -- nbiof_new, -- nbiof_free, -- nbiof_callback_ctrl, -- }; -+static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -+typedef struct nbio_test_st { -+ /* only set if we sent a 'should retry' error */ -+ int lrn; -+ int lwn; -+} NBIO_TEST; -+ -+static BIO_METHOD methods_nbiof = { -+ BIO_TYPE_NBIO_TEST, -+ "non-blocking IO test filter", -+ nbiof_write, -+ nbiof_read, -+ nbiof_puts, -+ nbiof_gets, -+ nbiof_ctrl, -+ nbiof_new, -+ nbiof_free, -+ nbiof_callback_ctrl, -+}; - - BIO_METHOD *BIO_f_nbio_test(void) -- { -- return(&methods_nbiof); -- } -+{ -+ return (&methods_nbiof); -+} - - static int nbiof_new(BIO *bi) -- { -- NBIO_TEST *nt; -- -- if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0); -- nt->lrn= -1; -- nt->lwn= -1; -- bi->ptr=(char *)nt; -- bi->init=1; -- bi->flags=0; -- return(1); -- } -+{ -+ NBIO_TEST *nt; -+ -+ if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) -+ return (0); -+ nt->lrn = -1; -+ nt->lwn = -1; -+ bi->ptr = (char *)nt; -+ bi->init = 1; -+ bi->flags = 0; -+ return (1); -+} - - static int nbiof_free(BIO *a) -- { -- if (a == NULL) return(0); -- if (a->ptr != NULL) -- OPENSSL_free(a->ptr); -- a->ptr=NULL; -- a->init=0; -- a->flags=0; -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ if (a->ptr != NULL) -+ OPENSSL_free(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); -+} -+ - static int nbiof_read(BIO *b, char *out, int outl) -- { -- int ret=0; -+{ -+ int ret = 0; - #if 1 -- int num; -- unsigned char n; -+ int num; -+ unsigned char n; - #endif - -- if (out == NULL) return(0); -- if (b->next_bio == NULL) return(0); -+ if (out == NULL) -+ return (0); -+ if (b->next_bio == NULL) -+ return (0); - -- BIO_clear_retry_flags(b); -+ BIO_clear_retry_flags(b); - #if 1 -- RAND_pseudo_bytes(&n,1); -- num=(n&0x07); -+ RAND_pseudo_bytes(&n, 1); -+ num = (n & 0x07); - -- if (outl > num) outl=num; -+ if (outl > num) -+ outl = num; - -- if (num == 0) -- { -- ret= -1; -- BIO_set_retry_read(b); -- } -- else -+ if (num == 0) { -+ ret = -1; -+ BIO_set_retry_read(b); -+ } else - #endif -- { -- ret=BIO_read(b->next_bio,out,outl); -- if (ret < 0) -- BIO_copy_next_retry(b); -- } -- return(ret); -- } -+ { -+ ret = BIO_read(b->next_bio, out, outl); -+ if (ret < 0) -+ BIO_copy_next_retry(b); -+ } -+ return (ret); -+} - - static int nbiof_write(BIO *b, const char *in, int inl) -- { -- NBIO_TEST *nt; -- int ret=0; -- int num; -- unsigned char n; -+{ -+ NBIO_TEST *nt; -+ int ret = 0; -+ int num; -+ unsigned char n; - -- if ((in == NULL) || (inl <= 0)) return(0); -- if (b->next_bio == NULL) return(0); -- nt=(NBIO_TEST *)b->ptr; -+ if ((in == NULL) || (inl <= 0)) -+ return (0); -+ if (b->next_bio == NULL) -+ return (0); -+ nt = (NBIO_TEST *)b->ptr; - -- BIO_clear_retry_flags(b); -+ BIO_clear_retry_flags(b); - - #if 1 -- if (nt->lwn > 0) -- { -- num=nt->lwn; -- nt->lwn=0; -- } -- else -- { -- RAND_pseudo_bytes(&n,1); -- num=(n&7); -- } -- -- if (inl > num) inl=num; -- -- if (num == 0) -- { -- ret= -1; -- BIO_set_retry_write(b); -- } -- else -+ if (nt->lwn > 0) { -+ num = nt->lwn; -+ nt->lwn = 0; -+ } else { -+ RAND_pseudo_bytes(&n, 1); -+ num = (n & 7); -+ } -+ -+ if (inl > num) -+ inl = num; -+ -+ if (num == 0) { -+ ret = -1; -+ BIO_set_retry_write(b); -+ } else - #endif -- { -- ret=BIO_write(b->next_bio,in,inl); -- if (ret < 0) -- { -- BIO_copy_next_retry(b); -- nt->lwn=inl; -- } -- } -- return(ret); -- } -+ { -+ ret = BIO_write(b->next_bio, in, inl); -+ if (ret < 0) { -+ BIO_copy_next_retry(b); -+ nt->lwn = inl; -+ } -+ } -+ return (ret); -+} - - static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- long ret; -- -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- case BIO_C_DO_STATE_MACHINE: -- BIO_clear_retry_flags(b); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- BIO_copy_next_retry(b); -- break; -- case BIO_CTRL_DUP: -- ret=0L; -- break; -- default: -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- } -- return(ret); -- } -+{ -+ long ret; -+ -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ case BIO_C_DO_STATE_MACHINE: -+ BIO_clear_retry_flags(b); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ BIO_copy_next_retry(b); -+ break; -+ case BIO_CTRL_DUP: -+ ret = 0L; -+ break; -+ default: -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ } -+ return (ret); -+} - - static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -- { -- long ret=1; -- -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- default: -- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); -- break; -- } -- return(ret); -- } -+{ -+ long ret = 1; -+ -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ default: -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); -+ break; -+ } -+ return (ret); -+} - - static int nbiof_gets(BIO *bp, char *buf, int size) -- { -- if (bp->next_bio == NULL) return(0); -- return(BIO_gets(bp->next_bio,buf,size)); -- } -- -+{ -+ if (bp->next_bio == NULL) -+ return (0); -+ return (BIO_gets(bp->next_bio, buf, size)); -+} - - static int nbiof_puts(BIO *bp, const char *str) -- { -- if (bp->next_bio == NULL) return(0); -- return(BIO_puts(bp->next_bio,str)); -- } -- -- -+{ -+ if (bp->next_bio == NULL) -+ return (0); -+ return (BIO_puts(bp->next_bio, str)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c -index c1bf39a..e0c79e8 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bf_null.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bf_null.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,8 +61,9 @@ - #include "cryptlib.h" - #include - --/* BIO_put and BIO_get both add to the digest, -- * BIO_gets returns the digest */ -+/* -+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest -+ */ - - static int nullf_write(BIO *h, const char *buf, int num); - static int nullf_read(BIO *h, char *buf, int size); -@@ -72,112 +73,117 @@ static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int nullf_new(BIO *h); - static int nullf_free(BIO *data); - static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); --static BIO_METHOD methods_nullf= -- { -- BIO_TYPE_NULL_FILTER, -- "NULL filter", -- nullf_write, -- nullf_read, -- nullf_puts, -- nullf_gets, -- nullf_ctrl, -- nullf_new, -- nullf_free, -- nullf_callback_ctrl, -- }; -+static BIO_METHOD methods_nullf = { -+ BIO_TYPE_NULL_FILTER, -+ "NULL filter", -+ nullf_write, -+ nullf_read, -+ nullf_puts, -+ nullf_gets, -+ nullf_ctrl, -+ nullf_new, -+ nullf_free, -+ nullf_callback_ctrl, -+}; - - BIO_METHOD *BIO_f_null(void) -- { -- return(&methods_nullf); -- } -+{ -+ return (&methods_nullf); -+} - - static int nullf_new(BIO *bi) -- { -- bi->init=1; -- bi->ptr=NULL; -- bi->flags=0; -- return(1); -- } -+{ -+ bi->init = 1; -+ bi->ptr = NULL; -+ bi->flags = 0; -+ return (1); -+} - - static int nullf_free(BIO *a) -- { -- if (a == NULL) return(0); --/* a->ptr=NULL; -- a->init=0; -- a->flags=0;*/ -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ /*- -+ a->ptr=NULL; -+ a->init=0; -+ a->flags=0; -+ */ -+ return (1); -+} -+ - static int nullf_read(BIO *b, char *out, int outl) -- { -- int ret=0; -- -- if (out == NULL) return(0); -- if (b->next_bio == NULL) return(0); -- ret=BIO_read(b->next_bio,out,outl); -- BIO_clear_retry_flags(b); -- BIO_copy_next_retry(b); -- return(ret); -- } -+{ -+ int ret = 0; -+ -+ if (out == NULL) -+ return (0); -+ if (b->next_bio == NULL) -+ return (0); -+ ret = BIO_read(b->next_bio, out, outl); -+ BIO_clear_retry_flags(b); -+ BIO_copy_next_retry(b); -+ return (ret); -+} - - static int nullf_write(BIO *b, const char *in, int inl) -- { -- int ret=0; -- -- if ((in == NULL) || (inl <= 0)) return(0); -- if (b->next_bio == NULL) return(0); -- ret=BIO_write(b->next_bio,in,inl); -- BIO_clear_retry_flags(b); -- BIO_copy_next_retry(b); -- return(ret); -- } -+{ -+ int ret = 0; -+ -+ if ((in == NULL) || (inl <= 0)) -+ return (0); -+ if (b->next_bio == NULL) -+ return (0); -+ ret = BIO_write(b->next_bio, in, inl); -+ BIO_clear_retry_flags(b); -+ BIO_copy_next_retry(b); -+ return (ret); -+} - - static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- long ret; -- -- if (b->next_bio == NULL) return(0); -- switch(cmd) -- { -- case BIO_C_DO_STATE_MACHINE: -- BIO_clear_retry_flags(b); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- BIO_copy_next_retry(b); -- break; -- case BIO_CTRL_DUP: -- ret=0L; -- break; -- default: -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- } -- return(ret); -- } -+{ -+ long ret; -+ -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ case BIO_C_DO_STATE_MACHINE: -+ BIO_clear_retry_flags(b); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ BIO_copy_next_retry(b); -+ break; -+ case BIO_CTRL_DUP: -+ ret = 0L; -+ break; -+ default: -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ } -+ return (ret); -+} - - static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -- { -- long ret=1; -- -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- default: -- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); -- break; -- } -- return(ret); -- } -+{ -+ long ret = 1; -+ -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ default: -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); -+ break; -+ } -+ return (ret); -+} - - static int nullf_gets(BIO *bp, char *buf, int size) -- { -- if (bp->next_bio == NULL) return(0); -- return(BIO_gets(bp->next_bio,buf,size)); -- } -- -+{ -+ if (bp->next_bio == NULL) -+ return (0); -+ return (BIO_gets(bp->next_bio, buf, size)); -+} - - static int nullf_puts(BIO *bp, const char *str) -- { -- if (bp->next_bio == NULL) return(0); -- return(BIO_puts(bp->next_bio,str)); -- } -- -- -+{ -+ if (bp->next_bio == NULL) -+ return (0); -+ return (BIO_puts(bp->next_bio, str)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c -index 6f4254a..b24daf7 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,76 +64,75 @@ - #include - - long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, -- int argi, long argl, long ret) -- { -- BIO *b; -- MS_STATIC char buf[256]; -- char *p; -- long r=1; -- size_t p_maxlen; -+ int argi, long argl, long ret) -+{ -+ BIO *b; -+ MS_STATIC char buf[256]; -+ char *p; -+ long r = 1; -+ size_t p_maxlen; - -- if (BIO_CB_RETURN & cmd) -- r=ret; -+ if (BIO_CB_RETURN & cmd) -+ r = ret; - -- BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio); -- p= &(buf[14]); -- p_maxlen = sizeof buf - 14; -- switch (cmd) -- { -- case BIO_CB_FREE: -- BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name); -- break; -- case BIO_CB_READ: -- if (bio->method->type & BIO_TYPE_DESCRIPTOR) -- BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n", -- bio->num,argi,bio->method->name,bio->num); -- else -- BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n", -- bio->num,argi,bio->method->name); -- break; -- case BIO_CB_WRITE: -- if (bio->method->type & BIO_TYPE_DESCRIPTOR) -- BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n", -- bio->num,argi,bio->method->name,bio->num); -- else -- BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n", -- bio->num,argi,bio->method->name); -- break; -- case BIO_CB_PUTS: -- BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name); -- break; -- case BIO_CB_GETS: -- BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name); -- break; -- case BIO_CB_CTRL: -- BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name); -- break; -- case BIO_CB_RETURN|BIO_CB_READ: -- BIO_snprintf(p,p_maxlen,"read return %ld\n",ret); -- break; -- case BIO_CB_RETURN|BIO_CB_WRITE: -- BIO_snprintf(p,p_maxlen,"write return %ld\n",ret); -- break; -- case BIO_CB_RETURN|BIO_CB_GETS: -- BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret); -- break; -- case BIO_CB_RETURN|BIO_CB_PUTS: -- BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret); -- break; -- case BIO_CB_RETURN|BIO_CB_CTRL: -- BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret); -- break; -- default: -- BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd); -- break; -- } -+ BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio); -+ p = &(buf[14]); -+ p_maxlen = sizeof buf - 14; -+ switch (cmd) { -+ case BIO_CB_FREE: -+ BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); -+ break; -+ case BIO_CB_READ: -+ if (bio->method->type & BIO_TYPE_DESCRIPTOR) -+ BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s fd=%d\n", -+ bio->num, argi, bio->method->name, bio->num); -+ else -+ BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s\n", -+ bio->num, argi, bio->method->name); -+ break; -+ case BIO_CB_WRITE: -+ if (bio->method->type & BIO_TYPE_DESCRIPTOR) -+ BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s fd=%d\n", -+ bio->num, argi, bio->method->name, bio->num); -+ else -+ BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s\n", -+ bio->num, argi, bio->method->name); -+ break; -+ case BIO_CB_PUTS: -+ BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name); -+ break; -+ case BIO_CB_GETS: -+ BIO_snprintf(p, p_maxlen, "gets(%d) - %s\n", argi, bio->method->name); -+ break; -+ case BIO_CB_CTRL: -+ BIO_snprintf(p, p_maxlen, "ctrl(%d) - %s\n", argi, bio->method->name); -+ break; -+ case BIO_CB_RETURN | BIO_CB_READ: -+ BIO_snprintf(p, p_maxlen, "read return %ld\n", ret); -+ break; -+ case BIO_CB_RETURN | BIO_CB_WRITE: -+ BIO_snprintf(p, p_maxlen, "write return %ld\n", ret); -+ break; -+ case BIO_CB_RETURN | BIO_CB_GETS: -+ BIO_snprintf(p, p_maxlen, "gets return %ld\n", ret); -+ break; -+ case BIO_CB_RETURN | BIO_CB_PUTS: -+ BIO_snprintf(p, p_maxlen, "puts return %ld\n", ret); -+ break; -+ case BIO_CB_RETURN | BIO_CB_CTRL: -+ BIO_snprintf(p, p_maxlen, "ctrl return %ld\n", ret); -+ break; -+ default: -+ BIO_snprintf(p, p_maxlen, "bio callback - unknown type (%d)\n", cmd); -+ break; -+ } - -- b=(BIO *)bio->cb_arg; -- if (b != NULL) -- BIO_write(b,buf,strlen(buf)); -+ b = (BIO *)bio->cb_arg; -+ if (b != NULL) -+ BIO_write(b, buf, strlen(buf)); - #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) -- else -- fputs(buf,stderr); -+ else -+ fputs(buf, stderr); - #endif -- return(r); -- } -+ return (r); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c -index 6603f1c..3a838ff 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_err.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bio_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,90 +66,90 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) - --static ERR_STRING_DATA BIO_str_functs[]= -- { --{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, --{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, --{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, --{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, --{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, --{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, --{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, --{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"}, --{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, --{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, --{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"}, --{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, --{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, --{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, --{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"}, --{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"}, --{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"}, --{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"}, --{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"}, --{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, --{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, --{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, --{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, --{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, --{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, --{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, --{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, --{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, --{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"}, --{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"}, --{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, --{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"}, --{0,NULL} -- }; -+static ERR_STRING_DATA BIO_str_functs[] = { -+ {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, -+ {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, -+ {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, -+ {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, -+ {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, -+ {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, -+ {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, -+ {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"}, -+ {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, -+ {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, -+ {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"}, -+ {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, -+ {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, -+ {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, -+ {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"}, -+ {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"}, -+ {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"}, -+ {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"}, -+ {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"}, -+ {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, -+ {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, -+ {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, -+ {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, -+ {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, -+ {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, -+ {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, -+ {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, -+ {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, -+ {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"}, -+ {ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"}, -+ {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, -+ {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA BIO_str_reasons[]= -- { --{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"}, --{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"}, --{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"}, --{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"}, --{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"}, --{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"}, --{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"}, --{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"}, --{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"}, --{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"}, --{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"}, --{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"}, --{ERR_REASON(BIO_R_IN_USE) ,"in use"}, --{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"}, --{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"}, --{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"}, --{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"}, --{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"}, --{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"}, --{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"}, --{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"}, --{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"}, --{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"}, --{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"}, --{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"}, --{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"}, --{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"}, --{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"}, --{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"}, --{0,NULL} -- }; -+static ERR_STRING_DATA BIO_str_reasons[] = { -+ {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"}, -+ {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"}, -+ {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP), "bad hostname lookup"}, -+ {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"}, -+ {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"}, -+ {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO), "EOF on memory BIO"}, -+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO), "error setting nbio"}, -+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET), -+ "error setting nbio on accepted socket"}, -+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET), -+ "error setting nbio on accept socket"}, -+ {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), -+ "gethostbyname addr is not af inet"}, -+ {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"}, -+ {ERR_REASON(BIO_R_INVALID_IP_ADDRESS), "invalid ip address"}, -+ {ERR_REASON(BIO_R_IN_USE), "in use"}, -+ {ERR_REASON(BIO_R_KEEPALIVE), "keepalive"}, -+ {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"}, -+ {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"}, -+ {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED), "no hostname specified"}, -+ {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"}, -+ {ERR_REASON(BIO_R_NO_PORT_SPECIFIED), "no port specified"}, -+ {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"}, -+ {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"}, -+ {ERR_REASON(BIO_R_TAG_MISMATCH), "tag mismatch"}, -+ {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"}, -+ {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"}, -+ {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"}, -+ {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"}, -+ {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"}, -+ {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"}, -+ {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_BIO_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,BIO_str_functs); -- ERR_load_strings(0,BIO_str_reasons); -- } -+ if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, BIO_str_functs); -+ ERR_load_strings(0, BIO_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -index 6346c19..bb284be 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,539 +64,531 @@ - #include - - BIO *BIO_new(BIO_METHOD *method) -- { -- BIO *ret=NULL; -- -- ret=(BIO *)OPENSSL_malloc(sizeof(BIO)); -- if (ret == NULL) -- { -- BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- if (!BIO_set(ret,method)) -- { -- OPENSSL_free(ret); -- ret=NULL; -- } -- return(ret); -- } -+{ -+ BIO *ret = NULL; -+ -+ ret = (BIO *)OPENSSL_malloc(sizeof(BIO)); -+ if (ret == NULL) { -+ BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ if (!BIO_set(ret, method)) { -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+ return (ret); -+} - - int BIO_set(BIO *bio, BIO_METHOD *method) -- { -- bio->method=method; -- bio->callback=NULL; -- bio->cb_arg=NULL; -- bio->init=0; -- bio->shutdown=1; -- bio->flags=0; -- bio->retry_reason=0; -- bio->num=0; -- bio->ptr=NULL; -- bio->prev_bio=NULL; -- bio->next_bio=NULL; -- bio->references=1; -- bio->num_read=0L; -- bio->num_write=0L; -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); -- if (method->create != NULL) -- if (!method->create(bio)) -- { -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, -- &bio->ex_data); -- return(0); -- } -- return(1); -- } -+{ -+ bio->method = method; -+ bio->callback = NULL; -+ bio->cb_arg = NULL; -+ bio->init = 0; -+ bio->shutdown = 1; -+ bio->flags = 0; -+ bio->retry_reason = 0; -+ bio->num = 0; -+ bio->ptr = NULL; -+ bio->prev_bio = NULL; -+ bio->next_bio = NULL; -+ bio->references = 1; -+ bio->num_read = 0L; -+ bio->num_write = 0L; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); -+ if (method->create != NULL) -+ if (!method->create(bio)) { -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); -+ return (0); -+ } -+ return (1); -+} - - int BIO_free(BIO *a) -- { -- int i; -+{ -+ int i; - -- if (a == NULL) return(0); -+ if (a == NULL) -+ return (0); - -- i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO); -+ i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO); - #ifdef REF_PRINT -- REF_PRINT("BIO",a); -+ REF_PRINT("BIO", a); - #endif -- if (i > 0) return(1); -+ if (i > 0) -+ return (1); - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"BIO_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "BIO_free, bad reference count\n"); -+ abort(); -+ } - #endif -- if ((a->callback != NULL) && -- ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0)) -- return(i); -+ if ((a->callback != NULL) && -+ ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0)) -+ return (i); - -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - -- if ((a->method != NULL) && (a->method->destroy != NULL)) -- a->method->destroy(a); -- OPENSSL_free(a); -- return(1); -- } -+ if ((a->method != NULL) && (a->method->destroy != NULL)) -+ a->method->destroy(a); -+ OPENSSL_free(a); -+ return (1); -+} - - void BIO_vfree(BIO *a) -- { BIO_free(a); } -+{ -+ BIO_free(a); -+} - - void BIO_clear_flags(BIO *b, int flags) -- { -- b->flags &= ~flags; -- } -- --int BIO_test_flags(const BIO *b, int flags) -- { -- return (b->flags & flags); -- } -- --void BIO_set_flags(BIO *b, int flags) -- { -- b->flags |= flags; -- } -- --long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long) -- { -- return b->callback; -- } -- --void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long)) -- { -- b->callback = cb; -- } -+{ -+ b->flags &= ~flags; -+} -+ -+int BIO_test_flags(const BIO *b, int flags) -+{ -+ return (b->flags & flags); -+} -+ -+void BIO_set_flags(BIO *b, int flags) -+{ -+ b->flags |= flags; -+} -+ -+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *, -+ int, long, long) { -+ return b->callback; -+} -+ -+void BIO_set_callback(BIO *b, -+ long (*cb) (struct bio_st *, int, const char *, int, -+ long, long)) -+{ -+ b->callback = cb; -+} - - void BIO_set_callback_arg(BIO *b, char *arg) -- { -- b->cb_arg = arg; -- } -+{ -+ b->cb_arg = arg; -+} - --char * BIO_get_callback_arg(const BIO *b) -- { -- return b->cb_arg; -- } -+char *BIO_get_callback_arg(const BIO *b) -+{ -+ return b->cb_arg; -+} - --const char * BIO_method_name(const BIO *b) -- { -- return b->method->name; -- } -+const char *BIO_method_name(const BIO *b) -+{ -+ return b->method->name; -+} - - int BIO_method_type(const BIO *b) -- { -- return b->method->type; -- } -- -+{ -+ return b->method->type; -+} - - int BIO_read(BIO *b, void *out, int outl) -- { -- int i; -- long (*cb)(BIO *,int,const char *,int,long,long); -+{ -+ int i; -+ long (*cb) (BIO *, int, const char *, int, long, long); - -- if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) -- { -- BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD); -- return(-2); -- } -+ if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) { -+ BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD); -+ return (-2); -+ } - -- cb=b->callback; -- if ((cb != NULL) && -- ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0)) -- return(i); -+ cb = b->callback; -+ if ((cb != NULL) && -+ ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0)) -+ return (i); - -- if (!b->init) -- { -- BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED); -- return(-2); -- } -+ if (!b->init) { -+ BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED); -+ return (-2); -+ } - -- i=b->method->bread(b,out,outl); -+ i = b->method->bread(b, out, outl); - -- if (i > 0) b->num_read+=(unsigned long)i; -+ if (i > 0) -+ b->num_read += (unsigned long)i; - -- if (cb != NULL) -- i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl, -- 0L,(long)i); -- return(i); -- } -+ if (cb != NULL) -+ i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i); -+ return (i); -+} - - int BIO_write(BIO *b, const void *in, int inl) -- { -- int i; -- long (*cb)(BIO *,int,const char *,int,long,long); -+{ -+ int i; -+ long (*cb) (BIO *, int, const char *, int, long, long); - -- if (b == NULL) -- return(0); -+ if (b == NULL) -+ return (0); - -- cb=b->callback; -- if ((b->method == NULL) || (b->method->bwrite == NULL)) -- { -- BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD); -- return(-2); -- } -+ cb = b->callback; -+ if ((b->method == NULL) || (b->method->bwrite == NULL)) { -+ BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD); -+ return (-2); -+ } - -- if ((cb != NULL) && -- ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0)) -- return(i); -+ if ((cb != NULL) && -+ ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0)) -+ return (i); - -- if (!b->init) -- { -- BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED); -- return(-2); -- } -+ if (!b->init) { -+ BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED); -+ return (-2); -+ } - -- i=b->method->bwrite(b,in,inl); -+ i = b->method->bwrite(b, in, inl); - -- if (i > 0) b->num_write+=(unsigned long)i; -+ if (i > 0) -+ b->num_write += (unsigned long)i; - -- if (cb != NULL) -- i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl, -- 0L,(long)i); -- return(i); -- } -+ if (cb != NULL) -+ i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i); -+ return (i); -+} - - int BIO_puts(BIO *b, const char *in) -- { -- int i; -- long (*cb)(BIO *,int,const char *,int,long,long); -+{ -+ int i; -+ long (*cb) (BIO *, int, const char *, int, long, long); - -- if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) -- { -- BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD); -- return(-2); -- } -+ if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) { -+ BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD); -+ return (-2); -+ } - -- cb=b->callback; -+ cb = b->callback; - -- if ((cb != NULL) && -- ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0)) -- return(i); -+ if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0)) -+ return (i); - -- if (!b->init) -- { -- BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED); -- return(-2); -- } -+ if (!b->init) { -+ BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED); -+ return (-2); -+ } - -- i=b->method->bputs(b,in); -+ i = b->method->bputs(b, in); - -- if (i > 0) b->num_write+=(unsigned long)i; -+ if (i > 0) -+ b->num_write += (unsigned long)i; - -- if (cb != NULL) -- i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0, -- 0L,(long)i); -- return(i); -- } -+ if (cb != NULL) -+ i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i); -+ return (i); -+} - - int BIO_gets(BIO *b, char *in, int inl) -- { -- int i; -- long (*cb)(BIO *,int,const char *,int,long,long); -- -- if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) -- { -- BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD); -- return(-2); -- } -- -- cb=b->callback; -- -- if ((cb != NULL) && -- ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0)) -- return(i); -- -- if (!b->init) -- { -- BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED); -- return(-2); -- } -- -- i=b->method->bgets(b,in,inl); -- -- if (cb != NULL) -- i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl, -- 0L,(long)i); -- return(i); -- } -- --int BIO_indent(BIO *b,int indent,int max) -- { -- if(indent < 0) -- indent=0; -- if(indent > max) -- indent=max; -- while(indent--) -- if(BIO_puts(b," ") != 1) -- return 0; -- return 1; -- } -+{ -+ int i; -+ long (*cb) (BIO *, int, const char *, int, long, long); -+ -+ if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) { -+ BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD); -+ return (-2); -+ } -+ -+ cb = b->callback; -+ -+ if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0)) -+ return (i); -+ -+ if (!b->init) { -+ BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED); -+ return (-2); -+ } -+ -+ i = b->method->bgets(b, in, inl); -+ -+ if (cb != NULL) -+ i = (int)cb(b, BIO_CB_GETS | BIO_CB_RETURN, in, inl, 0L, (long)i); -+ return (i); -+} -+ -+int BIO_indent(BIO *b, int indent, int max) -+{ -+ if (indent < 0) -+ indent = 0; -+ if (indent > max) -+ indent = max; -+ while (indent--) -+ if (BIO_puts(b, " ") != 1) -+ return 0; -+ return 1; -+} - - long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) -- { -- int i; -+{ -+ int i; - -- i=iarg; -- return(BIO_ctrl(b,cmd,larg,(char *)&i)); -- } -+ i = iarg; -+ return (BIO_ctrl(b, cmd, larg, (char *)&i)); -+} - - char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) -- { -- char *p=NULL; -+{ -+ char *p = NULL; - -- if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0) -- return(NULL); -- else -- return(p); -- } -+ if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) -+ return (NULL); -+ else -+ return (p); -+} - - long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) -- { -- long ret; -- long (*cb)(BIO *,int,const char *,int,long,long); -+{ -+ long ret; -+ long (*cb) (BIO *, int, const char *, int, long, long); - -- if (b == NULL) return(0); -+ if (b == NULL) -+ return (0); - -- if ((b->method == NULL) || (b->method->ctrl == NULL)) -- { -- BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); -- return(-2); -- } -+ if ((b->method == NULL) || (b->method->ctrl == NULL)) { -+ BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD); -+ return (-2); -+ } - -- cb=b->callback; -+ cb = b->callback; - -- if ((cb != NULL) && -- ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0)) -- return(ret); -+ if ((cb != NULL) && -+ ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0)) -+ return (ret); - -- ret=b->method->ctrl(b,cmd,larg,parg); -+ ret = b->method->ctrl(b, cmd, larg, parg); - -- if (cb != NULL) -- ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, -- larg,ret); -- return(ret); -- } -+ if (cb != NULL) -+ ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, cmd, larg, ret); -+ return (ret); -+} - --long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)) -- { -- long ret; -- long (*cb)(BIO *,int,const char *,int,long,long); -+long BIO_callback_ctrl(BIO *b, int cmd, -+ void (*fp) (struct bio_st *, int, const char *, int, -+ long, long)) -+{ -+ long ret; -+ long (*cb) (BIO *, int, const char *, int, long, long); - -- if (b == NULL) return(0); -+ if (b == NULL) -+ return (0); - -- if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) -- { -- BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD); -- return(-2); -- } -+ if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) { -+ BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD); -+ return (-2); -+ } - -- cb=b->callback; -+ cb = b->callback; - -- if ((cb != NULL) && -- ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0)) -- return(ret); -+ if ((cb != NULL) && -+ ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0)) -+ return (ret); - -- ret=b->method->callback_ctrl(b,cmd,fp); -+ ret = b->method->callback_ctrl(b, cmd, fp); - -- if (cb != NULL) -- ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd, -- 0,ret); -- return(ret); -- } -+ if (cb != NULL) -+ ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, cmd, 0, ret); -+ return (ret); -+} - --/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros -+/* -+ * It is unfortunate to duplicate in functions what the BIO_(w)pending macros - * do; but those macros have inappropriate return type, and for interfacing -- * from other programming languages, C macros aren't much of a help anyway. */ -+ * from other programming languages, C macros aren't much of a help anyway. -+ */ - size_t BIO_ctrl_pending(BIO *bio) -- { -- return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); -- } -+{ -+ return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); -+} - - size_t BIO_ctrl_wpending(BIO *bio) -- { -- return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); -- } -- -+{ -+ return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); -+} - - /* put the 'bio' on the end of b's list of operators */ - BIO *BIO_push(BIO *b, BIO *bio) -- { -- BIO *lb; -- -- if (b == NULL) return(bio); -- lb=b; -- while (lb->next_bio != NULL) -- lb=lb->next_bio; -- lb->next_bio=bio; -- if (bio != NULL) -- bio->prev_bio=lb; -- /* called to do internal processing */ -- BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL); -- return(b); -- } -+{ -+ BIO *lb; -+ -+ if (b == NULL) -+ return (bio); -+ lb = b; -+ while (lb->next_bio != NULL) -+ lb = lb->next_bio; -+ lb->next_bio = bio; -+ if (bio != NULL) -+ bio->prev_bio = lb; -+ /* called to do internal processing */ -+ BIO_ctrl(b, BIO_CTRL_PUSH, 0, NULL); -+ return (b); -+} - - /* Remove the first and return the rest */ - BIO *BIO_pop(BIO *b) -- { -- BIO *ret; -+{ -+ BIO *ret; - -- if (b == NULL) return(NULL); -- ret=b->next_bio; -+ if (b == NULL) -+ return (NULL); -+ ret = b->next_bio; - -- BIO_ctrl(b,BIO_CTRL_POP,0,NULL); -+ BIO_ctrl(b, BIO_CTRL_POP, 0, NULL); - -- if (b->prev_bio != NULL) -- b->prev_bio->next_bio=b->next_bio; -- if (b->next_bio != NULL) -- b->next_bio->prev_bio=b->prev_bio; -+ if (b->prev_bio != NULL) -+ b->prev_bio->next_bio = b->next_bio; -+ if (b->next_bio != NULL) -+ b->next_bio->prev_bio = b->prev_bio; - -- b->next_bio=NULL; -- b->prev_bio=NULL; -- return(ret); -- } -+ b->next_bio = NULL; -+ b->prev_bio = NULL; -+ return (ret); -+} - - BIO *BIO_get_retry_BIO(BIO *bio, int *reason) -- { -- BIO *b,*last; -- -- b=last=bio; -- for (;;) -- { -- if (!BIO_should_retry(b)) break; -- last=b; -- b=b->next_bio; -- if (b == NULL) break; -- } -- if (reason != NULL) *reason=last->retry_reason; -- return(last); -- } -+{ -+ BIO *b, *last; -+ -+ b = last = bio; -+ for (;;) { -+ if (!BIO_should_retry(b)) -+ break; -+ last = b; -+ b = b->next_bio; -+ if (b == NULL) -+ break; -+ } -+ if (reason != NULL) -+ *reason = last->retry_reason; -+ return (last); -+} - - int BIO_get_retry_reason(BIO *bio) -- { -- return(bio->retry_reason); -- } -+{ -+ return (bio->retry_reason); -+} - - BIO *BIO_find_type(BIO *bio, int type) -- { -- int mt,mask; -- -- if(!bio) return NULL; -- mask=type&0xff; -- do { -- if (bio->method != NULL) -- { -- mt=bio->method->type; -- -- if (!mask) -- { -- if (mt & type) return(bio); -- } -- else if (mt == type) -- return(bio); -- } -- bio=bio->next_bio; -- } while (bio != NULL); -- return(NULL); -- } -+{ -+ int mt, mask; -+ -+ if (!bio) -+ return NULL; -+ mask = type & 0xff; -+ do { -+ if (bio->method != NULL) { -+ mt = bio->method->type; -+ -+ if (!mask) { -+ if (mt & type) -+ return (bio); -+ } else if (mt == type) -+ return (bio); -+ } -+ bio = bio->next_bio; -+ } while (bio != NULL); -+ return (NULL); -+} - - BIO *BIO_next(BIO *b) -- { -- if(!b) return NULL; -- return b->next_bio; -- } -+{ -+ if (!b) -+ return NULL; -+ return b->next_bio; -+} - - void BIO_free_all(BIO *bio) -- { -- BIO *b; -- int ref; -- -- while (bio != NULL) -- { -- b=bio; -- ref=b->references; -- bio=bio->next_bio; -- BIO_free(b); -- /* Since ref count > 1, don't free anyone else. */ -- if (ref > 1) break; -- } -- } -+{ -+ BIO *b; -+ int ref; -+ -+ while (bio != NULL) { -+ b = bio; -+ ref = b->references; -+ bio = bio->next_bio; -+ BIO_free(b); -+ /* Since ref count > 1, don't free anyone else. */ -+ if (ref > 1) -+ break; -+ } -+} - - BIO *BIO_dup_chain(BIO *in) -- { -- BIO *ret=NULL,*eoc=NULL,*bio,*new; -- -- for (bio=in; bio != NULL; bio=bio->next_bio) -- { -- if ((new=BIO_new(bio->method)) == NULL) goto err; -- new->callback=bio->callback; -- new->cb_arg=bio->cb_arg; -- new->init=bio->init; -- new->shutdown=bio->shutdown; -- new->flags=bio->flags; -- -- /* This will let SSL_s_sock() work with stdin/stdout */ -- new->num=bio->num; -- -- if (!BIO_dup_state(bio,(char *)new)) -- { -- BIO_free(new); -- goto err; -- } -- -- /* copy app data */ -- if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, -- &bio->ex_data)) -- goto err; -- -- if (ret == NULL) -- { -- eoc=new; -- ret=eoc; -- } -- else -- { -- BIO_push(eoc,new); -- eoc=new; -- } -- } -- return(ret); --err: -- if (ret != NULL) -- BIO_free(ret); -- return(NULL); -- } -+{ -+ BIO *ret = NULL, *eoc = NULL, *bio, *new; -+ -+ for (bio = in; bio != NULL; bio = bio->next_bio) { -+ if ((new = BIO_new(bio->method)) == NULL) -+ goto err; -+ new->callback = bio->callback; -+ new->cb_arg = bio->cb_arg; -+ new->init = bio->init; -+ new->shutdown = bio->shutdown; -+ new->flags = bio->flags; -+ -+ /* This will let SSL_s_sock() work with stdin/stdout */ -+ new->num = bio->num; -+ -+ if (!BIO_dup_state(bio, (char *)new)) { -+ BIO_free(new); -+ goto err; -+ } -+ -+ /* copy app data */ -+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, -+ &bio->ex_data)) -+ goto err; -+ -+ if (ret == NULL) { -+ eoc = new; -+ ret = eoc; -+ } else { -+ BIO_push(eoc, new); -+ eoc = new; -+ } -+ } -+ return (ret); -+ err: -+ if (ret != NULL) -+ BIO_free(ret); -+ return (NULL); -+} - - void BIO_copy_next_retry(BIO *b) -- { -- BIO_set_flags(b,BIO_get_retry_flags(b->next_bio)); -- b->retry_reason=b->next_bio->retry_reason; -- } -+{ -+ BIO_set_flags(b, BIO_get_retry_flags(b->next_bio)); -+ b->retry_reason = b->next_bio->retry_reason; -+} - - int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, -- new_func, dup_func, free_func); -- } -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, -+ new_func, dup_func, free_func); -+} - - int BIO_set_ex_data(BIO *bio, int idx, void *data) -- { -- return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data)); -- } -+{ -+ return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data)); -+} - - void *BIO_get_ex_data(BIO *bio, int idx) -- { -- return(CRYPTO_get_ex_data(&(bio->ex_data),idx)); -- } -+{ -+ return (CRYPTO_get_ex_data(&(bio->ex_data), idx)); -+} - - unsigned long BIO_number_read(BIO *bio) - { -- if(bio) return bio->num_read; -- return 0; -+ if (bio) -+ return bio->num_read; -+ return 0; - } - - unsigned long BIO_number_written(BIO *bio) - { -- if(bio) return bio->num_write; -- return 0; -+ if (bio) -+ return bio->num_write; -+ return 0; - } - - IMPLEMENT_STACK_OF(BIO) -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c -index 76bd48e..87955f0 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,12 +53,13 @@ - * - */ - --/* Special method for a BIO where the other endpoint is also a BIO -- * of this kind, handled by the same thread (i.e. the "peer" is actually -- * ourselves, wearing a different hat). -- * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces -- * for which no specific BIO method is available. -- * See ssl/ssltest.c for some hints on how this can be used. */ -+/* -+ * Special method for a BIO where the other endpoint is also a BIO of this -+ * kind, handled by the same thread (i.e. the "peer" is actually ourselves, -+ * wearing a different hat). Such "BIO pairs" are mainly for using the SSL -+ * library with I/O interfaces for which no specific BIO method is available. -+ * See ssl/ssltest.c for some hints on how this can be used. -+ */ - - /* BIO_DEBUG implies BIO_PAIR_DEBUG */ - #ifdef BIO_DEBUG -@@ -103,822 +104,783 @@ static int bio_puts(BIO *bio, const char *str); - static int bio_make_pair(BIO *bio1, BIO *bio2); - static void bio_destroy_pair(BIO *bio); - --static BIO_METHOD methods_biop = --{ -- BIO_TYPE_BIO, -- "BIO pair", -- bio_write, -- bio_read, -- bio_puts, -- NULL /* no bio_gets */, -- bio_ctrl, -- bio_new, -- bio_free, -- NULL /* no bio_callback_ctrl */ -+static BIO_METHOD methods_biop = { -+ BIO_TYPE_BIO, -+ "BIO pair", -+ bio_write, -+ bio_read, -+ bio_puts, -+ NULL /* no bio_gets */ , -+ bio_ctrl, -+ bio_new, -+ bio_free, -+ NULL /* no bio_callback_ctrl */ - }; - - BIO_METHOD *BIO_s_bio(void) -- { -- return &methods_biop; -- } -- --struct bio_bio_st - { -- BIO *peer; /* NULL if buf == NULL. -- * If peer != NULL, then peer->ptr is also a bio_bio_st, -- * and its "peer" member points back to us. -- * peer != NULL iff init != 0 in the BIO. */ -- -- /* This is for what we write (i.e. reading uses peer's struct): */ -- int closed; /* valid iff peer != NULL */ -- size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ -- size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ -- size_t size; -- char *buf; /* "size" elements (if != NULL) */ -- -- size_t request; /* valid iff peer != NULL; 0 if len != 0, -- * otherwise set by peer to number of bytes -- * it (unsuccessfully) tried to read, -- * never more than buffer space (size-len) warrants. */ -+ return &methods_biop; -+} -+ -+struct bio_bio_st { -+ BIO *peer; /* NULL if buf == NULL. If peer != NULL, then -+ * peer->ptr is also a bio_bio_st, and its -+ * "peer" member points back to us. peer != -+ * NULL iff init != 0 in the BIO. */ -+ /* This is for what we write (i.e. reading uses peer's struct): */ -+ int closed; /* valid iff peer != NULL */ -+ size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ -+ size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ -+ size_t size; -+ char *buf; /* "size" elements (if != NULL) */ -+ size_t request; /* valid iff peer != NULL; 0 if len != 0, -+ * otherwise set by peer to number of bytes -+ * it (unsuccessfully) tried to read, never -+ * more than buffer space (size-len) -+ * warrants. */ - }; - - static int bio_new(BIO *bio) -- { -- struct bio_bio_st *b; -- -- b = OPENSSL_malloc(sizeof *b); -- if (b == NULL) -- return 0; -+{ -+ struct bio_bio_st *b; - -- b->peer = NULL; -- b->size = 17*1024; /* enough for one TLS record (just a default) */ -- b->buf = NULL; -+ b = OPENSSL_malloc(sizeof *b); -+ if (b == NULL) -+ return 0; - -- bio->ptr = b; -- return 1; -- } -+ b->peer = NULL; -+ /* enough for one TLS record (just a default) */ -+ b->size = 17 * 1024; -+ b->buf = NULL; - -+ bio->ptr = b; -+ return 1; -+} - - static int bio_free(BIO *bio) -- { -- struct bio_bio_st *b; -- -- if (bio == NULL) -- return 0; -- b = bio->ptr; -+{ -+ struct bio_bio_st *b; - -- assert(b != NULL); -+ if (bio == NULL) -+ return 0; -+ b = bio->ptr; - -- if (b->peer) -- bio_destroy_pair(bio); -- -- if (b->buf != NULL) -- { -- OPENSSL_free(b->buf); -- } -+ assert(b != NULL); - -- OPENSSL_free(b); -+ if (b->peer) -+ bio_destroy_pair(bio); - -- return 1; -- } -+ if (b->buf != NULL) { -+ OPENSSL_free(b->buf); -+ } - -+ OPENSSL_free(b); - -+ return 1; -+} - - static int bio_read(BIO *bio, char *buf, int size_) -- { -- size_t size = size_; -- size_t rest; -- struct bio_bio_st *b, *peer_b; -- -- BIO_clear_retry_flags(bio); -- -- if (!bio->init) -- return 0; -- -- b = bio->ptr; -- assert(b != NULL); -- assert(b->peer != NULL); -- peer_b = b->peer->ptr; -- assert(peer_b != NULL); -- assert(peer_b->buf != NULL); -- -- peer_b->request = 0; /* will be set in "retry_read" situation */ -- -- if (buf == NULL || size == 0) -- return 0; -- -- if (peer_b->len == 0) -- { -- if (peer_b->closed) -- return 0; /* writer has closed, and no data is left */ -- else -- { -- BIO_set_retry_read(bio); /* buffer is empty */ -- if (size <= peer_b->size) -- peer_b->request = size; -- else -- /* don't ask for more than the peer can -- * deliver in one write */ -- peer_b->request = peer_b->size; -- return -1; -- } -- } -- -- /* we can read */ -- if (peer_b->len < size) -- size = peer_b->len; -- -- /* now read "size" bytes */ -- -- rest = size; -- -- assert(rest > 0); -- do /* one or two iterations */ -- { -- size_t chunk; -- -- assert(rest <= peer_b->len); -- if (peer_b->offset + rest <= peer_b->size) -- chunk = rest; -- else -- /* wrap around ring buffer */ -- chunk = peer_b->size - peer_b->offset; -- assert(peer_b->offset + chunk <= peer_b->size); -- -- memcpy(buf, peer_b->buf + peer_b->offset, chunk); -- -- peer_b->len -= chunk; -- if (peer_b->len) -- { -- peer_b->offset += chunk; -- assert(peer_b->offset <= peer_b->size); -- if (peer_b->offset == peer_b->size) -- peer_b->offset = 0; -- buf += chunk; -- } -- else -- { -- /* buffer now empty, no need to advance "buf" */ -- assert(chunk == rest); -- peer_b->offset = 0; -- } -- rest -= chunk; -- } -- while (rest); -- -- return size; -- } -- --/* non-copying interface: provide pointer to available data in buffer -+{ -+ size_t size = size_; -+ size_t rest; -+ struct bio_bio_st *b, *peer_b; -+ -+ BIO_clear_retry_flags(bio); -+ -+ if (!bio->init) -+ return 0; -+ -+ b = bio->ptr; -+ assert(b != NULL); -+ assert(b->peer != NULL); -+ peer_b = b->peer->ptr; -+ assert(peer_b != NULL); -+ assert(peer_b->buf != NULL); -+ -+ peer_b->request = 0; /* will be set in "retry_read" situation */ -+ -+ if (buf == NULL || size == 0) -+ return 0; -+ -+ if (peer_b->len == 0) { -+ if (peer_b->closed) -+ return 0; /* writer has closed, and no data is left */ -+ else { -+ BIO_set_retry_read(bio); /* buffer is empty */ -+ if (size <= peer_b->size) -+ peer_b->request = size; -+ else -+ /* -+ * don't ask for more than the peer can deliver in one write -+ */ -+ peer_b->request = peer_b->size; -+ return -1; -+ } -+ } -+ -+ /* we can read */ -+ if (peer_b->len < size) -+ size = peer_b->len; -+ -+ /* now read "size" bytes */ -+ -+ rest = size; -+ -+ assert(rest > 0); -+ do { /* one or two iterations */ -+ size_t chunk; -+ -+ assert(rest <= peer_b->len); -+ if (peer_b->offset + rest <= peer_b->size) -+ chunk = rest; -+ else -+ /* wrap around ring buffer */ -+ chunk = peer_b->size - peer_b->offset; -+ assert(peer_b->offset + chunk <= peer_b->size); -+ -+ memcpy(buf, peer_b->buf + peer_b->offset, chunk); -+ -+ peer_b->len -= chunk; -+ if (peer_b->len) { -+ peer_b->offset += chunk; -+ assert(peer_b->offset <= peer_b->size); -+ if (peer_b->offset == peer_b->size) -+ peer_b->offset = 0; -+ buf += chunk; -+ } else { -+ /* buffer now empty, no need to advance "buf" */ -+ assert(chunk == rest); -+ peer_b->offset = 0; -+ } -+ rest -= chunk; -+ } -+ while (rest); -+ -+ return size; -+} -+ -+/*- -+ * non-copying interface: provide pointer to available data in buffer - * bio_nread0: return number of available bytes - * bio_nread: also advance index - * (example usage: bio_nread0(), read from buffer, bio_nread() - * or just bio_nread(), read from buffer) - */ --/* WARNING: The non-copying interface is largely untested as of yet -- * and may contain bugs. */ -+/* -+ * WARNING: The non-copying interface is largely untested as of yet and may -+ * contain bugs. -+ */ - static ssize_t bio_nread0(BIO *bio, char **buf) -- { -- struct bio_bio_st *b, *peer_b; -- ssize_t num; -- -- BIO_clear_retry_flags(bio); -- -- if (!bio->init) -- return 0; -- -- b = bio->ptr; -- assert(b != NULL); -- assert(b->peer != NULL); -- peer_b = b->peer->ptr; -- assert(peer_b != NULL); -- assert(peer_b->buf != NULL); -- -- peer_b->request = 0; -- -- if (peer_b->len == 0) -- { -- char dummy; -- -- /* avoid code duplication -- nothing available for reading */ -- return bio_read(bio, &dummy, 1); /* returns 0 or -1 */ -- } -- -- num = peer_b->len; -- if (peer_b->size < peer_b->offset + num) -- /* no ring buffer wrap-around for non-copying interface */ -- num = peer_b->size - peer_b->offset; -- assert(num > 0); -- -- if (buf != NULL) -- *buf = peer_b->buf + peer_b->offset; -- return num; -- } -+{ -+ struct bio_bio_st *b, *peer_b; -+ ssize_t num; - --static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) -- { -- struct bio_bio_st *b, *peer_b; -- ssize_t num, available; -- -- if (num_ > SSIZE_MAX) -- num = SSIZE_MAX; -- else -- num = (ssize_t)num_; -- -- available = bio_nread0(bio, buf); -- if (num > available) -- num = available; -- if (num <= 0) -- return num; -- -- b = bio->ptr; -- peer_b = b->peer->ptr; -- -- peer_b->len -= num; -- if (peer_b->len) -- { -- peer_b->offset += num; -- assert(peer_b->offset <= peer_b->size); -- if (peer_b->offset == peer_b->size) -- peer_b->offset = 0; -- } -- else -- peer_b->offset = 0; -- -- return num; -- } -+ BIO_clear_retry_flags(bio); -+ -+ if (!bio->init) -+ return 0; -+ -+ b = bio->ptr; -+ assert(b != NULL); -+ assert(b->peer != NULL); -+ peer_b = b->peer->ptr; -+ assert(peer_b != NULL); -+ assert(peer_b->buf != NULL); -+ -+ peer_b->request = 0; - -+ if (peer_b->len == 0) { -+ char dummy; -+ -+ /* avoid code duplication -- nothing available for reading */ -+ return bio_read(bio, &dummy, 1); /* returns 0 or -1 */ -+ } -+ -+ num = peer_b->len; -+ if (peer_b->size < peer_b->offset + num) -+ /* no ring buffer wrap-around for non-copying interface */ -+ num = peer_b->size - peer_b->offset; -+ assert(num > 0); -+ -+ if (buf != NULL) -+ *buf = peer_b->buf + peer_b->offset; -+ return num; -+} -+ -+static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) -+{ -+ struct bio_bio_st *b, *peer_b; -+ ssize_t num, available; -+ -+ if (num_ > SSIZE_MAX) -+ num = SSIZE_MAX; -+ else -+ num = (ssize_t) num_; -+ -+ available = bio_nread0(bio, buf); -+ if (num > available) -+ num = available; -+ if (num <= 0) -+ return num; -+ -+ b = bio->ptr; -+ peer_b = b->peer->ptr; -+ -+ peer_b->len -= num; -+ if (peer_b->len) { -+ peer_b->offset += num; -+ assert(peer_b->offset <= peer_b->size); -+ if (peer_b->offset == peer_b->size) -+ peer_b->offset = 0; -+ } else -+ peer_b->offset = 0; -+ -+ return num; -+} - - static int bio_write(BIO *bio, const char *buf, int num_) -- { -- size_t num = num_; -- size_t rest; -- struct bio_bio_st *b; -- -- BIO_clear_retry_flags(bio); -- -- if (!bio->init || buf == NULL || num == 0) -- return 0; -- -- b = bio->ptr; -- assert(b != NULL); -- assert(b->peer != NULL); -- assert(b->buf != NULL); -- -- b->request = 0; -- if (b->closed) -- { -- /* we already closed */ -- BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE); -- return -1; -- } -- -- assert(b->len <= b->size); -- -- if (b->len == b->size) -- { -- BIO_set_retry_write(bio); /* buffer is full */ -- return -1; -- } -- -- /* we can write */ -- if (num > b->size - b->len) -- num = b->size - b->len; -- -- /* now write "num" bytes */ -- -- rest = num; -- -- assert(rest > 0); -- do /* one or two iterations */ -- { -- size_t write_offset; -- size_t chunk; -- -- assert(b->len + rest <= b->size); -- -- write_offset = b->offset + b->len; -- if (write_offset >= b->size) -- write_offset -= b->size; -- /* b->buf[write_offset] is the first byte we can write to. */ -- -- if (write_offset + rest <= b->size) -- chunk = rest; -- else -- /* wrap around ring buffer */ -- chunk = b->size - write_offset; -- -- memcpy(b->buf + write_offset, buf, chunk); -- -- b->len += chunk; -- -- assert(b->len <= b->size); -- -- rest -= chunk; -- buf += chunk; -- } -- while (rest); -- -- return num; -- } -- --/* non-copying interface: provide pointer to region to write to -+{ -+ size_t num = num_; -+ size_t rest; -+ struct bio_bio_st *b; -+ -+ BIO_clear_retry_flags(bio); -+ -+ if (!bio->init || buf == NULL || num == 0) -+ return 0; -+ -+ b = bio->ptr; -+ assert(b != NULL); -+ assert(b->peer != NULL); -+ assert(b->buf != NULL); -+ -+ b->request = 0; -+ if (b->closed) { -+ /* we already closed */ -+ BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE); -+ return -1; -+ } -+ -+ assert(b->len <= b->size); -+ -+ if (b->len == b->size) { -+ BIO_set_retry_write(bio); /* buffer is full */ -+ return -1; -+ } -+ -+ /* we can write */ -+ if (num > b->size - b->len) -+ num = b->size - b->len; -+ -+ /* now write "num" bytes */ -+ -+ rest = num; -+ -+ assert(rest > 0); -+ do { /* one or two iterations */ -+ size_t write_offset; -+ size_t chunk; -+ -+ assert(b->len + rest <= b->size); -+ -+ write_offset = b->offset + b->len; -+ if (write_offset >= b->size) -+ write_offset -= b->size; -+ /* b->buf[write_offset] is the first byte we can write to. */ -+ -+ if (write_offset + rest <= b->size) -+ chunk = rest; -+ else -+ /* wrap around ring buffer */ -+ chunk = b->size - write_offset; -+ -+ memcpy(b->buf + write_offset, buf, chunk); -+ -+ b->len += chunk; -+ -+ assert(b->len <= b->size); -+ -+ rest -= chunk; -+ buf += chunk; -+ } -+ while (rest); -+ -+ return num; -+} -+ -+/*- -+ * non-copying interface: provide pointer to region to write to - * bio_nwrite0: check how much space is available - * bio_nwrite: also increase length - * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() - * or just bio_nwrite(), write to buffer) - */ - static ssize_t bio_nwrite0(BIO *bio, char **buf) -- { -- struct bio_bio_st *b; -- size_t num; -- size_t write_offset; -- -- BIO_clear_retry_flags(bio); -- -- if (!bio->init) -- return 0; -- -- b = bio->ptr; -- assert(b != NULL); -- assert(b->peer != NULL); -- assert(b->buf != NULL); -- -- b->request = 0; -- if (b->closed) -- { -- BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE); -- return -1; -- } -- -- assert(b->len <= b->size); -- -- if (b->len == b->size) -- { -- BIO_set_retry_write(bio); -- return -1; -- } -- -- num = b->size - b->len; -- write_offset = b->offset + b->len; -- if (write_offset >= b->size) -- write_offset -= b->size; -- if (write_offset + num > b->size) -- /* no ring buffer wrap-around for non-copying interface -- * (to fulfil the promise by BIO_ctrl_get_write_guarantee, -- * BIO_nwrite may have to be called twice) */ -- num = b->size - write_offset; -- -- if (buf != NULL) -- *buf = b->buf + write_offset; -- assert(write_offset + num <= b->size); -- -- return num; -- } -+{ -+ struct bio_bio_st *b; -+ size_t num; -+ size_t write_offset; -+ -+ BIO_clear_retry_flags(bio); -+ -+ if (!bio->init) -+ return 0; -+ -+ b = bio->ptr; -+ assert(b != NULL); -+ assert(b->peer != NULL); -+ assert(b->buf != NULL); -+ -+ b->request = 0; -+ if (b->closed) { -+ BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE); -+ return -1; -+ } -+ -+ assert(b->len <= b->size); -+ -+ if (b->len == b->size) { -+ BIO_set_retry_write(bio); -+ return -1; -+ } -+ -+ num = b->size - b->len; -+ write_offset = b->offset + b->len; -+ if (write_offset >= b->size) -+ write_offset -= b->size; -+ if (write_offset + num > b->size) -+ /* -+ * no ring buffer wrap-around for non-copying interface (to fulfil -+ * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have -+ * to be called twice) -+ */ -+ num = b->size - write_offset; -+ -+ if (buf != NULL) -+ *buf = b->buf + write_offset; -+ assert(write_offset + num <= b->size); -+ -+ return num; -+} - - static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) -- { -- struct bio_bio_st *b; -- ssize_t num, space; -+{ -+ struct bio_bio_st *b; -+ ssize_t num, space; -+ -+ if (num_ > SSIZE_MAX) -+ num = SSIZE_MAX; -+ else -+ num = (ssize_t) num_; -+ -+ space = bio_nwrite0(bio, buf); -+ if (num > space) -+ num = space; -+ if (num <= 0) -+ return num; -+ b = bio->ptr; -+ assert(b != NULL); -+ b->len += num; -+ assert(b->len <= b->size); -+ -+ return num; -+} - -- if (num_ > SSIZE_MAX) -- num = SSIZE_MAX; -- else -- num = (ssize_t)num_; -+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) -+{ -+ long ret; -+ struct bio_bio_st *b = bio->ptr; -+ -+ assert(b != NULL); -+ -+ switch (cmd) { -+ /* specific CTRL codes */ -+ -+ case BIO_C_SET_WRITE_BUF_SIZE: -+ if (b->peer) { -+ BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE); -+ ret = 0; -+ } else if (num == 0) { -+ BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT); -+ ret = 0; -+ } else { -+ size_t new_size = num; -+ -+ if (b->size != new_size) { -+ if (b->buf) { -+ OPENSSL_free(b->buf); -+ b->buf = NULL; -+ } -+ b->size = new_size; -+ } -+ ret = 1; -+ } -+ break; -+ -+ case BIO_C_GET_WRITE_BUF_SIZE: -+ ret = (long)b->size; -+ break; -+ -+ case BIO_C_MAKE_BIO_PAIR: -+ { -+ BIO *other_bio = ptr; -+ -+ if (bio_make_pair(bio, other_bio)) -+ ret = 1; -+ else -+ ret = 0; -+ } -+ break; -+ -+ case BIO_C_DESTROY_BIO_PAIR: -+ /* -+ * Affects both BIOs in the pair -- call just once! Or let -+ * BIO_free(bio1); BIO_free(bio2); do the job. -+ */ -+ bio_destroy_pair(bio); -+ ret = 1; -+ break; -+ -+ case BIO_C_GET_WRITE_GUARANTEE: -+ /* -+ * How many bytes can the caller feed to the next write without -+ * having to keep any? -+ */ -+ if (b->peer == NULL || b->closed) -+ ret = 0; -+ else -+ ret = (long)b->size - b->len; -+ break; -+ -+ case BIO_C_GET_READ_REQUEST: -+ /* -+ * If the peer unsuccessfully tried to read, how many bytes were -+ * requested? (As with BIO_CTRL_PENDING, that number can usually be -+ * treated as boolean.) -+ */ -+ ret = (long)b->request; -+ break; -+ -+ case BIO_C_RESET_READ_REQUEST: -+ /* -+ * Reset request. (Can be useful after read attempts at the other -+ * side that are meant to be non-blocking, e.g. when probing SSL_read -+ * to see if any data is available.) -+ */ -+ b->request = 0; -+ ret = 1; -+ break; -+ -+ case BIO_C_SHUTDOWN_WR: -+ /* similar to shutdown(..., SHUT_WR) */ -+ b->closed = 1; -+ ret = 1; -+ break; -+ -+ case BIO_C_NREAD0: -+ /* prepare for non-copying read */ -+ ret = (long)bio_nread0(bio, ptr); -+ break; -+ -+ case BIO_C_NREAD: -+ /* non-copying read */ -+ ret = (long)bio_nread(bio, ptr, (size_t)num); -+ break; -+ -+ case BIO_C_NWRITE0: -+ /* prepare for non-copying write */ -+ ret = (long)bio_nwrite0(bio, ptr); -+ break; -+ -+ case BIO_C_NWRITE: -+ /* non-copying write */ -+ ret = (long)bio_nwrite(bio, ptr, (size_t)num); -+ break; -+ -+ /* standard CTRL codes follow */ -+ -+ case BIO_CTRL_RESET: -+ if (b->buf != NULL) { -+ b->len = 0; -+ b->offset = 0; -+ } -+ ret = 0; -+ break; -+ -+ case BIO_CTRL_GET_CLOSE: -+ ret = bio->shutdown; -+ break; -+ -+ case BIO_CTRL_SET_CLOSE: -+ bio->shutdown = (int)num; -+ ret = 1; -+ break; -+ -+ case BIO_CTRL_PENDING: -+ if (b->peer != NULL) { -+ struct bio_bio_st *peer_b = b->peer->ptr; -+ -+ ret = (long)peer_b->len; -+ } else -+ ret = 0; -+ break; -+ -+ case BIO_CTRL_WPENDING: -+ if (b->buf != NULL) -+ ret = (long)b->len; -+ else -+ ret = 0; -+ break; -+ -+ case BIO_CTRL_DUP: -+ /* See BIO_dup_chain for circumstances we have to expect. */ -+ { -+ BIO *other_bio = ptr; -+ struct bio_bio_st *other_b; -+ -+ assert(other_bio != NULL); -+ other_b = other_bio->ptr; -+ assert(other_b != NULL); -+ -+ assert(other_b->buf == NULL); /* other_bio is always fresh */ -+ -+ other_b->size = b->size; -+ } -+ -+ ret = 1; -+ break; -+ -+ case BIO_CTRL_FLUSH: -+ ret = 1; -+ break; -+ -+ case BIO_CTRL_EOF: -+ { -+ BIO *other_bio = ptr; -+ -+ if (other_bio) { -+ struct bio_bio_st *other_b = other_bio->ptr; -+ -+ assert(other_b != NULL); -+ ret = other_b->len == 0 && other_b->closed; -+ } else -+ ret = 1; -+ } -+ break; -+ -+ default: -+ ret = 0; -+ } -+ return ret; -+} - -- space = bio_nwrite0(bio, buf); -- if (num > space) -- num = space; -- if (num <= 0) -- return num; -- b = bio->ptr; -- assert(b != NULL); -- b->len += num; -- assert(b->len <= b->size); -+static int bio_puts(BIO *bio, const char *str) -+{ -+ return bio_write(bio, str, strlen(str)); -+} - -- return num; -- } -+static int bio_make_pair(BIO *bio1, BIO *bio2) -+{ -+ struct bio_bio_st *b1, *b2; -+ -+ assert(bio1 != NULL); -+ assert(bio2 != NULL); -+ -+ b1 = bio1->ptr; -+ b2 = bio2->ptr; -+ -+ if (b1->peer != NULL || b2->peer != NULL) { -+ BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE); -+ return 0; -+ } -+ -+ if (b1->buf == NULL) { -+ b1->buf = OPENSSL_malloc(b1->size); -+ if (b1->buf == NULL) { -+ BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ b1->len = 0; -+ b1->offset = 0; -+ } -+ -+ if (b2->buf == NULL) { -+ b2->buf = OPENSSL_malloc(b2->size); -+ if (b2->buf == NULL) { -+ BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ b2->len = 0; -+ b2->offset = 0; -+ } -+ -+ b1->peer = bio2; -+ b1->closed = 0; -+ b1->request = 0; -+ b2->peer = bio1; -+ b2->closed = 0; -+ b2->request = 0; -+ -+ bio1->init = 1; -+ bio2->init = 1; -+ -+ return 1; -+} - -+static void bio_destroy_pair(BIO *bio) -+{ -+ struct bio_bio_st *b = bio->ptr; - --static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) -- { -- long ret; -- struct bio_bio_st *b = bio->ptr; -- -- assert(b != NULL); -- -- switch (cmd) -- { -- /* specific CTRL codes */ -- -- case BIO_C_SET_WRITE_BUF_SIZE: -- if (b->peer) -- { -- BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE); -- ret = 0; -- } -- else if (num == 0) -- { -- BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT); -- ret = 0; -- } -- else -- { -- size_t new_size = num; -- -- if (b->size != new_size) -- { -- if (b->buf) -- { -- OPENSSL_free(b->buf); -- b->buf = NULL; -- } -- b->size = new_size; -- } -- ret = 1; -- } -- break; -- -- case BIO_C_GET_WRITE_BUF_SIZE: -- ret = (long) b->size; -- break; -- -- case BIO_C_MAKE_BIO_PAIR: -- { -- BIO *other_bio = ptr; -- -- if (bio_make_pair(bio, other_bio)) -- ret = 1; -- else -- ret = 0; -- } -- break; -- -- case BIO_C_DESTROY_BIO_PAIR: -- /* Affects both BIOs in the pair -- call just once! -- * Or let BIO_free(bio1); BIO_free(bio2); do the job. */ -- bio_destroy_pair(bio); -- ret = 1; -- break; -- -- case BIO_C_GET_WRITE_GUARANTEE: -- /* How many bytes can the caller feed to the next write -- * without having to keep any? */ -- if (b->peer == NULL || b->closed) -- ret = 0; -- else -- ret = (long) b->size - b->len; -- break; -- -- case BIO_C_GET_READ_REQUEST: -- /* If the peer unsuccessfully tried to read, how many bytes -- * were requested? (As with BIO_CTRL_PENDING, that number -- * can usually be treated as boolean.) */ -- ret = (long) b->request; -- break; -- -- case BIO_C_RESET_READ_REQUEST: -- /* Reset request. (Can be useful after read attempts -- * at the other side that are meant to be non-blocking, -- * e.g. when probing SSL_read to see if any data is -- * available.) */ -- b->request = 0; -- ret = 1; -- break; -- -- case BIO_C_SHUTDOWN_WR: -- /* similar to shutdown(..., SHUT_WR) */ -- b->closed = 1; -- ret = 1; -- break; -- -- case BIO_C_NREAD0: -- /* prepare for non-copying read */ -- ret = (long) bio_nread0(bio, ptr); -- break; -- -- case BIO_C_NREAD: -- /* non-copying read */ -- ret = (long) bio_nread(bio, ptr, (size_t) num); -- break; -- -- case BIO_C_NWRITE0: -- /* prepare for non-copying write */ -- ret = (long) bio_nwrite0(bio, ptr); -- break; -- -- case BIO_C_NWRITE: -- /* non-copying write */ -- ret = (long) bio_nwrite(bio, ptr, (size_t) num); -- break; -- -- -- /* standard CTRL codes follow */ -- -- case BIO_CTRL_RESET: -- if (b->buf != NULL) -- { -- b->len = 0; -- b->offset = 0; -- } -- ret = 0; -- break; -- -- case BIO_CTRL_GET_CLOSE: -- ret = bio->shutdown; -- break; -- -- case BIO_CTRL_SET_CLOSE: -- bio->shutdown = (int) num; -- ret = 1; -- break; -- -- case BIO_CTRL_PENDING: -- if (b->peer != NULL) -- { -- struct bio_bio_st *peer_b = b->peer->ptr; -- -- ret = (long) peer_b->len; -- } -- else -- ret = 0; -- break; -- -- case BIO_CTRL_WPENDING: -- if (b->buf != NULL) -- ret = (long) b->len; -- else -- ret = 0; -- break; -- -- case BIO_CTRL_DUP: -- /* See BIO_dup_chain for circumstances we have to expect. */ -- { -- BIO *other_bio = ptr; -- struct bio_bio_st *other_b; -- -- assert(other_bio != NULL); -- other_b = other_bio->ptr; -- assert(other_b != NULL); -- -- assert(other_b->buf == NULL); /* other_bio is always fresh */ -- -- other_b->size = b->size; -- } -- -- ret = 1; -- break; -- -- case BIO_CTRL_FLUSH: -- ret = 1; -- break; -- -- case BIO_CTRL_EOF: -- { -- BIO *other_bio = ptr; -- -- if (other_bio) -- { -- struct bio_bio_st *other_b = other_bio->ptr; -- -- assert(other_b != NULL); -- ret = other_b->len == 0 && other_b->closed; -- } -- else -- ret = 1; -- } -- break; -- -- default: -- ret = 0; -- } -- return ret; -- } -+ if (b != NULL) { -+ BIO *peer_bio = b->peer; - --static int bio_puts(BIO *bio, const char *str) -- { -- return bio_write(bio, str, strlen(str)); -- } -+ if (peer_bio != NULL) { -+ struct bio_bio_st *peer_b = peer_bio->ptr; - -+ assert(peer_b != NULL); -+ assert(peer_b->peer == bio); - --static int bio_make_pair(BIO *bio1, BIO *bio2) -- { -- struct bio_bio_st *b1, *b2; -- -- assert(bio1 != NULL); -- assert(bio2 != NULL); -- -- b1 = bio1->ptr; -- b2 = bio2->ptr; -- -- if (b1->peer != NULL || b2->peer != NULL) -- { -- BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE); -- return 0; -- } -- -- if (b1->buf == NULL) -- { -- b1->buf = OPENSSL_malloc(b1->size); -- if (b1->buf == NULL) -- { -- BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- b1->len = 0; -- b1->offset = 0; -- } -- -- if (b2->buf == NULL) -- { -- b2->buf = OPENSSL_malloc(b2->size); -- if (b2->buf == NULL) -- { -- BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- b2->len = 0; -- b2->offset = 0; -- } -- -- b1->peer = bio2; -- b1->closed = 0; -- b1->request = 0; -- b2->peer = bio1; -- b2->closed = 0; -- b2->request = 0; -- -- bio1->init = 1; -- bio2->init = 1; -- -- return 1; -- } -+ peer_b->peer = NULL; -+ peer_bio->init = 0; -+ assert(peer_b->buf != NULL); -+ peer_b->len = 0; -+ peer_b->offset = 0; - --static void bio_destroy_pair(BIO *bio) -- { -- struct bio_bio_st *b = bio->ptr; -- -- if (b != NULL) -- { -- BIO *peer_bio = b->peer; -- -- if (peer_bio != NULL) -- { -- struct bio_bio_st *peer_b = peer_bio->ptr; -- -- assert(peer_b != NULL); -- assert(peer_b->peer == bio); -- -- peer_b->peer = NULL; -- peer_bio->init = 0; -- assert(peer_b->buf != NULL); -- peer_b->len = 0; -- peer_b->offset = 0; -- -- b->peer = NULL; -- bio->init = 0; -- assert(b->buf != NULL); -- b->len = 0; -- b->offset = 0; -- } -- } -- } -- -+ b->peer = NULL; -+ bio->init = 0; -+ assert(b->buf != NULL); -+ b->len = 0; -+ b->offset = 0; -+ } -+ } -+} - - /* Exported convenience functions */ - int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, -- BIO **bio2_p, size_t writebuf2) -- { -- BIO *bio1 = NULL, *bio2 = NULL; -- long r; -- int ret = 0; -- -- bio1 = BIO_new(BIO_s_bio()); -- if (bio1 == NULL) -- goto err; -- bio2 = BIO_new(BIO_s_bio()); -- if (bio2 == NULL) -- goto err; -- -- if (writebuf1) -- { -- r = BIO_set_write_buf_size(bio1, writebuf1); -- if (!r) -- goto err; -- } -- if (writebuf2) -- { -- r = BIO_set_write_buf_size(bio2, writebuf2); -- if (!r) -- goto err; -- } -- -- r = BIO_make_bio_pair(bio1, bio2); -- if (!r) -- goto err; -- ret = 1; -+ BIO **bio2_p, size_t writebuf2) -+{ -+ BIO *bio1 = NULL, *bio2 = NULL; -+ long r; -+ int ret = 0; -+ -+ bio1 = BIO_new(BIO_s_bio()); -+ if (bio1 == NULL) -+ goto err; -+ bio2 = BIO_new(BIO_s_bio()); -+ if (bio2 == NULL) -+ goto err; -+ -+ if (writebuf1) { -+ r = BIO_set_write_buf_size(bio1, writebuf1); -+ if (!r) -+ goto err; -+ } -+ if (writebuf2) { -+ r = BIO_set_write_buf_size(bio2, writebuf2); -+ if (!r) -+ goto err; -+ } -+ -+ r = BIO_make_bio_pair(bio1, bio2); -+ if (!r) -+ goto err; -+ ret = 1; - - err: -- if (ret == 0) -- { -- if (bio1) -- { -- BIO_free(bio1); -- bio1 = NULL; -- } -- if (bio2) -- { -- BIO_free(bio2); -- bio2 = NULL; -- } -- } -- -- *bio1_p = bio1; -- *bio2_p = bio2; -- return ret; -- } -+ if (ret == 0) { -+ if (bio1) { -+ BIO_free(bio1); -+ bio1 = NULL; -+ } -+ if (bio2) { -+ BIO_free(bio2); -+ bio2 = NULL; -+ } -+ } -+ -+ *bio1_p = bio1; -+ *bio2_p = bio2; -+ return ret; -+} - - size_t BIO_ctrl_get_write_guarantee(BIO *bio) -- { -- return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL); -- } -+{ -+ return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL); -+} - - size_t BIO_ctrl_get_read_request(BIO *bio) -- { -- return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); -- } -+{ -+ return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); -+} - - int BIO_ctrl_reset_read_request(BIO *bio) -- { -- return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0); -- } -- -+{ -+ return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0); -+} - --/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now -- * (conceivably some other BIOs could allow non-copying reads and writes too.) -+/* -+ * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now -+ * (conceivably some other BIOs could allow non-copying reads and writes -+ * too.) - */ - int BIO_nread0(BIO *bio, char **buf) -- { -- long ret; -- -- if (!bio->init) -- { -- BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED); -- return -2; -- } -- -- ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf); -- if (ret > INT_MAX) -- return INT_MAX; -- else -- return (int) ret; -- } -+{ -+ long ret; -+ -+ if (!bio->init) { -+ BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED); -+ return -2; -+ } -+ -+ ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf); -+ if (ret > INT_MAX) -+ return INT_MAX; -+ else -+ return (int)ret; -+} - - int BIO_nread(BIO *bio, char **buf, int num) -- { -- int ret; -+{ -+ int ret; - -- if (!bio->init) -- { -- BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED); -- return -2; -- } -+ if (!bio->init) { -+ BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED); -+ return -2; -+ } - -- ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf); -- if (ret > 0) -- bio->num_read += ret; -- return ret; -- } -+ ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf); -+ if (ret > 0) -+ bio->num_read += ret; -+ return ret; -+} - - int BIO_nwrite0(BIO *bio, char **buf) -- { -- long ret; -- -- if (!bio->init) -- { -- BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED); -- return -2; -- } -- -- ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf); -- if (ret > INT_MAX) -- return INT_MAX; -- else -- return (int) ret; -- } -+{ -+ long ret; -+ -+ if (!bio->init) { -+ BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED); -+ return -2; -+ } -+ -+ ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf); -+ if (ret > INT_MAX) -+ return INT_MAX; -+ else -+ return (int)ret; -+} - - int BIO_nwrite(BIO *bio, char **buf, int num) -- { -- int ret; -- -- if (!bio->init) -- { -- BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED); -- return -2; -- } -- -- ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); -- if (ret > 0) -- bio->num_write += ret; -- return ret; -- } -+{ -+ int ret; -+ -+ if (!bio->init) { -+ BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED); -+ return -2; -+ } -+ -+ ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); -+ if (ret > 0) -+ bio->num_write += ret; -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c -index e0327bd..405190f 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c -@@ -1,7 +1,7 @@ - /* crypto/bio/bio_dgram.c */ --/* -+/* - * DTLS implementation written by Nagendra Modadugu -- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ - /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -@@ -11,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,7 +57,6 @@ - * - */ - -- - #include - #include - #define USE_SOCKETS -@@ -66,19 +65,19 @@ - #include - #ifndef OPENSSL_NO_DGRAM - --#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) --#include --#endif -+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) -+# include -+# endif - --#ifdef OPENSSL_SYS_LINUX --#define IP_MTU 14 /* linux is lame */ --#endif -+# ifdef OPENSSL_SYS_LINUX -+# define IP_MTU 14 /* linux is lame */ -+# endif - --#ifdef WATT32 --#define sock_write SockWrite /* Watt-32 uses same names */ --#define sock_read SockRead --#define sock_puts SockPuts --#endif -+# ifdef WATT32 -+# define sock_write SockWrite /* Watt-32 uses same names */ -+# define sock_read SockRead -+# define sock_puts SockPuts -+# endif - - static int dgram_write(BIO *h, const char *buf, int num); - static int dgram_read(BIO *h, char *buf, int size); -@@ -92,657 +91,653 @@ static int BIO_dgram_should_retry(int s); - - static void get_current_time(struct timeval *t); - --static BIO_METHOD methods_dgramp= -- { -- BIO_TYPE_DGRAM, -- "datagram socket", -- dgram_write, -- dgram_read, -- dgram_puts, -- NULL, /* dgram_gets, */ -- dgram_ctrl, -- dgram_new, -- dgram_free, -- NULL, -- }; -- --typedef struct bio_dgram_data_st -- { -- struct sockaddr peer; -- unsigned int connected; -- unsigned int _errno; -- unsigned int mtu; -- struct timeval next_timeout; -- struct timeval socket_timeout; -- } bio_dgram_data; -+static BIO_METHOD methods_dgramp = { -+ BIO_TYPE_DGRAM, -+ "datagram socket", -+ dgram_write, -+ dgram_read, -+ dgram_puts, -+ NULL, /* dgram_gets, */ -+ dgram_ctrl, -+ dgram_new, -+ dgram_free, -+ NULL, -+}; -+ -+typedef struct bio_dgram_data_st { -+ struct sockaddr peer; -+ unsigned int connected; -+ unsigned int _errno; -+ unsigned int mtu; -+ struct timeval next_timeout; -+ struct timeval socket_timeout; -+} bio_dgram_data; - - BIO_METHOD *BIO_s_datagram(void) -- { -- return(&methods_dgramp); -- } -+{ -+ return (&methods_dgramp); -+} - - BIO *BIO_new_dgram(int fd, int close_flag) -- { -- BIO *ret; -+{ -+ BIO *ret; - -- ret=BIO_new(BIO_s_datagram()); -- if (ret == NULL) return(NULL); -- BIO_set_fd(ret,fd,close_flag); -- return(ret); -- } -+ ret = BIO_new(BIO_s_datagram()); -+ if (ret == NULL) -+ return (NULL); -+ BIO_set_fd(ret, fd, close_flag); -+ return (ret); -+} - - static int dgram_new(BIO *bi) -- { -- bio_dgram_data *data = NULL; -- -- bi->init=0; -- bi->num=0; -- data = OPENSSL_malloc(sizeof(bio_dgram_data)); -- if (data == NULL) -- return 0; -- memset(data, 0x00, sizeof(bio_dgram_data)); -+{ -+ bio_dgram_data *data = NULL; -+ -+ bi->init = 0; -+ bi->num = 0; -+ data = OPENSSL_malloc(sizeof(bio_dgram_data)); -+ if (data == NULL) -+ return 0; -+ memset(data, 0x00, sizeof(bio_dgram_data)); - bi->ptr = data; - -- bi->flags=0; -- return(1); -- } -+ bi->flags = 0; -+ return (1); -+} - - static int dgram_free(BIO *a) -- { -- bio_dgram_data *data; -+{ -+ bio_dgram_data *data; - -- if (a == NULL) return(0); -- if ( ! dgram_clear(a)) -- return 0; -+ if (a == NULL) -+ return (0); -+ if (!dgram_clear(a)) -+ return 0; - -- data = (bio_dgram_data *)a->ptr; -- if(data != NULL) OPENSSL_free(data); -+ data = (bio_dgram_data *)a->ptr; -+ if (data != NULL) -+ OPENSSL_free(data); - -- return(1); -- } -+ return (1); -+} - - static int dgram_clear(BIO *a) -- { -- if (a == NULL) return(0); -- if (a->shutdown) -- { -- if (a->init) -- { -- SHUTDOWN2(a->num); -- } -- a->init=0; -- a->flags=0; -- } -- return(1); -- } -+{ -+ if (a == NULL) -+ return (0); -+ if (a->shutdown) { -+ if (a->init) { -+ SHUTDOWN2(a->num); -+ } -+ a->init = 0; -+ a->flags = 0; -+ } -+ return (1); -+} - - static void dgram_adjust_rcv_timeout(BIO *b) -- { --#if defined(SO_RCVTIMEO) -- bio_dgram_data *data = (bio_dgram_data *)b->ptr; -- int sz = sizeof(int); -- -- /* Is a timer active? */ -- if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) -- { -- struct timeval timenow, timeleft; -- -- /* Read current socket timeout */ --#ifdef OPENSSL_SYS_WINDOWS -- int timeout; -- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -- (void*)&timeout, &sz) < 0) -- { perror("getsockopt"); } -- else -- { -- data->socket_timeout.tv_sec = timeout / 1000; -- data->socket_timeout.tv_usec = (timeout % 1000) * 1000; -- } --#else -- if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -- &(data->socket_timeout), (void *)&sz) < 0) -- { perror("getsockopt"); } --#endif -+{ -+# if defined(SO_RCVTIMEO) -+ bio_dgram_data *data = (bio_dgram_data *)b->ptr; -+ int sz = sizeof(int); -+ -+ /* Is a timer active? */ -+ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { -+ struct timeval timenow, timeleft; -+ -+ /* Read current socket timeout */ -+# ifdef OPENSSL_SYS_WINDOWS -+ int timeout; -+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -+ (void *)&timeout, &sz) < 0) { -+ perror("getsockopt"); -+ } else { -+ data->socket_timeout.tv_sec = timeout / 1000; -+ data->socket_timeout.tv_usec = (timeout % 1000) * 1000; -+ } -+# else -+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -+ &(data->socket_timeout), (void *)&sz) < 0) { -+ perror("getsockopt"); -+ } -+# endif - -- /* Get current time */ -- get_current_time(&timenow); -- -- /* Calculate time left until timer expires */ -- memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); -- timeleft.tv_sec -= timenow.tv_sec; -- timeleft.tv_usec -= timenow.tv_usec; -- if (timeleft.tv_usec < 0) -- { -- timeleft.tv_sec--; -- timeleft.tv_usec += 1000000; -- } -- -- if (timeleft.tv_sec < 0) -- { -- timeleft.tv_sec = 0; -- timeleft.tv_usec = 1; -- } -- -- /* Adjust socket timeout if next handhake message timer -- * will expire earlier. -- */ -- if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) || -- (data->socket_timeout.tv_sec > timeleft.tv_sec) || -- (data->socket_timeout.tv_sec == timeleft.tv_sec && -- data->socket_timeout.tv_usec >= timeleft.tv_usec)) -- { --#ifdef OPENSSL_SYS_WINDOWS -- timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000; -- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -- (void*)&timeout, sizeof(timeout)) < 0) -- { perror("setsockopt"); } --#else -- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft, -- sizeof(struct timeval)) < 0) -- { perror("setsockopt"); } --#endif -- } -- } --#endif -- } -+ /* Get current time */ -+ get_current_time(&timenow); -+ -+ /* Calculate time left until timer expires */ -+ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); -+ timeleft.tv_sec -= timenow.tv_sec; -+ timeleft.tv_usec -= timenow.tv_usec; -+ if (timeleft.tv_usec < 0) { -+ timeleft.tv_sec--; -+ timeleft.tv_usec += 1000000; -+ } -+ -+ if (timeleft.tv_sec < 0) { -+ timeleft.tv_sec = 0; -+ timeleft.tv_usec = 1; -+ } -+ -+ /* -+ * Adjust socket timeout if next handhake message timer will expire -+ * earlier. -+ */ -+ if ((data->socket_timeout.tv_sec == 0 -+ && data->socket_timeout.tv_usec == 0) -+ || (data->socket_timeout.tv_sec > timeleft.tv_sec) -+ || (data->socket_timeout.tv_sec == timeleft.tv_sec -+ && data->socket_timeout.tv_usec >= timeleft.tv_usec)) { -+# ifdef OPENSSL_SYS_WINDOWS -+ timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000; -+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -+ (void *)&timeout, sizeof(timeout)) < 0) { -+ perror("setsockopt"); -+ } -+# else -+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft, -+ sizeof(struct timeval)) < 0) { -+ perror("setsockopt"); -+ } -+# endif -+ } -+ } -+# endif -+} - - static void dgram_reset_rcv_timeout(BIO *b) -- { --#if defined(SO_RCVTIMEO) -- bio_dgram_data *data = (bio_dgram_data *)b->ptr; -- -- /* Is a timer active? */ -- if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) -- { --#ifdef OPENSSL_SYS_WINDOWS -- int timeout = data->socket_timeout.tv_sec * 1000 + -- data->socket_timeout.tv_usec / 1000; -- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -- (void*)&timeout, sizeof(timeout)) < 0) -- { perror("setsockopt"); } --#else -- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), -- sizeof(struct timeval)) < 0) -- { perror("setsockopt"); } --#endif -- } --#endif -- } -+{ -+# if defined(SO_RCVTIMEO) -+ bio_dgram_data *data = (bio_dgram_data *)b->ptr; -+ -+ /* Is a timer active? */ -+ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { -+# ifdef OPENSSL_SYS_WINDOWS -+ int timeout = data->socket_timeout.tv_sec * 1000 + -+ data->socket_timeout.tv_usec / 1000; -+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -+ (void *)&timeout, sizeof(timeout)) < 0) { -+ perror("setsockopt"); -+ } -+# else -+ if (setsockopt -+ (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), -+ sizeof(struct timeval)) < 0) { -+ perror("setsockopt"); -+ } -+# endif -+ } -+# endif -+} - - static int dgram_read(BIO *b, char *out, int outl) -- { -- int ret=0; -- bio_dgram_data *data = (bio_dgram_data *)b->ptr; -- -- struct sockaddr peer; -- int peerlen = sizeof(peer); -- -- if (out != NULL) -- { -- clear_socket_error(); -- memset(&peer, 0x00, peerlen); -- /* Last arg in recvfrom is signed on some platforms and -- * unsigned on others. It is of type socklen_t on some -- * but this is not universal. Cast to (void *) to avoid -- * compiler warnings. -- */ -- dgram_adjust_rcv_timeout(b); -- ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen); -- -- if ( ! data->connected && ret >= 0) -- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); -- -- BIO_clear_retry_flags(b); -- if (ret < 0) -- { -- if (BIO_dgram_should_retry(ret)) -- { -- BIO_set_retry_read(b); -- data->_errno = get_last_socket_error(); -- } -- } -- -- dgram_reset_rcv_timeout(b); -- } -- return(ret); -- } -+{ -+ int ret = 0; -+ bio_dgram_data *data = (bio_dgram_data *)b->ptr; -+ -+ struct sockaddr peer; -+ int peerlen = sizeof(peer); -+ -+ if (out != NULL) { -+ clear_socket_error(); -+ memset(&peer, 0x00, peerlen); -+ /* -+ * Last arg in recvfrom is signed on some platforms and unsigned on -+ * others. It is of type socklen_t on some but this is not universal. -+ * Cast to (void *) to avoid compiler warnings. -+ */ -+ dgram_adjust_rcv_timeout(b); -+ ret = recvfrom(b->num, out, outl, 0, &peer, (void *)&peerlen); -+ -+ if (!data->connected && ret >= 0) -+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); -+ -+ BIO_clear_retry_flags(b); -+ if (ret < 0) { -+ if (BIO_dgram_should_retry(ret)) { -+ BIO_set_retry_read(b); -+ data->_errno = get_last_socket_error(); -+ } -+ } -+ -+ dgram_reset_rcv_timeout(b); -+ } -+ return (ret); -+} - - static int dgram_write(BIO *b, const char *in, int inl) -- { -- int ret; -- bio_dgram_data *data = (bio_dgram_data *)b->ptr; -- clear_socket_error(); -+{ -+ int ret; -+ bio_dgram_data *data = (bio_dgram_data *)b->ptr; -+ clear_socket_error(); - -- if ( data->connected ) -- ret=writesocket(b->num,in,inl); -+ if (data->connected) -+ ret = writesocket(b->num, in, inl); - else --#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) -- ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer)); --#else -- ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); --#endif -+# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) -+ ret = -+ sendto(b->num, (char *)in, inl, 0, &data->peer, -+ sizeof(data->peer)); -+# else -+ ret = sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); -+# endif - -- BIO_clear_retry_flags(b); -- if (ret <= 0) -- { -- if (BIO_dgram_should_retry(ret)) -- { -- BIO_set_retry_write(b); -- data->_errno = get_last_socket_error(); -- --#if 0 /* higher layers are responsible for querying MTU, if necessary */ -- if ( data->_errno == EMSGSIZE) -- /* retrieve the new MTU */ -- BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); --#endif -- } -- } -- return(ret); -- } -+ BIO_clear_retry_flags(b); -+ if (ret <= 0) { -+ if (BIO_dgram_should_retry(ret)) { -+ BIO_set_retry_write(b); -+ data->_errno = get_last_socket_error(); -+ -+# if 0 /* higher layers are responsible for querying -+ * MTU, if necessary */ -+ if (data->_errno == EMSGSIZE) -+ /* retrieve the new MTU */ -+ BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); -+# endif -+ } -+ } -+ return (ret); -+} - - static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- long ret=1; -- int *ip; -- struct sockaddr *to = NULL; -- bio_dgram_data *data = NULL; --#if defined(IP_MTU_DISCOVER) || defined(IP_MTU) -- long sockopt_val = 0; -- unsigned int sockopt_len = 0; --#endif --#ifdef OPENSSL_SYS_LINUX -- socklen_t addr_len; -- struct sockaddr_storage addr; --#endif -+{ -+ long ret = 1; -+ int *ip; -+ struct sockaddr *to = NULL; -+ bio_dgram_data *data = NULL; -+# if defined(IP_MTU_DISCOVER) || defined(IP_MTU) -+ long sockopt_val = 0; -+ unsigned int sockopt_len = 0; -+# endif -+# ifdef OPENSSL_SYS_LINUX -+ socklen_t addr_len; -+ struct sockaddr_storage addr; -+# endif - -- data = (bio_dgram_data *)b->ptr; -- -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- num=0; -- case BIO_C_FILE_SEEK: -- ret=0; -- break; -- case BIO_C_FILE_TELL: -- case BIO_CTRL_INFO: -- ret=0; -- break; -- case BIO_C_SET_FD: -- dgram_clear(b); -- b->num= *((int *)ptr); -- b->shutdown=(int)num; -- b->init=1; -- break; -- case BIO_C_GET_FD: -- if (b->init) -- { -- ip=(int *)ptr; -- if (ip != NULL) *ip=b->num; -- ret=b->num; -- } -- else -- ret= -1; -- break; -- case BIO_CTRL_GET_CLOSE: -- ret=b->shutdown; -- break; -- case BIO_CTRL_SET_CLOSE: -- b->shutdown=(int)num; -- break; -- case BIO_CTRL_PENDING: -- case BIO_CTRL_WPENDING: -- ret=0; -- break; -- case BIO_CTRL_DUP: -- case BIO_CTRL_FLUSH: -- ret=1; -- break; -- case BIO_CTRL_DGRAM_CONNECT: -- to = (struct sockaddr *)ptr; --#if 0 -- if (connect(b->num, to, sizeof(struct sockaddr)) < 0) -- { perror("connect"); ret = 0; } -- else -- { --#endif -- memcpy(&(data->peer),to, sizeof(struct sockaddr)); --#if 0 -- } --#endif -- break; -- /* (Linux)kernel sets DF bit on outgoing IP packets */ -- case BIO_CTRL_DGRAM_MTU_DISCOVER: --#ifdef OPENSSL_SYS_LINUX -- addr_len = (socklen_t)sizeof(struct sockaddr_storage); -- memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); -- if (getsockname(b->num, (void *)&addr, &addr_len) < 0) -- { -- ret = 0; -- break; -- } -- sockopt_len = sizeof(sockopt_val); -- switch (addr.ss_family) -- { -- case AF_INET: -- sockopt_val = IP_PMTUDISC_DO; -- if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, -- &sockopt_val, sizeof(sockopt_val))) < 0) -- perror("setsockopt"); -- break; -- case AF_INET6: -- sockopt_val = IPV6_PMTUDISC_DO; -- if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, -- &sockopt_val, sizeof(sockopt_val))) < 0) -- perror("setsockopt"); -- break; -- default: -- ret = -1; -- break; -- } -- ret = -1; --#else -- break; --#endif -- case BIO_CTRL_DGRAM_QUERY_MTU: --#ifdef OPENSSL_SYS_LINUX -- addr_len = (socklen_t)sizeof(struct sockaddr_storage); -- memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); -- if (getsockname(b->num, (void *)&addr, &addr_len) < 0) -- { -- ret = 0; -- break; -- } -- sockopt_len = sizeof(sockopt_val); -- switch (addr.ss_family) -- { -- case AF_INET: -- if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, -- &sockopt_len)) < 0 || sockopt_val < 0) -- { -- ret = 0; -- } -- else -- { -- /* we assume that the transport protocol is UDP and no -- * IP options are used. -- */ -- data->mtu = sockopt_val - 8 - 20; -- ret = data->mtu; -- } -- break; -- case AF_INET6: -- if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val, -- &sockopt_len)) < 0 || sockopt_val < 0) -- { -- ret = 0; -- } -- else -- { -- /* we assume that the transport protocol is UDP and no -- * IPV6 options are used. -- */ -- data->mtu = sockopt_val - 8 - 40; -- ret = data->mtu; -- } -- break; -- default: -- ret = 0; -- break; -- } --#else -- ret = 0; --#endif -- break; -- case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: -- ret = 576 - 20 - 8; -- break; -- case BIO_CTRL_DGRAM_GET_MTU: -- return data->mtu; -- break; -- case BIO_CTRL_DGRAM_SET_MTU: -- data->mtu = num; -- ret = num; -- break; -- case BIO_CTRL_DGRAM_SET_CONNECTED: -- to = (struct sockaddr *)ptr; -- -- if ( to != NULL) -- { -- data->connected = 1; -- memcpy(&(data->peer),to, sizeof(struct sockaddr)); -- } -- else -- { -- data->connected = 0; -- memset(&(data->peer), 0x00, sizeof(struct sockaddr)); -- } -- break; -+ data = (bio_dgram_data *)b->ptr; -+ -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ num = 0; -+ case BIO_C_FILE_SEEK: -+ ret = 0; -+ break; -+ case BIO_C_FILE_TELL: -+ case BIO_CTRL_INFO: -+ ret = 0; -+ break; -+ case BIO_C_SET_FD: -+ dgram_clear(b); -+ b->num = *((int *)ptr); -+ b->shutdown = (int)num; -+ b->init = 1; -+ break; -+ case BIO_C_GET_FD: -+ if (b->init) { -+ ip = (int *)ptr; -+ if (ip != NULL) -+ *ip = b->num; -+ ret = b->num; -+ } else -+ ret = -1; -+ break; -+ case BIO_CTRL_GET_CLOSE: -+ ret = b->shutdown; -+ break; -+ case BIO_CTRL_SET_CLOSE: -+ b->shutdown = (int)num; -+ break; -+ case BIO_CTRL_PENDING: -+ case BIO_CTRL_WPENDING: -+ ret = 0; -+ break; -+ case BIO_CTRL_DUP: -+ case BIO_CTRL_FLUSH: -+ ret = 1; -+ break; -+ case BIO_CTRL_DGRAM_CONNECT: -+ to = (struct sockaddr *)ptr; -+# if 0 -+ if (connect(b->num, to, sizeof(struct sockaddr)) < 0) { -+ perror("connect"); -+ ret = 0; -+ } else { -+# endif -+ memcpy(&(data->peer), to, sizeof(struct sockaddr)); -+# if 0 -+ } -+# endif -+ break; -+ /* (Linux)kernel sets DF bit on outgoing IP packets */ -+ case BIO_CTRL_DGRAM_MTU_DISCOVER: -+# ifdef OPENSSL_SYS_LINUX -+ addr_len = (socklen_t) sizeof(struct sockaddr_storage); -+ memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); -+ if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { -+ ret = 0; -+ break; -+ } -+ sockopt_len = sizeof(sockopt_val); -+ switch (addr.ss_family) { -+ case AF_INET: -+ sockopt_val = IP_PMTUDISC_DO; -+ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, -+ &sockopt_val, sizeof(sockopt_val))) < 0) -+ perror("setsockopt"); -+ break; -+ case AF_INET6: -+ sockopt_val = IPV6_PMTUDISC_DO; -+ if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, -+ &sockopt_val, sizeof(sockopt_val))) < 0) -+ perror("setsockopt"); -+ break; -+ default: -+ ret = -1; -+ break; -+ } -+ ret = -1; -+# else -+ break; -+# endif -+ case BIO_CTRL_DGRAM_QUERY_MTU: -+# ifdef OPENSSL_SYS_LINUX -+ addr_len = (socklen_t) sizeof(struct sockaddr_storage); -+ memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); -+ if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { -+ ret = 0; -+ break; -+ } -+ sockopt_len = sizeof(sockopt_val); -+ switch (addr.ss_family) { -+ case AF_INET: -+ if ((ret = -+ getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, -+ &sockopt_len)) < 0 || sockopt_val < 0) { -+ ret = 0; -+ } else { -+ /* -+ * we assume that the transport protocol is UDP and no IP -+ * options are used. -+ */ -+ data->mtu = sockopt_val - 8 - 20; -+ ret = data->mtu; -+ } -+ break; -+ case AF_INET6: -+ if ((ret = -+ getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, -+ (void *)&sockopt_val, &sockopt_len)) < 0 -+ || sockopt_val < 0) { -+ ret = 0; -+ } else { -+ /* -+ * we assume that the transport protocol is UDP and no IPV6 -+ * options are used. -+ */ -+ data->mtu = sockopt_val - 8 - 40; -+ ret = data->mtu; -+ } -+ break; -+ default: -+ ret = 0; -+ break; -+ } -+# else -+ ret = 0; -+# endif -+ break; -+ case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: -+ ret = 576 - 20 - 8; -+ break; -+ case BIO_CTRL_DGRAM_GET_MTU: -+ return data->mtu; -+ break; -+ case BIO_CTRL_DGRAM_SET_MTU: -+ data->mtu = num; -+ ret = num; -+ break; -+ case BIO_CTRL_DGRAM_SET_CONNECTED: -+ to = (struct sockaddr *)ptr; -+ -+ if (to != NULL) { -+ data->connected = 1; -+ memcpy(&(data->peer), to, sizeof(struct sockaddr)); -+ } else { -+ data->connected = 0; -+ memset(&(data->peer), 0x00, sizeof(struct sockaddr)); -+ } -+ break; - case BIO_CTRL_DGRAM_GET_PEER: -- to = (struct sockaddr *) ptr; -+ to = (struct sockaddr *)ptr; - - memcpy(to, &(data->peer), sizeof(struct sockaddr)); -- ret = sizeof(struct sockaddr); -+ ret = sizeof(struct sockaddr); - break; - case BIO_CTRL_DGRAM_SET_PEER: -- to = (struct sockaddr *) ptr; -+ to = (struct sockaddr *)ptr; - - memcpy(&(data->peer), to, sizeof(struct sockaddr)); - break; -- case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: -- memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); -- break; --#if defined(SO_RCVTIMEO) -- case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: --#ifdef OPENSSL_SYS_WINDOWS -- { -- struct timeval *tv = (struct timeval *)ptr; -- int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; -- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -- (void*)&timeout, sizeof(timeout)) < 0) -- { perror("setsockopt"); ret = -1; } -- } --#else -- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, -- sizeof(struct timeval)) < 0) -- { perror("setsockopt"); ret = -1; } --#endif -- break; -- case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: --#ifdef OPENSSL_SYS_WINDOWS -- { -- int timeout, sz = sizeof(timeout); -- struct timeval *tv = (struct timeval *)ptr; -- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -- (void*)&timeout, &sz) < 0) -- { perror("getsockopt"); ret = -1; } -- else -- { -- tv->tv_sec = timeout / 1000; -- tv->tv_usec = (timeout % 1000) * 1000; -- ret = sizeof(*tv); -- } -- } --#else -- if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -- ptr, (void *)&ret) < 0) -- { perror("getsockopt"); ret = -1; } --#endif -- break; --#endif --#if defined(SO_SNDTIMEO) -- case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: --#ifdef OPENSSL_SYS_WINDOWS -- { -- struct timeval *tv = (struct timeval *)ptr; -- int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; -- if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, -- (void*)&timeout, sizeof(timeout)) < 0) -- { perror("setsockopt"); ret = -1; } -- } --#else -- if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, -- sizeof(struct timeval)) < 0) -- { perror("setsockopt"); ret = -1; } --#endif -- break; -- case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: --#ifdef OPENSSL_SYS_WINDOWS -- { -- int timeout, sz = sizeof(timeout); -- struct timeval *tv = (struct timeval *)ptr; -- if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, -- (void*)&timeout, &sz) < 0) -- { perror("getsockopt"); ret = -1; } -- else -- { -- tv->tv_sec = timeout / 1000; -- tv->tv_usec = (timeout % 1000) * 1000; -- ret = sizeof(*tv); -- } -- } --#else -- if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, -- ptr, (void *)&ret) < 0) -- { perror("getsockopt"); ret = -1; } --#endif -- break; --#endif -- case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: -- /* fall-through */ -- case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: --#ifdef OPENSSL_SYS_WINDOWS -- if ( data->_errno == WSAETIMEDOUT) --#else -- if ( data->_errno == EAGAIN) --#endif -- { -- ret = 1; -- data->_errno = 0; -- } -- else -- ret = 0; -- break; --#ifdef EMSGSIZE -- case BIO_CTRL_DGRAM_MTU_EXCEEDED: -- if ( data->_errno == EMSGSIZE) -- { -- ret = 1; -- data->_errno = 0; -- } -- else -- ret = 0; -- break; --#endif -- default: -- ret=0; -- break; -- } -- return(ret); -- } -+ case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: -+ memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); -+ break; -+# if defined(SO_RCVTIMEO) -+ case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: -+# ifdef OPENSSL_SYS_WINDOWS -+ { -+ struct timeval *tv = (struct timeval *)ptr; -+ int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; -+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -+ (void *)&timeout, sizeof(timeout)) < 0) { -+ perror("setsockopt"); -+ ret = -1; -+ } -+ } -+# else -+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, -+ sizeof(struct timeval)) < 0) { -+ perror("setsockopt"); -+ ret = -1; -+ } -+# endif -+ break; -+ case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: -+# ifdef OPENSSL_SYS_WINDOWS -+ { -+ int timeout, sz = sizeof(timeout); -+ struct timeval *tv = (struct timeval *)ptr; -+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -+ (void *)&timeout, &sz) < 0) { -+ perror("getsockopt"); -+ ret = -1; -+ } else { -+ tv->tv_sec = timeout / 1000; -+ tv->tv_usec = (timeout % 1000) * 1000; -+ ret = sizeof(*tv); -+ } -+ } -+# else -+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, -+ ptr, (void *)&ret) < 0) { -+ perror("getsockopt"); -+ ret = -1; -+ } -+# endif -+ break; -+# endif -+# if defined(SO_SNDTIMEO) -+ case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: -+# ifdef OPENSSL_SYS_WINDOWS -+ { -+ struct timeval *tv = (struct timeval *)ptr; -+ int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; -+ if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, -+ (void *)&timeout, sizeof(timeout)) < 0) { -+ perror("setsockopt"); -+ ret = -1; -+ } -+ } -+# else -+ if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, -+ sizeof(struct timeval)) < 0) { -+ perror("setsockopt"); -+ ret = -1; -+ } -+# endif -+ break; -+ case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: -+# ifdef OPENSSL_SYS_WINDOWS -+ { -+ int timeout, sz = sizeof(timeout); -+ struct timeval *tv = (struct timeval *)ptr; -+ if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, -+ (void *)&timeout, &sz) < 0) { -+ perror("getsockopt"); -+ ret = -1; -+ } else { -+ tv->tv_sec = timeout / 1000; -+ tv->tv_usec = (timeout % 1000) * 1000; -+ ret = sizeof(*tv); -+ } -+ } -+# else -+ if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, -+ ptr, (void *)&ret) < 0) { -+ perror("getsockopt"); -+ ret = -1; -+ } -+# endif -+ break; -+# endif -+ case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: -+ /* fall-through */ -+ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: -+# ifdef OPENSSL_SYS_WINDOWS -+ if (data->_errno == WSAETIMEDOUT) -+# else -+ if (data->_errno == EAGAIN) -+# endif -+ { -+ ret = 1; -+ data->_errno = 0; -+ } else -+ ret = 0; -+ break; -+# ifdef EMSGSIZE -+ case BIO_CTRL_DGRAM_MTU_EXCEEDED: -+ if (data->_errno == EMSGSIZE) { -+ ret = 1; -+ data->_errno = 0; -+ } else -+ ret = 0; -+ break; -+# endif -+ default: -+ ret = 0; -+ break; -+ } -+ return (ret); -+} - - static int dgram_puts(BIO *bp, const char *str) -- { -- int n,ret; -+{ -+ int n, ret; - -- n=strlen(str); -- ret=dgram_write(bp,str,n); -- return(ret); -- } -+ n = strlen(str); -+ ret = dgram_write(bp, str, n); -+ return (ret); -+} - - static int BIO_dgram_should_retry(int i) -- { -- int err; -- -- if ((i == 0) || (i == -1)) -- { -- err=get_last_socket_error(); -- --#if defined(OPENSSL_SYS_WINDOWS) -- /* If the socket return value (i) is -1 -- * and err is unexpectedly 0 at this point, -- * the error code was overwritten by -- * another system call before this error -- * handling is called. -- */ --#endif -+{ -+ int err; -+ -+ if ((i == 0) || (i == -1)) { -+ err = get_last_socket_error(); -+ -+# if defined(OPENSSL_SYS_WINDOWS) -+ /* -+ * If the socket return value (i) is -1 and err is unexpectedly 0 at -+ * this point, the error code was overwritten by another system call -+ * before this error handling is called. -+ */ -+# endif - -- return(BIO_dgram_non_fatal_error(err)); -- } -- return(0); -- } -+ return (BIO_dgram_non_fatal_error(err)); -+ } -+ return (0); -+} - - int BIO_dgram_non_fatal_error(int err) -- { -- switch (err) -- { --#if defined(OPENSSL_SYS_WINDOWS) --# if defined(WSAEWOULDBLOCK) -- case WSAEWOULDBLOCK: --# endif -+{ -+ switch (err) { -+# if defined(OPENSSL_SYS_WINDOWS) -+# if defined(WSAEWOULDBLOCK) -+ case WSAEWOULDBLOCK: -+# endif - --# if 0 /* This appears to always be an error */ --# if defined(WSAENOTCONN) -- case WSAENOTCONN: -+# if 0 /* This appears to always be an error */ -+# if defined(WSAENOTCONN) -+ case WSAENOTCONN: -+# endif - # endif - # endif --#endif - --#ifdef EWOULDBLOCK --# ifdef WSAEWOULDBLOCK --# if WSAEWOULDBLOCK != EWOULDBLOCK -- case EWOULDBLOCK: -+# ifdef EWOULDBLOCK -+# ifdef WSAEWOULDBLOCK -+# if WSAEWOULDBLOCK != EWOULDBLOCK -+ case EWOULDBLOCK: -+# endif -+# else -+ case EWOULDBLOCK: - # endif --# else -- case EWOULDBLOCK: - # endif --#endif - --#ifdef EINTR -- case EINTR: --#endif -+# ifdef EINTR -+ case EINTR: -+# endif - --#ifdef EAGAIN --#if EWOULDBLOCK != EAGAIN -- case EAGAIN: -+# ifdef EAGAIN -+# if EWOULDBLOCK != EAGAIN -+ case EAGAIN: -+# endif - # endif --#endif - --#ifdef EPROTO -- case EPROTO: --#endif -+# ifdef EPROTO -+ case EPROTO: -+# endif - --#ifdef EINPROGRESS -- case EINPROGRESS: --#endif -+# ifdef EINPROGRESS -+ case EINPROGRESS: -+# endif - --#ifdef EALREADY -- case EALREADY: --#endif -+# ifdef EALREADY -+ case EALREADY: -+# endif - -- return(1); -- /* break; */ -- default: -- break; -- } -- return(0); -- } -+ return (1); -+ /* break; */ -+ default: -+ break; -+ } -+ return (0); -+} - - static void get_current_time(struct timeval *t) -- { --#ifdef OPENSSL_SYS_WIN32 -- struct _timeb tb; -- _ftime(&tb); -- t->tv_sec = (long)tb.time; -- t->tv_usec = (long)tb.millitm * 1000; --#elif defined(OPENSSL_SYS_VMS) -- struct timeb tb; -- ftime(&tb); -- t->tv_sec = (long)tb.time; -- t->tv_usec = (long)tb.millitm * 1000; --#else -- gettimeofday(t, NULL); --#endif -- } -+{ -+# ifdef OPENSSL_SYS_WIN32 -+ struct _timeb tb; -+ _ftime(&tb); -+ t->tv_sec = (long)tb.time; -+ t->tv_usec = (long)tb.millitm * 1000; -+# elif defined(OPENSSL_SYS_VMS) -+ struct timeb tb; -+ ftime(&tb); -+ t->tv_sec = (long)tb.time; -+ t->tv_usec = (long)tb.millitm * 1000; -+# else -+ gettimeofday(t, NULL); -+# endif -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c -index 4c229bf..ad554df 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -82,213 +82,206 @@ static int fd_new(BIO *h); - static int fd_free(BIO *data); - int BIO_fd_should_retry(int s); - --static BIO_METHOD methods_fdp= -- { -- BIO_TYPE_FD,"file descriptor", -- fd_write, -- fd_read, -- fd_puts, -- NULL, /* fd_gets, */ -- fd_ctrl, -- fd_new, -- fd_free, -- NULL, -- }; -+static BIO_METHOD methods_fdp = { -+ BIO_TYPE_FD, "file descriptor", -+ fd_write, -+ fd_read, -+ fd_puts, -+ NULL, /* fd_gets, */ -+ fd_ctrl, -+ fd_new, -+ fd_free, -+ NULL, -+}; - - BIO_METHOD *BIO_s_fd(void) -- { -- return(&methods_fdp); -- } -+{ -+ return (&methods_fdp); -+} - --BIO *BIO_new_fd(int fd,int close_flag) -- { -- BIO *ret; -- ret=BIO_new(BIO_s_fd()); -- if (ret == NULL) return(NULL); -- BIO_set_fd(ret,fd,close_flag); -- return(ret); -- } -+BIO *BIO_new_fd(int fd, int close_flag) -+{ -+ BIO *ret; -+ ret = BIO_new(BIO_s_fd()); -+ if (ret == NULL) -+ return (NULL); -+ BIO_set_fd(ret, fd, close_flag); -+ return (ret); -+} - - static int fd_new(BIO *bi) -- { -- bi->init=0; -- bi->num=-1; -- bi->ptr=NULL; -- bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */ -- return(1); -- } -+{ -+ bi->init = 0; -+ bi->num = -1; -+ bi->ptr = NULL; -+ bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */ -+ return (1); -+} - - static int fd_free(BIO *a) -- { -- if (a == NULL) return(0); -- if (a->shutdown) -- { -- if (a->init) -- { -- UP_close(a->num); -- } -- a->init=0; -- a->flags=BIO_FLAGS_UPLINK; -- } -- return(1); -- } -- --static int fd_read(BIO *b, char *out,int outl) -- { -- int ret=0; -+{ -+ if (a == NULL) -+ return (0); -+ if (a->shutdown) { -+ if (a->init) { -+ UP_close(a->num); -+ } -+ a->init = 0; -+ a->flags = BIO_FLAGS_UPLINK; -+ } -+ return (1); -+} -+ -+static int fd_read(BIO *b, char *out, int outl) -+{ -+ int ret = 0; - -- if (out != NULL) -- { -- clear_sys_error(); -- ret=UP_read(b->num,out,outl); -- BIO_clear_retry_flags(b); -- if (ret <= 0) -- { -- if (BIO_fd_should_retry(ret)) -- BIO_set_retry_read(b); -- } -- } -- return(ret); -- } -+ if (out != NULL) { -+ clear_sys_error(); -+ ret = UP_read(b->num, out, outl); -+ BIO_clear_retry_flags(b); -+ if (ret <= 0) { -+ if (BIO_fd_should_retry(ret)) -+ BIO_set_retry_read(b); -+ } -+ } -+ return (ret); -+} - - static int fd_write(BIO *b, const char *in, int inl) -- { -- int ret; -- clear_sys_error(); -- ret=UP_write(b->num,in,inl); -- BIO_clear_retry_flags(b); -- if (ret <= 0) -- { -- if (BIO_fd_should_retry(ret)) -- BIO_set_retry_write(b); -- } -- return(ret); -- } -+{ -+ int ret; -+ clear_sys_error(); -+ ret = UP_write(b->num, in, inl); -+ BIO_clear_retry_flags(b); -+ if (ret <= 0) { -+ if (BIO_fd_should_retry(ret)) -+ BIO_set_retry_write(b); -+ } -+ return (ret); -+} - - static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- long ret=1; -- int *ip; -+{ -+ long ret = 1; -+ int *ip; - -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- num=0; -- case BIO_C_FILE_SEEK: -- ret=(long)UP_lseek(b->num,num,0); -- break; -- case BIO_C_FILE_TELL: -- case BIO_CTRL_INFO: -- ret=(long)UP_lseek(b->num,0,1); -- break; -- case BIO_C_SET_FD: -- fd_free(b); -- b->num= *((int *)ptr); -- b->shutdown=(int)num; -- b->init=1; -- break; -- case BIO_C_GET_FD: -- if (b->init) -- { -- ip=(int *)ptr; -- if (ip != NULL) *ip=b->num; -- ret=b->num; -- } -- else -- ret= -1; -- break; -- case BIO_CTRL_GET_CLOSE: -- ret=b->shutdown; -- break; -- case BIO_CTRL_SET_CLOSE: -- b->shutdown=(int)num; -- break; -- case BIO_CTRL_PENDING: -- case BIO_CTRL_WPENDING: -- ret=0; -- break; -- case BIO_CTRL_DUP: -- case BIO_CTRL_FLUSH: -- ret=1; -- break; -- default: -- ret=0; -- break; -- } -- return(ret); -- } -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ num = 0; -+ case BIO_C_FILE_SEEK: -+ ret = (long)UP_lseek(b->num, num, 0); -+ break; -+ case BIO_C_FILE_TELL: -+ case BIO_CTRL_INFO: -+ ret = (long)UP_lseek(b->num, 0, 1); -+ break; -+ case BIO_C_SET_FD: -+ fd_free(b); -+ b->num = *((int *)ptr); -+ b->shutdown = (int)num; -+ b->init = 1; -+ break; -+ case BIO_C_GET_FD: -+ if (b->init) { -+ ip = (int *)ptr; -+ if (ip != NULL) -+ *ip = b->num; -+ ret = b->num; -+ } else -+ ret = -1; -+ break; -+ case BIO_CTRL_GET_CLOSE: -+ ret = b->shutdown; -+ break; -+ case BIO_CTRL_SET_CLOSE: -+ b->shutdown = (int)num; -+ break; -+ case BIO_CTRL_PENDING: -+ case BIO_CTRL_WPENDING: -+ ret = 0; -+ break; -+ case BIO_CTRL_DUP: -+ case BIO_CTRL_FLUSH: -+ ret = 1; -+ break; -+ default: -+ ret = 0; -+ break; -+ } -+ return (ret); -+} - - static int fd_puts(BIO *bp, const char *str) -- { -- int n,ret; -+{ -+ int n, ret; - -- n=strlen(str); -- ret=fd_write(bp,str,n); -- return(ret); -- } -+ n = strlen(str); -+ ret = fd_write(bp, str, n); -+ return (ret); -+} - - int BIO_fd_should_retry(int i) -- { -- int err; -+{ -+ int err; - -- if ((i == 0) || (i == -1)) -- { -- err=get_last_sys_error(); -+ if ((i == 0) || (i == -1)) { -+ err = get_last_sys_error(); - --#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ -- if ((i == -1) && (err == 0)) -- return(1); -+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps -+ * not? Ben 4/1/99 */ -+ if ((i == -1) && (err == 0)) -+ return (1); - #endif - -- return(BIO_fd_non_fatal_error(err)); -- } -- return(0); -- } -+ return (BIO_fd_non_fatal_error(err)); -+ } -+ return (0); -+} - - int BIO_fd_non_fatal_error(int err) -- { -- switch (err) -- { -+{ -+ switch (err) { - - #ifdef EWOULDBLOCK - # ifdef WSAEWOULDBLOCK - # if WSAEWOULDBLOCK != EWOULDBLOCK -- case EWOULDBLOCK: -+ case EWOULDBLOCK: - # endif - # else -- case EWOULDBLOCK: -+ case EWOULDBLOCK: - # endif - #endif - - #if defined(ENOTCONN) -- case ENOTCONN: -+ case ENOTCONN: - #endif - - #ifdef EINTR -- case EINTR: -+ case EINTR: - #endif - - #ifdef EAGAIN --#if EWOULDBLOCK != EAGAIN -- case EAGAIN: -+# if EWOULDBLOCK != EAGAIN -+ case EAGAIN: - # endif - #endif - - #ifdef EPROTO -- case EPROTO: -+ case EPROTO: - #endif - - #ifdef EINPROGRESS -- case EINPROGRESS: -+ case EINPROGRESS: - #endif - - #ifdef EALREADY -- case EALREADY: -+ case EALREADY: - #endif -- return(1); -- /* break; */ -- default: -- break; -- } -- return(0); -- } -+ return (1); -+ /* break; */ -+ default: -+ break; -+ } -+ return (0); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c -index 3f553a6..81e5b94 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_file.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_file.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,51 +49,51 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* -- * 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout -- * with binary data (e.g. asn1parse -inform DER < xxx) under -- * Windows -+/*- -+ * 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout -+ * with binary data (e.g. asn1parse -inform DER < xxx) under -+ * Windows - */ - - #ifndef HEADER_BSS_FILE_C --#define HEADER_BSS_FILE_C -- --#if defined(__linux) || defined(__sun) || defined(__hpux) --/* Following definition aliases fopen to fopen64 on above mentioned -- * platforms. This makes it possible to open and sequentially access -- * files larger than 2GB from 32-bit application. It does not allow to -- * traverse them beyond 2GB with fseek/ftell, but on the other hand *no* -- * 32-bit platform permits that, not with fseek/ftell. Not to mention -- * that breaking 2GB limit for seeking would require surgery to *our* -- * API. But sequential access suffices for practical cases when you -- * can run into large files, such as fingerprinting, so we can let API -- * alone. For reference, the list of 32-bit platforms which allow for -- * sequential access of large files without extra "magic" comprise *BSD, -- * Darwin, IRIX... -+# define HEADER_BSS_FILE_C -+ -+# if defined(__linux) || defined(__sun) || defined(__hpux) -+/* -+ * Following definition aliases fopen to fopen64 on above mentioned -+ * platforms. This makes it possible to open and sequentially access files -+ * larger than 2GB from 32-bit application. It does not allow to traverse -+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit -+ * platform permits that, not with fseek/ftell. Not to mention that breaking -+ * 2GB limit for seeking would require surgery to *our* API. But sequential -+ * access suffices for practical cases when you can run into large files, -+ * such as fingerprinting, so we can let API alone. For reference, the list -+ * of 32-bit platforms which allow for sequential access of large files -+ * without extra "magic" comprise *BSD, Darwin, IRIX... - */ --#ifndef _FILE_OFFSET_BITS --#define _FILE_OFFSET_BITS 64 --#endif --#endif -+# ifndef _FILE_OFFSET_BITS -+# define _FILE_OFFSET_BITS 64 -+# endif -+# endif - --#include --#include --#include "cryptlib.h" --#include "bio_lcl.h" --#include -+# include -+# include -+# include "cryptlib.h" -+# include "bio_lcl.h" -+# include - --#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) --#include --#endif -+# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) -+# include -+# endif - --#if !defined(OPENSSL_NO_STDIO) -+# if !defined(OPENSSL_NO_STDIO) - - static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); - static int MS_CALLBACK file_read(BIO *h, char *buf, int size); -@@ -102,351 +102,339 @@ static int MS_CALLBACK file_gets(BIO *h, char *str, int size); - static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int MS_CALLBACK file_new(BIO *h); - static int MS_CALLBACK file_free(BIO *data); --static BIO_METHOD methods_filep= -- { -- BIO_TYPE_FILE, -- "FILE pointer", -- file_write, -- file_read, -- file_puts, -- file_gets, -- file_ctrl, -- file_new, -- file_free, -- NULL, -- }; -+static BIO_METHOD methods_filep = { -+ BIO_TYPE_FILE, -+ "FILE pointer", -+ file_write, -+ file_read, -+ file_puts, -+ file_gets, -+ file_ctrl, -+ file_new, -+ file_free, -+ NULL, -+}; - - BIO *BIO_new_file(const char *filename, const char *mode) -- { -- BIO *ret; -- FILE *file; -- -- if ((file=fopen(filename,mode)) == NULL) -- { -- SYSerr(SYS_F_FOPEN,get_last_sys_error()); -- ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); -- if (errno == ENOENT) -- BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE); -- else -- BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB); -- return(NULL); -- } -- if ((ret=BIO_new(BIO_s_file_internal())) == NULL) -- { -- fclose(file); -- return(NULL); -- } -- -- BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ -- BIO_set_fp(ret,file,BIO_CLOSE); -- return(ret); -- } -+{ -+ BIO *ret; -+ FILE *file; -+ -+ if ((file = fopen(filename, mode)) == NULL) { -+ SYSerr(SYS_F_FOPEN, get_last_sys_error()); -+ ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); -+ if (errno == ENOENT) -+ BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE); -+ else -+ BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB); -+ return (NULL); -+ } -+ if ((ret = BIO_new(BIO_s_file_internal())) == NULL) { -+ fclose(file); -+ return (NULL); -+ } -+ -+ BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage -+ * UPLINK */ -+ BIO_set_fp(ret, file, BIO_CLOSE); -+ return (ret); -+} - - BIO *BIO_new_fp(FILE *stream, int close_flag) -- { -- BIO *ret; -+{ -+ BIO *ret; - -- if ((ret=BIO_new(BIO_s_file())) == NULL) -- return(NULL); -+ if ((ret = BIO_new(BIO_s_file())) == NULL) -+ return (NULL); - -- BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */ -- BIO_set_fp(ret,stream,close_flag); -- return(ret); -- } -+ BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for -+ * documentation puposes */ -+ BIO_set_fp(ret, stream, close_flag); -+ return (ret); -+} - - BIO_METHOD *BIO_s_file(void) -- { -- return(&methods_filep); -- } -+{ -+ return (&methods_filep); -+} - - static int MS_CALLBACK file_new(BIO *bi) -- { -- bi->init=0; -- bi->num=0; -- bi->ptr=NULL; -- bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */ -- return(1); -- } -+{ -+ bi->init = 0; -+ bi->num = 0; -+ bi->ptr = NULL; -+ bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */ -+ return (1); -+} - - static int MS_CALLBACK file_free(BIO *a) -- { -- if (a == NULL) return(0); -- if (a->shutdown) -- { -- if ((a->init) && (a->ptr != NULL)) -- { -- if (a->flags&BIO_FLAGS_UPLINK) -- UP_fclose (a->ptr); -- else -- fclose (a->ptr); -- a->ptr=NULL; -- a->flags=BIO_FLAGS_UPLINK; -- } -- a->init=0; -- } -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ if (a->shutdown) { -+ if ((a->init) && (a->ptr != NULL)) { -+ if (a->flags & BIO_FLAGS_UPLINK) -+ UP_fclose(a->ptr); -+ else -+ fclose(a->ptr); -+ a->ptr = NULL; -+ a->flags = BIO_FLAGS_UPLINK; -+ } -+ a->init = 0; -+ } -+ return (1); -+} -+ - static int MS_CALLBACK file_read(BIO *b, char *out, int outl) -- { -- int ret=0; -- -- if (b->init && (out != NULL)) -- { -- if (b->flags&BIO_FLAGS_UPLINK) -- ret=UP_fread(out,1,(int)outl,b->ptr); -- else -- ret=fread(out,1,(int)outl,(FILE *)b->ptr); -- if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr)) -- { -- SYSerr(SYS_F_FREAD,get_last_sys_error()); -- BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB); -- ret=-1; -- } -- } -- return(ret); -- } -+{ -+ int ret = 0; -+ -+ if (b->init && (out != NULL)) { -+ if (b->flags & BIO_FLAGS_UPLINK) -+ ret = UP_fread(out, 1, (int)outl, b->ptr); -+ else -+ ret = fread(out, 1, (int)outl, (FILE *)b->ptr); -+ if (ret == 0 -+ && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) : -+ ferror((FILE *)b->ptr)) { -+ SYSerr(SYS_F_FREAD, get_last_sys_error()); -+ BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); -+ ret = -1; -+ } -+ } -+ return (ret); -+} - - static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) -- { -- int ret=0; -- -- if (b->init && (in != NULL)) -- { -- if (b->flags&BIO_FLAGS_UPLINK) -- ret=UP_fwrite(in,(int)inl,1,b->ptr); -- else -- ret=fwrite(in,(int)inl,1,(FILE *)b->ptr); -- if (ret) -- ret=inl; -- /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ -- /* according to Tim Hudson , the commented -- * out version above can cause 'inl' write calls under -- * some stupid stdio implementations (VMS) */ -- } -- return(ret); -- } -+{ -+ int ret = 0; -+ -+ if (b->init && (in != NULL)) { -+ if (b->flags & BIO_FLAGS_UPLINK) -+ ret = UP_fwrite(in, (int)inl, 1, b->ptr); -+ else -+ ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr); -+ if (ret) -+ ret = inl; -+ /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ -+ /* -+ * according to Tim Hudson , the commented out -+ * version above can cause 'inl' write calls under some stupid stdio -+ * implementations (VMS) -+ */ -+ } -+ return (ret); -+} - - static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- long ret=1; -- FILE *fp=(FILE *)b->ptr; -- FILE **fpp; -- char p[4]; -- -- switch (cmd) -- { -- case BIO_C_FILE_SEEK: -- case BIO_CTRL_RESET: -- if (b->flags&BIO_FLAGS_UPLINK) -- ret=(long)UP_fseek(b->ptr,num,0); -- else -- ret=(long)fseek(fp,num,0); -- break; -- case BIO_CTRL_EOF: -- if (b->flags&BIO_FLAGS_UPLINK) -- ret=(long)UP_feof(fp); -- else -- ret=(long)feof(fp); -- break; -- case BIO_C_FILE_TELL: -- case BIO_CTRL_INFO: -- if (b->flags&BIO_FLAGS_UPLINK) -- ret=UP_ftell(b->ptr); -- else -- ret=ftell(fp); -- break; -- case BIO_C_SET_FILE_PTR: -- file_free(b); -- b->shutdown=(int)num&BIO_CLOSE; -- b->ptr=ptr; -- b->init=1; --#if BIO_FLAGS_UPLINK!=0 --#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) --#define _IOB_ENTRIES 20 --#endif --#if defined(_IOB_ENTRIES) -- /* Safety net to catch purely internal BIO_set_fp calls */ -- if ((size_t)ptr >= (size_t)stdin && -- (size_t)ptr < (size_t)(stdin+_IOB_ENTRIES)) -- BIO_clear_flags(b,BIO_FLAGS_UPLINK); --#endif --#endif --#ifdef UP_fsetmod -- if (b->flags&BIO_FLAGS_UPLINK) -- UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b')); -- else --#endif -- { --#if defined(OPENSSL_SYS_WINDOWS) -- int fd = _fileno((FILE*)ptr); -- if (num & BIO_FP_TEXT) -- _setmode(fd,_O_TEXT); -- else -- _setmode(fd,_O_BINARY); --#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) -- int fd = fileno((FILE*)ptr); -- /* Under CLib there are differences in file modes -- */ -- if (num & BIO_FP_TEXT) -- setmode(fd,O_TEXT); -- else -- setmode(fd,O_BINARY); --#elif defined(OPENSSL_SYS_MSDOS) -- int fd = fileno((FILE*)ptr); -- /* Set correct text/binary mode */ -- if (num & BIO_FP_TEXT) -- _setmode(fd,_O_TEXT); -- /* Dangerous to set stdin/stdout to raw (unless redirected) */ -- else -- { -- if (fd == STDIN_FILENO || fd == STDOUT_FILENO) -- { -- if (isatty(fd) <= 0) -- _setmode(fd,_O_BINARY); -- } -- else -- _setmode(fd,_O_BINARY); -- } --#elif defined(OPENSSL_SYS_OS2) -- int fd = fileno((FILE*)ptr); -- if (num & BIO_FP_TEXT) -- setmode(fd, O_TEXT); -- else -- setmode(fd, O_BINARY); --#endif -- } -- break; -- case BIO_C_SET_FILENAME: -- file_free(b); -- b->shutdown=(int)num&BIO_CLOSE; -- if (num & BIO_FP_APPEND) -- { -- if (num & BIO_FP_READ) -- BUF_strlcpy(p,"a+",sizeof p); -- else BUF_strlcpy(p,"a",sizeof p); -- } -- else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) -- BUF_strlcpy(p,"r+",sizeof p); -- else if (num & BIO_FP_WRITE) -- BUF_strlcpy(p,"w",sizeof p); -- else if (num & BIO_FP_READ) -- BUF_strlcpy(p,"r",sizeof p); -- else -- { -- BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); -- ret=0; -- break; -- } --#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) -- if (!(num & BIO_FP_TEXT)) -- strcat(p,"b"); -- else -- strcat(p,"t"); --#endif --#if defined(OPENSSL_SYS_NETWARE) -- if (!(num & BIO_FP_TEXT)) -- strcat(p,"b"); -- else -- strcat(p,"t"); --#endif -- fp=fopen(ptr,p); -- if (fp == NULL) -- { -- SYSerr(SYS_F_FOPEN,get_last_sys_error()); -- ERR_add_error_data(5,"fopen('",ptr,"','",p,"')"); -- BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB); -- ret=0; -- break; -- } -- b->ptr=fp; -- b->init=1; -- BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ -- break; -- case BIO_C_GET_FILE_PTR: -- /* the ptr parameter is actually a FILE ** in this case. */ -- if (ptr != NULL) -- { -- fpp=(FILE **)ptr; -- *fpp=(FILE *)b->ptr; -- } -- break; -- case BIO_CTRL_GET_CLOSE: -- ret=(long)b->shutdown; -- break; -- case BIO_CTRL_SET_CLOSE: -- b->shutdown=(int)num; -- break; -- case BIO_CTRL_FLUSH: -- if (b->flags&BIO_FLAGS_UPLINK) -- UP_fflush(b->ptr); -- else -- fflush((FILE *)b->ptr); -- break; -- case BIO_CTRL_DUP: -- ret=1; -- break; -- -- case BIO_CTRL_WPENDING: -- case BIO_CTRL_PENDING: -- case BIO_CTRL_PUSH: -- case BIO_CTRL_POP: -- default: -- ret=0; -- break; -- } -- return(ret); -- } -+{ -+ long ret = 1; -+ FILE *fp = (FILE *)b->ptr; -+ FILE **fpp; -+ char p[4]; -+ -+ switch (cmd) { -+ case BIO_C_FILE_SEEK: -+ case BIO_CTRL_RESET: -+ if (b->flags & BIO_FLAGS_UPLINK) -+ ret = (long)UP_fseek(b->ptr, num, 0); -+ else -+ ret = (long)fseek(fp, num, 0); -+ break; -+ case BIO_CTRL_EOF: -+ if (b->flags & BIO_FLAGS_UPLINK) -+ ret = (long)UP_feof(fp); -+ else -+ ret = (long)feof(fp); -+ break; -+ case BIO_C_FILE_TELL: -+ case BIO_CTRL_INFO: -+ if (b->flags & BIO_FLAGS_UPLINK) -+ ret = UP_ftell(b->ptr); -+ else -+ ret = ftell(fp); -+ break; -+ case BIO_C_SET_FILE_PTR: -+ file_free(b); -+ b->shutdown = (int)num & BIO_CLOSE; -+ b->ptr = ptr; -+ b->init = 1; -+# if BIO_FLAGS_UPLINK!=0 -+# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) -+# define _IOB_ENTRIES 20 -+# endif -+# if defined(_IOB_ENTRIES) -+ /* Safety net to catch purely internal BIO_set_fp calls */ -+ if ((size_t)ptr >= (size_t)stdin && -+ (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) -+ BIO_clear_flags(b, BIO_FLAGS_UPLINK); -+# endif -+# endif -+# ifdef UP_fsetmod -+ if (b->flags & BIO_FLAGS_UPLINK) -+ UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b')); -+ else -+# endif -+ { -+# if defined(OPENSSL_SYS_WINDOWS) -+ int fd = _fileno((FILE *)ptr); -+ if (num & BIO_FP_TEXT) -+ _setmode(fd, _O_TEXT); -+ else -+ _setmode(fd, _O_BINARY); -+# elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) -+ int fd = fileno((FILE *)ptr); -+ /* -+ * Under CLib there are differences in file modes -+ */ -+ if (num & BIO_FP_TEXT) -+ setmode(fd, O_TEXT); -+ else -+ setmode(fd, O_BINARY); -+# elif defined(OPENSSL_SYS_MSDOS) -+ int fd = fileno((FILE *)ptr); -+ /* Set correct text/binary mode */ -+ if (num & BIO_FP_TEXT) -+ _setmode(fd, _O_TEXT); -+ /* Dangerous to set stdin/stdout to raw (unless redirected) */ -+ else { -+ if (fd == STDIN_FILENO || fd == STDOUT_FILENO) { -+ if (isatty(fd) <= 0) -+ _setmode(fd, _O_BINARY); -+ } else -+ _setmode(fd, _O_BINARY); -+ } -+# elif defined(OPENSSL_SYS_OS2) -+ int fd = fileno((FILE *)ptr); -+ if (num & BIO_FP_TEXT) -+ setmode(fd, O_TEXT); -+ else -+ setmode(fd, O_BINARY); -+# endif -+ } -+ break; -+ case BIO_C_SET_FILENAME: -+ file_free(b); -+ b->shutdown = (int)num & BIO_CLOSE; -+ if (num & BIO_FP_APPEND) { -+ if (num & BIO_FP_READ) -+ BUF_strlcpy(p, "a+", sizeof p); -+ else -+ BUF_strlcpy(p, "a", sizeof p); -+ } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) -+ BUF_strlcpy(p, "r+", sizeof p); -+ else if (num & BIO_FP_WRITE) -+ BUF_strlcpy(p, "w", sizeof p); -+ else if (num & BIO_FP_READ) -+ BUF_strlcpy(p, "r", sizeof p); -+ else { -+ BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); -+ ret = 0; -+ break; -+ } -+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) -+ if (!(num & BIO_FP_TEXT)) -+ strcat(p, "b"); -+ else -+ strcat(p, "t"); -+# endif -+# if defined(OPENSSL_SYS_NETWARE) -+ if (!(num & BIO_FP_TEXT)) -+ strcat(p, "b"); -+ else -+ strcat(p, "t"); -+# endif -+ fp = fopen(ptr, p); -+ if (fp == NULL) { -+ SYSerr(SYS_F_FOPEN, get_last_sys_error()); -+ ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); -+ BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB); -+ ret = 0; -+ break; -+ } -+ b->ptr = fp; -+ b->init = 1; -+ BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage -+ * UPLINK */ -+ break; -+ case BIO_C_GET_FILE_PTR: -+ /* the ptr parameter is actually a FILE ** in this case. */ -+ if (ptr != NULL) { -+ fpp = (FILE **)ptr; -+ *fpp = (FILE *)b->ptr; -+ } -+ break; -+ case BIO_CTRL_GET_CLOSE: -+ ret = (long)b->shutdown; -+ break; -+ case BIO_CTRL_SET_CLOSE: -+ b->shutdown = (int)num; -+ break; -+ case BIO_CTRL_FLUSH: -+ if (b->flags & BIO_FLAGS_UPLINK) -+ UP_fflush(b->ptr); -+ else -+ fflush((FILE *)b->ptr); -+ break; -+ case BIO_CTRL_DUP: -+ ret = 1; -+ break; -+ -+ case BIO_CTRL_WPENDING: -+ case BIO_CTRL_PENDING: -+ case BIO_CTRL_PUSH: -+ case BIO_CTRL_POP: -+ default: -+ ret = 0; -+ break; -+ } -+ return (ret); -+} - - static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) -- { -- int ret=0; -- -- buf[0]='\0'; -- if (bp->flags&BIO_FLAGS_UPLINK) -- { -- if (!UP_fgets(buf,size,bp->ptr)) -- goto err; -- } -- else -- { -- if (!fgets(buf,size,(FILE *)bp->ptr)) -- goto err; -- } -- if (buf[0] != '\0') -- ret=strlen(buf); -- err: -- return(ret); -- } -+{ -+ int ret = 0; -+ -+ buf[0] = '\0'; -+ if (bp->flags & BIO_FLAGS_UPLINK) { -+ if (!UP_fgets(buf, size, bp->ptr)) -+ goto err; -+ } else { -+ if (!fgets(buf, size, (FILE *)bp->ptr)) -+ goto err; -+ } -+ if (buf[0] != '\0') -+ ret = strlen(buf); -+ err: -+ return (ret); -+} - - static int MS_CALLBACK file_puts(BIO *bp, const char *str) -- { -- int n,ret; -+{ -+ int n, ret; - -- n=strlen(str); -- ret=file_write(bp,str,n); -- return(ret); -- } -+ n = strlen(str); -+ ret = file_write(bp, str, n); -+ return (ret); -+} - - #else - - BIO_METHOD *BIO_s_file(void) -- { -- return NULL; -- } -+{ -+ return NULL; -+} - - BIO *BIO_new_file(const char *filename, const char *mode) -- { -- return NULL; -- } -+{ -+ return NULL; -+} - - BIO *BIO_new_fp(FILE *stream, int close_flag) -- { -- return NULL; -- } -- --#endif /* OPENSSL_NO_STDIO */ -- --#endif /* HEADER_BSS_FILE_C */ -+{ -+ return NULL; -+} - -+# endif /* OPENSSL_NO_STDIO */ - -+#endif /* HEADER_BSS_FILE_C */ -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c -index 6360dbc..679d205 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_log.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_log.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,14 +54,13 @@ - */ - - /* -- Why BIO_s_log? -- -- BIO_s_log is useful for system daemons (or services under NT). -- It is one-way BIO, it sends all stuff to syslogd (on system that -- commonly use that), or event log (on NT), or OPCOM (on OpenVMS). -- --*/ -- -+ * Why BIO_s_log? -+ * -+ * BIO_s_log is useful for system daemons (or services under NT). It is -+ * one-way BIO, it sends all stuff to syslogd (on system that commonly use -+ * that), or event log (on NT), or OPCOM (on OpenVMS). -+ * -+ */ - - #include - #include -@@ -70,18 +69,18 @@ - - #if defined(OPENSSL_SYS_WINCE) - #elif defined(OPENSSL_SYS_WIN32) --# include -+# include - #elif defined(OPENSSL_SYS_VMS) --# include --# include --# include --# include -+# include -+# include -+# include -+# include - #elif defined(__ultrix) --# include -+# include - #elif defined(OPENSSL_SYS_NETWARE) --# define NO_SYSLOG -+# define NO_SYSLOG - #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) --# include -+# include - #endif - - #include -@@ -89,314 +88,365 @@ - - #ifndef NO_SYSLOG - --#if defined(OPENSSL_SYS_WIN32) --#define LOG_EMERG 0 --#define LOG_ALERT 1 --#define LOG_CRIT 2 --#define LOG_ERR 3 --#define LOG_WARNING 4 --#define LOG_NOTICE 5 --#define LOG_INFO 6 --#define LOG_DEBUG 7 -- --#define LOG_DAEMON (3<<3) --#elif defined(OPENSSL_SYS_VMS) -+# if defined(OPENSSL_SYS_WIN32) -+# define LOG_EMERG 0 -+# define LOG_ALERT 1 -+# define LOG_CRIT 2 -+# define LOG_ERR 3 -+# define LOG_WARNING 4 -+# define LOG_NOTICE 5 -+# define LOG_INFO 6 -+# define LOG_DEBUG 7 -+ -+# define LOG_DAEMON (3<<3) -+# elif defined(OPENSSL_SYS_VMS) - /* On VMS, we don't really care about these, but we need them to compile */ --#define LOG_EMERG 0 --#define LOG_ALERT 1 --#define LOG_CRIT 2 --#define LOG_ERR 3 --#define LOG_WARNING 4 --#define LOG_NOTICE 5 --#define LOG_INFO 6 --#define LOG_DEBUG 7 -- --#define LOG_DAEMON OPC$M_NM_NTWORK --#endif -+# define LOG_EMERG 0 -+# define LOG_ALERT 1 -+# define LOG_CRIT 2 -+# define LOG_ERR 3 -+# define LOG_WARNING 4 -+# define LOG_NOTICE 5 -+# define LOG_INFO 6 -+# define LOG_DEBUG 7 -+ -+# define LOG_DAEMON OPC$M_NM_NTWORK -+# endif - - static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num); - static int MS_CALLBACK slg_puts(BIO *h, const char *str); - static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int MS_CALLBACK slg_new(BIO *h); - static int MS_CALLBACK slg_free(BIO *data); --static void xopenlog(BIO* bp, char* name, int level); --static void xsyslog(BIO* bp, int priority, const char* string); --static void xcloselog(BIO* bp); --#ifdef OPENSSL_SYS_WIN32 --LONG (WINAPI *go_for_advapi)() = RegOpenKeyEx; --HANDLE (WINAPI *register_event_source)() = NULL; --BOOL (WINAPI *deregister_event_source)() = NULL; --BOOL (WINAPI *report_event)() = NULL; --#define DL_PROC(m,f) (GetProcAddress( m, f )) --#ifdef UNICODE --#define DL_PROC_X(m,f) DL_PROC( m, f "W" ) --#else --#define DL_PROC_X(m,f) DL_PROC( m, f "A" ) --#endif --#endif -- --static BIO_METHOD methods_slg= -- { -- BIO_TYPE_MEM,"syslog", -- slg_write, -- NULL, -- slg_puts, -- NULL, -- slg_ctrl, -- slg_new, -- slg_free, -- NULL, -- }; -+static void xopenlog(BIO *bp, char *name, int level); -+static void xsyslog(BIO *bp, int priority, const char *string); -+static void xcloselog(BIO *bp); -+# ifdef OPENSSL_SYS_WIN32 -+LONG(WINAPI *go_for_advapi) () = RegOpenKeyEx; -+HANDLE(WINAPI *register_event_source) () = NULL; -+BOOL(WINAPI *deregister_event_source) () = NULL; -+BOOL(WINAPI *report_event) () = NULL; -+# define DL_PROC(m,f) (GetProcAddress( m, f )) -+# ifdef UNICODE -+# define DL_PROC_X(m,f) DL_PROC( m, f "W" ) -+# else -+# define DL_PROC_X(m,f) DL_PROC( m, f "A" ) -+# endif -+# endif -+ -+static BIO_METHOD methods_slg = { -+ BIO_TYPE_MEM, "syslog", -+ slg_write, -+ NULL, -+ slg_puts, -+ NULL, -+ slg_ctrl, -+ slg_new, -+ slg_free, -+ NULL, -+}; - - BIO_METHOD *BIO_s_log(void) -- { -- return(&methods_slg); -- } -+{ -+ return (&methods_slg); -+} - - static int MS_CALLBACK slg_new(BIO *bi) -- { -- bi->init=1; -- bi->num=0; -- bi->ptr=NULL; -- xopenlog(bi, "application", LOG_DAEMON); -- return(1); -- } -+{ -+ bi->init = 1; -+ bi->num = 0; -+ bi->ptr = NULL; -+ xopenlog(bi, "application", LOG_DAEMON); -+ return (1); -+} - - static int MS_CALLBACK slg_free(BIO *a) -- { -- if (a == NULL) return(0); -- xcloselog(a); -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ xcloselog(a); -+ return (1); -+} -+ - static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) -- { -- int ret= inl; -- char* buf; -- char* pp; -- int priority, i; -- static struct -- { -- int strl; -- char str[10]; -- int log_level; -- } -- mapping[] = -- { -- { 6, "PANIC ", LOG_EMERG }, -- { 6, "EMERG ", LOG_EMERG }, -- { 4, "EMR ", LOG_EMERG }, -- { 6, "ALERT ", LOG_ALERT }, -- { 4, "ALR ", LOG_ALERT }, -- { 5, "CRIT ", LOG_CRIT }, -- { 4, "CRI ", LOG_CRIT }, -- { 6, "ERROR ", LOG_ERR }, -- { 4, "ERR ", LOG_ERR }, -- { 8, "WARNING ", LOG_WARNING }, -- { 5, "WARN ", LOG_WARNING }, -- { 4, "WAR ", LOG_WARNING }, -- { 7, "NOTICE ", LOG_NOTICE }, -- { 5, "NOTE ", LOG_NOTICE }, -- { 4, "NOT ", LOG_NOTICE }, -- { 5, "INFO ", LOG_INFO }, -- { 4, "INF ", LOG_INFO }, -- { 6, "DEBUG ", LOG_DEBUG }, -- { 4, "DBG ", LOG_DEBUG }, -- { 0, "", LOG_ERR } /* The default */ -- }; -- -- if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){ -- return(0); -- } -- strncpy(buf, in, inl); -- buf[inl]= '\0'; -- -- i = 0; -- while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++; -- priority = mapping[i].log_level; -- pp = buf + mapping[i].strl; -- -- xsyslog(b, priority, pp); -- -- OPENSSL_free(buf); -- return(ret); -- } -+{ -+ int ret = inl; -+ char *buf; -+ char *pp; -+ int priority, i; -+ static struct { -+ int strl; -+ char str[10]; -+ int log_level; -+ } mapping[] = { -+ { -+ 6, "PANIC ", LOG_EMERG -+ }, -+ { -+ 6, "EMERG ", LOG_EMERG -+ }, -+ { -+ 4, "EMR ", LOG_EMERG -+ }, -+ { -+ 6, "ALERT ", LOG_ALERT -+ }, -+ { -+ 4, "ALR ", LOG_ALERT -+ }, -+ { -+ 5, "CRIT ", LOG_CRIT -+ }, -+ { -+ 4, "CRI ", LOG_CRIT -+ }, -+ { -+ 6, "ERROR ", LOG_ERR -+ }, -+ { -+ 4, "ERR ", LOG_ERR -+ }, -+ { -+ 8, "WARNING ", LOG_WARNING -+ }, -+ { -+ 5, "WARN ", LOG_WARNING -+ }, -+ { -+ 4, "WAR ", LOG_WARNING -+ }, -+ { -+ 7, "NOTICE ", LOG_NOTICE -+ }, -+ { -+ 5, "NOTE ", LOG_NOTICE -+ }, -+ { -+ 4, "NOT ", LOG_NOTICE -+ }, -+ { -+ 5, "INFO ", LOG_INFO -+ }, -+ { -+ 4, "INF ", LOG_INFO -+ }, -+ { -+ 6, "DEBUG ", LOG_DEBUG -+ }, -+ { -+ 4, "DBG ", LOG_DEBUG -+ }, -+ { -+ 0, "", LOG_ERR -+ } -+ /* The default */ -+ }; -+ -+ if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) { -+ return (0); -+ } -+ strncpy(buf, in, inl); -+ buf[inl] = '\0'; -+ -+ i = 0; -+ while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0) -+ i++; -+ priority = mapping[i].log_level; -+ pp = buf + mapping[i].strl; -+ -+ xsyslog(b, priority, pp); -+ -+ OPENSSL_free(buf); -+ return (ret); -+} - - static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- switch (cmd) -- { -- case BIO_CTRL_SET: -- xcloselog(b); -- xopenlog(b, ptr, num); -- break; -- default: -- break; -- } -- return(0); -- } -+{ -+ switch (cmd) { -+ case BIO_CTRL_SET: -+ xcloselog(b); -+ xopenlog(b, ptr, num); -+ break; -+ default: -+ break; -+ } -+ return (0); -+} - - static int MS_CALLBACK slg_puts(BIO *bp, const char *str) -- { -- int n,ret; -+{ -+ int n, ret; - -- n=strlen(str); -- ret=slg_write(bp,str,n); -- return(ret); -- } -+ n = strlen(str); -+ ret = slg_write(bp, str, n); -+ return (ret); -+} - --#if defined(OPENSSL_SYS_WIN32) -+# if defined(OPENSSL_SYS_WIN32) - --static void xopenlog(BIO* bp, char* name, int level) -+static void xopenlog(BIO *bp, char *name, int level) - { -- if ( !register_event_source ) -- { -- HANDLE advapi; -- if ( !(advapi = GetModuleHandle("advapi32")) ) -- return; -- register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi, -- "RegisterEventSource" ); -- deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi, -- "DeregisterEventSource"); -- report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi, -- "ReportEvent" ); -- if ( !(register_event_source && deregister_event_source && -- report_event) ) -- { -- register_event_source = NULL; -- deregister_event_source = NULL; -- report_event = NULL; -- return; -- } -- } -- bp->ptr= (char *)register_event_source(NULL, name); -+ if (!register_event_source) { -+ HANDLE advapi; -+ if (!(advapi = GetModuleHandle("advapi32"))) -+ return; -+ register_event_source = (HANDLE(WINAPI *)())DL_PROC_X(advapi, -+ "RegisterEventSource"); -+ deregister_event_source = (BOOL(WINAPI *)()) DL_PROC(advapi, -+ "DeregisterEventSource"); -+ report_event = (BOOL(WINAPI *)()) DL_PROC_X(advapi, "ReportEvent"); -+ if (!(register_event_source && deregister_event_source && -+ report_event)) { -+ register_event_source = NULL; -+ deregister_event_source = NULL; -+ report_event = NULL; -+ return; -+ } -+ } -+ bp->ptr = (char *)register_event_source(NULL, name); - } - - static void xsyslog(BIO *bp, int priority, const char *string) - { -- LPCSTR lpszStrings[2]; -- WORD evtype= EVENTLOG_ERROR_TYPE; -- int pid = _getpid(); -- char pidbuf[DECIMAL_SIZE(pid)+4]; -- -- switch (priority) -- { -- case LOG_EMERG: -- case LOG_ALERT: -- case LOG_CRIT: -- case LOG_ERR: -- evtype = EVENTLOG_ERROR_TYPE; -- break; -- case LOG_WARNING: -- evtype = EVENTLOG_WARNING_TYPE; -- break; -- case LOG_NOTICE: -- case LOG_INFO: -- case LOG_DEBUG: -- evtype = EVENTLOG_INFORMATION_TYPE; -- break; -- default: /* Should never happen, but set it -- as error anyway. */ -- evtype = EVENTLOG_ERROR_TYPE; -- break; -- } -- -- sprintf(pidbuf, "[%d] ", pid); -- lpszStrings[0] = pidbuf; -- lpszStrings[1] = string; -- -- if(report_event && bp->ptr) -- report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, -- lpszStrings, NULL); -+ LPCSTR lpszStrings[2]; -+ WORD evtype = EVENTLOG_ERROR_TYPE; -+ int pid = _getpid(); -+ char pidbuf[DECIMAL_SIZE(pid) + 4]; -+ -+ switch (priority) { -+ case LOG_EMERG: -+ case LOG_ALERT: -+ case LOG_CRIT: -+ case LOG_ERR: -+ evtype = EVENTLOG_ERROR_TYPE; -+ break; -+ case LOG_WARNING: -+ evtype = EVENTLOG_WARNING_TYPE; -+ break; -+ case LOG_NOTICE: -+ case LOG_INFO: -+ case LOG_DEBUG: -+ evtype = EVENTLOG_INFORMATION_TYPE; -+ break; -+ default: -+ /* -+ * Should never happen, but set it -+ * as error anyway. -+ */ -+ evtype = EVENTLOG_ERROR_TYPE; -+ break; -+ } -+ -+ sprintf(pidbuf, "[%d] ", pid); -+ lpszStrings[0] = pidbuf; -+ lpszStrings[1] = string; -+ -+ if (report_event && bp->ptr) -+ report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL); - } -- --static void xcloselog(BIO* bp) -+ -+static void xcloselog(BIO *bp) - { -- if(deregister_event_source && bp->ptr) -- deregister_event_source((HANDLE)(bp->ptr)); -- bp->ptr= NULL; -+ if (deregister_event_source && bp->ptr) -+ deregister_event_source((HANDLE) (bp->ptr)); -+ bp->ptr = NULL; - } - --#elif defined(OPENSSL_SYS_VMS) -+# elif defined(OPENSSL_SYS_VMS) - - static int VMS_OPC_target = LOG_DAEMON; - --static void xopenlog(BIO* bp, char* name, int level) -+static void xopenlog(BIO *bp, char *name, int level) - { -- VMS_OPC_target = level; -+ VMS_OPC_target = level; - } - - static void xsyslog(BIO *bp, int priority, const char *string) - { -- struct dsc$descriptor_s opc_dsc; -- struct opcdef *opcdef_p; -- char buf[10240]; -- unsigned int len; -- struct dsc$descriptor_s buf_dsc; -- $DESCRIPTOR(fao_cmd, "!AZ: !AZ"); -- char *priority_tag; -- -- switch (priority) -- { -- case LOG_EMERG: priority_tag = "Emergency"; break; -- case LOG_ALERT: priority_tag = "Alert"; break; -- case LOG_CRIT: priority_tag = "Critical"; break; -- case LOG_ERR: priority_tag = "Error"; break; -- case LOG_WARNING: priority_tag = "Warning"; break; -- case LOG_NOTICE: priority_tag = "Notice"; break; -- case LOG_INFO: priority_tag = "Info"; break; -- case LOG_DEBUG: priority_tag = "DEBUG"; break; -- } -- -- buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -- buf_dsc.dsc$b_class = DSC$K_CLASS_S; -- buf_dsc.dsc$a_pointer = buf; -- buf_dsc.dsc$w_length = sizeof(buf) - 1; -- -- lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); -- -- /* we know there's an 8 byte header. That's documented */ -- opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len); -- opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; -- memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); -- opcdef_p->opc$l_ms_rqstid = 0; -- memcpy(&opcdef_p->opc$l_ms_text, buf, len); -- -- opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -- opc_dsc.dsc$b_class = DSC$K_CLASS_S; -- opc_dsc.dsc$a_pointer = (char *)opcdef_p; -- opc_dsc.dsc$w_length = len + 8; -- -- sys$sndopr(opc_dsc, 0); -- -- OPENSSL_free(opcdef_p); -+ struct dsc$descriptor_s opc_dsc; -+ struct opcdef *opcdef_p; -+ char buf[10240]; -+ unsigned int len; -+ struct dsc$descriptor_s buf_dsc; -+ $DESCRIPTOR(fao_cmd, "!AZ: !AZ"); -+ char *priority_tag; -+ -+ switch (priority) { -+ case LOG_EMERG: -+ priority_tag = "Emergency"; -+ break; -+ case LOG_ALERT: -+ priority_tag = "Alert"; -+ break; -+ case LOG_CRIT: -+ priority_tag = "Critical"; -+ break; -+ case LOG_ERR: -+ priority_tag = "Error"; -+ break; -+ case LOG_WARNING: -+ priority_tag = "Warning"; -+ break; -+ case LOG_NOTICE: -+ priority_tag = "Notice"; -+ break; -+ case LOG_INFO: -+ priority_tag = "Info"; -+ break; -+ case LOG_DEBUG: -+ priority_tag = "DEBUG"; -+ break; -+ } -+ -+ buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -+ buf_dsc.dsc$b_class = DSC$K_CLASS_S; -+ buf_dsc.dsc$a_pointer = buf; -+ buf_dsc.dsc$w_length = sizeof(buf) - 1; -+ -+ lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); -+ -+ /* we know there's an 8 byte header. That's documented */ -+ opcdef_p = (struct opcdef *)OPENSSL_malloc(8 + len); -+ opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; -+ memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); -+ opcdef_p->opc$l_ms_rqstid = 0; -+ memcpy(&opcdef_p->opc$l_ms_text, buf, len); -+ -+ opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -+ opc_dsc.dsc$b_class = DSC$K_CLASS_S; -+ opc_dsc.dsc$a_pointer = (char *)opcdef_p; -+ opc_dsc.dsc$w_length = len + 8; -+ -+ sys$sndopr(opc_dsc, 0); -+ -+ OPENSSL_free(opcdef_p); - } - --static void xcloselog(BIO* bp) -+static void xcloselog(BIO *bp) - { - } - --#else /* Unix/Watt32 */ -+# else /* Unix/Watt32 */ - --static void xopenlog(BIO* bp, char* name, int level) -+static void xopenlog(BIO *bp, char *name, int level) - { --#ifdef WATT32 /* djgpp/DOS */ -- openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level); --#else -- openlog(name, LOG_PID|LOG_CONS, level); --#endif -+# ifdef WATT32 /* djgpp/DOS */ -+ openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level); -+# else -+ openlog(name, LOG_PID | LOG_CONS, level); -+# endif - } - - static void xsyslog(BIO *bp, int priority, const char *string) - { -- syslog(priority, "%s", string); -+ syslog(priority, "%s", string); - } - --static void xcloselog(BIO* bp) -+static void xcloselog(BIO *bp) - { -- closelog(); -+ closelog(); - } - --#endif /* Unix */ -+# endif /* Unix */ - --#endif /* NO_SYSLOG */ -+#endif /* NO_SYSLOG */ -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c -index e7ab9cb..9e6f097 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -68,256 +68,249 @@ static int mem_gets(BIO *h, char *str, int size); - static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int mem_new(BIO *h); - static int mem_free(BIO *data); --static BIO_METHOD mem_method= -- { -- BIO_TYPE_MEM, -- "memory buffer", -- mem_write, -- mem_read, -- mem_puts, -- mem_gets, -- mem_ctrl, -- mem_new, -- mem_free, -- NULL, -- }; -+static BIO_METHOD mem_method = { -+ BIO_TYPE_MEM, -+ "memory buffer", -+ mem_write, -+ mem_read, -+ mem_puts, -+ mem_gets, -+ mem_ctrl, -+ mem_new, -+ mem_free, -+ NULL, -+}; - --/* bio->num is used to hold the value to return on 'empty', if it is -- * 0, should_retry is not set */ -+/* -+ * bio->num is used to hold the value to return on 'empty', if it is 0, -+ * should_retry is not set -+ */ - - BIO_METHOD *BIO_s_mem(void) -- { -- return(&mem_method); -- } -+{ -+ return (&mem_method); -+} - - BIO *BIO_new_mem_buf(void *buf, int len) - { -- BIO *ret; -- BUF_MEM *b; -- if (!buf) { -- BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER); -- return NULL; -- } -- if(len == -1) len = strlen(buf); -- if(!(ret = BIO_new(BIO_s_mem())) ) return NULL; -- b = (BUF_MEM *)ret->ptr; -- b->data = buf; -- b->length = len; -- b->max = len; -- ret->flags |= BIO_FLAGS_MEM_RDONLY; -- /* Since this is static data retrying wont help */ -- ret->num = 0; -- return ret; -+ BIO *ret; -+ BUF_MEM *b; -+ if (!buf) { -+ BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER); -+ return NULL; -+ } -+ if (len == -1) -+ len = strlen(buf); -+ if (!(ret = BIO_new(BIO_s_mem()))) -+ return NULL; -+ b = (BUF_MEM *)ret->ptr; -+ b->data = buf; -+ b->length = len; -+ b->max = len; -+ ret->flags |= BIO_FLAGS_MEM_RDONLY; -+ /* Since this is static data retrying wont help */ -+ ret->num = 0; -+ return ret; - } - - static int mem_new(BIO *bi) -- { -- BUF_MEM *b; -+{ -+ BUF_MEM *b; - -- if ((b=BUF_MEM_new()) == NULL) -- return(0); -- bi->shutdown=1; -- bi->init=1; -- bi->num= -1; -- bi->ptr=(char *)b; -- return(1); -- } -+ if ((b = BUF_MEM_new()) == NULL) -+ return (0); -+ bi->shutdown = 1; -+ bi->init = 1; -+ bi->num = -1; -+ bi->ptr = (char *)b; -+ return (1); -+} - - static int mem_free(BIO *a) -- { -- if (a == NULL) return(0); -- if (a->shutdown) -- { -- if ((a->init) && (a->ptr != NULL)) -- { -- BUF_MEM *b; -- b = (BUF_MEM *)a->ptr; -- if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL; -- BUF_MEM_free(b); -- a->ptr=NULL; -- } -- } -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ if (a->shutdown) { -+ if ((a->init) && (a->ptr != NULL)) { -+ BUF_MEM *b; -+ b = (BUF_MEM *)a->ptr; -+ if (a->flags & BIO_FLAGS_MEM_RDONLY) -+ b->data = NULL; -+ BUF_MEM_free(b); -+ a->ptr = NULL; -+ } -+ } -+ return (1); -+} -+ - static int mem_read(BIO *b, char *out, int outl) -- { -- int ret= -1; -- BUF_MEM *bm; -- int i; -- char *from,*to; -+{ -+ int ret = -1; -+ BUF_MEM *bm; -+ int i; -+ char *from, *to; - -- bm=(BUF_MEM *)b->ptr; -- BIO_clear_retry_flags(b); -- ret=(outl > bm->length)?bm->length:outl; -- if ((out != NULL) && (ret > 0)) { -- memcpy(out,bm->data,ret); -- bm->length-=ret; -- /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ -- if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret; -- else { -- from=(char *)&(bm->data[ret]); -- to=(char *)&(bm->data[0]); -- for (i=0; ilength; i++) -- to[i]=from[i]; -- } -- } else if (bm->length == 0) -- { -- ret = b->num; -- if (ret != 0) -- BIO_set_retry_read(b); -- } -- return(ret); -- } -+ bm = (BUF_MEM *)b->ptr; -+ BIO_clear_retry_flags(b); -+ ret = (outl > bm->length) ? bm->length : outl; -+ if ((out != NULL) && (ret > 0)) { -+ memcpy(out, bm->data, ret); -+ bm->length -= ret; -+ /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ -+ if (b->flags & BIO_FLAGS_MEM_RDONLY) -+ bm->data += ret; -+ else { -+ from = (char *)&(bm->data[ret]); -+ to = (char *)&(bm->data[0]); -+ for (i = 0; i < bm->length; i++) -+ to[i] = from[i]; -+ } -+ } else if (bm->length == 0) { -+ ret = b->num; -+ if (ret != 0) -+ BIO_set_retry_read(b); -+ } -+ return (ret); -+} - - static int mem_write(BIO *b, const char *in, int inl) -- { -- int ret= -1; -- int blen; -- BUF_MEM *bm; -+{ -+ int ret = -1; -+ int blen; -+ BUF_MEM *bm; - -- bm=(BUF_MEM *)b->ptr; -- if (in == NULL) -- { -- BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER); -- goto end; -- } -+ bm = (BUF_MEM *)b->ptr; -+ if (in == NULL) { -+ BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER); -+ goto end; -+ } - -- if(b->flags & BIO_FLAGS_MEM_RDONLY) { -- BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO); -- goto end; -- } -+ if (b->flags & BIO_FLAGS_MEM_RDONLY) { -+ BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO); -+ goto end; -+ } - -- BIO_clear_retry_flags(b); -- blen=bm->length; -- if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl)) -- goto end; -- memcpy(&(bm->data[blen]),in,inl); -- ret=inl; --end: -- return(ret); -- } -+ BIO_clear_retry_flags(b); -+ blen = bm->length; -+ if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) -+ goto end; -+ memcpy(&(bm->data[blen]), in, inl); -+ ret = inl; -+ end: -+ return (ret); -+} - - static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- long ret=1; -- char **pptr; -+{ -+ long ret = 1; -+ char **pptr; - -- BUF_MEM *bm=(BUF_MEM *)b->ptr; -+ BUF_MEM *bm = (BUF_MEM *)b->ptr; - -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- if (bm->data != NULL) -- { -- /* For read only case reset to the start again */ -- if(b->flags & BIO_FLAGS_MEM_RDONLY) -- { -- bm->data -= bm->max - bm->length; -- bm->length = bm->max; -- } -- else -- { -- memset(bm->data,0,bm->max); -- bm->length=0; -- } -- } -- break; -- case BIO_CTRL_EOF: -- ret=(long)(bm->length == 0); -- break; -- case BIO_C_SET_BUF_MEM_EOF_RETURN: -- b->num=(int)num; -- break; -- case BIO_CTRL_INFO: -- ret=(long)bm->length; -- if (ptr != NULL) -- { -- pptr=(char **)ptr; -- *pptr=(char *)&(bm->data[0]); -- } -- break; -- case BIO_C_SET_BUF_MEM: -- mem_free(b); -- b->shutdown=(int)num; -- b->ptr=ptr; -- break; -- case BIO_C_GET_BUF_MEM_PTR: -- if (ptr != NULL) -- { -- pptr=(char **)ptr; -- *pptr=(char *)bm; -- } -- break; -- case BIO_CTRL_GET_CLOSE: -- ret=(long)b->shutdown; -- break; -- case BIO_CTRL_SET_CLOSE: -- b->shutdown=(int)num; -- break; -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ if (bm->data != NULL) { -+ /* For read only case reset to the start again */ -+ if (b->flags & BIO_FLAGS_MEM_RDONLY) { -+ bm->data -= bm->max - bm->length; -+ bm->length = bm->max; -+ } else { -+ memset(bm->data, 0, bm->max); -+ bm->length = 0; -+ } -+ } -+ break; -+ case BIO_CTRL_EOF: -+ ret = (long)(bm->length == 0); -+ break; -+ case BIO_C_SET_BUF_MEM_EOF_RETURN: -+ b->num = (int)num; -+ break; -+ case BIO_CTRL_INFO: -+ ret = (long)bm->length; -+ if (ptr != NULL) { -+ pptr = (char **)ptr; -+ *pptr = (char *)&(bm->data[0]); -+ } -+ break; -+ case BIO_C_SET_BUF_MEM: -+ mem_free(b); -+ b->shutdown = (int)num; -+ b->ptr = ptr; -+ break; -+ case BIO_C_GET_BUF_MEM_PTR: -+ if (ptr != NULL) { -+ pptr = (char **)ptr; -+ *pptr = (char *)bm; -+ } -+ break; -+ case BIO_CTRL_GET_CLOSE: -+ ret = (long)b->shutdown; -+ break; -+ case BIO_CTRL_SET_CLOSE: -+ b->shutdown = (int)num; -+ break; - -- case BIO_CTRL_WPENDING: -- ret=0L; -- break; -- case BIO_CTRL_PENDING: -- ret=(long)bm->length; -- break; -- case BIO_CTRL_DUP: -- case BIO_CTRL_FLUSH: -- ret=1; -- break; -- case BIO_CTRL_PUSH: -- case BIO_CTRL_POP: -- default: -- ret=0; -- break; -- } -- return(ret); -- } -+ case BIO_CTRL_WPENDING: -+ ret = 0L; -+ break; -+ case BIO_CTRL_PENDING: -+ ret = (long)bm->length; -+ break; -+ case BIO_CTRL_DUP: -+ case BIO_CTRL_FLUSH: -+ ret = 1; -+ break; -+ case BIO_CTRL_PUSH: -+ case BIO_CTRL_POP: -+ default: -+ ret = 0; -+ break; -+ } -+ return (ret); -+} - - static int mem_gets(BIO *bp, char *buf, int size) -- { -- int i,j; -- int ret= -1; -- char *p; -- BUF_MEM *bm=(BUF_MEM *)bp->ptr; -+{ -+ int i, j; -+ int ret = -1; -+ char *p; -+ BUF_MEM *bm = (BUF_MEM *)bp->ptr; - -- BIO_clear_retry_flags(bp); -- j=bm->length; -- if ((size-1) < j) j=size-1; -- if (j <= 0) -- { -- *buf='\0'; -- return 0; -- } -- p=bm->data; -- for (i=0; ilength; -+ if ((size - 1) < j) -+ j = size - 1; -+ if (j <= 0) { -+ *buf = '\0'; -+ return 0; -+ } -+ p = bm->data; -+ for (i = 0; i < j; i++) { -+ if (p[i] == '\n') { -+ i++; -+ break; -+ } -+ } - -- /* -- * i is now the max num of bytes to copy, either j or up to -- * and including the first newline -- */ -+ /* -+ * i is now the max num of bytes to copy, either j or up to -+ * and including the first newline -+ */ - -- i=mem_read(bp,buf,i); -- if (i > 0) buf[i]='\0'; -- ret=i; -- return(ret); -- } -+ i = mem_read(bp, buf, i); -+ if (i > 0) -+ buf[i] = '\0'; -+ ret = i; -+ return (ret); -+} - - static int mem_puts(BIO *bp, const char *str) -- { -- int n,ret; -- -- n=strlen(str); -- ret=mem_write(bp,str,n); -- /* memory semantics is that it will always work */ -- return(ret); -- } -+{ -+ int n, ret; - -+ n = strlen(str); -+ ret = mem_write(bp, str, n); -+ /* memory semantics is that it will always work */ -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c -index 46b7333..6a03fa2 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/bss_null.c -+++ b/Cryptlib/OpenSSL/crypto/bio/bss_null.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -68,83 +68,82 @@ static int null_gets(BIO *h, char *str, int size); - static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int null_new(BIO *h); - static int null_free(BIO *data); --static BIO_METHOD null_method= -- { -- BIO_TYPE_NULL, -- "NULL", -- null_write, -- null_read, -- null_puts, -- null_gets, -- null_ctrl, -- null_new, -- null_free, -- NULL, -- }; -+static BIO_METHOD null_method = { -+ BIO_TYPE_NULL, -+ "NULL", -+ null_write, -+ null_read, -+ null_puts, -+ null_gets, -+ null_ctrl, -+ null_new, -+ null_free, -+ NULL, -+}; - - BIO_METHOD *BIO_s_null(void) -- { -- return(&null_method); -- } -+{ -+ return (&null_method); -+} - - static int null_new(BIO *bi) -- { -- bi->init=1; -- bi->num=0; -- bi->ptr=(NULL); -- return(1); -- } -+{ -+ bi->init = 1; -+ bi->num = 0; -+ bi->ptr = (NULL); -+ return (1); -+} - - static int null_free(BIO *a) -- { -- if (a == NULL) return(0); -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ return (1); -+} -+ - static int null_read(BIO *b, char *out, int outl) -- { -- return(0); -- } -+{ -+ return (0); -+} - - static int null_write(BIO *b, const char *in, int inl) -- { -- return(inl); -- } -+{ -+ return (inl); -+} - - static long null_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- long ret=1; -+{ -+ long ret = 1; - -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- case BIO_CTRL_EOF: -- case BIO_CTRL_SET: -- case BIO_CTRL_SET_CLOSE: -- case BIO_CTRL_FLUSH: -- case BIO_CTRL_DUP: -- ret=1; -- break; -- case BIO_CTRL_GET_CLOSE: -- case BIO_CTRL_INFO: -- case BIO_CTRL_GET: -- case BIO_CTRL_PENDING: -- case BIO_CTRL_WPENDING: -- default: -- ret=0; -- break; -- } -- return(ret); -- } -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ case BIO_CTRL_EOF: -+ case BIO_CTRL_SET: -+ case BIO_CTRL_SET_CLOSE: -+ case BIO_CTRL_FLUSH: -+ case BIO_CTRL_DUP: -+ ret = 1; -+ break; -+ case BIO_CTRL_GET_CLOSE: -+ case BIO_CTRL_INFO: -+ case BIO_CTRL_GET: -+ case BIO_CTRL_PENDING: -+ case BIO_CTRL_WPENDING: -+ default: -+ ret = 0; -+ break; -+ } -+ return (ret); -+} - - static int null_gets(BIO *bp, char *buf, int size) -- { -- return(0); -- } -+{ -+ return (0); -+} - - static int null_puts(BIO *bp, const char *str) -- { -- if (str == NULL) return(0); -- return(strlen(str)); -- } -- -+{ -+ if (str == NULL) -+ return (0); -+ return (strlen(str)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c -index 9405163..2f3d110 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_add.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_add.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,252 +62,252 @@ - - /* r can == a or b */ - int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -- { -- const BIGNUM *tmp; -- int a_neg = a->neg, ret; -+{ -+ const BIGNUM *tmp; -+ int a_neg = a->neg, ret; - -- bn_check_top(a); -- bn_check_top(b); -+ bn_check_top(a); -+ bn_check_top(b); - -- /* a + b a+b -- * a + -b a-b -- * -a + b b-a -- * -a + -b -(a+b) -- */ -- if (a_neg ^ b->neg) -- { -- /* only one is negative */ -- if (a_neg) -- { tmp=a; a=b; b=tmp; } -+ /*- -+ * a + b a+b -+ * a + -b a-b -+ * -a + b b-a -+ * -a + -b -(a+b) -+ */ -+ if (a_neg ^ b->neg) { -+ /* only one is negative */ -+ if (a_neg) { -+ tmp = a; -+ a = b; -+ b = tmp; -+ } - -- /* we are now a - b */ -+ /* we are now a - b */ - -- if (BN_ucmp(a,b) < 0) -- { -- if (!BN_usub(r,b,a)) return(0); -- r->neg=1; -- } -- else -- { -- if (!BN_usub(r,a,b)) return(0); -- r->neg=0; -- } -- return(1); -- } -+ if (BN_ucmp(a, b) < 0) { -+ if (!BN_usub(r, b, a)) -+ return (0); -+ r->neg = 1; -+ } else { -+ if (!BN_usub(r, a, b)) -+ return (0); -+ r->neg = 0; -+ } -+ return (1); -+ } - -- ret = BN_uadd(r,a,b); -- r->neg = a_neg; -- bn_check_top(r); -- return ret; -- } -+ ret = BN_uadd(r, a, b); -+ r->neg = a_neg; -+ bn_check_top(r); -+ return ret; -+} - - /* unsigned add of b to a */ - int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -- { -- int max,min,dif; -- BN_ULONG *ap,*bp,*rp,carry,t1,t2; -- const BIGNUM *tmp; -+{ -+ int max, min, dif; -+ BN_ULONG *ap, *bp, *rp, carry, t1, t2; -+ const BIGNUM *tmp; - -- bn_check_top(a); -- bn_check_top(b); -+ bn_check_top(a); -+ bn_check_top(b); - -- if (a->top < b->top) -- { tmp=a; a=b; b=tmp; } -- max = a->top; -- min = b->top; -- dif = max - min; -+ if (a->top < b->top) { -+ tmp = a; -+ a = b; -+ b = tmp; -+ } -+ max = a->top; -+ min = b->top; -+ dif = max - min; - -- if (bn_wexpand(r,max+1) == NULL) -- return 0; -+ if (bn_wexpand(r, max + 1) == NULL) -+ return 0; - -- r->top=max; -+ r->top = max; - -+ ap = a->d; -+ bp = b->d; -+ rp = r->d; - -- ap=a->d; -- bp=b->d; -- rp=r->d; -+ carry = bn_add_words(rp, ap, bp, min); -+ rp += min; -+ ap += min; -+ bp += min; - -- carry=bn_add_words(rp,ap,bp,min); -- rp+=min; -- ap+=min; -- bp+=min; -- -- if (carry) -- { -- while (dif) -- { -- dif--; -- t1 = *(ap++); -- t2 = (t1+1) & BN_MASK2; -- *(rp++) = t2; -- if (t2) -- { -- carry=0; -- break; -- } -- } -- if (carry) -- { -- /* carry != 0 => dif == 0 */ -- *rp = 1; -- r->top++; -- } -- } -- if (dif && rp != ap) -- while (dif--) -- /* copy remaining words if ap != rp */ -- *(rp++) = *(ap++); -- r->neg = 0; -- bn_check_top(r); -- return 1; -- } -+ if (carry) { -+ while (dif) { -+ dif--; -+ t1 = *(ap++); -+ t2 = (t1 + 1) & BN_MASK2; -+ *(rp++) = t2; -+ if (t2) { -+ carry = 0; -+ break; -+ } -+ } -+ if (carry) { -+ /* carry != 0 => dif == 0 */ -+ *rp = 1; -+ r->top++; -+ } -+ } -+ if (dif && rp != ap) -+ while (dif--) -+ /* copy remaining words if ap != rp */ -+ *(rp++) = *(ap++); -+ r->neg = 0; -+ bn_check_top(r); -+ return 1; -+} - - /* unsigned subtraction of b from a, a must be larger than b. */ - int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -- { -- int max,min,dif; -- register BN_ULONG t1,t2,*ap,*bp,*rp; -- int i,carry; -+{ -+ int max, min, dif; -+ register BN_ULONG t1, t2, *ap, *bp, *rp; -+ int i, carry; - #if defined(IRIX_CC_BUG) && !defined(LINT) -- int dummy; -+ int dummy; - #endif - -- bn_check_top(a); -- bn_check_top(b); -+ bn_check_top(a); -+ bn_check_top(b); - -- max = a->top; -- min = b->top; -- dif = max - min; -+ max = a->top; -+ min = b->top; -+ dif = max - min; - -- if (dif < 0) /* hmm... should not be happening */ -- { -- BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); -- return(0); -- } -+ if (dif < 0) { /* hmm... should not be happening */ -+ BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3); -+ return (0); -+ } - -- if (bn_wexpand(r,max) == NULL) return(0); -+ if (bn_wexpand(r, max) == NULL) -+ return (0); - -- ap=a->d; -- bp=b->d; -- rp=r->d; -+ ap = a->d; -+ bp = b->d; -+ rp = r->d; - - #if 1 -- carry=0; -- for (i = min; i != 0; i--) -- { -- t1= *(ap++); -- t2= *(bp++); -- if (carry) -- { -- carry=(t1 <= t2); -- t1=(t1-t2-1)&BN_MASK2; -- } -- else -- { -- carry=(t1 < t2); -- t1=(t1-t2)&BN_MASK2; -- } --#if defined(IRIX_CC_BUG) && !defined(LINT) -- dummy=t1; --#endif -- *(rp++)=t1&BN_MASK2; -- } -+ carry = 0; -+ for (i = min; i != 0; i--) { -+ t1 = *(ap++); -+ t2 = *(bp++); -+ if (carry) { -+ carry = (t1 <= t2); -+ t1 = (t1 - t2 - 1) & BN_MASK2; -+ } else { -+ carry = (t1 < t2); -+ t1 = (t1 - t2) & BN_MASK2; -+ } -+# if defined(IRIX_CC_BUG) && !defined(LINT) -+ dummy = t1; -+# endif -+ *(rp++) = t1 & BN_MASK2; -+ } - #else -- carry=bn_sub_words(rp,ap,bp,min); -- ap+=min; -- bp+=min; -- rp+=min; -+ carry = bn_sub_words(rp, ap, bp, min); -+ ap += min; -+ bp += min; -+ rp += min; - #endif -- if (carry) /* subtracted */ -- { -- if (!dif) -- /* error: a < b */ -- return 0; -- while (dif) -- { -- dif--; -- t1 = *(ap++); -- t2 = (t1-1)&BN_MASK2; -- *(rp++) = t2; -- if (t1) -- break; -- } -- } -+ if (carry) { /* subtracted */ -+ if (!dif) -+ /* error: a < b */ -+ return 0; -+ while (dif) { -+ dif--; -+ t1 = *(ap++); -+ t2 = (t1 - 1) & BN_MASK2; -+ *(rp++) = t2; -+ if (t1) -+ break; -+ } -+ } - #if 0 -- memcpy(rp,ap,sizeof(*rp)*(max-i)); -+ memcpy(rp, ap, sizeof(*rp) * (max - i)); - #else -- if (rp != ap) -- { -- for (;;) -- { -- if (!dif--) break; -- rp[0]=ap[0]; -- if (!dif--) break; -- rp[1]=ap[1]; -- if (!dif--) break; -- rp[2]=ap[2]; -- if (!dif--) break; -- rp[3]=ap[3]; -- rp+=4; -- ap+=4; -- } -- } -+ if (rp != ap) { -+ for (;;) { -+ if (!dif--) -+ break; -+ rp[0] = ap[0]; -+ if (!dif--) -+ break; -+ rp[1] = ap[1]; -+ if (!dif--) -+ break; -+ rp[2] = ap[2]; -+ if (!dif--) -+ break; -+ rp[3] = ap[3]; -+ rp += 4; -+ ap += 4; -+ } -+ } - #endif - -- r->top=max; -- r->neg=0; -- bn_correct_top(r); -- return(1); -- } -+ r->top = max; -+ r->neg = 0; -+ bn_correct_top(r); -+ return (1); -+} - - int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -- { -- int max; -- int add=0,neg=0; -- const BIGNUM *tmp; -- -- bn_check_top(a); -- bn_check_top(b); -+{ -+ int max; -+ int add = 0, neg = 0; -+ const BIGNUM *tmp; - -- /* a - b a-b -- * a - -b a+b -- * -a - b -(a+b) -- * -a - -b b-a -- */ -- if (a->neg) -- { -- if (b->neg) -- { tmp=a; a=b; b=tmp; } -- else -- { add=1; neg=1; } -- } -- else -- { -- if (b->neg) { add=1; neg=0; } -- } -+ bn_check_top(a); -+ bn_check_top(b); - -- if (add) -- { -- if (!BN_uadd(r,a,b)) return(0); -- r->neg=neg; -- return(1); -- } -+ /*- -+ * a - b a-b -+ * a - -b a+b -+ * -a - b -(a+b) -+ * -a - -b b-a -+ */ -+ if (a->neg) { -+ if (b->neg) { -+ tmp = a; -+ a = b; -+ b = tmp; -+ } else { -+ add = 1; -+ neg = 1; -+ } -+ } else { -+ if (b->neg) { -+ add = 1; -+ neg = 0; -+ } -+ } - -- /* We are actually doing a - b :-) */ -+ if (add) { -+ if (!BN_uadd(r, a, b)) -+ return (0); -+ r->neg = neg; -+ return (1); -+ } - -- max=(a->top > b->top)?a->top:b->top; -- if (bn_wexpand(r,max) == NULL) return(0); -- if (BN_ucmp(a,b) < 0) -- { -- if (!BN_usub(r,b,a)) return(0); -- r->neg=1; -- } -- else -- { -- if (!BN_usub(r,a,b)) return(0); -- r->neg=0; -- } -- bn_check_top(r); -- return(1); -- } -+ /* We are actually doing a - b :-) */ - -+ max = (a->top > b->top) ? a->top : b->top; -+ if (bn_wexpand(r, max) == NULL) -+ return (0); -+ if (BN_ucmp(a, b) < 0) { -+ if (!BN_usub(r, b, a)) -+ return (0); -+ r->neg = 1; -+ } else { -+ if (!BN_usub(r, a, b)) -+ return (0); -+ r->neg = 0; -+ } -+ bn_check_top(r); -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c -index 99bc2de..92e9539 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,7 +57,7 @@ - */ - - #ifndef BN_DEBUG --# undef NDEBUG /* avoid conflicting definitions */ -+# undef NDEBUG /* avoid conflicting definitions */ - # define NDEBUG - #endif - -@@ -68,793 +68,853 @@ - - #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) - --BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -- { -- BN_ULONG c1=0; -- -- assert(num >= 0); -- if (num <= 0) return(c1); -- -- while (num&~3) -- { -- mul_add(rp[0],ap[0],w,c1); -- mul_add(rp[1],ap[1],w,c1); -- mul_add(rp[2],ap[2],w,c1); -- mul_add(rp[3],ap[3],w,c1); -- ap+=4; rp+=4; num-=4; -- } -- if (num) -- { -- mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; -- mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; -- mul_add(rp[2],ap[2],w,c1); return c1; -- } -- -- return(c1); -- } -+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, -+ BN_ULONG w) -+{ -+ BN_ULONG c1 = 0; -+ -+ assert(num >= 0); -+ if (num <= 0) -+ return (c1); -+ -+ while (num & ~3) { -+ mul_add(rp[0], ap[0], w, c1); -+ mul_add(rp[1], ap[1], w, c1); -+ mul_add(rp[2], ap[2], w, c1); -+ mul_add(rp[3], ap[3], w, c1); -+ ap += 4; -+ rp += 4; -+ num -= 4; -+ } -+ if (num) { -+ mul_add(rp[0], ap[0], w, c1); -+ if (--num == 0) -+ return c1; -+ mul_add(rp[1], ap[1], w, c1); -+ if (--num == 0) -+ return c1; -+ mul_add(rp[2], ap[2], w, c1); -+ return c1; -+ } -+ -+ return (c1); -+} - - BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -- { -- BN_ULONG c1=0; -- -- assert(num >= 0); -- if (num <= 0) return(c1); -- -- while (num&~3) -- { -- mul(rp[0],ap[0],w,c1); -- mul(rp[1],ap[1],w,c1); -- mul(rp[2],ap[2],w,c1); -- mul(rp[3],ap[3],w,c1); -- ap+=4; rp+=4; num-=4; -- } -- if (num) -- { -- mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; -- mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; -- mul(rp[2],ap[2],w,c1); -- } -- return(c1); -- } -+{ -+ BN_ULONG c1 = 0; -+ -+ assert(num >= 0); -+ if (num <= 0) -+ return (c1); -+ -+ while (num & ~3) { -+ mul(rp[0], ap[0], w, c1); -+ mul(rp[1], ap[1], w, c1); -+ mul(rp[2], ap[2], w, c1); -+ mul(rp[3], ap[3], w, c1); -+ ap += 4; -+ rp += 4; -+ num -= 4; -+ } -+ if (num) { -+ mul(rp[0], ap[0], w, c1); -+ if (--num == 0) -+ return c1; -+ mul(rp[1], ap[1], w, c1); -+ if (--num == 0) -+ return c1; -+ mul(rp[2], ap[2], w, c1); -+ } -+ return (c1); -+} - - void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -- { -- assert(n >= 0); -- if (n <= 0) return; -- while (n&~3) -- { -- sqr(r[0],r[1],a[0]); -- sqr(r[2],r[3],a[1]); -- sqr(r[4],r[5],a[2]); -- sqr(r[6],r[7],a[3]); -- a+=4; r+=8; n-=4; -- } -- if (n) -- { -- sqr(r[0],r[1],a[0]); if (--n == 0) return; -- sqr(r[2],r[3],a[1]); if (--n == 0) return; -- sqr(r[4],r[5],a[2]); -- } -- } -- --#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ -- --BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -- { -- BN_ULONG c=0; -- BN_ULONG bl,bh; -- -- assert(num >= 0); -- if (num <= 0) return((BN_ULONG)0); -- -- bl=LBITS(w); -- bh=HBITS(w); -- -- for (;;) -- { -- mul_add(rp[0],ap[0],bl,bh,c); -- if (--num == 0) break; -- mul_add(rp[1],ap[1],bl,bh,c); -- if (--num == 0) break; -- mul_add(rp[2],ap[2],bl,bh,c); -- if (--num == 0) break; -- mul_add(rp[3],ap[3],bl,bh,c); -- if (--num == 0) break; -- ap+=4; -- rp+=4; -- } -- return(c); -- } -+{ -+ assert(n >= 0); -+ if (n <= 0) -+ return; -+ while (n & ~3) { -+ sqr(r[0], r[1], a[0]); -+ sqr(r[2], r[3], a[1]); -+ sqr(r[4], r[5], a[2]); -+ sqr(r[6], r[7], a[3]); -+ a += 4; -+ r += 8; -+ n -= 4; -+ } -+ if (n) { -+ sqr(r[0], r[1], a[0]); -+ if (--n == 0) -+ return; -+ sqr(r[2], r[3], a[1]); -+ if (--n == 0) -+ return; -+ sqr(r[4], r[5], a[2]); -+ } -+} -+ -+#else /* !(defined(BN_LLONG) || -+ * defined(BN_UMULT_HIGH)) */ -+ -+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, -+ BN_ULONG w) -+{ -+ BN_ULONG c = 0; -+ BN_ULONG bl, bh; -+ -+ assert(num >= 0); -+ if (num <= 0) -+ return ((BN_ULONG)0); -+ -+ bl = LBITS(w); -+ bh = HBITS(w); -+ -+ for (;;) { -+ mul_add(rp[0], ap[0], bl, bh, c); -+ if (--num == 0) -+ break; -+ mul_add(rp[1], ap[1], bl, bh, c); -+ if (--num == 0) -+ break; -+ mul_add(rp[2], ap[2], bl, bh, c); -+ if (--num == 0) -+ break; -+ mul_add(rp[3], ap[3], bl, bh, c); -+ if (--num == 0) -+ break; -+ ap += 4; -+ rp += 4; -+ } -+ return (c); -+} - - BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -- { -- BN_ULONG carry=0; -- BN_ULONG bl,bh; -- -- assert(num >= 0); -- if (num <= 0) return((BN_ULONG)0); -- -- bl=LBITS(w); -- bh=HBITS(w); -- -- for (;;) -- { -- mul(rp[0],ap[0],bl,bh,carry); -- if (--num == 0) break; -- mul(rp[1],ap[1],bl,bh,carry); -- if (--num == 0) break; -- mul(rp[2],ap[2],bl,bh,carry); -- if (--num == 0) break; -- mul(rp[3],ap[3],bl,bh,carry); -- if (--num == 0) break; -- ap+=4; -- rp+=4; -- } -- return(carry); -- } -+{ -+ BN_ULONG carry = 0; -+ BN_ULONG bl, bh; -+ -+ assert(num >= 0); -+ if (num <= 0) -+ return ((BN_ULONG)0); -+ -+ bl = LBITS(w); -+ bh = HBITS(w); -+ -+ for (;;) { -+ mul(rp[0], ap[0], bl, bh, carry); -+ if (--num == 0) -+ break; -+ mul(rp[1], ap[1], bl, bh, carry); -+ if (--num == 0) -+ break; -+ mul(rp[2], ap[2], bl, bh, carry); -+ if (--num == 0) -+ break; -+ mul(rp[3], ap[3], bl, bh, carry); -+ if (--num == 0) -+ break; -+ ap += 4; -+ rp += 4; -+ } -+ return (carry); -+} - - void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -- { -- assert(n >= 0); -- if (n <= 0) return; -- for (;;) -- { -- sqr64(r[0],r[1],a[0]); -- if (--n == 0) break; -- -- sqr64(r[2],r[3],a[1]); -- if (--n == 0) break; -- -- sqr64(r[4],r[5],a[2]); -- if (--n == 0) break; -- -- sqr64(r[6],r[7],a[3]); -- if (--n == 0) break; -- -- a+=4; -- r+=8; -- } -- } -- --#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ -+{ -+ assert(n >= 0); -+ if (n <= 0) -+ return; -+ for (;;) { -+ sqr64(r[0], r[1], a[0]); -+ if (--n == 0) -+ break; -+ -+ sqr64(r[2], r[3], a[1]); -+ if (--n == 0) -+ break; -+ -+ sqr64(r[4], r[5], a[2]); -+ if (--n == 0) -+ break; -+ -+ sqr64(r[6], r[7], a[3]); -+ if (--n == 0) -+ break; -+ -+ a += 4; -+ r += 8; -+ } -+} -+ -+#endif /* !(defined(BN_LLONG) || -+ * defined(BN_UMULT_HIGH)) */ - - #if defined(BN_LLONG) && defined(BN_DIV2W) - - BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) -- { -- return((BN_ULONG)(((((BN_ULLONG)h)<= d) h-=d; -- -- if (i) -- { -- d<<=i; -- h=(h<>(BN_BITS2-i)); -- l<<=i; -- } -- dh=(d&BN_MASK2h)>>BN_BITS4; -- dl=(d&BN_MASK2l); -- for (;;) -- { -- if ((h>>BN_BITS4) == dh) -- q=BN_MASK2l; -- else -- q=h/dh; -- -- th=q*dh; -- tl=dl*q; -- for (;;) -- { -- t=h-th; -- if ((t&BN_MASK2h) || -- ((tl) <= ( -- (t<>BN_BITS4)))) -- break; -- q--; -- th-=dh; -- tl-=dl; -- } -- t=(tl>>BN_BITS4); -- tl=(tl<>BN_BITS4))&BN_MASK2; -- l=(l&BN_MASK2l)<= d) -+ h -= d; -+ -+ if (i) { -+ d <<= i; -+ h = (h << i) | (l >> (BN_BITS2 - i)); -+ l <<= i; -+ } -+ dh = (d & BN_MASK2h) >> BN_BITS4; -+ dl = (d & BN_MASK2l); -+ for (;;) { -+ if ((h >> BN_BITS4) == dh) -+ q = BN_MASK2l; -+ else -+ q = h / dh; -+ -+ th = q * dh; -+ tl = dl * q; -+ for (;;) { -+ t = h - th; -+ if ((t & BN_MASK2h) || -+ ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4)))) -+ break; -+ q--; -+ th -= dh; -+ tl -= dl; -+ } -+ t = (tl >> BN_BITS4); -+ tl = (tl << BN_BITS4) & BN_MASK2h; -+ th += t; -+ -+ if (l < tl) -+ th++; -+ l -= tl; -+ if (h < th) { -+ h += d; -+ q--; -+ } -+ h -= th; -+ -+ if (--count == 0) -+ break; -+ -+ ret = q << BN_BITS4; -+ h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2; -+ l = (l & BN_MASK2l) << BN_BITS4; -+ } -+ ret |= q; -+ return (ret); -+} -+#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ - - #ifdef BN_LLONG --BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) -- { -- BN_ULLONG ll=0; -- -- assert(n >= 0); -- if (n <= 0) return((BN_ULONG)0); -- -- for (;;) -- { -- ll+=(BN_ULLONG)a[0]+b[0]; -- r[0]=(BN_ULONG)ll&BN_MASK2; -- ll>>=BN_BITS2; -- if (--n <= 0) break; -- -- ll+=(BN_ULLONG)a[1]+b[1]; -- r[1]=(BN_ULONG)ll&BN_MASK2; -- ll>>=BN_BITS2; -- if (--n <= 0) break; -- -- ll+=(BN_ULLONG)a[2]+b[2]; -- r[2]=(BN_ULONG)ll&BN_MASK2; -- ll>>=BN_BITS2; -- if (--n <= 0) break; -- -- ll+=(BN_ULLONG)a[3]+b[3]; -- r[3]=(BN_ULONG)ll&BN_MASK2; -- ll>>=BN_BITS2; -- if (--n <= 0) break; -- -- a+=4; -- b+=4; -- r+=4; -- } -- return((BN_ULONG)ll); -- } --#else /* !BN_LLONG */ --BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) -- { -- BN_ULONG c,l,t; -- -- assert(n >= 0); -- if (n <= 0) return((BN_ULONG)0); -- -- c=0; -- for (;;) -- { -- t=a[0]; -- t=(t+c)&BN_MASK2; -- c=(t < c); -- l=(t+b[0])&BN_MASK2; -- c+=(l < t); -- r[0]=l; -- if (--n <= 0) break; -- -- t=a[1]; -- t=(t+c)&BN_MASK2; -- c=(t < c); -- l=(t+b[1])&BN_MASK2; -- c+=(l < t); -- r[1]=l; -- if (--n <= 0) break; -- -- t=a[2]; -- t=(t+c)&BN_MASK2; -- c=(t < c); -- l=(t+b[2])&BN_MASK2; -- c+=(l < t); -- r[2]=l; -- if (--n <= 0) break; -- -- t=a[3]; -- t=(t+c)&BN_MASK2; -- c=(t < c); -- l=(t+b[3])&BN_MASK2; -- c+=(l < t); -- r[3]=l; -- if (--n <= 0) break; -- -- a+=4; -- b+=4; -- r+=4; -- } -- return((BN_ULONG)c); -- } --#endif /* !BN_LLONG */ -- --BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) -- { -- BN_ULONG t1,t2; -- int c=0; -- -- assert(n >= 0); -- if (n <= 0) return((BN_ULONG)0); -- -- for (;;) -- { -- t1=a[0]; t2=b[0]; -- r[0]=(t1-t2-c)&BN_MASK2; -- if (t1 != t2) c=(t1 < t2); -- if (--n <= 0) break; -- -- t1=a[1]; t2=b[1]; -- r[1]=(t1-t2-c)&BN_MASK2; -- if (t1 != t2) c=(t1 < t2); -- if (--n <= 0) break; -- -- t1=a[2]; t2=b[2]; -- r[2]=(t1-t2-c)&BN_MASK2; -- if (t1 != t2) c=(t1 < t2); -- if (--n <= 0) break; -- -- t1=a[3]; t2=b[3]; -- r[3]=(t1-t2-c)&BN_MASK2; -- if (t1 != t2) c=(t1 < t2); -- if (--n <= 0) break; -- -- a+=4; -- b+=4; -- r+=4; -- } -- return(c); -- } -+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, -+ int n) -+{ -+ BN_ULLONG ll = 0; -+ -+ assert(n >= 0); -+ if (n <= 0) -+ return ((BN_ULONG)0); -+ -+ for (;;) { -+ ll += (BN_ULLONG) a[0] + b[0]; -+ r[0] = (BN_ULONG)ll & BN_MASK2; -+ ll >>= BN_BITS2; -+ if (--n <= 0) -+ break; -+ -+ ll += (BN_ULLONG) a[1] + b[1]; -+ r[1] = (BN_ULONG)ll & BN_MASK2; -+ ll >>= BN_BITS2; -+ if (--n <= 0) -+ break; -+ -+ ll += (BN_ULLONG) a[2] + b[2]; -+ r[2] = (BN_ULONG)ll & BN_MASK2; -+ ll >>= BN_BITS2; -+ if (--n <= 0) -+ break; -+ -+ ll += (BN_ULLONG) a[3] + b[3]; -+ r[3] = (BN_ULONG)ll & BN_MASK2; -+ ll >>= BN_BITS2; -+ if (--n <= 0) -+ break; -+ -+ a += 4; -+ b += 4; -+ r += 4; -+ } -+ return ((BN_ULONG)ll); -+} -+#else /* !BN_LLONG */ -+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, -+ int n) -+{ -+ BN_ULONG c, l, t; -+ -+ assert(n >= 0); -+ if (n <= 0) -+ return ((BN_ULONG)0); -+ -+ c = 0; -+ for (;;) { -+ t = a[0]; -+ t = (t + c) & BN_MASK2; -+ c = (t < c); -+ l = (t + b[0]) & BN_MASK2; -+ c += (l < t); -+ r[0] = l; -+ if (--n <= 0) -+ break; -+ -+ t = a[1]; -+ t = (t + c) & BN_MASK2; -+ c = (t < c); -+ l = (t + b[1]) & BN_MASK2; -+ c += (l < t); -+ r[1] = l; -+ if (--n <= 0) -+ break; -+ -+ t = a[2]; -+ t = (t + c) & BN_MASK2; -+ c = (t < c); -+ l = (t + b[2]) & BN_MASK2; -+ c += (l < t); -+ r[2] = l; -+ if (--n <= 0) -+ break; -+ -+ t = a[3]; -+ t = (t + c) & BN_MASK2; -+ c = (t < c); -+ l = (t + b[3]) & BN_MASK2; -+ c += (l < t); -+ r[3] = l; -+ if (--n <= 0) -+ break; -+ -+ a += 4; -+ b += 4; -+ r += 4; -+ } -+ return ((BN_ULONG)c); -+} -+#endif /* !BN_LLONG */ -+ -+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, -+ int n) -+{ -+ BN_ULONG t1, t2; -+ int c = 0; -+ -+ assert(n >= 0); -+ if (n <= 0) -+ return ((BN_ULONG)0); -+ -+ for (;;) { -+ t1 = a[0]; -+ t2 = b[0]; -+ r[0] = (t1 - t2 - c) & BN_MASK2; -+ if (t1 != t2) -+ c = (t1 < t2); -+ if (--n <= 0) -+ break; -+ -+ t1 = a[1]; -+ t2 = b[1]; -+ r[1] = (t1 - t2 - c) & BN_MASK2; -+ if (t1 != t2) -+ c = (t1 < t2); -+ if (--n <= 0) -+ break; -+ -+ t1 = a[2]; -+ t2 = b[2]; -+ r[2] = (t1 - t2 - c) & BN_MASK2; -+ if (t1 != t2) -+ c = (t1 < t2); -+ if (--n <= 0) -+ break; -+ -+ t1 = a[3]; -+ t2 = b[3]; -+ r[3] = (t1 - t2 - c) & BN_MASK2; -+ if (t1 != t2) -+ c = (t1 < t2); -+ if (--n <= 0) -+ break; -+ -+ a += 4; -+ b += 4; -+ r += 4; -+ } -+ return (c); -+} - - #ifdef BN_MUL_COMBA - --#undef bn_mul_comba8 --#undef bn_mul_comba4 --#undef bn_sqr_comba8 --#undef bn_sqr_comba4 -+# undef bn_mul_comba8 -+# undef bn_mul_comba4 -+# undef bn_sqr_comba8 -+# undef bn_sqr_comba4 - - /* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ - /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ - /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ --/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ -+/* -+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number -+ * c=(c2,c1,c0) -+ */ - --#ifdef BN_LLONG --#define mul_add_c(a,b,c0,c1,c2) \ -- t=(BN_ULLONG)a*b; \ -- t1=(BN_ULONG)Lw(t); \ -- t2=(BN_ULONG)Hw(t); \ -- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ -- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; -- --#define mul_add_c2(a,b,c0,c1,c2) \ -- t=(BN_ULLONG)a*b; \ -- tt=(t+t)&BN_MASK; \ -- if (tt < t) c2++; \ -- t1=(BN_ULONG)Lw(tt); \ -- t2=(BN_ULONG)Hw(tt); \ -- c0=(c0+t1)&BN_MASK2; \ -- if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \ -- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; -- --#define sqr_add_c(a,i,c0,c1,c2) \ -- t=(BN_ULLONG)a[i]*a[i]; \ -- t1=(BN_ULONG)Lw(t); \ -- t2=(BN_ULONG)Hw(t); \ -- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ -- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; -- --#define sqr_add_c2(a,i,j,c0,c1,c2) \ -- mul_add_c2((a)[i],(a)[j],c0,c1,c2) -- --#elif defined(BN_UMULT_LOHI) -- --#define mul_add_c(a,b,c0,c1,c2) { \ -- BN_ULONG ta=(a),tb=(b); \ -- BN_UMULT_LOHI(t1,t2,ta,tb); \ -- c0 += t1; t2 += (c0A = BN_dup(A)) == NULL) goto err; -- } -- if (Ai != NULL) -- { -- if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; -- } -- -- /* save a copy of mod in the BN_BLINDING structure */ -- if ((ret->mod = BN_dup(mod)) == NULL) goto err; -- if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) -- BN_set_flags(ret->mod, BN_FLG_CONSTTIME); -- -- /* Set the counter to the special value -1 -- * to indicate that this is never-used fresh blinding -- * that does not need updating before first use. */ -- ret->counter = -1; -- return(ret); --err: -- if (ret != NULL) BN_BLINDING_free(ret); -- return(NULL); -- } -+#define BN_BLINDING_COUNTER 32 -+ -+struct bn_blinding_st { -+ BIGNUM *A; -+ BIGNUM *Ai; -+ BIGNUM *e; -+ BIGNUM *mod; /* just a reference */ -+ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used -+ * only by crypto/rsa/rsa_eay.c, rsa_lib.c */ -+ int counter; -+ unsigned long flags; -+ BN_MONT_CTX *m_ctx; -+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+}; -+ -+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) -+{ -+ BN_BLINDING *ret = NULL; -+ -+ bn_check_top(mod); -+ -+ if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { -+ BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ memset(ret, 0, sizeof(BN_BLINDING)); -+ if (A != NULL) { -+ if ((ret->A = BN_dup(A)) == NULL) -+ goto err; -+ } -+ if (Ai != NULL) { -+ if ((ret->Ai = BN_dup(Ai)) == NULL) -+ goto err; -+ } -+ -+ /* save a copy of mod in the BN_BLINDING structure */ -+ if ((ret->mod = BN_dup(mod)) == NULL) -+ goto err; -+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) -+ BN_set_flags(ret->mod, BN_FLG_CONSTTIME); -+ -+ /* -+ * Set the counter to the special value -1 to indicate that this is -+ * never-used fresh blinding that does not need updating before first -+ * use. -+ */ -+ ret->counter = -1; -+ return (ret); -+ err: -+ if (ret != NULL) -+ BN_BLINDING_free(ret); -+ return (NULL); -+} - - void BN_BLINDING_free(BN_BLINDING *r) -- { -- if(r == NULL) -- return; -- -- if (r->A != NULL) BN_free(r->A ); -- if (r->Ai != NULL) BN_free(r->Ai); -- if (r->e != NULL) BN_free(r->e ); -- if (r->mod != NULL) BN_free(r->mod); -- OPENSSL_free(r); -- } -+{ -+ if (r == NULL) -+ return; -+ -+ if (r->A != NULL) -+ BN_free(r->A); -+ if (r->Ai != NULL) -+ BN_free(r->Ai); -+ if (r->e != NULL) -+ BN_free(r->e); -+ if (r->mod != NULL) -+ BN_free(r->mod); -+ OPENSSL_free(r); -+} - - int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) -- { -- int ret=0; -- -- if ((b->A == NULL) || (b->Ai == NULL)) -- { -- BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); -- goto err; -- } -- -- if (b->counter == -1) -- b->counter = 0; -- -- if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && -- !(b->flags & BN_BLINDING_NO_RECREATE)) -- { -- /* re-create blinding parameters */ -- if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) -- goto err; -- } -- else if (!(b->flags & BN_BLINDING_NO_UPDATE)) -- { -- if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; -- if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; -- } -- -- ret=1; --err: -- if (b->counter == BN_BLINDING_COUNTER) -- b->counter = 0; -- return(ret); -- } -+{ -+ int ret = 0; -+ -+ if ((b->A == NULL) || (b->Ai == NULL)) { -+ BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED); -+ goto err; -+ } -+ -+ if (b->counter == -1) -+ b->counter = 0; -+ -+ if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && -+ !(b->flags & BN_BLINDING_NO_RECREATE)) { -+ /* re-create blinding parameters */ -+ if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) -+ goto err; -+ } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { -+ if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) -+ goto err; -+ if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)) -+ goto err; -+ } -+ -+ ret = 1; -+ err: -+ if (b->counter == BN_BLINDING_COUNTER) -+ b->counter = 0; -+ return (ret); -+} - - int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) -- { -- return BN_BLINDING_convert_ex(n, NULL, b, ctx); -- } -+{ -+ return BN_BLINDING_convert_ex(n, NULL, b, ctx); -+} - - int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) -- { -- int ret = 1; -+{ -+ int ret = 1; - -- bn_check_top(n); -+ bn_check_top(n); - -- if ((b->A == NULL) || (b->Ai == NULL)) -- { -- BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED); -- return(0); -- } -+ if ((b->A == NULL) || (b->Ai == NULL)) { -+ BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED); -+ return (0); -+ } - -- if (b->counter == -1) -- /* Fresh blinding, doesn't need updating. */ -- b->counter = 0; -- else if (!BN_BLINDING_update(b,ctx)) -- return(0); -+ if (b->counter == -1) -+ /* Fresh blinding, doesn't need updating. */ -+ b->counter = 0; -+ else if (!BN_BLINDING_update(b, ctx)) -+ return (0); - -- if (r != NULL) -- { -- if (!BN_copy(r, b->Ai)) ret=0; -- } -+ if (r != NULL) { -+ if (!BN_copy(r, b->Ai)) -+ ret = 0; -+ } - -- if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; -- -- return ret; -- } -+ if (!BN_mod_mul(n, n, b->A, b->mod, ctx)) -+ ret = 0; -+ -+ return ret; -+} - - int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) -- { -- return BN_BLINDING_invert_ex(n, NULL, b, ctx); -- } -- --int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) -- { -- int ret; -- -- bn_check_top(n); -- -- if (r != NULL) -- ret = BN_mod_mul(n, n, r, b->mod, ctx); -- else -- { -- if (b->Ai == NULL) -- { -- BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); -- return(0); -- } -- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); -- } -- -- bn_check_top(n); -- return(ret); -- } -+{ -+ return BN_BLINDING_invert_ex(n, NULL, b, ctx); -+} -+ -+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, -+ BN_CTX *ctx) -+{ -+ int ret; -+ -+ bn_check_top(n); -+ -+ if (r != NULL) -+ ret = BN_mod_mul(n, n, r, b->mod, ctx); -+ else { -+ if (b->Ai == NULL) { -+ BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); -+ return (0); -+ } -+ ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); -+ } -+ -+ bn_check_top(n); -+ return (ret); -+} - - unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) -- { -- return b->thread_id; -- } -+{ -+ return b->thread_id; -+} - - void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) -- { -- b->thread_id = n; -- } -+{ -+ b->thread_id = n; -+} - - unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) -- { -- return b->flags; -- } -+{ -+ return b->flags; -+} - - void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) -- { -- b->flags = flags; -- } -+{ -+ b->flags = flags; -+} - - BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, -- const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, -- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), -- BN_MONT_CTX *m_ctx) -+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, -+ int (*bn_mod_exp) (BIGNUM *r, -+ const BIGNUM *a, -+ const BIGNUM *p, -+ const BIGNUM *m, -+ BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx), -+ BN_MONT_CTX *m_ctx) - { -- int retry_counter = 32; -- BN_BLINDING *ret = NULL; -- -- if (b == NULL) -- ret = BN_BLINDING_new(NULL, NULL, m); -- else -- ret = b; -- -- if (ret == NULL) -- goto err; -- -- if (ret->A == NULL && (ret->A = BN_new()) == NULL) -- goto err; -- if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) -- goto err; -- -- if (e != NULL) -- { -- if (ret->e != NULL) -- BN_free(ret->e); -- ret->e = BN_dup(e); -- } -- if (ret->e == NULL) -- goto err; -- -- if (bn_mod_exp != NULL) -- ret->bn_mod_exp = bn_mod_exp; -- if (m_ctx != NULL) -- ret->m_ctx = m_ctx; -- -- do { -- if (!BN_rand_range(ret->A, ret->mod)) goto err; -- if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) -- { -- /* this should almost never happen for good RSA keys */ -- unsigned long error = ERR_peek_last_error(); -- if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) -- { -- if (retry_counter-- == 0) -- { -- BNerr(BN_F_BN_BLINDING_CREATE_PARAM, -- BN_R_TOO_MANY_ITERATIONS); -- goto err; -- } -- ERR_clear_error(); -- } -- else -- goto err; -- } -- else -- break; -- } while (1); -- -- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) -- { -- if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) -- goto err; -- } -- else -- { -- if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) -- goto err; -- } -- -- return ret; --err: -- if (b == NULL && ret != NULL) -- { -- BN_BLINDING_free(ret); -- ret = NULL; -- } -- -- return ret; -+ int retry_counter = 32; -+ BN_BLINDING *ret = NULL; -+ -+ if (b == NULL) -+ ret = BN_BLINDING_new(NULL, NULL, m); -+ else -+ ret = b; -+ -+ if (ret == NULL) -+ goto err; -+ -+ if (ret->A == NULL && (ret->A = BN_new()) == NULL) -+ goto err; -+ if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) -+ goto err; -+ -+ if (e != NULL) { -+ if (ret->e != NULL) -+ BN_free(ret->e); -+ ret->e = BN_dup(e); -+ } -+ if (ret->e == NULL) -+ goto err; -+ -+ if (bn_mod_exp != NULL) -+ ret->bn_mod_exp = bn_mod_exp; -+ if (m_ctx != NULL) -+ ret->m_ctx = m_ctx; -+ -+ do { -+ if (!BN_rand_range(ret->A, ret->mod)) -+ goto err; -+ if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { -+ /* -+ * this should almost never happen for good RSA keys -+ */ -+ unsigned long error = ERR_peek_last_error(); -+ if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { -+ if (retry_counter-- == 0) { -+ BNerr(BN_F_BN_BLINDING_CREATE_PARAM, -+ BN_R_TOO_MANY_ITERATIONS); -+ goto err; -+ } -+ ERR_clear_error(); -+ } else -+ goto err; -+ } else -+ break; -+ } while (1); -+ -+ if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { -+ if (!ret->bn_mod_exp -+ (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) -+ goto err; -+ } else { -+ if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) -+ goto err; -+ } -+ -+ return ret; -+ err: -+ if (b == NULL && ret != NULL) { -+ BN_BLINDING_free(ret); -+ ret = NULL; -+ } -+ -+ return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c -index eb60a25..12c3208 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_const.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_const.c -@@ -3,7 +3,8 @@ - - #include "bn.h" - --/* "First Oakley Default Group" from RFC2409, section 6.1. -+/*- -+ * "First Oakley Default Group" from RFC2409, section 6.1. - * - * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } - * -@@ -12,21 +13,26 @@ - */ - - BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) -- { -- static const unsigned char RFC2409_PRIME_768[]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, -- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, -- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, -- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, -- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, -- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, -- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, -- 0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- }; -- return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn); -- } -+{ -+ static const unsigned char RFC2409_PRIME_768[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ }; -+ return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn); -+} - --/* "Second Oakley Default Group" from RFC2409, section 6.2. -+/*- -+ * "Second Oakley Default Group" from RFC2409, section 6.2. - * - * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. - * -@@ -35,24 +41,30 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) - */ - - BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) -- { -- static const unsigned char RFC2409_PRIME_1024[]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, -- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, -- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, -- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, -- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, -- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, -- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, -- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, -- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, -- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81, -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- }; -- return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn); -- } -+{ -+ static const unsigned char RFC2409_PRIME_1024[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ }; -+ return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn); -+} - --/* "1536-bit MODP Group" from RFC3526, Section 2. -+/*- -+ * "1536-bit MODP Group" from RFC3526, Section 2. - * - * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } - * -@@ -61,29 +73,38 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) - */ - - BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) -- { -- static const unsigned char RFC3526_PRIME_1536[]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, -- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, -- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, -- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, -- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, -- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, -- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, -- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, -- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, -- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, -- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, -- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, -- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, -- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, -- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, -- 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn); -- } -+{ -+ static const unsigned char RFC3526_PRIME_1536[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ }; -+ return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn); -+} - --/* "2048-bit MODP Group" from RFC3526, Section 3. -+/*- -+ * "2048-bit MODP Group" from RFC3526, Section 3. - * - * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } - * -@@ -91,35 +112,46 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) - */ - - BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) -- { -- static const unsigned char RFC3526_PRIME_2048[]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, -- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, -- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, -- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, -- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, -- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, -- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, -- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, -- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, -- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, -- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, -- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, -- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, -- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, -- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, -- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, -- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, -- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, -- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, -- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, -- 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF, -- 0xFF,0xFF,0xFF,0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn); -- } -+{ -+ static const unsigned char RFC3526_PRIME_2048[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ }; -+ return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn); -+} - --/* "3072-bit MODP Group" from RFC3526, Section 4. -+/*- -+ * "3072-bit MODP Group" from RFC3526, Section 4. - * - * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } - * -@@ -127,45 +159,62 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) - */ - - BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) -- { -- static const unsigned char RFC3526_PRIME_3072[]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, -- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, -- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, -- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, -- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, -- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, -- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, -- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, -- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, -- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, -- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, -- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, -- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, -- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, -- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, -- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, -- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, -- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, -- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, -- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, -- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, -- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, -- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, -- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, -- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, -- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, -- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, -- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, -- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, -- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, -- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, -- 0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn); -- } -+{ -+ static const unsigned char RFC3526_PRIME_3072[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, -+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, -+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, -+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, -+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, -+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, -+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, -+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, -+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, -+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, -+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ }; -+ return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn); -+} - --/* "4096-bit MODP Group" from RFC3526, Section 5. -+/*- -+ * "4096-bit MODP Group" from RFC3526, Section 5. - * - * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } - * -@@ -173,56 +222,78 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) - */ - - BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) -- { -- static const unsigned char RFC3526_PRIME_4096[]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, -- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, -- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, -- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, -- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, -- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, -- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, -- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, -- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, -- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, -- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, -- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, -- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, -- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, -- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, -- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, -- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, -- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, -- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, -- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, -- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, -- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, -- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, -- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, -- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, -- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, -- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, -- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, -- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, -- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, -- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, -- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, -- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, -- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, -- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, -- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, -- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, -- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, -- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, -- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, -- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, -- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99, -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn); -- } -+{ -+ static const unsigned char RFC3526_PRIME_4096[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, -+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, -+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, -+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, -+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, -+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, -+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, -+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, -+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, -+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, -+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, -+ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, -+ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, -+ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, -+ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, -+ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, -+ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, -+ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, -+ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, -+ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ }; -+ return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn); -+} - --/* "6144-bit MODP Group" from RFC3526, Section 6. -+/*- -+ * "6144-bit MODP Group" from RFC3526, Section 6. - * - * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } - * -@@ -230,77 +301,110 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) - */ - - BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) -- { -- static const unsigned char RFC3526_PRIME_6144[]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, -- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, -- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, -- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, -- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, -- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, -- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, -- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, -- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, -- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, -- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, -- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, -- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, -- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, -- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, -- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, -- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, -- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, -- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, -- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, -- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, -- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, -- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, -- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, -- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, -- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, -- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, -- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, -- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, -- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, -- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, -- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, -- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, -- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, -- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, -- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, -- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, -- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, -- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, -- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, -- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, -- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92, -- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2, -- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, -- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F, -- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31, -- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB, -- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, -- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51, -- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF, -- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15, -- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, -- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31, -- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3, -- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7, -- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, -- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2, -- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28, -- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D, -- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, -- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7, -- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE, -- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E, -- 0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn); -- } -+{ -+ static const unsigned char RFC3526_PRIME_6144[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, -+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, -+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, -+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, -+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, -+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, -+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, -+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, -+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, -+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, -+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, -+ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, -+ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, -+ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, -+ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, -+ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, -+ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, -+ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, -+ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, -+ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, -+ 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, -+ 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, -+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, -+ 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, -+ 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, -+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, -+ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, -+ 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, -+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, -+ 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, -+ 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, -+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, -+ 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, -+ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, -+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, -+ 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, -+ 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, -+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, -+ 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, -+ 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, -+ 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, -+ 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, -+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, -+ 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, -+ 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, -+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, -+ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, -+ 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, -+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, -+ 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ }; -+ return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn); -+} - --/* "8192-bit MODP Group" from RFC3526, Section 7. -+/*- -+ * "8192-bit MODP Group" from RFC3526, Section 7. - * - * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } - * -@@ -308,95 +412,136 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) - */ - - BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) -- { -- static const unsigned char RFC3526_PRIME_8192[]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, -- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, -- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, -- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, -- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, -- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, -- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, -- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, -- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, -- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, -- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, -- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, -- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, -- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, -- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, -- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, -- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, -- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, -- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, -- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, -- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, -- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, -- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, -- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, -- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, -- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, -- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, -- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, -- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, -- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, -- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, -- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, -- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, -- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, -- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, -- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, -- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, -- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, -- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, -- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, -- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, -- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92, -- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2, -- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, -- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F, -- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31, -- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB, -- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, -- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51, -- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF, -- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15, -- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, -- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31, -- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3, -- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7, -- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, -- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2, -- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28, -- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D, -- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, -- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7, -- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE, -- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E, -- 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4, -- 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0, -- 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00, -- 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93, -- 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68, -- 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB, -- 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9, -- 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8, -- 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B, -- 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F, -- 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A, -- 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8, -- 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36, -- 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5, -- 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1, -- 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3, -- 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92, -- 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E, -- 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47, -- 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2, -- 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, -- 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF, -- 0xFF,0xFF,0xFF,0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn); -- } -- -+{ -+ static const unsigned char RFC3526_PRIME_8192[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, -+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, -+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, -+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, -+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, -+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, -+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, -+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, -+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, -+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, -+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, -+ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, -+ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, -+ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, -+ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, -+ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, -+ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, -+ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, -+ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, -+ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, -+ 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, -+ 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, -+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, -+ 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, -+ 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, -+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, -+ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, -+ 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, -+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, -+ 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, -+ 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, -+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, -+ 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, -+ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, -+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, -+ 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, -+ 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, -+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, -+ 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, -+ 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, -+ 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, -+ 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, -+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, -+ 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, -+ 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, -+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, -+ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, -+ 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, -+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, -+ 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59, -+ 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, -+ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, -+ 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA, -+ 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, -+ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, -+ 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66, -+ 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, -+ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, -+ 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D, -+ 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, -+ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, -+ 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7, -+ 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, -+ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, -+ 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8, -+ 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, -+ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, -+ 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D, -+ 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, -+ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, -+ 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D, -+ 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, -+ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, -+ 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, -+ 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, -+ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, -+ 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B, -+ 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, -+ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, -+ 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, -+ 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, -+ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ }; -+ return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c -index b3452f1..1d756a0 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c -@@ -8,7 +8,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -55,9 +55,9 @@ - */ - - #if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) --#ifndef NDEBUG --#define NDEBUG --#endif -+# ifndef NDEBUG -+# define NDEBUG -+# endif - #endif - - #include -@@ -66,7 +66,8 @@ - #include "cryptlib.h" - #include "bn_lcl.h" - --/* TODO list -+/*- -+ * TODO list - * - * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and - * check they can be safely removed. -@@ -79,376 +80,369 @@ - */ - - /* How many bignums are in each "pool item"; */ --#define BN_CTX_POOL_SIZE 16 -+#define BN_CTX_POOL_SIZE 16 - /* The stack frame info is resizing, set a first-time expansion size; */ --#define BN_CTX_START_FRAMES 32 -+#define BN_CTX_START_FRAMES 32 - - /***********/ - /* BN_POOL */ - /***********/ - - /* A bundle of bignums that can be linked with other bundles */ --typedef struct bignum_pool_item -- { -- /* The bignum values */ -- BIGNUM vals[BN_CTX_POOL_SIZE]; -- /* Linked-list admin */ -- struct bignum_pool_item *prev, *next; -- } BN_POOL_ITEM; -+typedef struct bignum_pool_item { -+ /* The bignum values */ -+ BIGNUM vals[BN_CTX_POOL_SIZE]; -+ /* Linked-list admin */ -+ struct bignum_pool_item *prev, *next; -+} BN_POOL_ITEM; - /* A linked-list of bignums grouped in bundles */ --typedef struct bignum_pool -- { -- /* Linked-list admin */ -- BN_POOL_ITEM *head, *current, *tail; -- /* Stack depth and allocation size */ -- unsigned used, size; -- } BN_POOL; --static void BN_POOL_init(BN_POOL *); --static void BN_POOL_finish(BN_POOL *); -+typedef struct bignum_pool { -+ /* Linked-list admin */ -+ BN_POOL_ITEM *head, *current, *tail; -+ /* Stack depth and allocation size */ -+ unsigned used, size; -+} BN_POOL; -+static void BN_POOL_init(BN_POOL *); -+static void BN_POOL_finish(BN_POOL *); - #ifndef OPENSSL_NO_DEPRECATED --static void BN_POOL_reset(BN_POOL *); -+static void BN_POOL_reset(BN_POOL *); - #endif --static BIGNUM * BN_POOL_get(BN_POOL *); --static void BN_POOL_release(BN_POOL *, unsigned int); -+static BIGNUM *BN_POOL_get(BN_POOL *); -+static void BN_POOL_release(BN_POOL *, unsigned int); - - /************/ - /* BN_STACK */ - /************/ - - /* A wrapper to manage the "stack frames" */ --typedef struct bignum_ctx_stack -- { -- /* Array of indexes into the bignum stack */ -- unsigned int *indexes; -- /* Number of stack frames, and the size of the allocated array */ -- unsigned int depth, size; -- } BN_STACK; --static void BN_STACK_init(BN_STACK *); --static void BN_STACK_finish(BN_STACK *); -+typedef struct bignum_ctx_stack { -+ /* Array of indexes into the bignum stack */ -+ unsigned int *indexes; -+ /* Number of stack frames, and the size of the allocated array */ -+ unsigned int depth, size; -+} BN_STACK; -+static void BN_STACK_init(BN_STACK *); -+static void BN_STACK_finish(BN_STACK *); - #ifndef OPENSSL_NO_DEPRECATED --static void BN_STACK_reset(BN_STACK *); -+static void BN_STACK_reset(BN_STACK *); - #endif --static int BN_STACK_push(BN_STACK *, unsigned int); --static unsigned int BN_STACK_pop(BN_STACK *); -+static int BN_STACK_push(BN_STACK *, unsigned int); -+static unsigned int BN_STACK_pop(BN_STACK *); - - /**********/ - /* BN_CTX */ - /**********/ - - /* The opaque BN_CTX type */ --struct bignum_ctx -- { -- /* The bignum bundles */ -- BN_POOL pool; -- /* The "stack frames", if you will */ -- BN_STACK stack; -- /* The number of bignums currently assigned */ -- unsigned int used; -- /* Depth of stack overflow */ -- int err_stack; -- /* Block "gets" until an "end" (compatibility behaviour) */ -- int too_many; -- }; -+struct bignum_ctx { -+ /* The bignum bundles */ -+ BN_POOL pool; -+ /* The "stack frames", if you will */ -+ BN_STACK stack; -+ /* The number of bignums currently assigned */ -+ unsigned int used; -+ /* Depth of stack overflow */ -+ int err_stack; -+ /* Block "gets" until an "end" (compatibility behaviour) */ -+ int too_many; -+}; - - /* Enable this to find BN_CTX bugs */ - #ifdef BN_CTX_DEBUG - static const char *ctxdbg_cur = NULL; - static void ctxdbg(BN_CTX *ctx) -- { -- unsigned int bnidx = 0, fpidx = 0; -- BN_POOL_ITEM *item = ctx->pool.head; -- BN_STACK *stack = &ctx->stack; -- fprintf(stderr,"(%08x): ", (unsigned int)ctx); -- while(bnidx < ctx->used) -- { -- fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); -- if(!(bnidx % BN_CTX_POOL_SIZE)) -- item = item->next; -- } -- fprintf(stderr,"\n"); -- bnidx = 0; -- fprintf(stderr," : "); -- while(fpidx < stack->depth) -- { -- while(bnidx++ < stack->indexes[fpidx]) -- fprintf(stderr," "); -- fprintf(stderr,"^^ "); -- bnidx++; -- fpidx++; -- } -- fprintf(stderr,"\n"); -- } --#define CTXDBG_ENTRY(str, ctx) do { \ -- ctxdbg_cur = (str); \ -- fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ -- ctxdbg(ctx); \ -- } while(0) --#define CTXDBG_EXIT(ctx) do { \ -- fprintf(stderr,"Ending %s\n", ctxdbg_cur); \ -- ctxdbg(ctx); \ -- } while(0) --#define CTXDBG_RET(ctx,ret) -+{ -+ unsigned int bnidx = 0, fpidx = 0; -+ BN_POOL_ITEM *item = ctx->pool.head; -+ BN_STACK *stack = &ctx->stack; -+ fprintf(stderr, "(%08x): ", (unsigned int)ctx); -+ while (bnidx < ctx->used) { -+ fprintf(stderr, "%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); -+ if (!(bnidx % BN_CTX_POOL_SIZE)) -+ item = item->next; -+ } -+ fprintf(stderr, "\n"); -+ bnidx = 0; -+ fprintf(stderr, " : "); -+ while (fpidx < stack->depth) { -+ while (bnidx++ < stack->indexes[fpidx]) -+ fprintf(stderr, " "); -+ fprintf(stderr, "^^ "); -+ bnidx++; -+ fpidx++; -+ } -+ fprintf(stderr, "\n"); -+} -+ -+# define CTXDBG_ENTRY(str, ctx) do { \ -+ ctxdbg_cur = (str); \ -+ fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ -+ ctxdbg(ctx); \ -+ } while(0) -+# define CTXDBG_EXIT(ctx) do { \ -+ fprintf(stderr,"Ending %s\n", ctxdbg_cur); \ -+ ctxdbg(ctx); \ -+ } while(0) -+# define CTXDBG_RET(ctx,ret) - #else --#define CTXDBG_ENTRY(str, ctx) --#define CTXDBG_EXIT(ctx) --#define CTXDBG_RET(ctx,ret) -+# define CTXDBG_ENTRY(str, ctx) -+# define CTXDBG_EXIT(ctx) -+# define CTXDBG_RET(ctx,ret) - #endif - --/* This function is an evil legacy and should not be used. This implementation -- * is WYSIWYG, though I've done my best. */ -+/* -+ * This function is an evil legacy and should not be used. This -+ * implementation is WYSIWYG, though I've done my best. -+ */ - #ifndef OPENSSL_NO_DEPRECATED - void BN_CTX_init(BN_CTX *ctx) -- { -- /* Assume the caller obtained the context via BN_CTX_new() and so is -- * trying to reset it for use. Nothing else makes sense, least of all -- * binary compatibility from a time when they could declare a static -- * variable. */ -- BN_POOL_reset(&ctx->pool); -- BN_STACK_reset(&ctx->stack); -- ctx->used = 0; -- ctx->err_stack = 0; -- ctx->too_many = 0; -- } -+{ -+ /* -+ * Assume the caller obtained the context via BN_CTX_new() and so is -+ * trying to reset it for use. Nothing else makes sense, least of all -+ * binary compatibility from a time when they could declare a static -+ * variable. -+ */ -+ BN_POOL_reset(&ctx->pool); -+ BN_STACK_reset(&ctx->stack); -+ ctx->used = 0; -+ ctx->err_stack = 0; -+ ctx->too_many = 0; -+} - #endif - - BN_CTX *BN_CTX_new(void) -- { -- BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); -- if(!ret) -- { -- BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- /* Initialise the structure */ -- BN_POOL_init(&ret->pool); -- BN_STACK_init(&ret->stack); -- ret->used = 0; -- ret->err_stack = 0; -- ret->too_many = 0; -- return ret; -- } -+{ -+ BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); -+ if (!ret) { -+ BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ /* Initialise the structure */ -+ BN_POOL_init(&ret->pool); -+ BN_STACK_init(&ret->stack); -+ ret->used = 0; -+ ret->err_stack = 0; -+ ret->too_many = 0; -+ return ret; -+} - - void BN_CTX_free(BN_CTX *ctx) -- { -- if (ctx == NULL) -- return; -+{ -+ if (ctx == NULL) -+ return; - #ifdef BN_CTX_DEBUG -- { -- BN_POOL_ITEM *pool = ctx->pool.head; -- fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n", -- ctx->stack.size, ctx->pool.size); -- fprintf(stderr,"dmaxs: "); -- while(pool) { -- unsigned loop = 0; -- while(loop < BN_CTX_POOL_SIZE) -- fprintf(stderr,"%02x ", pool->vals[loop++].dmax); -- pool = pool->next; -- } -- fprintf(stderr,"\n"); -- } -+ { -+ BN_POOL_ITEM *pool = ctx->pool.head; -+ fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n", -+ ctx->stack.size, ctx->pool.size); -+ fprintf(stderr, "dmaxs: "); -+ while (pool) { -+ unsigned loop = 0; -+ while (loop < BN_CTX_POOL_SIZE) -+ fprintf(stderr, "%02x ", pool->vals[loop++].dmax); -+ pool = pool->next; -+ } -+ fprintf(stderr, "\n"); -+ } - #endif -- BN_STACK_finish(&ctx->stack); -- BN_POOL_finish(&ctx->pool); -- OPENSSL_free(ctx); -- } -+ BN_STACK_finish(&ctx->stack); -+ BN_POOL_finish(&ctx->pool); -+ OPENSSL_free(ctx); -+} - - void BN_CTX_start(BN_CTX *ctx) -- { -- CTXDBG_ENTRY("BN_CTX_start", ctx); -- /* If we're already overflowing ... */ -- if(ctx->err_stack || ctx->too_many) -- ctx->err_stack++; -- /* (Try to) get a new frame pointer */ -- else if(!BN_STACK_push(&ctx->stack, ctx->used)) -- { -- BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES); -- ctx->err_stack++; -- } -- CTXDBG_EXIT(ctx); -- } -+{ -+ CTXDBG_ENTRY("BN_CTX_start", ctx); -+ /* If we're already overflowing ... */ -+ if (ctx->err_stack || ctx->too_many) -+ ctx->err_stack++; -+ /* (Try to) get a new frame pointer */ -+ else if (!BN_STACK_push(&ctx->stack, ctx->used)) { -+ BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES); -+ ctx->err_stack++; -+ } -+ CTXDBG_EXIT(ctx); -+} - - void BN_CTX_end(BN_CTX *ctx) -- { -- CTXDBG_ENTRY("BN_CTX_end", ctx); -- if(ctx->err_stack) -- ctx->err_stack--; -- else -- { -- unsigned int fp = BN_STACK_pop(&ctx->stack); -- /* Does this stack frame have anything to release? */ -- if(fp < ctx->used) -- BN_POOL_release(&ctx->pool, ctx->used - fp); -- ctx->used = fp; -- /* Unjam "too_many" in case "get" had failed */ -- ctx->too_many = 0; -- } -- CTXDBG_EXIT(ctx); -- } -+{ -+ CTXDBG_ENTRY("BN_CTX_end", ctx); -+ if (ctx->err_stack) -+ ctx->err_stack--; -+ else { -+ unsigned int fp = BN_STACK_pop(&ctx->stack); -+ /* Does this stack frame have anything to release? */ -+ if (fp < ctx->used) -+ BN_POOL_release(&ctx->pool, ctx->used - fp); -+ ctx->used = fp; -+ /* Unjam "too_many" in case "get" had failed */ -+ ctx->too_many = 0; -+ } -+ CTXDBG_EXIT(ctx); -+} - - BIGNUM *BN_CTX_get(BN_CTX *ctx) -- { -- BIGNUM *ret; -- CTXDBG_ENTRY("BN_CTX_get", ctx); -- if(ctx->err_stack || ctx->too_many) return NULL; -- if((ret = BN_POOL_get(&ctx->pool)) == NULL) -- { -- /* Setting too_many prevents repeated "get" attempts from -- * cluttering the error stack. */ -- ctx->too_many = 1; -- BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); -- return NULL; -- } -- /* OK, make sure the returned bignum is "zero" */ -- BN_zero(ret); -- ctx->used++; -- CTXDBG_RET(ctx, ret); -- return ret; -- } -+{ -+ BIGNUM *ret; -+ CTXDBG_ENTRY("BN_CTX_get", ctx); -+ if (ctx->err_stack || ctx->too_many) -+ return NULL; -+ if ((ret = BN_POOL_get(&ctx->pool)) == NULL) { -+ /* -+ * Setting too_many prevents repeated "get" attempts from cluttering -+ * the error stack. -+ */ -+ ctx->too_many = 1; -+ BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES); -+ return NULL; -+ } -+ /* OK, make sure the returned bignum is "zero" */ -+ BN_zero(ret); -+ ctx->used++; -+ CTXDBG_RET(ctx, ret); -+ return ret; -+} - - /************/ - /* BN_STACK */ - /************/ - - static void BN_STACK_init(BN_STACK *st) -- { -- st->indexes = NULL; -- st->depth = st->size = 0; -- } -+{ -+ st->indexes = NULL; -+ st->depth = st->size = 0; -+} - - static void BN_STACK_finish(BN_STACK *st) -- { -- if(st->size) OPENSSL_free(st->indexes); -- } -+{ -+ if (st->size) -+ OPENSSL_free(st->indexes); -+} - - #ifndef OPENSSL_NO_DEPRECATED - static void BN_STACK_reset(BN_STACK *st) -- { -- st->depth = 0; -- } -+{ -+ st->depth = 0; -+} - #endif - - static int BN_STACK_push(BN_STACK *st, unsigned int idx) -- { -- if(st->depth == st->size) -- /* Need to expand */ -- { -- unsigned int newsize = (st->size ? -- (st->size * 3 / 2) : BN_CTX_START_FRAMES); -- unsigned int *newitems = OPENSSL_malloc(newsize * -- sizeof(unsigned int)); -- if(!newitems) return 0; -- if(st->depth) -- memcpy(newitems, st->indexes, st->depth * -- sizeof(unsigned int)); -- if(st->size) OPENSSL_free(st->indexes); -- st->indexes = newitems; -- st->size = newsize; -- } -- st->indexes[(st->depth)++] = idx; -- return 1; -- } -+{ -+ if (st->depth == st->size) -+ /* Need to expand */ -+ { -+ unsigned int newsize = (st->size ? -+ (st->size * 3 / 2) : BN_CTX_START_FRAMES); -+ unsigned int *newitems = OPENSSL_malloc(newsize * -+ sizeof(unsigned int)); -+ if (!newitems) -+ return 0; -+ if (st->depth) -+ memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); -+ if (st->size) -+ OPENSSL_free(st->indexes); -+ st->indexes = newitems; -+ st->size = newsize; -+ } -+ st->indexes[(st->depth)++] = idx; -+ return 1; -+} - - static unsigned int BN_STACK_pop(BN_STACK *st) -- { -- return st->indexes[--(st->depth)]; -- } -+{ -+ return st->indexes[--(st->depth)]; -+} - - /***********/ - /* BN_POOL */ - /***********/ - - static void BN_POOL_init(BN_POOL *p) -- { -- p->head = p->current = p->tail = NULL; -- p->used = p->size = 0; -- } -+{ -+ p->head = p->current = p->tail = NULL; -+ p->used = p->size = 0; -+} - - static void BN_POOL_finish(BN_POOL *p) -- { -- while(p->head) -- { -- unsigned int loop = 0; -- BIGNUM *bn = p->head->vals; -- while(loop++ < BN_CTX_POOL_SIZE) -- { -- if(bn->d) BN_clear_free(bn); -- bn++; -- } -- p->current = p->head->next; -- OPENSSL_free(p->head); -- p->head = p->current; -- } -- } -+{ -+ while (p->head) { -+ unsigned int loop = 0; -+ BIGNUM *bn = p->head->vals; -+ while (loop++ < BN_CTX_POOL_SIZE) { -+ if (bn->d) -+ BN_clear_free(bn); -+ bn++; -+ } -+ p->current = p->head->next; -+ OPENSSL_free(p->head); -+ p->head = p->current; -+ } -+} - - #ifndef OPENSSL_NO_DEPRECATED - static void BN_POOL_reset(BN_POOL *p) -- { -- BN_POOL_ITEM *item = p->head; -- while(item) -- { -- unsigned int loop = 0; -- BIGNUM *bn = item->vals; -- while(loop++ < BN_CTX_POOL_SIZE) -- { -- if(bn->d) BN_clear(bn); -- bn++; -- } -- item = item->next; -- } -- p->current = p->head; -- p->used = 0; -- } -+{ -+ BN_POOL_ITEM *item = p->head; -+ while (item) { -+ unsigned int loop = 0; -+ BIGNUM *bn = item->vals; -+ while (loop++ < BN_CTX_POOL_SIZE) { -+ if (bn->d) -+ BN_clear(bn); -+ bn++; -+ } -+ item = item->next; -+ } -+ p->current = p->head; -+ p->used = 0; -+} - #endif - - static BIGNUM *BN_POOL_get(BN_POOL *p) -- { -- if(p->used == p->size) -- { -- BIGNUM *bn; -- unsigned int loop = 0; -- BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); -- if(!item) return NULL; -- /* Initialise the structure */ -- bn = item->vals; -- while(loop++ < BN_CTX_POOL_SIZE) -- BN_init(bn++); -- item->prev = p->tail; -- item->next = NULL; -- /* Link it in */ -- if(!p->head) -- p->head = p->current = p->tail = item; -- else -- { -- p->tail->next = item; -- p->tail = item; -- p->current = item; -- } -- p->size += BN_CTX_POOL_SIZE; -- p->used++; -- /* Return the first bignum from the new pool */ -- return item->vals; -- } -- if(!p->used) -- p->current = p->head; -- else if((p->used % BN_CTX_POOL_SIZE) == 0) -- p->current = p->current->next; -- return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); -- } -+{ -+ if (p->used == p->size) { -+ BIGNUM *bn; -+ unsigned int loop = 0; -+ BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); -+ if (!item) -+ return NULL; -+ /* Initialise the structure */ -+ bn = item->vals; -+ while (loop++ < BN_CTX_POOL_SIZE) -+ BN_init(bn++); -+ item->prev = p->tail; -+ item->next = NULL; -+ /* Link it in */ -+ if (!p->head) -+ p->head = p->current = p->tail = item; -+ else { -+ p->tail->next = item; -+ p->tail = item; -+ p->current = item; -+ } -+ p->size += BN_CTX_POOL_SIZE; -+ p->used++; -+ /* Return the first bignum from the new pool */ -+ return item->vals; -+ } -+ if (!p->used) -+ p->current = p->head; -+ else if ((p->used % BN_CTX_POOL_SIZE) == 0) -+ p->current = p->current->next; -+ return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); -+} - - static void BN_POOL_release(BN_POOL *p, unsigned int num) -- { -- unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; -- p->used -= num; -- while(num--) -- { -- bn_check_top(p->current->vals + offset); -- if(!offset) -- { -- offset = BN_CTX_POOL_SIZE - 1; -- p->current = p->current->prev; -- } -- else -- offset--; -- } -- } -- -+{ -+ unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; -+ p->used -= num; -+ while (num--) { -+ bn_check_top(p->current->vals + offset); -+ if (!offset) { -+ offset = BN_CTX_POOL_SIZE - 1; -+ p->current = p->current->prev; -+ } else -+ offset--; -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c -index 27535e4..34895f5 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,8 +53,10 @@ - * - */ - --/* Support for deprecated functions goes here - static linkage will only slurp -- * this code if applications are using them directly. */ -+/* -+ * Support for deprecated functions goes here - static linkage will only -+ * slurp this code if applications are using them directly. -+ */ - - #include - #include -@@ -62,51 +64,52 @@ - #include "bn_lcl.h" - #include - --static void *dummy=&dummy; -+static void *dummy = &dummy; - - #ifndef OPENSSL_NO_DEPRECATED - BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, -- const BIGNUM *add, const BIGNUM *rem, -- void (*callback)(int,int,void *), void *cb_arg) -- { -- BN_GENCB cb; -- BIGNUM *rnd=NULL; -- int found = 0; -+ const BIGNUM *add, const BIGNUM *rem, -+ void (*callback) (int, int, void *), void *cb_arg) -+{ -+ BN_GENCB cb; -+ BIGNUM *rnd = NULL; -+ int found = 0; - -- BN_GENCB_set_old(&cb, callback, cb_arg); -+ BN_GENCB_set_old(&cb, callback, cb_arg); - -- if (ret == NULL) -- { -- if ((rnd=BN_new()) == NULL) goto err; -- } -- else -- rnd=ret; -- if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) -- goto err; -+ if (ret == NULL) { -+ if ((rnd = BN_new()) == NULL) -+ goto err; -+ } else -+ rnd = ret; -+ if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) -+ goto err; - -- /* we have a prime :-) */ -- found = 1; --err: -- if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); -- return(found ? rnd : NULL); -- } -+ /* we have a prime :-) */ -+ found = 1; -+ err: -+ if (!found && (ret == NULL) && (rnd != NULL)) -+ BN_free(rnd); -+ return (found ? rnd : NULL); -+} - --int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), -- BN_CTX *ctx_passed, void *cb_arg) -- { -- BN_GENCB cb; -- BN_GENCB_set_old(&cb, callback, cb_arg); -- return BN_is_prime_ex(a, checks, ctx_passed, &cb); -- } -+int BN_is_prime(const BIGNUM *a, int checks, -+ void (*callback) (int, int, void *), BN_CTX *ctx_passed, -+ void *cb_arg) -+{ -+ BN_GENCB cb; -+ BN_GENCB_set_old(&cb, callback, cb_arg); -+ return BN_is_prime_ex(a, checks, ctx_passed, &cb); -+} - - int BN_is_prime_fasttest(const BIGNUM *a, int checks, -- void (*callback)(int,int,void *), -- BN_CTX *ctx_passed, void *cb_arg, -- int do_trial_division) -- { -- BN_GENCB cb; -- BN_GENCB_set_old(&cb, callback, cb_arg); -- return BN_is_prime_fasttest_ex(a, checks, ctx_passed, -- do_trial_division, &cb); -- } -+ void (*callback) (int, int, void *), -+ BN_CTX *ctx_passed, void *cb_arg, -+ int do_trial_division) -+{ -+ BN_GENCB cb; -+ BN_GENCB_set_old(&cb, callback, cb_arg); -+ return BN_is_prime_fasttest_ex(a, checks, ctx_passed, -+ do_trial_division, &cb); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c -index 78c6507..836e046 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_div.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_div.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,77 +61,86 @@ - #include "cryptlib.h" - #include "bn_lcl.h" - -- - /* The old slow way */ - #if 0 - int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, -- BN_CTX *ctx) -- { -- int i,nm,nd; -- int ret = 0; -- BIGNUM *D; -- -- bn_check_top(m); -- bn_check_top(d); -- if (BN_is_zero(d)) -- { -- BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); -- return(0); -- } -- -- if (BN_ucmp(m,d) < 0) -- { -- if (rem != NULL) -- { if (BN_copy(rem,m) == NULL) return(0); } -- if (dv != NULL) BN_zero(dv); -- return(1); -- } -- -- BN_CTX_start(ctx); -- D = BN_CTX_get(ctx); -- if (dv == NULL) dv = BN_CTX_get(ctx); -- if (rem == NULL) rem = BN_CTX_get(ctx); -- if (D == NULL || dv == NULL || rem == NULL) -- goto end; -- -- nd=BN_num_bits(d); -- nm=BN_num_bits(m); -- if (BN_copy(D,d) == NULL) goto end; -- if (BN_copy(rem,m) == NULL) goto end; -- -- /* The next 2 are needed so we can do a dv->d[0]|=1 later -- * since BN_lshift1 will only work once there is a value :-) */ -- BN_zero(dv); -- if(bn_wexpand(dv,1) == NULL) goto end; -- dv->top=1; -- -- if (!BN_lshift(D,D,nm-nd)) goto end; -- for (i=nm-nd; i>=0; i--) -- { -- if (!BN_lshift1(dv,dv)) goto end; -- if (BN_ucmp(rem,D) >= 0) -- { -- dv->d[0]|=1; -- if (!BN_usub(rem,rem,D)) goto end; -- } -+ BN_CTX *ctx) -+{ -+ int i, nm, nd; -+ int ret = 0; -+ BIGNUM *D; -+ -+ bn_check_top(m); -+ bn_check_top(d); -+ if (BN_is_zero(d)) { -+ BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); -+ return (0); -+ } -+ -+ if (BN_ucmp(m, d) < 0) { -+ if (rem != NULL) { -+ if (BN_copy(rem, m) == NULL) -+ return (0); -+ } -+ if (dv != NULL) -+ BN_zero(dv); -+ return (1); -+ } -+ -+ BN_CTX_start(ctx); -+ D = BN_CTX_get(ctx); -+ if (dv == NULL) -+ dv = BN_CTX_get(ctx); -+ if (rem == NULL) -+ rem = BN_CTX_get(ctx); -+ if (D == NULL || dv == NULL || rem == NULL) -+ goto end; -+ -+ nd = BN_num_bits(d); -+ nm = BN_num_bits(m); -+ if (BN_copy(D, d) == NULL) -+ goto end; -+ if (BN_copy(rem, m) == NULL) -+ goto end; -+ -+ /* -+ * The next 2 are needed so we can do a dv->d[0]|=1 later since -+ * BN_lshift1 will only work once there is a value :-) -+ */ -+ BN_zero(dv); -+ if (bn_wexpand(dv, 1) == NULL) -+ goto end; -+ dv->top = 1; -+ -+ if (!BN_lshift(D, D, nm - nd)) -+ goto end; -+ for (i = nm - nd; i >= 0; i--) { -+ if (!BN_lshift1(dv, dv)) -+ goto end; -+ if (BN_ucmp(rem, D) >= 0) { -+ dv->d[0] |= 1; -+ if (!BN_usub(rem, rem, D)) -+ goto end; -+ } - /* CAN IMPROVE (and have now :=) */ -- if (!BN_rshift1(D,D)) goto end; -- } -- rem->neg=BN_is_zero(rem)?0:m->neg; -- dv->neg=m->neg^d->neg; -- ret = 1; -+ if (!BN_rshift1(D, D)) -+ goto end; -+ } -+ rem->neg = BN_is_zero(rem) ? 0 : m->neg; -+ dv->neg = m->neg ^ d->neg; -+ ret = 1; - end: -- BN_CTX_end(ctx); -- return(ret); -- } -+ BN_CTX_end(ctx); -+ return (ret); -+} - - #else - --#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ -+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ - && !defined(PEDANTIC) && !defined(BN_DIV3W) --# if defined(__GNUC__) && __GNUC__>=2 --# if defined(__i386) || defined (__i386__) -- /* -+# if defined(__GNUC__) && __GNUC__>=2 -+# if defined(__i386) || defined (__i386__) -+ /*- - * There were two reasons for implementing this template: - * - GNU C generates a call to a function (__udivdi3 to be exact) - * in reply to ((((BN_ULLONG)n0)< -+ * - */ --# define bn_div_words(n0,n1,d0) \ -- ({ asm volatile ( \ -- "divl %4" \ -- : "=a"(q), "=d"(rem) \ -- : "a"(n1), "d"(n0), "g"(d0) \ -- : "cc"); \ -- q; \ -- }) --# define REMAINDER_IS_ALREADY_CALCULATED --# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) -+# define bn_div_words(n0,n1,d0) \ -+ ({ asm volatile ( \ -+ "divl %4" \ -+ : "=a"(q), "=d"(rem) \ -+ : "a"(n1), "d"(n0), "g"(d0) \ -+ : "cc"); \ -+ q; \ -+ }) -+# define REMAINDER_IS_ALREADY_CALCULATED -+# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) - /* - * Same story here, but it's 128-bit by 64-bit division. Wow! -- * -+ * - */ --# define bn_div_words(n0,n1,d0) \ -- ({ asm volatile ( \ -- "divq %4" \ -- : "=a"(q), "=d"(rem) \ -- : "a"(n1), "d"(n0), "g"(d0) \ -- : "cc"); \ -- q; \ -- }) --# define REMAINDER_IS_ALREADY_CALCULATED --# endif /* __ */ --# endif /* __GNUC__ */ --#endif /* OPENSSL_NO_ASM */ -- -- --/* BN_div[_no_branch] computes dv := num / divisor, rounding towards -+# define bn_div_words(n0,n1,d0) \ -+ ({ asm volatile ( \ -+ "divq %4" \ -+ : "=a"(q), "=d"(rem) \ -+ : "a"(n1), "d"(n0), "g"(d0) \ -+ : "cc"); \ -+ q; \ -+ }) -+# define REMAINDER_IS_ALREADY_CALCULATED -+# endif /* __ */ -+# endif /* __GNUC__ */ -+# endif /* OPENSSL_NO_ASM */ -+ -+/*- -+ * BN_div[_no_branch] computes dv := num / divisor, rounding towards - * zero, and sets up rm such that dv*divisor + rm = num holds. - * Thus: - * dv->neg == num->neg ^ divisor->neg (unless the result is zero) -@@ -177,474 +186,506 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - * If 'dv' or 'rm' is NULL, the respective value is not returned. - */ - static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, -- const BIGNUM *divisor, BN_CTX *ctx); -+ const BIGNUM *divisor, BN_CTX *ctx); - int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, -- BN_CTX *ctx) -- { -- int norm_shift,i,loop; -- BIGNUM *tmp,wnum,*snum,*sdiv,*res; -- BN_ULONG *resp,*wnump; -- BN_ULONG d0,d1; -- int num_n,div_n; -- -- /* Invalid zero-padding would have particularly bad consequences -- * in the case of 'num', so don't just rely on bn_check_top() for this one -- * (bn_check_top() works only for BN_DEBUG builds) */ -- if (num->top > 0 && num->d[num->top - 1] == 0) -- { -- BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED); -- return 0; -- } -- -- bn_check_top(num); -- -- if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) -- { -- return BN_div_no_branch(dv, rm, num, divisor, ctx); -- } -- -- bn_check_top(dv); -- bn_check_top(rm); -- /* bn_check_top(num); */ /* 'num' has been checked already */ -- bn_check_top(divisor); -- -- if (BN_is_zero(divisor)) -- { -- BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); -- return(0); -- } -- -- if (BN_ucmp(num,divisor) < 0) -- { -- if (rm != NULL) -- { if (BN_copy(rm,num) == NULL) return(0); } -- if (dv != NULL) BN_zero(dv); -- return(1); -- } -- -- BN_CTX_start(ctx); -- tmp=BN_CTX_get(ctx); -- snum=BN_CTX_get(ctx); -- sdiv=BN_CTX_get(ctx); -- if (dv == NULL) -- res=BN_CTX_get(ctx); -- else res=dv; -- if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) -- goto err; -- -- /* First we normalise the numbers */ -- norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); -- if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; -- sdiv->neg=0; -- norm_shift+=BN_BITS2; -- if (!(BN_lshift(snum,num,norm_shift))) goto err; -- snum->neg=0; -- div_n=sdiv->top; -- num_n=snum->top; -- loop=num_n-div_n; -- /* Lets setup a 'window' into snum -- * This is the part that corresponds to the current -- * 'area' being divided */ -- wnum.neg = 0; -- wnum.d = &(snum->d[loop]); -- wnum.top = div_n; -- /* only needed when BN_ucmp messes up the values between top and max */ -- wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ -- -- /* Get the top 2 words of sdiv */ -- /* div_n=sdiv->top; */ -- d0=sdiv->d[div_n-1]; -- d1=(div_n == 1)?0:sdiv->d[div_n-2]; -- -- /* pointer to the 'top' of snum */ -- wnump= &(snum->d[num_n-1]); -- -- /* Setup to 'res' */ -- res->neg= (num->neg^divisor->neg); -- if (!bn_wexpand(res,(loop+1))) goto err; -- res->top=loop; -- resp= &(res->d[loop-1]); -- -- /* space for temp */ -- if (!bn_wexpand(tmp,(div_n+1))) goto err; -- -- if (BN_ucmp(&wnum,sdiv) >= 0) -- { -- /* If BN_DEBUG_RAND is defined BN_ucmp changes (via -- * bn_pollute) the const bignum arguments => -- * clean the values between top and max again */ -- bn_clear_top2max(&wnum); -- bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); -- *resp=1; -- } -- else -- res->top--; -- /* if res->top == 0 then clear the neg value otherwise decrease -- * the resp pointer */ -- if (res->top == 0) -- res->neg = 0; -- else -- resp--; -- -- for (i=0; i 0x%08X\n", -- n0, n1, d0, q); --#endif --#endif -- --#ifndef REMAINDER_IS_ALREADY_CALCULATED -- /* -- * rem doesn't have to be BN_ULLONG. The least we -- * know it's less that d0, isn't it? -- */ -- rem=(n1-q*d0)&BN_MASK2; --#endif -- t2=(BN_ULLONG)d1*q; -- -- for (;;) -- { -- if (t2 <= ((((BN_ULLONG)rem)< 0x%08X\n", -- n0, n1, d0, q); --#endif --#ifndef REMAINDER_IS_ALREADY_CALCULATED -- rem=(n1-q*d0)&BN_MASK2; --#endif -- --#if defined(BN_UMULT_LOHI) -- BN_UMULT_LOHI(t2l,t2h,d1,q); --#elif defined(BN_UMULT_HIGH) -- t2l = d1 * q; -- t2h = BN_UMULT_HIGH(d1,q); --#else -- t2l=LBITS(d1); t2h=HBITS(d1); -- ql =LBITS(q); qh =HBITS(q); -- mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ --#endif -- -- for (;;) -- { -- if ((t2h < rem) || -- ((t2h == rem) && (t2l <= wnump[-2]))) -- break; -- q--; -- rem += d0; -- if (rem < d0) break; /* don't let rem overflow */ -- if (t2l < d1) t2h--; t2l -= d1; -- } --#endif /* !BN_LLONG */ -- } --#endif /* !BN_DIV3W */ -- -- l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); -- tmp->d[div_n]=l0; -- wnum.d--; -- /* ingore top values of the bignums just sub the two -- * BN_ULONG arrays with bn_sub_words */ -- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) -- { -- /* Note: As we have considered only the leading -- * two BN_ULONGs in the calculation of q, sdiv * q -- * might be greater than wnum (but then (q-1) * sdiv -- * is less or equal than wnum) -- */ -- q--; -- if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) -- /* we can't have an overflow here (assuming -- * that q != 0, but if q == 0 then tmp is -- * zero anyway) */ -- (*wnump)++; -- } -- /* store part of the result */ -- *resp = q; -- } -- bn_correct_top(snum); -- if (rm != NULL) -- { -- /* Keep a copy of the neg flag in num because if rm==num -- * BN_rshift() will overwrite it. -- */ -- int neg = num->neg; -- BN_rshift(rm,snum,norm_shift); -- if (!BN_is_zero(rm)) -- rm->neg = neg; -- bn_check_top(rm); -- } -- BN_CTX_end(ctx); -- return(1); --err: -- bn_check_top(rm); -- BN_CTX_end(ctx); -- return(0); -- } -- -- --/* BN_div_no_branch is a special version of BN_div. It does not contain -+ BN_CTX *ctx) -+{ -+ int norm_shift, i, loop; -+ BIGNUM *tmp, wnum, *snum, *sdiv, *res; -+ BN_ULONG *resp, *wnump; -+ BN_ULONG d0, d1; -+ int num_n, div_n; -+ -+ /* -+ * Invalid zero-padding would have particularly bad consequences in the -+ * case of 'num', so don't just rely on bn_check_top() for this one -+ * (bn_check_top() works only for BN_DEBUG builds) -+ */ -+ if (num->top > 0 && num->d[num->top - 1] == 0) { -+ BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED); -+ return 0; -+ } -+ -+ bn_check_top(num); -+ -+ if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) -+ || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { -+ return BN_div_no_branch(dv, rm, num, divisor, ctx); -+ } -+ -+ bn_check_top(dv); -+ bn_check_top(rm); -+ /*- bn_check_top(num); *//* -+ * 'num' has been checked already -+ */ -+ bn_check_top(divisor); -+ -+ if (BN_is_zero(divisor)) { -+ BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); -+ return (0); -+ } -+ -+ if (BN_ucmp(num, divisor) < 0) { -+ if (rm != NULL) { -+ if (BN_copy(rm, num) == NULL) -+ return (0); -+ } -+ if (dv != NULL) -+ BN_zero(dv); -+ return (1); -+ } -+ -+ BN_CTX_start(ctx); -+ tmp = BN_CTX_get(ctx); -+ snum = BN_CTX_get(ctx); -+ sdiv = BN_CTX_get(ctx); -+ if (dv == NULL) -+ res = BN_CTX_get(ctx); -+ else -+ res = dv; -+ if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) -+ goto err; -+ -+ /* First we normalise the numbers */ -+ norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); -+ if (!(BN_lshift(sdiv, divisor, norm_shift))) -+ goto err; -+ sdiv->neg = 0; -+ norm_shift += BN_BITS2; -+ if (!(BN_lshift(snum, num, norm_shift))) -+ goto err; -+ snum->neg = 0; -+ div_n = sdiv->top; -+ num_n = snum->top; -+ loop = num_n - div_n; -+ /* -+ * Lets setup a 'window' into snum This is the part that corresponds to -+ * the current 'area' being divided -+ */ -+ wnum.neg = 0; -+ wnum.d = &(snum->d[loop]); -+ wnum.top = div_n; -+ /* -+ * only needed when BN_ucmp messes up the values between top and max -+ */ -+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ -+ -+ /* Get the top 2 words of sdiv */ -+ /* div_n=sdiv->top; */ -+ d0 = sdiv->d[div_n - 1]; -+ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; -+ -+ /* pointer to the 'top' of snum */ -+ wnump = &(snum->d[num_n - 1]); -+ -+ /* Setup to 'res' */ -+ res->neg = (num->neg ^ divisor->neg); -+ if (!bn_wexpand(res, (loop + 1))) -+ goto err; -+ res->top = loop; -+ resp = &(res->d[loop - 1]); -+ -+ /* space for temp */ -+ if (!bn_wexpand(tmp, (div_n + 1))) -+ goto err; -+ -+ if (BN_ucmp(&wnum, sdiv) >= 0) { -+ /* -+ * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) the -+ * const bignum arguments => clean the values between top and max -+ * again -+ */ -+ bn_clear_top2max(&wnum); -+ bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); -+ *resp = 1; -+ } else -+ res->top--; -+ /* -+ * if res->top == 0 then clear the neg value otherwise decrease the resp -+ * pointer -+ */ -+ if (res->top == 0) -+ res->neg = 0; -+ else -+ resp--; -+ -+ for (i = 0; i < loop - 1; i++, wnump--, resp--) { -+ BN_ULONG q, l0; -+ /* -+ * the first part of the loop uses the top two words of snum and sdiv -+ * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv -+ */ -+# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) -+ BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); -+ q = bn_div_3_words(wnump, d1, d0); -+# else -+ BN_ULONG n0, n1, rem = 0; -+ -+ n0 = wnump[0]; -+ n1 = wnump[-1]; -+ if (n0 == d0) -+ q = BN_MASK2; -+ else { /* n0 < d0 */ -+ -+# ifdef BN_LLONG -+ BN_ULLONG t2; -+ -+# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) -+ q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); -+# else -+ q = bn_div_words(n0, n1, d0); -+# ifdef BN_DEBUG_LEVITTE -+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -+X) -> 0x%08X\n", n0, n1, d0, q); -+# endif -+# endif -+ -+# ifndef REMAINDER_IS_ALREADY_CALCULATED -+ /* -+ * rem doesn't have to be BN_ULLONG. The least we -+ * know it's less that d0, isn't it? -+ */ -+ rem = (n1 - q * d0) & BN_MASK2; -+# endif -+ t2 = (BN_ULLONG) d1 *q; -+ -+ for (;;) { -+ if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) -+ break; -+ q--; -+ rem += d0; -+ if (rem < d0) -+ break; /* don't let rem overflow */ -+ t2 -= d1; -+ } -+# else /* !BN_LLONG */ -+ BN_ULONG t2l, t2h; -+# if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) -+ BN_ULONG ql, qh; -+# endif -+ -+ q = bn_div_words(n0, n1, d0); -+# ifdef BN_DEBUG_LEVITTE -+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -+X) -> 0x%08X\n", n0, n1, d0, q); -+# endif -+# ifndef REMAINDER_IS_ALREADY_CALCULATED -+ rem = (n1 - q * d0) & BN_MASK2; -+# endif -+ -+# if defined(BN_UMULT_LOHI) -+ BN_UMULT_LOHI(t2l, t2h, d1, q); -+# elif defined(BN_UMULT_HIGH) -+ t2l = d1 * q; -+ t2h = BN_UMULT_HIGH(d1, q); -+# else -+ t2l = LBITS(d1); -+ t2h = HBITS(d1); -+ ql = LBITS(q); -+ qh = HBITS(q); -+ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ -+# endif -+ -+ for (;;) { -+ if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) -+ break; -+ q--; -+ rem += d0; -+ if (rem < d0) -+ break; /* don't let rem overflow */ -+ if (t2l < d1) -+ t2h--; -+ t2l -= d1; -+ } -+# endif /* !BN_LLONG */ -+ } -+# endif /* !BN_DIV3W */ -+ -+ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); -+ tmp->d[div_n] = l0; -+ wnum.d--; -+ /* -+ * ingore top values of the bignums just sub the two BN_ULONG arrays -+ * with bn_sub_words -+ */ -+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { -+ /* -+ * Note: As we have considered only the leading two BN_ULONGs in -+ * the calculation of q, sdiv * q might be greater than wnum (but -+ * then (q-1) * sdiv is less or equal than wnum) -+ */ -+ q--; -+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) -+ /* -+ * we can't have an overflow here (assuming that q != 0, but -+ * if q == 0 then tmp is zero anyway) -+ */ -+ (*wnump)++; -+ } -+ /* store part of the result */ -+ *resp = q; -+ } -+ bn_correct_top(snum); -+ if (rm != NULL) { -+ /* -+ * Keep a copy of the neg flag in num because if rm==num BN_rshift() -+ * will overwrite it. -+ */ -+ int neg = num->neg; -+ BN_rshift(rm, snum, norm_shift); -+ if (!BN_is_zero(rm)) -+ rm->neg = neg; -+ bn_check_top(rm); -+ } -+ BN_CTX_end(ctx); -+ return (1); -+ err: -+ bn_check_top(rm); -+ BN_CTX_end(ctx); -+ return (0); -+} -+ -+/* -+ * BN_div_no_branch is a special version of BN_div. It does not contain - * branches that may leak sensitive information. - */ --static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, -- const BIGNUM *divisor, BN_CTX *ctx) -- { -- int norm_shift,i,loop; -- BIGNUM *tmp,wnum,*snum,*sdiv,*res; -- BN_ULONG *resp,*wnump; -- BN_ULONG d0,d1; -- int num_n,div_n; -- -- bn_check_top(dv); -- bn_check_top(rm); -- /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */ -- bn_check_top(divisor); -- -- if (BN_is_zero(divisor)) -- { -- BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO); -- return(0); -- } -- -- BN_CTX_start(ctx); -- tmp=BN_CTX_get(ctx); -- snum=BN_CTX_get(ctx); -- sdiv=BN_CTX_get(ctx); -- if (dv == NULL) -- res=BN_CTX_get(ctx); -- else res=dv; -- if (sdiv == NULL || res == NULL) goto err; -- -- /* First we normalise the numbers */ -- norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); -- if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; -- sdiv->neg=0; -- norm_shift+=BN_BITS2; -- if (!(BN_lshift(snum,num,norm_shift))) goto err; -- snum->neg=0; -- -- /* Since we don't know whether snum is larger than sdiv, -- * we pad snum with enough zeroes without changing its -- * value. -- */ -- if (snum->top <= sdiv->top+1) -- { -- if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err; -- for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0; -- snum->top = sdiv->top + 2; -- } -- else -- { -- if (bn_wexpand(snum, snum->top + 1) == NULL) goto err; -- snum->d[snum->top] = 0; -- snum->top ++; -- } -- -- div_n=sdiv->top; -- num_n=snum->top; -- loop=num_n-div_n; -- /* Lets setup a 'window' into snum -- * This is the part that corresponds to the current -- * 'area' being divided */ -- wnum.neg = 0; -- wnum.d = &(snum->d[loop]); -- wnum.top = div_n; -- /* only needed when BN_ucmp messes up the values between top and max */ -- wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ -- -- /* Get the top 2 words of sdiv */ -- /* div_n=sdiv->top; */ -- d0=sdiv->d[div_n-1]; -- d1=(div_n == 1)?0:sdiv->d[div_n-2]; -- -- /* pointer to the 'top' of snum */ -- wnump= &(snum->d[num_n-1]); -- -- /* Setup to 'res' */ -- res->neg= (num->neg^divisor->neg); -- if (!bn_wexpand(res,(loop+1))) goto err; -- res->top=loop-1; -- resp= &(res->d[loop-1]); -- -- /* space for temp */ -- if (!bn_wexpand(tmp,(div_n+1))) goto err; -- -- /* if res->top == 0 then clear the neg value otherwise decrease -- * the resp pointer */ -- if (res->top == 0) -- res->neg = 0; -- else -- resp--; -- -- for (i=0; i 0x%08X\n", -- n0, n1, d0, q); --#endif --#endif -- --#ifndef REMAINDER_IS_ALREADY_CALCULATED -- /* -- * rem doesn't have to be BN_ULLONG. The least we -- * know it's less that d0, isn't it? -- */ -- rem=(n1-q*d0)&BN_MASK2; --#endif -- t2=(BN_ULLONG)d1*q; -- -- for (;;) -- { -- if (t2 <= ((((BN_ULLONG)rem)< 0x%08X\n", -- n0, n1, d0, q); --#endif --#ifndef REMAINDER_IS_ALREADY_CALCULATED -- rem=(n1-q*d0)&BN_MASK2; --#endif -- --#if defined(BN_UMULT_LOHI) -- BN_UMULT_LOHI(t2l,t2h,d1,q); --#elif defined(BN_UMULT_HIGH) -- t2l = d1 * q; -- t2h = BN_UMULT_HIGH(d1,q); --#else -- t2l=LBITS(d1); t2h=HBITS(d1); -- ql =LBITS(q); qh =HBITS(q); -- mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ --#endif -- -- for (;;) -- { -- if ((t2h < rem) || -- ((t2h == rem) && (t2l <= wnump[-2]))) -- break; -- q--; -- rem += d0; -- if (rem < d0) break; /* don't let rem overflow */ -- if (t2l < d1) t2h--; t2l -= d1; -- } --#endif /* !BN_LLONG */ -- } --#endif /* !BN_DIV3W */ -- -- l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); -- tmp->d[div_n]=l0; -- wnum.d--; -- /* ingore top values of the bignums just sub the two -- * BN_ULONG arrays with bn_sub_words */ -- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) -- { -- /* Note: As we have considered only the leading -- * two BN_ULONGs in the calculation of q, sdiv * q -- * might be greater than wnum (but then (q-1) * sdiv -- * is less or equal than wnum) -- */ -- q--; -- if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) -- /* we can't have an overflow here (assuming -- * that q != 0, but if q == 0 then tmp is -- * zero anyway) */ -- (*wnump)++; -- } -- /* store part of the result */ -- *resp = q; -- } -- bn_correct_top(snum); -- if (rm != NULL) -- { -- /* Keep a copy of the neg flag in num because if rm==num -- * BN_rshift() will overwrite it. -- */ -- int neg = num->neg; -- BN_rshift(rm,snum,norm_shift); -- if (!BN_is_zero(rm)) -- rm->neg = neg; -- bn_check_top(rm); -- } -- bn_correct_top(res); -- BN_CTX_end(ctx); -- return(1); --err: -- bn_check_top(rm); -- BN_CTX_end(ctx); -- return(0); -- } -+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, -+ const BIGNUM *divisor, BN_CTX *ctx) -+{ -+ int norm_shift, i, loop; -+ BIGNUM *tmp, wnum, *snum, *sdiv, *res; -+ BN_ULONG *resp, *wnump; -+ BN_ULONG d0, d1; -+ int num_n, div_n; -+ -+ bn_check_top(dv); -+ bn_check_top(rm); -+ /*- bn_check_top(num); *//* -+ * 'num' has been checked in BN_div() -+ */ -+ bn_check_top(divisor); -+ -+ if (BN_is_zero(divisor)) { -+ BNerr(BN_F_BN_DIV_NO_BRANCH, BN_R_DIV_BY_ZERO); -+ return (0); -+ } -+ -+ BN_CTX_start(ctx); -+ tmp = BN_CTX_get(ctx); -+ snum = BN_CTX_get(ctx); -+ sdiv = BN_CTX_get(ctx); -+ if (dv == NULL) -+ res = BN_CTX_get(ctx); -+ else -+ res = dv; -+ if (sdiv == NULL || res == NULL) -+ goto err; -+ -+ /* First we normalise the numbers */ -+ norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); -+ if (!(BN_lshift(sdiv, divisor, norm_shift))) -+ goto err; -+ sdiv->neg = 0; -+ norm_shift += BN_BITS2; -+ if (!(BN_lshift(snum, num, norm_shift))) -+ goto err; -+ snum->neg = 0; -+ -+ /* -+ * Since we don't know whether snum is larger than sdiv, we pad snum with -+ * enough zeroes without changing its value. -+ */ -+ if (snum->top <= sdiv->top + 1) { -+ if (bn_wexpand(snum, sdiv->top + 2) == NULL) -+ goto err; -+ for (i = snum->top; i < sdiv->top + 2; i++) -+ snum->d[i] = 0; -+ snum->top = sdiv->top + 2; -+ } else { -+ if (bn_wexpand(snum, snum->top + 1) == NULL) -+ goto err; -+ snum->d[snum->top] = 0; -+ snum->top++; -+ } -+ -+ div_n = sdiv->top; -+ num_n = snum->top; -+ loop = num_n - div_n; -+ /* -+ * Lets setup a 'window' into snum This is the part that corresponds to -+ * the current 'area' being divided -+ */ -+ wnum.neg = 0; -+ wnum.d = &(snum->d[loop]); -+ wnum.top = div_n; -+ /* -+ * only needed when BN_ucmp messes up the values between top and max -+ */ -+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ -+ -+ /* Get the top 2 words of sdiv */ -+ /* div_n=sdiv->top; */ -+ d0 = sdiv->d[div_n - 1]; -+ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; -+ -+ /* pointer to the 'top' of snum */ -+ wnump = &(snum->d[num_n - 1]); -+ -+ /* Setup to 'res' */ -+ res->neg = (num->neg ^ divisor->neg); -+ if (!bn_wexpand(res, (loop + 1))) -+ goto err; -+ res->top = loop - 1; -+ resp = &(res->d[loop - 1]); -+ -+ /* space for temp */ -+ if (!bn_wexpand(tmp, (div_n + 1))) -+ goto err; -+ -+ /* -+ * if res->top == 0 then clear the neg value otherwise decrease the resp -+ * pointer -+ */ -+ if (res->top == 0) -+ res->neg = 0; -+ else -+ resp--; -+ -+ for (i = 0; i < loop - 1; i++, wnump--, resp--) { -+ BN_ULONG q, l0; -+ /* -+ * the first part of the loop uses the top two words of snum and sdiv -+ * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv -+ */ -+# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) -+ BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); -+ q = bn_div_3_words(wnump, d1, d0); -+# else -+ BN_ULONG n0, n1, rem = 0; -+ -+ n0 = wnump[0]; -+ n1 = wnump[-1]; -+ if (n0 == d0) -+ q = BN_MASK2; -+ else { /* n0 < d0 */ -+ -+# ifdef BN_LLONG -+ BN_ULLONG t2; -+ -+# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) -+ q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); -+# else -+ q = bn_div_words(n0, n1, d0); -+# ifdef BN_DEBUG_LEVITTE -+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -+X) -> 0x%08X\n", n0, n1, d0, q); -+# endif -+# endif -+ -+# ifndef REMAINDER_IS_ALREADY_CALCULATED -+ /* -+ * rem doesn't have to be BN_ULLONG. The least we -+ * know it's less that d0, isn't it? -+ */ -+ rem = (n1 - q * d0) & BN_MASK2; -+# endif -+ t2 = (BN_ULLONG) d1 *q; -+ -+ for (;;) { -+ if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) -+ break; -+ q--; -+ rem += d0; -+ if (rem < d0) -+ break; /* don't let rem overflow */ -+ t2 -= d1; -+ } -+# else /* !BN_LLONG */ -+ BN_ULONG t2l, t2h; -+# if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) -+ BN_ULONG ql, qh; -+# endif -+ -+ q = bn_div_words(n0, n1, d0); -+# ifdef BN_DEBUG_LEVITTE -+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ -+X) -> 0x%08X\n", n0, n1, d0, q); -+# endif -+# ifndef REMAINDER_IS_ALREADY_CALCULATED -+ rem = (n1 - q * d0) & BN_MASK2; -+# endif -+ -+# if defined(BN_UMULT_LOHI) -+ BN_UMULT_LOHI(t2l, t2h, d1, q); -+# elif defined(BN_UMULT_HIGH) -+ t2l = d1 * q; -+ t2h = BN_UMULT_HIGH(d1, q); -+# else -+ t2l = LBITS(d1); -+ t2h = HBITS(d1); -+ ql = LBITS(q); -+ qh = HBITS(q); -+ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ -+# endif -+ -+ for (;;) { -+ if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) -+ break; -+ q--; -+ rem += d0; -+ if (rem < d0) -+ break; /* don't let rem overflow */ -+ if (t2l < d1) -+ t2h--; -+ t2l -= d1; -+ } -+# endif /* !BN_LLONG */ -+ } -+# endif /* !BN_DIV3W */ -+ -+ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); -+ tmp->d[div_n] = l0; -+ wnum.d--; -+ /* -+ * ingore top values of the bignums just sub the two BN_ULONG arrays -+ * with bn_sub_words -+ */ -+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { -+ /* -+ * Note: As we have considered only the leading two BN_ULONGs in -+ * the calculation of q, sdiv * q might be greater than wnum (but -+ * then (q-1) * sdiv is less or equal than wnum) -+ */ -+ q--; -+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) -+ /* -+ * we can't have an overflow here (assuming that q != 0, but -+ * if q == 0 then tmp is zero anyway) -+ */ -+ (*wnump)++; -+ } -+ /* store part of the result */ -+ *resp = q; -+ } -+ bn_correct_top(snum); -+ if (rm != NULL) { -+ /* -+ * Keep a copy of the neg flag in num because if rm==num BN_rshift() -+ * will overwrite it. -+ */ -+ int neg = num->neg; -+ BN_rshift(rm, snum, norm_shift); -+ if (!BN_is_zero(rm)) -+ rm->neg = neg; -+ bn_check_top(rm); -+ } -+ bn_correct_top(res); -+ BN_CTX_end(ctx); -+ return (1); -+ err: -+ bn_check_top(rm); -+ BN_CTX_end(ctx); -+ return (0); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c -index cfe2eb9..faa7e22 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_err.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,86 +66,85 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) - --static ERR_STRING_DATA BN_str_functs[]= -- { --{ERR_FUNC(BN_F_BNRAND), "BNRAND"}, --{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, --{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, --{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, --{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, --{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, --{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, --{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, --{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, --{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, --{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, --{ERR_FUNC(BN_F_BN_DIV), "BN_div"}, --{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, --{ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, --{ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, --{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, --{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, --{ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, --{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, --{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, --{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, --{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, --{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, --{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, --{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, --{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, --{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, --{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"}, --{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, --{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, --{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, --{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, --{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, --{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, --{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, --{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, --{ERR_FUNC(BN_F_BN_NEW), "BN_new"}, --{ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, --{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, --{ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, --{0,NULL} -- }; -+static ERR_STRING_DATA BN_str_functs[] = { -+ {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, -+ {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, -+ {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, -+ {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, -+ {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, -+ {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, -+ {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, -+ {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, -+ {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, -+ {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, -+ {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, -+ {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, -+ {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, -+ {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, -+ {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, -+ {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, -+ {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, -+ {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, -+ {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, -+ {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, -+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, -+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, -+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, -+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, -+ {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, -+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, -+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, -+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"}, -+ {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, -+ {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, -+ {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, -+ {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, -+ {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, -+ {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, -+ {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, -+ {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, -+ {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, -+ {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, -+ {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, -+ {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA BN_str_reasons[]= -- { --{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"}, --{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"}, --{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"}, --{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"}, --{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"}, --{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"}, --{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"}, --{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"}, --{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"}, --{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"}, --{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"}, --{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"}, --{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"}, --{ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"}, --{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"}, --{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"}, --{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"}, --{0,NULL} -- }; -+static ERR_STRING_DATA BN_str_reasons[] = { -+ {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, -+ {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, -+ {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, -+ {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, -+ {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, -+ {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, -+ {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), -+ "expand on static bignum data"}, -+ {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, -+ {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, -+ {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, -+ {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, -+ {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, -+ {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, -+ {ERR_REASON(BN_R_NO_SOLUTION), "no solution"}, -+ {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"}, -+ {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, -+ {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), -+ "too many temporary variables"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_BN_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(BN_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,BN_str_functs); -- ERR_load_strings(0,BN_str_reasons); -- } -+ if (ERR_func_error_string(BN_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, BN_str_functs); -+ ERR_load_strings(0, BN_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c -index d9b6c73..ef67843 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -109,883 +109,899 @@ - * - */ - -- - #include "cryptlib.h" - #include "bn_lcl.h" - - /* maximum precomputation table size for *variable* sliding windows */ --#define TABLE_SIZE 32 -+#define TABLE_SIZE 32 - - /* this one works - simple but works */ - int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -- { -- int i,bits,ret=0; -- BIGNUM *v,*rr; -- -- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) -- { -- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ -- BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return -1; -- } -- -- BN_CTX_start(ctx); -- if ((r == a) || (r == p)) -- rr = BN_CTX_get(ctx); -- else -- rr = r; -- v = BN_CTX_get(ctx); -- if (rr == NULL || v == NULL) goto err; -- -- if (BN_copy(v,a) == NULL) goto err; -- bits=BN_num_bits(p); -- -- if (BN_is_odd(p)) -- { if (BN_copy(rr,a) == NULL) goto err; } -- else { if (!BN_one(rr)) goto err; } -- -- for (i=1; i= m. eay 07-May-97 */ --/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ -- -- if (BN_is_odd(m)) -- { --# ifdef MONT_EXP_WORD -- if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) -- { -- BN_ULONG A = a->d[0]; -- ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); -- } -- else --# endif -- ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); -- } -- else -+ /* -+ * I have finally been able to take out this pre-condition of the top bit -+ * being set. It was caused by an error in BN_div with negatives. There -+ * was also another problem when for a^b%m a >= m. eay 07-May-97 -+ */ -+ /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ -+ -+ if (BN_is_odd(m)) { -+# ifdef MONT_EXP_WORD -+ if (a->top == 1 && !a->neg -+ && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { -+ BN_ULONG A = a->d[0]; -+ ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); -+ } else -+# endif -+ ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL); -+ } else - #endif - #ifdef RECP_MUL_MOD -- { ret=BN_mod_exp_recp(r,a,p,m,ctx); } -+ { -+ ret = BN_mod_exp_recp(r, a, p, m, ctx); -+ } - #else -- { ret=BN_mod_exp_simple(r,a,p,m,ctx); } -+ { -+ ret = BN_mod_exp_simple(r, a, p, m, ctx); -+ } - #endif - -- bn_check_top(r); -- return(ret); -- } -- -+ bn_check_top(r); -+ return (ret); -+} - - int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx) -- { -- int i,j,bits,ret=0,wstart,wend,window,wvalue; -- int start=1; -- BIGNUM *aa; -- /* Table of variables obtained from 'ctx' */ -- BIGNUM *val[TABLE_SIZE]; -- BN_RECP_CTX recp; -- -- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) -- { -- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ -- BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return -1; -- } -- -- bits=BN_num_bits(p); -- -- if (bits == 0) -- { -- ret = BN_one(r); -- return ret; -- } -- -- BN_CTX_start(ctx); -- aa = BN_CTX_get(ctx); -- val[0] = BN_CTX_get(ctx); -- if(!aa || !val[0]) goto err; -- -- BN_RECP_CTX_init(&recp); -- if (m->neg) -- { -- /* ignore sign of 'm' */ -- if (!BN_copy(aa, m)) goto err; -- aa->neg = 0; -- if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err; -- } -- else -- { -- if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; -- } -- -- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ -- if (BN_is_zero(val[0])) -- { -- BN_zero(r); -- ret = 1; -- goto err; -- } -- -- window = BN_window_bits_for_exponent_size(bits); -- if (window > 1) -- { -- if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx)) -- goto err; /* 2 */ -- j=1<<(window-1); -- for (i=1; i>1],&recp,ctx)) -- goto err; -- -- /* move the 'window' down further */ -- wstart-=wend+1; -- wvalue=0; -- start=0; -- if (wstart < 0) break; -- } -- ret=1; --err: -- BN_CTX_end(ctx); -- BN_RECP_CTX_free(&recp); -- bn_check_top(r); -- return(ret); -- } -- -+ const BIGNUM *m, BN_CTX *ctx) -+{ -+ int i, j, bits, ret = 0, wstart, wend, window, wvalue; -+ int start = 1; -+ BIGNUM *aa; -+ /* Table of variables obtained from 'ctx' */ -+ BIGNUM *val[TABLE_SIZE]; -+ BN_RECP_CTX recp; -+ -+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { -+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ -+ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return -1; -+ } -+ -+ bits = BN_num_bits(p); -+ -+ if (bits == 0) { -+ ret = BN_one(r); -+ return ret; -+ } -+ -+ BN_CTX_start(ctx); -+ aa = BN_CTX_get(ctx); -+ val[0] = BN_CTX_get(ctx); -+ if (!aa || !val[0]) -+ goto err; -+ -+ BN_RECP_CTX_init(&recp); -+ if (m->neg) { -+ /* ignore sign of 'm' */ -+ if (!BN_copy(aa, m)) -+ goto err; -+ aa->neg = 0; -+ if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0) -+ goto err; -+ } else { -+ if (BN_RECP_CTX_set(&recp, m, ctx) <= 0) -+ goto err; -+ } -+ -+ if (!BN_nnmod(val[0], a, m, ctx)) -+ goto err; /* 1 */ -+ if (BN_is_zero(val[0])) { -+ BN_zero(r); -+ ret = 1; -+ goto err; -+ } -+ -+ window = BN_window_bits_for_exponent_size(bits); -+ if (window > 1) { -+ if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx)) -+ goto err; /* 2 */ -+ j = 1 << (window - 1); -+ for (i = 1; i < j; i++) { -+ if (((val[i] = BN_CTX_get(ctx)) == NULL) || -+ !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx)) -+ goto err; -+ } -+ } -+ -+ start = 1; /* This is used to avoid multiplication etc -+ * when there is only the value '1' in the -+ * buffer. */ -+ wvalue = 0; /* The 'value' of the window */ -+ wstart = bits - 1; /* The top bit of the window */ -+ wend = 0; /* The bottom bit of the window */ -+ -+ if (!BN_one(r)) -+ goto err; -+ -+ for (;;) { -+ if (BN_is_bit_set(p, wstart) == 0) { -+ if (!start) -+ if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) -+ goto err; -+ if (wstart == 0) -+ break; -+ wstart--; -+ continue; -+ } -+ /* -+ * We now have wstart on a 'set' bit, we now need to work out how bit -+ * a window to do. To do this we need to scan forward until the last -+ * set bit before the end of the window -+ */ -+ j = wstart; -+ wvalue = 1; -+ wend = 0; -+ for (i = 1; i < window; i++) { -+ if (wstart - i < 0) -+ break; -+ if (BN_is_bit_set(p, wstart - i)) { -+ wvalue <<= (i - wend); -+ wvalue |= 1; -+ wend = i; -+ } -+ } -+ -+ /* wend is the size of the current window */ -+ j = wend + 1; -+ /* add the 'bytes above' */ -+ if (!start) -+ for (i = 0; i < j; i++) { -+ if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) -+ goto err; -+ } -+ -+ /* wvalue will be an odd number < 2^window */ -+ if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx)) -+ goto err; -+ -+ /* move the 'window' down further */ -+ wstart -= wend + 1; -+ wvalue = 0; -+ start = 0; -+ if (wstart < 0) -+ break; -+ } -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ BN_RECP_CTX_free(&recp); -+ bn_check_top(r); -+ return (ret); -+} - - int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -- { -- int i,j,bits,ret=0,wstart,wend,window,wvalue; -- int start=1; -- BIGNUM *d,*r; -- const BIGNUM *aa; -- /* Table of variables obtained from 'ctx' */ -- BIGNUM *val[TABLE_SIZE]; -- BN_MONT_CTX *mont=NULL; -- -- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) -- { -- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); -- } -- -- bn_check_top(a); -- bn_check_top(p); -- bn_check_top(m); -- -- if (!BN_is_odd(m)) -- { -- BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); -- return(0); -- } -- bits=BN_num_bits(p); -- if (bits == 0) -- { -- ret = BN_one(rr); -- return ret; -- } -- -- BN_CTX_start(ctx); -- d = BN_CTX_get(ctx); -- r = BN_CTX_get(ctx); -- val[0] = BN_CTX_get(ctx); -- if (!d || !r || !val[0]) goto err; -- -- /* If this is not done, things will break in the montgomery -- * part */ -- -- if (in_mont != NULL) -- mont=in_mont; -- else -- { -- if ((mont=BN_MONT_CTX_new()) == NULL) goto err; -- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; -- } -- -- if (a->neg || BN_ucmp(a,m) >= 0) -- { -- if (!BN_nnmod(val[0],a,m,ctx)) -- goto err; -- aa= val[0]; -- } -- else -- aa=a; -- if (BN_is_zero(aa)) -- { -- BN_zero(rr); -- ret = 1; -- goto err; -- } -- if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */ -- -- window = BN_window_bits_for_exponent_size(bits); -- if (window > 1) -- { -- if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */ -- j=1<<(window-1); -- for (i=1; i>1],mont,ctx)) -- goto err; -- -- /* move the 'window' down further */ -- wstart-=wend+1; -- wvalue=0; -- start=0; -- if (wstart < 0) break; -- } -- if (!BN_from_montgomery(rr,r,mont,ctx)) goto err; -- ret=1; --err: -- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); -- BN_CTX_end(ctx); -- bn_check_top(rr); -- return(ret); -- } -- -- --/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout -- * so that accessing any of these table values shows the same access pattern as far -- * as cache lines are concerned. The following functions are used to transfer a BIGNUM -- * from/to that table. */ -- --static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width) -- { -- size_t i, j; -- -- if (bn_wexpand(b, top) == NULL) -- return 0; -- while (b->top < top) -- { -- b->d[b->top++] = 0; -- } -- -- for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) -- { -- buf[j] = ((unsigned char*)b->d)[i]; -- } -- -- bn_correct_top(b); -- return 1; -- } -- --static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width) -- { -- size_t i, j; -- -- if (bn_wexpand(b, top) == NULL) -- return 0; -- -- for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) -- { -- ((unsigned char*)b->d)[i] = buf[j]; -- } -- -- b->top = top; -- bn_correct_top(b); -- return 1; -- } -- --/* Given a pointer value, compute the next address that is a cache line multiple. */ --#define MOD_EXP_CTIME_ALIGN(x_) \ -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -+{ -+ int i, j, bits, ret = 0, wstart, wend, window, wvalue; -+ int start = 1; -+ BIGNUM *d, *r; -+ const BIGNUM *aa; -+ /* Table of variables obtained from 'ctx' */ -+ BIGNUM *val[TABLE_SIZE]; -+ BN_MONT_CTX *mont = NULL; -+ -+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { -+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); -+ } -+ -+ bn_check_top(a); -+ bn_check_top(p); -+ bn_check_top(m); -+ -+ if (!BN_is_odd(m)) { -+ BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); -+ return (0); -+ } -+ bits = BN_num_bits(p); -+ if (bits == 0) { -+ ret = BN_one(rr); -+ return ret; -+ } -+ -+ BN_CTX_start(ctx); -+ d = BN_CTX_get(ctx); -+ r = BN_CTX_get(ctx); -+ val[0] = BN_CTX_get(ctx); -+ if (!d || !r || !val[0]) -+ goto err; -+ -+ /* -+ * If this is not done, things will break in the montgomery part -+ */ -+ -+ if (in_mont != NULL) -+ mont = in_mont; -+ else { -+ if ((mont = BN_MONT_CTX_new()) == NULL) -+ goto err; -+ if (!BN_MONT_CTX_set(mont, m, ctx)) -+ goto err; -+ } -+ -+ if (a->neg || BN_ucmp(a, m) >= 0) { -+ if (!BN_nnmod(val[0], a, m, ctx)) -+ goto err; -+ aa = val[0]; -+ } else -+ aa = a; -+ if (BN_is_zero(aa)) { -+ BN_zero(rr); -+ ret = 1; -+ goto err; -+ } -+ if (!BN_to_montgomery(val[0], aa, mont, ctx)) -+ goto err; /* 1 */ -+ -+ window = BN_window_bits_for_exponent_size(bits); -+ if (window > 1) { -+ if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) -+ goto err; /* 2 */ -+ j = 1 << (window - 1); -+ for (i = 1; i < j; i++) { -+ if (((val[i] = BN_CTX_get(ctx)) == NULL) || -+ !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx)) -+ goto err; -+ } -+ } -+ -+ start = 1; /* This is used to avoid multiplication etc -+ * when there is only the value '1' in the -+ * buffer. */ -+ wvalue = 0; /* The 'value' of the window */ -+ wstart = bits - 1; /* The top bit of the window */ -+ wend = 0; /* The bottom bit of the window */ -+ -+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) -+ goto err; -+ for (;;) { -+ if (BN_is_bit_set(p, wstart) == 0) { -+ if (!start) { -+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) -+ goto err; -+ } -+ if (wstart == 0) -+ break; -+ wstart--; -+ continue; -+ } -+ /* -+ * We now have wstart on a 'set' bit, we now need to work out how bit -+ * a window to do. To do this we need to scan forward until the last -+ * set bit before the end of the window -+ */ -+ j = wstart; -+ wvalue = 1; -+ wend = 0; -+ for (i = 1; i < window; i++) { -+ if (wstart - i < 0) -+ break; -+ if (BN_is_bit_set(p, wstart - i)) { -+ wvalue <<= (i - wend); -+ wvalue |= 1; -+ wend = i; -+ } -+ } -+ -+ /* wend is the size of the current window */ -+ j = wend + 1; -+ /* add the 'bytes above' */ -+ if (!start) -+ for (i = 0; i < j; i++) { -+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) -+ goto err; -+ } -+ -+ /* wvalue will be an odd number < 2^window */ -+ if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) -+ goto err; -+ -+ /* move the 'window' down further */ -+ wstart -= wend + 1; -+ wvalue = 0; -+ start = 0; -+ if (wstart < 0) -+ break; -+ } -+ if (!BN_from_montgomery(rr, r, mont, ctx)) -+ goto err; -+ ret = 1; -+ err: -+ if ((in_mont == NULL) && (mont != NULL)) -+ BN_MONT_CTX_free(mont); -+ BN_CTX_end(ctx); -+ bn_check_top(rr); -+ return (ret); -+} -+ -+/* -+ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific -+ * layout so that accessing any of these table values shows the same access -+ * pattern as far as cache lines are concerned. The following functions are -+ * used to transfer a BIGNUM from/to that table. -+ */ - --/* This variant of BN_mod_exp_mont() uses fixed windows and the special -- * precomputation memory layout to limit data-dependency to a minimum -- * to protect secret exponents (cf. the hyper-threading timing attacks -- * pointed out by Colin Percival, -- * http://www.daemonology.net/hyperthreading-considered-harmful/) -+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, -+ unsigned char *buf, int idx, -+ int width) -+{ -+ size_t i, j; -+ -+ if (bn_wexpand(b, top) == NULL) -+ return 0; -+ while (b->top < top) { -+ b->d[b->top++] = 0; -+ } -+ -+ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) { -+ buf[j] = ((unsigned char *)b->d)[i]; -+ } -+ -+ bn_correct_top(b); -+ return 1; -+} -+ -+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, -+ unsigned char *buf, int idx, -+ int width) -+{ -+ size_t i, j; -+ -+ if (bn_wexpand(b, top) == NULL) -+ return 0; -+ -+ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) { -+ ((unsigned char *)b->d)[i] = buf[j]; -+ } -+ -+ b->top = top; -+ bn_correct_top(b); -+ return 1; -+} -+ -+/* -+ * Given a pointer value, compute the next address that is a cache line -+ * multiple. -+ */ -+#define MOD_EXP_CTIME_ALIGN(x_) \ -+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) -+ -+/* -+ * This variant of BN_mod_exp_mont() uses fixed windows and the special -+ * precomputation memory layout to limit data-dependency to a minimum to -+ * protect secret exponents (cf. the hyper-threading timing attacks pointed -+ * out by Colin Percival, -+ * http://www.daemong-consideredperthreading-considered-harmful/) - */ - int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -- { -- int i,bits,ret=0,idx,window,wvalue; -- int top; -- BIGNUM *r; -- const BIGNUM *aa; -- BN_MONT_CTX *mont=NULL; -- -- int numPowers; -- unsigned char *powerbufFree=NULL; -- int powerbufLen = 0; -- unsigned char *powerbuf=NULL; -- BIGNUM *computeTemp=NULL, *am=NULL; -- -- bn_check_top(a); -- bn_check_top(p); -- bn_check_top(m); -- -- top = m->top; -- -- if (!(m->d[0] & 1)) -- { -- BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS); -- return(0); -- } -- bits=BN_num_bits(p); -- if (bits == 0) -- { -- ret = BN_one(rr); -- return ret; -- } -- -- /* Initialize BIGNUM context and allocate intermediate result */ -- BN_CTX_start(ctx); -- r = BN_CTX_get(ctx); -- if (r == NULL) goto err; -- -- /* Allocate a montgomery context if it was not supplied by the caller. -- * If this is not done, things will break in the montgomery part. -- */ -- if (in_mont != NULL) -- mont=in_mont; -- else -- { -- if ((mont=BN_MONT_CTX_new()) == NULL) goto err; -- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; -- } -- -- /* Get the window size to use with size of p. */ -- window = BN_window_bits_for_ctime_exponent_size(bits); -- -- /* Allocate a buffer large enough to hold all of the pre-computed -- * powers of a. -- */ -- numPowers = 1 << window; -- powerbufLen = sizeof(m->d[0])*top*numPowers; -- if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) -- goto err; -- -- powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); -- memset(powerbuf, 0, powerbufLen); -- -- /* Initialize the intermediate result. Do this early to save double conversion, -- * once each for a^0 and intermediate result. -- */ -- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; -- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err; -- -- /* Initialize computeTemp as a^1 with montgomery precalcs */ -- computeTemp = BN_CTX_get(ctx); -- am = BN_CTX_get(ctx); -- if (computeTemp==NULL || am==NULL) goto err; -- -- if (a->neg || BN_ucmp(a,m) >= 0) -- { -- if (!BN_mod(am,a,m,ctx)) -- goto err; -- aa= am; -- } -- else -- aa=a; -- if (!BN_to_montgomery(am,aa,mont,ctx)) goto err; -- if (!BN_copy(computeTemp, am)) goto err; -- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err; -- -- /* If the window size is greater than 1, then calculate -- * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) -- * (even powers could instead be computed as (a^(i/2))^2 -- * to use the slight performance advantage of sqr over mul). -- */ -- if (window > 1) -- { -- for (i=2; i= 0) -- { -- wvalue=0; /* The 'value' of the window */ -- -- /* Scan the window, squaring the result as we go */ -- for (i=0; itop; -+ -+ if (!(m->d[0] & 1)) { -+ BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); -+ return (0); -+ } -+ bits = BN_num_bits(p); -+ if (bits == 0) { -+ ret = BN_one(rr); -+ return ret; -+ } -+ -+ /* Initialize BIGNUM context and allocate intermediate result */ -+ BN_CTX_start(ctx); -+ r = BN_CTX_get(ctx); -+ if (r == NULL) -+ goto err; -+ -+ /* -+ * Allocate a montgomery context if it was not supplied by the caller. If -+ * this is not done, things will break in the montgomery part. -+ */ -+ if (in_mont != NULL) -+ mont = in_mont; -+ else { -+ if ((mont = BN_MONT_CTX_new()) == NULL) -+ goto err; -+ if (!BN_MONT_CTX_set(mont, m, ctx)) -+ goto err; -+ } -+ -+ /* Get the window size to use with size of p. */ -+ window = BN_window_bits_for_ctime_exponent_size(bits); -+ -+ /* -+ * Allocate a buffer large enough to hold all of the pre-computed powers -+ * of a. -+ */ -+ numPowers = 1 << window; -+ powerbufLen = sizeof(m->d[0]) * top * numPowers; -+ if ((powerbufFree = -+ (unsigned char *)OPENSSL_malloc(powerbufLen + -+ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) -+ == NULL) -+ goto err; -+ -+ powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); -+ memset(powerbuf, 0, powerbufLen); -+ -+ /* -+ * Initialize the intermediate result. Do this early to save double -+ * conversion, once each for a^0 and intermediate result. -+ */ -+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) -+ goto err; -+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) -+ goto err; -+ -+ /* Initialize computeTemp as a^1 with montgomery precalcs */ -+ computeTemp = BN_CTX_get(ctx); -+ am = BN_CTX_get(ctx); -+ if (computeTemp == NULL || am == NULL) -+ goto err; -+ -+ if (a->neg || BN_ucmp(a, m) >= 0) { -+ if (!BN_mod(am, a, m, ctx)) -+ goto err; -+ aa = am; -+ } else -+ aa = a; -+ if (!BN_to_montgomery(am, aa, mont, ctx)) -+ goto err; -+ if (!BN_copy(computeTemp, am)) -+ goto err; -+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) -+ goto err; -+ -+ /* -+ * If the window size is greater than 1, then calculate -+ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even powers -+ * could instead be computed as (a^(i/2))^2 to use the slight performance -+ * advantage of sqr over mul). -+ */ -+ if (window > 1) { -+ for (i = 2; i < numPowers; i++) { -+ /* Calculate a^i = a^(i-1) * a */ -+ if (!BN_mod_mul_montgomery -+ (computeTemp, am, computeTemp, mont, ctx)) -+ goto err; -+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF -+ (computeTemp, top, powerbuf, i, numPowers)) -+ goto err; -+ } -+ } -+ -+ /* -+ * Adjust the number of bits up to a multiple of the window size. If the -+ * exponent length is not a multiple of the window size, then this pads -+ * the most significant bits with zeros to normalize the scanning loop to -+ * there's no special cases. * NOTE: Making the window size a power of -+ * two less than the native * word size ensures that the padded bits -+ * won't go past the last * word in the internal BIGNUM structure. Going -+ * past the end will * still produce the correct result, but causes a -+ * different branch * to be taken in the BN_is_bit_set function. -+ */ -+ bits = ((bits + window - 1) / window) * window; -+ idx = bits - 1; /* The top bit of the window */ -+ -+ /* -+ * Scan the exponent one window at a time starting from the most -+ * significant bits. -+ */ -+ while (idx >= 0) { -+ wvalue = 0; /* The 'value' of the window */ -+ -+ /* Scan the window, squaring the result as we go */ -+ for (i = 0; i < window; i++, idx--) { -+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) -+ goto err; -+ wvalue = (wvalue << 1) + BN_is_bit_set(p, idx); -+ } -+ -+ /* -+ * Fetch the appropriate pre-computed value from the pre-buf -+ */ -+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF -+ (computeTemp, top, powerbuf, wvalue, numPowers)) -+ goto err; -+ -+ /* Multiply the result into the intermediate result */ -+ if (!BN_mod_mul_montgomery(r, r, computeTemp, mont, ctx)) -+ goto err; -+ } -+ -+ /* Convert the final result from montgomery to standard format */ -+ if (!BN_from_montgomery(rr, r, mont, ctx)) -+ goto err; -+ ret = 1; -+ err: -+ if ((in_mont == NULL) && (mont != NULL)) -+ BN_MONT_CTX_free(mont); -+ if (powerbuf != NULL) { -+ OPENSSL_cleanse(powerbuf, powerbufLen); -+ OPENSSL_free(powerbufFree); -+ } -+ if (am != NULL) -+ BN_clear(am); -+ if (computeTemp != NULL) -+ BN_clear(computeTemp); -+ BN_CTX_end(ctx); -+ return (ret); -+} - - int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -- { -- BN_MONT_CTX *mont = NULL; -- int b, bits, ret=0; -- int r_is_one; -- BN_ULONG w, next_w; -- BIGNUM *d, *r, *t; -- BIGNUM *swap_tmp; -+{ -+ BN_MONT_CTX *mont = NULL; -+ int b, bits, ret = 0; -+ int r_is_one; -+ BN_ULONG w, next_w; -+ BIGNUM *d, *r, *t; -+ BIGNUM *swap_tmp; - #define BN_MOD_MUL_WORD(r, w, m) \ -- (BN_mul_word(r, (w)) && \ -- (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ -- (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) -- /* BN_MOD_MUL_WORD is only used with 'w' large, -- * so the BN_ucmp test is probably more overhead -- * than always using BN_mod (which uses BN_copy if -- * a similar test returns true). */ -- /* We can use BN_mod and do not need BN_nnmod because our -- * accumulator is never negative (the result of BN_mod does -- * not depend on the sign of the modulus). -- */ -+ (BN_mul_word(r, (w)) && \ -+ (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ -+ (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) -+ /* -+ * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is -+ * probably more overhead than always using BN_mod (which uses BN_copy if -+ * a similar test returns true). -+ */ -+ /* -+ * We can use BN_mod and do not need BN_nnmod because our accumulator is -+ * never negative (the result of BN_mod does not depend on the sign of -+ * the modulus). -+ */ - #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ -- (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) -- -- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) -- { -- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ -- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return -1; -- } -- -- bn_check_top(p); -- bn_check_top(m); -- -- if (!BN_is_odd(m)) -- { -- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); -- return(0); -- } -- if (m->top == 1) -- a %= m->d[0]; /* make sure that 'a' is reduced */ -- -- bits = BN_num_bits(p); -- if (bits == 0) -- { -- ret = BN_one(rr); -- return ret; -- } -- if (a == 0) -- { -- BN_zero(rr); -- ret = 1; -- return ret; -- } -- -- BN_CTX_start(ctx); -- d = BN_CTX_get(ctx); -- r = BN_CTX_get(ctx); -- t = BN_CTX_get(ctx); -- if (d == NULL || r == NULL || t == NULL) goto err; -- -- if (in_mont != NULL) -- mont=in_mont; -- else -- { -- if ((mont = BN_MONT_CTX_new()) == NULL) goto err; -- if (!BN_MONT_CTX_set(mont, m, ctx)) goto err; -- } -- -- r_is_one = 1; /* except for Montgomery factor */ -- -- /* bits-1 >= 0 */ -- -- /* The result is accumulated in the product r*w. */ -- w = a; /* bit 'bits-1' of 'p' is always set */ -- for (b = bits-2; b >= 0; b--) -- { -- /* First, square r*w. */ -- next_w = w*w; -- if ((next_w/w) != w) /* overflow */ -- { -- if (r_is_one) -- { -- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; -- r_is_one = 0; -- } -- else -- { -- if (!BN_MOD_MUL_WORD(r, w, m)) goto err; -- } -- next_w = 1; -- } -- w = next_w; -- if (!r_is_one) -- { -- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err; -- } -- -- /* Second, multiply r*w by 'a' if exponent bit is set. */ -- if (BN_is_bit_set(p, b)) -- { -- next_w = w*a; -- if ((next_w/a) != w) /* overflow */ -- { -- if (r_is_one) -- { -- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; -- r_is_one = 0; -- } -- else -- { -- if (!BN_MOD_MUL_WORD(r, w, m)) goto err; -- } -- next_w = a; -- } -- w = next_w; -- } -- } -- -- /* Finally, set r:=r*w. */ -- if (w != 1) -- { -- if (r_is_one) -- { -- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; -- r_is_one = 0; -- } -- else -- { -- if (!BN_MOD_MUL_WORD(r, w, m)) goto err; -- } -- } -- -- if (r_is_one) /* can happen only if a == 1*/ -- { -- if (!BN_one(rr)) goto err; -- } -- else -- { -- if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; -- } -- ret = 1; --err: -- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); -- BN_CTX_end(ctx); -- bn_check_top(rr); -- return(ret); -- } -- -+ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) -+ -+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { -+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ -+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return -1; -+ } -+ -+ bn_check_top(p); -+ bn_check_top(m); -+ -+ if (!BN_is_odd(m)) { -+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS); -+ return (0); -+ } -+ if (m->top == 1) -+ a %= m->d[0]; /* make sure that 'a' is reduced */ -+ -+ bits = BN_num_bits(p); -+ if (bits == 0) { -+ /* x**0 mod 1 is still zero. */ -+ if (BN_is_one(m)) { -+ ret = 1; -+ BN_zero(rr); -+ } else -+ ret = BN_one(rr); -+ return ret; -+ } -+ if (a == 0) { -+ BN_zero(rr); -+ ret = 1; -+ return ret; -+ } -+ -+ BN_CTX_start(ctx); -+ d = BN_CTX_get(ctx); -+ r = BN_CTX_get(ctx); -+ t = BN_CTX_get(ctx); -+ if (d == NULL || r == NULL || t == NULL) -+ goto err; -+ -+ if (in_mont != NULL) -+ mont = in_mont; -+ else { -+ if ((mont = BN_MONT_CTX_new()) == NULL) -+ goto err; -+ if (!BN_MONT_CTX_set(mont, m, ctx)) -+ goto err; -+ } -+ -+ r_is_one = 1; /* except for Montgomery factor */ -+ -+ /* bits-1 >= 0 */ -+ -+ /* The result is accumulated in the product r*w. */ -+ w = a; /* bit 'bits-1' of 'p' is always set */ -+ for (b = bits - 2; b >= 0; b--) { -+ /* First, square r*w. */ -+ next_w = w * w; -+ if ((next_w / w) != w) { /* overflow */ -+ if (r_is_one) { -+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) -+ goto err; -+ r_is_one = 0; -+ } else { -+ if (!BN_MOD_MUL_WORD(r, w, m)) -+ goto err; -+ } -+ next_w = 1; -+ } -+ w = next_w; -+ if (!r_is_one) { -+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) -+ goto err; -+ } -+ -+ /* Second, multiply r*w by 'a' if exponent bit is set. */ -+ if (BN_is_bit_set(p, b)) { -+ next_w = w * a; -+ if ((next_w / a) != w) { /* overflow */ -+ if (r_is_one) { -+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) -+ goto err; -+ r_is_one = 0; -+ } else { -+ if (!BN_MOD_MUL_WORD(r, w, m)) -+ goto err; -+ } -+ next_w = a; -+ } -+ w = next_w; -+ } -+ } -+ -+ /* Finally, set r:=r*w. */ -+ if (w != 1) { -+ if (r_is_one) { -+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) -+ goto err; -+ r_is_one = 0; -+ } else { -+ if (!BN_MOD_MUL_WORD(r, w, m)) -+ goto err; -+ } -+ } -+ -+ if (r_is_one) { /* can happen only if a == 1 */ -+ if (!BN_one(rr)) -+ goto err; -+ } else { -+ if (!BN_from_montgomery(rr, r, mont, ctx)) -+ goto err; -+ } -+ ret = 1; -+ err: -+ if ((in_mont == NULL) && (mont != NULL)) -+ BN_MONT_CTX_free(mont); -+ BN_CTX_end(ctx); -+ bn_check_top(rr); -+ return (ret); -+} - - /* The old fallback, simple version :-) */ - int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx) -- { -- int i,j,bits,ret=0,wstart,wend,window,wvalue; -- int start=1; -- BIGNUM *d; -- /* Table of variables obtained from 'ctx' */ -- BIGNUM *val[TABLE_SIZE]; -- -- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) -- { -- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ -- BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return -1; -- } -- -- bits=BN_num_bits(p); -- -- if (bits == 0) -- { -- ret = BN_one(r); -- return ret; -- } -- -- BN_CTX_start(ctx); -- d = BN_CTX_get(ctx); -- val[0] = BN_CTX_get(ctx); -- if(!d || !val[0]) goto err; -- -- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ -- if (BN_is_zero(val[0])) -- { -- BN_zero(r); -- ret = 1; -- goto err; -- } -- -- window = BN_window_bits_for_exponent_size(bits); -- if (window > 1) -- { -- if (!BN_mod_mul(d,val[0],val[0],m,ctx)) -- goto err; /* 2 */ -- j=1<<(window-1); -- for (i=1; i>1],m,ctx)) -- goto err; -- -- /* move the 'window' down further */ -- wstart-=wend+1; -- wvalue=0; -- start=0; -- if (wstart < 0) break; -- } -- ret=1; --err: -- BN_CTX_end(ctx); -- bn_check_top(r); -- return(ret); -- } -- -+ const BIGNUM *m, BN_CTX *ctx) -+{ -+ int i, j, bits, ret = 0, wstart, wend, window, wvalue; -+ int start = 1; -+ BIGNUM *d; -+ /* Table of variables obtained from 'ctx' */ -+ BIGNUM *val[TABLE_SIZE]; -+ -+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { -+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ -+ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return -1; -+ } -+ -+ bits = BN_num_bits(p); -+ -+ if (bits == 0) { -+ ret = BN_one(r); -+ return ret; -+ } -+ -+ BN_CTX_start(ctx); -+ d = BN_CTX_get(ctx); -+ val[0] = BN_CTX_get(ctx); -+ if (!d || !val[0]) -+ goto err; -+ -+ if (!BN_nnmod(val[0], a, m, ctx)) -+ goto err; /* 1 */ -+ if (BN_is_zero(val[0])) { -+ BN_zero(r); -+ ret = 1; -+ goto err; -+ } -+ -+ window = BN_window_bits_for_exponent_size(bits); -+ if (window > 1) { -+ if (!BN_mod_mul(d, val[0], val[0], m, ctx)) -+ goto err; /* 2 */ -+ j = 1 << (window - 1); -+ for (i = 1; i < j; i++) { -+ if (((val[i] = BN_CTX_get(ctx)) == NULL) || -+ !BN_mod_mul(val[i], val[i - 1], d, m, ctx)) -+ goto err; -+ } -+ } -+ -+ start = 1; /* This is used to avoid multiplication etc -+ * when there is only the value '1' in the -+ * buffer. */ -+ wvalue = 0; /* The 'value' of the window */ -+ wstart = bits - 1; /* The top bit of the window */ -+ wend = 0; /* The bottom bit of the window */ -+ -+ if (!BN_one(r)) -+ goto err; -+ -+ for (;;) { -+ if (BN_is_bit_set(p, wstart) == 0) { -+ if (!start) -+ if (!BN_mod_mul(r, r, r, m, ctx)) -+ goto err; -+ if (wstart == 0) -+ break; -+ wstart--; -+ continue; -+ } -+ /* -+ * We now have wstart on a 'set' bit, we now need to work out how bit -+ * a window to do. To do this we need to scan forward until the last -+ * set bit before the end of the window -+ */ -+ j = wstart; -+ wvalue = 1; -+ wend = 0; -+ for (i = 1; i < window; i++) { -+ if (wstart - i < 0) -+ break; -+ if (BN_is_bit_set(p, wstart - i)) { -+ wvalue <<= (i - wend); -+ wvalue |= 1; -+ wend = i; -+ } -+ } -+ -+ /* wend is the size of the current window */ -+ j = wend + 1; -+ /* add the 'bytes above' */ -+ if (!start) -+ for (i = 0; i < j; i++) { -+ if (!BN_mod_mul(r, r, r, m, ctx)) -+ goto err; -+ } -+ -+ /* wvalue will be an odd number < 2^window */ -+ if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx)) -+ goto err; -+ -+ /* move the 'window' down further */ -+ wstart -= wend + 1; -+ wvalue = 0; -+ start = 0; -+ if (wstart < 0) -+ break; -+ } -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ bn_check_top(r); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c -index bd0c34b..43fd204 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -113,200 +113,191 @@ - #include "cryptlib.h" - #include "bn_lcl.h" - --#define TABLE_SIZE 32 -+#define TABLE_SIZE 32 - - int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, -- const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, -- BN_CTX *ctx, BN_MONT_CTX *in_mont) -- { -- int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; -- int r_is_one=1; -- BIGNUM *d,*r; -- const BIGNUM *a_mod_m; -- /* Tables of variables obtained from 'ctx' */ -- BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; -- BN_MONT_CTX *mont=NULL; -+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, -+ BN_CTX *ctx, BN_MONT_CTX *in_mont) -+{ -+ int i, j, bits, b, bits1, bits2, ret = -+ 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; -+ int r_is_one = 1; -+ BIGNUM *d, *r; -+ const BIGNUM *a_mod_m; -+ /* Tables of variables obtained from 'ctx' */ -+ BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; -+ BN_MONT_CTX *mont = NULL; -+ -+ bn_check_top(a1); -+ bn_check_top(p1); -+ bn_check_top(a2); -+ bn_check_top(p2); -+ bn_check_top(m); -+ -+ if (!(m->d[0] & 1)) { -+ BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); -+ return (0); -+ } -+ bits1 = BN_num_bits(p1); -+ bits2 = BN_num_bits(p2); -+ if ((bits1 == 0) && (bits2 == 0)) { -+ ret = BN_one(rr); -+ return ret; -+ } - -- bn_check_top(a1); -- bn_check_top(p1); -- bn_check_top(a2); -- bn_check_top(p2); -- bn_check_top(m); -+ bits = (bits1 > bits2) ? bits1 : bits2; - -- if (!(m->d[0] & 1)) -- { -- BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); -- return(0); -- } -- bits1=BN_num_bits(p1); -- bits2=BN_num_bits(p2); -- if ((bits1 == 0) && (bits2 == 0)) -- { -- ret = BN_one(rr); -- return ret; -- } -- -- bits=(bits1 > bits2)?bits1:bits2; -+ BN_CTX_start(ctx); -+ d = BN_CTX_get(ctx); -+ r = BN_CTX_get(ctx); -+ val1[0] = BN_CTX_get(ctx); -+ val2[0] = BN_CTX_get(ctx); -+ if (!d || !r || !val1[0] || !val2[0]) -+ goto err; - -- BN_CTX_start(ctx); -- d = BN_CTX_get(ctx); -- r = BN_CTX_get(ctx); -- val1[0] = BN_CTX_get(ctx); -- val2[0] = BN_CTX_get(ctx); -- if(!d || !r || !val1[0] || !val2[0]) goto err; -+ if (in_mont != NULL) -+ mont = in_mont; -+ else { -+ if ((mont = BN_MONT_CTX_new()) == NULL) -+ goto err; -+ if (!BN_MONT_CTX_set(mont, m, ctx)) -+ goto err; -+ } - -- if (in_mont != NULL) -- mont=in_mont; -- else -- { -- if ((mont=BN_MONT_CTX_new()) == NULL) goto err; -- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; -- } -+ window1 = BN_window_bits_for_exponent_size(bits1); -+ window2 = BN_window_bits_for_exponent_size(bits2); - -- window1 = BN_window_bits_for_exponent_size(bits1); -- window2 = BN_window_bits_for_exponent_size(bits2); -+ /* -+ * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) -+ */ -+ if (a1->neg || BN_ucmp(a1, m) >= 0) { -+ if (!BN_mod(val1[0], a1, m, ctx)) -+ goto err; -+ a_mod_m = val1[0]; -+ } else -+ a_mod_m = a1; -+ if (BN_is_zero(a_mod_m)) { -+ BN_zero(rr); -+ ret = 1; -+ goto err; -+ } - -- /* -- * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) -- */ -- if (a1->neg || BN_ucmp(a1,m) >= 0) -- { -- if (!BN_mod(val1[0],a1,m,ctx)) -- goto err; -- a_mod_m = val1[0]; -- } -- else -- a_mod_m = a1; -- if (BN_is_zero(a_mod_m)) -- { -- BN_zero(rr); -- ret = 1; -- goto err; -- } -+ if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx)) -+ goto err; -+ if (window1 > 1) { -+ if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx)) -+ goto err; - -- if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err; -- if (window1 > 1) -- { -- if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err; -+ j = 1 << (window1 - 1); -+ for (i = 1; i < j; i++) { -+ if (((val1[i] = BN_CTX_get(ctx)) == NULL) || -+ !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx)) -+ goto err; -+ } -+ } - -- j=1<<(window1-1); -- for (i=1; ineg || BN_ucmp(a2, m) >= 0) { -+ if (!BN_mod(val2[0], a2, m, ctx)) -+ goto err; -+ a_mod_m = val2[0]; -+ } else -+ a_mod_m = a2; -+ if (BN_is_zero(a_mod_m)) { -+ BN_zero(rr); -+ ret = 1; -+ goto err; -+ } -+ if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx)) -+ goto err; -+ if (window2 > 1) { -+ if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx)) -+ goto err; - -+ j = 1 << (window2 - 1); -+ for (i = 1; i < j; i++) { -+ if (((val2[i] = BN_CTX_get(ctx)) == NULL) || -+ !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx)) -+ goto err; -+ } -+ } - -- /* -- * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) -- */ -- if (a2->neg || BN_ucmp(a2,m) >= 0) -- { -- if (!BN_mod(val2[0],a2,m,ctx)) -- goto err; -- a_mod_m = val2[0]; -- } -- else -- a_mod_m = a2; -- if (BN_is_zero(a_mod_m)) -- { -- BN_zero(rr); -- ret = 1; -- goto err; -- } -- if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err; -- if (window2 > 1) -- { -- if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err; -+ /* Now compute the power product, using independent windows. */ -+ r_is_one = 1; -+ wvalue1 = 0; /* The 'value' of the first window */ -+ wvalue2 = 0; /* The 'value' of the second window */ -+ wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the -+ * first window */ -+ wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the -+ * second window */ - -- j=1<<(window2-1); -- for (i=1; i= 0; b--) { -+ if (!r_is_one) { -+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) -+ goto err; -+ } - -+ if (!wvalue1) -+ if (BN_is_bit_set(p1, b)) { -+ /* -+ * consider bits b-window1+1 .. b for this window -+ */ -+ i = b - window1 + 1; -+ while (!BN_is_bit_set(p1, i)) /* works for i<0 */ -+ i++; -+ wpos1 = i; -+ wvalue1 = 1; -+ for (i = b - 1; i >= wpos1; i--) { -+ wvalue1 <<= 1; -+ if (BN_is_bit_set(p1, i)) -+ wvalue1++; -+ } -+ } - -- /* Now compute the power product, using independent windows. */ -- r_is_one=1; -- wvalue1=0; /* The 'value' of the first window */ -- wvalue2=0; /* The 'value' of the second window */ -- wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */ -- wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */ -+ if (!wvalue2) -+ if (BN_is_bit_set(p2, b)) { -+ /* -+ * consider bits b-window2+1 .. b for this window -+ */ -+ i = b - window2 + 1; -+ while (!BN_is_bit_set(p2, i)) -+ i++; -+ wpos2 = i; -+ wvalue2 = 1; -+ for (i = b - 1; i >= wpos2; i--) { -+ wvalue2 <<= 1; -+ if (BN_is_bit_set(p2, i)) -+ wvalue2++; -+ } -+ } - -- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; -- for (b=bits-1; b>=0; b--) -- { -- if (!r_is_one) -- { -- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) -- goto err; -- } -- -- if (!wvalue1) -- if (BN_is_bit_set(p1, b)) -- { -- /* consider bits b-window1+1 .. b for this window */ -- i = b-window1+1; -- while (!BN_is_bit_set(p1, i)) /* works for i<0 */ -- i++; -- wpos1 = i; -- wvalue1 = 1; -- for (i = b-1; i >= wpos1; i--) -- { -- wvalue1 <<= 1; -- if (BN_is_bit_set(p1, i)) -- wvalue1++; -- } -- } -- -- if (!wvalue2) -- if (BN_is_bit_set(p2, b)) -- { -- /* consider bits b-window2+1 .. b for this window */ -- i = b-window2+1; -- while (!BN_is_bit_set(p2, i)) -- i++; -- wpos2 = i; -- wvalue2 = 1; -- for (i = b-1; i >= wpos2; i--) -- { -- wvalue2 <<= 1; -- if (BN_is_bit_set(p2, i)) -- wvalue2++; -- } -- } -+ if (wvalue1 && b == wpos1) { -+ /* wvalue1 is odd and < 2^window1 */ -+ if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx)) -+ goto err; -+ wvalue1 = 0; -+ r_is_one = 0; -+ } - -- if (wvalue1 && b == wpos1) -- { -- /* wvalue1 is odd and < 2^window1 */ -- if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx)) -- goto err; -- wvalue1 = 0; -- r_is_one = 0; -- } -- -- if (wvalue2 && b == wpos2) -- { -- /* wvalue2 is odd and < 2^window2 */ -- if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx)) -- goto err; -- wvalue2 = 0; -- r_is_one = 0; -- } -- } -- if (!BN_from_montgomery(rr,r,mont,ctx)) -- goto err; -- ret=1; --err: -- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); -- BN_CTX_end(ctx); -- bn_check_top(rr); -- return(ret); -- } -+ if (wvalue2 && b == wpos2) { -+ /* wvalue2 is odd and < 2^window2 */ -+ if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx)) -+ goto err; -+ wvalue2 = 0; -+ r_is_one = 0; -+ } -+ } -+ if (!BN_from_montgomery(rr, r, mont, ctx)) -+ goto err; -+ ret = 1; -+ err: -+ if ((in_mont == NULL) && (mont != NULL)) -+ BN_MONT_CTX_free(mont); -+ BN_CTX_end(ctx); -+ bn_check_top(rr); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c -index 4a35211..cd5f86b 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -115,540 +115,585 @@ - static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); - - int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) -- { -- BIGNUM *a,*b,*t; -- int ret=0; -- -- bn_check_top(in_a); -- bn_check_top(in_b); -- -- BN_CTX_start(ctx); -- a = BN_CTX_get(ctx); -- b = BN_CTX_get(ctx); -- if (a == NULL || b == NULL) goto err; -- -- if (BN_copy(a,in_a) == NULL) goto err; -- if (BN_copy(b,in_b) == NULL) goto err; -- a->neg = 0; -- b->neg = 0; -- -- if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; } -- t=euclid(a,b); -- if (t == NULL) goto err; -- -- if (BN_copy(r,t) == NULL) goto err; -- ret=1; --err: -- BN_CTX_end(ctx); -- bn_check_top(r); -- return(ret); -- } -+{ -+ BIGNUM *a, *b, *t; -+ int ret = 0; -+ -+ bn_check_top(in_a); -+ bn_check_top(in_b); -+ -+ BN_CTX_start(ctx); -+ a = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ if (a == NULL || b == NULL) -+ goto err; -+ -+ if (BN_copy(a, in_a) == NULL) -+ goto err; -+ if (BN_copy(b, in_b) == NULL) -+ goto err; -+ a->neg = 0; -+ b->neg = 0; -+ -+ if (BN_cmp(a, b) < 0) { -+ t = a; -+ a = b; -+ b = t; -+ } -+ t = euclid(a, b); -+ if (t == NULL) -+ goto err; -+ -+ if (BN_copy(r, t) == NULL) -+ goto err; -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ bn_check_top(r); -+ return (ret); -+} - - static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) -- { -- BIGNUM *t; -- int shifts=0; -- -- bn_check_top(a); -- bn_check_top(b); -- -- /* 0 <= b <= a */ -- while (!BN_is_zero(b)) -- { -- /* 0 < b <= a */ -- -- if (BN_is_odd(a)) -- { -- if (BN_is_odd(b)) -- { -- if (!BN_sub(a,a,b)) goto err; -- if (!BN_rshift1(a,a)) goto err; -- if (BN_cmp(a,b) < 0) -- { t=a; a=b; b=t; } -- } -- else /* a odd - b even */ -- { -- if (!BN_rshift1(b,b)) goto err; -- if (BN_cmp(a,b) < 0) -- { t=a; a=b; b=t; } -- } -- } -- else /* a is even */ -- { -- if (BN_is_odd(b)) -- { -- if (!BN_rshift1(a,a)) goto err; -- if (BN_cmp(a,b) < 0) -- { t=a; a=b; b=t; } -- } -- else /* a even - b even */ -- { -- if (!BN_rshift1(a,a)) goto err; -- if (!BN_rshift1(b,b)) goto err; -- shifts++; -- } -- } -- /* 0 <= b <= a */ -- } -- -- if (shifts) -- { -- if (!BN_lshift(a,a,shifts)) goto err; -- } -- bn_check_top(a); -- return(a); --err: -- return(NULL); -- } -- -+{ -+ BIGNUM *t; -+ int shifts = 0; -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ -+ /* 0 <= b <= a */ -+ while (!BN_is_zero(b)) { -+ /* 0 < b <= a */ -+ -+ if (BN_is_odd(a)) { -+ if (BN_is_odd(b)) { -+ if (!BN_sub(a, a, b)) -+ goto err; -+ if (!BN_rshift1(a, a)) -+ goto err; -+ if (BN_cmp(a, b) < 0) { -+ t = a; -+ a = b; -+ b = t; -+ } -+ } else { /* a odd - b even */ -+ -+ if (!BN_rshift1(b, b)) -+ goto err; -+ if (BN_cmp(a, b) < 0) { -+ t = a; -+ a = b; -+ b = t; -+ } -+ } -+ } else { /* a is even */ -+ -+ if (BN_is_odd(b)) { -+ if (!BN_rshift1(a, a)) -+ goto err; -+ if (BN_cmp(a, b) < 0) { -+ t = a; -+ a = b; -+ b = t; -+ } -+ } else { /* a even - b even */ -+ -+ if (!BN_rshift1(a, a)) -+ goto err; -+ if (!BN_rshift1(b, b)) -+ goto err; -+ shifts++; -+ } -+ } -+ /* 0 <= b <= a */ -+ } -+ -+ if (shifts) { -+ if (!BN_lshift(a, a, shifts)) -+ goto err; -+ } -+ bn_check_top(a); -+ return (a); -+ err: -+ return (NULL); -+} - - /* solves ax == 1 (mod n) */ - static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, -- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); --BIGNUM *BN_mod_inverse(BIGNUM *in, -- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) -- { -- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; -- BIGNUM *ret=NULL; -- int sign; -- -- if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) -- { -- return BN_mod_inverse_no_branch(in, a, n, ctx); -- } -- -- bn_check_top(a); -- bn_check_top(n); -- -- BN_CTX_start(ctx); -- A = BN_CTX_get(ctx); -- B = BN_CTX_get(ctx); -- X = BN_CTX_get(ctx); -- D = BN_CTX_get(ctx); -- M = BN_CTX_get(ctx); -- Y = BN_CTX_get(ctx); -- T = BN_CTX_get(ctx); -- if (T == NULL) goto err; -- -- if (in == NULL) -- R=BN_new(); -- else -- R=in; -- if (R == NULL) goto err; -- -- BN_one(X); -- BN_zero(Y); -- if (BN_copy(B,a) == NULL) goto err; -- if (BN_copy(A,n) == NULL) goto err; -- A->neg = 0; -- if (B->neg || (BN_ucmp(B, A) >= 0)) -- { -- if (!BN_nnmod(B, B, A, ctx)) goto err; -- } -- sign = -1; -- /* From B = a mod |n|, A = |n| it follows that -- * -- * 0 <= B < A, -- * -sign*X*a == B (mod |n|), -- * sign*Y*a == A (mod |n|). -- */ -- -- if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) -- { -- /* Binary inversion algorithm; requires odd modulus. -- * This is faster than the general algorithm if the modulus -- * is sufficiently small (about 400 .. 500 bits on 32-bit -- * sytems, but much more on 64-bit systems) */ -- int shift; -- -- while (!BN_is_zero(B)) -- { -- /* -- * 0 < B < |n|, -- * 0 < A <= |n|, -- * (1) -sign*X*a == B (mod |n|), -- * (2) sign*Y*a == A (mod |n|) -- */ -- -- /* Now divide B by the maximum possible power of two in the integers, -- * and divide X by the same value mod |n|. -- * When we're done, (1) still holds. */ -- shift = 0; -- while (!BN_is_bit_set(B, shift)) /* note that 0 < B */ -- { -- shift++; -- -- if (BN_is_odd(X)) -- { -- if (!BN_uadd(X, X, n)) goto err; -- } -- /* now X is even, so we can easily divide it by two */ -- if (!BN_rshift1(X, X)) goto err; -- } -- if (shift > 0) -- { -- if (!BN_rshift(B, B, shift)) goto err; -- } -- -- -- /* Same for A and Y. Afterwards, (2) still holds. */ -- shift = 0; -- while (!BN_is_bit_set(A, shift)) /* note that 0 < A */ -- { -- shift++; -- -- if (BN_is_odd(Y)) -- { -- if (!BN_uadd(Y, Y, n)) goto err; -- } -- /* now Y is even */ -- if (!BN_rshift1(Y, Y)) goto err; -- } -- if (shift > 0) -- { -- if (!BN_rshift(A, A, shift)) goto err; -- } -- -- -- /* We still have (1) and (2). -- * Both A and B are odd. -- * The following computations ensure that -- * -- * 0 <= B < |n|, -- * 0 < A < |n|, -- * (1) -sign*X*a == B (mod |n|), -- * (2) sign*Y*a == A (mod |n|), -- * -- * and that either A or B is even in the next iteration. -- */ -- if (BN_ucmp(B, A) >= 0) -- { -- /* -sign*(X + Y)*a == B - A (mod |n|) */ -- if (!BN_uadd(X, X, Y)) goto err; -- /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that -- * actually makes the algorithm slower */ -- if (!BN_usub(B, B, A)) goto err; -- } -- else -- { -- /* sign*(X + Y)*a == A - B (mod |n|) */ -- if (!BN_uadd(Y, Y, X)) goto err; -- /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */ -- if (!BN_usub(A, A, B)) goto err; -- } -- } -- } -- else -- { -- /* general inversion algorithm */ -- -- while (!BN_is_zero(B)) -- { -- BIGNUM *tmp; -- -- /* -- * 0 < B < A, -- * (*) -sign*X*a == B (mod |n|), -- * sign*Y*a == A (mod |n|) -- */ -- -- /* (D, M) := (A/B, A%B) ... */ -- if (BN_num_bits(A) == BN_num_bits(B)) -- { -- if (!BN_one(D)) goto err; -- if (!BN_sub(M,A,B)) goto err; -- } -- else if (BN_num_bits(A) == BN_num_bits(B) + 1) -- { -- /* A/B is 1, 2, or 3 */ -- if (!BN_lshift1(T,B)) goto err; -- if (BN_ucmp(A,T) < 0) -- { -- /* A < 2*B, so D=1 */ -- if (!BN_one(D)) goto err; -- if (!BN_sub(M,A,B)) goto err; -- } -- else -- { -- /* A >= 2*B, so D=2 or D=3 */ -- if (!BN_sub(M,A,T)) goto err; -- if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */ -- if (BN_ucmp(A,D) < 0) -- { -- /* A < 3*B, so D=2 */ -- if (!BN_set_word(D,2)) goto err; -- /* M (= A - 2*B) already has the correct value */ -- } -- else -- { -- /* only D=3 remains */ -- if (!BN_set_word(D,3)) goto err; -- /* currently M = A - 2*B, but we need M = A - 3*B */ -- if (!BN_sub(M,M,B)) goto err; -- } -- } -- } -- else -- { -- if (!BN_div(D,M,A,B,ctx)) goto err; -- } -- -- /* Now -- * A = D*B + M; -- * thus we have -- * (**) sign*Y*a == D*B + M (mod |n|). -- */ -- -- tmp=A; /* keep the BIGNUM object, the value does not matter */ -- -- /* (A, B) := (B, A mod B) ... */ -- A=B; -- B=M; -- /* ... so we have 0 <= B < A again */ -- -- /* Since the former M is now B and the former B is now A, -- * (**) translates into -- * sign*Y*a == D*A + B (mod |n|), -- * i.e. -- * sign*Y*a - D*A == B (mod |n|). -- * Similarly, (*) translates into -- * -sign*X*a == A (mod |n|). -- * -- * Thus, -- * sign*Y*a + D*sign*X*a == B (mod |n|), -- * i.e. -- * sign*(Y + D*X)*a == B (mod |n|). -- * -- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at -- * -sign*X*a == B (mod |n|), -- * sign*Y*a == A (mod |n|). -- * Note that X and Y stay non-negative all the time. -- */ -- -- /* most of the time D is very small, so we can optimize tmp := D*X+Y */ -- if (BN_is_one(D)) -- { -- if (!BN_add(tmp,X,Y)) goto err; -- } -- else -- { -- if (BN_is_word(D,2)) -- { -- if (!BN_lshift1(tmp,X)) goto err; -- } -- else if (BN_is_word(D,4)) -- { -- if (!BN_lshift(tmp,X,2)) goto err; -- } -- else if (D->top == 1) -- { -- if (!BN_copy(tmp,X)) goto err; -- if (!BN_mul_word(tmp,D->d[0])) goto err; -- } -- else -- { -- if (!BN_mul(tmp,D,X,ctx)) goto err; -- } -- if (!BN_add(tmp,tmp,Y)) goto err; -- } -- -- M=Y; /* keep the BIGNUM object, the value does not matter */ -- Y=X; -- X=tmp; -- sign = -sign; -- } -- } -- -- /* -- * The while loop (Euclid's algorithm) ends when -- * A == gcd(a,n); -- * we have -- * sign*Y*a == A (mod |n|), -- * where Y is non-negative. -- */ -- -- if (sign < 0) -- { -- if (!BN_sub(Y,n,Y)) goto err; -- } -- /* Now Y*a == A (mod |n|). */ -- -- -- if (BN_is_one(A)) -- { -- /* Y*a == 1 (mod |n|) */ -- if (!Y->neg && BN_ucmp(Y,n) < 0) -- { -- if (!BN_copy(R,Y)) goto err; -- } -- else -- { -- if (!BN_nnmod(R,Y,n,ctx)) goto err; -- } -- } -- else -- { -- BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE); -- goto err; -- } -- ret=R; --err: -- if ((ret == NULL) && (in == NULL)) BN_free(R); -- BN_CTX_end(ctx); -- bn_check_top(ret); -- return(ret); -- } -- -- --/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. -- * It does not contain branches that may leak sensitive information. -+ const BIGNUM *a, const BIGNUM *n, -+ BN_CTX *ctx); -+BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, -+ BN_CTX *ctx) -+{ -+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; -+ BIGNUM *ret = NULL; -+ int sign; -+ -+ if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) -+ || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { -+ return BN_mod_inverse_no_branch(in, a, n, ctx); -+ } -+ -+ bn_check_top(a); -+ bn_check_top(n); -+ -+ BN_CTX_start(ctx); -+ A = BN_CTX_get(ctx); -+ B = BN_CTX_get(ctx); -+ X = BN_CTX_get(ctx); -+ D = BN_CTX_get(ctx); -+ M = BN_CTX_get(ctx); -+ Y = BN_CTX_get(ctx); -+ T = BN_CTX_get(ctx); -+ if (T == NULL) -+ goto err; -+ -+ if (in == NULL) -+ R = BN_new(); -+ else -+ R = in; -+ if (R == NULL) -+ goto err; -+ -+ BN_one(X); -+ BN_zero(Y); -+ if (BN_copy(B, a) == NULL) -+ goto err; -+ if (BN_copy(A, n) == NULL) -+ goto err; -+ A->neg = 0; -+ if (B->neg || (BN_ucmp(B, A) >= 0)) { -+ if (!BN_nnmod(B, B, A, ctx)) -+ goto err; -+ } -+ sign = -1; -+ /*- -+ * From B = a mod |n|, A = |n| it follows that -+ * -+ * 0 <= B < A, -+ * -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|). -+ */ -+ -+ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { -+ /* -+ * Binary inversion algorithm; requires odd modulus. This is faster -+ * than the general algorithm if the modulus is sufficiently small -+ * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit -+ * systems) -+ */ -+ int shift; -+ -+ while (!BN_is_zero(B)) { -+ /*- -+ * 0 < B < |n|, -+ * 0 < A <= |n|, -+ * (1) -sign*X*a == B (mod |n|), -+ * (2) sign*Y*a == A (mod |n|) -+ */ -+ -+ /* -+ * Now divide B by the maximum possible power of two in the -+ * integers, and divide X by the same value mod |n|. When we're -+ * done, (1) still holds. -+ */ -+ shift = 0; -+ while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */ -+ shift++; -+ -+ if (BN_is_odd(X)) { -+ if (!BN_uadd(X, X, n)) -+ goto err; -+ } -+ /* -+ * now X is even, so we can easily divide it by two -+ */ -+ if (!BN_rshift1(X, X)) -+ goto err; -+ } -+ if (shift > 0) { -+ if (!BN_rshift(B, B, shift)) -+ goto err; -+ } -+ -+ /* -+ * Same for A and Y. Afterwards, (2) still holds. -+ */ -+ shift = 0; -+ while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */ -+ shift++; -+ -+ if (BN_is_odd(Y)) { -+ if (!BN_uadd(Y, Y, n)) -+ goto err; -+ } -+ /* now Y is even */ -+ if (!BN_rshift1(Y, Y)) -+ goto err; -+ } -+ if (shift > 0) { -+ if (!BN_rshift(A, A, shift)) -+ goto err; -+ } -+ -+ /*- -+ * We still have (1) and (2). -+ * Both A and B are odd. -+ * The following computations ensure that -+ * -+ * 0 <= B < |n|, -+ * 0 < A < |n|, -+ * (1) -sign*X*a == B (mod |n|), -+ * (2) sign*Y*a == A (mod |n|), -+ * -+ * and that either A or B is even in the next iteration. -+ */ -+ if (BN_ucmp(B, A) >= 0) { -+ /* -sign*(X + Y)*a == B - A (mod |n|) */ -+ if (!BN_uadd(X, X, Y)) -+ goto err; -+ /* -+ * NB: we could use BN_mod_add_quick(X, X, Y, n), but that -+ * actually makes the algorithm slower -+ */ -+ if (!BN_usub(B, B, A)) -+ goto err; -+ } else { -+ /* sign*(X + Y)*a == A - B (mod |n|) */ -+ if (!BN_uadd(Y, Y, X)) -+ goto err; -+ /* -+ * as above, BN_mod_add_quick(Y, Y, X, n) would slow things -+ * down -+ */ -+ if (!BN_usub(A, A, B)) -+ goto err; -+ } -+ } -+ } else { -+ /* general inversion algorithm */ -+ -+ while (!BN_is_zero(B)) { -+ BIGNUM *tmp; -+ -+ /*- -+ * 0 < B < A, -+ * (*) -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|) -+ */ -+ -+ /* (D, M) := (A/B, A%B) ... */ -+ if (BN_num_bits(A) == BN_num_bits(B)) { -+ if (!BN_one(D)) -+ goto err; -+ if (!BN_sub(M, A, B)) -+ goto err; -+ } else if (BN_num_bits(A) == BN_num_bits(B) + 1) { -+ /* A/B is 1, 2, or 3 */ -+ if (!BN_lshift1(T, B)) -+ goto err; -+ if (BN_ucmp(A, T) < 0) { -+ /* A < 2*B, so D=1 */ -+ if (!BN_one(D)) -+ goto err; -+ if (!BN_sub(M, A, B)) -+ goto err; -+ } else { -+ /* A >= 2*B, so D=2 or D=3 */ -+ if (!BN_sub(M, A, T)) -+ goto err; -+ if (!BN_add(D, T, B)) -+ goto err; /* use D (:= 3*B) as temp */ -+ if (BN_ucmp(A, D) < 0) { -+ /* A < 3*B, so D=2 */ -+ if (!BN_set_word(D, 2)) -+ goto err; -+ /* -+ * M (= A - 2*B) already has the correct value -+ */ -+ } else { -+ /* only D=3 remains */ -+ if (!BN_set_word(D, 3)) -+ goto err; -+ /* -+ * currently M = A - 2*B, but we need M = A - 3*B -+ */ -+ if (!BN_sub(M, M, B)) -+ goto err; -+ } -+ } -+ } else { -+ if (!BN_div(D, M, A, B, ctx)) -+ goto err; -+ } -+ -+ /*- -+ * Now -+ * A = D*B + M; -+ * thus we have -+ * (**) sign*Y*a == D*B + M (mod |n|). -+ */ -+ -+ tmp = A; /* keep the BIGNUM object, the value does not -+ * matter */ -+ -+ /* (A, B) := (B, A mod B) ... */ -+ A = B; -+ B = M; -+ /* ... so we have 0 <= B < A again */ -+ -+ /*- -+ * Since the former M is now B and the former B is now A, -+ * (**) translates into -+ * sign*Y*a == D*A + B (mod |n|), -+ * i.e. -+ * sign*Y*a - D*A == B (mod |n|). -+ * Similarly, (*) translates into -+ * -sign*X*a == A (mod |n|). -+ * -+ * Thus, -+ * sign*Y*a + D*sign*X*a == B (mod |n|), -+ * i.e. -+ * sign*(Y + D*X)*a == B (mod |n|). -+ * -+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at -+ * -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|). -+ * Note that X and Y stay non-negative all the time. -+ */ -+ -+ /* -+ * most of the time D is very small, so we can optimize tmp := -+ * D*X+Y -+ */ -+ if (BN_is_one(D)) { -+ if (!BN_add(tmp, X, Y)) -+ goto err; -+ } else { -+ if (BN_is_word(D, 2)) { -+ if (!BN_lshift1(tmp, X)) -+ goto err; -+ } else if (BN_is_word(D, 4)) { -+ if (!BN_lshift(tmp, X, 2)) -+ goto err; -+ } else if (D->top == 1) { -+ if (!BN_copy(tmp, X)) -+ goto err; -+ if (!BN_mul_word(tmp, D->d[0])) -+ goto err; -+ } else { -+ if (!BN_mul(tmp, D, X, ctx)) -+ goto err; -+ } -+ if (!BN_add(tmp, tmp, Y)) -+ goto err; -+ } -+ -+ M = Y; /* keep the BIGNUM object, the value does not -+ * matter */ -+ Y = X; -+ X = tmp; -+ sign = -sign; -+ } -+ } -+ -+ /*- -+ * The while loop (Euclid's algorithm) ends when -+ * A == gcd(a,n); -+ * we have -+ * sign*Y*a == A (mod |n|), -+ * where Y is non-negative. -+ */ -+ -+ if (sign < 0) { -+ if (!BN_sub(Y, n, Y)) -+ goto err; -+ } -+ /* Now Y*a == A (mod |n|). */ -+ -+ if (BN_is_one(A)) { -+ /* Y*a == 1 (mod |n|) */ -+ if (!Y->neg && BN_ucmp(Y, n) < 0) { -+ if (!BN_copy(R, Y)) -+ goto err; -+ } else { -+ if (!BN_nnmod(R, Y, n, ctx)) -+ goto err; -+ } -+ } else { -+ BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); -+ goto err; -+ } -+ ret = R; -+ err: -+ if ((ret == NULL) && (in == NULL)) -+ BN_free(R); -+ BN_CTX_end(ctx); -+ bn_check_top(ret); -+ return (ret); -+} -+ -+/* -+ * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does -+ * not contain branches that may leak sensitive information. - */ - static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, -- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) -- { -- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; -- BIGNUM local_A, local_B; -- BIGNUM *pA, *pB; -- BIGNUM *ret=NULL; -- int sign; -- -- bn_check_top(a); -- bn_check_top(n); -- -- BN_CTX_start(ctx); -- A = BN_CTX_get(ctx); -- B = BN_CTX_get(ctx); -- X = BN_CTX_get(ctx); -- D = BN_CTX_get(ctx); -- M = BN_CTX_get(ctx); -- Y = BN_CTX_get(ctx); -- T = BN_CTX_get(ctx); -- if (T == NULL) goto err; -- -- if (in == NULL) -- R=BN_new(); -- else -- R=in; -- if (R == NULL) goto err; -- -- BN_one(X); -- BN_zero(Y); -- if (BN_copy(B,a) == NULL) goto err; -- if (BN_copy(A,n) == NULL) goto err; -- A->neg = 0; -- -- if (B->neg || (BN_ucmp(B, A) >= 0)) -- { -- /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, -- * BN_div_no_branch will be called eventually. -- */ -- pB = &local_B; -- BN_with_flags(pB, B, BN_FLG_CONSTTIME); -- if (!BN_nnmod(B, pB, A, ctx)) goto err; -- } -- sign = -1; -- /* From B = a mod |n|, A = |n| it follows that -- * -- * 0 <= B < A, -- * -sign*X*a == B (mod |n|), -- * sign*Y*a == A (mod |n|). -- */ -- -- while (!BN_is_zero(B)) -- { -- BIGNUM *tmp; -- -- /* -- * 0 < B < A, -- * (*) -sign*X*a == B (mod |n|), -- * sign*Y*a == A (mod |n|) -- */ -- -- /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, -- * BN_div_no_branch will be called eventually. -- */ -- pA = &local_A; -- BN_with_flags(pA, A, BN_FLG_CONSTTIME); -- -- /* (D, M) := (A/B, A%B) ... */ -- if (!BN_div(D,M,pA,B,ctx)) goto err; -- -- /* Now -- * A = D*B + M; -- * thus we have -- * (**) sign*Y*a == D*B + M (mod |n|). -- */ -- -- tmp=A; /* keep the BIGNUM object, the value does not matter */ -- -- /* (A, B) := (B, A mod B) ... */ -- A=B; -- B=M; -- /* ... so we have 0 <= B < A again */ -- -- /* Since the former M is now B and the former B is now A, -- * (**) translates into -- * sign*Y*a == D*A + B (mod |n|), -- * i.e. -- * sign*Y*a - D*A == B (mod |n|). -- * Similarly, (*) translates into -- * -sign*X*a == A (mod |n|). -- * -- * Thus, -- * sign*Y*a + D*sign*X*a == B (mod |n|), -- * i.e. -- * sign*(Y + D*X)*a == B (mod |n|). -- * -- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at -- * -sign*X*a == B (mod |n|), -- * sign*Y*a == A (mod |n|). -- * Note that X and Y stay non-negative all the time. -- */ -- -- if (!BN_mul(tmp,D,X,ctx)) goto err; -- if (!BN_add(tmp,tmp,Y)) goto err; -- -- M=Y; /* keep the BIGNUM object, the value does not matter */ -- Y=X; -- X=tmp; -- sign = -sign; -- } -- -- /* -- * The while loop (Euclid's algorithm) ends when -- * A == gcd(a,n); -- * we have -- * sign*Y*a == A (mod |n|), -- * where Y is non-negative. -- */ -- -- if (sign < 0) -- { -- if (!BN_sub(Y,n,Y)) goto err; -- } -- /* Now Y*a == A (mod |n|). */ -- -- if (BN_is_one(A)) -- { -- /* Y*a == 1 (mod |n|) */ -- if (!Y->neg && BN_ucmp(Y,n) < 0) -- { -- if (!BN_copy(R,Y)) goto err; -- } -- else -- { -- if (!BN_nnmod(R,Y,n,ctx)) goto err; -- } -- } -- else -- { -- BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE); -- goto err; -- } -- ret=R; --err: -- if ((ret == NULL) && (in == NULL)) BN_free(R); -- BN_CTX_end(ctx); -- bn_check_top(ret); -- return(ret); -- } -+ const BIGNUM *a, const BIGNUM *n, -+ BN_CTX *ctx) -+{ -+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; -+ BIGNUM local_A, local_B; -+ BIGNUM *pA, *pB; -+ BIGNUM *ret = NULL; -+ int sign; -+ -+ bn_check_top(a); -+ bn_check_top(n); -+ -+ BN_CTX_start(ctx); -+ A = BN_CTX_get(ctx); -+ B = BN_CTX_get(ctx); -+ X = BN_CTX_get(ctx); -+ D = BN_CTX_get(ctx); -+ M = BN_CTX_get(ctx); -+ Y = BN_CTX_get(ctx); -+ T = BN_CTX_get(ctx); -+ if (T == NULL) -+ goto err; -+ -+ if (in == NULL) -+ R = BN_new(); -+ else -+ R = in; -+ if (R == NULL) -+ goto err; -+ -+ BN_one(X); -+ BN_zero(Y); -+ if (BN_copy(B, a) == NULL) -+ goto err; -+ if (BN_copy(A, n) == NULL) -+ goto err; -+ A->neg = 0; -+ -+ if (B->neg || (BN_ucmp(B, A) >= 0)) { -+ /* -+ * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, -+ * BN_div_no_branch will be called eventually. -+ */ -+ pB = &local_B; -+ BN_with_flags(pB, B, BN_FLG_CONSTTIME); -+ if (!BN_nnmod(B, pB, A, ctx)) -+ goto err; -+ } -+ sign = -1; -+ /*- -+ * From B = a mod |n|, A = |n| it follows that -+ * -+ * 0 <= B < A, -+ * -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|). -+ */ -+ -+ while (!BN_is_zero(B)) { -+ BIGNUM *tmp; -+ -+ /*- -+ * 0 < B < A, -+ * (*) -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|) -+ */ -+ -+ /* -+ * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, -+ * BN_div_no_branch will be called eventually. -+ */ -+ pA = &local_A; -+ BN_with_flags(pA, A, BN_FLG_CONSTTIME); -+ -+ /* (D, M) := (A/B, A%B) ... */ -+ if (!BN_div(D, M, pA, B, ctx)) -+ goto err; -+ -+ /*- -+ * Now -+ * A = D*B + M; -+ * thus we have -+ * (**) sign*Y*a == D*B + M (mod |n|). -+ */ -+ -+ tmp = A; /* keep the BIGNUM object, the value does not -+ * matter */ -+ -+ /* (A, B) := (B, A mod B) ... */ -+ A = B; -+ B = M; -+ /* ... so we have 0 <= B < A again */ -+ -+ /*- -+ * Since the former M is now B and the former B is now A, -+ * (**) translates into -+ * sign*Y*a == D*A + B (mod |n|), -+ * i.e. -+ * sign*Y*a - D*A == B (mod |n|). -+ * Similarly, (*) translates into -+ * -sign*X*a == A (mod |n|). -+ * -+ * Thus, -+ * sign*Y*a + D*sign*X*a == B (mod |n|), -+ * i.e. -+ * sign*(Y + D*X)*a == B (mod |n|). -+ * -+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at -+ * -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|). -+ * Note that X and Y stay non-negative all the time. -+ */ -+ -+ if (!BN_mul(tmp, D, X, ctx)) -+ goto err; -+ if (!BN_add(tmp, tmp, Y)) -+ goto err; -+ -+ M = Y; /* keep the BIGNUM object, the value does not -+ * matter */ -+ Y = X; -+ X = tmp; -+ sign = -sign; -+ } -+ -+ /*- -+ * The while loop (Euclid's algorithm) ends when -+ * A == gcd(a,n); -+ * we have -+ * sign*Y*a == A (mod |n|), -+ * where Y is non-negative. -+ */ -+ -+ if (sign < 0) { -+ if (!BN_sub(Y, n, Y)) -+ goto err; -+ } -+ /* Now Y*a == A (mod |n|). */ -+ -+ if (BN_is_one(A)) { -+ /* Y*a == 1 (mod |n|) */ -+ if (!Y->neg && BN_ucmp(Y, n) < 0) { -+ if (!BN_copy(R, Y)) -+ goto err; -+ } else { -+ if (!BN_nnmod(R, Y, n, ctx)) -+ goto err; -+ } -+ } else { -+ BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); -+ goto err; -+ } -+ ret = R; -+ err: -+ if ((ret == NULL) && (in == NULL)) -+ BN_free(R); -+ BN_CTX_end(ctx); -+ bn_check_top(ret); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -index 28f1fa8..3386f72 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c -@@ -27,12 +27,13 @@ - * - */ - --/* NOTE: This file is licensed pursuant to the OpenSSL license below -- * and may be modified; but after modifications, the above covenant -- * may no longer apply! In such cases, the corresponding paragraph -- * ["In addition, Sun covenants ... causes the infringement."] and -- * this note can be edited out; but please keep the Sun copyright -- * notice and attribution. */ -+/* -+ * NOTE: This file is licensed pursuant to the OpenSSL license below and may -+ * be modified; but after modifications, the above covenant may no longer -+ * apply! In such cases, the corresponding paragraph ["In addition, Sun -+ * covenants ... causes the infringement."] and this note can be edited out; -+ * but please keep the Sun copyright notice and attribution. -+ */ - - /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -@@ -42,7 +43,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -94,1055 +95,1275 @@ - #include "cryptlib.h" - #include "bn_lcl.h" - --/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */ -+/* -+ * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should -+ * fail. -+ */ - #define MAX_ITERATIONS 50 - --static const BN_ULONG SQR_tb[16] = -- { 0, 1, 4, 5, 16, 17, 20, 21, -- 64, 65, 68, 69, 80, 81, 84, 85 }; -+static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, -+ 64, 65, 68, 69, 80, 81, 84, 85 -+}; -+ - /* Platform-specific macros to accelerate squaring. */ - #if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) --#define SQR1(w) \ -+# define SQR1(w) \ - SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ - SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ - SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ - SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] --#define SQR0(w) \ -+# define SQR0(w) \ - SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ - SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] - #endif - #ifdef THIRTY_TWO_BIT --#define SQR1(w) \ -+# define SQR1(w) \ - SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ - SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] --#define SQR0(w) \ -+# define SQR0(w) \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] - #endif - #ifdef SIXTEEN_BIT --#define SQR1(w) \ -+# define SQR1(w) \ - SQR_tb[(w) >> 12 & 0xF] << 8 | SQR_tb[(w) >> 8 & 0xF] --#define SQR0(w) \ -+# define SQR0(w) \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] - #endif - #ifdef EIGHT_BIT --#define SQR1(w) \ -+# define SQR1(w) \ - SQR_tb[(w) >> 4 & 0xF] --#define SQR0(w) \ -+# define SQR0(w) \ - SQR_tb[(w) & 15] - #endif - --/* Product of two polynomials a, b each with degree < BN_BITS2 - 1, -- * result is a polynomial r with degree < 2 * BN_BITS - 1 -- * The caller MUST ensure that the variables have the right amount -- * of space allocated. -+/* -+ * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is -+ * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that -+ * the variables have the right amount of space allocated. - */ - #ifdef EIGHT_BIT --static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) -- { -- register BN_ULONG h, l, s; -- BN_ULONG tab[4], top1b = a >> 7; -- register BN_ULONG a1, a2; -- -- a1 = a & (0x7F); a2 = a1 << 1; -- -- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; -- -- s = tab[b & 0x3]; l = s; -- s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 6; -- s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4; -- s = tab[b >> 6 ]; l ^= s << 6; h ^= s >> 2; -- -- /* compensate for the top bit of a */ -- -- if (top1b & 01) { l ^= b << 7; h ^= b >> 1; } -- -- *r1 = h; *r0 = l; -- } -+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, -+ const BN_ULONG b) -+{ -+ register BN_ULONG h, l, s; -+ BN_ULONG tab[4], top1b = a >> 7; -+ register BN_ULONG a1, a2; -+ -+ a1 = a & (0x7F); -+ a2 = a1 << 1; -+ -+ tab[0] = 0; -+ tab[1] = a1; -+ tab[2] = a2; -+ tab[3] = a1 ^ a2; -+ -+ s = tab[b & 0x3]; -+ l = s; -+ s = tab[b >> 2 & 0x3]; -+ l ^= s << 2; -+ h = s >> 6; -+ s = tab[b >> 4 & 0x3]; -+ l ^= s << 4; -+ h ^= s >> 4; -+ s = tab[b >> 6]; -+ l ^= s << 6; -+ h ^= s >> 2; -+ -+ /* compensate for the top bit of a */ -+ -+ if (top1b & 01) { -+ l ^= b << 7; -+ h ^= b >> 1; -+ } -+ -+ *r1 = h; -+ *r0 = l; -+} - #endif - #ifdef SIXTEEN_BIT --static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) -- { -- register BN_ULONG h, l, s; -- BN_ULONG tab[4], top1b = a >> 15; -- register BN_ULONG a1, a2; -- -- a1 = a & (0x7FFF); a2 = a1 << 1; -- -- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; -- -- s = tab[b & 0x3]; l = s; -- s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 14; -- s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 12; -- s = tab[b >> 6 & 0x3]; l ^= s << 6; h ^= s >> 10; -- s = tab[b >> 8 & 0x3]; l ^= s << 8; h ^= s >> 8; -- s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >> 6; -- s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >> 4; -- s = tab[b >>14 ]; l ^= s << 14; h ^= s >> 2; -- -- /* compensate for the top bit of a */ -- -- if (top1b & 01) { l ^= b << 15; h ^= b >> 1; } -- -- *r1 = h; *r0 = l; -- } -+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, -+ const BN_ULONG b) -+{ -+ register BN_ULONG h, l, s; -+ BN_ULONG tab[4], top1b = a >> 15; -+ register BN_ULONG a1, a2; -+ -+ a1 = a & (0x7FFF); -+ a2 = a1 << 1; -+ -+ tab[0] = 0; -+ tab[1] = a1; -+ tab[2] = a2; -+ tab[3] = a1 ^ a2; -+ -+ s = tab[b & 0x3]; -+ l = s; -+ s = tab[b >> 2 & 0x3]; -+ l ^= s << 2; -+ h = s >> 14; -+ s = tab[b >> 4 & 0x3]; -+ l ^= s << 4; -+ h ^= s >> 12; -+ s = tab[b >> 6 & 0x3]; -+ l ^= s << 6; -+ h ^= s >> 10; -+ s = tab[b >> 8 & 0x3]; -+ l ^= s << 8; -+ h ^= s >> 8; -+ s = tab[b >> 10 & 0x3]; -+ l ^= s << 10; -+ h ^= s >> 6; -+ s = tab[b >> 12 & 0x3]; -+ l ^= s << 12; -+ h ^= s >> 4; -+ s = tab[b >> 14]; -+ l ^= s << 14; -+ h ^= s >> 2; -+ -+ /* compensate for the top bit of a */ -+ -+ if (top1b & 01) { -+ l ^= b << 15; -+ h ^= b >> 1; -+ } -+ -+ *r1 = h; -+ *r0 = l; -+} - #endif - #ifdef THIRTY_TWO_BIT --static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) -- { -- register BN_ULONG h, l, s; -- BN_ULONG tab[8], top2b = a >> 30; -- register BN_ULONG a1, a2, a4; -- -- a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1; -- -- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; -- tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4; -- -- s = tab[b & 0x7]; l = s; -- s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29; -- s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26; -- s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23; -- s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20; -- s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17; -- s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14; -- s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11; -- s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8; -- s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5; -- s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2; -- -- /* compensate for the top two bits of a */ -- -- if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } -- if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } -- -- *r1 = h; *r0 = l; -- } -+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, -+ const BN_ULONG b) -+{ -+ register BN_ULONG h, l, s; -+ BN_ULONG tab[8], top2b = a >> 30; -+ register BN_ULONG a1, a2, a4; -+ -+ a1 = a & (0x3FFFFFFF); -+ a2 = a1 << 1; -+ a4 = a2 << 1; -+ -+ tab[0] = 0; -+ tab[1] = a1; -+ tab[2] = a2; -+ tab[3] = a1 ^ a2; -+ tab[4] = a4; -+ tab[5] = a1 ^ a4; -+ tab[6] = a2 ^ a4; -+ tab[7] = a1 ^ a2 ^ a4; -+ -+ s = tab[b & 0x7]; -+ l = s; -+ s = tab[b >> 3 & 0x7]; -+ l ^= s << 3; -+ h = s >> 29; -+ s = tab[b >> 6 & 0x7]; -+ l ^= s << 6; -+ h ^= s >> 26; -+ s = tab[b >> 9 & 0x7]; -+ l ^= s << 9; -+ h ^= s >> 23; -+ s = tab[b >> 12 & 0x7]; -+ l ^= s << 12; -+ h ^= s >> 20; -+ s = tab[b >> 15 & 0x7]; -+ l ^= s << 15; -+ h ^= s >> 17; -+ s = tab[b >> 18 & 0x7]; -+ l ^= s << 18; -+ h ^= s >> 14; -+ s = tab[b >> 21 & 0x7]; -+ l ^= s << 21; -+ h ^= s >> 11; -+ s = tab[b >> 24 & 0x7]; -+ l ^= s << 24; -+ h ^= s >> 8; -+ s = tab[b >> 27 & 0x7]; -+ l ^= s << 27; -+ h ^= s >> 5; -+ s = tab[b >> 30]; -+ l ^= s << 30; -+ h ^= s >> 2; -+ -+ /* compensate for the top two bits of a */ -+ -+ if (top2b & 01) { -+ l ^= b << 30; -+ h ^= b >> 2; -+ } -+ if (top2b & 02) { -+ l ^= b << 31; -+ h ^= b >> 1; -+ } -+ -+ *r1 = h; -+ *r0 = l; -+} - #endif - #if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) --static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) -- { -- register BN_ULONG h, l, s; -- BN_ULONG tab[16], top3b = a >> 61; -- register BN_ULONG a1, a2, a4, a8; -- -- a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1; -- -- tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2; -- tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4; -- tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8; -- tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8; -- -- s = tab[b & 0xF]; l = s; -- s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60; -- s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56; -- s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52; -- s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48; -- s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44; -- s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40; -- s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36; -- s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32; -- s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28; -- s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24; -- s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20; -- s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16; -- s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12; -- s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8; -- s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4; -- -- /* compensate for the top three bits of a */ -- -- if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } -- if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } -- if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } -- -- *r1 = h; *r0 = l; -- } -+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, -+ const BN_ULONG b) -+{ -+ register BN_ULONG h, l, s; -+ BN_ULONG tab[16], top3b = a >> 61; -+ register BN_ULONG a1, a2, a4, a8; -+ -+ a1 = a & (0x1FFFFFFFFFFFFFFFULL); -+ a2 = a1 << 1; -+ a4 = a2 << 1; -+ a8 = a4 << 1; -+ -+ tab[0] = 0; -+ tab[1] = a1; -+ tab[2] = a2; -+ tab[3] = a1 ^ a2; -+ tab[4] = a4; -+ tab[5] = a1 ^ a4; -+ tab[6] = a2 ^ a4; -+ tab[7] = a1 ^ a2 ^ a4; -+ tab[8] = a8; -+ tab[9] = a1 ^ a8; -+ tab[10] = a2 ^ a8; -+ tab[11] = a1 ^ a2 ^ a8; -+ tab[12] = a4 ^ a8; -+ tab[13] = a1 ^ a4 ^ a8; -+ tab[14] = a2 ^ a4 ^ a8; -+ tab[15] = a1 ^ a2 ^ a4 ^ a8; -+ -+ s = tab[b & 0xF]; -+ l = s; -+ s = tab[b >> 4 & 0xF]; -+ l ^= s << 4; -+ h = s >> 60; -+ s = tab[b >> 8 & 0xF]; -+ l ^= s << 8; -+ h ^= s >> 56; -+ s = tab[b >> 12 & 0xF]; -+ l ^= s << 12; -+ h ^= s >> 52; -+ s = tab[b >> 16 & 0xF]; -+ l ^= s << 16; -+ h ^= s >> 48; -+ s = tab[b >> 20 & 0xF]; -+ l ^= s << 20; -+ h ^= s >> 44; -+ s = tab[b >> 24 & 0xF]; -+ l ^= s << 24; -+ h ^= s >> 40; -+ s = tab[b >> 28 & 0xF]; -+ l ^= s << 28; -+ h ^= s >> 36; -+ s = tab[b >> 32 & 0xF]; -+ l ^= s << 32; -+ h ^= s >> 32; -+ s = tab[b >> 36 & 0xF]; -+ l ^= s << 36; -+ h ^= s >> 28; -+ s = tab[b >> 40 & 0xF]; -+ l ^= s << 40; -+ h ^= s >> 24; -+ s = tab[b >> 44 & 0xF]; -+ l ^= s << 44; -+ h ^= s >> 20; -+ s = tab[b >> 48 & 0xF]; -+ l ^= s << 48; -+ h ^= s >> 16; -+ s = tab[b >> 52 & 0xF]; -+ l ^= s << 52; -+ h ^= s >> 12; -+ s = tab[b >> 56 & 0xF]; -+ l ^= s << 56; -+ h ^= s >> 8; -+ s = tab[b >> 60]; -+ l ^= s << 60; -+ h ^= s >> 4; -+ -+ /* compensate for the top three bits of a */ -+ -+ if (top3b & 01) { -+ l ^= b << 61; -+ h ^= b >> 3; -+ } -+ if (top3b & 02) { -+ l ^= b << 62; -+ h ^= b >> 2; -+ } -+ if (top3b & 04) { -+ l ^= b << 63; -+ h ^= b >> 1; -+ } -+ -+ *r1 = h; -+ *r0 = l; -+} - #endif - --/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, -- * result is a polynomial r with degree < 4 * BN_BITS2 - 1 -- * The caller MUST ensure that the variables have the right amount -- * of space allocated. -+/* -+ * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, -+ * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST -+ * ensure that the variables have the right amount of space allocated. - */ --static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0) -- { -- BN_ULONG m1, m0; -- /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ -- bn_GF2m_mul_1x1(r+3, r+2, a1, b1); -- bn_GF2m_mul_1x1(r+1, r, a0, b0); -- bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); -- /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ -- r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ -- r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ -- } -- -- --/* Add polynomials a and b and store result in r; r could be a or b, a and b -+static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, -+ const BN_ULONG b1, const BN_ULONG b0) -+{ -+ BN_ULONG m1, m0; -+ /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ -+ bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1); -+ bn_GF2m_mul_1x1(r + 1, r, a0, b0); -+ bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); -+ /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ -+ r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ -+ r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ -+} -+ -+/* -+ * Add polynomials a and b and store result in r; r could be a or b, a and b - * could be equal; r is the bitwise XOR of a and b. - */ --int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -- { -- int i; -- const BIGNUM *at, *bt; -- -- bn_check_top(a); -- bn_check_top(b); -- -- if (a->top < b->top) { at = b; bt = a; } -- else { at = a; bt = b; } -- -- if(bn_wexpand(r, at->top) == NULL) -- return 0; -- -- for (i = 0; i < bt->top; i++) -- { -- r->d[i] = at->d[i] ^ bt->d[i]; -- } -- for (; i < at->top; i++) -- { -- r->d[i] = at->d[i]; -- } -- -- r->top = at->top; -- bn_correct_top(r); -- -- return 1; -- } -- -- --/* Some functions allow for representation of the irreducible polynomials -+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -+{ -+ int i; -+ const BIGNUM *at, *bt; -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ -+ if (a->top < b->top) { -+ at = b; -+ bt = a; -+ } else { -+ at = a; -+ bt = b; -+ } -+ -+ if (bn_wexpand(r, at->top) == NULL) -+ return 0; -+ -+ for (i = 0; i < bt->top; i++) { -+ r->d[i] = at->d[i] ^ bt->d[i]; -+ } -+ for (; i < at->top; i++) { -+ r->d[i] = at->d[i]; -+ } -+ -+ r->top = at->top; -+ bn_correct_top(r); -+ -+ return 1; -+} -+ -+/*- -+ * Some functions allow for representation of the irreducible polynomials - * as an int[], say p. The irreducible f(t) is then of the form: - * t^p[0] + t^p[1] + ... + t^p[k] - * where m = p[0] > p[1] > ... > p[k] = 0. - */ - -- - /* Performs modular reduction of a and store result in r. r could be a. */ - int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) -- { -- int j, k; -- int n, dN, d0, d1; -- BN_ULONG zz, *z; -- -- bn_check_top(a); -- -- if (!p[0]) -- { -- /* reduction mod 1 => return 0 */ -- BN_zero(r); -- return 1; -- } -- -- /* Since the algorithm does reduction in the r value, if a != r, copy -- * the contents of a into r so we can do reduction in r. -- */ -- if (a != r) -- { -- if (!bn_wexpand(r, a->top)) return 0; -- for (j = 0; j < a->top; j++) -- { -- r->d[j] = a->d[j]; -- } -- r->top = a->top; -- } -- z = r->d; -- -- /* start reduction */ -- dN = p[0] / BN_BITS2; -- for (j = r->top - 1; j > dN;) -- { -- zz = z[j]; -- if (z[j] == 0) { j--; continue; } -- z[j] = 0; -- -- for (k = 1; p[k] != 0; k++) -- { -- /* reducing component t^p[k] */ -- n = p[0] - p[k]; -- d0 = n % BN_BITS2; d1 = BN_BITS2 - d0; -- n /= BN_BITS2; -- z[j-n] ^= (zz>>d0); -- if (d0) z[j-n-1] ^= (zz<> d0); -- if (d0) z[j-n-1] ^= (zz << d1); -- } -- -- /* final round of reduction */ -- while (j == dN) -- { -- -- d0 = p[0] % BN_BITS2; -- zz = z[dN] >> d0; -- if (zz == 0) break; -- d1 = BN_BITS2 - d0; -- -- /* clear up the top d1 bits */ -- if (d0) -- z[dN] = (z[dN] << d1) >> d1; -- else -- z[dN] = 0; -- z[0] ^= zz; /* reduction t^0 component */ -- -- for (k = 1; p[k] != 0; k++) -- { -- BN_ULONG tmp_ulong; -- -- /* reducing component t^p[k]*/ -- n = p[k] / BN_BITS2; -- d0 = p[k] % BN_BITS2; -- d1 = BN_BITS2 - d0; -- z[n] ^= (zz << d0); -- tmp_ulong = zz >> d1; -- if (d0 && tmp_ulong) -- z[n+1] ^= tmp_ulong; -- } -- -- -- } -- -- bn_correct_top(r); -- return 1; -- } -- --/* Performs modular reduction of a by p and store result in r. r could be a. -- * -+{ -+ int j, k; -+ int n, dN, d0, d1; -+ BN_ULONG zz, *z; -+ -+ bn_check_top(a); -+ -+ if (!p[0]) { -+ /* reduction mod 1 => return 0 */ -+ BN_zero(r); -+ return 1; -+ } -+ -+ /* -+ * Since the algorithm does reduction in the r value, if a != r, copy the -+ * contents of a into r so we can do reduction in r. -+ */ -+ if (a != r) { -+ if (!bn_wexpand(r, a->top)) -+ return 0; -+ for (j = 0; j < a->top; j++) { -+ r->d[j] = a->d[j]; -+ } -+ r->top = a->top; -+ } -+ z = r->d; -+ -+ /* start reduction */ -+ dN = p[0] / BN_BITS2; -+ for (j = r->top - 1; j > dN;) { -+ zz = z[j]; -+ if (z[j] == 0) { -+ j--; -+ continue; -+ } -+ z[j] = 0; -+ -+ for (k = 1; p[k] != 0; k++) { -+ /* reducing component t^p[k] */ -+ n = p[0] - p[k]; -+ d0 = n % BN_BITS2; -+ d1 = BN_BITS2 - d0; -+ n /= BN_BITS2; -+ z[j - n] ^= (zz >> d0); -+ if (d0) -+ z[j - n - 1] ^= (zz << d1); -+ } -+ -+ /* reducing component t^0 */ -+ n = dN; -+ d0 = p[0] % BN_BITS2; -+ d1 = BN_BITS2 - d0; -+ z[j - n] ^= (zz >> d0); -+ if (d0) -+ z[j - n - 1] ^= (zz << d1); -+ } -+ -+ /* final round of reduction */ -+ while (j == dN) { -+ -+ d0 = p[0] % BN_BITS2; -+ zz = z[dN] >> d0; -+ if (zz == 0) -+ break; -+ d1 = BN_BITS2 - d0; -+ -+ /* clear up the top d1 bits */ -+ if (d0) -+ z[dN] = (z[dN] << d1) >> d1; -+ else -+ z[dN] = 0; -+ z[0] ^= zz; /* reduction t^0 component */ -+ -+ for (k = 1; p[k] != 0; k++) { -+ BN_ULONG tmp_ulong; -+ -+ /* reducing component t^p[k] */ -+ n = p[k] / BN_BITS2; -+ d0 = p[k] % BN_BITS2; -+ d1 = BN_BITS2 - d0; -+ z[n] ^= (zz << d0); -+ tmp_ulong = zz >> d1; -+ if (d0 && tmp_ulong) -+ z[n + 1] ^= tmp_ulong; -+ } -+ -+ } -+ -+ bn_correct_top(r); -+ return 1; -+} -+ -+/* -+ * Performs modular reduction of a by p and store result in r. r could be a. - * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper -- * function is only provided for convenience; for best performance, use the -+ * function is only provided for convenience; for best performance, use the - * BN_GF2m_mod_arr function. - */ --int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) -- { -- int ret = 0; -- const int max = BN_num_bits(p); -- unsigned int *arr=NULL; -- bn_check_top(a); -- bn_check_top(p); -- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; -- ret = BN_GF2m_poly2arr(p, arr, max); -- if (!ret || ret > max) -- { -- BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH); -- goto err; -- } -- ret = BN_GF2m_mod_arr(r, a, arr); -- bn_check_top(r); --err: -- if (arr) OPENSSL_free(arr); -- return ret; -- } -- -- --/* Compute the product of two polynomials a and b, reduce modulo p, and store -+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) -+{ -+ int ret = 0; -+ const int max = BN_num_bits(p); -+ unsigned int *arr = NULL; -+ bn_check_top(a); -+ bn_check_top(p); -+ if ((arr = -+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) -+ goto err; -+ ret = BN_GF2m_poly2arr(p, arr, max); -+ if (!ret || ret > max) { -+ BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); -+ goto err; -+ } -+ ret = BN_GF2m_mod_arr(r, a, arr); -+ bn_check_top(r); -+ err: -+ if (arr) -+ OPENSSL_free(arr); -+ return ret; -+} -+ -+/* -+ * Compute the product of two polynomials a and b, reduce modulo p, and store - * the result in r. r could be a or b; a could be b. - */ --int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx) -- { -- int zlen, i, j, k, ret = 0; -- BIGNUM *s; -- BN_ULONG x1, x0, y1, y0, zz[4]; -- -- bn_check_top(a); -- bn_check_top(b); -- -- if (a == b) -- { -- return BN_GF2m_mod_sqr_arr(r, a, p, ctx); -- } -- -- BN_CTX_start(ctx); -- if ((s = BN_CTX_get(ctx)) == NULL) goto err; -- -- zlen = a->top + b->top + 4; -- if (!bn_wexpand(s, zlen)) goto err; -- s->top = zlen; -- -- for (i = 0; i < zlen; i++) s->d[i] = 0; -- -- for (j = 0; j < b->top; j += 2) -- { -- y0 = b->d[j]; -- y1 = ((j+1) == b->top) ? 0 : b->d[j+1]; -- for (i = 0; i < a->top; i += 2) -- { -- x0 = a->d[i]; -- x1 = ((i+1) == a->top) ? 0 : a->d[i+1]; -- bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); -- for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k]; -- } -- } -- -- bn_correct_top(s); -- if (BN_GF2m_mod_arr(r, s, p)) -- ret = 1; -- bn_check_top(r); -- --err: -- BN_CTX_end(ctx); -- return ret; -- } -- --/* Compute the product of two polynomials a and b, reduce modulo p, and store -- * the result in r. r could be a or b; a could equal b. -- * -- * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper -- * function is only provided for convenience; for best performance, use the -+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const unsigned int p[], BN_CTX *ctx) -+{ -+ int zlen, i, j, k, ret = 0; -+ BIGNUM *s; -+ BN_ULONG x1, x0, y1, y0, zz[4]; -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ -+ if (a == b) { -+ return BN_GF2m_mod_sqr_arr(r, a, p, ctx); -+ } -+ -+ BN_CTX_start(ctx); -+ if ((s = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ -+ zlen = a->top + b->top + 4; -+ if (!bn_wexpand(s, zlen)) -+ goto err; -+ s->top = zlen; -+ -+ for (i = 0; i < zlen; i++) -+ s->d[i] = 0; -+ -+ for (j = 0; j < b->top; j += 2) { -+ y0 = b->d[j]; -+ y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1]; -+ for (i = 0; i < a->top; i += 2) { -+ x0 = a->d[i]; -+ x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1]; -+ bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); -+ for (k = 0; k < 4; k++) -+ s->d[i + j + k] ^= zz[k]; -+ } -+ } -+ -+ bn_correct_top(s); -+ if (BN_GF2m_mod_arr(r, s, p)) -+ ret = 1; -+ bn_check_top(r); -+ -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} -+ -+/* -+ * Compute the product of two polynomials a and b, reduce modulo p, and store -+ * the result in r. r could be a or b; a could equal b. This function calls -+ * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is -+ * only provided for convenience; for best performance, use the - * BN_GF2m_mod_mul_arr function. - */ --int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) -- { -- int ret = 0; -- const int max = BN_num_bits(p); -- unsigned int *arr=NULL; -- bn_check_top(a); -- bn_check_top(b); -- bn_check_top(p); -- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; -- ret = BN_GF2m_poly2arr(p, arr, max); -- if (!ret || ret > max) -- { -- BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH); -- goto err; -- } -- ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); -- bn_check_top(r); --err: -- if (arr) OPENSSL_free(arr); -- return ret; -- } -- -+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *p, BN_CTX *ctx) -+{ -+ int ret = 0; -+ const int max = BN_num_bits(p); -+ unsigned int *arr = NULL; -+ bn_check_top(a); -+ bn_check_top(b); -+ bn_check_top(p); -+ if ((arr = -+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) -+ goto err; -+ ret = BN_GF2m_poly2arr(p, arr, max); -+ if (!ret || ret > max) { -+ BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH); -+ goto err; -+ } -+ ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); -+ bn_check_top(r); -+ err: -+ if (arr) -+ OPENSSL_free(arr); -+ return ret; -+} - - /* Square a, reduce the result mod p, and store it in a. r could be a. */ --int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx) -- { -- int i, ret = 0; -- BIGNUM *s; -- -- bn_check_top(a); -- BN_CTX_start(ctx); -- if ((s = BN_CTX_get(ctx)) == NULL) return 0; -- if (!bn_wexpand(s, 2 * a->top)) goto err; -- -- for (i = a->top - 1; i >= 0; i--) -- { -- s->d[2*i+1] = SQR1(a->d[i]); -- s->d[2*i ] = SQR0(a->d[i]); -- } -- -- s->top = 2 * a->top; -- bn_correct_top(s); -- if (!BN_GF2m_mod_arr(r, s, p)) goto err; -- bn_check_top(r); -- ret = 1; --err: -- BN_CTX_end(ctx); -- return ret; -- } -- --/* Square a, reduce the result mod p, and store it in a. r could be a. -- * -- * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper -- * function is only provided for convenience; for best performance, use the -- * BN_GF2m_mod_sqr_arr function. -+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], -+ BN_CTX *ctx) -+{ -+ int i, ret = 0; -+ BIGNUM *s; -+ -+ bn_check_top(a); -+ BN_CTX_start(ctx); -+ if ((s = BN_CTX_get(ctx)) == NULL) -+ return 0; -+ if (!bn_wexpand(s, 2 * a->top)) -+ goto err; -+ -+ for (i = a->top - 1; i >= 0; i--) { -+ s->d[2 * i + 1] = SQR1(a->d[i]); -+ s->d[2 * i] = SQR0(a->d[i]); -+ } -+ -+ s->top = 2 * a->top; -+ bn_correct_top(s); -+ if (!BN_GF2m_mod_arr(r, s, p)) -+ goto err; -+ bn_check_top(r); -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} -+ -+/* -+ * Square a, reduce the result mod p, and store it in a. r could be a. This -+ * function calls down to the BN_GF2m_mod_sqr_arr implementation; this -+ * wrapper function is only provided for convenience; for best performance, -+ * use the BN_GF2m_mod_sqr_arr function. - */ --int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -- { -- int ret = 0; -- const int max = BN_num_bits(p); -- unsigned int *arr=NULL; -- -- bn_check_top(a); -- bn_check_top(p); -- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; -- ret = BN_GF2m_poly2arr(p, arr, max); -- if (!ret || ret > max) -- { -- BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH); -- goto err; -- } -- ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); -- bn_check_top(r); --err: -- if (arr) OPENSSL_free(arr); -- return ret; -- } -- -- --/* Invert a, reduce modulo p, and store the result in r. r could be a. -- * Uses Modified Almost Inverse Algorithm (Algorithm 10) from -- * Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation -- * of Elliptic Curve Cryptography Over Binary Fields". -+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -+{ -+ int ret = 0; -+ const int max = BN_num_bits(p); -+ unsigned int *arr = NULL; -+ -+ bn_check_top(a); -+ bn_check_top(p); -+ if ((arr = -+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) -+ goto err; -+ ret = BN_GF2m_poly2arr(p, arr, max); -+ if (!ret || ret > max) { -+ BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH); -+ goto err; -+ } -+ ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); -+ bn_check_top(r); -+ err: -+ if (arr) -+ OPENSSL_free(arr); -+ return ret; -+} -+ -+/* -+ * Invert a, reduce modulo p, and store the result in r. r could be a. Uses -+ * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D., -+ * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic -+ * Curve Cryptography Over Binary Fields". - */ - int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -- { -- BIGNUM *b, *c, *u, *v, *tmp; -- int ret = 0; -- -- bn_check_top(a); -- bn_check_top(p); -- -- BN_CTX_start(ctx); -- -- b = BN_CTX_get(ctx); -- c = BN_CTX_get(ctx); -- u = BN_CTX_get(ctx); -- v = BN_CTX_get(ctx); -- if (v == NULL) goto err; -- -- if (!BN_one(b)) goto err; -- if (!BN_GF2m_mod(u, a, p)) goto err; -- if (!BN_copy(v, p)) goto err; -- -- if (BN_is_zero(u)) goto err; -- -- while (1) -- { -- while (!BN_is_odd(u)) -- { -- if (BN_is_zero(u)) goto err; -- if (!BN_rshift1(u, u)) goto err; -- if (BN_is_odd(b)) -- { -- if (!BN_GF2m_add(b, b, p)) goto err; -- } -- if (!BN_rshift1(b, b)) goto err; -- } -- -- if (BN_abs_is_word(u, 1)) break; -- -- if (BN_num_bits(u) < BN_num_bits(v)) -- { -- tmp = u; u = v; v = tmp; -- tmp = b; b = c; c = tmp; -- } -- -- if (!BN_GF2m_add(u, u, v)) goto err; -- if (!BN_GF2m_add(b, b, c)) goto err; -- } -- -- -- if (!BN_copy(r, b)) goto err; -- bn_check_top(r); -- ret = 1; -- --err: -- BN_CTX_end(ctx); -- return ret; -- } -- --/* Invert xx, reduce modulo p, and store the result in r. r could be xx. -- * -- * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper -- * function is only provided for convenience; for best performance, use the -- * BN_GF2m_mod_inv function. -- */ --int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx) -- { -- BIGNUM *field; -- int ret = 0; -- -- bn_check_top(xx); -- BN_CTX_start(ctx); -- if ((field = BN_CTX_get(ctx)) == NULL) goto err; -- if (!BN_GF2m_arr2poly(p, field)) goto err; -- -- ret = BN_GF2m_mod_inv(r, xx, field, ctx); -- bn_check_top(r); -- --err: -- BN_CTX_end(ctx); -- return ret; -- } -+{ -+ BIGNUM *b, *c, *u, *v, *tmp; -+ int ret = 0; -+ -+ bn_check_top(a); -+ bn_check_top(p); -+ -+ BN_CTX_start(ctx); -+ -+ b = BN_CTX_get(ctx); -+ c = BN_CTX_get(ctx); -+ u = BN_CTX_get(ctx); -+ v = BN_CTX_get(ctx); -+ if (v == NULL) -+ goto err; -+ -+ if (!BN_one(b)) -+ goto err; -+ if (!BN_GF2m_mod(u, a, p)) -+ goto err; -+ if (!BN_copy(v, p)) -+ goto err; -+ -+ if (BN_is_zero(u)) -+ goto err; -+ -+ while (1) { -+ while (!BN_is_odd(u)) { -+ if (BN_is_zero(u)) -+ goto err; -+ if (!BN_rshift1(u, u)) -+ goto err; -+ if (BN_is_odd(b)) { -+ if (!BN_GF2m_add(b, b, p)) -+ goto err; -+ } -+ if (!BN_rshift1(b, b)) -+ goto err; -+ } -+ -+ if (BN_abs_is_word(u, 1)) -+ break; -+ -+ if (BN_num_bits(u) < BN_num_bits(v)) { -+ tmp = u; -+ u = v; -+ v = tmp; -+ tmp = b; -+ b = c; -+ c = tmp; -+ } -+ -+ if (!BN_GF2m_add(u, u, v)) -+ goto err; -+ if (!BN_GF2m_add(b, b, c)) -+ goto err; -+ } -+ -+ if (!BN_copy(r, b)) -+ goto err; -+ bn_check_top(r); -+ ret = 1; -+ -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} - -+/* -+ * Invert xx, reduce modulo p, and store the result in r. r could be xx. -+ * This function calls down to the BN_GF2m_mod_inv implementation; this -+ * wrapper function is only provided for convenience; for best performance, -+ * use the BN_GF2m_mod_inv function. -+ */ -+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], -+ BN_CTX *ctx) -+{ -+ BIGNUM *field; -+ int ret = 0; -+ -+ bn_check_top(xx); -+ BN_CTX_start(ctx); -+ if ((field = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ if (!BN_GF2m_arr2poly(p, field)) -+ goto err; -+ -+ ret = BN_GF2m_mod_inv(r, xx, field, ctx); -+ bn_check_top(r); -+ -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} - - #ifndef OPENSSL_SUN_GF2M_DIV --/* Divide y by x, reduce modulo p, and store the result in r. r could be x -+/* -+ * Divide y by x, reduce modulo p, and store the result in r. r could be x - * or y, x could equal y. - */ --int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx) -- { -- BIGNUM *xinv = NULL; -- int ret = 0; -- -- bn_check_top(y); -- bn_check_top(x); -- bn_check_top(p); -- -- BN_CTX_start(ctx); -- xinv = BN_CTX_get(ctx); -- if (xinv == NULL) goto err; -- -- if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err; -- if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err; -- bn_check_top(r); -- ret = 1; -- --err: -- BN_CTX_end(ctx); -- return ret; -- } -+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, -+ const BIGNUM *p, BN_CTX *ctx) -+{ -+ BIGNUM *xinv = NULL; -+ int ret = 0; -+ -+ bn_check_top(y); -+ bn_check_top(x); -+ bn_check_top(p); -+ -+ BN_CTX_start(ctx); -+ xinv = BN_CTX_get(ctx); -+ if (xinv == NULL) -+ goto err; -+ -+ if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) -+ goto err; -+ if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) -+ goto err; -+ bn_check_top(r); -+ ret = 1; -+ -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} - #else --/* Divide y by x, reduce modulo p, and store the result in r. r could be x -- * or y, x could equal y. -- * Uses algorithm Modular_Division_GF(2^m) from -- * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to -- * the Great Divide". -+/* -+ * Divide y by x, reduce modulo p, and store the result in r. r could be x -+ * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from -+ * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to the -+ * Great Divide". - */ --int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx) -- { -- BIGNUM *a, *b, *u, *v; -- int ret = 0; -- -- bn_check_top(y); -- bn_check_top(x); -- bn_check_top(p); -- -- BN_CTX_start(ctx); -- -- a = BN_CTX_get(ctx); -- b = BN_CTX_get(ctx); -- u = BN_CTX_get(ctx); -- v = BN_CTX_get(ctx); -- if (v == NULL) goto err; -- -- /* reduce x and y mod p */ -- if (!BN_GF2m_mod(u, y, p)) goto err; -- if (!BN_GF2m_mod(a, x, p)) goto err; -- if (!BN_copy(b, p)) goto err; -- -- while (!BN_is_odd(a)) -- { -- if (!BN_rshift1(a, a)) goto err; -- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err; -- if (!BN_rshift1(u, u)) goto err; -- } -- -- do -- { -- if (BN_GF2m_cmp(b, a) > 0) -- { -- if (!BN_GF2m_add(b, b, a)) goto err; -- if (!BN_GF2m_add(v, v, u)) goto err; -- do -- { -- if (!BN_rshift1(b, b)) goto err; -- if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err; -- if (!BN_rshift1(v, v)) goto err; -- } while (!BN_is_odd(b)); -- } -- else if (BN_abs_is_word(a, 1)) -- break; -- else -- { -- if (!BN_GF2m_add(a, a, b)) goto err; -- if (!BN_GF2m_add(u, u, v)) goto err; -- do -- { -- if (!BN_rshift1(a, a)) goto err; -- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err; -- if (!BN_rshift1(u, u)) goto err; -- } while (!BN_is_odd(a)); -- } -- } while (1); -- -- if (!BN_copy(r, u)) goto err; -- bn_check_top(r); -- ret = 1; -- --err: -- BN_CTX_end(ctx); -- return ret; -- } -+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, -+ const BIGNUM *p, BN_CTX *ctx) -+{ -+ BIGNUM *a, *b, *u, *v; -+ int ret = 0; -+ -+ bn_check_top(y); -+ bn_check_top(x); -+ bn_check_top(p); -+ -+ BN_CTX_start(ctx); -+ -+ a = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ u = BN_CTX_get(ctx); -+ v = BN_CTX_get(ctx); -+ if (v == NULL) -+ goto err; -+ -+ /* reduce x and y mod p */ -+ if (!BN_GF2m_mod(u, y, p)) -+ goto err; -+ if (!BN_GF2m_mod(a, x, p)) -+ goto err; -+ if (!BN_copy(b, p)) -+ goto err; -+ -+ while (!BN_is_odd(a)) { -+ if (!BN_rshift1(a, a)) -+ goto err; -+ if (BN_is_odd(u)) -+ if (!BN_GF2m_add(u, u, p)) -+ goto err; -+ if (!BN_rshift1(u, u)) -+ goto err; -+ } -+ -+ do { -+ if (BN_GF2m_cmp(b, a) > 0) { -+ if (!BN_GF2m_add(b, b, a)) -+ goto err; -+ if (!BN_GF2m_add(v, v, u)) -+ goto err; -+ do { -+ if (!BN_rshift1(b, b)) -+ goto err; -+ if (BN_is_odd(v)) -+ if (!BN_GF2m_add(v, v, p)) -+ goto err; -+ if (!BN_rshift1(v, v)) -+ goto err; -+ } while (!BN_is_odd(b)); -+ } else if (BN_abs_is_word(a, 1)) -+ break; -+ else { -+ if (!BN_GF2m_add(a, a, b)) -+ goto err; -+ if (!BN_GF2m_add(u, u, v)) -+ goto err; -+ do { -+ if (!BN_rshift1(a, a)) -+ goto err; -+ if (BN_is_odd(u)) -+ if (!BN_GF2m_add(u, u, p)) -+ goto err; -+ if (!BN_rshift1(u, u)) -+ goto err; -+ } while (!BN_is_odd(a)); -+ } -+ } while (1); -+ -+ if (!BN_copy(r, u)) -+ goto err; -+ bn_check_top(r); -+ ret = 1; -+ -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} - #endif - --/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx -- * or yy, xx could equal yy. -- * -- * This function calls down to the BN_GF2m_mod_div implementation; this wrapper -- * function is only provided for convenience; for best performance, use the -- * BN_GF2m_mod_div function. -+/* -+ * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx -+ * * or yy, xx could equal yy. This function calls down to the -+ * BN_GF2m_mod_div implementation; this wrapper function is only provided for -+ * convenience; for best performance, use the BN_GF2m_mod_div function. - */ --int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx) -- { -- BIGNUM *field; -- int ret = 0; -- -- bn_check_top(yy); -- bn_check_top(xx); -- -- BN_CTX_start(ctx); -- if ((field = BN_CTX_get(ctx)) == NULL) goto err; -- if (!BN_GF2m_arr2poly(p, field)) goto err; -- -- ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); -- bn_check_top(r); -- --err: -- BN_CTX_end(ctx); -- return ret; -- } -- -- --/* Compute the bth power of a, reduce modulo p, and store -- * the result in r. r could be a. -- * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363. -+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, -+ const unsigned int p[], BN_CTX *ctx) -+{ -+ BIGNUM *field; -+ int ret = 0; -+ -+ bn_check_top(yy); -+ bn_check_top(xx); -+ -+ BN_CTX_start(ctx); -+ if ((field = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ if (!BN_GF2m_arr2poly(p, field)) -+ goto err; -+ -+ ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); -+ bn_check_top(r); -+ -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} -+ -+/* -+ * Compute the bth power of a, reduce modulo p, and store the result in r. r -+ * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE -+ * P1363. - */ --int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx) -- { -- int ret = 0, i, n; -- BIGNUM *u; -- -- bn_check_top(a); -- bn_check_top(b); -- -- if (BN_is_zero(b)) -- return(BN_one(r)); -- -- if (BN_abs_is_word(b, 1)) -- return (BN_copy(r, a) != NULL); -- -- BN_CTX_start(ctx); -- if ((u = BN_CTX_get(ctx)) == NULL) goto err; -- -- if (!BN_GF2m_mod_arr(u, a, p)) goto err; -- -- n = BN_num_bits(b) - 1; -- for (i = n - 1; i >= 0; i--) -- { -- if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err; -- if (BN_is_bit_set(b, i)) -- { -- if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err; -- } -- } -- if (!BN_copy(r, u)) goto err; -- bn_check_top(r); -- ret = 1; --err: -- BN_CTX_end(ctx); -- return ret; -- } -- --/* Compute the bth power of a, reduce modulo p, and store -- * the result in r. r could be a. -- * -- * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper -- * function is only provided for convenience; for best performance, use the -- * BN_GF2m_mod_exp_arr function. -+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const unsigned int p[], BN_CTX *ctx) -+{ -+ int ret = 0, i, n; -+ BIGNUM *u; -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ -+ if (BN_is_zero(b)) -+ return (BN_one(r)); -+ -+ if (BN_abs_is_word(b, 1)) -+ return (BN_copy(r, a) != NULL); -+ -+ BN_CTX_start(ctx); -+ if ((u = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ -+ if (!BN_GF2m_mod_arr(u, a, p)) -+ goto err; -+ -+ n = BN_num_bits(b) - 1; -+ for (i = n - 1; i >= 0; i--) { -+ if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) -+ goto err; -+ if (BN_is_bit_set(b, i)) { -+ if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) -+ goto err; -+ } -+ } -+ if (!BN_copy(r, u)) -+ goto err; -+ bn_check_top(r); -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} -+ -+/* -+ * Compute the bth power of a, reduce modulo p, and store the result in r. r -+ * could be a. This function calls down to the BN_GF2m_mod_exp_arr -+ * implementation; this wrapper function is only provided for convenience; -+ * for best performance, use the BN_GF2m_mod_exp_arr function. - */ --int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) -- { -- int ret = 0; -- const int max = BN_num_bits(p); -- unsigned int *arr=NULL; -- bn_check_top(a); -- bn_check_top(b); -- bn_check_top(p); -- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; -- ret = BN_GF2m_poly2arr(p, arr, max); -- if (!ret || ret > max) -- { -- BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); -- goto err; -- } -- ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); -- bn_check_top(r); --err: -- if (arr) OPENSSL_free(arr); -- return ret; -- } -- --/* Compute the square root of a, reduce modulo p, and store -- * the result in r. r could be a. -- * Uses exponentiation as in algorithm A.4.1 from IEEE P1363. -+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *p, BN_CTX *ctx) -+{ -+ int ret = 0; -+ const int max = BN_num_bits(p); -+ unsigned int *arr = NULL; -+ bn_check_top(a); -+ bn_check_top(b); -+ bn_check_top(p); -+ if ((arr = -+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) -+ goto err; -+ ret = BN_GF2m_poly2arr(p, arr, max); -+ if (!ret || ret > max) { -+ BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH); -+ goto err; -+ } -+ ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); -+ bn_check_top(r); -+ err: -+ if (arr) -+ OPENSSL_free(arr); -+ return ret; -+} -+ -+/* -+ * Compute the square root of a, reduce modulo p, and store the result in r. -+ * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363. - */ --int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx) -- { -- int ret = 0; -- BIGNUM *u; -- -- bn_check_top(a); -- -- if (!p[0]) -- { -- /* reduction mod 1 => return 0 */ -- BN_zero(r); -- return 1; -- } -- -- BN_CTX_start(ctx); -- if ((u = BN_CTX_get(ctx)) == NULL) goto err; -- -- if (!BN_set_bit(u, p[0] - 1)) goto err; -- ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); -- bn_check_top(r); -- --err: -- BN_CTX_end(ctx); -- return ret; -- } -- --/* Compute the square root of a, reduce modulo p, and store -- * the result in r. r could be a. -- * -- * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper -- * function is only provided for convenience; for best performance, use the -- * BN_GF2m_mod_sqrt_arr function. -+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], -+ BN_CTX *ctx) -+{ -+ int ret = 0; -+ BIGNUM *u; -+ -+ bn_check_top(a); -+ -+ if (!p[0]) { -+ /* reduction mod 1 => return 0 */ -+ BN_zero(r); -+ return 1; -+ } -+ -+ BN_CTX_start(ctx); -+ if ((u = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ -+ if (!BN_set_bit(u, p[0] - 1)) -+ goto err; -+ ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); -+ bn_check_top(r); -+ -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} -+ -+/* -+ * Compute the square root of a, reduce modulo p, and store the result in r. -+ * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr -+ * implementation; this wrapper function is only provided for convenience; -+ * for best performance, use the BN_GF2m_mod_sqrt_arr function. - */ - int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -- { -- int ret = 0; -- const int max = BN_num_bits(p); -- unsigned int *arr=NULL; -- bn_check_top(a); -- bn_check_top(p); -- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; -- ret = BN_GF2m_poly2arr(p, arr, max); -- if (!ret || ret > max) -- { -- BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH); -- goto err; -- } -- ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); -- bn_check_top(r); --err: -- if (arr) OPENSSL_free(arr); -- return ret; -- } -- --/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. -- * Uses algorithms A.4.7 and A.4.6 from IEEE P1363. -+{ -+ int ret = 0; -+ const int max = BN_num_bits(p); -+ unsigned int *arr = NULL; -+ bn_check_top(a); -+ bn_check_top(p); -+ if ((arr = -+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) -+ goto err; -+ ret = BN_GF2m_poly2arr(p, arr, max); -+ if (!ret || ret > max) { -+ BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH); -+ goto err; -+ } -+ ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); -+ bn_check_top(r); -+ err: -+ if (arr) -+ OPENSSL_free(arr); -+ return ret; -+} -+ -+/* -+ * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns -+ * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363. - */ --int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx) -- { -- int ret = 0, count = 0; -- unsigned int j; -- BIGNUM *a, *z, *rho, *w, *w2, *tmp; -- -- bn_check_top(a_); -- -- if (!p[0]) -- { -- /* reduction mod 1 => return 0 */ -- BN_zero(r); -- return 1; -- } -- -- BN_CTX_start(ctx); -- a = BN_CTX_get(ctx); -- z = BN_CTX_get(ctx); -- w = BN_CTX_get(ctx); -- if (w == NULL) goto err; -- -- if (!BN_GF2m_mod_arr(a, a_, p)) goto err; -- -- if (BN_is_zero(a)) -- { -- BN_zero(r); -- ret = 1; -- goto err; -- } -- -- if (p[0] & 0x1) /* m is odd */ -- { -- /* compute half-trace of a */ -- if (!BN_copy(z, a)) goto err; -- for (j = 1; j <= (p[0] - 1) / 2; j++) -- { -- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; -- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; -- if (!BN_GF2m_add(z, z, a)) goto err; -- } -- -- } -- else /* m is even */ -- { -- rho = BN_CTX_get(ctx); -- w2 = BN_CTX_get(ctx); -- tmp = BN_CTX_get(ctx); -- if (tmp == NULL) goto err; -- do -- { -- if (!BN_rand(rho, p[0], 0, 0)) goto err; -- if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; -- BN_zero(z); -- if (!BN_copy(w, rho)) goto err; -- for (j = 1; j <= p[0] - 1; j++) -- { -- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; -- if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err; -- if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err; -- if (!BN_GF2m_add(z, z, tmp)) goto err; -- if (!BN_GF2m_add(w, w2, rho)) goto err; -- } -- count++; -- } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); -- if (BN_is_zero(w)) -- { -- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS); -- goto err; -- } -- } -- -- if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err; -- if (!BN_GF2m_add(w, z, w)) goto err; -- if (BN_GF2m_cmp(w, a)) -- { -- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION); -- goto err; -- } -- -- if (!BN_copy(r, z)) goto err; -- bn_check_top(r); -- -- ret = 1; -- --err: -- BN_CTX_end(ctx); -- return ret; -- } -- --/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. -- * -- * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper -- * function is only provided for convenience; for best performance, use the -- * BN_GF2m_mod_solve_quad_arr function. -+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, -+ const unsigned int p[], BN_CTX *ctx) -+{ -+ int ret = 0, count = 0; -+ unsigned int j; -+ BIGNUM *a, *z, *rho, *w, *w2, *tmp; -+ -+ bn_check_top(a_); -+ -+ if (!p[0]) { -+ /* reduction mod 1 => return 0 */ -+ BN_zero(r); -+ return 1; -+ } -+ -+ BN_CTX_start(ctx); -+ a = BN_CTX_get(ctx); -+ z = BN_CTX_get(ctx); -+ w = BN_CTX_get(ctx); -+ if (w == NULL) -+ goto err; -+ -+ if (!BN_GF2m_mod_arr(a, a_, p)) -+ goto err; -+ -+ if (BN_is_zero(a)) { -+ BN_zero(r); -+ ret = 1; -+ goto err; -+ } -+ -+ if (p[0] & 0x1) { /* m is odd */ -+ /* compute half-trace of a */ -+ if (!BN_copy(z, a)) -+ goto err; -+ for (j = 1; j <= (p[0] - 1) / 2; j++) { -+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) -+ goto err; -+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) -+ goto err; -+ if (!BN_GF2m_add(z, z, a)) -+ goto err; -+ } -+ -+ } else { /* m is even */ -+ -+ rho = BN_CTX_get(ctx); -+ w2 = BN_CTX_get(ctx); -+ tmp = BN_CTX_get(ctx); -+ if (tmp == NULL) -+ goto err; -+ do { -+ if (!BN_rand(rho, p[0], 0, 0)) -+ goto err; -+ if (!BN_GF2m_mod_arr(rho, rho, p)) -+ goto err; -+ BN_zero(z); -+ if (!BN_copy(w, rho)) -+ goto err; -+ for (j = 1; j <= p[0] - 1; j++) { -+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) -+ goto err; -+ if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) -+ goto err; -+ if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) -+ goto err; -+ if (!BN_GF2m_add(z, z, tmp)) -+ goto err; -+ if (!BN_GF2m_add(w, w2, rho)) -+ goto err; -+ } -+ count++; -+ } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); -+ if (BN_is_zero(w)) { -+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS); -+ goto err; -+ } -+ } -+ -+ if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) -+ goto err; -+ if (!BN_GF2m_add(w, z, w)) -+ goto err; -+ if (BN_GF2m_cmp(w, a)) { -+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION); -+ goto err; -+ } -+ -+ if (!BN_copy(r, z)) -+ goto err; -+ bn_check_top(r); -+ -+ ret = 1; -+ -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} -+ -+/* -+ * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns -+ * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr -+ * implementation; this wrapper function is only provided for convenience; -+ * for best performance, use the BN_GF2m_mod_solve_quad_arr function. - */ --int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -- { -- int ret = 0; -- const int max = BN_num_bits(p); -- unsigned int *arr=NULL; -- bn_check_top(a); -- bn_check_top(p); -- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * -- max)) == NULL) goto err; -- ret = BN_GF2m_poly2arr(p, arr, max); -- if (!ret || ret > max) -- { -- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH); -- goto err; -- } -- ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); -- bn_check_top(r); --err: -- if (arr) OPENSSL_free(arr); -- return ret; -- } -- --/* Convert the bit-string representation of a polynomial -- * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array -- * of integers corresponding to the bits with non-zero coefficient. -- * Up to max elements of the array will be filled. Return value is total -- * number of coefficients that would be extracted if array was large enough. -+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ BN_CTX *ctx) -+{ -+ int ret = 0; -+ const int max = BN_num_bits(p); -+ unsigned int *arr = NULL; -+ bn_check_top(a); -+ bn_check_top(p); -+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * -+ max)) == NULL) -+ goto err; -+ ret = BN_GF2m_poly2arr(p, arr, max); -+ if (!ret || ret > max) { -+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH); -+ goto err; -+ } -+ ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); -+ bn_check_top(r); -+ err: -+ if (arr) -+ OPENSSL_free(arr); -+ return ret; -+} -+ -+/* -+ * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * -+ * x^i , where a_0 is *not* zero) into an array of integers corresponding to -+ * the bits with non-zero coefficient. Up to max elements of the array will -+ * be filled. Return value is total number of coefficients that would be -+ * extracted if array was large enough. - */ - int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) -- { -- int i, j, k = 0; -- BN_ULONG mask; -- -- if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) -- /* a_0 == 0 => return error (the unsigned int array -- * must be terminated by 0) -- */ -- return 0; -- -- for (i = a->top - 1; i >= 0; i--) -- { -- if (!a->d[i]) -- /* skip word if a->d[i] == 0 */ -- continue; -- mask = BN_TBIT; -- for (j = BN_BITS2 - 1; j >= 0; j--) -- { -- if (a->d[i] & mask) -- { -- if (k < max) p[k] = BN_BITS2 * i + j; -- k++; -- } -- mask >>= 1; -- } -- } -- -- return k; -- } -- --/* Convert the coefficient array representation of a polynomial to a -+{ -+ int i, j, k = 0; -+ BN_ULONG mask; -+ -+ if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) -+ /* -+ * a_0 == 0 => return error (the unsigned int array must be -+ * terminated by 0) -+ */ -+ return 0; -+ -+ for (i = a->top - 1; i >= 0; i--) { -+ if (!a->d[i]) -+ /* skip word if a->d[i] == 0 */ -+ continue; -+ mask = BN_TBIT; -+ for (j = BN_BITS2 - 1; j >= 0; j--) { -+ if (a->d[i] & mask) { -+ if (k < max) -+ p[k] = BN_BITS2 * i + j; -+ k++; -+ } -+ mask >>= 1; -+ } -+ } -+ -+ return k; -+} -+ -+/* -+ * Convert the coefficient array representation of a polynomial to a - * bit-string. The array must be terminated by 0. - */ - int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) -- { -- int i; -- -- bn_check_top(a); -- BN_zero(a); -- for (i = 0; p[i] != 0; i++) -- { -- if (BN_set_bit(a, p[i]) == 0) -- return 0; -- } -- BN_set_bit(a, 0); -- bn_check_top(a); -- -- return 1; -- } -- --/* -- * Constant-time conditional swap of a and b. -+{ -+ int i; -+ -+ bn_check_top(a); -+ BN_zero(a); -+ for (i = 0; p[i] != 0; i++) { -+ if (BN_set_bit(a, p[i]) == 0) -+ return 0; -+ } -+ BN_set_bit(a, 0); -+ bn_check_top(a); -+ -+ return 1; -+} -+ -+/* -+ * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ - void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -- { -- BN_ULONG t; -- int i; -+{ -+ BN_ULONG t; -+ int i; - -- bn_wcheck_size(a, nwords); -- bn_wcheck_size(b, nwords); -+ bn_wcheck_size(a, nwords); -+ bn_wcheck_size(b, nwords); - -- assert(a != b); -- assert((condition & (condition - 1)) == 0); -- assert(sizeof(BN_ULONG) >= sizeof(int)); -+ assert(a != b); -+ assert((condition & (condition - 1)) == 0); -+ assert(sizeof(BN_ULONG) >= sizeof(int)); - -- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; -+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - -- t = (a->top^b->top) & condition; -- a->top ^= t; -- b->top ^= t; -+ t = (a->top ^ b->top) & condition; -+ a->top ^= t; -+ b->top ^= t; - - #define BN_CONSTTIME_SWAP(ind) \ -- do { \ -- t = (a->d[ind] ^ b->d[ind]) & condition; \ -- a->d[ind] ^= t; \ -- b->d[ind] ^= t; \ -- } while (0) -- -- -- switch (nwords) { -- default: -- for (i = 10; i < nwords; i++) -- BN_CONSTTIME_SWAP(i); -- /* Fallthrough */ -- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ -- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ -- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ -- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ -- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ -- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ -- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ -- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ -- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ -- case 1: BN_CONSTTIME_SWAP(0); -- } -+ do { \ -+ t = (a->d[ind] ^ b->d[ind]) & condition; \ -+ a->d[ind] ^= t; \ -+ b->d[ind] ^= t; \ -+ } while (0) -+ -+ switch (nwords) { -+ default: -+ for (i = 10; i < nwords; i++) -+ BN_CONSTTIME_SWAP(i); -+ /* Fallthrough */ -+ case 10: -+ BN_CONSTTIME_SWAP(9); /* Fallthrough */ -+ case 9: -+ BN_CONSTTIME_SWAP(8); /* Fallthrough */ -+ case 8: -+ BN_CONSTTIME_SWAP(7); /* Fallthrough */ -+ case 7: -+ BN_CONSTTIME_SWAP(6); /* Fallthrough */ -+ case 6: -+ BN_CONSTTIME_SWAP(5); /* Fallthrough */ -+ case 5: -+ BN_CONSTTIME_SWAP(4); /* Fallthrough */ -+ case 4: -+ BN_CONSTTIME_SWAP(3); /* Fallthrough */ -+ case 3: -+ BN_CONSTTIME_SWAP(2); /* Fallthrough */ -+ case 2: -+ BN_CONSTTIME_SWAP(1); /* Fallthrough */ -+ case 1: -+ BN_CONSTTIME_SWAP(0); -+ } - #undef BN_CONSTTIME_SWAP - } -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c -index 740359b..88d731a 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,124 +61,126 @@ - - /* Returns -2 for errors because both -1 and 0 are valid results. */ - int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- int i; -- int ret = -2; /* avoid 'uninitialized' warning */ -- int err = 0; -- BIGNUM *A, *B, *tmp; -- /* In 'tab', only odd-indexed entries are relevant: -- * For any odd BIGNUM n, -- * tab[BN_lsw(n) & 7] -- * is $(-1)^{(n^2-1)/8}$ (using TeX notation). -- * Note that the sign of n does not matter. -- */ -- static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; -- -- bn_check_top(a); -- bn_check_top(b); -- -- BN_CTX_start(ctx); -- A = BN_CTX_get(ctx); -- B = BN_CTX_get(ctx); -- if (B == NULL) goto end; -- -- err = !BN_copy(A, a); -- if (err) goto end; -- err = !BN_copy(B, b); -- if (err) goto end; -- -- /* -- * Kronecker symbol, imlemented according to Henri Cohen, -- * "A Course in Computational Algebraic Number Theory" -- * (algorithm 1.4.10). -- */ -- -- /* Cohen's step 1: */ -- -- if (BN_is_zero(B)) -- { -- ret = BN_abs_is_word(A, 1); -- goto end; -- } -- -- /* Cohen's step 2: */ -- -- if (!BN_is_odd(A) && !BN_is_odd(B)) -- { -- ret = 0; -- goto end; -- } -- -- /* now B is non-zero */ -- i = 0; -- while (!BN_is_bit_set(B, i)) -- i++; -- err = !BN_rshift(B, B, i); -- if (err) goto end; -- if (i & 1) -- { -- /* i is odd */ -- /* (thus B was even, thus A must be odd!) */ -- -- /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ -- ret = tab[BN_lsw(A) & 7]; -- } -- else -- { -- /* i is even */ -- ret = 1; -- } -- -- if (B->neg) -- { -- B->neg = 0; -- if (A->neg) -- ret = -ret; -- } -- -- /* now B is positive and odd, so what remains to be done is -- * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */ -- -- while (1) -- { -- /* Cohen's step 3: */ -- -- /* B is positive and odd */ -- -- if (BN_is_zero(A)) -- { -- ret = BN_is_one(B) ? ret : 0; -- goto end; -- } -- -- /* now A is non-zero */ -- i = 0; -- while (!BN_is_bit_set(A, i)) -- i++; -- err = !BN_rshift(A, A, i); -- if (err) goto end; -- if (i & 1) -- { -- /* i is odd */ -- /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ -- ret = ret * tab[BN_lsw(B) & 7]; -- } -- -- /* Cohen's step 4: */ -- /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ -- if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) -- ret = -ret; -- -- /* (A, B) := (B mod |A|, |A|) */ -- err = !BN_nnmod(B, B, A, ctx); -- if (err) goto end; -- tmp = A; A = B; B = tmp; -- tmp->neg = 0; -- } --end: -- BN_CTX_end(ctx); -- if (err) -- return -2; -- else -- return ret; -- } -+{ -+ int i; -+ int ret = -2; /* avoid 'uninitialized' warning */ -+ int err = 0; -+ BIGNUM *A, *B, *tmp; -+ /*- -+ * In 'tab', only odd-indexed entries are relevant: -+ * For any odd BIGNUM n, -+ * tab[BN_lsw(n) & 7] -+ * is $(-1)^{(n^2-1)/8}$ (using TeX notation). -+ * Note that the sign of n does not matter. -+ */ -+ static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 }; -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ -+ BN_CTX_start(ctx); -+ A = BN_CTX_get(ctx); -+ B = BN_CTX_get(ctx); -+ if (B == NULL) -+ goto end; -+ -+ err = !BN_copy(A, a); -+ if (err) -+ goto end; -+ err = !BN_copy(B, b); -+ if (err) -+ goto end; -+ -+ /* -+ * Kronecker symbol, imlemented according to Henri Cohen, -+ * "A Course in Computational Algebraic Number Theory" -+ * (algorithm 1.4.10). -+ */ -+ -+ /* Cohen's step 1: */ -+ -+ if (BN_is_zero(B)) { -+ ret = BN_abs_is_word(A, 1); -+ goto end; -+ } -+ -+ /* Cohen's step 2: */ -+ -+ if (!BN_is_odd(A) && !BN_is_odd(B)) { -+ ret = 0; -+ goto end; -+ } -+ -+ /* now B is non-zero */ -+ i = 0; -+ while (!BN_is_bit_set(B, i)) -+ i++; -+ err = !BN_rshift(B, B, i); -+ if (err) -+ goto end; -+ if (i & 1) { -+ /* i is odd */ -+ /* (thus B was even, thus A must be odd!) */ -+ -+ /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ -+ ret = tab[BN_lsw(A) & 7]; -+ } else { -+ /* i is even */ -+ ret = 1; -+ } -+ -+ if (B->neg) { -+ B->neg = 0; -+ if (A->neg) -+ ret = -ret; -+ } -+ -+ /* -+ * now B is positive and odd, so what remains to be done is to compute -+ * the Jacobi symbol (A/B) and multiply it by 'ret' -+ */ -+ -+ while (1) { -+ /* Cohen's step 3: */ -+ -+ /* B is positive and odd */ -+ -+ if (BN_is_zero(A)) { -+ ret = BN_is_one(B) ? ret : 0; -+ goto end; -+ } -+ -+ /* now A is non-zero */ -+ i = 0; -+ while (!BN_is_bit_set(A, i)) -+ i++; -+ err = !BN_rshift(A, A, i); -+ if (err) -+ goto end; -+ if (i & 1) { -+ /* i is odd */ -+ /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ -+ ret = ret * tab[BN_lsw(B) & 7]; -+ } -+ -+ /* Cohen's step 4: */ -+ /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ -+ if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) -+ ret = -ret; -+ -+ /* (A, B) := (B mod |A|, |A|) */ -+ err = !BN_nnmod(B, B, A, ctx); -+ if (err) -+ goto end; -+ tmp = A; -+ A = B; -+ B = tmp; -+ tmp->neg = 0; -+ } -+ end: -+ BN_CTX_end(ctx); -+ if (err) -+ return -2; -+ else -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -index c288844..becb957 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,7 +57,7 @@ - */ - - #ifndef BN_DEBUG --# undef NDEBUG /* avoid conflicting definitions */ -+# undef NDEBUG /* avoid conflicting definitions */ - # define NDEBUG - #endif - -@@ -67,11 +67,12 @@ - #include "cryptlib.h" - #include "bn_lcl.h" - --const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; -+const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; - - /* This stuff appears to be completely unused, so is deprecated */ - #ifndef OPENSSL_NO_DEPRECATED --/* For a 32 bit machine -+/*- -+ * For a 32 bit machine - * 2 - 4 == 128 - * 3 - 8 == 256 - * 4 - 16 == 512 -@@ -80,756 +81,774 @@ const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; - * 7 - 128 == 4096 - * 8 - 256 == 8192 - */ --static int bn_limit_bits=0; --static int bn_limit_num=8; /* (1<= 0) -- { -- if (mult > (int)(sizeof(int)*8)-1) -- mult=sizeof(int)*8-1; -- bn_limit_bits=mult; -- bn_limit_num=1<= 0) -- { -- if (high > (int)(sizeof(int)*8)-1) -- high=sizeof(int)*8-1; -- bn_limit_bits_high=high; -- bn_limit_num_high=1<= 0) -- { -- if (low > (int)(sizeof(int)*8)-1) -- low=sizeof(int)*8-1; -- bn_limit_bits_low=low; -- bn_limit_num_low=1<= 0) -- { -- if (mont > (int)(sizeof(int)*8)-1) -- mont=sizeof(int)*8-1; -- bn_limit_bits_mont=mont; -- bn_limit_num_mont=1<= 0) { -+ if (mult > (int)(sizeof(int) * 8) - 1) -+ mult = sizeof(int) * 8 - 1; -+ bn_limit_bits = mult; -+ bn_limit_num = 1 << mult; -+ } -+ if (high >= 0) { -+ if (high > (int)(sizeof(int) * 8) - 1) -+ high = sizeof(int) * 8 - 1; -+ bn_limit_bits_high = high; -+ bn_limit_num_high = 1 << high; -+ } -+ if (low >= 0) { -+ if (low > (int)(sizeof(int) * 8) - 1) -+ low = sizeof(int) * 8 - 1; -+ bn_limit_bits_low = low; -+ bn_limit_num_low = 1 << low; -+ } -+ if (mont >= 0) { -+ if (mont > (int)(sizeof(int) * 8) - 1) -+ mont = sizeof(int) * 8 - 1; -+ bn_limit_bits_mont = mont; -+ bn_limit_num_mont = 1 << mont; -+ } -+} - - int BN_get_params(int which) -- { -- if (which == 0) return(bn_limit_bits); -- else if (which == 1) return(bn_limit_bits_high); -- else if (which == 2) return(bn_limit_bits_low); -- else if (which == 3) return(bn_limit_bits_mont); -- else return(0); -- } -+{ -+ if (which == 0) -+ return (bn_limit_bits); -+ else if (which == 1) -+ return (bn_limit_bits_high); -+ else if (which == 2) -+ return (bn_limit_bits_low); -+ else if (which == 3) -+ return (bn_limit_bits_mont); -+ else -+ return (0); -+} - #endif - - const BIGNUM *BN_value_one(void) -- { -- static BN_ULONG data_one=1L; -- static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA}; -+{ -+ static BN_ULONG data_one = 1L; -+ static BIGNUM const_one = { &data_one, 1, 1, 0, BN_FLG_STATIC_DATA }; - -- return(&const_one); -- } -+ return (&const_one); -+} - - int BN_num_bits_word(BN_ULONG l) -- { -- static const char bits[256]={ -- 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, -- 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, -- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, -- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, -- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, -- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, -- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, -- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, -- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, -- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, -- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, -- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, -- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, -- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, -- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, -- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, -- }; -+{ -+ static const char bits[256] = { -+ 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, -+ 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, -+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, -+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, -+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, -+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, -+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, -+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, -+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, -+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, -+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, -+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, -+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, -+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, -+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, -+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, -+ }; - - #if defined(SIXTY_FOUR_BIT_LONG) -- if (l & 0xffffffff00000000L) -- { -- if (l & 0xffff000000000000L) -- { -- if (l & 0xff00000000000000L) -- { -- return(bits[(int)(l>>56)]+56); -- } -- else return(bits[(int)(l>>48)]+48); -- } -- else -- { -- if (l & 0x0000ff0000000000L) -- { -- return(bits[(int)(l>>40)]+40); -- } -- else return(bits[(int)(l>>32)]+32); -- } -- } -- else -+ if (l & 0xffffffff00000000L) { -+ if (l & 0xffff000000000000L) { -+ if (l & 0xff00000000000000L) { -+ return (bits[(int)(l >> 56)] + 56); -+ } else -+ return (bits[(int)(l >> 48)] + 48); -+ } else { -+ if (l & 0x0000ff0000000000L) { -+ return (bits[(int)(l >> 40)] + 40); -+ } else -+ return (bits[(int)(l >> 32)] + 32); -+ } -+ } else - #else --#ifdef SIXTY_FOUR_BIT -- if (l & 0xffffffff00000000LL) -- { -- if (l & 0xffff000000000000LL) -- { -- if (l & 0xff00000000000000LL) -- { -- return(bits[(int)(l>>56)]+56); -- } -- else return(bits[(int)(l>>48)]+48); -- } -- else -- { -- if (l & 0x0000ff0000000000LL) -- { -- return(bits[(int)(l>>40)]+40); -- } -- else return(bits[(int)(l>>32)]+32); -- } -- } -- else --#endif -+# ifdef SIXTY_FOUR_BIT -+ if (l & 0xffffffff00000000LL) { -+ if (l & 0xffff000000000000LL) { -+ if (l & 0xff00000000000000LL) { -+ return (bits[(int)(l >> 56)] + 56); -+ } else -+ return (bits[(int)(l >> 48)] + 48); -+ } else { -+ if (l & 0x0000ff0000000000LL) { -+ return (bits[(int)(l >> 40)] + 40); -+ } else -+ return (bits[(int)(l >> 32)] + 32); -+ } -+ } else -+# endif - #endif -- { -+ { - #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) -- if (l & 0xffff0000L) -- { -- if (l & 0xff000000L) -- return(bits[(int)(l>>24L)]+24); -- else return(bits[(int)(l>>16L)]+16); -- } -- else -+ if (l & 0xffff0000L) { -+ if (l & 0xff000000L) -+ return (bits[(int)(l >> 24L)] + 24); -+ else -+ return (bits[(int)(l >> 16L)] + 16); -+ } else - #endif -- { -+ { - #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) -- if (l & 0xff00L) -- return(bits[(int)(l>>8)]+8); -- else -+ if (l & 0xff00L) -+ return (bits[(int)(l >> 8)] + 8); -+ else - #endif -- return(bits[(int)(l )] ); -- } -- } -- } -+ return (bits[(int)(l)]); -+ } -+ } -+} - - int BN_num_bits(const BIGNUM *a) -- { -- int i = a->top - 1; -- bn_check_top(a); -+{ -+ int i = a->top - 1; -+ bn_check_top(a); - -- if (BN_is_zero(a)) return 0; -- return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); -- } -+ if (BN_is_zero(a)) -+ return 0; -+ return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); -+} - - void BN_clear_free(BIGNUM *a) -- { -- int i; -- -- if (a == NULL) return; -- bn_check_top(a); -- if (a->d != NULL) -- { -- OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); -- if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) -- OPENSSL_free(a->d); -- } -- i=BN_get_flags(a,BN_FLG_MALLOCED); -- OPENSSL_cleanse(a,sizeof(BIGNUM)); -- if (i) -- OPENSSL_free(a); -- } -+{ -+ int i; -+ -+ if (a == NULL) -+ return; -+ bn_check_top(a); -+ if (a->d != NULL) { -+ OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); -+ if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) -+ OPENSSL_free(a->d); -+ } -+ i = BN_get_flags(a, BN_FLG_MALLOCED); -+ OPENSSL_cleanse(a, sizeof(BIGNUM)); -+ if (i) -+ OPENSSL_free(a); -+} - - void BN_free(BIGNUM *a) -- { -- if (a == NULL) return; -- bn_check_top(a); -- if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) -- OPENSSL_free(a->d); -- if (a->flags & BN_FLG_MALLOCED) -- OPENSSL_free(a); -- else -- { -+{ -+ if (a == NULL) -+ return; -+ bn_check_top(a); -+ if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) -+ OPENSSL_free(a->d); -+ if (a->flags & BN_FLG_MALLOCED) -+ OPENSSL_free(a); -+ else { - #ifndef OPENSSL_NO_DEPRECATED -- a->flags|=BN_FLG_FREE; -+ a->flags |= BN_FLG_FREE; - #endif -- a->d = NULL; -- } -- } -+ a->d = NULL; -+ } -+} - - void BN_init(BIGNUM *a) -- { -- memset(a,0,sizeof(BIGNUM)); -- bn_check_top(a); -- } -+{ -+ memset(a, 0, sizeof(BIGNUM)); -+ bn_check_top(a); -+} - - BIGNUM *BN_new(void) -- { -- BIGNUM *ret; -- -- if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) -- { -- BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- ret->flags=BN_FLG_MALLOCED; -- ret->top=0; -- ret->neg=0; -- ret->dmax=0; -- ret->d=NULL; -- bn_check_top(ret); -- return(ret); -- } -+{ -+ BIGNUM *ret; -+ -+ if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) { -+ BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ ret->flags = BN_FLG_MALLOCED; -+ ret->top = 0; -+ ret->neg = 0; -+ ret->dmax = 0; -+ ret->d = NULL; -+ bn_check_top(ret); -+ return (ret); -+} - - /* This is used both by bn_expand2() and bn_dup_expand() */ - /* The caller MUST check that words > b->dmax before calling this */ - static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) -- { -- BN_ULONG *A,*a = NULL; -- const BN_ULONG *B; -- int i; -- -- bn_check_top(b); -- -- if (words > (INT_MAX/(4*BN_BITS2))) -- { -- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); -- return NULL; -- } -- if (BN_get_flags(b,BN_FLG_STATIC_DATA)) -- { -- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); -- return(NULL); -- } -- a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words); -- if (A == NULL) -- { -- BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -+{ -+ BN_ULONG *A, *a = NULL; -+ const BN_ULONG *B; -+ int i; -+ -+ bn_check_top(b); -+ -+ if (words > (INT_MAX / (4 * BN_BITS2))) { -+ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); -+ return NULL; -+ } -+ if (BN_get_flags(b, BN_FLG_STATIC_DATA)) { -+ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); -+ return (NULL); -+ } -+ a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words); -+ if (A == NULL) { -+ BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } - #ifdef PURIFY -- /* Valgrind complains in BN_consttime_swap because we process the whole -- * array even if it's not initialised yet. This doesn't matter in that -- * function - what's important is constant time operation (we're not -- * actually going to use the data) -- */ -- memset(a, 0, sizeof(BN_ULONG)*words); -+ /* -+ * Valgrind complains in BN_consttime_swap because we process the whole -+ * array even if it's not initialised yet. This doesn't matter in that -+ * function - what's important is constant time operation (we're not -+ * actually going to use the data) -+ */ -+ memset(a, 0, sizeof(BN_ULONG) * words); - #endif - - #if 1 -- B=b->d; -- /* Check if the previous number needs to be copied */ -- if (B != NULL) -- { -- for (i=b->top>>2; i>0; i--,A+=4,B+=4) -- { -- /* -- * The fact that the loop is unrolled -- * 4-wise is a tribute to Intel. It's -- * the one that doesn't have enough -- * registers to accomodate more data. -- * I'd unroll it 8-wise otherwise:-) -- * -- * -- */ -- BN_ULONG a0,a1,a2,a3; -- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; -- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; -- } -- switch (b->top&3) -- { -- case 3: A[2]=B[2]; -- case 2: A[1]=B[1]; -- case 1: A[0]=B[0]; -- case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does -- * the switch table by doing a=top&3; a--; goto jump_table[a]; -- * which fails for top== 0 */ -- ; -- } -- } -- -+ B = b->d; -+ /* Check if the previous number needs to be copied */ -+ if (B != NULL) { -+ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { -+ /* -+ * The fact that the loop is unrolled -+ * 4-wise is a tribute to Intel. It's -+ * the one that doesn't have enough -+ * registers to accomodate more data. -+ * I'd unroll it 8-wise otherwise:-) -+ * -+ * -+ */ -+ BN_ULONG a0, a1, a2, a3; -+ a0 = B[0]; -+ a1 = B[1]; -+ a2 = B[2]; -+ a3 = B[3]; -+ A[0] = a0; -+ A[1] = a1; -+ A[2] = a2; -+ A[3] = a3; -+ } -+ /* -+ * workaround for ultrix cc: without 'case 0', the optimizer does -+ * the switch table by doing a=top&3; a--; goto jump_table[a]; -+ * which fails for top== 0 -+ */ -+ switch (b->top & 3) { -+ case 3: -+ A[2] = B[2]; -+ case 2: -+ A[1] = B[1]; -+ case 1: -+ A[0] = B[0]; -+ case 0: -+ ; -+ } -+ } - #else -- memset(A,0,sizeof(BN_ULONG)*words); -- memcpy(A,b->d,sizeof(b->d[0])*b->top); -+ memset(A, 0, sizeof(BN_ULONG) * words); -+ memcpy(A, b->d, sizeof(b->d[0]) * b->top); - #endif -- -- return(a); -- } -- --/* This is an internal function that can be used instead of bn_expand2() -- * when there is a need to copy BIGNUMs instead of only expanding the -- * data part, while still expanding them. -- * Especially useful when needing to expand BIGNUMs that are declared -- * 'const' and should therefore not be changed. -- * The reason to use this instead of a BN_dup() followed by a bn_expand2() -- * is memory allocation overhead. A BN_dup() followed by a bn_expand2() -- * will allocate new memory for the BIGNUM data twice, and free it once, -- * while bn_dup_expand() makes sure allocation is made only once. -+ -+ return (a); -+} -+ -+/* -+ * This is an internal function that can be used instead of bn_expand2() when -+ * there is a need to copy BIGNUMs instead of only expanding the data part, -+ * while still expanding them. Especially useful when needing to expand -+ * BIGNUMs that are declared 'const' and should therefore not be changed. The -+ * reason to use this instead of a BN_dup() followed by a bn_expand2() is -+ * memory allocation overhead. A BN_dup() followed by a bn_expand2() will -+ * allocate new memory for the BIGNUM data twice, and free it once, while -+ * bn_dup_expand() makes sure allocation is made only once. - */ - - #ifndef OPENSSL_NO_DEPRECATED - BIGNUM *bn_dup_expand(const BIGNUM *b, int words) -- { -- BIGNUM *r = NULL; -- -- bn_check_top(b); -- -- /* This function does not work if -- * words <= b->dmax && top < words -- * because BN_dup() does not preserve 'dmax'! -- * (But bn_dup_expand() is not used anywhere yet.) -- */ -- -- if (words > b->dmax) -- { -- BN_ULONG *a = bn_expand_internal(b, words); -- -- if (a) -- { -- r = BN_new(); -- if (r) -- { -- r->top = b->top; -- r->dmax = words; -- r->neg = b->neg; -- r->d = a; -- } -- else -- { -- /* r == NULL, BN_new failure */ -- OPENSSL_free(a); -- } -- } -- /* If a == NULL, there was an error in allocation in -- bn_expand_internal(), and NULL should be returned */ -- } -- else -- { -- r = BN_dup(b); -- } -- -- bn_check_top(r); -- return r; -- } -+{ -+ BIGNUM *r = NULL; -+ -+ bn_check_top(b); -+ -+ /* -+ * This function does not work if words <= b->dmax && top < words because -+ * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used -+ * anywhere yet.) -+ */ -+ -+ if (words > b->dmax) { -+ BN_ULONG *a = bn_expand_internal(b, words); -+ -+ if (a) { -+ r = BN_new(); -+ if (r) { -+ r->top = b->top; -+ r->dmax = words; -+ r->neg = b->neg; -+ r->d = a; -+ } else { -+ /* r == NULL, BN_new failure */ -+ OPENSSL_free(a); -+ } -+ } -+ /* -+ * If a == NULL, there was an error in allocation in -+ * bn_expand_internal(), and NULL should be returned -+ */ -+ } else { -+ r = BN_dup(b); -+ } -+ -+ bn_check_top(r); -+ return r; -+} - #endif - --/* This is an internal function that should not be used in applications. -- * It ensures that 'b' has enough room for a 'words' word number -- * and initialises any unused part of b->d with leading zeros. -- * It is mostly used by the various BIGNUM routines. If there is an error, -- * NULL is returned. If not, 'b' is returned. */ -+/* -+ * This is an internal function that should not be used in applications. It -+ * ensures that 'b' has enough room for a 'words' word number and initialises -+ * any unused part of b->d with leading zeros. It is mostly used by the -+ * various BIGNUM routines. If there is an error, NULL is returned. If not, -+ * 'b' is returned. -+ */ - - BIGNUM *bn_expand2(BIGNUM *b, int words) -- { -- bn_check_top(b); -- -- if (words > b->dmax) -- { -- BN_ULONG *a = bn_expand_internal(b, words); -- if(!a) return NULL; -- if(b->d) OPENSSL_free(b->d); -- b->d=a; -- b->dmax=words; -- } -+{ -+ bn_check_top(b); -+ -+ if (words > b->dmax) { -+ BN_ULONG *a = bn_expand_internal(b, words); -+ if (!a) -+ return NULL; -+ if (b->d) -+ OPENSSL_free(b->d); -+ b->d = a; -+ b->dmax = words; -+ } - - /* None of this should be necessary because of what b->top means! */ - #if 0 -- /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ -- if (b->top < b->dmax) -- { -- int i; -- BN_ULONG *A = &(b->d[b->top]); -- for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) -- { -- A[0]=0; A[1]=0; A[2]=0; A[3]=0; -- A[4]=0; A[5]=0; A[6]=0; A[7]=0; -- } -- for (i=(b->dmax - b->top)&7; i>0; i--,A++) -- A[0]=0; -- assert(A == &(b->d[b->dmax])); -- } -+ /* -+ * NB: bn_wexpand() calls this only if the BIGNUM really has to grow -+ */ -+ if (b->top < b->dmax) { -+ int i; -+ BN_ULONG *A = &(b->d[b->top]); -+ for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { -+ A[0] = 0; -+ A[1] = 0; -+ A[2] = 0; -+ A[3] = 0; -+ A[4] = 0; -+ A[5] = 0; -+ A[6] = 0; -+ A[7] = 0; -+ } -+ for (i = (b->dmax - b->top) & 7; i > 0; i--, A++) -+ A[0] = 0; -+ assert(A == &(b->d[b->dmax])); -+ } - #endif -- bn_check_top(b); -- return b; -- } -+ bn_check_top(b); -+ return b; -+} - - BIGNUM *BN_dup(const BIGNUM *a) -- { -- BIGNUM *t; -- -- if (a == NULL) return NULL; -- bn_check_top(a); -- -- t = BN_new(); -- if (t == NULL) return NULL; -- if(!BN_copy(t, a)) -- { -- BN_free(t); -- return NULL; -- } -- bn_check_top(t); -- return t; -- } -+{ -+ BIGNUM *t; -+ -+ if (a == NULL) -+ return NULL; -+ bn_check_top(a); -+ -+ t = BN_new(); -+ if (t == NULL) -+ return NULL; -+ if (!BN_copy(t, a)) { -+ BN_free(t); -+ return NULL; -+ } -+ bn_check_top(t); -+ return t; -+} - - BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) -- { -- int i; -- BN_ULONG *A; -- const BN_ULONG *B; -+{ -+ int i; -+ BN_ULONG *A; -+ const BN_ULONG *B; - -- bn_check_top(b); -+ bn_check_top(b); - -- if (a == b) return(a); -- if (bn_wexpand(a,b->top) == NULL) return(NULL); -+ if (a == b) -+ return (a); -+ if (bn_wexpand(a, b->top) == NULL) -+ return (NULL); - - #if 1 -- A=a->d; -- B=b->d; -- for (i=b->top>>2; i>0; i--,A+=4,B+=4) -- { -- BN_ULONG a0,a1,a2,a3; -- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; -- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; -- } -- switch (b->top&3) -- { -- case 3: A[2]=B[2]; -- case 2: A[1]=B[1]; -- case 1: A[0]=B[0]; -- case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ -- } -+ A = a->d; -+ B = b->d; -+ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { -+ BN_ULONG a0, a1, a2, a3; -+ a0 = B[0]; -+ a1 = B[1]; -+ a2 = B[2]; -+ a3 = B[3]; -+ A[0] = a0; -+ A[1] = a1; -+ A[2] = a2; -+ A[3] = a3; -+ } -+ /* ultrix cc workaround, see comments in bn_expand_internal */ -+ switch (b->top & 3) { -+ case 3: -+ A[2] = B[2]; -+ case 2: -+ A[1] = B[1]; -+ case 1: -+ A[0] = B[0]; -+ case 0:; -+ } - #else -- memcpy(a->d,b->d,sizeof(b->d[0])*b->top); -+ memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); - #endif - -- a->top=b->top; -- a->neg=b->neg; -- bn_check_top(a); -- return(a); -- } -+ a->top = b->top; -+ a->neg = b->neg; -+ bn_check_top(a); -+ return (a); -+} - - void BN_swap(BIGNUM *a, BIGNUM *b) -- { -- int flags_old_a, flags_old_b; -- BN_ULONG *tmp_d; -- int tmp_top, tmp_dmax, tmp_neg; -- -- bn_check_top(a); -- bn_check_top(b); -- -- flags_old_a = a->flags; -- flags_old_b = b->flags; -- -- tmp_d = a->d; -- tmp_top = a->top; -- tmp_dmax = a->dmax; -- tmp_neg = a->neg; -- -- a->d = b->d; -- a->top = b->top; -- a->dmax = b->dmax; -- a->neg = b->neg; -- -- b->d = tmp_d; -- b->top = tmp_top; -- b->dmax = tmp_dmax; -- b->neg = tmp_neg; -- -- a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); -- b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); -- bn_check_top(a); -- bn_check_top(b); -- } -+{ -+ int flags_old_a, flags_old_b; -+ BN_ULONG *tmp_d; -+ int tmp_top, tmp_dmax, tmp_neg; -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ -+ flags_old_a = a->flags; -+ flags_old_b = b->flags; -+ -+ tmp_d = a->d; -+ tmp_top = a->top; -+ tmp_dmax = a->dmax; -+ tmp_neg = a->neg; -+ -+ a->d = b->d; -+ a->top = b->top; -+ a->dmax = b->dmax; -+ a->neg = b->neg; -+ -+ b->d = tmp_d; -+ b->top = tmp_top; -+ b->dmax = tmp_dmax; -+ b->neg = tmp_neg; -+ -+ a->flags = -+ (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); -+ b->flags = -+ (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); -+ bn_check_top(a); -+ bn_check_top(b); -+} - - void BN_clear(BIGNUM *a) -- { -- bn_check_top(a); -- if (a->d != NULL) -- memset(a->d,0,a->dmax*sizeof(a->d[0])); -- a->top=0; -- a->neg=0; -- } -+{ -+ bn_check_top(a); -+ if (a->d != NULL) -+ memset(a->d, 0, a->dmax * sizeof(a->d[0])); -+ a->top = 0; -+ a->neg = 0; -+} - - BN_ULONG BN_get_word(const BIGNUM *a) -- { -- if (a->top > 1) -- return BN_MASK2; -- else if (a->top == 1) -- return a->d[0]; -- /* a->top == 0 */ -- return 0; -- } -+{ -+ if (a->top > 1) -+ return BN_MASK2; -+ else if (a->top == 1) -+ return a->d[0]; -+ /* a->top == 0 */ -+ return 0; -+} - - int BN_set_word(BIGNUM *a, BN_ULONG w) -- { -- bn_check_top(a); -- if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); -- a->neg = 0; -- a->d[0] = w; -- a->top = (w ? 1 : 0); -- bn_check_top(a); -- return(1); -- } -+{ -+ bn_check_top(a); -+ if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL) -+ return (0); -+ a->neg = 0; -+ a->d[0] = w; -+ a->top = (w ? 1 : 0); -+ bn_check_top(a); -+ return (1); -+} - - BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) -- { -- unsigned int i,m; -- unsigned int n; -- BN_ULONG l; -- BIGNUM *bn = NULL; -- -- if (ret == NULL) -- ret = bn = BN_new(); -- if (ret == NULL) return(NULL); -- bn_check_top(ret); -- l=0; -- n=len; -- if (n == 0) -- { -- ret->top=0; -- return(ret); -- } -- i=((n-1)/BN_BYTES)+1; -- m=((n-1)%(BN_BYTES)); -- if (bn_wexpand(ret, (int)i) == NULL) -- { -- if (bn) BN_free(bn); -- return NULL; -- } -- ret->top=i; -- ret->neg=0; -- while (n--) -- { -- l=(l<<8L)| *(s++); -- if (m-- == 0) -- { -- ret->d[--i]=l; -- l=0; -- m=BN_BYTES-1; -- } -- } -- /* need to call this due to clear byte at top if avoiding -- * having the top bit set (-ve number) */ -- bn_correct_top(ret); -- return(ret); -- } -+{ -+ unsigned int i, m; -+ unsigned int n; -+ BN_ULONG l; -+ BIGNUM *bn = NULL; -+ -+ if (ret == NULL) -+ ret = bn = BN_new(); -+ if (ret == NULL) -+ return (NULL); -+ bn_check_top(ret); -+ l = 0; -+ n = len; -+ if (n == 0) { -+ ret->top = 0; -+ return (ret); -+ } -+ i = ((n - 1) / BN_BYTES) + 1; -+ m = ((n - 1) % (BN_BYTES)); -+ if (bn_wexpand(ret, (int)i) == NULL) { -+ if (bn) -+ BN_free(bn); -+ return NULL; -+ } -+ ret->top = i; -+ ret->neg = 0; -+ while (n--) { -+ l = (l << 8L) | *(s++); -+ if (m-- == 0) { -+ ret->d[--i] = l; -+ l = 0; -+ m = BN_BYTES - 1; -+ } -+ } -+ /* -+ * need to call this due to clear byte at top if avoiding having the top -+ * bit set (-ve number) -+ */ -+ bn_correct_top(ret); -+ return (ret); -+} - - /* ignore negative */ - int BN_bn2bin(const BIGNUM *a, unsigned char *to) -- { -- int n,i; -- BN_ULONG l; -- -- bn_check_top(a); -- n=i=BN_num_bytes(a); -- while (i--) -- { -- l=a->d[i/BN_BYTES]; -- *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; -- } -- return(n); -- } -+{ -+ int n, i; -+ BN_ULONG l; -+ -+ bn_check_top(a); -+ n = i = BN_num_bytes(a); -+ while (i--) { -+ l = a->d[i / BN_BYTES]; -+ *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; -+ } -+ return (n); -+} - - int BN_ucmp(const BIGNUM *a, const BIGNUM *b) -- { -- int i; -- BN_ULONG t1,t2,*ap,*bp; -- -- bn_check_top(a); -- bn_check_top(b); -- -- i=a->top-b->top; -- if (i != 0) return(i); -- ap=a->d; -- bp=b->d; -- for (i=a->top-1; i>=0; i--) -- { -- t1= ap[i]; -- t2= bp[i]; -- if (t1 != t2) -- return((t1 > t2) ? 1 : -1); -- } -- return(0); -- } -+{ -+ int i; -+ BN_ULONG t1, t2, *ap, *bp; -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ -+ i = a->top - b->top; -+ if (i != 0) -+ return (i); -+ ap = a->d; -+ bp = b->d; -+ for (i = a->top - 1; i >= 0; i--) { -+ t1 = ap[i]; -+ t2 = bp[i]; -+ if (t1 != t2) -+ return ((t1 > t2) ? 1 : -1); -+ } -+ return (0); -+} - - int BN_cmp(const BIGNUM *a, const BIGNUM *b) -- { -- int i; -- int gt,lt; -- BN_ULONG t1,t2; -- -- if ((a == NULL) || (b == NULL)) -- { -- if (a != NULL) -- return(-1); -- else if (b != NULL) -- return(1); -- else -- return(0); -- } -- -- bn_check_top(a); -- bn_check_top(b); -- -- if (a->neg != b->neg) -- { -- if (a->neg) -- return(-1); -- else return(1); -- } -- if (a->neg == 0) -- { gt=1; lt= -1; } -- else { gt= -1; lt=1; } -- -- if (a->top > b->top) return(gt); -- if (a->top < b->top) return(lt); -- for (i=a->top-1; i>=0; i--) -- { -- t1=a->d[i]; -- t2=b->d[i]; -- if (t1 > t2) return(gt); -- if (t1 < t2) return(lt); -- } -- return(0); -- } -+{ -+ int i; -+ int gt, lt; -+ BN_ULONG t1, t2; -+ -+ if ((a == NULL) || (b == NULL)) { -+ if (a != NULL) -+ return (-1); -+ else if (b != NULL) -+ return (1); -+ else -+ return (0); -+ } -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ -+ if (a->neg != b->neg) { -+ if (a->neg) -+ return (-1); -+ else -+ return (1); -+ } -+ if (a->neg == 0) { -+ gt = 1; -+ lt = -1; -+ } else { -+ gt = -1; -+ lt = 1; -+ } -+ -+ if (a->top > b->top) -+ return (gt); -+ if (a->top < b->top) -+ return (lt); -+ for (i = a->top - 1; i >= 0; i--) { -+ t1 = a->d[i]; -+ t2 = b->d[i]; -+ if (t1 > t2) -+ return (gt); -+ if (t1 < t2) -+ return (lt); -+ } -+ return (0); -+} - - int BN_set_bit(BIGNUM *a, int n) -- { -- int i,j,k; -- -- if (n < 0) -- return 0; -- -- i=n/BN_BITS2; -- j=n%BN_BITS2; -- if (a->top <= i) -- { -- if (bn_wexpand(a,i+1) == NULL) return(0); -- for(k=a->top; kd[k]=0; -- a->top=i+1; -- } -- -- a->d[i]|=(((BN_ULONG)1)<top <= i) { -+ if (bn_wexpand(a, i + 1) == NULL) -+ return (0); -+ for (k = a->top; k < i + 1; k++) -+ a->d[k] = 0; -+ a->top = i + 1; -+ } -+ -+ a->d[i] |= (((BN_ULONG)1) << j); -+ bn_check_top(a); -+ return (1); -+} - - int BN_clear_bit(BIGNUM *a, int n) -- { -- int i,j; -+{ -+ int i, j; - -- bn_check_top(a); -- if (n < 0) return 0; -+ bn_check_top(a); -+ if (n < 0) -+ return 0; - -- i=n/BN_BITS2; -- j=n%BN_BITS2; -- if (a->top <= i) return(0); -+ i = n / BN_BITS2; -+ j = n % BN_BITS2; -+ if (a->top <= i) -+ return (0); - -- a->d[i]&=(~(((BN_ULONG)1)<d[i] &= (~(((BN_ULONG)1) << j)); -+ bn_correct_top(a); -+ return (1); -+} - - int BN_is_bit_set(const BIGNUM *a, int n) -- { -- int i,j; -- -- bn_check_top(a); -- if (n < 0) return 0; -- i=n/BN_BITS2; -- j=n%BN_BITS2; -- if (a->top <= i) return 0; -- return(((a->d[i])>>j)&((BN_ULONG)1)); -- } -+{ -+ int i, j; -+ -+ bn_check_top(a); -+ if (n < 0) -+ return 0; -+ i = n / BN_BITS2; -+ j = n % BN_BITS2; -+ if (a->top <= i) -+ return 0; -+ return (((a->d[i]) >> j) & ((BN_ULONG)1)); -+} - - int BN_mask_bits(BIGNUM *a, int n) -- { -- int b,w; -- -- bn_check_top(a); -- if (n < 0) return 0; -- -- w=n/BN_BITS2; -- b=n%BN_BITS2; -- if (w >= a->top) return 0; -- if (b == 0) -- a->top=w; -- else -- { -- a->top=w+1; -- a->d[w]&= ~(BN_MASK2<= a->top) -+ return 0; -+ if (b == 0) -+ a->top = w; -+ else { -+ a->top = w + 1; -+ a->d[w] &= ~(BN_MASK2 << b); -+ } -+ bn_correct_top(a); -+ return (1); -+} - - void BN_set_negative(BIGNUM *a, int b) -- { -- if (b && !BN_is_zero(a)) -- a->neg = 1; -- else -- a->neg = 0; -- } -+{ -+ if (b && !BN_is_zero(a)) -+ a->neg = 1; -+ else -+ a->neg = 0; -+} - - int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) -- { -- int i; -- BN_ULONG aa,bb; -- -- aa=a[n-1]; -- bb=b[n-1]; -- if (aa != bb) return((aa > bb)?1:-1); -- for (i=n-2; i>=0; i--) -- { -- aa=a[i]; -- bb=b[i]; -- if (aa != bb) return((aa > bb)?1:-1); -- } -- return(0); -- } -- --/* Here follows a specialised variants of bn_cmp_words(). It has the -- property of performing the operation on arrays of different sizes. -- The sizes of those arrays is expressed through cl, which is the -- common length ( basicall, min(len(a),len(b)) ), and dl, which is the -- delta between the two lengths, calculated as len(a)-len(b). -- All lengths are the number of BN_ULONGs... */ -- --int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, -- int cl, int dl) -- { -- int n,i; -- n = cl-1; -- -- if (dl < 0) -- { -- for (i=dl; i<0; i++) -- { -- if (b[n-i] != 0) -- return -1; /* a < b */ -- } -- } -- if (dl > 0) -- { -- for (i=dl; i>0; i--) -- { -- if (a[n+i] != 0) -- return 1; /* a > b */ -- } -- } -- return bn_cmp_words(a,b,cl); -- } -+{ -+ int i; -+ BN_ULONG aa, bb; -+ -+ aa = a[n - 1]; -+ bb = b[n - 1]; -+ if (aa != bb) -+ return ((aa > bb) ? 1 : -1); -+ for (i = n - 2; i >= 0; i--) { -+ aa = a[i]; -+ bb = b[i]; -+ if (aa != bb) -+ return ((aa > bb) ? 1 : -1); -+ } -+ return (0); -+} -+ -+/* -+ * Here follows a specialised variants of bn_cmp_words(). It has the -+ * property of performing the operation on arrays of different sizes. The -+ * sizes of those arrays is expressed through cl, which is the common length -+ * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the -+ * two lengths, calculated as len(a)-len(b). All lengths are the number of -+ * BN_ULONGs... -+ */ -+ -+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl) -+{ -+ int n, i; -+ n = cl - 1; -+ -+ if (dl < 0) { -+ for (i = dl; i < 0; i++) { -+ if (b[n - i] != 0) -+ return -1; /* a < b */ -+ } -+ } -+ if (dl > 0) { -+ for (i = dl; i > 0; i--) { -+ if (a[n + i] != 0) -+ return 1; /* a > b */ -+ } -+ } -+ return bn_cmp_words(a, b, cl); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c -index 77d6ddb..ffbce89 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c -@@ -1,6 +1,8 @@ - /* crypto/bn/bn_mod.c */ --/* Includes code written by Lenka Fibikova -- * for the OpenSSL project. */ -+/* -+ * Includes code written by Lenka Fibikova -+ * for the OpenSSL project. -+ */ - /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * -@@ -9,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,21 +62,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -89,10 +91,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -104,7 +106,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -114,188 +116,201 @@ - #include "cryptlib.h" - #include "bn_lcl.h" - -- --#if 0 /* now just a #define */ -+#if 0 /* now just a #define */ - int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -- { -- return(BN_div(NULL,rem,m,d,ctx)); -- /* note that rem->neg == m->neg (unless the remainder is zero) */ -- } -+{ -+ return (BN_div(NULL, rem, m, d, ctx)); -+ /* note that rem->neg == m->neg (unless the remainder is zero) */ -+} - #endif - -- - int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -- { -- /* like BN_mod, but returns non-negative remainder -- * (i.e., 0 <= r < |d| always holds) */ -- -- if (!(BN_mod(r,m,d,ctx))) -- return 0; -- if (!r->neg) -- return 1; -- /* now -|d| < r < 0, so we have to set r := r + |d| */ -- return (d->neg ? BN_sub : BN_add)(r, r, d); -+{ -+ /* -+ * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d| -+ * always holds) -+ */ -+ -+ if (!(BN_mod(r, m, d, ctx))) -+ return 0; -+ if (!r->neg) -+ return 1; -+ /* now -|d| < r < 0, so we have to set r := r + |d| */ -+ return (d->neg ? BN_sub : BN_add) (r, r, d); - } - -+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -+ BN_CTX *ctx) -+{ -+ if (!BN_add(r, a, b)) -+ return 0; -+ return BN_nnmod(r, r, m, ctx); -+} - --int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) -- { -- if (!BN_add(r, a, b)) return 0; -- return BN_nnmod(r, r, m, ctx); -- } -- -- --/* BN_mod_add variant that may be used if both a and b are non-negative -- * and less than m */ --int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) -- { -- if (!BN_uadd(r, a, b)) return 0; -- if (BN_ucmp(r, m) >= 0) -- return BN_usub(r, r, m); -- return 1; -- } -- -- --int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) -- { -- if (!BN_sub(r, a, b)) return 0; -- return BN_nnmod(r, r, m, ctx); -- } -- -+/* -+ * BN_mod_add variant that may be used if both a and b are non-negative and -+ * less than m -+ */ -+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *m) -+{ -+ if (!BN_uadd(r, a, b)) -+ return 0; -+ if (BN_ucmp(r, m) >= 0) -+ return BN_usub(r, r, m); -+ return 1; -+} - --/* BN_mod_sub variant that may be used if both a and b are non-negative -- * and less than m */ --int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) -- { -- if (!BN_sub(r, a, b)) return 0; -- if (r->neg) -- return BN_add(r, r, m); -- return 1; -- } -+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -+ BN_CTX *ctx) -+{ -+ if (!BN_sub(r, a, b)) -+ return 0; -+ return BN_nnmod(r, r, m, ctx); -+} - -+/* -+ * BN_mod_sub variant that may be used if both a and b are non-negative and -+ * less than m -+ */ -+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -+ const BIGNUM *m) -+{ -+ if (!BN_sub(r, a, b)) -+ return 0; -+ if (r->neg) -+ return BN_add(r, r, m); -+ return 1; -+} - - /* slow but works */ - int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, -- BN_CTX *ctx) -- { -- BIGNUM *t; -- int ret=0; -- -- bn_check_top(a); -- bn_check_top(b); -- bn_check_top(m); -- -- BN_CTX_start(ctx); -- if ((t = BN_CTX_get(ctx)) == NULL) goto err; -- if (a == b) -- { if (!BN_sqr(t,a,ctx)) goto err; } -- else -- { if (!BN_mul(t,a,b,ctx)) goto err; } -- if (!BN_nnmod(r,t,m,ctx)) goto err; -- bn_check_top(r); -- ret=1; --err: -- BN_CTX_end(ctx); -- return(ret); -- } -- -+ BN_CTX *ctx) -+{ -+ BIGNUM *t; -+ int ret = 0; -+ -+ bn_check_top(a); -+ bn_check_top(b); -+ bn_check_top(m); -+ -+ BN_CTX_start(ctx); -+ if ((t = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ if (a == b) { -+ if (!BN_sqr(t, a, ctx)) -+ goto err; -+ } else { -+ if (!BN_mul(t, a, b, ctx)) -+ goto err; -+ } -+ if (!BN_nnmod(r, t, m, ctx)) -+ goto err; -+ bn_check_top(r); -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ return (ret); -+} - - int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) -- { -- if (!BN_sqr(r, a, ctx)) return 0; -- /* r->neg == 0, thus we don't need BN_nnmod */ -- return BN_mod(r, r, m, ctx); -- } -- -+{ -+ if (!BN_sqr(r, a, ctx)) -+ return 0; -+ /* r->neg == 0, thus we don't need BN_nnmod */ -+ return BN_mod(r, r, m, ctx); -+} - - int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) -- { -- if (!BN_lshift1(r, a)) return 0; -- bn_check_top(r); -- return BN_nnmod(r, r, m, ctx); -- } -- -+{ -+ if (!BN_lshift1(r, a)) -+ return 0; -+ bn_check_top(r); -+ return BN_nnmod(r, r, m, ctx); -+} - --/* BN_mod_lshift1 variant that may be used if a is non-negative -- * and less than m */ -+/* -+ * BN_mod_lshift1 variant that may be used if a is non-negative and less than -+ * m -+ */ - int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) -- { -- if (!BN_lshift1(r, a)) return 0; -- bn_check_top(r); -- if (BN_cmp(r, m) >= 0) -- return BN_sub(r, r, m); -- return 1; -- } -- -+{ -+ if (!BN_lshift1(r, a)) -+ return 0; -+ bn_check_top(r); -+ if (BN_cmp(r, m) >= 0) -+ return BN_sub(r, r, m); -+ return 1; -+} - --int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) -- { -- BIGNUM *abs_m = NULL; -- int ret; -+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, -+ BN_CTX *ctx) -+{ -+ BIGNUM *abs_m = NULL; -+ int ret; - -- if (!BN_nnmod(r, a, m, ctx)) return 0; -+ if (!BN_nnmod(r, a, m, ctx)) -+ return 0; - -- if (m->neg) -- { -- abs_m = BN_dup(m); -- if (abs_m == NULL) return 0; -- abs_m->neg = 0; -- } -- -- ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); -- bn_check_top(r); -+ if (m->neg) { -+ abs_m = BN_dup(m); -+ if (abs_m == NULL) -+ return 0; -+ abs_m->neg = 0; -+ } - -- if (abs_m) -- BN_free(abs_m); -- return ret; -- } -+ ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); -+ bn_check_top(r); - -+ if (abs_m) -+ BN_free(abs_m); -+ return ret; -+} - --/* BN_mod_lshift variant that may be used if a is non-negative -- * and less than m */ -+/* -+ * BN_mod_lshift variant that may be used if a is non-negative and less than -+ * m -+ */ - int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) -- { -- if (r != a) -- { -- if (BN_copy(r, a) == NULL) return 0; -- } -- -- while (n > 0) -- { -- int max_shift; -- -- /* 0 < r < m */ -- max_shift = BN_num_bits(m) - BN_num_bits(r); -- /* max_shift >= 0 */ -- -- if (max_shift < 0) -- { -- BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); -- return 0; -- } -- -- if (max_shift > n) -- max_shift = n; -- -- if (max_shift) -- { -- if (!BN_lshift(r, r, max_shift)) return 0; -- n -= max_shift; -- } -- else -- { -- if (!BN_lshift1(r, r)) return 0; -- --n; -- } -- -- /* BN_num_bits(r) <= BN_num_bits(m) */ -- -- if (BN_cmp(r, m) >= 0) -- { -- if (!BN_sub(r, r, m)) return 0; -- } -- } -- bn_check_top(r); -- -- return 1; -- } -+{ -+ if (r != a) { -+ if (BN_copy(r, a) == NULL) -+ return 0; -+ } -+ -+ while (n > 0) { -+ int max_shift; -+ -+ /* 0 < r < m */ -+ max_shift = BN_num_bits(m) - BN_num_bits(r); -+ /* max_shift >= 0 */ -+ -+ if (max_shift < 0) { -+ BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); -+ return 0; -+ } -+ -+ if (max_shift > n) -+ max_shift = n; -+ -+ if (max_shift) { -+ if (!BN_lshift(r, r, max_shift)) -+ return 0; -+ n -= max_shift; -+ } else { -+ if (!BN_lshift1(r, r)) -+ return 0; -+ --n; -+ } -+ -+ /* BN_num_bits(r) <= BN_num_bits(m) */ -+ -+ if (BN_cmp(r, m) >= 0) { -+ if (!BN_sub(r, r, m)) -+ return 0; -+ } -+ } -+ bn_check_top(r); -+ -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -index 27cafb1..bf40e82 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -120,619 +120,682 @@ - #include "cryptlib.h" - #include "bn_lcl.h" - --#define MONT_WORD /* use the faster word-based algorithm */ -+#define MONT_WORD /* use the faster word-based algorithm */ - - #if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) --/* This condition means we have a specific non-default build: -- * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any -- * BN_BITS2<=32 platform; an explicit "enable-montasm" is required. -- * I.e., if we are here, the user intentionally deviates from the -- * normal stable build to get better Montgomery performance from -- * the 0.9.9-dev backport. -- * -- * In this case only, we also enable BN_from_montgomery_word() -- * (another non-stable feature from 0.9.9-dev). -+/* -+ * This condition means we have a specific non-default build: In the 0.9.8 -+ * branch, OPENSSL_BN_ASM_MONT is normally not set for any BN_BITS2<=32 -+ * platform; an explicit "enable-montasm" is required. I.e., if we are here, -+ * the user intentionally deviates from the normal stable build to get better -+ * Montgomery performance from the 0.9.9-dev backport. In this case only, we -+ * also enable BN_from_montgomery_word() (another non-stable feature from -+ * 0.9.9-dev). - */ --#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD -+# define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD - #endif - - #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD - static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); - #endif - -- -- - int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, -- BN_MONT_CTX *mont, BN_CTX *ctx) -- { -- BIGNUM *tmp; -- int ret=0; -+ BN_MONT_CTX *mont, BN_CTX *ctx) -+{ -+ BIGNUM *tmp; -+ int ret = 0; - #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) -- int num = mont->N.top; -+ int num = mont->N.top; - -- if (num>1 && a->top==num && b->top==num) -- { -- if (bn_wexpand(r,num) == NULL) return(0); --#if 0 /* for OpenSSL 0.9.9 mont->n0 */ -- if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) --#else -- if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num)) --#endif -- { -- r->neg = a->neg^b->neg; -- r->top = num; -- bn_correct_top(r); -- return(1); -- } -- } -+ if (num > 1 && a->top == num && b->top == num) { -+ if (bn_wexpand(r, num) == NULL) -+ return (0); -+# if 0 /* for OpenSSL 0.9.9 mont->n0 */ -+ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) -+# else -+ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, &mont->n0, num)) -+# endif -+ { -+ r->neg = a->neg ^ b->neg; -+ r->top = num; -+ bn_correct_top(r); -+ return (1); -+ } -+ } - #endif - -- BN_CTX_start(ctx); -- tmp = BN_CTX_get(ctx); -- if (tmp == NULL) goto err; -- -- bn_check_top(tmp); -- if (a == b) -- { -- if (!BN_sqr(tmp,a,ctx)) goto err; -- } -- else -- { -- if (!BN_mul(tmp,a,b,ctx)) goto err; -- } -- /* reduce from aRR to aR */ -+ BN_CTX_start(ctx); -+ tmp = BN_CTX_get(ctx); -+ if (tmp == NULL) -+ goto err; -+ -+ bn_check_top(tmp); -+ if (a == b) { -+ if (!BN_sqr(tmp, a, ctx)) -+ goto err; -+ } else { -+ if (!BN_mul(tmp, a, b, ctx)) -+ goto err; -+ } -+ /* reduce from aRR to aR */ - #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD -- if (!BN_from_montgomery_word(r,tmp,mont)) goto err; -+ if (!BN_from_montgomery_word(r, tmp, mont)) -+ goto err; - #else -- if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; -+ if (!BN_from_montgomery(r, tmp, mont, ctx)) -+ goto err; - #endif -- bn_check_top(r); -- ret=1; --err: -- BN_CTX_end(ctx); -- return(ret); -- } -+ bn_check_top(r); -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ return (ret); -+} - - #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD - static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) -- { -- BIGNUM *n; -- BN_ULONG *ap,*np,*rp,n0,v,*nrp; -- int al,nl,max,i,x,ri; -- -- n= &(mont->N); -- /* mont->ri is the size of mont->N in bits (rounded up -- to the word size) */ -- al=ri=mont->ri/BN_BITS2; -- -- nl=n->top; -- if ((al == 0) || (nl == 0)) { ret->top=0; return(1); } -- -- max=(nl+al+1); /* allow for overflow (no?) XXX */ -- if (bn_wexpand(r,max) == NULL) return(0); -- -- r->neg^=n->neg; -- np=n->d; -- rp=r->d; -- nrp= &(r->d[nl]); -- -- /* clear the top words of T */ -- for (i=r->top; id[i]=0; -- -- r->top=max; --#if 0 /* for OpenSSL 0.9.9 mont->n0 */ -- n0=mont->n0[0]; --#else -- n0=mont->n0; --#endif -+{ -+ BIGNUM *n; -+ BN_ULONG *ap, *np, *rp, n0, v, *nrp; -+ int al, nl, max, i, x, ri; -+ -+ n = &(mont->N); -+ /* -+ * mont->ri is the size of mont->N in bits (rounded up to the word size) -+ */ -+ al = ri = mont->ri / BN_BITS2; -+ -+ nl = n->top; -+ if ((al == 0) || (nl == 0)) { -+ ret->top = 0; -+ return (1); -+ } -+ -+ max = (nl + al + 1); /* allow for overflow (no?) XXX */ -+ if (bn_wexpand(r, max) == NULL) -+ return (0); -+ -+ r->neg ^= n->neg; -+ np = n->d; -+ rp = r->d; -+ nrp = &(r->d[nl]); -+ -+ /* clear the top words of T */ -+ for (i = r->top; i < max; i++) /* memset? XXX */ -+ r->d[i] = 0; -+ -+ r->top = max; -+# if 0 /* for OpenSSL 0.9.9 mont->n0 */ -+ n0 = mont->n0[0]; -+# else -+ n0 = mont->n0; -+# endif - --#ifdef BN_COUNT -- fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); --#endif -- for (i=0; i= v) -- continue; -- else -- { -- if (((++nrp[0])&BN_MASK2) != 0) continue; -- if (((++nrp[1])&BN_MASK2) != 0) continue; -- for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; -- } -- } -- bn_correct_top(r); -- -- /* mont->ri will be a multiple of the word size and below code -- * is kind of BN_rshift(ret,r,mont->ri) equivalent */ -- if (r->top <= ri) -- { -- ret->top=0; -- return(1); -- } -- al=r->top-ri; -- -- if (bn_wexpand(ret,ri) == NULL) return(0); -- x=0-(((al-ri)>>(sizeof(al)*8-1))&1); -- ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ -- ret->neg=r->neg; -- -- rp=ret->d; -- ap=&(r->d[ri]); -- -- { -- size_t m1,m2; -- -- v=bn_sub_words(rp,ap,np,ri); -- /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ -- /* in other words if subtraction result is real, then -- * trick unconditional memcpy below to perform in-place -- * "refresh" instead of actual copy. */ -- m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ -- m1|=m2; /* (al!=ri) */ -- m1|=(0-(size_t)v); /* (al!=ri || v) */ -- m1&=~m2; /* (al!=ri || v) && !al>ri */ -- nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); -- } -- -- /* 'i= v) -+ continue; -+ else { -+ if (((++nrp[0]) & BN_MASK2) != 0) -+ continue; -+ if (((++nrp[1]) & BN_MASK2) != 0) -+ continue; -+ for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ; -+ } -+ } -+ bn_correct_top(r); -+ -+ /* -+ * mont->ri will be a multiple of the word size and below code is kind of -+ * BN_rshift(ret,r,mont->ri) equivalent -+ */ -+ if (r->top <= ri) { -+ ret->top = 0; -+ return (1); -+ } -+ al = r->top - ri; -+ -+ if (bn_wexpand(ret, ri) == NULL) -+ return (0); -+ x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1); -+ ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */ -+ ret->neg = r->neg; -+ -+ rp = ret->d; -+ ap = &(r->d[ri]); -+ -+ { -+ size_t m1, m2; -+ -+ v = bn_sub_words(rp, ap, np, ri); -+ /* -+ * this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ -+ /* -+ * in other words if subtraction result is real, then trick -+ * unconditional memcpy below to perform in-place "refresh" instead -+ * of actual copy. -+ */ -+ m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al> (sizeof(al) * 8 - 1)) & 1); /* al>ri */ -+ m1 |= m2; /* (al!=ri) */ -+ m1 |= (0 - (size_t)v); /* (al!=ri || v) */ -+ m1 &= ~m2; /* (al!=ri || v) && !al>ri */ -+ nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1)); -+ } -+ -+ /* -+ * 'iN); -- -- ap=a->d; -- /* mont->ri is the size of mont->N in bits (rounded up -- to the word size) */ -- al=ri=mont->ri/BN_BITS2; -- -- nl=n->top; -- if ((al == 0) || (nl == 0)) { r->top=0; return(1); } -- -- max=(nl+al+1); /* allow for overflow (no?) XXX */ -- if (bn_wexpand(r,max) == NULL) goto err; -- -- r->neg=a->neg^n->neg; -- np=n->d; -- rp=r->d; -- nrp= &(r->d[nl]); -- -- /* clear the top words of T */ --#if 1 -- for (i=r->top; id[i]=0; --#else -- memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); --#endif -- -- r->top=max; -- n0=mont->n0; -- --#ifdef BN_COUNT -- fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); --#endif -- for (i=0; i= v) -- continue; -- else -- { -- if (((++nrp[0])&BN_MASK2) != 0) continue; -- if (((++nrp[1])&BN_MASK2) != 0) continue; -- for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; -- } -- } -- bn_correct_top(r); -- -- /* mont->ri will be a multiple of the word size and below code -- * is kind of BN_rshift(ret,r,mont->ri) equivalent */ -- if (r->top <= ri) -- { -- ret->top=0; -- retn=1; -- goto err; -- } -- al=r->top-ri; -- --# define BRANCH_FREE 1 --# if BRANCH_FREE -- if (bn_wexpand(ret,ri) == NULL) goto err; -- x=0-(((al-ri)>>(sizeof(al)*8-1))&1); -- ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ -- ret->neg=r->neg; -- -- rp=ret->d; -- ap=&(r->d[ri]); -- -- { -- size_t m1,m2; -- -- v=bn_sub_words(rp,ap,np,ri); -- /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ -- /* in other words if subtraction result is real, then -- * trick unconditional memcpy below to perform in-place -- * "refresh" instead of actual copy. */ -- m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ -- m1|=m2; /* (al!=ri) */ -- m1|=(0-(size_t)v); /* (al!=ri || v) */ -- m1&=~m2; /* (al!=ri || v) && !al>ri */ -- nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); -- } -- -- /* 'itop=al; -- ret->neg=r->neg; -- -- rp=ret->d; -- ap=&(r->d[ri]); -- al-=4; -- for (i=0; iN); -+ -+ ap = a->d; -+ /* -+ * mont->ri is the size of mont->N in bits (rounded up to the word size) -+ */ -+ al = ri = mont->ri / BN_BITS2; -+ -+ nl = n->top; -+ if ((al == 0) || (nl == 0)) { -+ r->top = 0; -+ return (1); -+ } -+ -+ max = (nl + al + 1); /* allow for overflow (no?) XXX */ -+ if (bn_wexpand(r, max) == NULL) -+ goto err; -+ -+ r->neg = a->neg ^ n->neg; -+ np = n->d; -+ rp = r->d; -+ nrp = &(r->d[nl]); -+ -+ /* clear the top words of T */ -+# if 1 -+ for (i = r->top; i < max; i++) /* memset? XXX */ -+ r->d[i] = 0; -+# else -+ memset(&(r->d[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); -+# endif -+ -+ r->top = max; -+ n0 = mont->n0; -+ -+# ifdef BN_COUNT -+ fprintf(stderr, "word BN_from_montgomery %d * %d\n", nl, nl); -+# endif -+ for (i = 0; i < nl; i++) { -+# ifdef __TANDEM -+ { -+ long long t1; -+ long long t2; -+ long long t3; -+ t1 = rp[0] * (n0 & 0177777); -+ t2 = 037777600000l; -+ t2 = n0 & t2; -+ t3 = rp[0] & 0177777; -+ t2 = (t3 * t2) & BN_MASK2; -+ t1 = t1 + t2; -+ v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); -+ } -+# else -+ v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); -+# endif -+ nrp++; -+ rp++; -+ if (((nrp[-1] += v) & BN_MASK2) >= v) -+ continue; -+ else { -+ if (((++nrp[0]) & BN_MASK2) != 0) -+ continue; -+ if (((++nrp[1]) & BN_MASK2) != 0) -+ continue; -+ for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ; -+ } -+ } -+ bn_correct_top(r); -+ -+ /* -+ * mont->ri will be a multiple of the word size and below code is kind of -+ * BN_rshift(ret,r,mont->ri) equivalent -+ */ -+ if (r->top <= ri) { -+ ret->top = 0; -+ retn = 1; -+ goto err; -+ } -+ al = r->top - ri; -+ -+# define BRANCH_FREE 1 -+# if BRANCH_FREE -+ if (bn_wexpand(ret, ri) == NULL) -+ goto err; -+ x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1); -+ ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */ -+ ret->neg = r->neg; -+ -+ rp = ret->d; -+ ap = &(r->d[ri]); -+ -+ { -+ size_t m1, m2; -+ -+ v = bn_sub_words(rp, ap, np, ri); -+ /* -+ * this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ -+ /* -+ * in other words if subtraction result is real, then trick -+ * unconditional memcpy below to perform in-place "refresh" instead -+ * of actual copy. -+ */ -+ m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al> (sizeof(al) * 8 - 1)) & 1); /* al>ri */ -+ m1 |= m2; /* (al!=ri) */ -+ m1 |= (0 - (size_t)v); /* (al!=ri || v) */ -+ m1 &= ~m2; /* (al!=ri || v) && !al>ri */ -+ nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1)); -+ } -+ -+ /* -+ * 'itop = al; -+ ret->neg = r->neg; -+ -+ rp = ret->d; -+ ap = &(r->d[ri]); -+ al -= 4; -+ for (i = 0; i < al; i += 4) { -+ BN_ULONG t1, t2, t3, t4; -+ -+ t1 = ap[i + 0]; -+ t2 = ap[i + 1]; -+ t3 = ap[i + 2]; -+ t4 = ap[i + 3]; -+ rp[i + 0] = t1; -+ rp[i + 1] = t2; -+ rp[i + 2] = t3; -+ rp[i + 3] = t4; -+ } -+ al += 4; -+ for (; i < al; i++) -+ rp[i] = ap[i]; -+# endif -+# else /* !MONT_WORD */ -+ BIGNUM *t1, *t2; -+ -+ BN_CTX_start(ctx); -+ t1 = BN_CTX_get(ctx); -+ t2 = BN_CTX_get(ctx); -+ if (t1 == NULL || t2 == NULL) -+ goto err; -+ -+ if (!BN_copy(t1, a)) -+ goto err; -+ BN_mask_bits(t1, mont->ri); -+ -+ if (!BN_mul(t2, t1, &mont->Ni, ctx)) -+ goto err; -+ BN_mask_bits(t2, mont->ri); -+ -+ if (!BN_mul(t1, t2, &mont->N, ctx)) -+ goto err; -+ if (!BN_add(t2, a, t1)) -+ goto err; -+ if (!BN_rshift(ret, t2, mont->ri)) -+ goto err; -+# endif /* MONT_WORD */ -+ -+# if !defined(BRANCH_FREE) || BRANCH_FREE==0 -+ if (BN_ucmp(ret, &(mont->N)) >= 0) { -+ if (!BN_usub(ret, ret, &(mont->N))) -+ goto err; -+ } - # endif --#else /* !MONT_WORD */ -- BIGNUM *t1,*t2; -- -- BN_CTX_start(ctx); -- t1 = BN_CTX_get(ctx); -- t2 = BN_CTX_get(ctx); -- if (t1 == NULL || t2 == NULL) goto err; -- -- if (!BN_copy(t1,a)) goto err; -- BN_mask_bits(t1,mont->ri); -- -- if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; -- BN_mask_bits(t2,mont->ri); -- -- if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; -- if (!BN_add(t2,a,t1)) goto err; -- if (!BN_rshift(ret,t2,mont->ri)) goto err; --#endif /* MONT_WORD */ -- --#if !defined(BRANCH_FREE) || BRANCH_FREE==0 -- if (BN_ucmp(ret, &(mont->N)) >= 0) -- { -- if (!BN_usub(ret,ret,&(mont->N))) goto err; -- } --#endif -- retn=1; -- bn_check_top(ret); -+ retn = 1; -+ bn_check_top(ret); - err: -- BN_CTX_end(ctx); -- return(retn); -- } --#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ -+ BN_CTX_end(ctx); -+ return (retn); -+} -+#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ - - BN_MONT_CTX *BN_MONT_CTX_new(void) -- { -- BN_MONT_CTX *ret; -+{ -+ BN_MONT_CTX *ret; - -- if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) -- return(NULL); -+ if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) -+ return (NULL); - -- BN_MONT_CTX_init(ret); -- ret->flags=BN_FLG_MALLOCED; -- return(ret); -- } -+ BN_MONT_CTX_init(ret); -+ ret->flags = BN_FLG_MALLOCED; -+ return (ret); -+} - - void BN_MONT_CTX_init(BN_MONT_CTX *ctx) -- { -- ctx->ri=0; -- BN_init(&(ctx->RR)); -- BN_init(&(ctx->N)); -- BN_init(&(ctx->Ni)); --#if 0 /* for OpenSSL 0.9.9 mont->n0 */ -- ctx->n0[0] = ctx->n0[1] = 0; -+{ -+ ctx->ri = 0; -+ BN_init(&(ctx->RR)); -+ BN_init(&(ctx->N)); -+ BN_init(&(ctx->Ni)); -+#if 0 /* for OpenSSL 0.9.9 mont->n0 */ -+ ctx->n0[0] = ctx->n0[1] = 0; - #else -- ctx->n0 = 0; -+ ctx->n0 = 0; - #endif -- ctx->flags=0; -- } -+ ctx->flags = 0; -+} - - void BN_MONT_CTX_free(BN_MONT_CTX *mont) -- { -- if(mont == NULL) -- return; -+{ -+ if (mont == NULL) -+ return; - -- BN_free(&(mont->RR)); -- BN_free(&(mont->N)); -- BN_free(&(mont->Ni)); -- if (mont->flags & BN_FLG_MALLOCED) -- OPENSSL_free(mont); -- } -+ BN_free(&(mont->RR)); -+ BN_free(&(mont->N)); -+ BN_free(&(mont->Ni)); -+ if (mont->flags & BN_FLG_MALLOCED) -+ OPENSSL_free(mont); -+} - - int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) -- { -- int ret = 0; -- BIGNUM *Ri,*R; -- -- BN_CTX_start(ctx); -- if((Ri = BN_CTX_get(ctx)) == NULL) goto err; -- R= &(mont->RR); /* grab RR as a temp */ -- if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ -- mont->N.neg = 0; -+{ -+ int ret = 0; -+ BIGNUM *Ri, *R; -+ -+ BN_CTX_start(ctx); -+ if ((Ri = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ R = &(mont->RR); /* grab RR as a temp */ -+ if (!BN_copy(&(mont->N), mod)) -+ goto err; /* Set N */ -+ mont->N.neg = 0; - - #ifdef MONT_WORD -- { -- BIGNUM tmod; -- BN_ULONG buf[2]; -- -- mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; -- BN_zero(R); --#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)", -- only certain BN_BITS2<=32 platforms actually need this */ -- if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */ --#else -- if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ --#endif -+ { -+ BIGNUM tmod; -+ BN_ULONG buf[2]; -+ -+ mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; -+ BN_zero(R); -+# if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if -+ * defined(OPENSSL_BN_ASM_MONT) && -+ * (BN_BITS2<=32)", only certain BN_BITS2<=32 -+ * platforms actually need this */ -+ if (!(BN_set_bit(R, 2 * BN_BITS2))) -+ goto err; /* R */ -+# else -+ if (!(BN_set_bit(R, BN_BITS2))) -+ goto err; /* R */ -+# endif - -- buf[0]=mod->d[0]; /* tmod = N mod word size */ -- buf[1]=0; -- -- BN_init(&tmod); -- tmod.d=buf; -- tmod.top = buf[0] != 0 ? 1 : 0; -- tmod.dmax=2; -- tmod.neg=0; -- --#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)"; -- only certain BN_BITS2<=32 platforms actually need this */ -- tmod.top=0; -- if ((buf[0] = mod->d[0])) tmod.top=1; -- if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; -- -- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) -- goto err; -- if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */ -- if (!BN_is_zero(Ri)) -- { -- if (!BN_sub_word(Ri,1)) goto err; -- } -- else /* if N mod word size == 1 */ -- { -- if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL) -- goto err; -- /* Ri-- (mod double word size) */ -- Ri->neg=0; -- Ri->d[0]=BN_MASK2; -- Ri->d[1]=BN_MASK2; -- Ri->top=2; -- } -- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; -- /* Ni = (R*Ri-1)/N, -- * keep only couple of least significant words: */ -- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; -- mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; --#else -- /* Ri = R^-1 mod N*/ -- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) -- goto err; -- if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */ -- if (!BN_is_zero(Ri)) -- { -- if (!BN_sub_word(Ri,1)) goto err; -- } -- else /* if N mod word size == 1 */ -- { -- if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ -- } -- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; -- /* Ni = (R*Ri-1)/N, -- * keep only least significant word: */ --# if 0 /* for OpenSSL 0.9.9 mont->n0 */ -- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; -- mont->n0[1] = 0; -+ buf[0] = mod->d[0]; /* tmod = N mod word size */ -+ buf[1] = 0; -+ -+ BN_init(&tmod); -+ tmod.d = buf; -+ tmod.top = buf[0] != 0 ? 1 : 0; -+ tmod.dmax = 2; -+ tmod.neg = 0; -+ -+# if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if -+ * defined(OPENSSL_BN_ASM_MONT) && -+ * (BN_BITS2<=32)"; only certain BN_BITS2<=32 -+ * platforms actually need this */ -+ tmod.top = 0; -+ if ((buf[0] = mod->d[0])) -+ tmod.top = 1; -+ if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) -+ tmod.top = 2; -+ -+ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) -+ goto err; -+ if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) -+ goto err; /* R*Ri */ -+ if (!BN_is_zero(Ri)) { -+ if (!BN_sub_word(Ri, 1)) -+ goto err; -+ } else { /* if N mod word size == 1 */ -+ -+ if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL) -+ goto err; -+ /* Ri-- (mod double word size) */ -+ Ri->neg = 0; -+ Ri->d[0] = BN_MASK2; -+ Ri->d[1] = BN_MASK2; -+ Ri->top = 2; -+ } -+ if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) -+ goto err; -+ /* -+ * Ni = (R*Ri-1)/N, keep only couple of least significant words: -+ */ -+ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; -+ mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; - # else -- mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; -+ /* Ri = R^-1 mod N */ -+ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) -+ goto err; -+ if (!BN_lshift(Ri, Ri, BN_BITS2)) -+ goto err; /* R*Ri */ -+ if (!BN_is_zero(Ri)) { -+ if (!BN_sub_word(Ri, 1)) -+ goto err; -+ } else { /* if N mod word size == 1 */ -+ -+ if (!BN_set_word(Ri, BN_MASK2)) -+ goto err; /* Ri-- (mod word size) */ -+ } -+ if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) -+ goto err; -+ /* -+ * Ni = (R*Ri-1)/N, keep only least significant word: -+ */ -+# if 0 /* for OpenSSL 0.9.9 mont->n0 */ -+ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; -+ mont->n0[1] = 0; -+# else -+ mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; -+# endif - # endif --#endif -- } --#else /* !MONT_WORD */ -- { /* bignum version */ -- mont->ri=BN_num_bits(&mont->N); -- BN_zero(R); -- if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ -- /* Ri = R^-1 mod N*/ -- if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL) -- goto err; -- if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */ -- if (!BN_sub_word(Ri,1)) goto err; -- /* Ni = (R*Ri-1) / N */ -- if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err; -- } -+ } -+#else /* !MONT_WORD */ -+ { /* bignum version */ -+ mont->ri = BN_num_bits(&mont->N); -+ BN_zero(R); -+ if (!BN_set_bit(R, mont->ri)) -+ goto err; /* R = 2^ri */ -+ /* Ri = R^-1 mod N */ -+ if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL) -+ goto err; -+ if (!BN_lshift(Ri, Ri, mont->ri)) -+ goto err; /* R*Ri */ -+ if (!BN_sub_word(Ri, 1)) -+ goto err; -+ /* -+ * Ni = (R*Ri-1) / N -+ */ -+ if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx)) -+ goto err; -+ } - #endif - -- /* setup RR for conversions */ -- BN_zero(&(mont->RR)); -- if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; -- if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; -+ /* setup RR for conversions */ -+ BN_zero(&(mont->RR)); -+ if (!BN_set_bit(&(mont->RR), mont->ri * 2)) -+ goto err; -+ if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) -+ goto err; - -- ret = 1; --err: -- BN_CTX_end(ctx); -- return ret; -- } -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ return ret; -+} - - BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) -- { -- if (to == from) return(to); -- -- if (!BN_copy(&(to->RR),&(from->RR))) return NULL; -- if (!BN_copy(&(to->N),&(from->N))) return NULL; -- if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; -- to->ri=from->ri; --#if 0 /* for OpenSSL 0.9.9 mont->n0 */ -- to->n0[0]=from->n0[0]; -- to->n0[1]=from->n0[1]; -+{ -+ if (to == from) -+ return (to); -+ -+ if (!BN_copy(&(to->RR), &(from->RR))) -+ return NULL; -+ if (!BN_copy(&(to->N), &(from->N))) -+ return NULL; -+ if (!BN_copy(&(to->Ni), &(from->Ni))) -+ return NULL; -+ to->ri = from->ri; -+#if 0 /* for OpenSSL 0.9.9 mont->n0 */ -+ to->n0[0] = from->n0[0]; -+ to->n0[1] = from->n0[1]; - #else -- to->n0=from->n0; -+ to->n0 = from->n0; - #endif -- return(to); -- } -+ return (to); -+} - - BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, -- const BIGNUM *mod, BN_CTX *ctx) -- { -- BN_MONT_CTX *ret; -- -- CRYPTO_r_lock(lock); -- ret = *pmont; -- CRYPTO_r_unlock(lock); -- if (ret) -- return ret; -- -- /* We don't want to serialise globally while doing our lazy-init math in -- * BN_MONT_CTX_set. That punishes threads that are doing independent -- * things. Instead, punish the case where more than one thread tries to -- * lazy-init the same 'pmont', by having each do the lazy-init math work -- * independently and only use the one from the thread that wins the race -- * (the losers throw away the work they've done). */ -- ret = BN_MONT_CTX_new(); -- if (!ret) -- return NULL; -- if (!BN_MONT_CTX_set(ret, mod, ctx)) -- { -- BN_MONT_CTX_free(ret); -- return NULL; -- } -- -- /* The locked compare-and-set, after the local work is done. */ -- CRYPTO_w_lock(lock); -- if (*pmont) -- { -- BN_MONT_CTX_free(ret); -- ret = *pmont; -- } -- else -- *pmont = ret; -- CRYPTO_w_unlock(lock); -- return ret; -- } -+ const BIGNUM *mod, BN_CTX *ctx) -+{ -+ BN_MONT_CTX *ret; -+ -+ CRYPTO_r_lock(lock); -+ ret = *pmont; -+ CRYPTO_r_unlock(lock); -+ if (ret) -+ return ret; -+ -+ /* -+ * We don't want to serialise globally while doing our lazy-init math in -+ * BN_MONT_CTX_set. That punishes threads that are doing independent -+ * things. Instead, punish the case where more than one thread tries to -+ * lazy-init the same 'pmont', by having each do the lazy-init math work -+ * independently and only use the one from the thread that wins the race -+ * (the losers throw away the work they've done). -+ */ -+ ret = BN_MONT_CTX_new(); -+ if (!ret) -+ return NULL; -+ if (!BN_MONT_CTX_set(ret, mod, ctx)) { -+ BN_MONT_CTX_free(ret); -+ return NULL; -+ } -+ -+ /* The locked compare-and-set, after the local work is done. */ -+ CRYPTO_w_lock(lock); -+ if (*pmont) { -+ BN_MONT_CTX_free(ret); -+ ret = *pmont; -+ } else -+ *pmont = ret; -+ CRYPTO_w_unlock(lock); -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c -index a054d21..3bd40bb 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,70 +61,68 @@ - #include "bn_lcl.h" - - int BN_bn2mpi(const BIGNUM *a, unsigned char *d) -- { -- int bits; -- int num=0; -- int ext=0; -- long l; -+{ -+ int bits; -+ int num = 0; -+ int ext = 0; -+ long l; - -- bits=BN_num_bits(a); -- num=(bits+7)/8; -- if (bits > 0) -- { -- ext=((bits & 0x07) == 0); -- } -- if (d == NULL) -- return(num+4+ext); -+ bits = BN_num_bits(a); -+ num = (bits + 7) / 8; -+ if (bits > 0) { -+ ext = ((bits & 0x07) == 0); -+ } -+ if (d == NULL) -+ return (num + 4 + ext); - -- l=num+ext; -- d[0]=(unsigned char)(l>>24)&0xff; -- d[1]=(unsigned char)(l>>16)&0xff; -- d[2]=(unsigned char)(l>> 8)&0xff; -- d[3]=(unsigned char)(l )&0xff; -- if (ext) d[4]=0; -- num=BN_bn2bin(a,&(d[4+ext])); -- if (a->neg) -- d[4]|=0x80; -- return(num+4+ext); -- } -+ l = num + ext; -+ d[0] = (unsigned char)(l >> 24) & 0xff; -+ d[1] = (unsigned char)(l >> 16) & 0xff; -+ d[2] = (unsigned char)(l >> 8) & 0xff; -+ d[3] = (unsigned char)(l) & 0xff; -+ if (ext) -+ d[4] = 0; -+ num = BN_bn2bin(a, &(d[4 + ext])); -+ if (a->neg) -+ d[4] |= 0x80; -+ return (num + 4 + ext); -+} - - BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) -- { -- long len; -- int neg=0; -- -- if (n < 4) -- { -- BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH); -- return(NULL); -- } -- len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3]; -- if ((len+4) != n) -- { -- BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR); -- return(NULL); -- } -+{ -+ long len; -+ int neg = 0; - -- if (a == NULL) a=BN_new(); -- if (a == NULL) return(NULL); -+ if (n < 4) { -+ BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); -+ return (NULL); -+ } -+ len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) -+ d[3]; -+ if ((len + 4) != n) { -+ BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); -+ return (NULL); -+ } - -- if (len == 0) -- { -- a->neg=0; -- a->top=0; -- return(a); -- } -- d+=4; -- if ((*d) & 0x80) -- neg=1; -- if (BN_bin2bn(d,(int)len,a) == NULL) -- return(NULL); -- a->neg=neg; -- if (neg) -- { -- BN_clear_bit(a,BN_num_bits(a)-1); -- } -- bn_check_top(a); -- return(a); -- } -+ if (a == NULL) -+ a = BN_new(); -+ if (a == NULL) -+ return (NULL); - -+ if (len == 0) { -+ a->neg = 0; -+ a->top = 0; -+ return (a); -+ } -+ d += 4; -+ if ((*d) & 0x80) -+ neg = 1; -+ if (BN_bin2bn(d, (int)len, a) == NULL) -+ return (NULL); -+ a->neg = neg; -+ if (neg) { -+ BN_clear_bit(a, BN_num_bits(a) - 1); -+ } -+ bn_check_top(a); -+ return (a); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c -index 12e5be8..b174850 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,7 +57,7 @@ - */ - - #ifndef BN_DEBUG --# undef NDEBUG /* avoid conflicting definitions */ -+# undef NDEBUG /* avoid conflicting definitions */ - # define NDEBUG - #endif - -@@ -67,319 +67,353 @@ - #include "bn_lcl.h" - - #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) --/* Here follows specialised variants of bn_add_words() and -- bn_sub_words(). They have the property performing operations on -- arrays of different sizes. The sizes of those arrays is expressed through -- cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl, -- which is the delta between the two lengths, calculated as len(a)-len(b). -- All lengths are the number of BN_ULONGs... For the operations that require -- a result array as parameter, it must have the length cl+abs(dl). -- These functions should probably end up in bn_asm.c as soon as there are -- assembler counterparts for the systems that use assembler files. */ -+/* -+ * Here follows specialised variants of bn_add_words() and bn_sub_words(). -+ * They have the property performing operations on arrays of different sizes. -+ * The sizes of those arrays is expressed through cl, which is the common -+ * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta -+ * between the two lengths, calculated as len(a)-len(b). All lengths are the -+ * number of BN_ULONGs... For the operations that require a result array as -+ * parameter, it must have the length cl+abs(dl). These functions should -+ * probably end up in bn_asm.c as soon as there are assembler counterparts -+ * for the systems that use assembler files. -+ */ - - BN_ULONG bn_sub_part_words(BN_ULONG *r, -- const BN_ULONG *a, const BN_ULONG *b, -- int cl, int dl) -- { -- BN_ULONG c, t; -+ const BN_ULONG *a, const BN_ULONG *b, -+ int cl, int dl) -+{ -+ BN_ULONG c, t; - -- assert(cl >= 0); -- c = bn_sub_words(r, a, b, cl); -+ assert(cl >= 0); -+ c = bn_sub_words(r, a, b, cl); - -- if (dl == 0) -- return c; -+ if (dl == 0) -+ return c; - -- r += cl; -- a += cl; -- b += cl; -+ r += cl; -+ a += cl; -+ b += cl; - -- if (dl < 0) -- { --#ifdef BN_COUNT -- fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); --#endif -- for (;;) -- { -- t = b[0]; -- r[0] = (0-t-c)&BN_MASK2; -- if (t != 0) c=1; -- if (++dl >= 0) break; -- -- t = b[1]; -- r[1] = (0-t-c)&BN_MASK2; -- if (t != 0) c=1; -- if (++dl >= 0) break; -- -- t = b[2]; -- r[2] = (0-t-c)&BN_MASK2; -- if (t != 0) c=1; -- if (++dl >= 0) break; -- -- t = b[3]; -- r[3] = (0-t-c)&BN_MASK2; -- if (t != 0) c=1; -- if (++dl >= 0) break; -- -- b += 4; -- r += 4; -- } -- } -- else -- { -- int save_dl = dl; --#ifdef BN_COUNT -- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); --#endif -- while(c) -- { -- t = a[0]; -- r[0] = (t-c)&BN_MASK2; -- if (t != 0) c=0; -- if (--dl <= 0) break; -- -- t = a[1]; -- r[1] = (t-c)&BN_MASK2; -- if (t != 0) c=0; -- if (--dl <= 0) break; -- -- t = a[2]; -- r[2] = (t-c)&BN_MASK2; -- if (t != 0) c=0; -- if (--dl <= 0) break; -- -- t = a[3]; -- r[3] = (t-c)&BN_MASK2; -- if (t != 0) c=0; -- if (--dl <= 0) break; -- -- save_dl = dl; -- a += 4; -- r += 4; -- } -- if (dl > 0) -- { --#ifdef BN_COUNT -- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); --#endif -- if (save_dl > dl) -- { -- switch (save_dl - dl) -- { -- case 1: -- r[1] = a[1]; -- if (--dl <= 0) break; -- case 2: -- r[2] = a[2]; -- if (--dl <= 0) break; -- case 3: -- r[3] = a[3]; -- if (--dl <= 0) break; -- } -- a += 4; -- r += 4; -- } -- } -- if (dl > 0) -- { --#ifdef BN_COUNT -- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); --#endif -- for(;;) -- { -- r[0] = a[0]; -- if (--dl <= 0) break; -- r[1] = a[1]; -- if (--dl <= 0) break; -- r[2] = a[2]; -- if (--dl <= 0) break; -- r[3] = a[3]; -- if (--dl <= 0) break; -- -- a += 4; -- r += 4; -- } -- } -- } -- return c; -- } -+ if (dl < 0) { -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, -+ dl, c); -+# endif -+ for (;;) { -+ t = b[0]; -+ r[0] = (0 - t - c) & BN_MASK2; -+ if (t != 0) -+ c = 1; -+ if (++dl >= 0) -+ break; -+ -+ t = b[1]; -+ r[1] = (0 - t - c) & BN_MASK2; -+ if (t != 0) -+ c = 1; -+ if (++dl >= 0) -+ break; -+ -+ t = b[2]; -+ r[2] = (0 - t - c) & BN_MASK2; -+ if (t != 0) -+ c = 1; -+ if (++dl >= 0) -+ break; -+ -+ t = b[3]; -+ r[3] = (0 - t - c) & BN_MASK2; -+ if (t != 0) -+ c = 1; -+ if (++dl >= 0) -+ break; -+ -+ b += 4; -+ r += 4; -+ } -+ } else { -+ int save_dl = dl; -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, -+ dl, c); -+# endif -+ while (c) { -+ t = a[0]; -+ r[0] = (t - c) & BN_MASK2; -+ if (t != 0) -+ c = 0; -+ if (--dl <= 0) -+ break; -+ -+ t = a[1]; -+ r[1] = (t - c) & BN_MASK2; -+ if (t != 0) -+ c = 0; -+ if (--dl <= 0) -+ break; -+ -+ t = a[2]; -+ r[2] = (t - c) & BN_MASK2; -+ if (t != 0) -+ c = 0; -+ if (--dl <= 0) -+ break; -+ -+ t = a[3]; -+ r[3] = (t - c) & BN_MASK2; -+ if (t != 0) -+ c = 0; -+ if (--dl <= 0) -+ break; -+ -+ save_dl = dl; -+ a += 4; -+ r += 4; -+ } -+ if (dl > 0) { -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", -+ cl, dl); -+# endif -+ if (save_dl > dl) { -+ switch (save_dl - dl) { -+ case 1: -+ r[1] = a[1]; -+ if (--dl <= 0) -+ break; -+ case 2: -+ r[2] = a[2]; -+ if (--dl <= 0) -+ break; -+ case 3: -+ r[3] = a[3]; -+ if (--dl <= 0) -+ break; -+ } -+ a += 4; -+ r += 4; -+ } -+ } -+ if (dl > 0) { -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", -+ cl, dl); -+# endif -+ for (;;) { -+ r[0] = a[0]; -+ if (--dl <= 0) -+ break; -+ r[1] = a[1]; -+ if (--dl <= 0) -+ break; -+ r[2] = a[2]; -+ if (--dl <= 0) -+ break; -+ r[3] = a[3]; -+ if (--dl <= 0) -+ break; -+ -+ a += 4; -+ r += 4; -+ } -+ } -+ } -+ return c; -+} - #endif - - BN_ULONG bn_add_part_words(BN_ULONG *r, -- const BN_ULONG *a, const BN_ULONG *b, -- int cl, int dl) -- { -- BN_ULONG c, l, t; -+ const BN_ULONG *a, const BN_ULONG *b, -+ int cl, int dl) -+{ -+ BN_ULONG c, l, t; - -- assert(cl >= 0); -- c = bn_add_words(r, a, b, cl); -+ assert(cl >= 0); -+ c = bn_add_words(r, a, b, cl); - -- if (dl == 0) -- return c; -+ if (dl == 0) -+ return c; - -- r += cl; -- a += cl; -- b += cl; -+ r += cl; -+ a += cl; -+ b += cl; - -- if (dl < 0) -- { -- int save_dl = dl; -+ if (dl < 0) { -+ int save_dl = dl; - #ifdef BN_COUNT -- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); -+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, -+ dl, c); - #endif -- while (c) -- { -- l=(c+b[0])&BN_MASK2; -- c=(l < c); -- r[0]=l; -- if (++dl >= 0) break; -- -- l=(c+b[1])&BN_MASK2; -- c=(l < c); -- r[1]=l; -- if (++dl >= 0) break; -- -- l=(c+b[2])&BN_MASK2; -- c=(l < c); -- r[2]=l; -- if (++dl >= 0) break; -- -- l=(c+b[3])&BN_MASK2; -- c=(l < c); -- r[3]=l; -- if (++dl >= 0) break; -- -- save_dl = dl; -- b+=4; -- r+=4; -- } -- if (dl < 0) -- { -+ while (c) { -+ l = (c + b[0]) & BN_MASK2; -+ c = (l < c); -+ r[0] = l; -+ if (++dl >= 0) -+ break; -+ -+ l = (c + b[1]) & BN_MASK2; -+ c = (l < c); -+ r[1] = l; -+ if (++dl >= 0) -+ break; -+ -+ l = (c + b[2]) & BN_MASK2; -+ c = (l < c); -+ r[2] = l; -+ if (++dl >= 0) -+ break; -+ -+ l = (c + b[3]) & BN_MASK2; -+ c = (l < c); -+ r[3] = l; -+ if (++dl >= 0) -+ break; -+ -+ save_dl = dl; -+ b += 4; -+ r += 4; -+ } -+ if (dl < 0) { - #ifdef BN_COUNT -- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); -+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", -+ cl, dl); - #endif -- if (save_dl < dl) -- { -- switch (dl - save_dl) -- { -- case 1: -- r[1] = b[1]; -- if (++dl >= 0) break; -- case 2: -- r[2] = b[2]; -- if (++dl >= 0) break; -- case 3: -- r[3] = b[3]; -- if (++dl >= 0) break; -- } -- b += 4; -- r += 4; -- } -- } -- if (dl < 0) -- { -+ if (save_dl < dl) { -+ switch (dl - save_dl) { -+ case 1: -+ r[1] = b[1]; -+ if (++dl >= 0) -+ break; -+ case 2: -+ r[2] = b[2]; -+ if (++dl >= 0) -+ break; -+ case 3: -+ r[3] = b[3]; -+ if (++dl >= 0) -+ break; -+ } -+ b += 4; -+ r += 4; -+ } -+ } -+ if (dl < 0) { - #ifdef BN_COUNT -- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); -+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", -+ cl, dl); - #endif -- for(;;) -- { -- r[0] = b[0]; -- if (++dl >= 0) break; -- r[1] = b[1]; -- if (++dl >= 0) break; -- r[2] = b[2]; -- if (++dl >= 0) break; -- r[3] = b[3]; -- if (++dl >= 0) break; -- -- b += 4; -- r += 4; -- } -- } -- } -- else -- { -- int save_dl = dl; -+ for (;;) { -+ r[0] = b[0]; -+ if (++dl >= 0) -+ break; -+ r[1] = b[1]; -+ if (++dl >= 0) -+ break; -+ r[2] = b[2]; -+ if (++dl >= 0) -+ break; -+ r[3] = b[3]; -+ if (++dl >= 0) -+ break; -+ -+ b += 4; -+ r += 4; -+ } -+ } -+ } else { -+ int save_dl = dl; - #ifdef BN_COUNT -- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); -+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); - #endif -- while (c) -- { -- t=(a[0]+c)&BN_MASK2; -- c=(t < c); -- r[0]=t; -- if (--dl <= 0) break; -- -- t=(a[1]+c)&BN_MASK2; -- c=(t < c); -- r[1]=t; -- if (--dl <= 0) break; -- -- t=(a[2]+c)&BN_MASK2; -- c=(t < c); -- r[2]=t; -- if (--dl <= 0) break; -- -- t=(a[3]+c)&BN_MASK2; -- c=(t < c); -- r[3]=t; -- if (--dl <= 0) break; -- -- save_dl = dl; -- a+=4; -- r+=4; -- } -+ while (c) { -+ t = (a[0] + c) & BN_MASK2; -+ c = (t < c); -+ r[0] = t; -+ if (--dl <= 0) -+ break; -+ -+ t = (a[1] + c) & BN_MASK2; -+ c = (t < c); -+ r[1] = t; -+ if (--dl <= 0) -+ break; -+ -+ t = (a[2] + c) & BN_MASK2; -+ c = (t < c); -+ r[2] = t; -+ if (--dl <= 0) -+ break; -+ -+ t = (a[3] + c) & BN_MASK2; -+ c = (t < c); -+ r[3] = t; -+ if (--dl <= 0) -+ break; -+ -+ save_dl = dl; -+ a += 4; -+ r += 4; -+ } - #ifdef BN_COUNT -- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); -+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, -+ dl); - #endif -- if (dl > 0) -- { -- if (save_dl > dl) -- { -- switch (save_dl - dl) -- { -- case 1: -- r[1] = a[1]; -- if (--dl <= 0) break; -- case 2: -- r[2] = a[2]; -- if (--dl <= 0) break; -- case 3: -- r[3] = a[3]; -- if (--dl <= 0) break; -- } -- a += 4; -- r += 4; -- } -- } -- if (dl > 0) -- { -+ if (dl > 0) { -+ if (save_dl > dl) { -+ switch (save_dl - dl) { -+ case 1: -+ r[1] = a[1]; -+ if (--dl <= 0) -+ break; -+ case 2: -+ r[2] = a[2]; -+ if (--dl <= 0) -+ break; -+ case 3: -+ r[3] = a[3]; -+ if (--dl <= 0) -+ break; -+ } -+ a += 4; -+ r += 4; -+ } -+ } -+ if (dl > 0) { - #ifdef BN_COUNT -- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); -+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", -+ cl, dl); - #endif -- for(;;) -- { -- r[0] = a[0]; -- if (--dl <= 0) break; -- r[1] = a[1]; -- if (--dl <= 0) break; -- r[2] = a[2]; -- if (--dl <= 0) break; -- r[3] = a[3]; -- if (--dl <= 0) break; -- -- a += 4; -- r += 4; -- } -- } -- } -- return c; -- } -+ for (;;) { -+ r[0] = a[0]; -+ if (--dl <= 0) -+ break; -+ r[1] = a[1]; -+ if (--dl <= 0) -+ break; -+ r[2] = a[2]; -+ if (--dl <= 0) -+ break; -+ r[3] = a[3]; -+ if (--dl <= 0) -+ break; -+ -+ a += 4; -+ r += 4; -+ } -+ } -+ } -+ return c; -+} - - #ifdef BN_RECURSION --/* Karatsuba recursive multiplication algorithm -- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ -+/* -+ * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of -+ * Computer Programming, Vol. 2) -+ */ - --/* r is 2*n2 words in size, -+/*- -+ * r is 2*n2 words in size, - * a and b are both n2 words in size. - * n2 must be a power of 2. - * We multiply and return the result. -@@ -391,776 +425,740 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, - */ - /* dnX may not be positive, but n2/2+dnX has to be */ - void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, -- int dna, int dnb, BN_ULONG *t) -- { -- int n=n2/2,c1,c2; -- int tna=n+dna, tnb=n+dnb; -- unsigned int neg,zero; -- BN_ULONG ln,lo,*p; -+ int dna, int dnb, BN_ULONG *t) -+{ -+ int n = n2 / 2, c1, c2; -+ int tna = n + dna, tnb = n + dnb; -+ unsigned int neg, zero; -+ BN_ULONG ln, lo, *p; - - # ifdef BN_COUNT -- fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); -+ fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb); - # endif - # ifdef BN_MUL_COMBA - # if 0 -- if (n2 == 4) -- { -- bn_mul_comba4(r,a,b); -- return; -- } -+ if (n2 == 4) { -+ bn_mul_comba4(r, a, b); -+ return; -+ } - # endif -- /* Only call bn_mul_comba 8 if n2 == 8 and the -- * two arrays are complete [steve] -- */ -- if (n2 == 8 && dna == 0 && dnb == 0) -- { -- bn_mul_comba8(r,a,b); -- return; -- } --# endif /* BN_MUL_COMBA */ -- /* Else do normal multiply */ -- if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) -- { -- bn_mul_normal(r,a,n2+dna,b,n2+dnb); -- if ((dna + dnb) < 0) -- memset(&r[2*n2 + dna + dnb], 0, -- sizeof(BN_ULONG) * -(dna + dnb)); -- return; -- } -- /* r=(a[0]-a[1])*(b[1]-b[0]) */ -- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); -- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); -- zero=neg=0; -- switch (c1*3+c2) -- { -- case -4: -- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ -- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ -- break; -- case -3: -- zero=1; -- break; -- case -2: -- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ -- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ -- neg=1; -- break; -- case -1: -- case 0: -- case 1: -- zero=1; -- break; -- case 2: -- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ -- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ -- neg=1; -- break; -- case 3: -- zero=1; -- break; -- case 4: -- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); -- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); -- break; -- } -+ /* -+ * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete -+ * [steve] -+ */ -+ if (n2 == 8 && dna == 0 && dnb == 0) { -+ bn_mul_comba8(r, a, b); -+ return; -+ } -+# endif /* BN_MUL_COMBA */ -+ /* Else do normal multiply */ -+ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { -+ bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); -+ if ((dna + dnb) < 0) -+ memset(&r[2 * n2 + dna + dnb], 0, -+ sizeof(BN_ULONG) * -(dna + dnb)); -+ return; -+ } -+ /* r=(a[0]-a[1])*(b[1]-b[0]) */ -+ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); -+ c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); -+ zero = neg = 0; -+ switch (c1 * 3 + c2) { -+ case -4: -+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ -+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ -+ break; -+ case -3: -+ zero = 1; -+ break; -+ case -2: -+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ -+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ -+ neg = 1; -+ break; -+ case -1: -+ case 0: -+ case 1: -+ zero = 1; -+ break; -+ case 2: -+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ -+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ -+ neg = 1; -+ break; -+ case 3: -+ zero = 1; -+ break; -+ case 4: -+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); -+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); -+ break; -+ } - - # ifdef BN_MUL_COMBA -- if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take -- extra args to do this well */ -- { -- if (!zero) -- bn_mul_comba4(&(t[n2]),t,&(t[n])); -- else -- memset(&(t[n2]),0,8*sizeof(BN_ULONG)); -- -- bn_mul_comba4(r,a,b); -- bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); -- } -- else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could -- take extra args to do this -- well */ -- { -- if (!zero) -- bn_mul_comba8(&(t[n2]),t,&(t[n])); -- else -- memset(&(t[n2]),0,16*sizeof(BN_ULONG)); -- -- bn_mul_comba8(r,a,b); -- bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n])); -- } -- else --# endif /* BN_MUL_COMBA */ -- { -- p= &(t[n2*2]); -- if (!zero) -- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); -- else -- memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); -- bn_mul_recursive(r,a,b,n,0,0,p); -- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); -- } -- -- /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign -- * r[10] holds (a[0]*b[0]) -- * r[32] holds (b[1]*b[1]) -- */ -- -- c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); -- -- if (neg) /* if t[32] is negative */ -- { -- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); -- } -- else -- { -- /* Might have a carry */ -- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); -- } -- -- /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) -- * r[10] holds (a[0]*b[0]) -- * r[32] holds (b[1]*b[1]) -- * c1 holds the carry bits -- */ -- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); -- if (c1) -- { -- p= &(r[n+n2]); -- lo= *p; -- ln=(lo+c1)&BN_MASK2; -- *p=ln; -- -- /* The overflow will stop before we over write -- * words we should not overwrite */ -- if (ln < (BN_ULONG)c1) -- { -- do { -- p++; -- lo= *p; -- ln=(lo+1)&BN_MASK2; -- *p=ln; -- } while (ln == 0); -- } -- } -- } -- --/* n+tn is the word length -- * t needs to be n*4 is size, as does r */ -+ if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take -+ * extra args to do this well */ -+ if (!zero) -+ bn_mul_comba4(&(t[n2]), t, &(t[n])); -+ else -+ memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); -+ -+ bn_mul_comba4(r, a, b); -+ bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); -+ } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could -+ * take extra args to do -+ * this well */ -+ if (!zero) -+ bn_mul_comba8(&(t[n2]), t, &(t[n])); -+ else -+ memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); -+ -+ bn_mul_comba8(r, a, b); -+ bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); -+ } else -+# endif /* BN_MUL_COMBA */ -+ { -+ p = &(t[n2 * 2]); -+ if (!zero) -+ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); -+ else -+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); -+ bn_mul_recursive(r, a, b, n, 0, 0, p); -+ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); -+ } -+ -+ /*- -+ * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign -+ * r[10] holds (a[0]*b[0]) -+ * r[32] holds (b[1]*b[1]) -+ */ -+ -+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); -+ -+ if (neg) { /* if t[32] is negative */ -+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); -+ } else { -+ /* Might have a carry */ -+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); -+ } -+ -+ /*- -+ * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) -+ * r[10] holds (a[0]*b[0]) -+ * r[32] holds (b[1]*b[1]) -+ * c1 holds the carry bits -+ */ -+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); -+ if (c1) { -+ p = &(r[n + n2]); -+ lo = *p; -+ ln = (lo + c1) & BN_MASK2; -+ *p = ln; -+ -+ /* -+ * The overflow will stop before we over write words we should not -+ * overwrite -+ */ -+ if (ln < (BN_ULONG)c1) { -+ do { -+ p++; -+ lo = *p; -+ ln = (lo + 1) & BN_MASK2; -+ *p = ln; -+ } while (ln == 0); -+ } -+ } -+} -+ -+/* -+ * n+tn is the word length t needs to be n*4 is size, as does r -+ */ - /* tnX may not be negative but less than n */ - void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, -- int tna, int tnb, BN_ULONG *t) -- { -- int i,j,n2=n*2; -- int c1,c2,neg; -- BN_ULONG ln,lo,*p; -+ int tna, int tnb, BN_ULONG *t) -+{ -+ int i, j, n2 = n * 2; -+ int c1, c2, neg; -+ BN_ULONG ln, lo, *p; - - # ifdef BN_COUNT -- fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", -- n, tna, n, tnb); -+ fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n", -+ n, tna, n, tnb); - # endif -- if (n < 8) -- { -- bn_mul_normal(r,a,n+tna,b,n+tnb); -- return; -- } -- -- /* r=(a[0]-a[1])*(b[1]-b[0]) */ -- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); -- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); -- neg=0; -- switch (c1*3+c2) -- { -- case -4: -- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ -- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ -- break; -- case -3: -- /* break; */ -- case -2: -- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ -- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ -- neg=1; -- break; -- case -1: -- case 0: -- case 1: -- /* break; */ -- case 2: -- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ -- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ -- neg=1; -- break; -- case 3: -- /* break; */ -- case 4: -- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); -- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); -- break; -- } -- /* The zero case isn't yet implemented here. The speedup -- would probably be negligible. */ -+ if (n < 8) { -+ bn_mul_normal(r, a, n + tna, b, n + tnb); -+ return; -+ } -+ -+ /* r=(a[0]-a[1])*(b[1]-b[0]) */ -+ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); -+ c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); -+ neg = 0; -+ switch (c1 * 3 + c2) { -+ case -4: -+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ -+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ -+ break; -+ case -3: -+ /* break; */ -+ case -2: -+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ -+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ -+ neg = 1; -+ break; -+ case -1: -+ case 0: -+ case 1: -+ /* break; */ -+ case 2: -+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ -+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ -+ neg = 1; -+ break; -+ case 3: -+ /* break; */ -+ case 4: -+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); -+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); -+ break; -+ } -+ /* -+ * The zero case isn't yet implemented here. The speedup would probably -+ * be negligible. -+ */ - # if 0 -- if (n == 4) -- { -- bn_mul_comba4(&(t[n2]),t,&(t[n])); -- bn_mul_comba4(r,a,b); -- bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); -- memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); -- } -- else -+ if (n == 4) { -+ bn_mul_comba4(&(t[n2]), t, &(t[n])); -+ bn_mul_comba4(r, a, b); -+ bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); -+ memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); -+ } else - # endif -- if (n == 8) -- { -- bn_mul_comba8(&(t[n2]),t,&(t[n])); -- bn_mul_comba8(r,a,b); -- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); -- memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); -- } -- else -- { -- p= &(t[n2*2]); -- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); -- bn_mul_recursive(r,a,b,n,0,0,p); -- i=n/2; -- /* If there is only a bottom half to the number, -- * just do it */ -- if (tna > tnb) -- j = tna - i; -- else -- j = tnb - i; -- if (j == 0) -- { -- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), -- i,tna-i,tnb-i,p); -- memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); -- } -- else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ -- { -- bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), -- i,tna-i,tnb-i,p); -- memset(&(r[n2+tna+tnb]),0, -- sizeof(BN_ULONG)*(n2-tna-tnb)); -- } -- else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ -- { -- memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); -- if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL -- && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) -- { -- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); -- } -- else -- { -- for (;;) -- { -- i/=2; -- /* these simplified conditions work -- * exclusively because difference -- * between tna and tnb is 1 or 0 */ -- if (i < tna || i < tnb) -- { -- bn_mul_part_recursive(&(r[n2]), -- &(a[n]),&(b[n]), -- i,tna-i,tnb-i,p); -- break; -- } -- else if (i == tna || i == tnb) -- { -- bn_mul_recursive(&(r[n2]), -- &(a[n]),&(b[n]), -- i,tna-i,tnb-i,p); -- break; -- } -- } -- } -- } -- } -- -- /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign -- * r[10] holds (a[0]*b[0]) -- * r[32] holds (b[1]*b[1]) -- */ -- -- c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); -- -- if (neg) /* if t[32] is negative */ -- { -- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); -- } -- else -- { -- /* Might have a carry */ -- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); -- } -- -- /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) -- * r[10] holds (a[0]*b[0]) -- * r[32] holds (b[1]*b[1]) -- * c1 holds the carry bits -- */ -- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); -- if (c1) -- { -- p= &(r[n+n2]); -- lo= *p; -- ln=(lo+c1)&BN_MASK2; -- *p=ln; -- -- /* The overflow will stop before we over write -- * words we should not overwrite */ -- if (ln < (BN_ULONG)c1) -- { -- do { -- p++; -- lo= *p; -- ln=(lo+1)&BN_MASK2; -- *p=ln; -- } while (ln == 0); -- } -- } -- } -- --/* a and b must be the same size, which is n2. -+ if (n == 8) { -+ bn_mul_comba8(&(t[n2]), t, &(t[n])); -+ bn_mul_comba8(r, a, b); -+ bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); -+ memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); -+ } else { -+ p = &(t[n2 * 2]); -+ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); -+ bn_mul_recursive(r, a, b, n, 0, 0, p); -+ i = n / 2; -+ /* -+ * If there is only a bottom half to the number, just do it -+ */ -+ if (tna > tnb) -+ j = tna - i; -+ else -+ j = tnb - i; -+ if (j == 0) { -+ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), -+ i, tna - i, tnb - i, p); -+ memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); -+ } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ -+ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), -+ i, tna - i, tnb - i, p); -+ memset(&(r[n2 + tna + tnb]), 0, -+ sizeof(BN_ULONG) * (n2 - tna - tnb)); -+ } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ -+ -+ memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); -+ if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL -+ && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { -+ bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); -+ } else { -+ for (;;) { -+ i /= 2; -+ /* -+ * these simplified conditions work exclusively because -+ * difference between tna and tnb is 1 or 0 -+ */ -+ if (i < tna || i < tnb) { -+ bn_mul_part_recursive(&(r[n2]), -+ &(a[n]), &(b[n]), -+ i, tna - i, tnb - i, p); -+ break; -+ } else if (i == tna || i == tnb) { -+ bn_mul_recursive(&(r[n2]), -+ &(a[n]), &(b[n]), -+ i, tna - i, tnb - i, p); -+ break; -+ } -+ } -+ } -+ } -+ } -+ -+ /*- -+ * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign -+ * r[10] holds (a[0]*b[0]) -+ * r[32] holds (b[1]*b[1]) -+ */ -+ -+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); -+ -+ if (neg) { /* if t[32] is negative */ -+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); -+ } else { -+ /* Might have a carry */ -+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); -+ } -+ -+ /*- -+ * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) -+ * r[10] holds (a[0]*b[0]) -+ * r[32] holds (b[1]*b[1]) -+ * c1 holds the carry bits -+ */ -+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); -+ if (c1) { -+ p = &(r[n + n2]); -+ lo = *p; -+ ln = (lo + c1) & BN_MASK2; -+ *p = ln; -+ -+ /* -+ * The overflow will stop before we over write words we should not -+ * overwrite -+ */ -+ if (ln < (BN_ULONG)c1) { -+ do { -+ p++; -+ lo = *p; -+ ln = (lo + 1) & BN_MASK2; -+ *p = ln; -+ } while (ln == 0); -+ } -+ } -+} -+ -+/*- -+ * a and b must be the same size, which is n2. - * r needs to be n2 words and t needs to be n2*2 - */ - void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, -- BN_ULONG *t) -- { -- int n=n2/2; -+ BN_ULONG *t) -+{ -+ int n = n2 / 2; - - # ifdef BN_COUNT -- fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); -+ fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2); - # endif - -- bn_mul_recursive(r,a,b,n,0,0,&(t[0])); -- if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) -- { -- bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); -- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); -- bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2])); -- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); -- } -- else -- { -- bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n); -- bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n); -- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); -- bn_add_words(&(r[n]),&(r[n]),&(t[n]),n); -- } -- } -- --/* a and b must be the same size, which is n2. -+ bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); -+ if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { -+ bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); -+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); -+ bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2])); -+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); -+ } else { -+ bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n); -+ bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n); -+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); -+ bn_add_words(&(r[n]), &(r[n]), &(t[n]), n); -+ } -+} -+ -+/*- -+ * a and b must be the same size, which is n2. - * r needs to be n2 words and t needs to be n2*2 - * l is the low words of the output. - * t needs to be n2*3 - */ - void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, -- BN_ULONG *t) -- { -- int i,n; -- int c1,c2; -- int neg,oneg,zero; -- BN_ULONG ll,lc,*lp,*mp; -+ BN_ULONG *t) -+{ -+ int i, n; -+ int c1, c2; -+ int neg, oneg, zero; -+ BN_ULONG ll, lc, *lp, *mp; - - # ifdef BN_COUNT -- fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); -+ fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2); - # endif -- n=n2/2; -- -- /* Calculate (al-ah)*(bh-bl) */ -- neg=zero=0; -- c1=bn_cmp_words(&(a[0]),&(a[n]),n); -- c2=bn_cmp_words(&(b[n]),&(b[0]),n); -- switch (c1*3+c2) -- { -- case -4: -- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); -- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); -- break; -- case -3: -- zero=1; -- break; -- case -2: -- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); -- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); -- neg=1; -- break; -- case -1: -- case 0: -- case 1: -- zero=1; -- break; -- case 2: -- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); -- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); -- neg=1; -- break; -- case 3: -- zero=1; -- break; -- case 4: -- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); -- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); -- break; -- } -- -- oneg=neg; -- /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ -- /* r[10] = (a[1]*b[1]) */ -+ n = n2 / 2; -+ -+ /* Calculate (al-ah)*(bh-bl) */ -+ neg = zero = 0; -+ c1 = bn_cmp_words(&(a[0]), &(a[n]), n); -+ c2 = bn_cmp_words(&(b[n]), &(b[0]), n); -+ switch (c1 * 3 + c2) { -+ case -4: -+ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); -+ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); -+ break; -+ case -3: -+ zero = 1; -+ break; -+ case -2: -+ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); -+ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); -+ neg = 1; -+ break; -+ case -1: -+ case 0: -+ case 1: -+ zero = 1; -+ break; -+ case 2: -+ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); -+ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); -+ neg = 1; -+ break; -+ case 3: -+ zero = 1; -+ break; -+ case 4: -+ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); -+ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); -+ break; -+ } -+ -+ oneg = neg; -+ /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ -+ /* r[10] = (a[1]*b[1]) */ - # ifdef BN_MUL_COMBA -- if (n == 8) -- { -- bn_mul_comba8(&(t[0]),&(r[0]),&(r[n])); -- bn_mul_comba8(r,&(a[n]),&(b[n])); -- } -- else -+ if (n == 8) { -+ bn_mul_comba8(&(t[0]), &(r[0]), &(r[n])); -+ bn_mul_comba8(r, &(a[n]), &(b[n])); -+ } else - # endif -- { -- bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); -- bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); -- } -- -- /* s0 == low(al*bl) -- * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) -- * We know s0 and s1 so the only unknown is high(al*bl) -- * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) -- * high(al*bl) == s1 - (r[0]+l[0]+t[0]) -- */ -- if (l != NULL) -- { -- lp= &(t[n2+n]); -- c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n)); -- } -- else -- { -- c1=0; -- lp= &(r[0]); -- } -- -- if (neg) -- neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n)); -- else -- { -- bn_add_words(&(t[n2]),lp,&(t[0]),n); -- neg=0; -- } -- -- if (l != NULL) -- { -- bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n); -- } -- else -- { -- lp= &(t[n2+n]); -- mp= &(t[n2]); -- for (i=0; i 0) -- { -- lc=c1; -- do { -- ll=(r[i]+lc)&BN_MASK2; -- r[i++]=ll; -- lc=(lc > ll); -- } while (lc); -- } -- else -- { -- lc= -c1; -- do { -- ll=r[i]; -- r[i++]=(ll-lc)&BN_MASK2; -- lc=(lc > ll); -- } while (lc); -- } -- } -- if (c2 != 0) /* Add starting at r[1] */ -- { -- i=n; -- if (c2 > 0) -- { -- lc=c2; -- do { -- ll=(r[i]+lc)&BN_MASK2; -- r[i++]=ll; -- lc=(lc > ll); -- } while (lc); -- } -- else -- { -- lc= -c2; -- do { -- ll=r[i]; -- r[i++]=(ll-lc)&BN_MASK2; -- lc=(lc > ll); -- } while (lc); -- } -- } -- } --#endif /* BN_RECURSION */ -+ { -+ bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2])); -+ bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2])); -+ } -+ -+ /*- -+ * s0 == low(al*bl) -+ * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) -+ * We know s0 and s1 so the only unknown is high(al*bl) -+ * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) -+ * high(al*bl) == s1 - (r[0]+l[0]+t[0]) -+ */ -+ if (l != NULL) { -+ lp = &(t[n2 + n]); -+ c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); -+ } else { -+ c1 = 0; -+ lp = &(r[0]); -+ } -+ -+ if (neg) -+ neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n)); -+ else { -+ bn_add_words(&(t[n2]), lp, &(t[0]), n); -+ neg = 0; -+ } -+ -+ if (l != NULL) { -+ bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n); -+ } else { -+ lp = &(t[n2 + n]); -+ mp = &(t[n2]); -+ for (i = 0; i < n; i++) -+ lp[i] = ((~mp[i]) + 1) & BN_MASK2; -+ } -+ -+ /*- -+ * s[0] = low(al*bl) -+ * t[3] = high(al*bl) -+ * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign -+ * r[10] = (a[1]*b[1]) -+ */ -+ /*- -+ * R[10] = al*bl -+ * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) -+ * R[32] = ah*bh -+ */ -+ /*- -+ * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) -+ * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) -+ * R[3]=r[1]+(carry/borrow) -+ */ -+ if (l != NULL) { -+ lp = &(t[n2]); -+ c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n)); -+ } else { -+ lp = &(t[n2 + n]); -+ c1 = 0; -+ } -+ c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n)); -+ if (oneg) -+ c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n)); -+ else -+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n)); -+ -+ c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n)); -+ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n)); -+ if (oneg) -+ c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n)); -+ else -+ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n)); -+ -+ if (c1 != 0) { /* Add starting at r[0], could be +ve or -ve */ -+ i = 0; -+ if (c1 > 0) { -+ lc = c1; -+ do { -+ ll = (r[i] + lc) & BN_MASK2; -+ r[i++] = ll; -+ lc = (lc > ll); -+ } while (lc); -+ } else { -+ lc = -c1; -+ do { -+ ll = r[i]; -+ r[i++] = (ll - lc) & BN_MASK2; -+ lc = (lc > ll); -+ } while (lc); -+ } -+ } -+ if (c2 != 0) { /* Add starting at r[1] */ -+ i = n; -+ if (c2 > 0) { -+ lc = c2; -+ do { -+ ll = (r[i] + lc) & BN_MASK2; -+ r[i++] = ll; -+ lc = (lc > ll); -+ } while (lc); -+ } else { -+ lc = -c2; -+ do { -+ ll = r[i]; -+ r[i++] = (ll - lc) & BN_MASK2; -+ lc = (lc > ll); -+ } while (lc); -+ } -+ } -+} -+#endif /* BN_RECURSION */ - - int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- int ret=0; -- int top,al,bl; -- BIGNUM *rr; -+{ -+ int ret = 0; -+ int top, al, bl; -+ BIGNUM *rr; - #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) -- int i; -+ int i; - #endif - #ifdef BN_RECURSION -- BIGNUM *t=NULL; -- int j=0,k; -+ BIGNUM *t = NULL; -+ int j = 0, k; - #endif - - #ifdef BN_COUNT -- fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); -+ fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top); - #endif - -- bn_check_top(a); -- bn_check_top(b); -- bn_check_top(r); -- -- al=a->top; -- bl=b->top; -- -- if ((al == 0) || (bl == 0)) -- { -- BN_zero(r); -- return(1); -- } -- top=al+bl; -- -- BN_CTX_start(ctx); -- if ((r == a) || (r == b)) -- { -- if ((rr = BN_CTX_get(ctx)) == NULL) goto err; -- } -- else -- rr = r; -- rr->neg=a->neg^b->neg; -+ bn_check_top(a); -+ bn_check_top(b); -+ bn_check_top(r); -+ -+ al = a->top; -+ bl = b->top; -+ -+ if ((al == 0) || (bl == 0)) { -+ BN_zero(r); -+ return (1); -+ } -+ top = al + bl; -+ -+ BN_CTX_start(ctx); -+ if ((r == a) || (r == b)) { -+ if ((rr = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ } else -+ rr = r; -+ rr->neg = a->neg ^ b->neg; - - #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) -- i = al-bl; -+ i = al - bl; - #endif - #ifdef BN_MUL_COMBA -- if (i == 0) -- { -+ if (i == 0) { - # if 0 -- if (al == 4) -- { -- if (bn_wexpand(rr,8) == NULL) goto err; -- rr->top=8; -- bn_mul_comba4(rr->d,a->d,b->d); -- goto end; -- } -+ if (al == 4) { -+ if (bn_wexpand(rr, 8) == NULL) -+ goto err; -+ rr->top = 8; -+ bn_mul_comba4(rr->d, a->d, b->d); -+ goto end; -+ } - # endif -- if (al == 8) -- { -- if (bn_wexpand(rr,16) == NULL) goto err; -- rr->top=16; -- bn_mul_comba8(rr->d,a->d,b->d); -- goto end; -- } -- } --#endif /* BN_MUL_COMBA */ -+ if (al == 8) { -+ if (bn_wexpand(rr, 16) == NULL) -+ goto err; -+ rr->top = 16; -+ bn_mul_comba8(rr->d, a->d, b->d); -+ goto end; -+ } -+ } -+#endif /* BN_MUL_COMBA */ - #ifdef BN_RECURSION -- if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) -- { -- if (i >= -1 && i <= 1) -- { -- /* Find out the power of two lower or equal -- to the longest of the two numbers */ -- if (i >= 0) -- { -- j = BN_num_bits_word((BN_ULONG)al); -- } -- if (i == -1) -- { -- j = BN_num_bits_word((BN_ULONG)bl); -- } -- j = 1<<(j-1); -- assert(j <= al || j <= bl); -- k = j+j; -- t = BN_CTX_get(ctx); -- if (t == NULL) -- goto err; -- if (al > j || bl > j) -- { -- if (bn_wexpand(t,k*4) == NULL) goto err; -- if (bn_wexpand(rr,k*4) == NULL) goto err; -- bn_mul_part_recursive(rr->d,a->d,b->d, -- j,al-j,bl-j,t->d); -- } -- else /* al <= j || bl <= j */ -- { -- if (bn_wexpand(t,k*2) == NULL) goto err; -- if (bn_wexpand(rr,k*2) == NULL) goto err; -- bn_mul_recursive(rr->d,a->d,b->d, -- j,al-j,bl-j,t->d); -- } -- rr->top=top; -- goto end; -- } --#if 0 -- if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) -- { -- BIGNUM *tmp_bn = (BIGNUM *)b; -- if (bn_wexpand(tmp_bn,al) == NULL) goto err; -- tmp_bn->d[bl]=0; -- bl++; -- i--; -- } -- else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) -- { -- BIGNUM *tmp_bn = (BIGNUM *)a; -- if (bn_wexpand(tmp_bn,bl) == NULL) goto err; -- tmp_bn->d[al]=0; -- al++; -- i++; -- } -- if (i == 0) -- { -- /* symmetric and > 4 */ -- /* 16 or larger */ -- j=BN_num_bits_word((BN_ULONG)al); -- j=1<<(j-1); -- k=j+j; -- t = BN_CTX_get(ctx); -- if (al == j) /* exact multiple */ -- { -- if (bn_wexpand(t,k*2) == NULL) goto err; -- if (bn_wexpand(rr,k*2) == NULL) goto err; -- bn_mul_recursive(rr->d,a->d,b->d,al,t->d); -- } -- else -- { -- if (bn_wexpand(t,k*4) == NULL) goto err; -- if (bn_wexpand(rr,k*4) == NULL) goto err; -- bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); -- } -- rr->top=top; -- goto end; -- } --#endif -- } --#endif /* BN_RECURSION */ -- if (bn_wexpand(rr,top) == NULL) goto err; -- rr->top=top; -- bn_mul_normal(rr->d,a->d,al,b->d,bl); -+ if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { -+ if (i >= -1 && i <= 1) { -+ /* -+ * Find out the power of two lower or equal to the longest of the -+ * two numbers -+ */ -+ if (i >= 0) { -+ j = BN_num_bits_word((BN_ULONG)al); -+ } -+ if (i == -1) { -+ j = BN_num_bits_word((BN_ULONG)bl); -+ } -+ j = 1 << (j - 1); -+ assert(j <= al || j <= bl); -+ k = j + j; -+ t = BN_CTX_get(ctx); -+ if (t == NULL) -+ goto err; -+ if (al > j || bl > j) { -+ if (bn_wexpand(t, k * 4) == NULL) -+ goto err; -+ if (bn_wexpand(rr, k * 4) == NULL) -+ goto err; -+ bn_mul_part_recursive(rr->d, a->d, b->d, -+ j, al - j, bl - j, t->d); -+ } else { /* al <= j || bl <= j */ -+ -+ if (bn_wexpand(t, k * 2) == NULL) -+ goto err; -+ if (bn_wexpand(rr, k * 2) == NULL) -+ goto err; -+ bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); -+ } -+ rr->top = top; -+ goto end; -+ } -+# if 0 -+ if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { -+ BIGNUM *tmp_bn = (BIGNUM *)b; -+ if (bn_wexpand(tmp_bn, al) == NULL) -+ goto err; -+ tmp_bn->d[bl] = 0; -+ bl++; -+ i--; -+ } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { -+ BIGNUM *tmp_bn = (BIGNUM *)a; -+ if (bn_wexpand(tmp_bn, bl) == NULL) -+ goto err; -+ tmp_bn->d[al] = 0; -+ al++; -+ i++; -+ } -+ if (i == 0) { -+ /* symmetric and > 4 */ -+ /* 16 or larger */ -+ j = BN_num_bits_word((BN_ULONG)al); -+ j = 1 << (j - 1); -+ k = j + j; -+ t = BN_CTX_get(ctx); -+ if (al == j) { /* exact multiple */ -+ if (bn_wexpand(t, k * 2) == NULL) -+ goto err; -+ if (bn_wexpand(rr, k * 2) == NULL) -+ goto err; -+ bn_mul_recursive(rr->d, a->d, b->d, al, t->d); -+ } else { -+ if (bn_wexpand(t, k * 4) == NULL) -+ goto err; -+ if (bn_wexpand(rr, k * 4) == NULL) -+ goto err; -+ bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d); -+ } -+ rr->top = top; -+ goto end; -+ } -+# endif -+ } -+#endif /* BN_RECURSION */ -+ if (bn_wexpand(rr, top) == NULL) -+ goto err; -+ rr->top = top; -+ bn_mul_normal(rr->d, a->d, al, b->d, bl); - - #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) --end: -+ end: - #endif -- bn_correct_top(rr); -- if (r != rr) BN_copy(r,rr); -- ret=1; --err: -- bn_check_top(r); -- BN_CTX_end(ctx); -- return(ret); -- } -+ bn_correct_top(rr); -+ if (r != rr) -+ BN_copy(r, rr); -+ ret = 1; -+ err: -+ bn_check_top(r); -+ BN_CTX_end(ctx); -+ return (ret); -+} - - void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) -- { -- BN_ULONG *rr; -+{ -+ BN_ULONG *rr; - - #ifdef BN_COUNT -- fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); -+ fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb); - #endif - -- if (na < nb) -- { -- int itmp; -- BN_ULONG *ltmp; -- -- itmp=na; na=nb; nb=itmp; -- ltmp=a; a=b; b=ltmp; -- -- } -- rr= &(r[na]); -- if (nb <= 0) -- { -- (void)bn_mul_words(r,a,na,0); -- return; -- } -- else -- rr[0]=bn_mul_words(r,a,na,b[0]); -- -- for (;;) -- { -- if (--nb <= 0) return; -- rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]); -- if (--nb <= 0) return; -- rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]); -- if (--nb <= 0) return; -- rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]); -- if (--nb <= 0) return; -- rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]); -- rr+=4; -- r+=4; -- b+=4; -- } -- } -+ if (na < nb) { -+ int itmp; -+ BN_ULONG *ltmp; -+ -+ itmp = na; -+ na = nb; -+ nb = itmp; -+ ltmp = a; -+ a = b; -+ b = ltmp; -+ -+ } -+ rr = &(r[na]); -+ if (nb <= 0) { -+ (void)bn_mul_words(r, a, na, 0); -+ return; -+ } else -+ rr[0] = bn_mul_words(r, a, na, b[0]); -+ -+ for (;;) { -+ if (--nb <= 0) -+ return; -+ rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]); -+ if (--nb <= 0) -+ return; -+ rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]); -+ if (--nb <= 0) -+ return; -+ rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]); -+ if (--nb <= 0) -+ return; -+ rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]); -+ rr += 4; -+ r += 4; -+ b += 4; -+ } -+} - - void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -- { -+{ - #ifdef BN_COUNT -- fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); -+ fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n); - #endif -- bn_mul_words(r,a,n,b[0]); -- -- for (;;) -- { -- if (--n <= 0) return; -- bn_mul_add_words(&(r[1]),a,n,b[1]); -- if (--n <= 0) return; -- bn_mul_add_words(&(r[2]),a,n,b[2]); -- if (--n <= 0) return; -- bn_mul_add_words(&(r[3]),a,n,b[3]); -- if (--n <= 0) return; -- bn_mul_add_words(&(r[4]),a,n,b[4]); -- r+=4; -- b+=4; -- } -- } -+ bn_mul_words(r, a, n, b[0]); -+ -+ for (;;) { -+ if (--n <= 0) -+ return; -+ bn_mul_add_words(&(r[1]), a, n, b[1]); -+ if (--n <= 0) -+ return; -+ bn_mul_add_words(&(r[2]), a, n, b[2]); -+ if (--n <= 0) -+ return; -+ bn_mul_add_words(&(r[3]), a, n, b[3]); -+ if (--n <= 0) -+ return; -+ bn_mul_add_words(&(r[4]), a, n, b[4]); -+ r += 4; -+ b += 4; -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c -index 2ca5b01..66b2eb6 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -59,778 +59,817 @@ - #include "bn_lcl.h" - #include "cryptlib.h" - -- --#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 --#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 --#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 --#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 --#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 -+#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 -+#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 -+#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 -+#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 -+#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 - - /* pre-computed tables are "carry-less" values of modulus*(i+1) */ - #if BN_BITS2 == 64 - static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { -- {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL}, -- {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL}, -- {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL} -- }; -+ {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL}, -+ {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL}, -+ {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL} -+}; -+ - static const BN_ULONG _nist_p_192_sqr[] = { -- 0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL, -- 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL -- }; -+ 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL, -+ 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL -+}; -+ - static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { -- {0x0000000000000001ULL,0xFFFFFFFF00000000ULL, -- 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}, -- {0x0000000000000002ULL,0xFFFFFFFE00000000ULL, -- 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */ -- }; -+ {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL}, -+ {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is -+ * "carry-full" */ -+}; -+ - static const BN_ULONG _nist_p_224_sqr[] = { -- 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, -- 0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL, -- 0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL, -- 0xFFFFFFFFFFFFFFFFULL -- }; -+ 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL, -+ 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL, -+ 0xFFFFFFFFFFFFFFFFULL -+}; -+ - static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { -- {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL, -- 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}, -- {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL, -- 0x0000000000000000ULL,0xFFFFFFFE00000002ULL}, -- {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL, -- 0x0000000000000000ULL,0xFFFFFFFD00000003ULL}, -- {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL, -- 0x0000000000000000ULL,0xFFFFFFFC00000004ULL}, -- {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL, -- 0x0000000000000000ULL,0xFFFFFFFB00000005ULL}, -- }; -+ {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL, -+ 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL}, -+ {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL, -+ 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL}, -+ {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL, -+ 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL}, -+ {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL, -+ 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL}, -+ {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL, -+ 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL}, -+}; -+ - static const BN_ULONG _nist_p_256_sqr[] = { -- 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, -- 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL, -- 0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL, -- 0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL -- }; -+ 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL, -+ 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL, -+ 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL -+}; -+ - static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { -- {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, -- {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, -- {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, -- {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, -- {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, -- }; -+ {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, -+ {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, -+ {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, -+ {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, -+ {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, -+}; -+ - static const BN_ULONG _nist_p_384_sqr[] = { -- 0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL, -- 0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL, -- 0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL -- }; -+ 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL, -+ 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL, -+ 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL -+}; -+ - static const BN_ULONG _nist_p_521[] = -- {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, -- 0x00000000000001FFULL}; -+ { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, -+ 0x00000000000001FFULL -+}; -+ - static const BN_ULONG _nist_p_521_sqr[] = { -- 0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL, -- 0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL, -- 0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, -- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, -- 0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL -- }; -+ 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, -+ 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, -+ 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, -+ 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL -+}; - #elif BN_BITS2 == 32 - static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { -- {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, -- {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, -- {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} -- }; -+ {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -+ {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -+ {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} -+}; -+ - static const BN_ULONG _nist_p_192_sqr[] = { -- 0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000, -- 0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF -- }; -+ 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000, -+ 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF -+}; -+ - static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { -- {0x00000001,0x00000000,0x00000000,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, -- {0x00000002,0x00000000,0x00000000,0xFFFFFFFE, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} -- }; -+ {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -+ {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} -+}; -+ - static const BN_ULONG _nist_p_224_sqr[] = { -- 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, -- 0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002, -- 0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF -- }; -+ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002, -+ 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF -+}; -+ - static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { -- {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000, -- 0x00000000,0x00000000,0x00000001,0xFFFFFFFF}, -- {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001, -- 0x00000000,0x00000000,0x00000002,0xFFFFFFFE}, -- {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002, -- 0x00000000,0x00000000,0x00000003,0xFFFFFFFD}, -- {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003, -- 0x00000000,0x00000000,0x00000004,0xFFFFFFFC}, -- {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004, -- 0x00000000,0x00000000,0x00000005,0xFFFFFFFB}, -- }; -+ {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, -+ 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF}, -+ {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, -+ 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE}, -+ {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, -+ 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD}, -+ {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, -+ 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC}, -+ {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, -+ 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB}, -+}; -+ - static const BN_ULONG _nist_p_256_sqr[] = { -- 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001, -- 0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001, -- 0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE -- }; -+ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001, -+ 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, -+ 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE -+}; -+ - static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { -- {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, -- {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, -- {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, -- {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, -- {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, -- }; -+ {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -+ {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -+ {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -+ {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -+ {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -+}; -+ - static const BN_ULONG _nist_p_384_sqr[] = { -- 0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE, -- 0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000, -- 0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF -- }; --static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, -- 0xFFFFFFFF,0x000001FF}; -+ 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE, -+ 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, -+ 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF -+}; -+ -+static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0x000001FF -+}; -+ - static const BN_ULONG _nist_p_521_sqr[] = { -- 0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, -- 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, -- 0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, -- 0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF -- }; -+ 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, -+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, -+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, -+ 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF -+}; - #else --#error "unsupported BN_BITS2" -+# error "unsupported BN_BITS2" - #endif - -- --static const BIGNUM _bignum_nist_p_192 = -- { -- (BN_ULONG *)_nist_p_192[0], -- BN_NIST_192_TOP, -- BN_NIST_192_TOP, -- 0, -- BN_FLG_STATIC_DATA -- }; -- --static const BIGNUM _bignum_nist_p_224 = -- { -- (BN_ULONG *)_nist_p_224[0], -- BN_NIST_224_TOP, -- BN_NIST_224_TOP, -- 0, -- BN_FLG_STATIC_DATA -- }; -- --static const BIGNUM _bignum_nist_p_256 = -- { -- (BN_ULONG *)_nist_p_256[0], -- BN_NIST_256_TOP, -- BN_NIST_256_TOP, -- 0, -- BN_FLG_STATIC_DATA -- }; -- --static const BIGNUM _bignum_nist_p_384 = -- { -- (BN_ULONG *)_nist_p_384[0], -- BN_NIST_384_TOP, -- BN_NIST_384_TOP, -- 0, -- BN_FLG_STATIC_DATA -- }; -- --static const BIGNUM _bignum_nist_p_521 = -- { -- (BN_ULONG *)_nist_p_521, -- BN_NIST_521_TOP, -- BN_NIST_521_TOP, -- 0, -- BN_FLG_STATIC_DATA -- }; -- -+static const BIGNUM _bignum_nist_p_192 = { -+ (BN_ULONG *)_nist_p_192[0], -+ BN_NIST_192_TOP, -+ BN_NIST_192_TOP, -+ 0, -+ BN_FLG_STATIC_DATA -+}; -+ -+static const BIGNUM _bignum_nist_p_224 = { -+ (BN_ULONG *)_nist_p_224[0], -+ BN_NIST_224_TOP, -+ BN_NIST_224_TOP, -+ 0, -+ BN_FLG_STATIC_DATA -+}; -+ -+static const BIGNUM _bignum_nist_p_256 = { -+ (BN_ULONG *)_nist_p_256[0], -+ BN_NIST_256_TOP, -+ BN_NIST_256_TOP, -+ 0, -+ BN_FLG_STATIC_DATA -+}; -+ -+static const BIGNUM _bignum_nist_p_384 = { -+ (BN_ULONG *)_nist_p_384[0], -+ BN_NIST_384_TOP, -+ BN_NIST_384_TOP, -+ 0, -+ BN_FLG_STATIC_DATA -+}; -+ -+static const BIGNUM _bignum_nist_p_521 = { -+ (BN_ULONG *)_nist_p_521, -+ BN_NIST_521_TOP, -+ BN_NIST_521_TOP, -+ 0, -+ BN_FLG_STATIC_DATA -+}; - - const BIGNUM *BN_get0_nist_prime_192(void) -- { -- return &_bignum_nist_p_192; -- } -+{ -+ return &_bignum_nist_p_192; -+} - - const BIGNUM *BN_get0_nist_prime_224(void) -- { -- return &_bignum_nist_p_224; -- } -+{ -+ return &_bignum_nist_p_224; -+} - - const BIGNUM *BN_get0_nist_prime_256(void) -- { -- return &_bignum_nist_p_256; -- } -+{ -+ return &_bignum_nist_p_256; -+} - - const BIGNUM *BN_get0_nist_prime_384(void) -- { -- return &_bignum_nist_p_384; -- } -+{ -+ return &_bignum_nist_p_384; -+} - - const BIGNUM *BN_get0_nist_prime_521(void) -- { -- return &_bignum_nist_p_521; -- } -- -+{ -+ return &_bignum_nist_p_521; -+} - - static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) -- { -- int i; -- BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); -+{ -+ int i; -+ BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - - #ifdef BN_DEBUG -- OPENSSL_assert(top <= max); -+ OPENSSL_assert(top <= max); - #endif -- for (i = (top); i != 0; i--) -- *_tmp1++ = *_tmp2++; -- for (i = (max) - (top); i != 0; i--) -- *_tmp1++ = (BN_ULONG) 0; -- } -+ for (i = (top); i != 0; i--) -+ *_tmp1++ = *_tmp2++; -+ for (i = (max) - (top); i != 0; i--) -+ *_tmp1++ = (BN_ULONG)0; -+} - - static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) -- { -- int i; -- BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); -- for (i = (top); i != 0; i--) -- *_tmp1++ = *_tmp2++; -- } -+{ -+ int i; -+ BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); -+ for (i = (top); i != 0; i--) -+ *_tmp1++ = *_tmp2++; -+} - - #if BN_BITS2 == 64 --#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; --#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; -+# define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -+# define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; - /* - * two following macros are implemented under assumption that they - * are called in a sequence with *ascending* n, i.e. as they are... - */ --#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ -- :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) --#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); --#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) -+# define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ -+ :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) -+# define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); -+# define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) - #else --#define bn_cp_64(to, n, from, m) \ -- { \ -- bn_cp_32(to, (n)*2, from, (m)*2); \ -- bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ -- } --#define bn_64_set_0(to, n) \ -- { \ -- bn_32_set_0(to, (n)*2); \ -- bn_32_set_0(to, (n)*2+1); \ -- } --#if BN_BITS2 == 32 --#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; --#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; --#endif --#endif /* BN_BITS2 != 64 */ -- -+# define bn_cp_64(to, n, from, m) \ -+ { \ -+ bn_cp_32(to, (n)*2, from, (m)*2); \ -+ bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ -+ } -+# define bn_64_set_0(to, n) \ -+ { \ -+ bn_32_set_0(to, (n)*2); \ -+ bn_32_set_0(to, (n)*2+1); \ -+ } -+# if BN_BITS2 == 32 -+# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -+# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; -+# endif -+#endif /* BN_BITS2 != 64 */ - - #define nist_set_192(to, from, a1, a2, a3) \ -- { \ -- bn_cp_64(to, 0, from, (a3) - 3) \ -- bn_cp_64(to, 1, from, (a2) - 3) \ -- bn_cp_64(to, 2, from, (a1) - 3) \ -- } -+ { \ -+ bn_cp_64(to, 0, from, (a3) - 3) \ -+ bn_cp_64(to, 1, from, (a2) - 3) \ -+ bn_cp_64(to, 2, from, (a1) - 3) \ -+ } - - int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, -- BN_CTX *ctx) -- { -- int top = a->top, i; -- int carry; -- register BN_ULONG *r_d, *a_d = a->d; -- BN_ULONG t_d[BN_NIST_192_TOP], -- buf[BN_NIST_192_TOP], -- c_d[BN_NIST_192_TOP], -- *res; -- size_t mask; -- static const BIGNUM _bignum_nist_p_192_sqr = { -- (BN_ULONG *)_nist_p_192_sqr, -- sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), -- sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), -- 0,BN_FLG_STATIC_DATA }; -- -- field = &_bignum_nist_p_192; /* just to make sure */ -- -- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0) -- return BN_nnmod(r, a, field, ctx); -- -- i = BN_ucmp(field, a); -- if (i == 0) -- { -- BN_zero(r); -- return 1; -- } -- else if (i > 0) -- return (r == a) ? 1 : (BN_copy(r ,a) != NULL); -- -- if (r != a) -- { -- if (!bn_wexpand(r, BN_NIST_192_TOP)) -- return 0; -- r_d = r->d; -- nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); -- } -- else -- r_d = a_d; -- -- nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); -- -- nist_set_192(t_d, buf, 0, 3, 3); -- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); -- nist_set_192(t_d, buf, 4, 4, 0); -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); -- nist_set_192(t_d, buf, 5, 5, 5) -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); -- -- if (carry > 0) -- carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP); -- else -- carry = 1; -- -- /* -- * we need 'if (carry==0 || result>=modulus) result-=modulus;' -- * as comparison implies subtraction, we can write -- * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' -- * this is what happens below, but without explicit if:-) a. -- */ -- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); -- mask &= 0-(size_t)carry; -- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); -- nist_cp_bn(r_d, res, BN_NIST_192_TOP); -- r->top = BN_NIST_192_TOP; -- bn_correct_top(r); -- -- return 1; -- } -- --typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int); -+ BN_CTX *ctx) -+{ -+ int top = a->top, i; -+ int carry; -+ register BN_ULONG *r_d, *a_d = a->d; -+ BN_ULONG t_d[BN_NIST_192_TOP], -+ buf[BN_NIST_192_TOP], c_d[BN_NIST_192_TOP], *res; -+ size_t mask; -+ static const BIGNUM _bignum_nist_p_192_sqr = { -+ (BN_ULONG *)_nist_p_192_sqr, -+ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), -+ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), -+ 0, BN_FLG_STATIC_DATA -+ }; -+ -+ field = &_bignum_nist_p_192; /* just to make sure */ -+ -+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0) -+ return BN_nnmod(r, a, field, ctx); -+ -+ i = BN_ucmp(field, a); -+ if (i == 0) { -+ BN_zero(r); -+ return 1; -+ } else if (i > 0) -+ return (r == a) ? 1 : (BN_copy(r, a) != NULL); -+ -+ if (r != a) { -+ if (!bn_wexpand(r, BN_NIST_192_TOP)) -+ return 0; -+ r_d = r->d; -+ nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); -+ } else -+ r_d = a_d; -+ -+ nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, -+ BN_NIST_192_TOP); -+ -+ nist_set_192(t_d, buf, 0, 3, 3); -+ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); -+ nist_set_192(t_d, buf, 4, 4, 0); -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); -+ nist_set_192(t_d, buf, 5, 5, 5) -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); -+ -+ if (carry > 0) -+ carry = -+ (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], -+ BN_NIST_192_TOP); -+ else -+ carry = 1; -+ -+ /* -+ * we need 'if (carry==0 || result>=modulus) result-=modulus;' -+ * as comparison implies subtraction, we can write -+ * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' -+ * this is what happens below, but without explicit if:-) a. -+ */ -+ mask = -+ 0 - (size_t)bn_sub_words(c_d, r_d, _nist_p_192[0], BN_NIST_192_TOP); -+ mask &= 0 - (size_t)carry; -+ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); -+ nist_cp_bn(r_d, res, BN_NIST_192_TOP); -+ r->top = BN_NIST_192_TOP; -+ bn_correct_top(r); -+ -+ return 1; -+} -+ -+typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *, -+ const BN_ULONG *, int); - - #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ -- { \ -- bn_cp_32(to, 0, from, (a7) - 7) \ -- bn_cp_32(to, 1, from, (a6) - 7) \ -- bn_cp_32(to, 2, from, (a5) - 7) \ -- bn_cp_32(to, 3, from, (a4) - 7) \ -- bn_cp_32(to, 4, from, (a3) - 7) \ -- bn_cp_32(to, 5, from, (a2) - 7) \ -- bn_cp_32(to, 6, from, (a1) - 7) \ -- } -+ { \ -+ bn_cp_32(to, 0, from, (a7) - 7) \ -+ bn_cp_32(to, 1, from, (a6) - 7) \ -+ bn_cp_32(to, 2, from, (a5) - 7) \ -+ bn_cp_32(to, 3, from, (a4) - 7) \ -+ bn_cp_32(to, 4, from, (a3) - 7) \ -+ bn_cp_32(to, 5, from, (a2) - 7) \ -+ bn_cp_32(to, 6, from, (a1) - 7) \ -+ } - - int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, -- BN_CTX *ctx) -- { -- int top = a->top, i; -- int carry; -- BN_ULONG *r_d, *a_d = a->d; -- BN_ULONG t_d[BN_NIST_224_TOP], -- buf[BN_NIST_224_TOP], -- c_d[BN_NIST_224_TOP], -- *res; -- size_t mask; -- union { bn_addsub_f f; size_t p; } u; -- static const BIGNUM _bignum_nist_p_224_sqr = { -- (BN_ULONG *)_nist_p_224_sqr, -- sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), -- sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), -- 0,BN_FLG_STATIC_DATA }; -- -- -- field = &_bignum_nist_p_224; /* just to make sure */ -- -- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0) -- return BN_nnmod(r, a, field, ctx); -- -- i = BN_ucmp(field, a); -- if (i == 0) -- { -- BN_zero(r); -- return 1; -- } -- else if (i > 0) -- return (r == a)? 1 : (BN_copy(r ,a) != NULL); -- -- if (r != a) -- { -- if (!bn_wexpand(r, BN_NIST_224_TOP)) -- return 0; -- r_d = r->d; -- nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); -- } -- else -- r_d = a_d; -+ BN_CTX *ctx) -+{ -+ int top = a->top, i; -+ int carry; -+ BN_ULONG *r_d, *a_d = a->d; -+ BN_ULONG t_d[BN_NIST_224_TOP], -+ buf[BN_NIST_224_TOP], c_d[BN_NIST_224_TOP], *res; -+ size_t mask; -+ union { -+ bn_addsub_f f; -+ size_t p; -+ } u; -+ static const BIGNUM _bignum_nist_p_224_sqr = { -+ (BN_ULONG *)_nist_p_224_sqr, -+ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), -+ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), -+ 0, BN_FLG_STATIC_DATA -+ }; -+ -+ field = &_bignum_nist_p_224; /* just to make sure */ -+ -+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0) -+ return BN_nnmod(r, a, field, ctx); -+ -+ i = BN_ucmp(field, a); -+ if (i == 0) { -+ BN_zero(r); -+ return 1; -+ } else if (i > 0) -+ return (r == a) ? 1 : (BN_copy(r, a) != NULL); -+ -+ if (r != a) { -+ if (!bn_wexpand(r, BN_NIST_224_TOP)) -+ return 0; -+ r_d = r->d; -+ nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); -+ } else -+ r_d = a_d; - - #if BN_BITS2==64 -- /* copy upper 256 bits of 448 bit number ... */ -- nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP); -- /* ... and right shift by 32 to obtain upper 224 bits */ -- nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8); -- /* truncate lower part to 224 bits too */ -- r_d[BN_NIST_224_TOP-1] &= BN_MASK2l; -+ /* copy upper 256 bits of 448 bit number ... */ -+ nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP - 1), -+ top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); -+ /* ... and right shift by 32 to obtain upper 224 bits */ -+ nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8); -+ /* truncate lower part to 224 bits too */ -+ r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l; - #else -- nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); -+ nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, -+ BN_NIST_224_TOP); - #endif -- nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); -- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); -- nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); -- nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); -- nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); -+ nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); -+ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); -+ nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); -+ nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); -+ nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - - #if BN_BITS2==64 -- carry = (int)(r_d[BN_NIST_224_TOP-1]>>32); -+ carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32); - #endif -- u.f = bn_sub_words; -- if (carry > 0) -- { -- carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP); -+ u.f = bn_sub_words; -+ if (carry > 0) { -+ carry = -+ (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], -+ BN_NIST_224_TOP); - #if BN_BITS2==64 -- carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1; -+ carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1; - #endif -- } -- else if (carry < 0) -- { -- /* it's a bit more comlicated logic in this case. -- * if bn_add_words yields no carry, then result -- * has to be adjusted by unconditionally *adding* -- * the modulus. but if it does, then result has -- * to be compared to the modulus and conditionally -- * adjusted by *subtracting* the latter. */ -- carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); -- mask = 0-(size_t)carry; -- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); -- } -- else -- carry = 1; -- -- /* otherwise it's effectively same as in BN_nist_mod_192... */ -- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); -- mask &= 0-(size_t)carry; -- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); -- nist_cp_bn(r_d, res, BN_NIST_224_TOP); -- r->top = BN_NIST_224_TOP; -- bn_correct_top(r); -- -- return 1; -- } -+ } else if (carry < 0) { -+ /* -+ * it's a bit more comlicated logic in this case. if bn_add_words -+ * yields no carry, then result has to be adjusted by unconditionally -+ * *adding* the modulus. but if it does, then result has to be -+ * compared to the modulus and conditionally adjusted by -+ * *subtracting* the latter. -+ */ -+ carry = -+ (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], -+ BN_NIST_224_TOP); -+ mask = 0 - (size_t)carry; -+ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); -+ } else -+ carry = 1; -+ -+ /* otherwise it's effectively same as in BN_nist_mod_192... */ -+ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); -+ mask &= 0 - (size_t)carry; -+ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); -+ nist_cp_bn(r_d, res, BN_NIST_224_TOP); -+ r->top = BN_NIST_224_TOP; -+ bn_correct_top(r); -+ -+ return 1; -+} - - #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ -- { \ -- bn_cp_32(to, 0, from, (a8) - 8) \ -- bn_cp_32(to, 1, from, (a7) - 8) \ -- bn_cp_32(to, 2, from, (a6) - 8) \ -- bn_cp_32(to, 3, from, (a5) - 8) \ -- bn_cp_32(to, 4, from, (a4) - 8) \ -- bn_cp_32(to, 5, from, (a3) - 8) \ -- bn_cp_32(to, 6, from, (a2) - 8) \ -- bn_cp_32(to, 7, from, (a1) - 8) \ -- } -+ { \ -+ bn_cp_32(to, 0, from, (a8) - 8) \ -+ bn_cp_32(to, 1, from, (a7) - 8) \ -+ bn_cp_32(to, 2, from, (a6) - 8) \ -+ bn_cp_32(to, 3, from, (a5) - 8) \ -+ bn_cp_32(to, 4, from, (a4) - 8) \ -+ bn_cp_32(to, 5, from, (a3) - 8) \ -+ bn_cp_32(to, 6, from, (a2) - 8) \ -+ bn_cp_32(to, 7, from, (a1) - 8) \ -+ } - - int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, -- BN_CTX *ctx) -- { -- int i, top = a->top; -- int carry = 0; -- register BN_ULONG *a_d = a->d, *r_d; -- BN_ULONG t_d[BN_NIST_256_TOP], -- buf[BN_NIST_256_TOP], -- c_d[BN_NIST_256_TOP], -- *res; -- size_t mask; -- union { bn_addsub_f f; size_t p; } u; -- static const BIGNUM _bignum_nist_p_256_sqr = { -- (BN_ULONG *)_nist_p_256_sqr, -- sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), -- sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), -- 0,BN_FLG_STATIC_DATA }; -- -- field = &_bignum_nist_p_256; /* just to make sure */ -- -- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0) -- return BN_nnmod(r, a, field, ctx); -- -- i = BN_ucmp(field, a); -- if (i == 0) -- { -- BN_zero(r); -- return 1; -- } -- else if (i > 0) -- return (r == a)? 1 : (BN_copy(r ,a) != NULL); -- -- if (r != a) -- { -- if (!bn_wexpand(r, BN_NIST_256_TOP)) -- return 0; -- r_d = r->d; -- nist_cp_bn(r_d, a_d, BN_NIST_256_TOP); -- } -- else -- r_d = a_d; -- -- nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP); -- -- /*S1*/ -- nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); -- /*S2*/ -- nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0); -- carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); -- /* left shift */ -- { -- register BN_ULONG *ap,t,c; -- ap = t_d; -- c=0; -- for (i = BN_NIST_256_TOP; i != 0; --i) -- { -- t= *ap; -- *(ap++)=((t<<1)|c)&BN_MASK2; -- c=(t & BN_TBIT)?1:0; -- } -- carry <<= 1; -- carry |= c; -- } -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); -- /*S3*/ -- nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); -- /*S4*/ -- nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); -- /*D1*/ -- nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); -- /*D2*/ -- nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); -- /*D3*/ -- nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); -- /*D4*/ -- nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); -- -- /* see BN_nist_mod_224 for explanation */ -- u.f = bn_sub_words; -- if (carry > 0) -- carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP); -- else if (carry < 0) -- { -- carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); -- mask = 0-(size_t)carry; -- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); -- } -- else -- carry = 1; -- -- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); -- mask &= 0-(size_t)carry; -- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); -- nist_cp_bn(r_d, res, BN_NIST_256_TOP); -- r->top = BN_NIST_256_TOP; -- bn_correct_top(r); -- -- return 1; -- } -+ BN_CTX *ctx) -+{ -+ int i, top = a->top; -+ int carry = 0; -+ register BN_ULONG *a_d = a->d, *r_d; -+ BN_ULONG t_d[BN_NIST_256_TOP], -+ buf[BN_NIST_256_TOP], c_d[BN_NIST_256_TOP], *res; -+ size_t mask; -+ union { -+ bn_addsub_f f; -+ size_t p; -+ } u; -+ static const BIGNUM _bignum_nist_p_256_sqr = { -+ (BN_ULONG *)_nist_p_256_sqr, -+ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), -+ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), -+ 0, BN_FLG_STATIC_DATA -+ }; -+ -+ field = &_bignum_nist_p_256; /* just to make sure */ -+ -+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0) -+ return BN_nnmod(r, a, field, ctx); -+ -+ i = BN_ucmp(field, a); -+ if (i == 0) { -+ BN_zero(r); -+ return 1; -+ } else if (i > 0) -+ return (r == a) ? 1 : (BN_copy(r, a) != NULL); -+ -+ if (r != a) { -+ if (!bn_wexpand(r, BN_NIST_256_TOP)) -+ return 0; -+ r_d = r->d; -+ nist_cp_bn(r_d, a_d, BN_NIST_256_TOP); -+ } else -+ r_d = a_d; -+ -+ nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, -+ BN_NIST_256_TOP); -+ -+ /* -+ * S1 -+ */ -+ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); -+ /* -+ * S2 -+ */ -+ nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0); -+ carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); -+ /* left shift */ -+ { -+ register BN_ULONG *ap, t, c; -+ ap = t_d; -+ c = 0; -+ for (i = BN_NIST_256_TOP; i != 0; --i) { -+ t = *ap; -+ *(ap++) = ((t << 1) | c) & BN_MASK2; -+ c = (t & BN_TBIT) ? 1 : 0; -+ } -+ carry <<= 1; -+ carry |= c; -+ } -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); -+ /* -+ * S3 -+ */ -+ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); -+ /* -+ * S4 -+ */ -+ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); -+ /* -+ * D1 -+ */ -+ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); -+ /* -+ * D2 -+ */ -+ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); -+ /* -+ * D3 -+ */ -+ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); -+ /* -+ * D4 -+ */ -+ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); -+ -+ /* see BN_nist_mod_224 for explanation */ -+ u.f = bn_sub_words; -+ if (carry > 0) -+ carry = -+ (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], -+ BN_NIST_256_TOP); -+ else if (carry < 0) { -+ carry = -+ (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], -+ BN_NIST_256_TOP); -+ mask = 0 - (size_t)carry; -+ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); -+ } else -+ carry = 1; -+ -+ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); -+ mask &= 0 - (size_t)carry; -+ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); -+ nist_cp_bn(r_d, res, BN_NIST_256_TOP); -+ r->top = BN_NIST_256_TOP; -+ bn_correct_top(r); -+ -+ return 1; -+} - - #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ -- { \ -- bn_cp_32(to, 0, from, (a12) - 12) \ -- bn_cp_32(to, 1, from, (a11) - 12) \ -- bn_cp_32(to, 2, from, (a10) - 12) \ -- bn_cp_32(to, 3, from, (a9) - 12) \ -- bn_cp_32(to, 4, from, (a8) - 12) \ -- bn_cp_32(to, 5, from, (a7) - 12) \ -- bn_cp_32(to, 6, from, (a6) - 12) \ -- bn_cp_32(to, 7, from, (a5) - 12) \ -- bn_cp_32(to, 8, from, (a4) - 12) \ -- bn_cp_32(to, 9, from, (a3) - 12) \ -- bn_cp_32(to, 10, from, (a2) - 12) \ -- bn_cp_32(to, 11, from, (a1) - 12) \ -- } -+ { \ -+ bn_cp_32(to, 0, from, (a12) - 12) \ -+ bn_cp_32(to, 1, from, (a11) - 12) \ -+ bn_cp_32(to, 2, from, (a10) - 12) \ -+ bn_cp_32(to, 3, from, (a9) - 12) \ -+ bn_cp_32(to, 4, from, (a8) - 12) \ -+ bn_cp_32(to, 5, from, (a7) - 12) \ -+ bn_cp_32(to, 6, from, (a6) - 12) \ -+ bn_cp_32(to, 7, from, (a5) - 12) \ -+ bn_cp_32(to, 8, from, (a4) - 12) \ -+ bn_cp_32(to, 9, from, (a3) - 12) \ -+ bn_cp_32(to, 10, from, (a2) - 12) \ -+ bn_cp_32(to, 11, from, (a1) - 12) \ -+ } - - int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, -- BN_CTX *ctx) -- { -- int i, top = a->top; -- int carry = 0; -- register BN_ULONG *r_d, *a_d = a->d; -- BN_ULONG t_d[BN_NIST_384_TOP], -- buf[BN_NIST_384_TOP], -- c_d[BN_NIST_384_TOP], -- *res; -- size_t mask; -- union { bn_addsub_f f; size_t p; } u; -- static const BIGNUM _bignum_nist_p_384_sqr = { -- (BN_ULONG *)_nist_p_384_sqr, -- sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), -- sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), -- 0,BN_FLG_STATIC_DATA }; -- -- -- field = &_bignum_nist_p_384; /* just to make sure */ -- -- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0) -- return BN_nnmod(r, a, field, ctx); -- -- i = BN_ucmp(field, a); -- if (i == 0) -- { -- BN_zero(r); -- return 1; -- } -- else if (i > 0) -- return (r == a)? 1 : (BN_copy(r ,a) != NULL); -- -- if (r != a) -- { -- if (!bn_wexpand(r, BN_NIST_384_TOP)) -- return 0; -- r_d = r->d; -- nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); -- } -- else -- r_d = a_d; -- -- nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP); -- -- /*S1*/ -- nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4); -- /* left shift */ -- { -- register BN_ULONG *ap,t,c; -- ap = t_d; -- c=0; -- for (i = 3; i != 0; --i) -- { -- t= *ap; -- *(ap++)=((t<<1)|c)&BN_MASK2; -- c=(t & BN_TBIT)?1:0; -- } -- *ap=c; -- } -- carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), -- t_d, BN_NIST_256_TOP); -- /*S2 */ -- carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP); -- /*S3*/ -- nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); -- /*S4*/ -- nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); -- /*S5*/ -- nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0); -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); -- /*S6*/ -- nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); -- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); -- /*D1*/ -- nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); -- /*D2*/ -- nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); -- /*D3*/ -- nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); -- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); -- -- /* see BN_nist_mod_224 for explanation */ -- u.f = bn_sub_words; -- if (carry > 0) -- carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP); -- else if (carry < 0) -- { -- carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); -- mask = 0-(size_t)carry; -- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); -- } -- else -- carry = 1; -- -- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); -- mask &= 0-(size_t)carry; -- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); -- nist_cp_bn(r_d, res, BN_NIST_384_TOP); -- r->top = BN_NIST_384_TOP; -- bn_correct_top(r); -- -- return 1; -- } -- --#define BN_NIST_521_RSHIFT (521%BN_BITS2) --#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) --#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) -+ BN_CTX *ctx) -+{ -+ int i, top = a->top; -+ int carry = 0; -+ register BN_ULONG *r_d, *a_d = a->d; -+ BN_ULONG t_d[BN_NIST_384_TOP], -+ buf[BN_NIST_384_TOP], c_d[BN_NIST_384_TOP], *res; -+ size_t mask; -+ union { -+ bn_addsub_f f; -+ size_t p; -+ } u; -+ static const BIGNUM _bignum_nist_p_384_sqr = { -+ (BN_ULONG *)_nist_p_384_sqr, -+ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), -+ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), -+ 0, BN_FLG_STATIC_DATA -+ }; -+ -+ field = &_bignum_nist_p_384; /* just to make sure */ -+ -+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0) -+ return BN_nnmod(r, a, field, ctx); -+ -+ i = BN_ucmp(field, a); -+ if (i == 0) { -+ BN_zero(r); -+ return 1; -+ } else if (i > 0) -+ return (r == a) ? 1 : (BN_copy(r, a) != NULL); -+ -+ if (r != a) { -+ if (!bn_wexpand(r, BN_NIST_384_TOP)) -+ return 0; -+ r_d = r->d; -+ nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); -+ } else -+ r_d = a_d; -+ -+ nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, -+ BN_NIST_384_TOP); -+ -+ /* -+ * S1 -+ */ -+ nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4); -+ /* left shift */ -+ { -+ register BN_ULONG *ap, t, c; -+ ap = t_d; -+ c = 0; -+ for (i = 3; i != 0; --i) { -+ t = *ap; -+ *(ap++) = ((t << 1) | c) & BN_MASK2; -+ c = (t & BN_TBIT) ? 1 : 0; -+ } -+ *ap = c; -+ } -+ carry = (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), -+ t_d, BN_NIST_256_TOP); -+ /* -+ * S2 -+ */ -+ carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP); -+ /* -+ * S3 -+ */ -+ nist_set_384(t_d, buf, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, 21); -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); -+ /* -+ * S4 -+ */ -+ nist_set_384(t_d, buf, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, 0); -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); -+ /* -+ * S5 -+ */ -+ nist_set_384(t_d, buf, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0); -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); -+ /* -+ * S6 -+ */ -+ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20); -+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); -+ /* -+ * D1 -+ */ -+ nist_set_384(t_d, buf, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); -+ /* -+ * D2 -+ */ -+ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); -+ /* -+ * D3 -+ */ -+ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0); -+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); -+ -+ /* see BN_nist_mod_224 for explanation */ -+ u.f = bn_sub_words; -+ if (carry > 0) -+ carry = -+ (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], -+ BN_NIST_384_TOP); -+ else if (carry < 0) { -+ carry = -+ (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], -+ BN_NIST_384_TOP); -+ mask = 0 - (size_t)carry; -+ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); -+ } else -+ carry = 1; -+ -+ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); -+ mask &= 0 - (size_t)carry; -+ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); -+ nist_cp_bn(r_d, res, BN_NIST_384_TOP); -+ r->top = BN_NIST_384_TOP; -+ bn_correct_top(r); -+ -+ return 1; -+} -+ -+#define BN_NIST_521_RSHIFT (521%BN_BITS2) -+#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) -+#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) - - int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, -- BN_CTX *ctx) -- { -- int top = a->top, i; -- BN_ULONG *r_d, *a_d = a->d, -- t_d[BN_NIST_521_TOP], -- val,tmp,*res; -- size_t mask; -- static const BIGNUM _bignum_nist_p_521_sqr = { -- (BN_ULONG *)_nist_p_521_sqr, -- sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), -- sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), -- 0,BN_FLG_STATIC_DATA }; -- -- field = &_bignum_nist_p_521; /* just to make sure */ -- -- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0) -- return BN_nnmod(r, a, field, ctx); -- -- i = BN_ucmp(field, a); -- if (i == 0) -- { -- BN_zero(r); -- return 1; -- } -- else if (i > 0) -- return (r == a)? 1 : (BN_copy(r ,a) != NULL); -- -- if (r != a) -- { -- if (!bn_wexpand(r,BN_NIST_521_TOP)) -- return 0; -- r_d = r->d; -- nist_cp_bn(r_d,a_d, BN_NIST_521_TOP); -- } -- else -- r_d = a_d; -- -- /* upper 521 bits, copy ... */ -- nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP); -- /* ... and right shift */ -- for (val=t_d[0],i=0; i>BN_NIST_521_RSHIFT; -- val = t_d[i+1]; -- t_d[i] = (tmp | val<>BN_NIST_521_RSHIFT; -- /* lower 521 bits */ -- r_d[i] &= BN_NIST_521_TOP_MASK; -- -- bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); -- mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); -- res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); -- nist_cp_bn(r_d,res,BN_NIST_521_TOP); -- r->top = BN_NIST_521_TOP; -- bn_correct_top(r); -- -- return 1; -- } -+ BN_CTX *ctx) -+{ -+ int top = a->top, i; -+ BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; -+ size_t mask; -+ static const BIGNUM _bignum_nist_p_521_sqr = { -+ (BN_ULONG *)_nist_p_521_sqr, -+ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), -+ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), -+ 0, BN_FLG_STATIC_DATA -+ }; -+ -+ field = &_bignum_nist_p_521; /* just to make sure */ -+ -+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0) -+ return BN_nnmod(r, a, field, ctx); -+ -+ i = BN_ucmp(field, a); -+ if (i == 0) { -+ BN_zero(r); -+ return 1; -+ } else if (i > 0) -+ return (r == a) ? 1 : (BN_copy(r, a) != NULL); -+ -+ if (r != a) { -+ if (!bn_wexpand(r, BN_NIST_521_TOP)) -+ return 0; -+ r_d = r->d; -+ nist_cp_bn(r_d, a_d, BN_NIST_521_TOP); -+ } else -+ r_d = a_d; -+ -+ /* upper 521 bits, copy ... */ -+ nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1), -+ top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); -+ /* ... and right shift */ -+ for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { -+ tmp = val >> BN_NIST_521_RSHIFT; -+ val = t_d[i + 1]; -+ t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; -+ } -+ t_d[i] = val >> BN_NIST_521_RSHIFT; -+ /* lower 521 bits */ -+ r_d[i] &= BN_NIST_521_TOP_MASK; -+ -+ bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); -+ mask = 0 - (size_t)bn_sub_words(t_d, r_d, _nist_p_521, BN_NIST_521_TOP); -+ res = (BN_ULONG *)(((size_t)t_d & ~mask) | ((size_t)r_d & mask)); -+ nist_cp_bn(r_d, res, BN_NIST_521_TOP); -+ r->top = BN_NIST_521_TOP; -+ bn_correct_top(r); -+ -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c -index 21cbb38..efdebdd 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,7 +57,7 @@ - */ - - #ifndef BN_DEBUG --# undef NDEBUG /* avoid conflicting definitions */ -+# undef NDEBUG /* avoid conflicting definitions */ - # define NDEBUG - #endif - -@@ -68,20 +68,19 @@ - #include "bn_lcl.h" - - char *BN_options(void) -- { -- static int init=0; -- static char data[16]; -+{ -+ static int init = 0; -+ static char data[16]; - -- if (!init) -- { -- init++; -+ if (!init) { -+ init++; - #ifdef BN_LLONG -- BIO_snprintf(data,sizeof data,"bn(%d,%d)", -- (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); -+ BIO_snprintf(data, sizeof data, "bn(%d,%d)", -+ (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); - #else -- BIO_snprintf(data,sizeof data,"bn(%d,%d)", -- (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); -+ BIO_snprintf(data, sizeof data, "bn(%d,%d)", -+ (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); - #endif -- } -- return(data); -- } -+ } -+ return (data); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c -index 7b25979..1d25687 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -115,380 +115,401 @@ - #include "bn_lcl.h" - #include - --/* NB: these functions have been "upgraded", the deprecated versions (which are -- * compatibility wrappers using these functions) are in bn_depr.c. -- * - Geoff -+/* -+ * NB: these functions have been "upgraded", the deprecated versions (which -+ * are compatibility wrappers using these functions) are in bn_depr.c. - -+ * Geoff - */ - --/* The quick sieve algorithm approach to weeding out primes is -- * Philip Zimmermann's, as implemented in PGP. I have had a read of -- * his comments and implemented my own version. -+/* -+ * The quick sieve algorithm approach to weeding out primes is Philip -+ * Zimmermann's, as implemented in PGP. I have had a read of his comments -+ * and implemented my own version. - */ - #include "bn_prime.h" - - static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, -- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); -+ const BIGNUM *a1_odd, int k, BN_CTX *ctx, -+ BN_MONT_CTX *mont); - static int probable_prime(BIGNUM *rnd, int bits); - static int probable_prime_dh(BIGNUM *rnd, int bits, -- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); --static int probable_prime_dh_safe(BIGNUM *rnd, int bits, -- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -+ const BIGNUM *add, const BIGNUM *rem, -+ BN_CTX *ctx); -+static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, -+ const BIGNUM *rem, BN_CTX *ctx); - - int BN_GENCB_call(BN_GENCB *cb, int a, int b) -- { -- /* No callback means continue */ -- if(!cb) return 1; -- switch(cb->ver) -- { -- case 1: -- /* Deprecated-style callbacks */ -- if(!cb->cb.cb_1) -- return 1; -- cb->cb.cb_1(a, b, cb->arg); -- return 1; -- case 2: -- /* New-style callbacks */ -- return cb->cb.cb_2(a, b, cb); -- default: -- break; -- } -- /* Unrecognised callback type */ -- return 0; -- } -+{ -+ /* No callback means continue */ -+ if (!cb) -+ return 1; -+ switch (cb->ver) { -+ case 1: -+ /* Deprecated-style callbacks */ -+ if (!cb->cb.cb_1) -+ return 1; -+ cb->cb.cb_1(a, b, cb->arg); -+ return 1; -+ case 2: -+ /* New-style callbacks */ -+ return cb->cb.cb_2(a, b, cb); -+ default: -+ break; -+ } -+ /* Unrecognised callback type */ -+ return 0; -+} - - int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, -- const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) -- { -- BIGNUM *t; -- int found=0; -- int i,j,c1=0; -- BN_CTX *ctx; -- int checks = BN_prime_checks_for_size(bits); -- -- ctx=BN_CTX_new(); -- if (ctx == NULL) goto err; -- BN_CTX_start(ctx); -- t = BN_CTX_get(ctx); -- if(!t) goto err; --loop: -- /* make a random number and set the top and bottom bits */ -- if (add == NULL) -- { -- if (!probable_prime(ret,bits)) goto err; -- } -- else -- { -- if (safe) -- { -- if (!probable_prime_dh_safe(ret,bits,add,rem,ctx)) -- goto err; -- } -- else -- { -- if (!probable_prime_dh(ret,bits,add,rem,ctx)) -- goto err; -- } -- } -- /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ -- if(!BN_GENCB_call(cb, 0, c1++)) -- /* aborted */ -- goto err; -- -- if (!safe) -- { -- i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb); -- if (i == -1) goto err; -- if (i == 0) goto loop; -- } -- else -- { -- /* for "safe prime" generation, -- * check that (p-1)/2 is prime. -- * Since a prime is odd, We just -- * need to divide by 2 */ -- if (!BN_rshift1(t,ret)) goto err; -- -- for (i=0; i a is prime if and only if a == 2 */ -- return BN_is_word(a, 2); -- if (do_trial_division) -- { -- for (i = 1; i < NUMPRIMES; i++) -- if (BN_mod_word(a, primes[i]) == 0) -- return 0; -- if(!BN_GENCB_call(cb, 1, -1)) -- goto err; -- } -- -- if (ctx_passed != NULL) -- ctx = ctx_passed; -- else -- if ((ctx=BN_CTX_new()) == NULL) -- goto err; -- BN_CTX_start(ctx); -- -- /* A := abs(a) */ -- if (a->neg) -- { -- BIGNUM *t; -- if ((t = BN_CTX_get(ctx)) == NULL) goto err; -- BN_copy(t, a); -- t->neg = 0; -- A = t; -- } -- else -- A = a; -- A1 = BN_CTX_get(ctx); -- A1_odd = BN_CTX_get(ctx); -- check = BN_CTX_get(ctx); -- if (check == NULL) goto err; -- -- /* compute A1 := A - 1 */ -- if (!BN_copy(A1, A)) -- goto err; -- if (!BN_sub_word(A1, 1)) -- goto err; -- if (BN_is_zero(A1)) -- { -- ret = 0; -- goto err; -- } -- -- /* write A1 as A1_odd * 2^k */ -- k = 1; -- while (!BN_is_bit_set(A1, k)) -- k++; -- if (!BN_rshift(A1_odd, A1, k)) -- goto err; -- -- /* Montgomery setup for computations mod A */ -- mont = BN_MONT_CTX_new(); -- if (mont == NULL) -- goto err; -- if (!BN_MONT_CTX_set(mont, A, ctx)) -- goto err; -- -- for (i = 0; i < checks; i++) -- { -- if (!BN_pseudo_rand_range(check, A1)) -- goto err; -- if (!BN_add_word(check, 1)) -- goto err; -- /* now 1 <= check < A */ -- -- j = witness(check, A, A1, A1_odd, k, ctx, mont); -- if (j == -1) goto err; -- if (j) -- { -- ret=0; -- goto err; -- } -- if(!BN_GENCB_call(cb, 1, i)) -- goto err; -- } -- ret=1; --err: -- if (ctx != NULL) -- { -- BN_CTX_end(ctx); -- if (ctx_passed == NULL) -- BN_CTX_free(ctx); -- } -- if (mont != NULL) -- BN_MONT_CTX_free(mont); -- -- return(ret); -- } -+ int do_trial_division, BN_GENCB *cb) -+{ -+ int i, j, ret = -1; -+ int k; -+ BN_CTX *ctx = NULL; -+ BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ -+ BN_MONT_CTX *mont = NULL; -+ const BIGNUM *A = NULL; -+ -+ if (BN_cmp(a, BN_value_one()) <= 0) -+ return 0; -+ -+ if (checks == BN_prime_checks) -+ checks = BN_prime_checks_for_size(BN_num_bits(a)); -+ -+ /* first look for small factors */ -+ if (!BN_is_odd(a)) -+ /* a is even => a is prime if and only if a == 2 */ -+ return BN_is_word(a, 2); -+ if (do_trial_division) { -+ for (i = 1; i < NUMPRIMES; i++) -+ if (BN_mod_word(a, primes[i]) == 0) -+ return 0; -+ if (!BN_GENCB_call(cb, 1, -1)) -+ goto err; -+ } -+ -+ if (ctx_passed != NULL) -+ ctx = ctx_passed; -+ else if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ -+ /* A := abs(a) */ -+ if (a->neg) { -+ BIGNUM *t; -+ if ((t = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ BN_copy(t, a); -+ t->neg = 0; -+ A = t; -+ } else -+ A = a; -+ A1 = BN_CTX_get(ctx); -+ A1_odd = BN_CTX_get(ctx); -+ check = BN_CTX_get(ctx); -+ if (check == NULL) -+ goto err; -+ -+ /* compute A1 := A - 1 */ -+ if (!BN_copy(A1, A)) -+ goto err; -+ if (!BN_sub_word(A1, 1)) -+ goto err; -+ if (BN_is_zero(A1)) { -+ ret = 0; -+ goto err; -+ } -+ -+ /* write A1 as A1_odd * 2^k */ -+ k = 1; -+ while (!BN_is_bit_set(A1, k)) -+ k++; -+ if (!BN_rshift(A1_odd, A1, k)) -+ goto err; -+ -+ /* Montgomery setup for computations mod A */ -+ mont = BN_MONT_CTX_new(); -+ if (mont == NULL) -+ goto err; -+ if (!BN_MONT_CTX_set(mont, A, ctx)) -+ goto err; -+ -+ for (i = 0; i < checks; i++) { -+ if (!BN_pseudo_rand_range(check, A1)) -+ goto err; -+ if (!BN_add_word(check, 1)) -+ goto err; -+ /* now 1 <= check < A */ -+ -+ j = witness(check, A, A1, A1_odd, k, ctx, mont); -+ if (j == -1) -+ goto err; -+ if (j) { -+ ret = 0; -+ goto err; -+ } -+ if (!BN_GENCB_call(cb, 1, i)) -+ goto err; -+ } -+ ret = 1; -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ if (ctx_passed == NULL) -+ BN_CTX_free(ctx); -+ } -+ if (mont != NULL) -+ BN_MONT_CTX_free(mont); -+ -+ return (ret); -+} - - static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, -- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) -- { -- if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ -- return -1; -- if (BN_is_one(w)) -- return 0; /* probably prime */ -- if (BN_cmp(w, a1) == 0) -- return 0; /* w == -1 (mod a), 'a' is probably prime */ -- while (--k) -- { -- if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ -- return -1; -- if (BN_is_one(w)) -- return 1; /* 'a' is composite, otherwise a previous 'w' would -- * have been == -1 (mod 'a') */ -- if (BN_cmp(w, a1) == 0) -- return 0; /* w == -1 (mod a), 'a' is probably prime */ -- } -- /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', -- * and it is neither -1 nor +1 -- so 'a' cannot be prime */ -- bn_check_top(w); -- return 1; -- } -+ const BIGNUM *a1_odd, int k, BN_CTX *ctx, -+ BN_MONT_CTX *mont) -+{ -+ if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ -+ return -1; -+ if (BN_is_one(w)) -+ return 0; /* probably prime */ -+ if (BN_cmp(w, a1) == 0) -+ return 0; /* w == -1 (mod a), 'a' is probably prime */ -+ while (--k) { -+ if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ -+ return -1; -+ if (BN_is_one(w)) -+ return 1; /* 'a' is composite, otherwise a previous 'w' -+ * would have been == -1 (mod 'a') */ -+ if (BN_cmp(w, a1) == 0) -+ return 0; /* w == -1 (mod a), 'a' is probably prime */ -+ } -+ /* -+ * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and -+ * it is neither -1 nor +1 -- so 'a' cannot be prime -+ */ -+ bn_check_top(w); -+ return 1; -+} - - static int probable_prime(BIGNUM *rnd, int bits) -- { -- int i; -- prime_t mods[NUMPRIMES]; -- BN_ULONG delta,maxdelta; -- --again: -- if (!BN_rand(rnd,bits,1,1)) return(0); -- /* we now have a random number 'rand' to test. */ -- for (i=1; i maxdelta) goto again; -- goto loop; -- } -- } -- if (!BN_add_word(rnd,delta)) return(0); -- bn_check_top(rnd); -- return(1); -- } -+{ -+ int i; -+ prime_t mods[NUMPRIMES]; -+ BN_ULONG delta, maxdelta; -+ -+ again: -+ if (!BN_rand(rnd, bits, 1, 1)) -+ return (0); -+ /* we now have a random number 'rand' to test. */ -+ for (i = 1; i < NUMPRIMES; i++) -+ mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]); -+ maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; -+ delta = 0; -+ loop:for (i = 1; i < NUMPRIMES; i++) { -+ /* -+ * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1 -+ * (except for 2) -+ */ -+ if (((mods[i] + delta) % primes[i]) <= 1) { -+ delta += 2; -+ if (delta > maxdelta) -+ goto again; -+ goto loop; -+ } -+ } -+ if (!BN_add_word(rnd, delta)) -+ return (0); -+ bn_check_top(rnd); -+ return (1); -+} - - static int probable_prime_dh(BIGNUM *rnd, int bits, -- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) -- { -- int i,ret=0; -- BIGNUM *t1; -- -- BN_CTX_start(ctx); -- if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; -- -- if (!BN_rand(rnd,bits,0,1)) goto err; -- -- /* we need ((rnd-rem) % add) == 0 */ -- -- if (!BN_mod(t1,rnd,add,ctx)) goto err; -- if (!BN_sub(rnd,rnd,t1)) goto err; -- if (rem == NULL) -- { if (!BN_add_word(rnd,1)) goto err; } -- else -- { if (!BN_add(rnd,rnd,rem)) goto err; } -- -- /* we now have a random number 'rand' to test. */ -- -- loop: for (i=1; i - #include "bn_lcl.h" - --static const char Hex[]="0123456789ABCDEF"; -+static const char Hex[] = "0123456789ABCDEF"; - - /* Must 'OPENSSL_free' the returned data */ - char *BN_bn2hex(const BIGNUM *a) -- { -- int i,j,v,z=0; -- char *buf; -- char *p; -+{ -+ int i, j, v, z = 0; -+ char *buf; -+ char *p; - -- buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2); -- if (buf == NULL) -- { -- BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- p=buf; -- if (a->neg) *(p++)='-'; -- if (BN_is_zero(a)) *(p++)='0'; -- for (i=a->top-1; i >=0; i--) -- { -- for (j=BN_BITS2-8; j >= 0; j-=8) -- { -- /* strip leading zeros */ -- v=((int)(a->d[i]>>(long)j))&0xff; -- if (z || (v != 0)) -- { -- *(p++)=Hex[v>>4]; -- *(p++)=Hex[v&0x0f]; -- z=1; -- } -- } -- } -- *p='\0'; --err: -- return(buf); -- } -+ buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); -+ if (buf == NULL) { -+ BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ p = buf; -+ if (a->neg) -+ *(p++) = '-'; -+ if (BN_is_zero(a)) -+ *(p++) = '0'; -+ for (i = a->top - 1; i >= 0; i--) { -+ for (j = BN_BITS2 - 8; j >= 0; j -= 8) { -+ /* strip leading zeros */ -+ v = ((int)(a->d[i] >> (long)j)) & 0xff; -+ if (z || (v != 0)) { -+ *(p++) = Hex[v >> 4]; -+ *(p++) = Hex[v & 0x0f]; -+ z = 1; -+ } -+ } -+ } -+ *p = '\0'; -+ err: -+ return (buf); -+} - - /* Must 'OPENSSL_free' the returned data */ - char *BN_bn2dec(const BIGNUM *a) -- { -- int i=0,num, ok = 0; -- char *buf=NULL; -- char *p; -- BIGNUM *t=NULL; -- BN_ULONG *bn_data=NULL,*lp; -+{ -+ int i = 0, num, ok = 0; -+ char *buf = NULL; -+ char *p; -+ BIGNUM *t = NULL; -+ BN_ULONG *bn_data = NULL, *lp; - -- /* get an upper bound for the length of the decimal integer -- * num <= (BN_num_bits(a) + 1) * log(2) -- * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) -- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 -- */ -- i=BN_num_bits(a)*3; -- num=(i/10+i/1000+1)+1; -- bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); -- buf=(char *)OPENSSL_malloc(num+3); -- if ((buf == NULL) || (bn_data == NULL)) -- { -- BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if ((t=BN_dup(a)) == NULL) goto err; -+ /*- -+ * get an upper bound for the length of the decimal integer -+ * num <= (BN_num_bits(a) + 1) * log(2) -+ * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) -+ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 -+ */ -+ i = BN_num_bits(a) * 3; -+ num = (i / 10 + i / 1000 + 1) + 1; -+ bn_data = -+ (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG)); -+ buf = (char *)OPENSSL_malloc(num + 3); -+ if ((buf == NULL) || (bn_data == NULL)) { -+ BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if ((t = BN_dup(a)) == NULL) -+ goto err; - - #define BUF_REMAIN (num+3 - (size_t)(p - buf)) -- p=buf; -- lp=bn_data; -- if (BN_is_zero(t)) -- { -- *(p++)='0'; -- *(p++)='\0'; -- } -- else -- { -- if (BN_is_negative(t)) -- *p++ = '-'; -+ p = buf; -+ lp = bn_data; -+ if (BN_is_zero(t)) { -+ *(p++) = '0'; -+ *(p++) = '\0'; -+ } else { -+ if (BN_is_negative(t)) -+ *p++ = '-'; - -- i=0; -- while (!BN_is_zero(t)) -- { -- *lp=BN_div_word(t,BN_DEC_CONV); -- lp++; -- } -- lp--; -- /* We now have a series of blocks, BN_DEC_NUM chars -- * in length, where the last one needs truncation. -- * The blocks need to be reversed in order. */ -- BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); -- while (*p) p++; -- while (lp != bn_data) -- { -- lp--; -- BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); -- while (*p) p++; -- } -- } -- ok = 1; --err: -- if (bn_data != NULL) OPENSSL_free(bn_data); -- if (t != NULL) BN_free(t); -- if (!ok && buf) -- { -- OPENSSL_free(buf); -- buf = NULL; -- } -+ i = 0; -+ while (!BN_is_zero(t)) { -+ *lp = BN_div_word(t, BN_DEC_CONV); -+ lp++; -+ } -+ lp--; -+ /* -+ * We now have a series of blocks, BN_DEC_NUM chars in length, where -+ * the last one needs truncation. The blocks need to be reversed in -+ * order. -+ */ -+ BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); -+ while (*p) -+ p++; -+ while (lp != bn_data) { -+ lp--; -+ BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); -+ while (*p) -+ p++; -+ } -+ } -+ ok = 1; -+ err: -+ if (bn_data != NULL) -+ OPENSSL_free(bn_data); -+ if (t != NULL) -+ BN_free(t); -+ if (!ok && buf) { -+ OPENSSL_free(buf); -+ buf = NULL; -+ } - -- return(buf); -- } -+ return (buf); -+} - - int BN_hex2bn(BIGNUM **bn, const char *a) -- { -- BIGNUM *ret=NULL; -- BN_ULONG l=0; -- int neg=0,h,m,i,j,k,c; -- int num; -+{ -+ BIGNUM *ret = NULL; -+ BN_ULONG l = 0; -+ int neg = 0, h, m, i, j, k, c; -+ int num; - -- if ((a == NULL) || (*a == '\0')) return(0); -+ if ((a == NULL) || (*a == '\0')) -+ return (0); - -- if (*a == '-') { neg=1; a++; } -+ if (*a == '-') { -+ neg = 1; -+ a++; -+ } - -- for (i=0; isxdigit((unsigned char) a[i]); i++) -- ; -+ for (i = 0; isxdigit((unsigned char)a[i]); i++) ; - -- num=i+neg; -- if (bn == NULL) return(num); -+ num = i + neg; -+ if (bn == NULL) -+ return (num); - -- /* a is the start of the hex digits, and it is 'i' long */ -- if (*bn == NULL) -- { -- if ((ret=BN_new()) == NULL) return(0); -- } -- else -- { -- ret= *bn; -- BN_zero(ret); -- } -+ /* a is the start of the hex digits, and it is 'i' long */ -+ if (*bn == NULL) { -+ if ((ret = BN_new()) == NULL) -+ return (0); -+ } else { -+ ret = *bn; -+ BN_zero(ret); -+ } - -- /* i is the number of hex digests; */ -- if (bn_expand(ret,i*4) == NULL) goto err; -+ /* i is the number of hex digests; */ -+ if (bn_expand(ret, i * 4) == NULL) -+ goto err; - -- j=i; /* least significant 'hex' */ -- m=0; -- h=0; -- while (j > 0) -- { -- m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j; -- l=0; -- for (;;) -- { -- c=a[j-m]; -- if ((c >= '0') && (c <= '9')) k=c-'0'; -- else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10; -- else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10; -- else k=0; /* paranoia */ -- l=(l<<4)|k; -+ j = i; /* least significant 'hex' */ -+ m = 0; -+ h = 0; -+ while (j > 0) { -+ m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j; -+ l = 0; -+ for (;;) { -+ c = a[j - m]; -+ if ((c >= '0') && (c <= '9')) -+ k = c - '0'; -+ else if ((c >= 'a') && (c <= 'f')) -+ k = c - 'a' + 10; -+ else if ((c >= 'A') && (c <= 'F')) -+ k = c - 'A' + 10; -+ else -+ k = 0; /* paranoia */ -+ l = (l << 4) | k; - -- if (--m <= 0) -- { -- ret->d[h++]=l; -- break; -- } -- } -- j-=(BN_BYTES*2); -- } -- ret->top=h; -- bn_correct_top(ret); -- ret->neg=neg; -+ if (--m <= 0) { -+ ret->d[h++] = l; -+ break; -+ } -+ } -+ j -= (BN_BYTES * 2); -+ } -+ ret->top = h; -+ bn_correct_top(ret); -+ ret->neg = neg; - -- *bn=ret; -- bn_check_top(ret); -- return(num); --err: -- if (*bn == NULL) BN_free(ret); -- return(0); -- } -+ *bn = ret; -+ bn_check_top(ret); -+ return (num); -+ err: -+ if (*bn == NULL) -+ BN_free(ret); -+ return (0); -+} - - int BN_dec2bn(BIGNUM **bn, const char *a) -- { -- BIGNUM *ret=NULL; -- BN_ULONG l=0; -- int neg=0,i,j; -- int num; -+{ -+ BIGNUM *ret = NULL; -+ BN_ULONG l = 0; -+ int neg = 0, i, j; -+ int num; - -- if ((a == NULL) || (*a == '\0')) return(0); -- if (*a == '-') { neg=1; a++; } -+ if ((a == NULL) || (*a == '\0')) -+ return (0); -+ if (*a == '-') { -+ neg = 1; -+ a++; -+ } - -- for (i=0; isdigit((unsigned char) a[i]); i++) -- ; -+ for (i = 0; isdigit((unsigned char)a[i]); i++) ; - -- num=i+neg; -- if (bn == NULL) return(num); -+ num = i + neg; -+ if (bn == NULL) -+ return (num); - -- /* a is the start of the digits, and it is 'i' long. -- * We chop it into BN_DEC_NUM digits at a time */ -- if (*bn == NULL) -- { -- if ((ret=BN_new()) == NULL) return(0); -- } -- else -- { -- ret= *bn; -- BN_zero(ret); -- } -+ /* -+ * a is the start of the digits, and it is 'i' long. We chop it into -+ * BN_DEC_NUM digits at a time -+ */ -+ if (*bn == NULL) { -+ if ((ret = BN_new()) == NULL) -+ return (0); -+ } else { -+ ret = *bn; -+ BN_zero(ret); -+ } - -- /* i is the number of digests, a bit of an over expand; */ -- if (bn_expand(ret,i*4) == NULL) goto err; -+ /* i is the number of digests, a bit of an over expand; */ -+ if (bn_expand(ret, i * 4) == NULL) -+ goto err; - -- j=BN_DEC_NUM-(i%BN_DEC_NUM); -- if (j == BN_DEC_NUM) j=0; -- l=0; -- while (*a) -- { -- l*=10; -- l+= *a-'0'; -- a++; -- if (++j == BN_DEC_NUM) -- { -- BN_mul_word(ret,BN_DEC_CONV); -- BN_add_word(ret,l); -- l=0; -- j=0; -- } -- } -- ret->neg=neg; -+ j = BN_DEC_NUM - (i % BN_DEC_NUM); -+ if (j == BN_DEC_NUM) -+ j = 0; -+ l = 0; -+ while (*a) { -+ l *= 10; -+ l += *a - '0'; -+ a++; -+ if (++j == BN_DEC_NUM) { -+ BN_mul_word(ret, BN_DEC_CONV); -+ BN_add_word(ret, l); -+ l = 0; -+ j = 0; -+ } -+ } -+ ret->neg = neg; - -- bn_correct_top(ret); -- *bn=ret; -- bn_check_top(ret); -- return(num); --err: -- if (*bn == NULL) BN_free(ret); -- return(0); -- } -+ bn_correct_top(ret); -+ *bn = ret; -+ bn_check_top(ret); -+ return (num); -+ err: -+ if (*bn == NULL) -+ BN_free(ret); -+ return (0); -+} - - #ifndef OPENSSL_NO_BIO --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int BN_print_fp(FILE *fp, const BIGNUM *a) -- { -- BIO *b; -- int ret; -+{ -+ BIO *b; -+ int ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- return(0); -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=BN_print(b,a); -- BIO_free(b); -- return(ret); -- } --#endif -+ if ((b = BIO_new(BIO_s_file())) == NULL) -+ return (0); -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = BN_print(b, a); -+ BIO_free(b); -+ return (ret); -+} -+# endif - - int BN_print(BIO *bp, const BIGNUM *a) -- { -- int i,j,v,z=0; -- int ret=0; -+{ -+ int i, j, v, z = 0; -+ int ret = 0; - -- if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; -- if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end; -- for (i=a->top-1; i >=0; i--) -- { -- for (j=BN_BITS2-4; j >= 0; j-=4) -- { -- /* strip leading zeros */ -- v=((int)(a->d[i]>>(long)j))&0x0f; -- if (z || (v != 0)) -- { -- if (BIO_write(bp,&(Hex[v]),1) != 1) -- goto end; -- z=1; -- } -- } -- } -- ret=1; --end: -- return(ret); -- } -+ if ((a->neg) && (BIO_write(bp, "-", 1) != 1)) -+ goto end; -+ if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1)) -+ goto end; -+ for (i = a->top - 1; i >= 0; i--) { -+ for (j = BN_BITS2 - 4; j >= 0; j -= 4) { -+ /* strip leading zeros */ -+ v = ((int)(a->d[i] >> (long)j)) & 0x0f; -+ if (z || (v != 0)) { -+ if (BIO_write(bp, &(Hex[v]), 1) != 1) -+ goto end; -+ z = 1; -+ } -+ } -+ } -+ ret = 1; -+ end: -+ return (ret); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c -index b376c28..7ac71ec 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -116,190 +116,174 @@ - #include - - static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) -- { -- unsigned char *buf=NULL; -- int ret=0,bit,bytes,mask; -- time_t tim; -+{ -+ unsigned char *buf = NULL; -+ int ret = 0, bit, bytes, mask; -+ time_t tim; - -- if (bits == 0) -- { -- BN_zero(rnd); -- return 1; -- } -+ if (bits == 0) { -+ BN_zero(rnd); -+ return 1; -+ } - -- bytes=(bits+7)/8; -- bit=(bits-1)%8; -- mask=0xff<<(bit+1); -+ bytes = (bits + 7) / 8; -+ bit = (bits - 1) % 8; -+ mask = 0xff << (bit + 1); - -- buf=(unsigned char *)OPENSSL_malloc(bytes); -- if (buf == NULL) -- { -- BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ buf = (unsigned char *)OPENSSL_malloc(bytes); -+ if (buf == NULL) { -+ BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- /* make a random number and set the top and bottom bits */ -- time(&tim); -- RAND_add(&tim,sizeof(tim),0.0); -+ /* make a random number and set the top and bottom bits */ -+ time(&tim); -+ RAND_add(&tim, sizeof(tim), 0.0); - -- if (pseudorand) -- { -- if (RAND_pseudo_bytes(buf, bytes) == -1) -- goto err; -- } -- else -- { -- if (RAND_bytes(buf, bytes) <= 0) -- goto err; -- } -+ if (pseudorand) { -+ if (RAND_pseudo_bytes(buf, bytes) == -1) -+ goto err; -+ } else { -+ if (RAND_bytes(buf, bytes) <= 0) -+ goto err; -+ } - - #if 1 -- if (pseudorand == 2) -- { -- /* generate patterns that are more likely to trigger BN -- library bugs */ -- int i; -- unsigned char c; -+ if (pseudorand == 2) { -+ /* -+ * generate patterns that are more likely to trigger BN library bugs -+ */ -+ int i; -+ unsigned char c; - -- for (i = 0; i < bytes; i++) -- { -- RAND_pseudo_bytes(&c, 1); -- if (c >= 128 && i > 0) -- buf[i] = buf[i-1]; -- else if (c < 42) -- buf[i] = 0; -- else if (c < 84) -- buf[i] = 255; -- } -- } -+ for (i = 0; i < bytes; i++) { -+ RAND_pseudo_bytes(&c, 1); -+ if (c >= 128 && i > 0) -+ buf[i] = buf[i - 1]; -+ else if (c < 42) -+ buf[i] = 0; -+ else if (c < 84) -+ buf[i] = 255; -+ } -+ } - #endif - -- if (top != -1) -- { -- if (top) -- { -- if (bit == 0) -- { -- buf[0]=1; -- buf[1]|=0x80; -- } -- else -- { -- buf[0]|=(3<<(bit-1)); -- } -- } -- else -- { -- buf[0]|=(1<neg || BN_is_zero(range)) -- { -- BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); -- return 0; -- } -+ if (range->neg || BN_is_zero(range)) { -+ BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); -+ return 0; -+ } - -- n = BN_num_bits(range); /* n > 0 */ -+ n = BN_num_bits(range); /* n > 0 */ - -- /* BN_is_bit_set(range, n - 1) always holds */ -+ /* BN_is_bit_set(range, n - 1) always holds */ - -- if (n == 1) -- BN_zero(r); -- else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) -- { -- /* range = 100..._2, -- * so 3*range (= 11..._2) is exactly one bit longer than range */ -- do -- { -- if (!bn_rand(r, n + 1, -1, 0)) return 0; -- /* If r < 3*range, use r := r MOD range -- * (which is either r, r - range, or r - 2*range). -- * Otherwise, iterate once more. -- * Since 3*range = 11..._2, each iteration succeeds with -- * probability >= .75. */ -- if (BN_cmp(r ,range) >= 0) -- { -- if (!BN_sub(r, r, range)) return 0; -- if (BN_cmp(r, range) >= 0) -- if (!BN_sub(r, r, range)) return 0; -- } -+ if (n == 1) -+ BN_zero(r); -+ else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { -+ /* -+ * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer -+ * than range -+ */ -+ do { -+ if (!bn_rand(r, n + 1, -1, 0)) -+ return 0; -+ /* -+ * If r < 3*range, use r := r MOD range (which is either r, r - -+ * range, or r - 2*range). Otherwise, iterate once more. Since -+ * 3*range = 11..._2, each iteration succeeds with probability >= -+ * .75. -+ */ -+ if (BN_cmp(r, range) >= 0) { -+ if (!BN_sub(r, r, range)) -+ return 0; -+ if (BN_cmp(r, range) >= 0) -+ if (!BN_sub(r, r, range)) -+ return 0; -+ } - -- if (!--count) -- { -- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); -- return 0; -- } -- -- } -- while (BN_cmp(r, range) >= 0); -- } -- else -- { -- do -- { -- /* range = 11..._2 or range = 101..._2 */ -- if (!bn_rand(r, n, -1, 0)) return 0; -+ if (!--count) { -+ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); -+ return 0; -+ } - -- if (!--count) -- { -- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); -- return 0; -- } -- } -- while (BN_cmp(r, range) >= 0); -- } -+ } -+ while (BN_cmp(r, range) >= 0); -+ } else { -+ do { -+ /* range = 11..._2 or range = 101..._2 */ -+ if (!bn_rand(r, n, -1, 0)) -+ return 0; - -- bn_check_top(r); -- return 1; -- } -+ if (!--count) { -+ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); -+ return 0; -+ } -+ } -+ while (BN_cmp(r, range) >= 0); -+ } - -+ bn_check_top(r); -+ return 1; -+} - --int BN_rand_range(BIGNUM *r, const BIGNUM *range) -- { -- return bn_rand_range(0, r, range); -- } -+int BN_rand_range(BIGNUM *r, const BIGNUM *range) -+{ -+ return bn_rand_range(0, r, range); -+} - --int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) -- { -- return bn_rand_range(1, r, range); -- } -+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) -+{ -+ return bn_rand_range(1, r, range); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c -index 2e8efb8..6826f93 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,174 +61,189 @@ - #include "bn_lcl.h" - - void BN_RECP_CTX_init(BN_RECP_CTX *recp) -- { -- BN_init(&(recp->N)); -- BN_init(&(recp->Nr)); -- recp->num_bits=0; -- recp->flags=0; -- } -+{ -+ BN_init(&(recp->N)); -+ BN_init(&(recp->Nr)); -+ recp->num_bits = 0; -+ recp->flags = 0; -+} - - BN_RECP_CTX *BN_RECP_CTX_new(void) -- { -- BN_RECP_CTX *ret; -+{ -+ BN_RECP_CTX *ret; - -- if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) -- return(NULL); -+ if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) -+ return (NULL); - -- BN_RECP_CTX_init(ret); -- ret->flags=BN_FLG_MALLOCED; -- return(ret); -- } -+ BN_RECP_CTX_init(ret); -+ ret->flags = BN_FLG_MALLOCED; -+ return (ret); -+} - - void BN_RECP_CTX_free(BN_RECP_CTX *recp) -- { -- if(recp == NULL) -- return; -+{ -+ if (recp == NULL) -+ return; - -- BN_free(&(recp->N)); -- BN_free(&(recp->Nr)); -- if (recp->flags & BN_FLG_MALLOCED) -- OPENSSL_free(recp); -- } -+ BN_free(&(recp->N)); -+ BN_free(&(recp->Nr)); -+ if (recp->flags & BN_FLG_MALLOCED) -+ OPENSSL_free(recp); -+} - - int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) -- { -- if (!BN_copy(&(recp->N),d)) return 0; -- BN_zero(&(recp->Nr)); -- recp->num_bits=BN_num_bits(d); -- recp->shift=0; -- return(1); -- } -+{ -+ if (!BN_copy(&(recp->N), d)) -+ return 0; -+ BN_zero(&(recp->Nr)); -+ recp->num_bits = BN_num_bits(d); -+ recp->shift = 0; -+ return (1); -+} - - int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, -- BN_RECP_CTX *recp, BN_CTX *ctx) -- { -- int ret=0; -- BIGNUM *a; -- const BIGNUM *ca; -- -- BN_CTX_start(ctx); -- if ((a = BN_CTX_get(ctx)) == NULL) goto err; -- if (y != NULL) -- { -- if (x == y) -- { if (!BN_sqr(a,x,ctx)) goto err; } -- else -- { if (!BN_mul(a,x,y,ctx)) goto err; } -- ca = a; -- } -- else -- ca=x; /* Just do the mod */ -- -- ret = BN_div_recp(NULL,r,ca,recp,ctx); --err: -- BN_CTX_end(ctx); -- bn_check_top(r); -- return(ret); -- } -+ BN_RECP_CTX *recp, BN_CTX *ctx) -+{ -+ int ret = 0; -+ BIGNUM *a; -+ const BIGNUM *ca; -+ -+ BN_CTX_start(ctx); -+ if ((a = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ if (y != NULL) { -+ if (x == y) { -+ if (!BN_sqr(a, x, ctx)) -+ goto err; -+ } else { -+ if (!BN_mul(a, x, y, ctx)) -+ goto err; -+ } -+ ca = a; -+ } else -+ ca = x; /* Just do the mod */ -+ -+ ret = BN_div_recp(NULL, r, ca, recp, ctx); -+ err: -+ BN_CTX_end(ctx); -+ bn_check_top(r); -+ return (ret); -+} - - int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, -- BN_RECP_CTX *recp, BN_CTX *ctx) -- { -- int i,j,ret=0; -- BIGNUM *a,*b,*d,*r; -- -- BN_CTX_start(ctx); -- a=BN_CTX_get(ctx); -- b=BN_CTX_get(ctx); -- if (dv != NULL) -- d=dv; -- else -- d=BN_CTX_get(ctx); -- if (rem != NULL) -- r=rem; -- else -- r=BN_CTX_get(ctx); -- if (a == NULL || b == NULL || d == NULL || r == NULL) goto err; -- -- if (BN_ucmp(m,&(recp->N)) < 0) -- { -- BN_zero(d); -- if (!BN_copy(r,m)) return 0; -- BN_CTX_end(ctx); -- return(1); -- } -- -- /* We want the remainder -- * Given input of ABCDEF / ab -- * we need multiply ABCDEF by 3 digests of the reciprocal of ab -- * -- */ -- -- /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ -- i=BN_num_bits(m); -- j=recp->num_bits<<1; -- if (j>i) i=j; -- -- /* Nr := round(2^i / N) */ -- if (i != recp->shift) -- recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N), -- i,ctx); /* BN_reciprocal returns i, or -1 for an error */ -- if (recp->shift == -1) goto err; -- -- /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| -- * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| -- * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| -- * = |m/N| -- */ -- if (!BN_rshift(a,m,recp->num_bits)) goto err; -- if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err; -- if (!BN_rshift(d,b,i-recp->num_bits)) goto err; -- d->neg=0; -- -- if (!BN_mul(b,&(recp->N),d,ctx)) goto err; -- if (!BN_usub(r,m,b)) goto err; -- r->neg=0; -+ BN_RECP_CTX *recp, BN_CTX *ctx) -+{ -+ int i, j, ret = 0; -+ BIGNUM *a, *b, *d, *r; -+ -+ BN_CTX_start(ctx); -+ a = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ if (dv != NULL) -+ d = dv; -+ else -+ d = BN_CTX_get(ctx); -+ if (rem != NULL) -+ r = rem; -+ else -+ r = BN_CTX_get(ctx); -+ if (a == NULL || b == NULL || d == NULL || r == NULL) -+ goto err; -+ -+ if (BN_ucmp(m, &(recp->N)) < 0) { -+ BN_zero(d); -+ if (!BN_copy(r, m)) -+ return 0; -+ BN_CTX_end(ctx); -+ return (1); -+ } -+ -+ /* -+ * We want the remainder Given input of ABCDEF / ab we need multiply -+ * ABCDEF by 3 digests of the reciprocal of ab -+ */ -+ -+ /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ -+ i = BN_num_bits(m); -+ j = recp->num_bits << 1; -+ if (j > i) -+ i = j; -+ -+ /* Nr := round(2^i / N) */ -+ if (i != recp->shift) -+ recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx); -+ /* BN_reciprocal could have returned -1 for an error */ -+ if (recp->shift == -1) -+ goto err; -+ -+ /*- -+ * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| -+ * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| -+ * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| -+ * = |m/N| -+ */ -+ if (!BN_rshift(a, m, recp->num_bits)) -+ goto err; -+ if (!BN_mul(b, a, &(recp->Nr), ctx)) -+ goto err; -+ if (!BN_rshift(d, b, i - recp->num_bits)) -+ goto err; -+ d->neg = 0; -+ -+ if (!BN_mul(b, &(recp->N), d, ctx)) -+ goto err; -+ if (!BN_usub(r, m, b)) -+ goto err; -+ r->neg = 0; - - #if 1 -- j=0; -- while (BN_ucmp(r,&(recp->N)) >= 0) -- { -- if (j++ > 2) -- { -- BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL); -- goto err; -- } -- if (!BN_usub(r,r,&(recp->N))) goto err; -- if (!BN_add_word(d,1)) goto err; -- } -+ j = 0; -+ while (BN_ucmp(r, &(recp->N)) >= 0) { -+ if (j++ > 2) { -+ BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL); -+ goto err; -+ } -+ if (!BN_usub(r, r, &(recp->N))) -+ goto err; -+ if (!BN_add_word(d, 1)) -+ goto err; -+ } - #endif - -- r->neg=BN_is_zero(r)?0:m->neg; -- d->neg=m->neg^recp->N.neg; -- ret=1; --err: -- BN_CTX_end(ctx); -- bn_check_top(dv); -- bn_check_top(rem); -- return(ret); -- } -- --/* len is the expected size of the result -- * We actually calculate with an extra word of precision, so -- * we can do faster division if the remainder is not required. -+ r->neg = BN_is_zero(r) ? 0 : m->neg; -+ d->neg = m->neg ^ recp->N.neg; -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ bn_check_top(dv); -+ bn_check_top(rem); -+ return (ret); -+} -+ -+/* -+ * len is the expected size of the result We actually calculate with an extra -+ * word of precision, so we can do faster division if the remainder is not -+ * required. - */ - /* r := 2^len / m */ - int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) -- { -- int ret= -1; -- BIGNUM *t; -- -- BN_CTX_start(ctx); -- if((t = BN_CTX_get(ctx)) == NULL) goto err; -- -- if (!BN_set_bit(t,len)) goto err; -- -- if (!BN_div(r,NULL,t,m,ctx)) goto err; -- -- ret=len; --err: -- bn_check_top(r); -- BN_CTX_end(ctx); -- return(ret); -- } -+{ -+ int ret = -1; -+ BIGNUM *t; -+ -+ BN_CTX_start(ctx); -+ if ((t = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ -+ if (!BN_set_bit(t, len)) -+ goto err; -+ -+ if (!BN_div(r, NULL, t, m, ctx)) -+ goto err; -+ -+ ret = len; -+ err: -+ bn_check_top(r); -+ BN_CTX_end(ctx); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c -index c4d301a..67904c9 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,160 +61,149 @@ - #include "bn_lcl.h" - - int BN_lshift1(BIGNUM *r, const BIGNUM *a) -- { -- register BN_ULONG *ap,*rp,t,c; -- int i; -+{ -+ register BN_ULONG *ap, *rp, t, c; -+ int i; - -- bn_check_top(r); -- bn_check_top(a); -+ bn_check_top(r); -+ bn_check_top(a); - -- if (r != a) -- { -- r->neg=a->neg; -- if (bn_wexpand(r,a->top+1) == NULL) return(0); -- r->top=a->top; -- } -- else -- { -- if (bn_wexpand(r,a->top+1) == NULL) return(0); -- } -- ap=a->d; -- rp=r->d; -- c=0; -- for (i=0; itop; i++) -- { -- t= *(ap++); -- *(rp++)=((t<<1)|c)&BN_MASK2; -- c=(t & BN_TBIT)?1:0; -- } -- if (c) -- { -- *rp=1; -- r->top++; -- } -- bn_check_top(r); -- return(1); -- } -+ if (r != a) { -+ r->neg = a->neg; -+ if (bn_wexpand(r, a->top + 1) == NULL) -+ return (0); -+ r->top = a->top; -+ } else { -+ if (bn_wexpand(r, a->top + 1) == NULL) -+ return (0); -+ } -+ ap = a->d; -+ rp = r->d; -+ c = 0; -+ for (i = 0; i < a->top; i++) { -+ t = *(ap++); -+ *(rp++) = ((t << 1) | c) & BN_MASK2; -+ c = (t & BN_TBIT) ? 1 : 0; -+ } -+ if (c) { -+ *rp = 1; -+ r->top++; -+ } -+ bn_check_top(r); -+ return (1); -+} - - int BN_rshift1(BIGNUM *r, const BIGNUM *a) -- { -- BN_ULONG *ap,*rp,t,c; -- int i; -+{ -+ BN_ULONG *ap, *rp, t, c; -+ int i; - -- bn_check_top(r); -- bn_check_top(a); -+ bn_check_top(r); -+ bn_check_top(a); - -- if (BN_is_zero(a)) -- { -- BN_zero(r); -- return(1); -- } -- if (a != r) -- { -- if (bn_wexpand(r,a->top) == NULL) return(0); -- r->top=a->top; -- r->neg=a->neg; -- } -- ap=a->d; -- rp=r->d; -- c=0; -- for (i=a->top-1; i>=0; i--) -- { -- t=ap[i]; -- rp[i]=((t>>1)&BN_MASK2)|c; -- c=(t&1)?BN_TBIT:0; -- } -- bn_correct_top(r); -- bn_check_top(r); -- return(1); -- } -+ if (BN_is_zero(a)) { -+ BN_zero(r); -+ return (1); -+ } -+ if (a != r) { -+ if (bn_wexpand(r, a->top) == NULL) -+ return (0); -+ r->top = a->top; -+ r->neg = a->neg; -+ } -+ ap = a->d; -+ rp = r->d; -+ c = 0; -+ for (i = a->top - 1; i >= 0; i--) { -+ t = ap[i]; -+ rp[i] = ((t >> 1) & BN_MASK2) | c; -+ c = (t & 1) ? BN_TBIT : 0; -+ } -+ bn_correct_top(r); -+ bn_check_top(r); -+ return (1); -+} - - int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) -- { -- int i,nw,lb,rb; -- BN_ULONG *t,*f; -- BN_ULONG l; -+{ -+ int i, nw, lb, rb; -+ BN_ULONG *t, *f; -+ BN_ULONG l; - -- bn_check_top(r); -- bn_check_top(a); -+ bn_check_top(r); -+ bn_check_top(a); - -- r->neg=a->neg; -- nw=n/BN_BITS2; -- if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); -- lb=n%BN_BITS2; -- rb=BN_BITS2-lb; -- f=a->d; -- t=r->d; -- t[a->top+nw]=0; -- if (lb == 0) -- for (i=a->top-1; i>=0; i--) -- t[nw+i]=f[i]; -- else -- for (i=a->top-1; i>=0; i--) -- { -- l=f[i]; -- t[nw+i+1]|=(l>>rb)&BN_MASK2; -- t[nw+i]=(l<top=a->top+nw+1; -- bn_correct_top(r); -- bn_check_top(r); -- return(1); -- } -+ r->neg = a->neg; -+ nw = n / BN_BITS2; -+ if (bn_wexpand(r, a->top + nw + 1) == NULL) -+ return (0); -+ lb = n % BN_BITS2; -+ rb = BN_BITS2 - lb; -+ f = a->d; -+ t = r->d; -+ t[a->top + nw] = 0; -+ if (lb == 0) -+ for (i = a->top - 1; i >= 0; i--) -+ t[nw + i] = f[i]; -+ else -+ for (i = a->top - 1; i >= 0; i--) { -+ l = f[i]; -+ t[nw + i + 1] |= (l >> rb) & BN_MASK2; -+ t[nw + i] = (l << lb) & BN_MASK2; -+ } -+ memset(t, 0, nw * sizeof(t[0])); -+ /* -+ * for (i=0; itop = a->top + nw + 1; -+ bn_correct_top(r); -+ bn_check_top(r); -+ return (1); -+} - - int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) -- { -- int i,j,nw,lb,rb; -- BN_ULONG *t,*f; -- BN_ULONG l,tmp; -+{ -+ int i, j, nw, lb, rb; -+ BN_ULONG *t, *f; -+ BN_ULONG l, tmp; - -- bn_check_top(r); -- bn_check_top(a); -+ bn_check_top(r); -+ bn_check_top(a); - -- nw=n/BN_BITS2; -- rb=n%BN_BITS2; -- lb=BN_BITS2-rb; -- if (nw >= a->top || a->top == 0) -- { -- BN_zero(r); -- return(1); -- } -- if (r != a) -- { -- r->neg=a->neg; -- if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); -- } -- else -- { -- if (n == 0) -- return 1; /* or the copying loop will go berserk */ -- } -+ nw = n / BN_BITS2; -+ rb = n % BN_BITS2; -+ lb = BN_BITS2 - rb; -+ if (nw >= a->top || a->top == 0) { -+ BN_zero(r); -+ return (1); -+ } -+ if (r != a) { -+ r->neg = a->neg; -+ if (bn_wexpand(r, a->top - nw + 1) == NULL) -+ return (0); -+ } else { -+ if (n == 0) -+ return 1; /* or the copying loop will go berserk */ -+ } - -- f= &(a->d[nw]); -- t=r->d; -- j=a->top-nw; -- r->top=j; -+ f = &(a->d[nw]); -+ t = r->d; -+ j = a->top - nw; -+ r->top = j; - -- if (rb == 0) -- { -- for (i=j; i != 0; i--) -- *(t++)= *(f++); -- } -- else -- { -- l= *(f++); -- for (i=j-1; i != 0; i--) -- { -- tmp =(l>>rb)&BN_MASK2; -- l= *(f++); -- *(t++) =(tmp|(l<>rb)&BN_MASK2; -- } -- bn_correct_top(r); -- bn_check_top(r); -- return(1); -- } -+ if (rb == 0) { -+ for (i = j; i != 0; i--) -+ *(t++) = *(f++); -+ } else { -+ l = *(f++); -+ for (i = j - 1; i != 0; i--) { -+ tmp = (l >> rb) & BN_MASK2; -+ l = *(f++); -+ *(t++) = (tmp | (l << lb)) & BN_MASK2; -+ } -+ *(t++) = (l >> rb) & BN_MASK2; -+ } -+ bn_correct_top(r); -+ bn_check_top(r); -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -index 65bbf16..3ca6987 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,140 +61,137 @@ - #include "bn_lcl.h" - - /* r must not be a */ --/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ -+/* -+ * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 -+ */ - int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -- { -- int max,al; -- int ret = 0; -- BIGNUM *tmp,*rr; -+{ -+ int max, al; -+ int ret = 0; -+ BIGNUM *tmp, *rr; - - #ifdef BN_COUNT -- fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top); -+ fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top); - #endif -- bn_check_top(a); -+ bn_check_top(a); - -- al=a->top; -- if (al <= 0) -- { -- r->top=0; -- r->neg = 0; -- return 1; -- } -+ al = a->top; -+ if (al <= 0) { -+ r->top = 0; -+ r->neg = 0; -+ return 1; -+ } - -- BN_CTX_start(ctx); -- rr=(a != r) ? r : BN_CTX_get(ctx); -- tmp=BN_CTX_get(ctx); -- if (!rr || !tmp) goto err; -+ BN_CTX_start(ctx); -+ rr = (a != r) ? r : BN_CTX_get(ctx); -+ tmp = BN_CTX_get(ctx); -+ if (!rr || !tmp) -+ goto err; - -- max = 2 * al; /* Non-zero (from above) */ -- if (bn_wexpand(rr,max) == NULL) goto err; -+ max = 2 * al; /* Non-zero (from above) */ -+ if (bn_wexpand(rr, max) == NULL) -+ goto err; - -- if (al == 4) -- { -+ if (al == 4) { - #ifndef BN_SQR_COMBA -- BN_ULONG t[8]; -- bn_sqr_normal(rr->d,a->d,4,t); -+ BN_ULONG t[8]; -+ bn_sqr_normal(rr->d, a->d, 4, t); - #else -- bn_sqr_comba4(rr->d,a->d); -+ bn_sqr_comba4(rr->d, a->d); - #endif -- } -- else if (al == 8) -- { -+ } else if (al == 8) { - #ifndef BN_SQR_COMBA -- BN_ULONG t[16]; -- bn_sqr_normal(rr->d,a->d,8,t); -+ BN_ULONG t[16]; -+ bn_sqr_normal(rr->d, a->d, 8, t); - #else -- bn_sqr_comba8(rr->d,a->d); -+ bn_sqr_comba8(rr->d, a->d); - #endif -- } -- else -- { -+ } else { - #if defined(BN_RECURSION) -- if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) -- { -- BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2]; -- bn_sqr_normal(rr->d,a->d,al,t); -- } -- else -- { -- int j,k; -+ if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) { -+ BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2]; -+ bn_sqr_normal(rr->d, a->d, al, t); -+ } else { -+ int j, k; - -- j=BN_num_bits_word((BN_ULONG)al); -- j=1<<(j-1); -- k=j+j; -- if (al == j) -- { -- if (bn_wexpand(tmp,k*2) == NULL) goto err; -- bn_sqr_recursive(rr->d,a->d,al,tmp->d); -- } -- else -- { -- if (bn_wexpand(tmp,max) == NULL) goto err; -- bn_sqr_normal(rr->d,a->d,al,tmp->d); -- } -- } -+ j = BN_num_bits_word((BN_ULONG)al); -+ j = 1 << (j - 1); -+ k = j + j; -+ if (al == j) { -+ if (bn_wexpand(tmp, k * 2) == NULL) -+ goto err; -+ bn_sqr_recursive(rr->d, a->d, al, tmp->d); -+ } else { -+ if (bn_wexpand(tmp, max) == NULL) -+ goto err; -+ bn_sqr_normal(rr->d, a->d, al, tmp->d); -+ } -+ } - #else -- if (bn_wexpand(tmp,max) == NULL) goto err; -- bn_sqr_normal(rr->d,a->d,al,tmp->d); -+ if (bn_wexpand(tmp, max) == NULL) -+ goto err; -+ bn_sqr_normal(rr->d, a->d, al, tmp->d); - #endif -- } -+ } - -- rr->neg=0; -- /* If the most-significant half of the top word of 'a' is zero, then -- * the square of 'a' will max-1 words. */ -- if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) -- rr->top = max - 1; -- else -- rr->top = max; -- if (rr != r) BN_copy(r,rr); -- ret = 1; -+ rr->neg = 0; -+ /* -+ * If the most-significant half of the top word of 'a' is zero, then the -+ * square of 'a' will max-1 words. -+ */ -+ if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) -+ rr->top = max - 1; -+ else -+ rr->top = max; -+ if (rr != r) -+ BN_copy(r, rr); -+ ret = 1; - err: -- bn_check_top(rr); -- bn_check_top(tmp); -- BN_CTX_end(ctx); -- return(ret); -- } -+ bn_check_top(rr); -+ bn_check_top(tmp); -+ BN_CTX_end(ctx); -+ return (ret); -+} - - /* tmp must have 2*n words */ - void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) -- { -- int i,j,max; -- const BN_ULONG *ap; -- BN_ULONG *rp; -+{ -+ int i, j, max; -+ const BN_ULONG *ap; -+ BN_ULONG *rp; - -- max=n*2; -- ap=a; -- rp=r; -- rp[0]=rp[max-1]=0; -- rp++; -- j=n; -+ max = n * 2; -+ ap = a; -+ rp = r; -+ rp[0] = rp[max - 1] = 0; -+ rp++; -+ j = n; - -- if (--j > 0) -- { -- ap++; -- rp[j]=bn_mul_words(rp,ap,j,ap[-1]); -- rp+=2; -- } -+ if (--j > 0) { -+ ap++; -+ rp[j] = bn_mul_words(rp, ap, j, ap[-1]); -+ rp += 2; -+ } - -- for (i=n-2; i>0; i--) -- { -- j--; -- ap++; -- rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]); -- rp+=2; -- } -+ for (i = n - 2; i > 0; i--) { -+ j--; -+ ap++; -+ rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]); -+ rp += 2; -+ } - -- bn_add_words(r,r,r,max); -+ bn_add_words(r, r, r, max); - -- /* There will not be a carry */ -+ /* There will not be a carry */ - -- bn_sqr_words(tmp,a,n); -+ bn_sqr_words(tmp, a, n); - -- bn_add_words(r,r,tmp,max); -- } -+ bn_add_words(r, r, tmp, max); -+} - - #ifdef BN_RECURSION --/* r is 2*n words in size, -+/*- -+ * r is 2*n words in size, - * a and b are both n words in size. (There's not actually a 'b' here ...) - * n must be a power of 2. - * We multiply and return the result. -@@ -205,91 +202,89 @@ void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) - * a[1]*b[1] - */ - void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) -- { -- int n=n2/2; -- int zero,c1; -- BN_ULONG ln,lo,*p; -+{ -+ int n = n2 / 2; -+ int zero, c1; -+ BN_ULONG ln, lo, *p; - --#ifdef BN_COUNT -- fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2); --#endif -- if (n2 == 4) -- { --#ifndef BN_SQR_COMBA -- bn_sqr_normal(r,a,4,t); --#else -- bn_sqr_comba4(r,a); --#endif -- return; -- } -- else if (n2 == 8) -- { --#ifndef BN_SQR_COMBA -- bn_sqr_normal(r,a,8,t); --#else -- bn_sqr_comba8(r,a); --#endif -- return; -- } -- if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) -- { -- bn_sqr_normal(r,a,n2,t); -- return; -- } -- /* r=(a[0]-a[1])*(a[1]-a[0]) */ -- c1=bn_cmp_words(a,&(a[n]),n); -- zero=0; -- if (c1 > 0) -- bn_sub_words(t,a,&(a[n]),n); -- else if (c1 < 0) -- bn_sub_words(t,&(a[n]),a,n); -- else -- zero=1; -+# ifdef BN_COUNT -+ fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2); -+# endif -+ if (n2 == 4) { -+# ifndef BN_SQR_COMBA -+ bn_sqr_normal(r, a, 4, t); -+# else -+ bn_sqr_comba4(r, a); -+# endif -+ return; -+ } else if (n2 == 8) { -+# ifndef BN_SQR_COMBA -+ bn_sqr_normal(r, a, 8, t); -+# else -+ bn_sqr_comba8(r, a); -+# endif -+ return; -+ } -+ if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) { -+ bn_sqr_normal(r, a, n2, t); -+ return; -+ } -+ /* r=(a[0]-a[1])*(a[1]-a[0]) */ -+ c1 = bn_cmp_words(a, &(a[n]), n); -+ zero = 0; -+ if (c1 > 0) -+ bn_sub_words(t, a, &(a[n]), n); -+ else if (c1 < 0) -+ bn_sub_words(t, &(a[n]), a, n); -+ else -+ zero = 1; - -- /* The result will always be negative unless it is zero */ -- p= &(t[n2*2]); -+ /* The result will always be negative unless it is zero */ -+ p = &(t[n2 * 2]); - -- if (!zero) -- bn_sqr_recursive(&(t[n2]),t,n,p); -- else -- memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); -- bn_sqr_recursive(r,a,n,p); -- bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); -+ if (!zero) -+ bn_sqr_recursive(&(t[n2]), t, n, p); -+ else -+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); -+ bn_sqr_recursive(r, a, n, p); -+ bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); - -- /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero -- * r[10] holds (a[0]*b[0]) -- * r[32] holds (b[1]*b[1]) -- */ -+ /*- -+ * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero -+ * r[10] holds (a[0]*b[0]) -+ * r[32] holds (b[1]*b[1]) -+ */ - -- c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); -+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - -- /* t[32] is negative */ -- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); -+ /* t[32] is negative */ -+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); - -- /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) -- * r[10] holds (a[0]*a[0]) -- * r[32] holds (a[1]*a[1]) -- * c1 holds the carry bits -- */ -- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); -- if (c1) -- { -- p= &(r[n+n2]); -- lo= *p; -- ln=(lo+c1)&BN_MASK2; -- *p=ln; -+ /*- -+ * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) -+ * r[10] holds (a[0]*a[0]) -+ * r[32] holds (a[1]*a[1]) -+ * c1 holds the carry bits -+ */ -+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); -+ if (c1) { -+ p = &(r[n + n2]); -+ lo = *p; -+ ln = (lo + c1) & BN_MASK2; -+ *p = ln; - -- /* The overflow will stop before we over write -- * words we should not overwrite */ -- if (ln < (BN_ULONG)c1) -- { -- do { -- p++; -- lo= *p; -- ln=(lo+1)&BN_MASK2; -- *p=ln; -- } while (ln == 0); -- } -- } -- } -+ /* -+ * The overflow will stop before we over write words we should not -+ * overwrite -+ */ -+ if (ln < (BN_ULONG)c1) { -+ do { -+ p++; -+ lo = *p; -+ ln = (lo + 1) & BN_MASK2; -+ *p = ln; -+ } while (ln == 0); -+ } -+ } -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c -index 6beaf9e..232af99 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c -@@ -1,6 +1,8 @@ - /* crypto/bn/bn_sqrt.c */ --/* Written by Lenka Fibikova -- * and Bodo Moeller for the OpenSSL project. */ -+/* -+ * Written by Lenka Fibikova and Bodo -+ * Moeller for the OpenSSL project. -+ */ - /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * -@@ -9,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,336 +60,350 @@ - #include "cryptlib.h" - #include "bn_lcl.h" - -- --BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) --/* Returns 'ret' such that -- * ret^2 == a (mod p), -- * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course -- * in Algebraic Computational Number Theory", algorithm 1.5.1). -- * 'p' must be prime! -+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -+/* -+ * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks -+ * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number -+ * Theory", algorithm 1.5.1). 'p' must be prime! - */ -- { -- BIGNUM *ret = in; -- int err = 1; -- int r; -- BIGNUM *A, *b, *q, *t, *x, *y; -- int e, i, j; -- -- if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) -- { -- if (BN_abs_is_word(p, 2)) -- { -- if (ret == NULL) -- ret = BN_new(); -- if (ret == NULL) -- goto end; -- if (!BN_set_word(ret, BN_is_bit_set(a, 0))) -- { -- if (ret != in) -- BN_free(ret); -- return NULL; -- } -- bn_check_top(ret); -- return ret; -- } -- -- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); -- return(NULL); -- } -- -- if (BN_is_zero(a) || BN_is_one(a)) -- { -- if (ret == NULL) -- ret = BN_new(); -- if (ret == NULL) -- goto end; -- if (!BN_set_word(ret, BN_is_one(a))) -- { -- if (ret != in) -- BN_free(ret); -- return NULL; -- } -- bn_check_top(ret); -- return ret; -- } -- -- BN_CTX_start(ctx); -- A = BN_CTX_get(ctx); -- b = BN_CTX_get(ctx); -- q = BN_CTX_get(ctx); -- t = BN_CTX_get(ctx); -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- if (y == NULL) goto end; -- -- if (ret == NULL) -- ret = BN_new(); -- if (ret == NULL) goto end; -- -- /* A = a mod p */ -- if (!BN_nnmod(A, a, p, ctx)) goto end; -- -- /* now write |p| - 1 as 2^e*q where q is odd */ -- e = 1; -- while (!BN_is_bit_set(p, e)) -- e++; -- /* we'll set q later (if needed) */ -- -- if (e == 1) -- { -- /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse -- * modulo (|p|-1)/2, and square roots can be computed -- * directly by modular exponentiation. -- * We have -- * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), -- * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. -- */ -- if (!BN_rshift(q, p, 2)) goto end; -- q->neg = 0; -- if (!BN_add_word(q, 1)) goto end; -- if (!BN_mod_exp(ret, A, q, p, ctx)) goto end; -- err = 0; -- goto vrfy; -- } -- -- if (e == 2) -- { -- /* |p| == 5 (mod 8) -- * -- * In this case 2 is always a non-square since -- * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. -- * So if a really is a square, then 2*a is a non-square. -- * Thus for -- * b := (2*a)^((|p|-5)/8), -- * i := (2*a)*b^2 -- * we have -- * i^2 = (2*a)^((1 + (|p|-5)/4)*2) -- * = (2*a)^((p-1)/2) -- * = -1; -- * so if we set -- * x := a*b*(i-1), -- * then -- * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) -- * = a^2 * b^2 * (-2*i) -- * = a*(-i)*(2*a*b^2) -- * = a*(-i)*i -- * = a. -- * -- * (This is due to A.O.L. Atkin, -- * , -- * November 1992.) -- */ -- -- /* t := 2*a */ -- if (!BN_mod_lshift1_quick(t, A, p)) goto end; -- -- /* b := (2*a)^((|p|-5)/8) */ -- if (!BN_rshift(q, p, 3)) goto end; -- q->neg = 0; -- if (!BN_mod_exp(b, t, q, p, ctx)) goto end; -- -- /* y := b^2 */ -- if (!BN_mod_sqr(y, b, p, ctx)) goto end; -- -- /* t := (2*a)*b^2 - 1*/ -- if (!BN_mod_mul(t, t, y, p, ctx)) goto end; -- if (!BN_sub_word(t, 1)) goto end; -- -- /* x = a*b*t */ -- if (!BN_mod_mul(x, A, b, p, ctx)) goto end; -- if (!BN_mod_mul(x, x, t, p, ctx)) goto end; -- -- if (!BN_copy(ret, x)) goto end; -- err = 0; -- goto vrfy; -- } -- -- /* e > 2, so we really have to use the Tonelli/Shanks algorithm. -- * First, find some y that is not a square. */ -- if (!BN_copy(q, p)) goto end; /* use 'q' as temp */ -- q->neg = 0; -- i = 2; -- do -- { -- /* For efficiency, try small numbers first; -- * if this fails, try random numbers. -- */ -- if (i < 22) -- { -- if (!BN_set_word(y, i)) goto end; -- } -- else -- { -- if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end; -- if (BN_ucmp(y, p) >= 0) -- { -- if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end; -- } -- /* now 0 <= y < |p| */ -- if (BN_is_zero(y)) -- if (!BN_set_word(y, i)) goto end; -- } -- -- r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */ -- if (r < -1) goto end; -- if (r == 0) -- { -- /* m divides p */ -- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); -- goto end; -- } -- } -- while (r == 1 && ++i < 82); -- -- if (r != -1) -- { -- /* Many rounds and still no non-square -- this is more likely -- * a bug than just bad luck. -- * Even if p is not prime, we should have found some y -- * such that r == -1. -- */ -- BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS); -- goto end; -- } -- -- /* Here's our actual 'q': */ -- if (!BN_rshift(q, q, e)) goto end; -- -- /* Now that we have some non-square, we can find an element -- * of order 2^e by computing its q'th power. */ -- if (!BN_mod_exp(y, y, q, p, ctx)) goto end; -- if (BN_is_one(y)) -- { -- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); -- goto end; -- } -- -- /* Now we know that (if p is indeed prime) there is an integer -- * k, 0 <= k < 2^e, such that -- * -- * a^q * y^k == 1 (mod p). -- * -- * As a^q is a square and y is not, k must be even. -- * q+1 is even, too, so there is an element -- * -- * X := a^((q+1)/2) * y^(k/2), -- * -- * and it satisfies -- * -- * X^2 = a^q * a * y^k -- * = a, -- * -- * so it is the square root that we are looking for. -- */ -- -- /* t := (q-1)/2 (note that q is odd) */ -- if (!BN_rshift1(t, q)) goto end; -- -- /* x := a^((q-1)/2) */ -- if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ -- { -- if (!BN_nnmod(t, A, p, ctx)) goto end; -- if (BN_is_zero(t)) -- { -- /* special case: a == 0 (mod p) */ -- BN_zero(ret); -- err = 0; -- goto end; -- } -- else -- if (!BN_one(x)) goto end; -- } -- else -- { -- if (!BN_mod_exp(x, A, t, p, ctx)) goto end; -- if (BN_is_zero(x)) -- { -- /* special case: a == 0 (mod p) */ -- BN_zero(ret); -- err = 0; -- goto end; -- } -- } -- -- /* b := a*x^2 (= a^q) */ -- if (!BN_mod_sqr(b, x, p, ctx)) goto end; -- if (!BN_mod_mul(b, b, A, p, ctx)) goto end; -- -- /* x := a*x (= a^((q+1)/2)) */ -- if (!BN_mod_mul(x, x, A, p, ctx)) goto end; -- -- while (1) -- { -- /* Now b is a^q * y^k for some even k (0 <= k < 2^E -- * where E refers to the original value of e, which we -- * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). -- * -- * We have a*b = x^2, -- * y^2^(e-1) = -1, -- * b^2^(e-1) = 1. -- */ -- -- if (BN_is_one(b)) -- { -- if (!BN_copy(ret, x)) goto end; -- err = 0; -- goto vrfy; -- } -- -- -- /* find smallest i such that b^(2^i) = 1 */ -- i = 1; -- if (!BN_mod_sqr(t, b, p, ctx)) goto end; -- while (!BN_is_one(t)) -- { -- i++; -- if (i == e) -- { -- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); -- goto end; -- } -- if (!BN_mod_mul(t, t, t, p, ctx)) goto end; -- } -- -- -- /* t := y^2^(e - i - 1) */ -- if (!BN_copy(t, y)) goto end; -- for (j = e - i - 1; j > 0; j--) -- { -- if (!BN_mod_sqr(t, t, p, ctx)) goto end; -- } -- if (!BN_mod_mul(y, t, t, p, ctx)) goto end; -- if (!BN_mod_mul(x, x, t, p, ctx)) goto end; -- if (!BN_mod_mul(b, b, y, p, ctx)) goto end; -- e = i; -- } -+{ -+ BIGNUM *ret = in; -+ int err = 1; -+ int r; -+ BIGNUM *A, *b, *q, *t, *x, *y; -+ int e, i, j; -+ -+ if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) { -+ if (BN_abs_is_word(p, 2)) { -+ if (ret == NULL) -+ ret = BN_new(); -+ if (ret == NULL) -+ goto end; -+ if (!BN_set_word(ret, BN_is_bit_set(a, 0))) { -+ if (ret != in) -+ BN_free(ret); -+ return NULL; -+ } -+ bn_check_top(ret); -+ return ret; -+ } -+ -+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); -+ return (NULL); -+ } -+ -+ if (BN_is_zero(a) || BN_is_one(a)) { -+ if (ret == NULL) -+ ret = BN_new(); -+ if (ret == NULL) -+ goto end; -+ if (!BN_set_word(ret, BN_is_one(a))) { -+ if (ret != in) -+ BN_free(ret); -+ return NULL; -+ } -+ bn_check_top(ret); -+ return ret; -+ } -+ -+ BN_CTX_start(ctx); -+ A = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ q = BN_CTX_get(ctx); -+ t = BN_CTX_get(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ if (y == NULL) -+ goto end; -+ -+ if (ret == NULL) -+ ret = BN_new(); -+ if (ret == NULL) -+ goto end; -+ -+ /* A = a mod p */ -+ if (!BN_nnmod(A, a, p, ctx)) -+ goto end; -+ -+ /* now write |p| - 1 as 2^e*q where q is odd */ -+ e = 1; -+ while (!BN_is_bit_set(p, e)) -+ e++; -+ /* we'll set q later (if needed) */ -+ -+ if (e == 1) { -+ /*- -+ * The easy case: (|p|-1)/2 is odd, so 2 has an inverse -+ * modulo (|p|-1)/2, and square roots can be computed -+ * directly by modular exponentiation. -+ * We have -+ * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), -+ * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. -+ */ -+ if (!BN_rshift(q, p, 2)) -+ goto end; -+ q->neg = 0; -+ if (!BN_add_word(q, 1)) -+ goto end; -+ if (!BN_mod_exp(ret, A, q, p, ctx)) -+ goto end; -+ err = 0; -+ goto vrfy; -+ } -+ -+ if (e == 2) { -+ /*- -+ * |p| == 5 (mod 8) -+ * -+ * In this case 2 is always a non-square since -+ * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. -+ * So if a really is a square, then 2*a is a non-square. -+ * Thus for -+ * b := (2*a)^((|p|-5)/8), -+ * i := (2*a)*b^2 -+ * we have -+ * i^2 = (2*a)^((1 + (|p|-5)/4)*2) -+ * = (2*a)^((p-1)/2) -+ * = -1; -+ * so if we set -+ * x := a*b*(i-1), -+ * then -+ * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) -+ * = a^2 * b^2 * (-2*i) -+ * = a*(-i)*(2*a*b^2) -+ * = a*(-i)*i -+ * = a. -+ * -+ * (This is due to A.O.L. Atkin, -+ * , -+ * November 1992.) -+ */ -+ -+ /* t := 2*a */ -+ if (!BN_mod_lshift1_quick(t, A, p)) -+ goto end; -+ -+ /* b := (2*a)^((|p|-5)/8) */ -+ if (!BN_rshift(q, p, 3)) -+ goto end; -+ q->neg = 0; -+ if (!BN_mod_exp(b, t, q, p, ctx)) -+ goto end; -+ -+ /* y := b^2 */ -+ if (!BN_mod_sqr(y, b, p, ctx)) -+ goto end; -+ -+ /* t := (2*a)*b^2 - 1 */ -+ if (!BN_mod_mul(t, t, y, p, ctx)) -+ goto end; -+ if (!BN_sub_word(t, 1)) -+ goto end; -+ -+ /* x = a*b*t */ -+ if (!BN_mod_mul(x, A, b, p, ctx)) -+ goto end; -+ if (!BN_mod_mul(x, x, t, p, ctx)) -+ goto end; -+ -+ if (!BN_copy(ret, x)) -+ goto end; -+ err = 0; -+ goto vrfy; -+ } -+ -+ /* -+ * e > 2, so we really have to use the Tonelli/Shanks algorithm. First, -+ * find some y that is not a square. -+ */ -+ if (!BN_copy(q, p)) -+ goto end; /* use 'q' as temp */ -+ q->neg = 0; -+ i = 2; -+ do { -+ /* -+ * For efficiency, try small numbers first; if this fails, try random -+ * numbers. -+ */ -+ if (i < 22) { -+ if (!BN_set_word(y, i)) -+ goto end; -+ } else { -+ if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) -+ goto end; -+ if (BN_ucmp(y, p) >= 0) { -+ if (!(p->neg ? BN_add : BN_sub) (y, y, p)) -+ goto end; -+ } -+ /* now 0 <= y < |p| */ -+ if (BN_is_zero(y)) -+ if (!BN_set_word(y, i)) -+ goto end; -+ } -+ -+ r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */ -+ if (r < -1) -+ goto end; -+ if (r == 0) { -+ /* m divides p */ -+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); -+ goto end; -+ } -+ } -+ while (r == 1 && ++i < 82); -+ -+ if (r != -1) { -+ /* -+ * Many rounds and still no non-square -- this is more likely a bug -+ * than just bad luck. Even if p is not prime, we should have found -+ * some y such that r == -1. -+ */ -+ BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS); -+ goto end; -+ } -+ -+ /* Here's our actual 'q': */ -+ if (!BN_rshift(q, q, e)) -+ goto end; -+ -+ /* -+ * Now that we have some non-square, we can find an element of order 2^e -+ * by computing its q'th power. -+ */ -+ if (!BN_mod_exp(y, y, q, p, ctx)) -+ goto end; -+ if (BN_is_one(y)) { -+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); -+ goto end; -+ } -+ -+ /*- -+ * Now we know that (if p is indeed prime) there is an integer -+ * k, 0 <= k < 2^e, such that -+ * -+ * a^q * y^k == 1 (mod p). -+ * -+ * As a^q is a square and y is not, k must be even. -+ * q+1 is even, too, so there is an element -+ * -+ * X := a^((q+1)/2) * y^(k/2), -+ * -+ * and it satisfies -+ * -+ * X^2 = a^q * a * y^k -+ * = a, -+ * -+ * so it is the square root that we are looking for. -+ */ -+ -+ /* t := (q-1)/2 (note that q is odd) */ -+ if (!BN_rshift1(t, q)) -+ goto end; -+ -+ /* x := a^((q-1)/2) */ -+ if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */ -+ if (!BN_nnmod(t, A, p, ctx)) -+ goto end; -+ if (BN_is_zero(t)) { -+ /* special case: a == 0 (mod p) */ -+ BN_zero(ret); -+ err = 0; -+ goto end; -+ } else if (!BN_one(x)) -+ goto end; -+ } else { -+ if (!BN_mod_exp(x, A, t, p, ctx)) -+ goto end; -+ if (BN_is_zero(x)) { -+ /* special case: a == 0 (mod p) */ -+ BN_zero(ret); -+ err = 0; -+ goto end; -+ } -+ } -+ -+ /* b := a*x^2 (= a^q) */ -+ if (!BN_mod_sqr(b, x, p, ctx)) -+ goto end; -+ if (!BN_mod_mul(b, b, A, p, ctx)) -+ goto end; -+ -+ /* x := a*x (= a^((q+1)/2)) */ -+ if (!BN_mod_mul(x, x, A, p, ctx)) -+ goto end; -+ -+ while (1) { -+ /*- -+ * Now b is a^q * y^k for some even k (0 <= k < 2^E -+ * where E refers to the original value of e, which we -+ * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). -+ * -+ * We have a*b = x^2, -+ * y^2^(e-1) = -1, -+ * b^2^(e-1) = 1. -+ */ -+ -+ if (BN_is_one(b)) { -+ if (!BN_copy(ret, x)) -+ goto end; -+ err = 0; -+ goto vrfy; -+ } -+ -+ /* find smallest i such that b^(2^i) = 1 */ -+ i = 1; -+ if (!BN_mod_sqr(t, b, p, ctx)) -+ goto end; -+ while (!BN_is_one(t)) { -+ i++; -+ if (i == e) { -+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); -+ goto end; -+ } -+ if (!BN_mod_mul(t, t, t, p, ctx)) -+ goto end; -+ } -+ -+ /* t := y^2^(e - i - 1) */ -+ if (!BN_copy(t, y)) -+ goto end; -+ for (j = e - i - 1; j > 0; j--) { -+ if (!BN_mod_sqr(t, t, p, ctx)) -+ goto end; -+ } -+ if (!BN_mod_mul(y, t, t, p, ctx)) -+ goto end; -+ if (!BN_mod_mul(x, x, t, p, ctx)) -+ goto end; -+ if (!BN_mod_mul(b, b, y, p, ctx)) -+ goto end; -+ e = i; -+ } - - vrfy: -- if (!err) -- { -- /* verify the result -- the input might have been not a square -- * (test added in 0.9.8) */ -- -- if (!BN_mod_sqr(x, ret, p, ctx)) -- err = 1; -- -- if (!err && 0 != BN_cmp(x, A)) -- { -- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); -- err = 1; -- } -- } -+ if (!err) { -+ /* -+ * verify the result -- the input might have been not a square (test -+ * added in 0.9.8) -+ */ -+ -+ if (!BN_mod_sqr(x, ret, p, ctx)) -+ err = 1; -+ -+ if (!err && 0 != BN_cmp(x, A)) { -+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); -+ err = 1; -+ } -+ } - - end: -- if (err) -- { -- if (ret != NULL && ret != in) -- { -- BN_clear_free(ret); -- } -- ret = NULL; -- } -- BN_CTX_end(ctx); -- bn_check_top(ret); -- return ret; -- } -+ if (err) { -+ if (ret != NULL && ret != in) { -+ BN_clear_free(ret); -+ } -+ ret = NULL; -+ } -+ BN_CTX_end(ctx); -+ bn_check_top(ret); -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c -index de83a15..b031a60 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,178 +61,167 @@ - #include "bn_lcl.h" - - BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) -- { -+{ - #ifndef BN_LLONG -- BN_ULONG ret=0; -+ BN_ULONG ret = 0; - #else -- BN_ULLONG ret=0; -+ BN_ULLONG ret = 0; - #endif -- int i; -+ int i; - -- if (w == 0) -- return (BN_ULONG)-1; -+ if (w == 0) -+ return (BN_ULONG)-1; - -- bn_check_top(a); -- w&=BN_MASK2; -- for (i=a->top-1; i>=0; i--) -- { -+ bn_check_top(a); -+ w &= BN_MASK2; -+ for (i = a->top - 1; i >= 0; i--) { - #ifndef BN_LLONG -- ret=((ret<d[i]>>BN_BITS4)&BN_MASK2l))%w; -- ret=((ret<d[i]&BN_MASK2l))%w; -+ ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w; -+ ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w; - #else -- ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% -- (BN_ULLONG)w); -+ ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) % -+ (BN_ULLONG) w); - #endif -- } -- return((BN_ULONG)ret); -- } -+ } -+ return ((BN_ULONG)ret); -+} - - BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) -- { -- BN_ULONG ret = 0; -- int i, j; -- -- bn_check_top(a); -- w &= BN_MASK2; -- -- if (!w) -- /* actually this an error (division by zero) */ -- return (BN_ULONG)-1; -- if (a->top == 0) -- return 0; -- -- /* normalize input (so bn_div_words doesn't complain) */ -- j = BN_BITS2 - BN_num_bits_word(w); -- w <<= j; -- if (!BN_lshift(a, a, j)) -- return (BN_ULONG)-1; -- -- for (i=a->top-1; i>=0; i--) -- { -- BN_ULONG l,d; -- -- l=a->d[i]; -- d=bn_div_words(ret,l,w); -- ret=(l-((d*w)&BN_MASK2))&BN_MASK2; -- a->d[i]=d; -- } -- if ((a->top > 0) && (a->d[a->top-1] == 0)) -- a->top--; -- ret >>= j; -- bn_check_top(a); -- return(ret); -- } -+{ -+ BN_ULONG ret = 0; -+ int i, j; -+ -+ bn_check_top(a); -+ w &= BN_MASK2; -+ -+ if (!w) -+ /* actually this an error (division by zero) */ -+ return (BN_ULONG)-1; -+ if (a->top == 0) -+ return 0; -+ -+ /* normalize input (so bn_div_words doesn't complain) */ -+ j = BN_BITS2 - BN_num_bits_word(w); -+ w <<= j; -+ if (!BN_lshift(a, a, j)) -+ return (BN_ULONG)-1; -+ -+ for (i = a->top - 1; i >= 0; i--) { -+ BN_ULONG l, d; -+ -+ l = a->d[i]; -+ d = bn_div_words(ret, l, w); -+ ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2; -+ a->d[i] = d; -+ } -+ if ((a->top > 0) && (a->d[a->top - 1] == 0)) -+ a->top--; -+ ret >>= j; -+ bn_check_top(a); -+ return (ret); -+} - - int BN_add_word(BIGNUM *a, BN_ULONG w) -- { -- BN_ULONG l; -- int i; -- -- bn_check_top(a); -- w &= BN_MASK2; -- -- /* degenerate case: w is zero */ -- if (!w) return 1; -- /* degenerate case: a is zero */ -- if(BN_is_zero(a)) return BN_set_word(a, w); -- /* handle 'a' when negative */ -- if (a->neg) -- { -- a->neg=0; -- i=BN_sub_word(a,w); -- if (!BN_is_zero(a)) -- a->neg=!(a->neg); -- return(i); -- } -- for (i=0;w!=0 && itop;i++) -- { -- a->d[i] = l = (a->d[i]+w)&BN_MASK2; -- w = (w>l)?1:0; -- } -- if (w && i==a->top) -- { -- if (bn_wexpand(a,a->top+1) == NULL) return 0; -- a->top++; -- a->d[i]=w; -- } -- bn_check_top(a); -- return(1); -- } -+{ -+ BN_ULONG l; -+ int i; -+ -+ bn_check_top(a); -+ w &= BN_MASK2; -+ -+ /* degenerate case: w is zero */ -+ if (!w) -+ return 1; -+ /* degenerate case: a is zero */ -+ if (BN_is_zero(a)) -+ return BN_set_word(a, w); -+ /* handle 'a' when negative */ -+ if (a->neg) { -+ a->neg = 0; -+ i = BN_sub_word(a, w); -+ if (!BN_is_zero(a)) -+ a->neg = !(a->neg); -+ return (i); -+ } -+ for (i = 0; w != 0 && i < a->top; i++) { -+ a->d[i] = l = (a->d[i] + w) & BN_MASK2; -+ w = (w > l) ? 1 : 0; -+ } -+ if (w && i == a->top) { -+ if (bn_wexpand(a, a->top + 1) == NULL) -+ return 0; -+ a->top++; -+ a->d[i] = w; -+ } -+ bn_check_top(a); -+ return (1); -+} - - int BN_sub_word(BIGNUM *a, BN_ULONG w) -- { -- int i; -- -- bn_check_top(a); -- w &= BN_MASK2; -- -- /* degenerate case: w is zero */ -- if (!w) return 1; -- /* degenerate case: a is zero */ -- if(BN_is_zero(a)) -- { -- i = BN_set_word(a,w); -- if (i != 0) -- BN_set_negative(a, 1); -- return i; -- } -- /* handle 'a' when negative */ -- if (a->neg) -- { -- a->neg=0; -- i=BN_add_word(a,w); -- a->neg=1; -- return(i); -- } -- -- if ((a->top == 1) && (a->d[0] < w)) -- { -- a->d[0]=w-a->d[0]; -- a->neg=1; -- return(1); -- } -- i=0; -- for (;;) -- { -- if (a->d[i] >= w) -- { -- a->d[i]-=w; -- break; -- } -- else -- { -- a->d[i]=(a->d[i]-w)&BN_MASK2; -- i++; -- w=1; -- } -- } -- if ((a->d[i] == 0) && (i == (a->top-1))) -- a->top--; -- bn_check_top(a); -- return(1); -- } -+{ -+ int i; -+ -+ bn_check_top(a); -+ w &= BN_MASK2; -+ -+ /* degenerate case: w is zero */ -+ if (!w) -+ return 1; -+ /* degenerate case: a is zero */ -+ if (BN_is_zero(a)) { -+ i = BN_set_word(a, w); -+ if (i != 0) -+ BN_set_negative(a, 1); -+ return i; -+ } -+ /* handle 'a' when negative */ -+ if (a->neg) { -+ a->neg = 0; -+ i = BN_add_word(a, w); -+ a->neg = 1; -+ return (i); -+ } -+ -+ if ((a->top == 1) && (a->d[0] < w)) { -+ a->d[0] = w - a->d[0]; -+ a->neg = 1; -+ return (1); -+ } -+ i = 0; -+ for (;;) { -+ if (a->d[i] >= w) { -+ a->d[i] -= w; -+ break; -+ } else { -+ a->d[i] = (a->d[i] - w) & BN_MASK2; -+ i++; -+ w = 1; -+ } -+ } -+ if ((a->d[i] == 0) && (i == (a->top - 1))) -+ a->top--; -+ bn_check_top(a); -+ return (1); -+} - - int BN_mul_word(BIGNUM *a, BN_ULONG w) -- { -- BN_ULONG ll; -- -- bn_check_top(a); -- w&=BN_MASK2; -- if (a->top) -- { -- if (w == 0) -- BN_zero(a); -- else -- { -- ll=bn_mul_words(a->d,a->d,a->top,w); -- if (ll) -- { -- if (bn_wexpand(a,a->top+1) == NULL) return(0); -- a->d[a->top++]=ll; -- } -- } -- } -- bn_check_top(a); -- return(1); -- } -- -+{ -+ BN_ULONG ll; -+ -+ bn_check_top(a); -+ w &= BN_MASK2; -+ if (a->top) { -+ if (w == 0) -+ BN_zero(a); -+ else { -+ ll = bn_mul_words(a->d, a->d, a->top, w); -+ if (ll) { -+ if (bn_wexpand(a, a->top + 1) == NULL) -+ return (0); -+ a->d[a->top++] = ll; -+ } -+ } -+ } -+ bn_check_top(a); -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c -index 04c5c87..6d76b12 100644 ---- a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c -+++ b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c -@@ -1,6 +1,7 @@ - /* bn_x931p.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2005. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2005. - */ - /* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,212 +62,213 @@ - - /* X9.31 routines for prime derivation */ - --/* X9.31 prime derivation. This is used to generate the primes pi -- * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd -- * integers. -+/* -+ * X9.31 prime derivation. This is used to generate the primes pi (p1, p2, -+ * q1, q2) from a parameter Xpi by checking successive odd integers. - */ - - static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, -- BN_GENCB *cb) -- { -- int i = 0; -- if (!BN_copy(pi, Xpi)) -- return 0; -- if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) -- return 0; -- for(;;) -- { -- i++; -- BN_GENCB_call(cb, 0, i); -- /* NB 27 MR is specificed in X9.31 */ -- if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) -- break; -- if (!BN_add_word(pi, 2)) -- return 0; -- } -- BN_GENCB_call(cb, 2, i); -- return 1; -- } -- --/* This is the main X9.31 prime derivation function. From parameters -- * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are -- * not NULL they will be returned too: this is needed for testing. -+ BN_GENCB *cb) -+{ -+ int i = 0; -+ if (!BN_copy(pi, Xpi)) -+ return 0; -+ if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) -+ return 0; -+ for (;;) { -+ i++; -+ BN_GENCB_call(cb, 0, i); -+ /* NB 27 MR is specificed in X9.31 */ -+ if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) -+ break; -+ if (!BN_add_word(pi, 2)) -+ return 0; -+ } -+ BN_GENCB_call(cb, 2, i); -+ return 1; -+} -+ -+/* -+ * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2 -+ * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they -+ * will be returned too: this is needed for testing. - */ - - int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, -- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, -- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) -- { -- int ret = 0; -+ const BIGNUM *Xp, const BIGNUM *Xp1, -+ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, -+ BN_GENCB *cb) -+{ -+ int ret = 0; - -- BIGNUM *t, *p1p2, *pm1; -+ BIGNUM *t, *p1p2, *pm1; - -- /* Only even e supported */ -- if (!BN_is_odd(e)) -- return 0; -+ /* Only even e supported */ -+ if (!BN_is_odd(e)) -+ return 0; - -- BN_CTX_start(ctx); -- if (!p1) -- p1 = BN_CTX_get(ctx); -+ BN_CTX_start(ctx); -+ if (!p1) -+ p1 = BN_CTX_get(ctx); - -- if (!p2) -- p2 = BN_CTX_get(ctx); -+ if (!p2) -+ p2 = BN_CTX_get(ctx); - -- t = BN_CTX_get(ctx); -+ t = BN_CTX_get(ctx); - -- p1p2 = BN_CTX_get(ctx); -+ p1p2 = BN_CTX_get(ctx); - -- pm1 = BN_CTX_get(ctx); -+ pm1 = BN_CTX_get(ctx); - -- if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) -- goto err; -+ if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) -+ goto err; - -- if (!bn_x931_derive_pi(p2, Xp2, ctx, cb)) -- goto err; -+ if (!bn_x931_derive_pi(p2, Xp2, ctx, cb)) -+ goto err; - -- if (!BN_mul(p1p2, p1, p2, ctx)) -- goto err; -+ if (!BN_mul(p1p2, p1, p2, ctx)) -+ goto err; - -- /* First set p to value of Rp */ -+ /* First set p to value of Rp */ - -- if (!BN_mod_inverse(p, p2, p1, ctx)) -- goto err; -+ if (!BN_mod_inverse(p, p2, p1, ctx)) -+ goto err; - -- if (!BN_mul(p, p, p2, ctx)) -- goto err; -+ if (!BN_mul(p, p, p2, ctx)) -+ goto err; - -- if (!BN_mod_inverse(t, p1, p2, ctx)) -- goto err; -+ if (!BN_mod_inverse(t, p1, p2, ctx)) -+ goto err; - -- if (!BN_mul(t, t, p1, ctx)) -- goto err; -+ if (!BN_mul(t, t, p1, ctx)) -+ goto err; - -- if (!BN_sub(p, p, t)) -- goto err; -+ if (!BN_sub(p, p, t)) -+ goto err; - -- if (p->neg && !BN_add(p, p, p1p2)) -- goto err; -+ if (p->neg && !BN_add(p, p, p1p2)) -+ goto err; - -- /* p now equals Rp */ -+ /* p now equals Rp */ - -- if (!BN_mod_sub(p, p, Xp, p1p2, ctx)) -- goto err; -+ if (!BN_mod_sub(p, p, Xp, p1p2, ctx)) -+ goto err; - -- if (!BN_add(p, p, Xp)) -- goto err; -+ if (!BN_add(p, p, Xp)) -+ goto err; - -- /* p now equals Yp0 */ -+ /* p now equals Yp0 */ - -- for (;;) -- { -- int i = 1; -- BN_GENCB_call(cb, 0, i++); -- if (!BN_copy(pm1, p)) -- goto err; -- if (!BN_sub_word(pm1, 1)) -- goto err; -- if (!BN_gcd(t, pm1, e, ctx)) -- goto err; -- if (BN_is_one(t) -- /* X9.31 specifies 8 MR and 1 Lucas test or any prime test -- * offering similar or better guarantees 50 MR is considerably -- * better. -- */ -- && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) -- break; -- if (!BN_add(p, p, p1p2)) -- goto err; -- } -+ for (;;) { -+ int i = 1; -+ BN_GENCB_call(cb, 0, i++); -+ if (!BN_copy(pm1, p)) -+ goto err; -+ if (!BN_sub_word(pm1, 1)) -+ goto err; -+ if (!BN_gcd(t, pm1, e, ctx)) -+ goto err; -+ if (BN_is_one(t) -+ /* -+ * X9.31 specifies 8 MR and 1 Lucas test or any prime test -+ * offering similar or better guarantees 50 MR is considerably -+ * better. -+ */ -+ && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) -+ break; -+ if (!BN_add(p, p, p1p2)) -+ goto err; -+ } - -- BN_GENCB_call(cb, 3, 0); -+ BN_GENCB_call(cb, 3, 0); - -- ret = 1; -+ ret = 1; - -- err: -+ err: - -- BN_CTX_end(ctx); -+ BN_CTX_end(ctx); - -- return ret; -- } -+ return ret; -+} - --/* Generate pair of paramters Xp, Xq for X9.31 prime generation. -- * Note: nbits paramter is sum of number of bits in both. -+/* -+ * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits -+ * paramter is sum of number of bits in both. - */ - - int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) -- { -- BIGNUM *t; -- int i; -- /* Number of bits for each prime is of the form -- * 512+128s for s = 0, 1, ... -- */ -- if ((nbits < 1024) || (nbits & 0xff)) -- return 0; -- nbits >>= 1; -- /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and -- * 2^nbits - 1. By setting the top two bits we ensure that the lower -- * bound is exceeded. -- */ -- if (!BN_rand(Xp, nbits, 1, 0)) -- return 0; -- -- BN_CTX_start(ctx); -- t = BN_CTX_get(ctx); -- -- for (i = 0; i < 1000; i++) -- { -- if (!BN_rand(Xq, nbits, 1, 0)) -- return 0; -- /* Check that |Xp - Xq| > 2^(nbits - 100) */ -- BN_sub(t, Xp, Xq); -- if (BN_num_bits(t) > (nbits - 100)) -- break; -- } -- -- BN_CTX_end(ctx); -- -- if (i < 1000) -- return 1; -- -- return 0; -- -- } -- --/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 -- * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL -- * the relevant parameter will be stored in it. -- * -- * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq -- * are generated using the previous function and supplied as input. -+{ -+ BIGNUM *t; -+ int i; -+ /* -+ * Number of bits for each prime is of the form 512+128s for s = 0, 1, -+ * ... -+ */ -+ if ((nbits < 1024) || (nbits & 0xff)) -+ return 0; -+ nbits >>= 1; -+ /* -+ * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits -+ * - 1. By setting the top two bits we ensure that the lower bound is -+ * exceeded. -+ */ -+ if (!BN_rand(Xp, nbits, 1, 0)) -+ return 0; -+ -+ BN_CTX_start(ctx); -+ t = BN_CTX_get(ctx); -+ -+ for (i = 0; i < 1000; i++) { -+ if (!BN_rand(Xq, nbits, 1, 0)) -+ return 0; -+ /* Check that |Xp - Xq| > 2^(nbits - 100) */ -+ BN_sub(t, Xp, Xq); -+ if (BN_num_bits(t) > (nbits - 100)) -+ break; -+ } -+ -+ BN_CTX_end(ctx); -+ -+ if (i < 1000) -+ return 1; -+ -+ return 0; -+ -+} -+ -+/* -+ * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and -+ * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the -+ * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| > -+ * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the -+ * previous function and supplied as input. - */ - - int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, -- BIGNUM *Xp1, BIGNUM *Xp2, -- const BIGNUM *Xp, -- const BIGNUM *e, BN_CTX *ctx, -- BN_GENCB *cb) -- { -- int ret = 0; -- -- BN_CTX_start(ctx); -- if (!Xp1) -- Xp1 = BN_CTX_get(ctx); -- if (!Xp2) -- Xp2 = BN_CTX_get(ctx); -+ BIGNUM *Xp1, BIGNUM *Xp2, -+ const BIGNUM *Xp, -+ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) -+{ -+ int ret = 0; - -- if (!BN_rand(Xp1, 101, 0, 0)) -- goto error; -- if (!BN_rand(Xp2, 101, 0, 0)) -- goto error; -- if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) -- goto error; -+ BN_CTX_start(ctx); -+ if (!Xp1) -+ Xp1 = BN_CTX_get(ctx); -+ if (!Xp2) -+ Xp2 = BN_CTX_get(ctx); - -- ret = 1; -+ if (!BN_rand(Xp1, 101, 0, 0)) -+ goto error; -+ if (!BN_rand(Xp2, 101, 0, 0)) -+ goto error; -+ if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) -+ goto error; - -- error: -- BN_CTX_end(ctx); -+ ret = 1; - -- return ret; -+ error: -+ BN_CTX_end(ctx); - -- } -+ return ret; - -+} -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c -index 3e25bbe..dfb8e85 100644 ---- a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c -+++ b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,35 +66,32 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) - --static ERR_STRING_DATA BUF_str_functs[]= -- { --{ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"}, --{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, --{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, --{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, --{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, --{ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"}, --{0,NULL} -- }; -+static ERR_STRING_DATA BUF_str_functs[] = { -+ {ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"}, -+ {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, -+ {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, -+ {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, -+ {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, -+ {ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA BUF_str_reasons[]= -- { --{0,NULL} -- }; -+static ERR_STRING_DATA BUF_str_reasons[] = { -+ {0, NULL} -+}; - - #endif - - void ERR_load_BUF_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,BUF_str_functs); -- ERR_load_strings(0,BUF_str_reasons); -- } -+ if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, BUF_str_functs); -+ ERR_load_strings(0, BUF_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c -index 28dd1e4..88be76f 100644 ---- a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c -+++ b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,59 +58,59 @@ - #include - - char *BUF_strdup(const char *str) -- { -- if (str == NULL) return(NULL); -- return BUF_strndup(str, strlen(str)); -- } -+{ -+ if (str == NULL) -+ return (NULL); -+ return BUF_strndup(str, strlen(str)); -+} - - char *BUF_strndup(const char *str, size_t siz) -- { -- char *ret; -+{ -+ char *ret; - -- if (str == NULL) return(NULL); -+ if (str == NULL) -+ return (NULL); - -- ret=OPENSSL_malloc(siz+1); -- if (ret == NULL) -- { -- BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- BUF_strlcpy(ret,str,siz+1); -- return(ret); -- } -+ ret = OPENSSL_malloc(siz + 1); -+ if (ret == NULL) { -+ BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ BUF_strlcpy(ret, str, siz + 1); -+ return (ret); -+} - - void *BUF_memdup(const void *data, size_t siz) -- { -- void *ret; -+{ -+ void *ret; - -- if (data == NULL) return(NULL); -+ if (data == NULL) -+ return (NULL); - -- ret=OPENSSL_malloc(siz); -- if (ret == NULL) -- { -- BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- return memcpy(ret, data, siz); -- } -+ ret = OPENSSL_malloc(siz); -+ if (ret == NULL) { -+ BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ return memcpy(ret, data, siz); -+} - - size_t BUF_strlcpy(char *dst, const char *src, size_t size) -- { -- size_t l = 0; -- for(; size > 1 && *src; size--) -- { -- *dst++ = *src++; -- l++; -- } -- if (size) -- *dst = '\0'; -- return l + strlen(src); -- } -+{ -+ size_t l = 0; -+ for (; size > 1 && *src; size--) { -+ *dst++ = *src++; -+ l++; -+ } -+ if (size) -+ *dst = '\0'; -+ return l + strlen(src); -+} - - size_t BUF_strlcat(char *dst, const char *src, size_t size) -- { -- size_t l = 0; -- for(; size > 0 && *dst; size--, dst++) -- l++; -- return l + BUF_strlcpy(dst, src, size); -- } -+{ -+ size_t l = 0; -+ for (; size > 0 && *dst; size--, dst++) -+ l++; -+ return l + BUF_strlcpy(dst, src, size); -+} -diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c -index 3b4c79f..f59849f 100644 ---- a/Cryptlib/OpenSSL/crypto/buffer/buffer.c -+++ b/Cryptlib/OpenSSL/crypto/buffer/buffer.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,131 +60,117 @@ - #include "cryptlib.h" - #include - --/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That -- * function is applied in several functions in this file and this limit ensures -- * that the result fits in an int. */ -+/* -+ * LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That -+ * function is applied in several functions in this file and this limit -+ * ensures that the result fits in an int. -+ */ - #define LIMIT_BEFORE_EXPANSION 0x5ffffffc - - BUF_MEM *BUF_MEM_new(void) -- { -- BUF_MEM *ret; -+{ -+ BUF_MEM *ret; - -- ret=OPENSSL_malloc(sizeof(BUF_MEM)); -- if (ret == NULL) -- { -- BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- ret->length=0; -- ret->max=0; -- ret->data=NULL; -- return(ret); -- } -+ ret = OPENSSL_malloc(sizeof(BUF_MEM)); -+ if (ret == NULL) { -+ BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ ret->length = 0; -+ ret->max = 0; -+ ret->data = NULL; -+ return (ret); -+} - - void BUF_MEM_free(BUF_MEM *a) -- { -- if(a == NULL) -- return; -+{ -+ if (a == NULL) -+ return; - -- if (a->data != NULL) -- { -- memset(a->data,0,(unsigned int)a->max); -- OPENSSL_free(a->data); -- } -- OPENSSL_free(a); -- } -+ if (a->data != NULL) { -+ memset(a->data, 0, (unsigned int)a->max); -+ OPENSSL_free(a->data); -+ } -+ OPENSSL_free(a); -+} - - int BUF_MEM_grow(BUF_MEM *str, int len) -- { -- char *ret; -- unsigned int n; -+{ -+ char *ret; -+ unsigned int n; - -- if (len < 0) -- { -- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if (str->length >= len) -- { -- str->length=len; -- return(len); -- } -- if (str->max >= len) -- { -- memset(&str->data[str->length],0,len-str->length); -- str->length=len; -- return(len); -- } -- /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ -- if (len > LIMIT_BEFORE_EXPANSION) -- { -- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- n=(len+3)/3*4; -- if (str->data == NULL) -- ret=OPENSSL_malloc(n); -- else -- ret=OPENSSL_realloc(str->data,n); -- if (ret == NULL) -- { -- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); -- len=0; -- } -- else -- { -- str->data=ret; -- str->max=n; -- memset(&str->data[str->length],0,len-str->length); -- str->length=len; -- } -- return(len); -- } -+ if (len < 0) { -+ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (str->length >= len) { -+ str->length = len; -+ return (len); -+ } -+ if (str->max >= len) { -+ memset(&str->data[str->length], 0, len - str->length); -+ str->length = len; -+ return (len); -+ } -+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ -+ if (len > LIMIT_BEFORE_EXPANSION) { -+ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ n = (len + 3) / 3 * 4; -+ if (str->data == NULL) -+ ret = OPENSSL_malloc(n); -+ else -+ ret = OPENSSL_realloc(str->data, n); -+ if (ret == NULL) { -+ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE); -+ len = 0; -+ } else { -+ str->data = ret; -+ str->max = n; -+ memset(&str->data[str->length], 0, len - str->length); -+ str->length = len; -+ } -+ return (len); -+} - - int BUF_MEM_grow_clean(BUF_MEM *str, int len) -- { -- char *ret; -- unsigned int n; -+{ -+ char *ret; -+ unsigned int n; - -- if (len < 0) -- { -- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if (str->length >= len) -- { -- memset(&str->data[len],0,str->length-len); -- str->length=len; -- return(len); -- } -- if (str->max >= len) -- { -- memset(&str->data[str->length],0,len-str->length); -- str->length=len; -- return(len); -- } -- /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ -- if (len > LIMIT_BEFORE_EXPANSION) -- { -- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- n=(len+3)/3*4; -- if (str->data == NULL) -- ret=OPENSSL_malloc(n); -- else -- ret=OPENSSL_realloc_clean(str->data,str->max,n); -- if (ret == NULL) -- { -- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); -- len=0; -- } -- else -- { -- str->data=ret; -- str->max=n; -- memset(&str->data[str->length],0,len-str->length); -- str->length=len; -- } -- return(len); -- } -+ if (len < 0) { -+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (str->length >= len) { -+ memset(&str->data[len], 0, str->length - len); -+ str->length = len; -+ return (len); -+ } -+ if (str->max >= len) { -+ memset(&str->data[str->length], 0, len - str->length); -+ str->length = len; -+ return (len); -+ } -+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ -+ if (len > LIMIT_BEFORE_EXPANSION) { -+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ n = (len + 3) / 3 * 4; -+ if (str->data == NULL) -+ ret = OPENSSL_malloc(n); -+ else -+ ret = OPENSSL_realloc_clean(str->data, str->max, n); -+ if (ret == NULL) { -+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); -+ len = 0; -+ } else { -+ str->data = ret; -+ str->max = n; -+ memset(&str->data[str->length], 0, len - str->length); -+ str->length = len; -+ } -+ return (len); -+} -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c -index dcec13a..f2f16e5 100644 ---- a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c -+++ b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,63 +59,65 @@ - #include - #include "cast_lcl.h" - --/* The input and output encrypted as though 64bit cfb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit cfb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - - void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, const CAST_KEY *schedule, unsigned char *ivec, -- int *num, int enc) -- { -- register CAST_LONG v0,v1,t; -- register int n= *num; -- register long l=length; -- CAST_LONG ti[2]; -- unsigned char *iv,c,cc; -+ long length, const CAST_KEY *schedule, -+ unsigned char *ivec, int *num, int enc) -+{ -+ register CAST_LONG v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ CAST_LONG ti[2]; -+ unsigned char *iv, c, cc; - -- iv=ivec; -- if (enc) -- { -- while (l--) -- { -- if (n == 0) -- { -- n2l(iv,v0); ti[0]=v0; -- n2l(iv,v1); ti[1]=v1; -- CAST_encrypt((CAST_LONG *)ti,schedule); -- iv=ivec; -- t=ti[0]; l2n(t,iv); -- t=ti[1]; l2n(t,iv); -- iv=ivec; -- } -- c= *(in++)^iv[n]; -- *(out++)=c; -- iv[n]=c; -- n=(n+1)&0x07; -- } -- } -- else -- { -- while (l--) -- { -- if (n == 0) -- { -- n2l(iv,v0); ti[0]=v0; -- n2l(iv,v1); ti[1]=v1; -- CAST_encrypt((CAST_LONG *)ti,schedule); -- iv=ivec; -- t=ti[0]; l2n(t,iv); -- t=ti[1]; l2n(t,iv); -- iv=ivec; -- } -- cc= *(in++); -- c=iv[n]; -- iv[n]=cc; -- *(out++)=c^cc; -- n=(n+1)&0x07; -- } -- } -- v0=v1=ti[0]=ti[1]=t=c=cc=0; -- *num=n; -- } -+ iv = ivec; -+ if (enc) { -+ while (l--) { -+ if (n == 0) { -+ n2l(iv, v0); -+ ti[0] = v0; -+ n2l(iv, v1); -+ ti[1] = v1; -+ CAST_encrypt((CAST_LONG *)ti, schedule); -+ iv = ivec; -+ t = ti[0]; -+ l2n(t, iv); -+ t = ti[1]; -+ l2n(t, iv); -+ iv = ivec; -+ } -+ c = *(in++) ^ iv[n]; -+ *(out++) = c; -+ iv[n] = c; -+ n = (n + 1) & 0x07; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ n2l(iv, v0); -+ ti[0] = v0; -+ n2l(iv, v1); -+ ti[1] = v1; -+ CAST_encrypt((CAST_LONG *)ti, schedule); -+ iv = ivec; -+ t = ti[0]; -+ l2n(t, iv); -+ t = ti[1]; -+ l2n(t, iv); -+ iv = ivec; -+ } -+ cc = *(in++); -+ c = iv[n]; -+ iv[n] = cc; -+ *(out++) = c ^ cc; -+ n = (n + 1) & 0x07; -+ } -+ } -+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c -index b6a3b1f..4793f28 100644 ---- a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c -+++ b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,20 +60,24 @@ - #include "cast_lcl.h" - #include - --const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT; -+const char CAST_version[] = "CAST" OPENSSL_VERSION_PTEXT; - - void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, -- const CAST_KEY *ks, int enc) -- { -- CAST_LONG l,d[2]; -+ const CAST_KEY *ks, int enc) -+{ -+ CAST_LONG l, d[2]; - -- n2l(in,l); d[0]=l; -- n2l(in,l); d[1]=l; -- if (enc) -- CAST_encrypt(d,ks); -- else -- CAST_decrypt(d,ks); -- l=d[0]; l2n(l,out); -- l=d[1]; l2n(l,out); -- l=d[0]=d[1]=0; -- } -+ n2l(in, l); -+ d[0] = l; -+ n2l(in, l); -+ d[1] = l; -+ if (enc) -+ CAST_encrypt(d, ks); -+ else -+ CAST_decrypt(d, ks); -+ l = d[0]; -+ l2n(l, out); -+ l = d[1]; -+ l2n(l, out); -+ l = d[0] = d[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c -index 357c41e..6e1d50f 100644 ---- a/Cryptlib/OpenSSL/crypto/cast/c_enc.c -+++ b/Cryptlib/OpenSSL/crypto/cast/c_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,149 +60,141 @@ - #include "cast_lcl.h" - - void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) -- { -- register CAST_LONG l,r,t; -- const register CAST_LONG *k; -+{ -+ register CAST_LONG l, r, t; -+ const register CAST_LONG *k; - -- k= &(key->data[0]); -- l=data[0]; -- r=data[1]; -+ k = &(key->data[0]); -+ l = data[0]; -+ r = data[1]; - -- E_CAST( 0,k,l,r,+,^,-); -- E_CAST( 1,k,r,l,^,-,+); -- E_CAST( 2,k,l,r,-,+,^); -- E_CAST( 3,k,r,l,+,^,-); -- E_CAST( 4,k,l,r,^,-,+); -- E_CAST( 5,k,r,l,-,+,^); -- E_CAST( 6,k,l,r,+,^,-); -- E_CAST( 7,k,r,l,^,-,+); -- E_CAST( 8,k,l,r,-,+,^); -- E_CAST( 9,k,r,l,+,^,-); -- E_CAST(10,k,l,r,^,-,+); -- E_CAST(11,k,r,l,-,+,^); -- if(!key->short_key) -- { -- E_CAST(12,k,l,r,+,^,-); -- E_CAST(13,k,r,l,^,-,+); -- E_CAST(14,k,l,r,-,+,^); -- E_CAST(15,k,r,l,+,^,-); -- } -+ E_CAST(0, k, l, r, +, ^, -); -+ E_CAST(1, k, r, l, ^, -, +); -+ E_CAST(2, k, l, r, -, +, ^); -+ E_CAST(3, k, r, l, +, ^, -); -+ E_CAST(4, k, l, r, ^, -, +); -+ E_CAST(5, k, r, l, -, +, ^); -+ E_CAST(6, k, l, r, +, ^, -); -+ E_CAST(7, k, r, l, ^, -, +); -+ E_CAST(8, k, l, r, -, +, ^); -+ E_CAST(9, k, r, l, +, ^, -); -+ E_CAST(10, k, l, r, ^, -, +); -+ E_CAST(11, k, r, l, -, +, ^); -+ if (!key->short_key) { -+ E_CAST(12, k, l, r, +, ^, -); -+ E_CAST(13, k, r, l, ^, -, +); -+ E_CAST(14, k, l, r, -, +, ^); -+ E_CAST(15, k, r, l, +, ^, -); -+ } - -- data[1]=l&0xffffffffL; -- data[0]=r&0xffffffffL; -- } -+ data[1] = l & 0xffffffffL; -+ data[0] = r & 0xffffffffL; -+} - - void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) -- { -- register CAST_LONG l,r,t; -- const register CAST_LONG *k; -+{ -+ register CAST_LONG l, r, t; -+ const register CAST_LONG *k; - -- k= &(key->data[0]); -- l=data[0]; -- r=data[1]; -+ k = &(key->data[0]); -+ l = data[0]; -+ r = data[1]; - -- if(!key->short_key) -- { -- E_CAST(15,k,l,r,+,^,-); -- E_CAST(14,k,r,l,-,+,^); -- E_CAST(13,k,l,r,^,-,+); -- E_CAST(12,k,r,l,+,^,-); -- } -- E_CAST(11,k,l,r,-,+,^); -- E_CAST(10,k,r,l,^,-,+); -- E_CAST( 9,k,l,r,+,^,-); -- E_CAST( 8,k,r,l,-,+,^); -- E_CAST( 7,k,l,r,^,-,+); -- E_CAST( 6,k,r,l,+,^,-); -- E_CAST( 5,k,l,r,-,+,^); -- E_CAST( 4,k,r,l,^,-,+); -- E_CAST( 3,k,l,r,+,^,-); -- E_CAST( 2,k,r,l,-,+,^); -- E_CAST( 1,k,l,r,^,-,+); -- E_CAST( 0,k,r,l,+,^,-); -+ if (!key->short_key) { -+ E_CAST(15, k, l, r, +, ^, -); -+ E_CAST(14, k, r, l, -, +, ^); -+ E_CAST(13, k, l, r, ^, -, +); -+ E_CAST(12, k, r, l, +, ^, -); -+ } -+ E_CAST(11, k, l, r, -, +, ^); -+ E_CAST(10, k, r, l, ^, -, +); -+ E_CAST(9, k, l, r, +, ^, -); -+ E_CAST(8, k, r, l, -, +, ^); -+ E_CAST(7, k, l, r, ^, -, +); -+ E_CAST(6, k, r, l, +, ^, -); -+ E_CAST(5, k, l, r, -, +, ^); -+ E_CAST(4, k, r, l, ^, -, +); -+ E_CAST(3, k, l, r, +, ^, -); -+ E_CAST(2, k, r, l, -, +, ^); -+ E_CAST(1, k, l, r, ^, -, +); -+ E_CAST(0, k, r, l, +, ^, -); - -- data[1]=l&0xffffffffL; -- data[0]=r&0xffffffffL; -- } -+ data[1] = l & 0xffffffffL; -+ data[0] = r & 0xffffffffL; -+} - --void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, -- const CAST_KEY *ks, unsigned char *iv, int enc) -- { -- register CAST_LONG tin0,tin1; -- register CAST_LONG tout0,tout1,xor0,xor1; -- register long l=length; -- CAST_LONG tin[2]; -+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, -+ long length, const CAST_KEY *ks, unsigned char *iv, -+ int enc) -+{ -+ register CAST_LONG tin0, tin1; -+ register CAST_LONG tout0, tout1, xor0, xor1; -+ register long l = length; -+ CAST_LONG tin[2]; - -- if (enc) -- { -- n2l(iv,tout0); -- n2l(iv,tout1); -- iv-=8; -- for (l-=8; l>=0; l-=8) -- { -- n2l(in,tin0); -- n2l(in,tin1); -- tin0^=tout0; -- tin1^=tout1; -- tin[0]=tin0; -- tin[1]=tin1; -- CAST_encrypt(tin,ks); -- tout0=tin[0]; -- tout1=tin[1]; -- l2n(tout0,out); -- l2n(tout1,out); -- } -- if (l != -8) -- { -- n2ln(in,tin0,tin1,l+8); -- tin0^=tout0; -- tin1^=tout1; -- tin[0]=tin0; -- tin[1]=tin1; -- CAST_encrypt(tin,ks); -- tout0=tin[0]; -- tout1=tin[1]; -- l2n(tout0,out); -- l2n(tout1,out); -- } -- l2n(tout0,iv); -- l2n(tout1,iv); -- } -- else -- { -- n2l(iv,xor0); -- n2l(iv,xor1); -- iv-=8; -- for (l-=8; l>=0; l-=8) -- { -- n2l(in,tin0); -- n2l(in,tin1); -- tin[0]=tin0; -- tin[1]=tin1; -- CAST_decrypt(tin,ks); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- l2n(tout0,out); -- l2n(tout1,out); -- xor0=tin0; -- xor1=tin1; -- } -- if (l != -8) -- { -- n2l(in,tin0); -- n2l(in,tin1); -- tin[0]=tin0; -- tin[1]=tin1; -- CAST_decrypt(tin,ks); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- l2nn(tout0,tout1,out,l+8); -- xor0=tin0; -- xor1=tin1; -- } -- l2n(xor0,iv); -- l2n(xor1,iv); -- } -- tin0=tin1=tout0=tout1=xor0=xor1=0; -- tin[0]=tin[1]=0; -- } -+ if (enc) { -+ n2l(iv, tout0); -+ n2l(iv, tout1); -+ iv -= 8; -+ for (l -= 8; l >= 0; l -= 8) { -+ n2l(in, tin0); -+ n2l(in, tin1); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ tin[0] = tin0; -+ tin[1] = tin1; -+ CAST_encrypt(tin, ks); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ l2n(tout0, out); -+ l2n(tout1, out); -+ } -+ if (l != -8) { -+ n2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ tin[0] = tin0; -+ tin[1] = tin1; -+ CAST_encrypt(tin, ks); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ l2n(tout0, out); -+ l2n(tout1, out); -+ } -+ l2n(tout0, iv); -+ l2n(tout1, iv); -+ } else { -+ n2l(iv, xor0); -+ n2l(iv, xor1); -+ iv -= 8; -+ for (l -= 8; l >= 0; l -= 8) { -+ n2l(in, tin0); -+ n2l(in, tin1); -+ tin[0] = tin0; -+ tin[1] = tin1; -+ CAST_decrypt(tin, ks); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2n(tout0, out); -+ l2n(tout1, out); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ if (l != -8) { -+ n2l(in, tin0); -+ n2l(in, tin1); -+ tin[0] = tin0; -+ tin[1] = tin1; -+ CAST_decrypt(tin, ks); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2nn(tout0, tout1, out, l + 8); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ l2n(xor0, iv); -+ l2n(xor1, iv); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c -index cb32224..4e0a7c2 100644 ---- a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c -+++ b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,52 +59,52 @@ - #include - #include "cast_lcl.h" - --/* The input and output encrypted as though 64bit ofb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit ofb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, const CAST_KEY *schedule, unsigned char *ivec, -- int *num) -- { -- register CAST_LONG v0,v1,t; -- register int n= *num; -- register long l=length; -- unsigned char d[8]; -- register char *dp; -- CAST_LONG ti[2]; -- unsigned char *iv; -- int save=0; -+ long length, const CAST_KEY *schedule, -+ unsigned char *ivec, int *num) -+{ -+ register CAST_LONG v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ unsigned char d[8]; -+ register char *dp; -+ CAST_LONG ti[2]; -+ unsigned char *iv; -+ int save = 0; - -- iv=ivec; -- n2l(iv,v0); -- n2l(iv,v1); -- ti[0]=v0; -- ti[1]=v1; -- dp=(char *)d; -- l2n(v0,dp); -- l2n(v1,dp); -- while (l--) -- { -- if (n == 0) -- { -- CAST_encrypt((CAST_LONG *)ti,schedule); -- dp=(char *)d; -- t=ti[0]; l2n(t,dp); -- t=ti[1]; l2n(t,dp); -- save++; -- } -- *(out++)= *(in++)^d[n]; -- n=(n+1)&0x07; -- } -- if (save) -- { -- v0=ti[0]; -- v1=ti[1]; -- iv=ivec; -- l2n(v0,iv); -- l2n(v1,iv); -- } -- t=v0=v1=ti[0]=ti[1]=0; -- *num=n; -- } -+ iv = ivec; -+ n2l(iv, v0); -+ n2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ dp = (char *)d; -+ l2n(v0, dp); -+ l2n(v1, dp); -+ while (l--) { -+ if (n == 0) { -+ CAST_encrypt((CAST_LONG *)ti, schedule); -+ dp = (char *)d; -+ t = ti[0]; -+ l2n(t, dp); -+ t = ti[1]; -+ l2n(t, dp); -+ save++; -+ } -+ *(out++) = *(in++) ^ d[n]; -+ n = (n + 1) & 0x07; -+ } -+ if (save) { -+ v0 = ti[0]; -+ v1 = ti[1]; -+ iv = ivec; -+ l2n(v0, iv); -+ l2n(v1, iv); -+ } -+ t = v0 = v1 = ti[0] = ti[1] = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c -index 68e690a..a04f86a 100644 ---- a/Cryptlib/OpenSSL/crypto/cast/c_skey.c -+++ b/Cryptlib/OpenSSL/crypto/cast/c_skey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,18 +59,18 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #include "cast_lcl.h" - #include "cast_s.h" - - #define CAST_exp(l,A,a,n) \ -- A[n/4]=l; \ -- a[n+3]=(l )&0xff; \ -- a[n+2]=(l>> 8)&0xff; \ -- a[n+1]=(l>>16)&0xff; \ -- a[n+0]=(l>>24)&0xff; -+ A[n/4]=l; \ -+ a[n+3]=(l )&0xff; \ -+ a[n+2]=(l>> 8)&0xff; \ -+ a[n+1]=(l>>16)&0xff; \ -+ a[n+0]=(l>>24)&0xff; - - #define S4 CAST_S_table4 - #define S5 CAST_S_table5 -@@ -78,94 +78,95 @@ - #define S7 CAST_S_table7 - - FIPS_NON_FIPS_VCIPHER_Init(CAST) -- { -- CAST_LONG x[16]; -- CAST_LONG z[16]; -- CAST_LONG k[32]; -- CAST_LONG X[4],Z[4]; -- CAST_LONG l,*K; -- int i; -- -- for (i=0; i<16; i++) x[i]=0; -- if (len > 16) len=16; -- for (i=0; ishort_key=1; -- else -- key->short_key=0; -- -- K= &k[0]; -- X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL; -- X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL; -- X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL; -- X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL; -- -- for (;;) -- { -- l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; -- CAST_exp(l,Z,z, 0); -- l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; -- CAST_exp(l,Z,z, 4); -- l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; -- CAST_exp(l,Z,z, 8); -- l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; -- CAST_exp(l,Z,z,12); -- -- K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]]; -- K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]]; -- K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]]; -- K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]]; -- -- l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; -- CAST_exp(l,X,x, 0); -- l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; -- CAST_exp(l,X,x, 4); -- l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; -- CAST_exp(l,X,x, 8); -- l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; -- CAST_exp(l,X,x,12); -- -- K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]]; -- K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]]; -- K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]]; -- K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]]; -- -- l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; -- CAST_exp(l,Z,z, 0); -- l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; -- CAST_exp(l,Z,z, 4); -- l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; -- CAST_exp(l,Z,z, 8); -- l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; -- CAST_exp(l,Z,z,12); -- -- K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]]; -- K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]]; -- K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]]; -- K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]]; -- -- l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; -- CAST_exp(l,X,x, 0); -- l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; -- CAST_exp(l,X,x, 4); -- l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; -- CAST_exp(l,X,x, 8); -- l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; -- CAST_exp(l,X,x,12); -- -- K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]]; -- K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]]; -- K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]]; -- K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]]; -- if (K != k) break; -- K+=16; -- } -- -- for (i=0; i<16; i++) -- { -- key->data[i*2]=k[i]; -- key->data[i*2+1]=((k[i+16])+16)&0x1f; -- } -- } -- -+{ -+ CAST_LONG x[16]; -+ CAST_LONG z[16]; -+ CAST_LONG k[32]; -+ CAST_LONG X[4], Z[4]; -+ CAST_LONG l, *K; -+ int i; -+ -+ for (i = 0; i < 16; i++) -+ x[i] = 0; -+ if (len > 16) -+ len = 16; -+ for (i = 0; i < len; i++) -+ x[i] = data[i]; -+ if (len <= 10) -+ key->short_key = 1; -+ else -+ key->short_key = 0; -+ -+ K = &k[0]; -+ X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL; -+ X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL; -+ X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL; -+ X[3] = -+ ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL; -+ -+ for (;;) { -+ l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; -+ CAST_exp(l, Z, z, 0); -+ l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; -+ CAST_exp(l, Z, z, 4); -+ l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; -+ CAST_exp(l, Z, z, 8); -+ l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; -+ CAST_exp(l, Z, z, 12); -+ -+ K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]]; -+ K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]]; -+ K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]]; -+ K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]]; -+ -+ l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; -+ CAST_exp(l, X, x, 0); -+ l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; -+ CAST_exp(l, X, x, 4); -+ l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; -+ CAST_exp(l, X, x, 8); -+ l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; -+ CAST_exp(l, X, x, 12); -+ -+ K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]]; -+ K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]]; -+ K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]]; -+ K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]]; -+ -+ l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; -+ CAST_exp(l, Z, z, 0); -+ l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; -+ CAST_exp(l, Z, z, 4); -+ l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; -+ CAST_exp(l, Z, z, 8); -+ l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; -+ CAST_exp(l, Z, z, 12); -+ -+ K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]]; -+ K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]]; -+ K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]]; -+ K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]]; -+ -+ l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; -+ CAST_exp(l, X, x, 0); -+ l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; -+ CAST_exp(l, X, x, 4); -+ l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; -+ CAST_exp(l, X, x, 8); -+ l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; -+ CAST_exp(l, X, x, 12); -+ -+ K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]]; -+ K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]]; -+ K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]]; -+ K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]]; -+ if (K != k) -+ break; -+ K += 16; -+ } -+ -+ for (i = 0; i < 16; i++) { -+ key->data[i * 2] = k[i]; -+ key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f; -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c -index 18bceae..adf1663 100644 ---- a/Cryptlib/OpenSSL/crypto/comp/c_rle.c -+++ b/Cryptlib/OpenSSL/crypto/comp/c_rle.c -@@ -5,57 +5,58 @@ - #include - - static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen); -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); - static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen); -- --static COMP_METHOD rle_method={ -- NID_rle_compression, -- LN_rle_compression, -- NULL, -- NULL, -- rle_compress_block, -- rle_expand_block, -- NULL, -- NULL, -- }; -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); -+ -+static COMP_METHOD rle_method = { -+ NID_rle_compression, -+ LN_rle_compression, -+ NULL, -+ NULL, -+ rle_compress_block, -+ rle_expand_block, -+ NULL, -+ NULL, -+}; - - COMP_METHOD *COMP_rle(void) -- { -- return(&rle_method); -- } -+{ -+ return (&rle_method); -+} - - static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen) -- { -- /* int i; */ -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ /* int i; */ - -- if (olen < (ilen+1)) -- { -- /* ZZZZZZZZZZZZZZZZZZZZZZ */ -- return(-1); -- } -+ if (olen < (ilen + 1)) { -+ /* ZZZZZZZZZZZZZZZZZZZZZZ */ -+ return (-1); -+ } - -- *(out++)=0; -- memcpy(out,in,ilen); -- return(ilen+1); -- } -+ *(out++) = 0; -+ memcpy(out, in, ilen); -+ return (ilen + 1); -+} - - static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen) -- { -- int i; -- -- if (ilen == 0 || olen < (ilen-1)) -- { -- /* ZZZZZZZZZZZZZZZZZZZZZZ */ -- return(-1); -- } -- -- i= *(in++); -- if (i == 0) -- { -- memcpy(out,in,ilen-1); -- } -- return(ilen-1); -- } -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ int i; -+ -+ if (ilen == 0 || olen < (ilen - 1)) { -+ /* ZZZZZZZZZZZZZZZZZZZZZZ */ -+ return (-1); -+ } -+ -+ i = *(in++); -+ if (i == 0) { -+ memcpy(out, in, ilen - 1); -+ } -+ return (ilen - 1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c -index 8df7792..07ef739 100644 ---- a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c -+++ b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c -@@ -5,324 +5,326 @@ - #include - #include - --COMP_METHOD *COMP_zlib(void ); -- --static COMP_METHOD zlib_method_nozlib={ -- NID_undef, -- "(undef)", -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- }; -+COMP_METHOD *COMP_zlib(void); -+ -+static COMP_METHOD zlib_method_nozlib = { -+ NID_undef, -+ "(undef)", -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+}; - - #ifndef ZLIB --#undef ZLIB_SHARED -+# undef ZLIB_SHARED - #else - --#include -+# include - - static int zlib_stateful_init(COMP_CTX *ctx); - static void zlib_stateful_finish(COMP_CTX *ctx); - static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen); -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); - static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen); -- -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); - - /* memory allocations functions for zlib intialization */ --static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size) -+static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size) - { -- void *p; -- -- p=OPENSSL_malloc(no*size); -- if (p) -- memset(p, 0, no*size); -- return p; --} -+ void *p; - -+ p = OPENSSL_malloc(no * size); -+ if (p) -+ memset(p, 0, no * size); -+ return p; -+} - --static void zlib_zfree(void* opaque, void* address) -+static void zlib_zfree(void *opaque, void *address) - { -- OPENSSL_free(address); -+ OPENSSL_free(address); - } - --#if 0 -+# if 0 - static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen); -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); - static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen); -- --static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, -- uLong sourceLen); -- --static COMP_METHOD zlib_stateless_method={ -- NID_zlib_compression, -- LN_zlib_compression, -- NULL, -- NULL, -- zlib_compress_block, -- zlib_expand_block, -- NULL, -- NULL, -- }; --#endif -- --static COMP_METHOD zlib_stateful_method={ -- NID_zlib_compression, -- LN_zlib_compression, -- zlib_stateful_init, -- zlib_stateful_finish, -- zlib_stateful_compress_block, -- zlib_stateful_expand_block, -- NULL, -- NULL, -- }; -- --/* -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen); -+ -+static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, -+ uLong sourceLen); -+ -+static COMP_METHOD zlib_stateless_method = { -+ NID_zlib_compression, -+ LN_zlib_compression, -+ NULL, -+ NULL, -+ zlib_compress_block, -+ zlib_expand_block, -+ NULL, -+ NULL, -+}; -+# endif -+ -+static COMP_METHOD zlib_stateful_method = { -+ NID_zlib_compression, -+ LN_zlib_compression, -+ zlib_stateful_init, -+ zlib_stateful_finish, -+ zlib_stateful_compress_block, -+ zlib_stateful_expand_block, -+ NULL, -+ NULL, -+}; -+ -+/* - * When OpenSSL is built on Windows, we do not want to require that - * the ZLIB.DLL be available in order for the OpenSSL DLLs to - * work. Therefore, all ZLIB routines are loaded at run time - * and we do not link to a .LIB file when ZLIB_SHARED is set. - */ --#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) --# include --#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */ -+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -+# include -+# endif /* !(OPENSSL_SYS_WINDOWS || -+ * OPENSSL_SYS_WIN32) */ - --#ifdef ZLIB_SHARED --#include -+# ifdef ZLIB_SHARED -+# include - - /* Function pointers */ --typedef int (*compress_ft)(Bytef *dest,uLongf *destLen, -- const Bytef *source, uLong sourceLen); --typedef int (*inflateEnd_ft)(z_streamp strm); --typedef int (*inflate_ft)(z_streamp strm, int flush); --typedef int (*inflateInit__ft)(z_streamp strm, -- const char * version, int stream_size); --typedef int (*deflateEnd_ft)(z_streamp strm); --typedef int (*deflate_ft)(z_streamp strm, int flush); --typedef int (*deflateInit__ft)(z_streamp strm, int level, -- const char * version, int stream_size); --typedef const char * (*zError__ft)(int err); --static compress_ft p_compress=NULL; --static inflateEnd_ft p_inflateEnd=NULL; --static inflate_ft p_inflate=NULL; --static inflateInit__ft p_inflateInit_=NULL; --static deflateEnd_ft p_deflateEnd=NULL; --static deflate_ft p_deflate=NULL; --static deflateInit__ft p_deflateInit_=NULL; --static zError__ft p_zError=NULL; -+typedef int (*compress_ft) (Bytef *dest, uLongf * destLen, -+ const Bytef *source, uLong sourceLen); -+typedef int (*inflateEnd_ft) (z_streamp strm); -+typedef int (*inflate_ft) (z_streamp strm, int flush); -+typedef int (*inflateInit__ft) (z_streamp strm, -+ const char *version, int stream_size); -+typedef int (*deflateEnd_ft) (z_streamp strm); -+typedef int (*deflate_ft) (z_streamp strm, int flush); -+typedef int (*deflateInit__ft) (z_streamp strm, int level, -+ const char *version, int stream_size); -+typedef const char *(*zError__ft) (int err); -+static compress_ft p_compress = NULL; -+static inflateEnd_ft p_inflateEnd = NULL; -+static inflate_ft p_inflate = NULL; -+static inflateInit__ft p_inflateInit_ = NULL; -+static deflateEnd_ft p_deflateEnd = NULL; -+static deflate_ft p_deflate = NULL; -+static deflateInit__ft p_deflateInit_ = NULL; -+static zError__ft p_zError = NULL; - - static int zlib_loaded = 0; /* only attempt to init func pts once */ - static DSO *zlib_dso = NULL; - --#define compress p_compress --#define inflateEnd p_inflateEnd --#define inflate p_inflate --#define inflateInit_ p_inflateInit_ --#define deflateEnd p_deflateEnd --#define deflate p_deflate --#define deflateInit_ p_deflateInit_ --#define zError p_zError --#endif /* ZLIB_SHARED */ -- --struct zlib_state -- { -- z_stream istream; -- z_stream ostream; -- }; -+# define compress p_compress -+# define inflateEnd p_inflateEnd -+# define inflate p_inflate -+# define inflateInit_ p_inflateInit_ -+# define deflateEnd p_deflateEnd -+# define deflate p_deflate -+# define deflateInit_ p_deflateInit_ -+# define zError p_zError -+# endif /* ZLIB_SHARED */ -+ -+struct zlib_state { -+ z_stream istream; -+ z_stream ostream; -+}; - - static int zlib_stateful_ex_idx = -1; - - static int zlib_stateful_init(COMP_CTX *ctx) -- { -- int err; -- struct zlib_state *state = -- (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); -- -- if (state == NULL) -- goto err; -- -- state->istream.zalloc = zlib_zalloc; -- state->istream.zfree = zlib_zfree; -- state->istream.opaque = Z_NULL; -- state->istream.next_in = Z_NULL; -- state->istream.next_out = Z_NULL; -- state->istream.avail_in = 0; -- state->istream.avail_out = 0; -- err = inflateInit_(&state->istream, -- ZLIB_VERSION, sizeof(z_stream)); -- if (err != Z_OK) -- goto err; -- -- state->ostream.zalloc = zlib_zalloc; -- state->ostream.zfree = zlib_zfree; -- state->ostream.opaque = Z_NULL; -- state->ostream.next_in = Z_NULL; -- state->ostream.next_out = Z_NULL; -- state->ostream.avail_in = 0; -- state->ostream.avail_out = 0; -- err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION, -- ZLIB_VERSION, sizeof(z_stream)); -- if (err != Z_OK) -- goto err; -- -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); -- CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state); -- return 1; -+{ -+ int err; -+ struct zlib_state *state = -+ (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); -+ -+ if (state == NULL) -+ goto err; -+ -+ state->istream.zalloc = zlib_zalloc; -+ state->istream.zfree = zlib_zfree; -+ state->istream.opaque = Z_NULL; -+ state->istream.next_in = Z_NULL; -+ state->istream.next_out = Z_NULL; -+ state->istream.avail_in = 0; -+ state->istream.avail_out = 0; -+ err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream)); -+ if (err != Z_OK) -+ goto err; -+ -+ state->ostream.zalloc = zlib_zalloc; -+ state->ostream.zfree = zlib_zfree; -+ state->ostream.opaque = Z_NULL; -+ state->ostream.next_in = Z_NULL; -+ state->ostream.next_out = Z_NULL; -+ state->ostream.avail_in = 0; -+ state->ostream.avail_out = 0; -+ err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION, -+ ZLIB_VERSION, sizeof(z_stream)); -+ if (err != Z_OK) -+ goto err; -+ -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); -+ CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state); -+ return 1; - err: -- if (state) OPENSSL_free(state); -- return 0; -- } -+ if (state) -+ OPENSSL_free(state); -+ return 0; -+} - - static void zlib_stateful_finish(COMP_CTX *ctx) -- { -- struct zlib_state *state = -- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -- zlib_stateful_ex_idx); -- inflateEnd(&state->istream); -- deflateEnd(&state->ostream); -- OPENSSL_free(state); -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); -- } -+{ -+ struct zlib_state *state = -+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -+ zlib_stateful_ex_idx); -+ inflateEnd(&state->istream); -+ deflateEnd(&state->ostream); -+ OPENSSL_free(state); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); -+} - - static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen) -- { -- int err = Z_OK; -- struct zlib_state *state = -- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -- zlib_stateful_ex_idx); -- -- if (state == NULL) -- return -1; -- -- state->ostream.next_in = in; -- state->ostream.avail_in = ilen; -- state->ostream.next_out = out; -- state->ostream.avail_out = olen; -- if (ilen > 0) -- err = deflate(&state->ostream, Z_SYNC_FLUSH); -- if (err != Z_OK) -- return -1; --#ifdef DEBUG_ZLIB -- fprintf(stderr,"compress(%4d)->%4d %s\n", -- ilen,olen - state->ostream.avail_out, -- (ilen != olen - state->ostream.avail_out)?"zlib":"clear"); --#endif -- return olen - state->ostream.avail_out; -- } -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ int err = Z_OK; -+ struct zlib_state *state = -+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -+ zlib_stateful_ex_idx); -+ -+ if (state == NULL) -+ return -1; -+ -+ state->ostream.next_in = in; -+ state->ostream.avail_in = ilen; -+ state->ostream.next_out = out; -+ state->ostream.avail_out = olen; -+ if (ilen > 0) -+ err = deflate(&state->ostream, Z_SYNC_FLUSH); -+ if (err != Z_OK) -+ return -1; -+# ifdef DEBUG_ZLIB -+ fprintf(stderr, "compress(%4d)->%4d %s\n", -+ ilen, olen - state->ostream.avail_out, -+ (ilen != olen - state->ostream.avail_out) ? "zlib" : "clear"); -+# endif -+ return olen - state->ostream.avail_out; -+} - - static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen) -- { -- int err = Z_OK; -- -- struct zlib_state *state = -- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -- zlib_stateful_ex_idx); -- -- if (state == NULL) -- return 0; -- -- state->istream.next_in = in; -- state->istream.avail_in = ilen; -- state->istream.next_out = out; -- state->istream.avail_out = olen; -- if (ilen > 0) -- err = inflate(&state->istream, Z_SYNC_FLUSH); -- if (err != Z_OK) -- return -1; --#ifdef DEBUG_ZLIB -- fprintf(stderr,"expand(%4d)->%4d %s\n", -- ilen,olen - state->istream.avail_out, -- (ilen != olen - state->istream.avail_out)?"zlib":"clear"); --#endif -- return olen - state->istream.avail_out; -- } -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ int err = Z_OK; -+ -+ struct zlib_state *state = -+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -+ zlib_stateful_ex_idx); -+ -+ if (state == NULL) -+ return 0; -+ -+ state->istream.next_in = in; -+ state->istream.avail_in = ilen; -+ state->istream.next_out = out; -+ state->istream.avail_out = olen; -+ if (ilen > 0) -+ err = inflate(&state->istream, Z_SYNC_FLUSH); -+ if (err != Z_OK) -+ return -1; -+# ifdef DEBUG_ZLIB -+ fprintf(stderr, "expand(%4d)->%4d %s\n", -+ ilen, olen - state->istream.avail_out, -+ (ilen != olen - state->istream.avail_out) ? "zlib" : "clear"); -+# endif -+ return olen - state->istream.avail_out; -+} - --#if 0 -+# if 0 - static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen) -- { -- unsigned long l; -- int i; -- int clear=1; -- -- if (ilen > 128) -- { -- out[0]=1; -- l=olen-1; -- i=compress(&(out[1]),&l,in,(unsigned long)ilen); -- if (i != Z_OK) -- return(-1); -- if (ilen > l) -- { -- clear=0; -- l++; -- } -- } -- if (clear) -- { -- out[0]=0; -- memcpy(&(out[1]),in,ilen); -- l=ilen+1; -- } --#ifdef DEBUG_ZLIB -- fprintf(stderr,"compress(%4d)->%4d %s\n", -- ilen,(int)l,(clear)?"clear":"zlib"); --#endif -- return((int)l); -- } -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ unsigned long l; -+ int i; -+ int clear = 1; -+ -+ if (ilen > 128) { -+ out[0] = 1; -+ l = olen - 1; -+ i = compress(&(out[1]), &l, in, (unsigned long)ilen); -+ if (i != Z_OK) -+ return (-1); -+ if (ilen > l) { -+ clear = 0; -+ l++; -+ } -+ } -+ if (clear) { -+ out[0] = 0; -+ memcpy(&(out[1]), in, ilen); -+ l = ilen + 1; -+ } -+# ifdef DEBUG_ZLIB -+ fprintf(stderr, "compress(%4d)->%4d %s\n", -+ ilen, (int)l, (clear) ? "clear" : "zlib"); -+# endif -+ return ((int)l); -+} - - static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, -- unsigned int olen, unsigned char *in, unsigned int ilen) -- { -- unsigned long l; -- int i; -- -- if (in[0]) -- { -- l=olen; -- i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1); -- if (i != Z_OK) -- return(-1); -- } -- else -- { -- memcpy(out,&(in[1]),ilen-1); -- l=ilen-1; -- } --#ifdef DEBUG_ZLIB -- fprintf(stderr,"expand (%4d)->%4d %s\n", -- ilen,(int)l,in[0]?"zlib":"clear"); --#endif -- return((int)l); -- } -+ unsigned int olen, unsigned char *in, -+ unsigned int ilen) -+{ -+ unsigned long l; -+ int i; -+ -+ if (in[0]) { -+ l = olen; -+ i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1); -+ if (i != Z_OK) -+ return (-1); -+ } else { -+ memcpy(out, &(in[1]), ilen - 1); -+ l = ilen - 1; -+ } -+# ifdef DEBUG_ZLIB -+ fprintf(stderr, "expand (%4d)->%4d %s\n", -+ ilen, (int)l, in[0] ? "zlib" : "clear"); -+# endif -+ return ((int)l); -+} - --static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, -- uLong sourceLen) -+static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, -+ uLong sourceLen) - { - z_stream stream; - int err; - -- stream.next_in = (Bytef*)source; -- stream.avail_in = (uInt)sourceLen; -+ stream.next_in = (Bytef *)source; -+ stream.avail_in = (uInt) sourceLen; - /* Check for source > 64K on 16-bit machine: */ -- if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; -+ if ((uLong) stream.avail_in != sourceLen) -+ return Z_BUF_ERROR; - - stream.next_out = dest; -- stream.avail_out = (uInt)*destLen; -- if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR; -+ stream.avail_out = (uInt) * destLen; -+ if ((uLong) stream.avail_out != *destLen) -+ return Z_BUF_ERROR; - -- stream.zalloc = (alloc_func)0; -- stream.zfree = (free_func)0; -+ stream.zalloc = (alloc_func) 0; -+ stream.zfree = (free_func) 0; - -- err = inflateInit_(&stream, -- ZLIB_VERSION, sizeof(z_stream)); -- if (err != Z_OK) return err; -+ err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream)); -+ if (err != Z_OK) -+ return err; - - err = inflate(&stream, Z_FINISH); - if (err != Z_STREAM_END) { -@@ -334,112 +336,97 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, - err = inflateEnd(&stream); - return err; - } --#endif -+# endif - - #endif - - COMP_METHOD *COMP_zlib(void) -- { -- COMP_METHOD *meth = &zlib_method_nozlib; -+{ -+ COMP_METHOD *meth = &zlib_method_nozlib; - - #ifdef ZLIB_SHARED -- if (!zlib_loaded) -- { --#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -- zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); --#else -- zlib_dso = DSO_load(NULL, "z", NULL, 0); --#endif -- if (zlib_dso != NULL) -- { -- p_compress -- = (compress_ft) DSO_bind_func(zlib_dso, -- "compress"); -- p_inflateEnd -- = (inflateEnd_ft) DSO_bind_func(zlib_dso, -- "inflateEnd"); -- p_inflate -- = (inflate_ft) DSO_bind_func(zlib_dso, -- "inflate"); -- p_inflateInit_ -- = (inflateInit__ft) DSO_bind_func(zlib_dso, -- "inflateInit_"); -- p_deflateEnd -- = (deflateEnd_ft) DSO_bind_func(zlib_dso, -- "deflateEnd"); -- p_deflate -- = (deflate_ft) DSO_bind_func(zlib_dso, -- "deflate"); -- p_deflateInit_ -- = (deflateInit__ft) DSO_bind_func(zlib_dso, -- "deflateInit_"); -- p_zError -- = (zError__ft) DSO_bind_func(zlib_dso, -- "zError"); -- -- if (p_compress && p_inflateEnd && p_inflate -- && p_inflateInit_ && p_deflateEnd -- && p_deflate && p_deflateInit_ && p_zError) -- zlib_loaded++; -- } -- } -- -+ if (!zlib_loaded) { -+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -+ zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); -+# else -+ zlib_dso = DSO_load(NULL, "z", NULL, 0); -+# endif -+ if (zlib_dso != NULL) { -+ p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress"); -+ p_inflateEnd -+ = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd"); -+ p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate"); -+ p_inflateInit_ -+ = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_"); -+ p_deflateEnd -+ = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd"); -+ p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate"); -+ p_deflateInit_ -+ = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_"); -+ p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError"); -+ -+ if (p_compress && p_inflateEnd && p_inflate -+ && p_inflateInit_ && p_deflateEnd -+ && p_deflate && p_deflateInit_ && p_zError) -+ zlib_loaded++; -+ } -+ } - #endif - #ifdef ZLIB_SHARED -- if (zlib_loaded) -+ if (zlib_loaded) - #endif - #if defined(ZLIB) || defined(ZLIB_SHARED) -- { -- /* init zlib_stateful_ex_idx here so that in a multi-process -- * application it's enough to intialize openssl before forking -- * (idx will be inherited in all the children) */ -- if (zlib_stateful_ex_idx == -1) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_COMP); -- if (zlib_stateful_ex_idx == -1) -- zlib_stateful_ex_idx = -- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, -- 0,NULL,NULL,NULL,NULL); -- CRYPTO_w_unlock(CRYPTO_LOCK_COMP); -- if (zlib_stateful_ex_idx == -1) -- goto err; -- } -- -- meth = &zlib_stateful_method; -- } --err: -+ { -+ /* -+ * init zlib_stateful_ex_idx here so that in a multi-process -+ * application it's enough to intialize openssl before forking (idx -+ * will be inherited in all the children) -+ */ -+ if (zlib_stateful_ex_idx == -1) { -+ CRYPTO_w_lock(CRYPTO_LOCK_COMP); -+ if (zlib_stateful_ex_idx == -1) -+ zlib_stateful_ex_idx = -+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, -+ 0, NULL, NULL, NULL, NULL); -+ CRYPTO_w_unlock(CRYPTO_LOCK_COMP); -+ if (zlib_stateful_ex_idx == -1) -+ goto err; -+ } -+ -+ meth = &zlib_stateful_method; -+ } -+ err: - #endif - -- return(meth); -- } -+ return (meth); -+} - - void COMP_zlib_cleanup(void) -- { -+{ - #ifdef ZLIB_SHARED -- if (zlib_dso) -- DSO_free(zlib_dso); -+ if (zlib_dso) -+ DSO_free(zlib_dso); - #endif -- } -+} - - #ifdef ZLIB - - /* Zlib based compression/decompression filter BIO */ - --typedef struct -- { -- unsigned char *ibuf; /* Input buffer */ -- int ibufsize; /* Buffer size */ -- z_stream zin; /* Input decompress context */ -- unsigned char *obuf; /* Output buffer */ -- int obufsize; /* Output buffer size */ -- unsigned char *optr; /* Position in output buffer */ -- int ocount; /* Amount of data in output buffer */ -- int odone; /* deflate EOF */ -- int comp_level; /* Compression level to use */ -- z_stream zout; /* Output compression context */ -- } BIO_ZLIB_CTX; -- --#define ZLIB_DEFAULT_BUFSIZE 1024 -+typedef struct { -+ unsigned char *ibuf; /* Input buffer */ -+ int ibufsize; /* Buffer size */ -+ z_stream zin; /* Input decompress context */ -+ unsigned char *obuf; /* Output buffer */ -+ int obufsize; /* Output buffer size */ -+ unsigned char *optr; /* Position in output buffer */ -+ int ocount; /* Amount of data in output buffer */ -+ int odone; /* deflate EOF */ -+ int comp_level; /* Compression level to use */ -+ z_stream zout; /* Output compression context */ -+} BIO_ZLIB_CTX; -+ -+# define ZLIB_DEFAULT_BUFSIZE 1024 - - static int bio_zlib_new(BIO *bi); - static int bio_zlib_free(BIO *bi); -@@ -448,351 +435,327 @@ static int bio_zlib_write(BIO *b, const char *in, int inl); - static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); - static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); - --static BIO_METHOD bio_meth_zlib = -- { -- BIO_TYPE_COMP, -- "zlib", -- bio_zlib_write, -- bio_zlib_read, -- NULL, -- NULL, -- bio_zlib_ctrl, -- bio_zlib_new, -- bio_zlib_free, -- bio_zlib_callback_ctrl -- }; -+static BIO_METHOD bio_meth_zlib = { -+ BIO_TYPE_COMP, -+ "zlib", -+ bio_zlib_write, -+ bio_zlib_read, -+ NULL, -+ NULL, -+ bio_zlib_ctrl, -+ bio_zlib_new, -+ bio_zlib_free, -+ bio_zlib_callback_ctrl -+}; - - BIO_METHOD *BIO_f_zlib(void) -- { -- return &bio_meth_zlib; -- } -- -+{ -+ return &bio_meth_zlib; -+} - - static int bio_zlib_new(BIO *bi) -- { -- BIO_ZLIB_CTX *ctx; --#ifdef ZLIB_SHARED -- (void)COMP_zlib(); -- if (!zlib_loaded) -- { -- COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED); -- return 0; -- } --#endif -- ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); -- if(!ctx) -- { -- COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- ctx->ibuf = NULL; -- ctx->obuf = NULL; -- ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; -- ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; -- ctx->zin.zalloc = Z_NULL; -- ctx->zin.zfree = Z_NULL; -- ctx->zin.next_in = NULL; -- ctx->zin.avail_in = 0; -- ctx->zin.next_out = NULL; -- ctx->zin.avail_out = 0; -- ctx->zout.zalloc = Z_NULL; -- ctx->zout.zfree = Z_NULL; -- ctx->zout.next_in = NULL; -- ctx->zout.avail_in = 0; -- ctx->zout.next_out = NULL; -- ctx->zout.avail_out = 0; -- ctx->odone = 0; -- ctx->comp_level = Z_DEFAULT_COMPRESSION; -- bi->init = 1; -- bi->ptr = (char *)ctx; -- bi->flags = 0; -- return 1; -- } -+{ -+ BIO_ZLIB_CTX *ctx; -+# ifdef ZLIB_SHARED -+ (void)COMP_zlib(); -+ if (!zlib_loaded) { -+ COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED); -+ return 0; -+ } -+# endif -+ ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); -+ if (!ctx) { -+ COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ ctx->ibuf = NULL; -+ ctx->obuf = NULL; -+ ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; -+ ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; -+ ctx->zin.zalloc = Z_NULL; -+ ctx->zin.zfree = Z_NULL; -+ ctx->zin.next_in = NULL; -+ ctx->zin.avail_in = 0; -+ ctx->zin.next_out = NULL; -+ ctx->zin.avail_out = 0; -+ ctx->zout.zalloc = Z_NULL; -+ ctx->zout.zfree = Z_NULL; -+ ctx->zout.next_in = NULL; -+ ctx->zout.avail_in = 0; -+ ctx->zout.next_out = NULL; -+ ctx->zout.avail_out = 0; -+ ctx->odone = 0; -+ ctx->comp_level = Z_DEFAULT_COMPRESSION; -+ bi->init = 1; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ return 1; -+} - - static int bio_zlib_free(BIO *bi) -- { -- BIO_ZLIB_CTX *ctx; -- if(!bi) return 0; -- ctx = (BIO_ZLIB_CTX *)bi->ptr; -- if(ctx->ibuf) -- { -- /* Destroy decompress context */ -- inflateEnd(&ctx->zin); -- OPENSSL_free(ctx->ibuf); -- } -- if(ctx->obuf) -- { -- /* Destroy compress context */ -- deflateEnd(&ctx->zout); -- OPENSSL_free(ctx->obuf); -- } -- OPENSSL_free(ctx); -- bi->ptr = NULL; -- bi->init = 0; -- bi->flags = 0; -- return 1; -- } -+{ -+ BIO_ZLIB_CTX *ctx; -+ if (!bi) -+ return 0; -+ ctx = (BIO_ZLIB_CTX *) bi->ptr; -+ if (ctx->ibuf) { -+ /* Destroy decompress context */ -+ inflateEnd(&ctx->zin); -+ OPENSSL_free(ctx->ibuf); -+ } -+ if (ctx->obuf) { -+ /* Destroy compress context */ -+ deflateEnd(&ctx->zout); -+ OPENSSL_free(ctx->obuf); -+ } -+ OPENSSL_free(ctx); -+ bi->ptr = NULL; -+ bi->init = 0; -+ bi->flags = 0; -+ return 1; -+} - - static int bio_zlib_read(BIO *b, char *out, int outl) -- { -- BIO_ZLIB_CTX *ctx; -- int ret; -- z_stream *zin; -- if(!out || !outl) return 0; -- ctx = (BIO_ZLIB_CTX *)b->ptr; -- zin = &ctx->zin; -- BIO_clear_retry_flags(b); -- if(!ctx->ibuf) -- { -- ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); -- if(!ctx->ibuf) -- { -- COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- inflateInit(zin); -- zin->next_in = ctx->ibuf; -- zin->avail_in = 0; -- } -- -- /* Copy output data directly to supplied buffer */ -- zin->next_out = (unsigned char *)out; -- zin->avail_out = (unsigned int)outl; -- for(;;) -- { -- /* Decompress while data available */ -- while(zin->avail_in) -- { -- ret = inflate(zin, 0); -- if((ret != Z_OK) && (ret != Z_STREAM_END)) -- { -- COMPerr(COMP_F_BIO_ZLIB_READ, -- COMP_R_ZLIB_INFLATE_ERROR); -- ERR_add_error_data(2, "zlib error:", -- zError(ret)); -- return 0; -- } -- /* If EOF or we've read everything then return */ -- if((ret == Z_STREAM_END) || !zin->avail_out) -- return outl - zin->avail_out; -- } -- -- /* No data in input buffer try to read some in, -- * if an error then return the total data read. -- */ -- ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); -- if(ret <= 0) -- { -- /* Total data read */ -- int tot = outl - zin->avail_out; -- BIO_copy_next_retry(b); -- if(ret < 0) return (tot > 0) ? tot : ret; -- return tot; -- } -- zin->avail_in = ret; -- zin->next_in = ctx->ibuf; -- } -- } -+{ -+ BIO_ZLIB_CTX *ctx; -+ int ret; -+ z_stream *zin; -+ if (!out || !outl) -+ return 0; -+ ctx = (BIO_ZLIB_CTX *) b->ptr; -+ zin = &ctx->zin; -+ BIO_clear_retry_flags(b); -+ if (!ctx->ibuf) { -+ ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); -+ if (!ctx->ibuf) { -+ COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ inflateInit(zin); -+ zin->next_in = ctx->ibuf; -+ zin->avail_in = 0; -+ } -+ -+ /* Copy output data directly to supplied buffer */ -+ zin->next_out = (unsigned char *)out; -+ zin->avail_out = (unsigned int)outl; -+ for (;;) { -+ /* Decompress while data available */ -+ while (zin->avail_in) { -+ ret = inflate(zin, 0); -+ if ((ret != Z_OK) && (ret != Z_STREAM_END)) { -+ COMPerr(COMP_F_BIO_ZLIB_READ, COMP_R_ZLIB_INFLATE_ERROR); -+ ERR_add_error_data(2, "zlib error:", zError(ret)); -+ return 0; -+ } -+ /* If EOF or we've read everything then return */ -+ if ((ret == Z_STREAM_END) || !zin->avail_out) -+ return outl - zin->avail_out; -+ } -+ -+ /* -+ * No data in input buffer try to read some in, if an error then -+ * return the total data read. -+ */ -+ ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); -+ if (ret <= 0) { -+ /* Total data read */ -+ int tot = outl - zin->avail_out; -+ BIO_copy_next_retry(b); -+ if (ret < 0) -+ return (tot > 0) ? tot : ret; -+ return tot; -+ } -+ zin->avail_in = ret; -+ zin->next_in = ctx->ibuf; -+ } -+} - - static int bio_zlib_write(BIO *b, const char *in, int inl) -- { -- BIO_ZLIB_CTX *ctx; -- int ret; -- z_stream *zout; -- if(!in || !inl) return 0; -- ctx = (BIO_ZLIB_CTX *)b->ptr; -- if(ctx->odone) return 0; -- zout = &ctx->zout; -- BIO_clear_retry_flags(b); -- if(!ctx->obuf) -- { -- ctx->obuf = OPENSSL_malloc(ctx->obufsize); -- /* Need error here */ -- if(!ctx->obuf) -- { -- COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- ctx->optr = ctx->obuf; -- ctx->ocount = 0; -- deflateInit(zout, ctx->comp_level); -- zout->next_out = ctx->obuf; -- zout->avail_out = ctx->obufsize; -- } -- /* Obtain input data directly from supplied buffer */ -- zout->next_in = (void *)in; -- zout->avail_in = inl; -- for(;;) -- { -- /* If data in output buffer write it first */ -- while(ctx->ocount) { -- ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); -- if(ret <= 0) -- { -- /* Total data written */ -- int tot = inl - zout->avail_in; -- BIO_copy_next_retry(b); -- if(ret < 0) return (tot > 0) ? tot : ret; -- return tot; -- } -- ctx->optr += ret; -- ctx->ocount -= ret; -- } -- -- /* Have we consumed all supplied data? */ -- if(!zout->avail_in) -- return inl; -- -- /* Compress some more */ -- -- /* Reset buffer */ -- ctx->optr = ctx->obuf; -- zout->next_out = ctx->obuf; -- zout->avail_out = ctx->obufsize; -- /* Compress some more */ -- ret = deflate(zout, 0); -- if(ret != Z_OK) -- { -- COMPerr(COMP_F_BIO_ZLIB_WRITE, -- COMP_R_ZLIB_DEFLATE_ERROR); -- ERR_add_error_data(2, "zlib error:", zError(ret)); -- return 0; -- } -- ctx->ocount = ctx->obufsize - zout->avail_out; -- } -- } -+{ -+ BIO_ZLIB_CTX *ctx; -+ int ret; -+ z_stream *zout; -+ if (!in || !inl) -+ return 0; -+ ctx = (BIO_ZLIB_CTX *) b->ptr; -+ if (ctx->odone) -+ return 0; -+ zout = &ctx->zout; -+ BIO_clear_retry_flags(b); -+ if (!ctx->obuf) { -+ ctx->obuf = OPENSSL_malloc(ctx->obufsize); -+ /* Need error here */ -+ if (!ctx->obuf) { -+ COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ ctx->optr = ctx->obuf; -+ ctx->ocount = 0; -+ deflateInit(zout, ctx->comp_level); -+ zout->next_out = ctx->obuf; -+ zout->avail_out = ctx->obufsize; -+ } -+ /* Obtain input data directly from supplied buffer */ -+ zout->next_in = (void *)in; -+ zout->avail_in = inl; -+ for (;;) { -+ /* If data in output buffer write it first */ -+ while (ctx->ocount) { -+ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); -+ if (ret <= 0) { -+ /* Total data written */ -+ int tot = inl - zout->avail_in; -+ BIO_copy_next_retry(b); -+ if (ret < 0) -+ return (tot > 0) ? tot : ret; -+ return tot; -+ } -+ ctx->optr += ret; -+ ctx->ocount -= ret; -+ } -+ -+ /* Have we consumed all supplied data? */ -+ if (!zout->avail_in) -+ return inl; -+ -+ /* Compress some more */ -+ -+ /* Reset buffer */ -+ ctx->optr = ctx->obuf; -+ zout->next_out = ctx->obuf; -+ zout->avail_out = ctx->obufsize; -+ /* Compress some more */ -+ ret = deflate(zout, 0); -+ if (ret != Z_OK) { -+ COMPerr(COMP_F_BIO_ZLIB_WRITE, COMP_R_ZLIB_DEFLATE_ERROR); -+ ERR_add_error_data(2, "zlib error:", zError(ret)); -+ return 0; -+ } -+ ctx->ocount = ctx->obufsize - zout->avail_out; -+ } -+} - - static int bio_zlib_flush(BIO *b) -- { -- BIO_ZLIB_CTX *ctx; -- int ret; -- z_stream *zout; -- ctx = (BIO_ZLIB_CTX *)b->ptr; -- /* If no data written or already flush show success */ -- if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1; -- zout = &ctx->zout; -- BIO_clear_retry_flags(b); -- /* No more input data */ -- zout->next_in = NULL; -- zout->avail_in = 0; -- for(;;) -- { -- /* If data in output buffer write it first */ -- while(ctx->ocount) -- { -- ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); -- if(ret <= 0) -- { -- BIO_copy_next_retry(b); -- return ret; -- } -- ctx->optr += ret; -- ctx->ocount -= ret; -- } -- if(ctx->odone) return 1; -- -- /* Compress some more */ -- -- /* Reset buffer */ -- ctx->optr = ctx->obuf; -- zout->next_out = ctx->obuf; -- zout->avail_out = ctx->obufsize; -- /* Compress some more */ -- ret = deflate(zout, Z_FINISH); -- if(ret == Z_STREAM_END) ctx->odone = 1; -- else if(ret != Z_OK) -- { -- COMPerr(COMP_F_BIO_ZLIB_FLUSH, -- COMP_R_ZLIB_DEFLATE_ERROR); -- ERR_add_error_data(2, "zlib error:", zError(ret)); -- return 0; -- } -- ctx->ocount = ctx->obufsize - zout->avail_out; -- } -- } -+{ -+ BIO_ZLIB_CTX *ctx; -+ int ret; -+ z_stream *zout; -+ ctx = (BIO_ZLIB_CTX *) b->ptr; -+ /* If no data written or already flush show success */ -+ if (!ctx->obuf || (ctx->odone && !ctx->ocount)) -+ return 1; -+ zout = &ctx->zout; -+ BIO_clear_retry_flags(b); -+ /* No more input data */ -+ zout->next_in = NULL; -+ zout->avail_in = 0; -+ for (;;) { -+ /* If data in output buffer write it first */ -+ while (ctx->ocount) { -+ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); -+ if (ret <= 0) { -+ BIO_copy_next_retry(b); -+ return ret; -+ } -+ ctx->optr += ret; -+ ctx->ocount -= ret; -+ } -+ if (ctx->odone) -+ return 1; -+ -+ /* Compress some more */ -+ -+ /* Reset buffer */ -+ ctx->optr = ctx->obuf; -+ zout->next_out = ctx->obuf; -+ zout->avail_out = ctx->obufsize; -+ /* Compress some more */ -+ ret = deflate(zout, Z_FINISH); -+ if (ret == Z_STREAM_END) -+ ctx->odone = 1; -+ else if (ret != Z_OK) { -+ COMPerr(COMP_F_BIO_ZLIB_FLUSH, COMP_R_ZLIB_DEFLATE_ERROR); -+ ERR_add_error_data(2, "zlib error:", zError(ret)); -+ return 0; -+ } -+ ctx->ocount = ctx->obufsize - zout->avail_out; -+ } -+} - - static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- BIO_ZLIB_CTX *ctx; -- int ret, *ip; -- int ibs, obs; -- if(!b->next_bio) return 0; -- ctx = (BIO_ZLIB_CTX *)b->ptr; -- switch (cmd) -- { -- -- case BIO_CTRL_RESET: -- ctx->ocount = 0; -- ctx->odone = 0; -- ret = 1; -- break; -- -- case BIO_CTRL_FLUSH: -- ret = bio_zlib_flush(b); -- if (ret > 0) -- ret = BIO_flush(b->next_bio); -- break; -- -- case BIO_C_SET_BUFF_SIZE: -- ibs = -1; -- obs = -1; -- if (ptr != NULL) -- { -- ip = ptr; -- if (*ip == 0) -- ibs = (int) num; -- else -- obs = (int) num; -- } -- else -- { -- ibs = (int)num; -- obs = ibs; -- } -- -- if (ibs != -1) -- { -- if (ctx->ibuf) -- { -- OPENSSL_free(ctx->ibuf); -- ctx->ibuf = NULL; -- } -- ctx->ibufsize = ibs; -- } -- -- if (obs != -1) -- { -- if (ctx->obuf) -- { -- OPENSSL_free(ctx->obuf); -- ctx->obuf = NULL; -- } -- ctx->obufsize = obs; -- } -- ret = 1; -- break; -- -- case BIO_C_DO_STATE_MACHINE: -- BIO_clear_retry_flags(b); -- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -- BIO_copy_next_retry(b); -- break; -- -- default: -- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -- break; -- } -- -- return ret; -- } -+{ -+ BIO_ZLIB_CTX *ctx; -+ int ret, *ip; -+ int ibs, obs; -+ if (!b->next_bio) -+ return 0; -+ ctx = (BIO_ZLIB_CTX *) b->ptr; -+ switch (cmd) { -+ -+ case BIO_CTRL_RESET: -+ ctx->ocount = 0; -+ ctx->odone = 0; -+ ret = 1; -+ break; -+ -+ case BIO_CTRL_FLUSH: -+ ret = bio_zlib_flush(b); -+ if (ret > 0) -+ ret = BIO_flush(b->next_bio); -+ break; -+ -+ case BIO_C_SET_BUFF_SIZE: -+ ibs = -1; -+ obs = -1; -+ if (ptr != NULL) { -+ ip = ptr; -+ if (*ip == 0) -+ ibs = (int)num; -+ else -+ obs = (int)num; -+ } else { -+ ibs = (int)num; -+ obs = ibs; -+ } -+ -+ if (ibs != -1) { -+ if (ctx->ibuf) { -+ OPENSSL_free(ctx->ibuf); -+ ctx->ibuf = NULL; -+ } -+ ctx->ibufsize = ibs; -+ } -+ -+ if (obs != -1) { -+ if (ctx->obuf) { -+ OPENSSL_free(ctx->obuf); -+ ctx->obuf = NULL; -+ } -+ ctx->obufsize = obs; -+ } -+ ret = 1; -+ break; -+ -+ case BIO_C_DO_STATE_MACHINE: -+ BIO_clear_retry_flags(b); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ BIO_copy_next_retry(b); -+ break; -+ -+ default: -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ } - -+ return ret; -+} - - static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -- { -- if(!b->next_bio) -- return 0; -- return -- BIO_callback_ctrl(b->next_bio, cmd, fp); -- } -+{ -+ if (!b->next_bio) -+ return 0; -+ return BIO_callback_ctrl(b->next_bio, cmd, fp); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c -index 187d68b..edc8819 100644 ---- a/Cryptlib/OpenSSL/crypto/comp/comp_err.c -+++ b/Cryptlib/OpenSSL/crypto/comp/comp_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,36 +66,33 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) - --static ERR_STRING_DATA COMP_str_functs[]= -- { --{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, --{ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, --{ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, --{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, --{0,NULL} -- }; -+static ERR_STRING_DATA COMP_str_functs[] = { -+ {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, -+ {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, -+ {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, -+ {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA COMP_str_reasons[]= -- { --{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR) ,"zlib deflate error"}, --{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR) ,"zlib inflate error"}, --{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED) ,"zlib not supported"}, --{0,NULL} -- }; -+static ERR_STRING_DATA COMP_str_reasons[] = { -+ {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"}, -+ {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR), "zlib inflate error"}, -+ {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_COMP_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,COMP_str_functs); -- ERR_load_strings(0,COMP_str_reasons); -- } -+ if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, COMP_str_functs); -+ ERR_load_strings(0, COMP_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c -index b60ae37..bd4eb7a 100644 ---- a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c -+++ b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c -@@ -5,68 +5,62 @@ - #include - - COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) -- { -- COMP_CTX *ret; -+{ -+ COMP_CTX *ret; - -- if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) -- { -- /* ZZZZZZZZZZZZZZZZ */ -- return(NULL); -- } -- memset(ret,0,sizeof(COMP_CTX)); -- ret->meth=meth; -- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) -- { -- OPENSSL_free(ret); -- ret=NULL; -- } -- return(ret); -- } -+ if ((ret = (COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) { -+ /* ZZZZZZZZZZZZZZZZ */ -+ return (NULL); -+ } -+ memset(ret, 0, sizeof(COMP_CTX)); -+ ret->meth = meth; -+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+ return (ret); -+} - - void COMP_CTX_free(COMP_CTX *ctx) -- { -- if(ctx == NULL) -- return; -+{ -+ if (ctx == NULL) -+ return; - -- if (ctx->meth->finish != NULL) -- ctx->meth->finish(ctx); -+ if (ctx->meth->finish != NULL) -+ ctx->meth->finish(ctx); - -- OPENSSL_free(ctx); -- } -+ OPENSSL_free(ctx); -+} - - int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, -- unsigned char *in, int ilen) -- { -- int ret; -- if (ctx->meth->compress == NULL) -- { -- /* ZZZZZZZZZZZZZZZZZ */ -- return(-1); -- } -- ret=ctx->meth->compress(ctx,out,olen,in,ilen); -- if (ret > 0) -- { -- ctx->compress_in+=ilen; -- ctx->compress_out+=ret; -- } -- return(ret); -- } -+ unsigned char *in, int ilen) -+{ -+ int ret; -+ if (ctx->meth->compress == NULL) { -+ /* ZZZZZZZZZZZZZZZZZ */ -+ return (-1); -+ } -+ ret = ctx->meth->compress(ctx, out, olen, in, ilen); -+ if (ret > 0) { -+ ctx->compress_in += ilen; -+ ctx->compress_out += ret; -+ } -+ return (ret); -+} - - int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, -- unsigned char *in, int ilen) -- { -- int ret; -+ unsigned char *in, int ilen) -+{ -+ int ret; - -- if (ctx->meth->expand == NULL) -- { -- /* ZZZZZZZZZZZZZZZZZ */ -- return(-1); -- } -- ret=ctx->meth->expand(ctx,out,olen,in,ilen); -- if (ret > 0) -- { -- ctx->expand_in+=ilen; -- ctx->expand_out+=ret; -- } -- return(ret); -- } -+ if (ctx->meth->expand == NULL) { -+ /* ZZZZZZZZZZZZZZZZZ */ -+ return (-1); -+ } -+ ret = ctx->meth->expand(ctx, out, olen, in, ilen); -+ if (ret > 0) { -+ ctx->expand_in += ilen; -+ ctx->expand_out += ret; -+ } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c -index 55d1d50..d994ef8 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,7 +59,7 @@ - /* Part of the code in here was originally in conf.c, which is now removed */ - - #ifndef CONF_DEBUG --# undef NDEBUG /* avoid conflicting definitions */ -+# undef NDEBUG /* avoid conflicting definitions */ - # define NDEBUG - #endif - -@@ -71,239 +71,240 @@ - #include "e_os.h" - - static void value_free_hash(CONF_VALUE *a, LHASH *conf); --static void value_free_stack(CONF_VALUE *a,LHASH *conf); -+static void value_free_stack(CONF_VALUE *a, LHASH *conf); - static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *) - static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *) --/* We don't use function pointer casting or wrapper functions - but cast each -- * callback parameter inside the callback functions. */ -+/* -+ * We don't use function pointer casting or wrapper functions - but cast each -+ * callback parameter inside the callback functions. -+ */ - /* static unsigned long hash(CONF_VALUE *v); */ - static unsigned long hash(const void *v_void); - /* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */ --static int cmp_conf(const void *a_void,const void *b_void); -+static int cmp_conf(const void *a_void, const void *b_void); - - /* Up until OpenSSL 0.9.5a, this was get_section */ - CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) -- { -- CONF_VALUE *v,vv; -+{ -+ CONF_VALUE *v, vv; - -- if ((conf == NULL) || (section == NULL)) return(NULL); -- vv.name=NULL; -- vv.section=(char *)section; -- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); -- return(v); -- } -+ if ((conf == NULL) || (section == NULL)) -+ return (NULL); -+ vv.name = NULL; -+ vv.section = (char *)section; -+ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); -+ return (v); -+} - - /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ - STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, -- const char *section) -- { -- CONF_VALUE *v; -+ const char *section) -+{ -+ CONF_VALUE *v; - -- v=_CONF_get_section(conf,section); -- if (v != NULL) -- return((STACK_OF(CONF_VALUE) *)v->value); -- else -- return(NULL); -- } -+ v = _CONF_get_section(conf, section); -+ if (v != NULL) -+ return ((STACK_OF(CONF_VALUE) *)v->value); -+ else -+ return (NULL); -+} - - int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) -- { -- CONF_VALUE *v = NULL; -- STACK_OF(CONF_VALUE) *ts; -- -- ts = (STACK_OF(CONF_VALUE) *)section->value; -- -- value->section=section->section; -- if (!sk_CONF_VALUE_push(ts,value)) -- { -- return 0; -- } -- -- v = (CONF_VALUE *)lh_insert(conf->data, value); -- if (v != NULL) -- { -- (void)sk_CONF_VALUE_delete_ptr(ts,v); -- OPENSSL_free(v->name); -- OPENSSL_free(v->value); -- OPENSSL_free(v); -- } -- return 1; -- } -- --char *_CONF_get_string(const CONF *conf, const char *section, const char *name) -- { -- CONF_VALUE *v,vv; -- char *p; -- -- if (name == NULL) return(NULL); -- if (conf != NULL) -- { -- if (section != NULL) -- { -- vv.name=(char *)name; -- vv.section=(char *)section; -- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); -- if (v != NULL) return(v->value); -- if (strcmp(section,"ENV") == 0) -- { -- p=Getenv(name); -- if (p != NULL) return(p); -- } -- } -- vv.section="default"; -- vv.name=(char *)name; -- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); -- if (v != NULL) -- return(v->value); -- else -- return(NULL); -- } -- else -- return(Getenv(name)); -- } -- --#if 0 /* There's no way to provide error checking with this function, so -- force implementors of the higher levels to get a string and read -- the number themselves. */ -+{ -+ CONF_VALUE *v = NULL; -+ STACK_OF(CONF_VALUE) *ts; -+ -+ ts = (STACK_OF(CONF_VALUE) *)section->value; -+ -+ value->section = section->section; -+ if (!sk_CONF_VALUE_push(ts, value)) { -+ return 0; -+ } -+ -+ v = (CONF_VALUE *)lh_insert(conf->data, value); -+ if (v != NULL) { -+ (void)sk_CONF_VALUE_delete_ptr(ts, v); -+ OPENSSL_free(v->name); -+ OPENSSL_free(v->value); -+ OPENSSL_free(v); -+ } -+ return 1; -+} -+ -+char *_CONF_get_string(const CONF *conf, const char *section, -+ const char *name) -+{ -+ CONF_VALUE *v, vv; -+ char *p; -+ -+ if (name == NULL) -+ return (NULL); -+ if (conf != NULL) { -+ if (section != NULL) { -+ vv.name = (char *)name; -+ vv.section = (char *)section; -+ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); -+ if (v != NULL) -+ return (v->value); -+ if (strcmp(section, "ENV") == 0) { -+ p = Getenv(name); -+ if (p != NULL) -+ return (p); -+ } -+ } -+ vv.section = "default"; -+ vv.name = (char *)name; -+ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); -+ if (v != NULL) -+ return (v->value); -+ else -+ return (NULL); -+ } else -+ return (Getenv(name)); -+} -+ -+#if 0 /* There's no way to provide error checking -+ * with this function, so force implementors -+ * of the higher levels to get a string and -+ * read the number themselves. */ - long _CONF_get_number(CONF *conf, char *section, char *name) -- { -- char *str; -- long ret=0; -- -- str=_CONF_get_string(conf,section,name); -- if (str == NULL) return(0); -- for (;;) -- { -- if (conf->meth->is_number(conf, *str)) -- ret=ret*10+conf->meth->to_int(conf, *str); -- else -- return(ret); -- str++; -- } -- } -+{ -+ char *str; -+ long ret = 0; -+ -+ str = _CONF_get_string(conf, section, name); -+ if (str == NULL) -+ return (0); -+ for (;;) { -+ if (conf->meth->is_number(conf, *str)) -+ ret = ret * 10 + conf->meth->to_int(conf, *str); -+ else -+ return (ret); -+ str++; -+ } -+} - #endif - - int _CONF_new_data(CONF *conf) -- { -- if (conf == NULL) -- { -- return 0; -- } -- if (conf->data == NULL) -- if ((conf->data = lh_new(hash, cmp_conf)) == NULL) -- { -- return 0; -- } -- return 1; -- } -+{ -+ if (conf == NULL) { -+ return 0; -+ } -+ if (conf->data == NULL) -+ if ((conf->data = lh_new(hash, cmp_conf)) == NULL) { -+ return 0; -+ } -+ return 1; -+} - - void _CONF_free_data(CONF *conf) -- { -- if (conf == NULL || conf->data == NULL) return; -+{ -+ if (conf == NULL || conf->data == NULL) -+ return; - -- conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()' -- * works as expected */ -- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), -- conf->data); -+ conf->data->down_load = 0; /* evil thing to make sure the -+ * 'OPENSSL_free()' works as expected */ -+ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), conf->data); - -- /* We now have only 'section' entries in the hash table. -- * Due to problems with */ -+ /* -+ * We now have only 'section' entries in the hash table. Due to problems -+ * with -+ */ - -- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack), -- conf->data); -- lh_free(conf->data); -- } -+ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack), -+ conf->data); -+ lh_free(conf->data); -+} - - static void value_free_hash(CONF_VALUE *a, LHASH *conf) -- { -- if (a->name != NULL) -- { -- a=(CONF_VALUE *)lh_delete(conf,a); -- } -- } -+{ -+ if (a->name != NULL) { -+ a = (CONF_VALUE *)lh_delete(conf, a); -+ } -+} - - static void value_free_stack(CONF_VALUE *a, LHASH *conf) -- { -- CONF_VALUE *vv; -- STACK *sk; -- int i; -- -- if (a->name != NULL) return; -- -- sk=(STACK *)a->value; -- for (i=sk_num(sk)-1; i>=0; i--) -- { -- vv=(CONF_VALUE *)sk_value(sk,i); -- OPENSSL_free(vv->value); -- OPENSSL_free(vv->name); -- OPENSSL_free(vv); -- } -- if (sk != NULL) sk_free(sk); -- OPENSSL_free(a->section); -- OPENSSL_free(a); -- } -+{ -+ CONF_VALUE *vv; -+ STACK *sk; -+ int i; -+ -+ if (a->name != NULL) -+ return; -+ -+ sk = (STACK *) a->value; -+ for (i = sk_num(sk) - 1; i >= 0; i--) { -+ vv = (CONF_VALUE *)sk_value(sk, i); -+ OPENSSL_free(vv->value); -+ OPENSSL_free(vv->name); -+ OPENSSL_free(vv); -+ } -+ if (sk != NULL) -+ sk_free(sk); -+ OPENSSL_free(a->section); -+ OPENSSL_free(a); -+} - - /* static unsigned long hash(CONF_VALUE *v) */ - static unsigned long hash(const void *v_void) -- { -- CONF_VALUE *v = (CONF_VALUE *)v_void; -- return((lh_strhash(v->section)<<2)^lh_strhash(v->name)); -- } -+{ -+ CONF_VALUE *v = (CONF_VALUE *)v_void; -+ return ((lh_strhash(v->section) << 2) ^ lh_strhash(v->name)); -+} - - /* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */ --static int cmp_conf(const void *a_void,const void *b_void) -- { -- int i; -- CONF_VALUE *a = (CONF_VALUE *)a_void; -- CONF_VALUE *b = (CONF_VALUE *)b_void; -- -- if (a->section != b->section) -- { -- i=strcmp(a->section,b->section); -- if (i) return(i); -- } -- -- if ((a->name != NULL) && (b->name != NULL)) -- { -- i=strcmp(a->name,b->name); -- return(i); -- } -- else if (a->name == b->name) -- return(0); -- else -- return((a->name == NULL)?-1:1); -- } -+static int cmp_conf(const void *a_void, const void *b_void) -+{ -+ int i; -+ CONF_VALUE *a = (CONF_VALUE *)a_void; -+ CONF_VALUE *b = (CONF_VALUE *)b_void; -+ -+ if (a->section != b->section) { -+ i = strcmp(a->section, b->section); -+ if (i) -+ return (i); -+ } -+ -+ if ((a->name != NULL) && (b->name != NULL)) { -+ i = strcmp(a->name, b->name); -+ return (i); -+ } else if (a->name == b->name) -+ return (0); -+ else -+ return ((a->name == NULL) ? -1 : 1); -+} - - /* Up until OpenSSL 0.9.5a, this was new_section */ - CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) -- { -- STACK *sk=NULL; -- int ok=0,i; -- CONF_VALUE *v=NULL,*vv; -- -- if ((sk=sk_new_null()) == NULL) -- goto err; -- if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) -- goto err; -- i=strlen(section)+1; -- if ((v->section=(char *)OPENSSL_malloc(i)) == NULL) -- goto err; -- -- memcpy(v->section,section,i); -- v->name=NULL; -- v->value=(char *)sk; -- -- vv=(CONF_VALUE *)lh_insert(conf->data,v); -- OPENSSL_assert(vv == NULL); -- ok=1; --err: -- if (!ok) -- { -- if (sk != NULL) sk_free(sk); -- if (v != NULL) OPENSSL_free(v); -- v=NULL; -- } -- return(v); -- } -+{ -+ STACK *sk = NULL; -+ int ok = 0, i; -+ CONF_VALUE *v = NULL, *vv; -+ -+ if ((sk = sk_new_null()) == NULL) -+ goto err; -+ if ((v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) -+ goto err; -+ i = strlen(section) + 1; -+ if ((v->section = (char *)OPENSSL_malloc(i)) == NULL) -+ goto err; -+ -+ memcpy(v->section, section, i); -+ v->name = NULL; -+ v->value = (char *)sk; -+ -+ vv = (CONF_VALUE *)lh_insert(conf->data, v); -+ OPENSSL_assert(vv == NULL); -+ ok = 1; -+ err: -+ if (!ok) { -+ if (sk != NULL) -+ sk_free(sk); -+ if (v != NULL) -+ OPENSSL_free(v); -+ v = NULL; -+ } -+ return (v); -+} - - IMPLEMENT_STACK_OF(CONF_VALUE) -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c -index a168339..8ca68e1 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -72,10 +72,10 @@ - static char *eat_ws(CONF *conf, char *p); - static char *eat_alpha_numeric(CONF *conf, char *p); - static void clear_comments(CONF *conf, char *p); --static int str_copy(CONF *conf,char *section,char **to, char *from); -+static int str_copy(CONF *conf, char *section, char **to, char *from); - static char *scan_quote(CONF *conf, char *p); - static char *scan_dquote(CONF *conf, char *p); --#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) -+#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) - - static CONF *def_create(CONF_METHOD *meth); - static int def_init_default(CONF *conf); -@@ -88,660 +88,622 @@ static int def_dump(const CONF *conf, BIO *bp); - static int def_is_number(const CONF *conf, char c); - static int def_to_int(const CONF *conf, char c); - --const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT; -+const char CONF_def_version[] = "CONF_def" OPENSSL_VERSION_PTEXT; - - static CONF_METHOD default_method = { -- "OpenSSL default", -- def_create, -- def_init_default, -- def_destroy, -- def_destroy_data, -- def_load_bio, -- def_dump, -- def_is_number, -- def_to_int, -- def_load -- }; -+ "OpenSSL default", -+ def_create, -+ def_init_default, -+ def_destroy, -+ def_destroy_data, -+ def_load_bio, -+ def_dump, -+ def_is_number, -+ def_to_int, -+ def_load -+}; - - static CONF_METHOD WIN32_method = { -- "WIN32", -- def_create, -- def_init_WIN32, -- def_destroy, -- def_destroy_data, -- def_load_bio, -- def_dump, -- def_is_number, -- def_to_int, -- def_load -- }; -+ "WIN32", -+ def_create, -+ def_init_WIN32, -+ def_destroy, -+ def_destroy_data, -+ def_load_bio, -+ def_dump, -+ def_is_number, -+ def_to_int, -+ def_load -+}; - - CONF_METHOD *NCONF_default() -- { -- return &default_method; -- } -+{ -+ return &default_method; -+} -+ - CONF_METHOD *NCONF_WIN32() -- { -- return &WIN32_method; -- } -+{ -+ return &WIN32_method; -+} - - static CONF *def_create(CONF_METHOD *meth) -- { -- CONF *ret; -- -- ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); -- if (ret) -- if (meth->init(ret) == 0) -- { -- OPENSSL_free(ret); -- ret = NULL; -- } -- return ret; -- } -- -+{ -+ CONF *ret; -+ -+ ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); -+ if (ret) -+ if (meth->init(ret) == 0) { -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+ return ret; -+} -+ - static int def_init_default(CONF *conf) -- { -- if (conf == NULL) -- return 0; -+{ -+ if (conf == NULL) -+ return 0; - -- conf->meth = &default_method; -- conf->meth_data = (void *)CONF_type_default; -- conf->data = NULL; -+ conf->meth = &default_method; -+ conf->meth_data = (void *)CONF_type_default; -+ conf->data = NULL; - -- return 1; -- } -+ return 1; -+} - - static int def_init_WIN32(CONF *conf) -- { -- if (conf == NULL) -- return 0; -+{ -+ if (conf == NULL) -+ return 0; - -- conf->meth = &WIN32_method; -- conf->meth_data = (void *)CONF_type_win32; -- conf->data = NULL; -+ conf->meth = &WIN32_method; -+ conf->meth_data = (void *)CONF_type_win32; -+ conf->data = NULL; - -- return 1; -- } -+ return 1; -+} - - static int def_destroy(CONF *conf) -- { -- if (def_destroy_data(conf)) -- { -- OPENSSL_free(conf); -- return 1; -- } -- return 0; -- } -+{ -+ if (def_destroy_data(conf)) { -+ OPENSSL_free(conf); -+ return 1; -+ } -+ return 0; -+} - - static int def_destroy_data(CONF *conf) -- { -- if (conf == NULL) -- return 0; -- _CONF_free_data(conf); -- return 1; -- } -+{ -+ if (conf == NULL) -+ return 0; -+ _CONF_free_data(conf); -+ return 1; -+} - - static int def_load(CONF *conf, const char *name, long *line) -- { -- int ret; -- BIO *in=NULL; -+{ -+ int ret; -+ BIO *in = NULL; - - #ifdef OPENSSL_SYS_VMS -- in=BIO_new_file(name, "r"); -+ in = BIO_new_file(name, "r"); - #else -- in=BIO_new_file(name, "rb"); -+ in = BIO_new_file(name, "rb"); - #endif -- if (in == NULL) -- { -- if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) -- CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE); -- else -- CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB); -- return 0; -- } -+ if (in == NULL) { -+ if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) -+ CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE); -+ else -+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB); -+ return 0; -+ } - -- ret = def_load_bio(conf, in, line); -- BIO_free(in); -+ ret = def_load_bio(conf, in, line); -+ BIO_free(in); - -- return ret; -- } -+ return ret; -+} - - static int def_load_bio(CONF *conf, BIO *in, long *line) -- { -+{ - /* The macro BUFSIZE conflicts with a system macro in VxWorks */ --#define CONFBUFSIZE 512 -- int bufnum=0,i,ii; -- BUF_MEM *buff=NULL; -- char *s,*p,*end; -- int again; -- long eline=0; -- char btmp[DECIMAL_SIZE(eline)+1]; -- CONF_VALUE *v=NULL,*tv; -- CONF_VALUE *sv=NULL; -- char *section=NULL,*buf; --/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/ --/* STACK_OF(CONF_VALUE) *ts=NULL;*/ -- char *start,*psection,*pname; -- void *h = (void *)(conf->data); -- -- if ((buff=BUF_MEM_new()) == NULL) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB); -- goto err; -- } -- -- section=(char *)OPENSSL_malloc(10); -- if (section == NULL) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- BUF_strlcpy(section,"default",10); -- -- if (_CONF_new_data(conf) == 0) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- sv=_CONF_new_section(conf,section); -- if (sv == NULL) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO, -- CONF_R_UNABLE_TO_CREATE_NEW_SECTION); -- goto err; -- } --/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ -- -- bufnum=0; -- again=0; -- for (;;) -- { -- if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE)) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB); -- goto err; -- } -- p= &(buff->data[bufnum]); -- *p='\0'; -- BIO_gets(in, p, CONFBUFSIZE-1); -- p[CONFBUFSIZE-1]='\0'; -- ii=i=strlen(p); -- if (i == 0 && !again) break; -- again=0; -- while (i > 0) -- { -- if ((p[i-1] != '\r') && (p[i-1] != '\n')) -- break; -- else -- i--; -- } -- /* we removed some trailing stuff so there is a new -- * line on the end. */ -- if (ii && i == ii) -- again=1; /* long line */ -- else -- { -- p[i]='\0'; -- eline++; /* another input line */ -- } -- -- /* we now have a line with trailing \r\n removed */ -- -- /* i is the number of bytes */ -- bufnum+=i; -- -- v=NULL; -- /* check for line continuation */ -- if (bufnum >= 1) -- { -- /* If we have bytes and the last char '\\' and -- * second last char is not '\\' */ -- p= &(buff->data[bufnum-1]); -- if (IS_ESC(conf,p[0]) && -- ((bufnum <= 1) || !IS_ESC(conf,p[-1]))) -- { -- bufnum--; -- again=1; -- } -- } -- if (again) continue; -- bufnum=0; -- buf=buff->data; -- -- clear_comments(conf, buf); -- s=eat_ws(conf, buf); -- if (IS_EOF(conf,*s)) continue; /* blank line */ -- if (*s == '[') -- { -- char *ss; -- -- s++; -- start=eat_ws(conf, s); -- ss=start; --again: -- end=eat_alpha_numeric(conf, ss); -- p=eat_ws(conf, end); -- if (*p != ']') -- { -- if (*p != '\0' && ss != p) -- { -- ss=p; -- goto again; -- } -- CONFerr(CONF_F_DEF_LOAD_BIO, -- CONF_R_MISSING_CLOSE_SQUARE_BRACKET); -- goto err; -- } -- *end='\0'; -- if (!str_copy(conf,NULL,§ion,start)) goto err; -- if ((sv=_CONF_get_section(conf,section)) == NULL) -- sv=_CONF_new_section(conf,section); -- if (sv == NULL) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO, -- CONF_R_UNABLE_TO_CREATE_NEW_SECTION); -- goto err; -- } --/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ -- continue; -- } -- else -- { -- pname=s; -- psection=NULL; -- end=eat_alpha_numeric(conf, s); -- if ((end[0] == ':') && (end[1] == ':')) -- { -- *end='\0'; -- end+=2; -- psection=pname; -- pname=end; -- end=eat_alpha_numeric(conf, end); -- } -- p=eat_ws(conf, end); -- if (*p != '=') -- { -- CONFerr(CONF_F_DEF_LOAD_BIO, -- CONF_R_MISSING_EQUAL_SIGN); -- goto err; -- } -- *end='\0'; -- p++; -- start=eat_ws(conf, p); -- while (!IS_EOF(conf,*p)) -- p++; -- p--; -- while ((p != start) && (IS_WS(conf,*p))) -- p--; -- p++; -- *p='\0'; -- -- if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (psection == NULL) psection=section; -- v->name=(char *)OPENSSL_malloc(strlen(pname)+1); -- v->value=NULL; -- if (v->name == NULL) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- BUF_strlcpy(v->name,pname,strlen(pname)+1); -- if (!str_copy(conf,psection,&(v->value),start)) goto err; -- -- if (strcmp(psection,section) != 0) -- { -- if ((tv=_CONF_get_section(conf,psection)) -- == NULL) -- tv=_CONF_new_section(conf,psection); -- if (tv == NULL) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO, -- CONF_R_UNABLE_TO_CREATE_NEW_SECTION); -- goto err; -- } --/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/ -- } -- else -- { -- tv=sv; --/* ts=section_sk;*/ -- } -+#define CONFBUFSIZE 512 -+ int bufnum = 0, i, ii; -+ BUF_MEM *buff = NULL; -+ char *s, *p, *end; -+ int again; -+ long eline = 0; -+ char btmp[DECIMAL_SIZE(eline) + 1]; -+ CONF_VALUE *v = NULL, *tv; -+ CONF_VALUE *sv = NULL; -+ char *section = NULL, *buf; -+/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/ -+/* STACK_OF(CONF_VALUE) *ts=NULL;*/ -+ char *start, *psection, *pname; -+ void *h = (void *)(conf->data); -+ -+ if ((buff = BUF_MEM_new()) == NULL) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); -+ goto err; -+ } -+ -+ section = (char *)OPENSSL_malloc(10); -+ if (section == NULL) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ BUF_strlcpy(section, "default", 10); -+ -+ if (_CONF_new_data(conf) == 0) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ sv = _CONF_new_section(conf, section); -+ if (sv == NULL) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); -+ goto err; -+ } -+/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ -+ -+ bufnum = 0; -+ again = 0; -+ for (;;) { -+ if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); -+ goto err; -+ } -+ p = &(buff->data[bufnum]); -+ *p = '\0'; -+ BIO_gets(in, p, CONFBUFSIZE - 1); -+ p[CONFBUFSIZE - 1] = '\0'; -+ ii = i = strlen(p); -+ if (i == 0 && !again) -+ break; -+ again = 0; -+ while (i > 0) { -+ if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) -+ break; -+ else -+ i--; -+ } -+ /* -+ * we removed some trailing stuff so there is a new line on the end. -+ */ -+ if (ii && i == ii) -+ again = 1; /* long line */ -+ else { -+ p[i] = '\0'; -+ eline++; /* another input line */ -+ } -+ -+ /* we now have a line with trailing \r\n removed */ -+ -+ /* i is the number of bytes */ -+ bufnum += i; -+ -+ v = NULL; -+ /* check for line continuation */ -+ if (bufnum >= 1) { -+ /* -+ * If we have bytes and the last char '\\' and second last char -+ * is not '\\' -+ */ -+ p = &(buff->data[bufnum - 1]); -+ if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) { -+ bufnum--; -+ again = 1; -+ } -+ } -+ if (again) -+ continue; -+ bufnum = 0; -+ buf = buff->data; -+ -+ clear_comments(conf, buf); -+ s = eat_ws(conf, buf); -+ if (IS_EOF(conf, *s)) -+ continue; /* blank line */ -+ if (*s == '[') { -+ char *ss; -+ -+ s++; -+ start = eat_ws(conf, s); -+ ss = start; -+ again: -+ end = eat_alpha_numeric(conf, ss); -+ p = eat_ws(conf, end); -+ if (*p != ']') { -+ if (*p != '\0' && ss != p) { -+ ss = p; -+ goto again; -+ } -+ CONFerr(CONF_F_DEF_LOAD_BIO, -+ CONF_R_MISSING_CLOSE_SQUARE_BRACKET); -+ goto err; -+ } -+ *end = '\0'; -+ if (!str_copy(conf, NULL, §ion, start)) -+ goto err; -+ if ((sv = _CONF_get_section(conf, section)) == NULL) -+ sv = _CONF_new_section(conf, section); -+ if (sv == NULL) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, -+ CONF_R_UNABLE_TO_CREATE_NEW_SECTION); -+ goto err; -+ } -+/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ -+ continue; -+ } else { -+ pname = s; -+ psection = NULL; -+ end = eat_alpha_numeric(conf, s); -+ if ((end[0] == ':') && (end[1] == ':')) { -+ *end = '\0'; -+ end += 2; -+ psection = pname; -+ pname = end; -+ end = eat_alpha_numeric(conf, end); -+ } -+ p = eat_ws(conf, end); -+ if (*p != '=') { -+ CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN); -+ goto err; -+ } -+ *end = '\0'; -+ p++; -+ start = eat_ws(conf, p); -+ while (!IS_EOF(conf, *p)) -+ p++; -+ p--; -+ while ((p != start) && (IS_WS(conf, *p))) -+ p--; -+ p++; -+ *p = '\0'; -+ -+ if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (psection == NULL) -+ psection = section; -+ v->name = (char *)OPENSSL_malloc(strlen(pname) + 1); -+ v->value = NULL; -+ if (v->name == NULL) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ BUF_strlcpy(v->name, pname, strlen(pname) + 1); -+ if (!str_copy(conf, psection, &(v->value), start)) -+ goto err; -+ -+ if (strcmp(psection, section) != 0) { -+ if ((tv = _CONF_get_section(conf, psection)) -+ == NULL) -+ tv = _CONF_new_section(conf, psection); -+ if (tv == NULL) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, -+ CONF_R_UNABLE_TO_CREATE_NEW_SECTION); -+ goto err; -+ } -+/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/ -+ } else { -+ tv = sv; -+/* ts=section_sk;*/ -+ } - #if 1 -- if (_CONF_add_string(conf, tv, v) == 0) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ if (_CONF_add_string(conf, tv, v) == 0) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - #else -- v->section=tv->section; -- if (!sk_CONF_VALUE_push(ts,v)) -- { -- CONFerr(CONF_F_DEF_LOAD_BIO, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- vv=(CONF_VALUE *)lh_insert(conf->data,v); -- if (vv != NULL) -- { -- sk_CONF_VALUE_delete_ptr(ts,vv); -- OPENSSL_free(vv->name); -- OPENSSL_free(vv->value); -- OPENSSL_free(vv); -- } -+ v->section = tv->section; -+ if (!sk_CONF_VALUE_push(ts, v)) { -+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ vv = (CONF_VALUE *)lh_insert(conf->data, v); -+ if (vv != NULL) { -+ sk_CONF_VALUE_delete_ptr(ts, vv); -+ OPENSSL_free(vv->name); -+ OPENSSL_free(vv->value); -+ OPENSSL_free(vv); -+ } - #endif -- v=NULL; -- } -- } -- if (buff != NULL) BUF_MEM_free(buff); -- if (section != NULL) OPENSSL_free(section); -- return(1); --err: -- if (buff != NULL) BUF_MEM_free(buff); -- if (section != NULL) OPENSSL_free(section); -- if (line != NULL) *line=eline; -- BIO_snprintf(btmp,sizeof btmp,"%ld",eline); -- ERR_add_error_data(2,"line ",btmp); -- if ((h != conf->data) && (conf->data != NULL)) -- { -- CONF_free(conf->data); -- conf->data=NULL; -- } -- if (v != NULL) -- { -- if (v->name != NULL) OPENSSL_free(v->name); -- if (v->value != NULL) OPENSSL_free(v->value); -- if (v != NULL) OPENSSL_free(v); -- } -- return(0); -- } -+ v = NULL; -+ } -+ } -+ if (buff != NULL) -+ BUF_MEM_free(buff); -+ if (section != NULL) -+ OPENSSL_free(section); -+ return (1); -+ err: -+ if (buff != NULL) -+ BUF_MEM_free(buff); -+ if (section != NULL) -+ OPENSSL_free(section); -+ if (line != NULL) -+ *line = eline; -+ BIO_snprintf(btmp, sizeof btmp, "%ld", eline); -+ ERR_add_error_data(2, "line ", btmp); -+ if ((h != conf->data) && (conf->data != NULL)) { -+ CONF_free(conf->data); -+ conf->data = NULL; -+ } -+ if (v != NULL) { -+ if (v->name != NULL) -+ OPENSSL_free(v->name); -+ if (v->value != NULL) -+ OPENSSL_free(v->value); -+ if (v != NULL) -+ OPENSSL_free(v); -+ } -+ return (0); -+} - - static void clear_comments(CONF *conf, char *p) -- { -- for (;;) -- { -- if (IS_FCOMMENT(conf,*p)) -- { -- *p='\0'; -- return; -- } -- if (!IS_WS(conf,*p)) -- { -- break; -- } -- p++; -- } -- -- for (;;) -- { -- if (IS_COMMENT(conf,*p)) -- { -- *p='\0'; -- return; -- } -- if (IS_DQUOTE(conf,*p)) -- { -- p=scan_dquote(conf, p); -- continue; -- } -- if (IS_QUOTE(conf,*p)) -- { -- p=scan_quote(conf, p); -- continue; -- } -- if (IS_ESC(conf,*p)) -- { -- p=scan_esc(conf,p); -- continue; -- } -- if (IS_EOF(conf,*p)) -- return; -- else -- p++; -- } -- } -+{ -+ for (;;) { -+ if (IS_FCOMMENT(conf, *p)) { -+ *p = '\0'; -+ return; -+ } -+ if (!IS_WS(conf, *p)) { -+ break; -+ } -+ p++; -+ } -+ -+ for (;;) { -+ if (IS_COMMENT(conf, *p)) { -+ *p = '\0'; -+ return; -+ } -+ if (IS_DQUOTE(conf, *p)) { -+ p = scan_dquote(conf, p); -+ continue; -+ } -+ if (IS_QUOTE(conf, *p)) { -+ p = scan_quote(conf, p); -+ continue; -+ } -+ if (IS_ESC(conf, *p)) { -+ p = scan_esc(conf, p); -+ continue; -+ } -+ if (IS_EOF(conf, *p)) -+ return; -+ else -+ p++; -+ } -+} - - static int str_copy(CONF *conf, char *section, char **pto, char *from) -- { -- int q,r,rr=0,to=0,len=0; -- char *s,*e,*rp,*p,*rrp,*np,*cp,v; -- BUF_MEM *buf; -- -- if ((buf=BUF_MEM_new()) == NULL) return(0); -- -- len=strlen(from)+1; -- if (!BUF_MEM_grow(buf,len)) goto err; -- -- for (;;) -- { -- if (IS_QUOTE(conf,*from)) -- { -- q= *from; -- from++; -- while (!IS_EOF(conf,*from) && (*from != q)) -- { -- if (IS_ESC(conf,*from)) -- { -- from++; -- if (IS_EOF(conf,*from)) break; -- } -- buf->data[to++]= *(from++); -- } -- if (*from == q) from++; -- } -- else if (IS_DQUOTE(conf,*from)) -- { -- q= *from; -- from++; -- while (!IS_EOF(conf,*from)) -- { -- if (*from == q) -- { -- if (*(from+1) == q) -- { -- from++; -- } -- else -- { -- break; -- } -- } -- buf->data[to++]= *(from++); -- } -- if (*from == q) from++; -- } -- else if (IS_ESC(conf,*from)) -- { -- from++; -- v= *(from++); -- if (IS_EOF(conf,v)) break; -- else if (v == 'r') v='\r'; -- else if (v == 'n') v='\n'; -- else if (v == 'b') v='\b'; -- else if (v == 't') v='\t'; -- buf->data[to++]= v; -- } -- else if (IS_EOF(conf,*from)) -- break; -- else if (*from == '$') -- { -- /* try to expand it */ -- rrp=NULL; -- s= &(from[1]); -- if (*s == '{') -- q='}'; -- else if (*s == '(') -- q=')'; -- else q=0; -- -- if (q) s++; -- cp=section; -- e=np=s; -- while (IS_ALPHA_NUMERIC(conf,*e)) -- e++; -- if ((e[0] == ':') && (e[1] == ':')) -- { -- cp=np; -- rrp=e; -- rr= *e; -- *rrp='\0'; -- e+=2; -- np=e; -- while (IS_ALPHA_NUMERIC(conf,*e)) -- e++; -- } -- r= *e; -- *e='\0'; -- rp=e; -- if (q) -- { -- if (r != q) -- { -- CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE); -- goto err; -- } -- e++; -- } -- /* So at this point we have -- * np which is the start of the name string which is -- * '\0' terminated. -- * cp which is the start of the section string which is -- * '\0' terminated. -- * e is the 'next point after'. -- * r and rr are the chars replaced by the '\0' -- * rp and rrp is where 'r' and 'rr' came from. -- */ -- p=_CONF_get_string(conf,cp,np); -- if (rrp != NULL) *rrp=rr; -- *rp=r; -- if (p == NULL) -- { -- CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); -- goto err; -- } -- BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from))); -- while (*p) -- buf->data[to++]= *(p++); -- -- /* Since we change the pointer 'from', we also have -- to change the perceived length of the string it -- points at. /RL */ -- len -= e-from; -- from=e; -- -- /* In case there were no braces or parenthesis around -- the variable reference, we have to put back the -- character that was replaced with a '\0'. /RL */ -- *rp = r; -- } -- else -- buf->data[to++]= *(from++); -- } -- buf->data[to]='\0'; -- if (*pto != NULL) OPENSSL_free(*pto); -- *pto=buf->data; -- OPENSSL_free(buf); -- return(1); --err: -- if (buf != NULL) BUF_MEM_free(buf); -- return(0); -- } -+{ -+ int q, r, rr = 0, to = 0, len = 0; -+ char *s, *e, *rp, *p, *rrp, *np, *cp, v; -+ BUF_MEM *buf; -+ -+ if ((buf = BUF_MEM_new()) == NULL) -+ return (0); -+ -+ len = strlen(from) + 1; -+ if (!BUF_MEM_grow(buf, len)) -+ goto err; -+ -+ for (;;) { -+ if (IS_QUOTE(conf, *from)) { -+ q = *from; -+ from++; -+ while (!IS_EOF(conf, *from) && (*from != q)) { -+ if (IS_ESC(conf, *from)) { -+ from++; -+ if (IS_EOF(conf, *from)) -+ break; -+ } -+ buf->data[to++] = *(from++); -+ } -+ if (*from == q) -+ from++; -+ } else if (IS_DQUOTE(conf, *from)) { -+ q = *from; -+ from++; -+ while (!IS_EOF(conf, *from)) { -+ if (*from == q) { -+ if (*(from + 1) == q) { -+ from++; -+ } else { -+ break; -+ } -+ } -+ buf->data[to++] = *(from++); -+ } -+ if (*from == q) -+ from++; -+ } else if (IS_ESC(conf, *from)) { -+ from++; -+ v = *(from++); -+ if (IS_EOF(conf, v)) -+ break; -+ else if (v == 'r') -+ v = '\r'; -+ else if (v == 'n') -+ v = '\n'; -+ else if (v == 'b') -+ v = '\b'; -+ else if (v == 't') -+ v = '\t'; -+ buf->data[to++] = v; -+ } else if (IS_EOF(conf, *from)) -+ break; -+ else if (*from == '$') { -+ /* try to expand it */ -+ rrp = NULL; -+ s = &(from[1]); -+ if (*s == '{') -+ q = '}'; -+ else if (*s == '(') -+ q = ')'; -+ else -+ q = 0; -+ -+ if (q) -+ s++; -+ cp = section; -+ e = np = s; -+ while (IS_ALPHA_NUMERIC(conf, *e)) -+ e++; -+ if ((e[0] == ':') && (e[1] == ':')) { -+ cp = np; -+ rrp = e; -+ rr = *e; -+ *rrp = '\0'; -+ e += 2; -+ np = e; -+ while (IS_ALPHA_NUMERIC(conf, *e)) -+ e++; -+ } -+ r = *e; -+ *e = '\0'; -+ rp = e; -+ if (q) { -+ if (r != q) { -+ CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE); -+ goto err; -+ } -+ e++; -+ } -+ /*- -+ * So at this point we have -+ * np which is the start of the name string which is -+ * '\0' terminated. -+ * cp which is the start of the section string which is -+ * '\0' terminated. -+ * e is the 'next point after'. -+ * r and rr are the chars replaced by the '\0' -+ * rp and rrp is where 'r' and 'rr' came from. -+ */ -+ p = _CONF_get_string(conf, cp, np); -+ if (rrp != NULL) -+ *rrp = rr; -+ *rp = r; -+ if (p == NULL) { -+ CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); -+ goto err; -+ } -+ BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from))); -+ while (*p) -+ buf->data[to++] = *(p++); -+ -+ /* -+ * Since we change the pointer 'from', we also have to change the -+ * perceived length of the string it points at. /RL -+ */ -+ len -= e - from; -+ from = e; -+ -+ /* -+ * In case there were no braces or parenthesis around the -+ * variable reference, we have to put back the character that was -+ * replaced with a '\0'. /RL -+ */ -+ *rp = r; -+ } else -+ buf->data[to++] = *(from++); -+ } -+ buf->data[to] = '\0'; -+ if (*pto != NULL) -+ OPENSSL_free(*pto); -+ *pto = buf->data; -+ OPENSSL_free(buf); -+ return (1); -+ err: -+ if (buf != NULL) -+ BUF_MEM_free(buf); -+ return (0); -+} - - static char *eat_ws(CONF *conf, char *p) -- { -- while (IS_WS(conf,*p) && (!IS_EOF(conf,*p))) -- p++; -- return(p); -- } -+{ -+ while (IS_WS(conf, *p) && (!IS_EOF(conf, *p))) -+ p++; -+ return (p); -+} - - static char *eat_alpha_numeric(CONF *conf, char *p) -- { -- for (;;) -- { -- if (IS_ESC(conf,*p)) -- { -- p=scan_esc(conf,p); -- continue; -- } -- if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p)) -- return(p); -- p++; -- } -- } -+{ -+ for (;;) { -+ if (IS_ESC(conf, *p)) { -+ p = scan_esc(conf, p); -+ continue; -+ } -+ if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p)) -+ return (p); -+ p++; -+ } -+} - - static char *scan_quote(CONF *conf, char *p) -- { -- int q= *p; -- -- p++; -- while (!(IS_EOF(conf,*p)) && (*p != q)) -- { -- if (IS_ESC(conf,*p)) -- { -- p++; -- if (IS_EOF(conf,*p)) return(p); -- } -- p++; -- } -- if (*p == q) p++; -- return(p); -- } -- -+{ -+ int q = *p; -+ -+ p++; -+ while (!(IS_EOF(conf, *p)) && (*p != q)) { -+ if (IS_ESC(conf, *p)) { -+ p++; -+ if (IS_EOF(conf, *p)) -+ return (p); -+ } -+ p++; -+ } -+ if (*p == q) -+ p++; -+ return (p); -+} - - static char *scan_dquote(CONF *conf, char *p) -- { -- int q= *p; -- -- p++; -- while (!(IS_EOF(conf,*p))) -- { -- if (*p == q) -- { -- if (*(p+1) == q) -- { -- p++; -- } -- else -- { -- break; -- } -- } -- p++; -- } -- if (*p == q) p++; -- return(p); -- } -+{ -+ int q = *p; -+ -+ p++; -+ while (!(IS_EOF(conf, *p))) { -+ if (*p == q) { -+ if (*(p + 1) == q) { -+ p++; -+ } else { -+ break; -+ } -+ } -+ p++; -+ } -+ if (*p == q) -+ p++; -+ return (p); -+} - - static void dump_value(CONF_VALUE *a, BIO *out) -- { -- if (a->name) -- BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); -- else -- BIO_printf(out, "[[%s]]\n", a->section); -- } -+{ -+ if (a->name) -+ BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); -+ else -+ BIO_printf(out, "[[%s]]\n", a->section); -+} - - static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *) - - static int def_dump(const CONF *conf, BIO *out) -- { -- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out); -- return 1; -- } -+{ -+ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out); -+ return 1; -+} - - static int def_is_number(const CONF *conf, char c) -- { -- return IS_NUMBER(conf,c); -- } -+{ -+ return IS_NUMBER(conf, c); -+} - - static int def_to_int(const CONF *conf, char c) -- { -- return c - '0'; -- } -- -+{ -+ return c - '0'; -+} -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c -index a16a5e0..20fb12c 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_err.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,65 +66,66 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason) - --static ERR_STRING_DATA CONF_str_functs[]= -- { --{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"}, --{ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"}, --{ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, --{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, --{ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, --{ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, --{ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, --{ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, --{ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, --{ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, --{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, --{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, --{ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"}, --{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"}, --{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"}, --{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"}, --{ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"}, --{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, --{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, --{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, --{ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"}, --{0,NULL} -- }; -+static ERR_STRING_DATA CONF_str_functs[] = { -+ {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"}, -+ {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"}, -+ {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, -+ {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, -+ {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, -+ {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, -+ {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, -+ {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, -+ {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, -+ {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, -+ {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, -+ {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, -+ {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"}, -+ {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"}, -+ {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"}, -+ {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"}, -+ {ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"}, -+ {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, -+ {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, -+ {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, -+ {ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA CONF_str_reasons[]= -- { --{ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"}, --{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"}, --{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"}, --{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"}, --{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"}, --{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"}, --{ERR_REASON(CONF_R_NO_CLOSE_BRACE) ,"no close brace"}, --{ERR_REASON(CONF_R_NO_CONF) ,"no conf"}, --{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"}, --{ERR_REASON(CONF_R_NO_SECTION) ,"no section"}, --{ERR_REASON(CONF_R_NO_SUCH_FILE) ,"no such file"}, --{ERR_REASON(CONF_R_NO_VALUE) ,"no value"}, --{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"}, --{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) ,"unknown module name"}, --{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"}, --{0,NULL} -- }; -+static ERR_STRING_DATA CONF_str_reasons[] = { -+ {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"}, -+ {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), -+ "missing close square bracket"}, -+ {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"}, -+ {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"}, -+ {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"}, -+ {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR), -+ "module initialization error"}, -+ {ERR_REASON(CONF_R_NO_CLOSE_BRACE), "no close brace"}, -+ {ERR_REASON(CONF_R_NO_CONF), "no conf"}, -+ {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), -+ "no conf or environment variable"}, -+ {ERR_REASON(CONF_R_NO_SECTION), "no section"}, -+ {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"}, -+ {ERR_REASON(CONF_R_NO_VALUE), "no value"}, -+ {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), -+ "unable to create new section"}, -+ {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, -+ {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_CONF_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,CONF_str_functs); -- ERR_load_strings(0,CONF_str_reasons); -- } -+ if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, CONF_str_functs); -+ ERR_load_strings(0, CONF_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c -index 2a3399d..5d5aef8 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c -@@ -1,6 +1,7 @@ - /* conf_lib.c */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -63,339 +64,322 @@ - #include - #include - --const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT; -+const char CONF_version[] = "CONF" OPENSSL_VERSION_PTEXT; - --static CONF_METHOD *default_CONF_method=NULL; -+static CONF_METHOD *default_CONF_method = NULL; - - /* Init a 'CONF' structure from an old LHASH */ - - void CONF_set_nconf(CONF *conf, LHASH *hash) -- { -- if (default_CONF_method == NULL) -- default_CONF_method = NCONF_default(); -+{ -+ if (default_CONF_method == NULL) -+ default_CONF_method = NCONF_default(); - -- default_CONF_method->init(conf); -- conf->data = hash; -- } -+ default_CONF_method->init(conf); -+ conf->data = hash; -+} - --/* The following section contains the "CONF classic" functions, -- rewritten in terms of the new CONF interface. */ -+/* -+ * The following section contains the "CONF classic" functions, rewritten in -+ * terms of the new CONF interface. -+ */ - - int CONF_set_default_method(CONF_METHOD *meth) -- { -- default_CONF_method = meth; -- return 1; -- } -+{ -+ default_CONF_method = meth; -+ return 1; -+} - - LHASH *CONF_load(LHASH *conf, const char *file, long *eline) -- { -- LHASH *ltmp; -- BIO *in=NULL; -+{ -+ LHASH *ltmp; -+ BIO *in = NULL; - - #ifdef OPENSSL_SYS_VMS -- in=BIO_new_file(file, "r"); -+ in = BIO_new_file(file, "r"); - #else -- in=BIO_new_file(file, "rb"); -+ in = BIO_new_file(file, "rb"); - #endif -- if (in == NULL) -- { -- CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); -- return NULL; -- } -+ if (in == NULL) { -+ CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB); -+ return NULL; -+ } - -- ltmp = CONF_load_bio(conf, in, eline); -- BIO_free(in); -+ ltmp = CONF_load_bio(conf, in, eline); -+ BIO_free(in); - -- return ltmp; -- } -+ return ltmp; -+} - - #ifndef OPENSSL_NO_FP_API --LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline) -- { -- BIO *btmp; -- LHASH *ltmp; -- if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { -- CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB); -- return NULL; -- } -- ltmp = CONF_load_bio(conf, btmp, eline); -- BIO_free(btmp); -- return ltmp; -- } -+LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline) -+{ -+ BIO *btmp; -+ LHASH *ltmp; -+ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { -+ CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB); -+ return NULL; -+ } -+ ltmp = CONF_load_bio(conf, btmp, eline); -+ BIO_free(btmp); -+ return ltmp; -+} - #endif - --LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) -- { -- CONF ctmp; -- int ret; -- -- CONF_set_nconf(&ctmp, conf); -- -- ret = NCONF_load_bio(&ctmp, bp, eline); -- if (ret) -- return ctmp.data; -- return NULL; -- } -- --STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section) -- { -- if (conf == NULL) -- { -- return NULL; -- } -- else -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- return NCONF_get_section(&ctmp, section); -- } -- } -- --char *CONF_get_string(LHASH *conf,const char *group,const char *name) -- { -- if (conf == NULL) -- { -- return NCONF_get_string(NULL, group, name); -- } -- else -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- return NCONF_get_string(&ctmp, group, name); -- } -- } -- --long CONF_get_number(LHASH *conf,const char *group,const char *name) -- { -- int status; -- long result = 0; -- -- if (conf == NULL) -- { -- status = NCONF_get_number_e(NULL, group, name, &result); -- } -- else -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- status = NCONF_get_number_e(&ctmp, group, name, &result); -- } -- -- if (status == 0) -- { -- /* This function does not believe in errors... */ -- ERR_clear_error(); -- } -- return result; -- } -+LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline) -+{ -+ CONF ctmp; -+ int ret; -+ -+ CONF_set_nconf(&ctmp, conf); -+ -+ ret = NCONF_load_bio(&ctmp, bp, eline); -+ if (ret) -+ return ctmp.data; -+ return NULL; -+} -+ -+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section) -+{ -+ if (conf == NULL) { -+ return NULL; -+ } else { -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ return NCONF_get_section(&ctmp, section); -+ } -+} -+ -+char *CONF_get_string(LHASH *conf, const char *group, const char *name) -+{ -+ if (conf == NULL) { -+ return NCONF_get_string(NULL, group, name); -+ } else { -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ return NCONF_get_string(&ctmp, group, name); -+ } -+} -+ -+long CONF_get_number(LHASH *conf, const char *group, const char *name) -+{ -+ int status; -+ long result = 0; -+ -+ if (conf == NULL) { -+ status = NCONF_get_number_e(NULL, group, name, &result); -+ } else { -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ status = NCONF_get_number_e(&ctmp, group, name, &result); -+ } -+ -+ if (status == 0) { -+ /* This function does not believe in errors... */ -+ ERR_clear_error(); -+ } -+ return result; -+} - - void CONF_free(LHASH *conf) -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- NCONF_free_data(&ctmp); -- } -+{ -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ NCONF_free_data(&ctmp); -+} - - #ifndef OPENSSL_NO_FP_API - int CONF_dump_fp(LHASH *conf, FILE *out) -- { -- BIO *btmp; -- int ret; -- -- if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { -- CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB); -- return 0; -- } -- ret = CONF_dump_bio(conf, btmp); -- BIO_free(btmp); -- return ret; -- } -+{ -+ BIO *btmp; -+ int ret; -+ -+ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { -+ CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB); -+ return 0; -+ } -+ ret = CONF_dump_bio(conf, btmp); -+ BIO_free(btmp); -+ return ret; -+} - #endif - - int CONF_dump_bio(LHASH *conf, BIO *out) -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- return NCONF_dump_bio(&ctmp, out); -- } -- --/* The following section contains the "New CONF" functions. They are -- completely centralised around a new CONF structure that may contain -- basically anything, but at least a method pointer and a table of data. -- These functions are also written in terms of the bridge functions used -- by the "CONF classic" functions, for consistency. */ -+{ -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ return NCONF_dump_bio(&ctmp, out); -+} -+ -+/* -+ * The following section contains the "New CONF" functions. They are -+ * completely centralised around a new CONF structure that may contain -+ * basically anything, but at least a method pointer and a table of data. -+ * These functions are also written in terms of the bridge functions used by -+ * the "CONF classic" functions, for consistency. -+ */ - - CONF *NCONF_new(CONF_METHOD *meth) -- { -- CONF *ret; -+{ -+ CONF *ret; - -- if (meth == NULL) -- meth = NCONF_default(); -+ if (meth == NULL) -+ meth = NCONF_default(); - -- ret = meth->create(meth); -- if (ret == NULL) -- { -- CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -+ ret = meth->create(meth); -+ if (ret == NULL) { -+ CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } - -- return ret; -- } -+ return ret; -+} - - void NCONF_free(CONF *conf) -- { -- if (conf == NULL) -- return; -- conf->meth->destroy(conf); -- } -+{ -+ if (conf == NULL) -+ return; -+ conf->meth->destroy(conf); -+} - - void NCONF_free_data(CONF *conf) -- { -- if (conf == NULL) -- return; -- conf->meth->destroy_data(conf); -- } -+{ -+ if (conf == NULL) -+ return; -+ conf->meth->destroy_data(conf); -+} - - int NCONF_load(CONF *conf, const char *file, long *eline) -- { -- if (conf == NULL) -- { -- CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF); -- return 0; -- } -+{ -+ if (conf == NULL) { -+ CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF); -+ return 0; -+ } - -- return conf->meth->load(conf, file, eline); -- } -+ return conf->meth->load(conf, file, eline); -+} - - #ifndef OPENSSL_NO_FP_API --int NCONF_load_fp(CONF *conf, FILE *fp,long *eline) -- { -- BIO *btmp; -- int ret; -- if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) -- { -- CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB); -- return 0; -- } -- ret = NCONF_load_bio(conf, btmp, eline); -- BIO_free(btmp); -- return ret; -- } -+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) -+{ -+ BIO *btmp; -+ int ret; -+ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { -+ CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB); -+ return 0; -+ } -+ ret = NCONF_load_bio(conf, btmp, eline); -+ BIO_free(btmp); -+ return ret; -+} - #endif - --int NCONF_load_bio(CONF *conf, BIO *bp,long *eline) -- { -- if (conf == NULL) -- { -- CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF); -- return 0; -- } -- -- return conf->meth->load_bio(conf, bp, eline); -- } -- --STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section) -- { -- if (conf == NULL) -- { -- CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF); -- return NULL; -- } -- -- if (section == NULL) -- { -- CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION); -- return NULL; -- } -- -- return _CONF_get_section_values(conf, section); -- } -- --char *NCONF_get_string(const CONF *conf,const char *group,const char *name) -- { -- char *s = _CONF_get_string(conf, group, name); -- -- /* Since we may get a value from an environment variable even -- if conf is NULL, let's check the value first */ -- if (s) return s; -- -- if (conf == NULL) -- { -- CONFerr(CONF_F_NCONF_GET_STRING, -- CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); -- return NULL; -- } -- CONFerr(CONF_F_NCONF_GET_STRING, -- CONF_R_NO_VALUE); -- ERR_add_error_data(4,"group=",group," name=",name); -- return NULL; -- } -- --int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, -- long *result) -- { -- char *str; -- -- if (result == NULL) -- { -- CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- -- str = NCONF_get_string(conf,group,name); -- -- if (str == NULL) -- return 0; -- -- for (*result = 0;conf->meth->is_number(conf, *str);) -- { -- *result = (*result)*10 + conf->meth->to_int(conf, *str); -- str++; -- } -- -- return 1; -- } -+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline) -+{ -+ if (conf == NULL) { -+ CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF); -+ return 0; -+ } -+ -+ return conf->meth->load_bio(conf, bp, eline); -+} -+ -+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section) -+{ -+ if (conf == NULL) { -+ CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF); -+ return NULL; -+ } -+ -+ if (section == NULL) { -+ CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION); -+ return NULL; -+ } -+ -+ return _CONF_get_section_values(conf, section); -+} -+ -+char *NCONF_get_string(const CONF *conf, const char *group, const char *name) -+{ -+ char *s = _CONF_get_string(conf, group, name); -+ -+ /* -+ * Since we may get a value from an environment variable even if conf is -+ * NULL, let's check the value first -+ */ -+ if (s) -+ return s; -+ -+ if (conf == NULL) { -+ CONFerr(CONF_F_NCONF_GET_STRING, -+ CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); -+ return NULL; -+ } -+ CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE); -+ ERR_add_error_data(4, "group=", group, " name=", name); -+ return NULL; -+} -+ -+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, -+ long *result) -+{ -+ char *str; -+ -+ if (result == NULL) { -+ CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ -+ str = NCONF_get_string(conf, group, name); -+ -+ if (str == NULL) -+ return 0; -+ -+ for (*result = 0; conf->meth->is_number(conf, *str);) { -+ *result = (*result) * 10 + conf->meth->to_int(conf, *str); -+ str++; -+ } -+ -+ return 1; -+} - - #ifndef OPENSSL_NO_FP_API - int NCONF_dump_fp(const CONF *conf, FILE *out) -- { -- BIO *btmp; -- int ret; -- if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { -- CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB); -- return 0; -- } -- ret = NCONF_dump_bio(conf, btmp); -- BIO_free(btmp); -- return ret; -- } -+{ -+ BIO *btmp; -+ int ret; -+ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { -+ CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB); -+ return 0; -+ } -+ ret = NCONF_dump_bio(conf, btmp); -+ BIO_free(btmp); -+ return ret; -+} - #endif - - int NCONF_dump_bio(const CONF *conf, BIO *out) -- { -- if (conf == NULL) -- { -- CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF); -- return 0; -- } -- -- return conf->meth->dump(conf, out); -- } -+{ -+ if (conf == NULL) { -+ CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF); -+ return 0; -+ } - -+ return conf->meth->dump(conf, out); -+} - - /* This function should be avoided */ - #if 0 --long NCONF_get_number(CONF *conf,char *group,char *name) -- { -- int status; -- long ret=0; -- -- status = NCONF_get_number_e(conf, group, name, &ret); -- if (status == 0) -- { -- /* This function does not believe in errors... */ -- ERR_get_error(); -- } -- return ret; -- } -+long NCONF_get_number(CONF *conf, char *group, char *name) -+{ -+ int status; -+ long ret = 0; -+ -+ status = NCONF_get_number_e(conf, group, name, &ret); -+ if (status == 0) { -+ /* This function does not believe in errors... */ -+ ERR_get_error(); -+ } -+ return ret; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c -index 1cc1fd5..4123eba 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c -@@ -1,6 +1,7 @@ - /* conf_mall.c */ --/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,18 +66,17 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - - /* Load all OpenSSL builtin modules */ - - void OPENSSL_load_builtin_modules(void) -- { -- /* Add builtin modules here */ -- ASN1_add_oid_module(); -+{ -+ /* Add builtin modules here */ -+ ASN1_add_oid_module(); - #ifndef OPENSSL_NO_ENGINE -- ENGINE_add_conf_module(); -+ ENGINE_add_conf_module(); - #endif -- EVP_add_alg_module(); -- } -- -+ EVP_add_alg_module(); -+} -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c -index ee9c677..ffc477c 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c -@@ -1,6 +1,7 @@ - /* conf_mod.c */ --/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,45 +65,41 @@ - #include - #include - -- - #define DSO_mod_init_name "OPENSSL_init" - #define DSO_mod_finish_name "OPENSSL_finish" - -- --/* This structure contains a data about supported modules. -- * entries in this table correspond to either dynamic or -- * static modules. -+/* -+ * This structure contains a data about supported modules. entries in this -+ * table correspond to either dynamic or static modules. - */ - --struct conf_module_st -- { -- /* DSO of this module or NULL if static */ -- DSO *dso; -- /* Name of the module */ -- char *name; -- /* Init function */ -- conf_init_func *init; -- /* Finish function */ -- conf_finish_func *finish; -- /* Number of successfully initialized modules */ -- int links; -- void *usr_data; -- }; -- -- --/* This structure contains information about modules that have been -- * successfully initialized. There may be more than one entry for a -- * given module. -+struct conf_module_st { -+ /* DSO of this module or NULL if static */ -+ DSO *dso; -+ /* Name of the module */ -+ char *name; -+ /* Init function */ -+ conf_init_func *init; -+ /* Finish function */ -+ conf_finish_func *finish; -+ /* Number of successfully initialized modules */ -+ int links; -+ void *usr_data; -+}; -+ -+/* -+ * This structure contains information about modules that have been -+ * successfully initialized. There may be more than one entry for a given -+ * module. - */ - --struct conf_imodule_st -- { -- CONF_MODULE *pmod; -- char *name; -- char *value; -- unsigned long flags; -- void *usr_data; -- }; -+struct conf_imodule_st { -+ CONF_MODULE *pmod; -+ char *name; -+ char *value; -+ unsigned long flags; -+ void *usr_data; -+}; - - static STACK_OF(CONF_MODULE) *supported_modules = NULL; - static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; -@@ -110,508 +107,486 @@ static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; - static void module_free(CONF_MODULE *md); - static void module_finish(CONF_IMODULE *imod); - static int module_run(const CONF *cnf, char *name, char *value, -- unsigned long flags); -+ unsigned long flags); - static CONF_MODULE *module_add(DSO *dso, const char *name, -- conf_init_func *ifunc, conf_finish_func *ffunc); -+ conf_init_func *ifunc, -+ conf_finish_func *ffunc); - static CONF_MODULE *module_find(char *name); - static int module_init(CONF_MODULE *pmod, char *name, char *value, -- const CONF *cnf); -+ const CONF *cnf); - static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, -- unsigned long flags); -+ unsigned long flags); - - /* Main function: load modules from a CONF structure */ - - int CONF_modules_load(const CONF *cnf, const char *appname, -- unsigned long flags) -- { -- STACK_OF(CONF_VALUE) *values; -- CONF_VALUE *vl; -- char *vsection = NULL; -+ unsigned long flags) -+{ -+ STACK_OF(CONF_VALUE) *values; -+ CONF_VALUE *vl; -+ char *vsection = NULL; - -- int ret, i; -+ int ret, i; - -- if (!cnf) -- return 1; -+ if (!cnf) -+ return 1; - -- if (appname) -- vsection = NCONF_get_string(cnf, NULL, appname); -+ if (appname) -+ vsection = NCONF_get_string(cnf, NULL, appname); - -- if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) -- vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); -+ if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) -+ vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); - -- if (!vsection) -- { -- ERR_clear_error(); -- return 1; -- } -+ if (!vsection) { -+ ERR_clear_error(); -+ return 1; -+ } - -- values = NCONF_get_section(cnf, vsection); -+ values = NCONF_get_section(cnf, vsection); - -- if (!values) -- return 0; -+ if (!values) -+ return 0; - -- for (i = 0; i < sk_CONF_VALUE_num(values); i++) -- { -- vl = sk_CONF_VALUE_value(values, i); -- ret = module_run(cnf, vl->name, vl->value, flags); -- if (ret <= 0) -- if(!(flags & CONF_MFLAGS_IGNORE_ERRORS)) -- return ret; -- } -+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { -+ vl = sk_CONF_VALUE_value(values, i); -+ ret = module_run(cnf, vl->name, vl->value, flags); -+ if (ret <= 0) -+ if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) -+ return ret; -+ } - -- return 1; -+ return 1; - -- } -+} - - int CONF_modules_load_file(const char *filename, const char *appname, -- unsigned long flags) -- { -- char *file = NULL; -- CONF *conf = NULL; -- int ret = 0; -- conf = NCONF_new(NULL); -- if (!conf) -- goto err; -- -- if (filename == NULL) -- { -- file = CONF_get1_default_config_file(); -- if (!file) -- goto err; -- } -- else -- file = (char *)filename; -- -- if (NCONF_load(conf, file, NULL) <= 0) -- { -- if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && -- (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) -- { -- ERR_clear_error(); -- ret = 1; -- } -- goto err; -- } -- -- ret = CONF_modules_load(conf, appname, flags); -- -- err: -- if (filename == NULL) -- OPENSSL_free(file); -- NCONF_free(conf); -- -- return ret; -- } -+ unsigned long flags) -+{ -+ char *file = NULL; -+ CONF *conf = NULL; -+ int ret = 0; -+ conf = NCONF_new(NULL); -+ if (!conf) -+ goto err; -+ -+ if (filename == NULL) { -+ file = CONF_get1_default_config_file(); -+ if (!file) -+ goto err; -+ } else -+ file = (char *)filename; -+ -+ if (NCONF_load(conf, file, NULL) <= 0) { -+ if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && -+ (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { -+ ERR_clear_error(); -+ ret = 1; -+ } -+ goto err; -+ } -+ -+ ret = CONF_modules_load(conf, appname, flags); -+ -+ err: -+ if (filename == NULL) -+ OPENSSL_free(file); -+ NCONF_free(conf); -+ -+ return ret; -+} - - static int module_run(const CONF *cnf, char *name, char *value, -- unsigned long flags) -- { -- CONF_MODULE *md; -- int ret; -- -- md = module_find(name); -- -- /* Module not found: try to load DSO */ -- if (!md && !(flags & CONF_MFLAGS_NO_DSO)) -- md = module_load_dso(cnf, name, value, flags); -- -- if (!md) -- { -- if (!(flags & CONF_MFLAGS_SILENT)) -- { -- CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME); -- ERR_add_error_data(2, "module=", name); -- } -- return -1; -- } -- -- ret = module_init(md, name, value, cnf); -- -- if (ret <= 0) -- { -- if (!(flags & CONF_MFLAGS_SILENT)) -- { -- char rcode[DECIMAL_SIZE(ret)+1]; -- CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); -- BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); -- ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); -- } -- } -- -- return ret; -- } -+ unsigned long flags) -+{ -+ CONF_MODULE *md; -+ int ret; -+ -+ md = module_find(name); -+ -+ /* Module not found: try to load DSO */ -+ if (!md && !(flags & CONF_MFLAGS_NO_DSO)) -+ md = module_load_dso(cnf, name, value, flags); -+ -+ if (!md) { -+ if (!(flags & CONF_MFLAGS_SILENT)) { -+ CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME); -+ ERR_add_error_data(2, "module=", name); -+ } -+ return -1; -+ } -+ -+ ret = module_init(md, name, value, cnf); -+ -+ if (ret <= 0) { -+ if (!(flags & CONF_MFLAGS_SILENT)) { -+ char rcode[DECIMAL_SIZE(ret) + 1]; -+ CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); -+ BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); -+ ERR_add_error_data(6, "module=", name, ", value=", value, -+ ", retcode=", rcode); -+ } -+ } -+ -+ return ret; -+} - - /* Load a module from a DSO */ - static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, -- unsigned long flags) -- { -- DSO *dso = NULL; -- conf_init_func *ifunc; -- conf_finish_func *ffunc; -- char *path = NULL; -- int errcode = 0; -- CONF_MODULE *md; -- /* Look for alternative path in module section */ -- path = NCONF_get_string(cnf, value, "path"); -- if (!path) -- { -- ERR_clear_error(); -- path = name; -- } -- dso = DSO_load(NULL, path, NULL, 0); -- if (!dso) -- { -- errcode = CONF_R_ERROR_LOADING_DSO; -- goto err; -- } -- ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); -- if (!ifunc) -- { -- errcode = CONF_R_MISSING_INIT_FUNCTION; -- goto err; -- } -- ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); -- /* All OK, add module */ -- md = module_add(dso, name, ifunc, ffunc); -- -- if (!md) -- goto err; -- -- return md; -- -- err: -- if (dso) -- DSO_free(dso); -- CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); -- ERR_add_error_data(4, "module=", name, ", path=", path); -- return NULL; -- } -+ unsigned long flags) -+{ -+ DSO *dso = NULL; -+ conf_init_func *ifunc; -+ conf_finish_func *ffunc; -+ char *path = NULL; -+ int errcode = 0; -+ CONF_MODULE *md; -+ /* Look for alternative path in module section */ -+ path = NCONF_get_string(cnf, value, "path"); -+ if (!path) { -+ ERR_clear_error(); -+ path = name; -+ } -+ dso = DSO_load(NULL, path, NULL, 0); -+ if (!dso) { -+ errcode = CONF_R_ERROR_LOADING_DSO; -+ goto err; -+ } -+ ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); -+ if (!ifunc) { -+ errcode = CONF_R_MISSING_INIT_FUNCTION; -+ goto err; -+ } -+ ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); -+ /* All OK, add module */ -+ md = module_add(dso, name, ifunc, ffunc); -+ -+ if (!md) -+ goto err; -+ -+ return md; -+ -+ err: -+ if (dso) -+ DSO_free(dso); -+ CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); -+ ERR_add_error_data(4, "module=", name, ", path=", path); -+ return NULL; -+} - - /* add module to list */ - static CONF_MODULE *module_add(DSO *dso, const char *name, -- conf_init_func *ifunc, conf_finish_func *ffunc) -- { -- CONF_MODULE *tmod = NULL; -- if (supported_modules == NULL) -- supported_modules = sk_CONF_MODULE_new_null(); -- if (supported_modules == NULL) -- return NULL; -- tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); -- if (tmod == NULL) -- return NULL; -- -- tmod->dso = dso; -- tmod->name = BUF_strdup(name); -- tmod->init = ifunc; -- tmod->finish = ffunc; -- tmod->links = 0; -- -- if (!sk_CONF_MODULE_push(supported_modules, tmod)) -- { -- OPENSSL_free(tmod); -- return NULL; -- } -- -- return tmod; -- } -- --/* Find a module from the list. We allow module names of the -- * form modname.XXXX to just search for modname to allow the -- * same module to be initialized more than once. -+ conf_init_func *ifunc, conf_finish_func *ffunc) -+{ -+ CONF_MODULE *tmod = NULL; -+ if (supported_modules == NULL) -+ supported_modules = sk_CONF_MODULE_new_null(); -+ if (supported_modules == NULL) -+ return NULL; -+ tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); -+ if (tmod == NULL) -+ return NULL; -+ -+ tmod->dso = dso; -+ tmod->name = BUF_strdup(name); -+ tmod->init = ifunc; -+ tmod->finish = ffunc; -+ tmod->links = 0; -+ -+ if (!sk_CONF_MODULE_push(supported_modules, tmod)) { -+ OPENSSL_free(tmod); -+ return NULL; -+ } -+ -+ return tmod; -+} -+ -+/* -+ * Find a module from the list. We allow module names of the form -+ * modname.XXXX to just search for modname to allow the same module to be -+ * initialized more than once. - */ - - static CONF_MODULE *module_find(char *name) -- { -- CONF_MODULE *tmod; -- int i, nchar; -- char *p; -- p = strrchr(name, '.'); -+{ -+ CONF_MODULE *tmod; -+ int i, nchar; -+ char *p; -+ p = strrchr(name, '.'); - -- if (p) -- nchar = p - name; -- else -- nchar = strlen(name); -+ if (p) -+ nchar = p - name; -+ else -+ nchar = strlen(name); - -- for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) -- { -- tmod = sk_CONF_MODULE_value(supported_modules, i); -- if (!strncmp(tmod->name, name, nchar)) -- return tmod; -- } -+ for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) { -+ tmod = sk_CONF_MODULE_value(supported_modules, i); -+ if (!strncmp(tmod->name, name, nchar)) -+ return tmod; -+ } - -- return NULL; -+ return NULL; - -- } -+} - - /* initialize a module */ - static int module_init(CONF_MODULE *pmod, char *name, char *value, -- const CONF *cnf) -- { -- int ret = 1; -- int init_called = 0; -- CONF_IMODULE *imod = NULL; -- -- /* Otherwise add initialized module to list */ -- imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); -- if (!imod) -- goto err; -- -- imod->pmod = pmod; -- imod->name = BUF_strdup(name); -- imod->value = BUF_strdup(value); -- imod->usr_data = NULL; -- -- if (!imod->name || !imod->value) -- goto memerr; -- -- /* Try to initialize module */ -- if(pmod->init) -- { -- ret = pmod->init(imod, cnf); -- init_called = 1; -- /* Error occurred, exit */ -- if (ret <= 0) -- goto err; -- } -- -- if (initialized_modules == NULL) -- { -- initialized_modules = sk_CONF_IMODULE_new_null(); -- if (!initialized_modules) -- { -- CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- -- if (!sk_CONF_IMODULE_push(initialized_modules, imod)) -- { -- CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- pmod->links++; -- -- return ret; -- -- err: -- -- /* We've started the module so we'd better finish it */ -- if (pmod->finish && init_called) -- pmod->finish(imod); -- -- memerr: -- if (imod) -- { -- if (imod->name) -- OPENSSL_free(imod->name); -- if (imod->value) -- OPENSSL_free(imod->value); -- OPENSSL_free(imod); -- } -- -- return -1; -- -- } -- --/* Unload any dynamic modules that have a link count of zero: -- * i.e. have no active initialized modules. If 'all' is set -- * then all modules are unloaded including static ones. -+ const CONF *cnf) -+{ -+ int ret = 1; -+ int init_called = 0; -+ CONF_IMODULE *imod = NULL; -+ -+ /* Otherwise add initialized module to list */ -+ imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); -+ if (!imod) -+ goto err; -+ -+ imod->pmod = pmod; -+ imod->name = BUF_strdup(name); -+ imod->value = BUF_strdup(value); -+ imod->usr_data = NULL; -+ -+ if (!imod->name || !imod->value) -+ goto memerr; -+ -+ /* Try to initialize module */ -+ if (pmod->init) { -+ ret = pmod->init(imod, cnf); -+ init_called = 1; -+ /* Error occurred, exit */ -+ if (ret <= 0) -+ goto err; -+ } -+ -+ if (initialized_modules == NULL) { -+ initialized_modules = sk_CONF_IMODULE_new_null(); -+ if (!initialized_modules) { -+ CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ if (!sk_CONF_IMODULE_push(initialized_modules, imod)) { -+ CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ pmod->links++; -+ -+ return ret; -+ -+ err: -+ -+ /* We've started the module so we'd better finish it */ -+ if (pmod->finish && init_called) -+ pmod->finish(imod); -+ -+ memerr: -+ if (imod) { -+ if (imod->name) -+ OPENSSL_free(imod->name); -+ if (imod->value) -+ OPENSSL_free(imod->value); -+ OPENSSL_free(imod); -+ } -+ -+ return -1; -+ -+} -+ -+/* -+ * Unload any dynamic modules that have a link count of zero: i.e. have no -+ * active initialized modules. If 'all' is set then all modules are unloaded -+ * including static ones. - */ - - void CONF_modules_unload(int all) -- { -- int i; -- CONF_MODULE *md; -- CONF_modules_finish(); -- /* unload modules in reverse order */ -- for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) -- { -- md = sk_CONF_MODULE_value(supported_modules, i); -- /* If static or in use and 'all' not set ignore it */ -- if (((md->links > 0) || !md->dso) && !all) -- continue; -- /* Since we're working in reverse this is OK */ -- (void)sk_CONF_MODULE_delete(supported_modules, i); -- module_free(md); -- } -- if (sk_CONF_MODULE_num(supported_modules) == 0) -- { -- sk_CONF_MODULE_free(supported_modules); -- supported_modules = NULL; -- } -- } -+{ -+ int i; -+ CONF_MODULE *md; -+ CONF_modules_finish(); -+ /* unload modules in reverse order */ -+ for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) { -+ md = sk_CONF_MODULE_value(supported_modules, i); -+ /* If static or in use and 'all' not set ignore it */ -+ if (((md->links > 0) || !md->dso) && !all) -+ continue; -+ /* Since we're working in reverse this is OK */ -+ (void)sk_CONF_MODULE_delete(supported_modules, i); -+ module_free(md); -+ } -+ if (sk_CONF_MODULE_num(supported_modules) == 0) { -+ sk_CONF_MODULE_free(supported_modules); -+ supported_modules = NULL; -+ } -+} - - /* unload a single module */ - static void module_free(CONF_MODULE *md) -- { -- if (md->dso) -- DSO_free(md->dso); -- OPENSSL_free(md->name); -- OPENSSL_free(md); -- } -+{ -+ if (md->dso) -+ DSO_free(md->dso); -+ OPENSSL_free(md->name); -+ OPENSSL_free(md); -+} - - /* finish and free up all modules instances */ - - void CONF_modules_finish(void) -- { -- CONF_IMODULE *imod; -- while (sk_CONF_IMODULE_num(initialized_modules) > 0) -- { -- imod = sk_CONF_IMODULE_pop(initialized_modules); -- module_finish(imod); -- } -- sk_CONF_IMODULE_free(initialized_modules); -- initialized_modules = NULL; -- } -+{ -+ CONF_IMODULE *imod; -+ while (sk_CONF_IMODULE_num(initialized_modules) > 0) { -+ imod = sk_CONF_IMODULE_pop(initialized_modules); -+ module_finish(imod); -+ } -+ sk_CONF_IMODULE_free(initialized_modules); -+ initialized_modules = NULL; -+} - - /* finish a module instance */ - - static void module_finish(CONF_IMODULE *imod) -- { -- if (imod->pmod->finish) -- imod->pmod->finish(imod); -- imod->pmod->links--; -- OPENSSL_free(imod->name); -- OPENSSL_free(imod->value); -- OPENSSL_free(imod); -- } -+{ -+ if (imod->pmod->finish) -+ imod->pmod->finish(imod); -+ imod->pmod->links--; -+ OPENSSL_free(imod->name); -+ OPENSSL_free(imod->value); -+ OPENSSL_free(imod); -+} - - /* Add a static module to OpenSSL */ - --int CONF_module_add(const char *name, conf_init_func *ifunc, -- conf_finish_func *ffunc) -- { -- if (module_add(NULL, name, ifunc, ffunc)) -- return 1; -- else -- return 0; -- } -+int CONF_module_add(const char *name, conf_init_func *ifunc, -+ conf_finish_func *ffunc) -+{ -+ if (module_add(NULL, name, ifunc, ffunc)) -+ return 1; -+ else -+ return 0; -+} - - void CONF_modules_free(void) -- { -- CONF_modules_finish(); -- CONF_modules_unload(1); -- } -+{ -+ CONF_modules_finish(); -+ CONF_modules_unload(1); -+} - - /* Utility functions */ - - const char *CONF_imodule_get_name(const CONF_IMODULE *md) -- { -- return md->name; -- } -+{ -+ return md->name; -+} - - const char *CONF_imodule_get_value(const CONF_IMODULE *md) -- { -- return md->value; -- } -+{ -+ return md->value; -+} - - void *CONF_imodule_get_usr_data(const CONF_IMODULE *md) -- { -- return md->usr_data; -- } -+{ -+ return md->usr_data; -+} - - void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data) -- { -- md->usr_data = usr_data; -- } -+{ -+ md->usr_data = usr_data; -+} - - CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md) -- { -- return md->pmod; -- } -+{ -+ return md->pmod; -+} - - unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md) -- { -- return md->flags; -- } -+{ -+ return md->flags; -+} - - void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags) -- { -- md->flags = flags; -- } -+{ -+ md->flags = flags; -+} - - void *CONF_module_get_usr_data(CONF_MODULE *pmod) -- { -- return pmod->usr_data; -- } -+{ -+ return pmod->usr_data; -+} - - void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) -- { -- pmod->usr_data = usr_data; -- } -+{ -+ pmod->usr_data = usr_data; -+} - - /* Return default config file name */ - - char *CONF_get1_default_config_file(void) -- { -- char *file; -- int len; -+{ -+ char *file; -+ int len; - -- file = getenv("OPENSSL_CONF"); -- if (file) -- return BUF_strdup(file); -+ file = getenv("OPENSSL_CONF"); -+ if (file) -+ return BUF_strdup(file); - -- len = strlen(X509_get_default_cert_area()); -+ len = strlen(X509_get_default_cert_area()); - #ifndef OPENSSL_SYS_VMS -- len++; -+ len++; - #endif -- len += strlen(OPENSSL_CONF); -+ len += strlen(OPENSSL_CONF); - -- file = OPENSSL_malloc(len + 1); -+ file = OPENSSL_malloc(len + 1); - -- if (!file) -- return NULL; -- BUF_strlcpy(file,X509_get_default_cert_area(),len + 1); -+ if (!file) -+ return NULL; -+ BUF_strlcpy(file, X509_get_default_cert_area(), len + 1); - #ifndef OPENSSL_SYS_VMS -- BUF_strlcat(file,"/",len + 1); -+ BUF_strlcat(file, "/", len + 1); - #endif -- BUF_strlcat(file,OPENSSL_CONF,len + 1); -+ BUF_strlcat(file, OPENSSL_CONF, len + 1); - -- return file; -- } -+ return file; -+} - --/* This function takes a list separated by 'sep' and calls the -- * callback function giving the start and length of each member -- * optionally stripping leading and trailing whitespace. This can -- * be used to parse comma separated lists for example. -+/* -+ * This function takes a list separated by 'sep' and calls the callback -+ * function giving the start and length of each member optionally stripping -+ * leading and trailing whitespace. This can be used to parse comma separated -+ * lists for example. - */ - - int CONF_parse_list(const char *list_, int sep, int nospc, -- int (*list_cb)(const char *elem, int len, void *usr), void *arg) -- { -- int ret; -- const char *lstart, *tmpend, *p; -- lstart = list_; -- -- for(;;) -- { -- if (nospc) -- { -- while(*lstart && isspace((unsigned char)*lstart)) -- lstart++; -- } -- p = strchr(lstart, sep); -- if (p == lstart || !*lstart) -- ret = list_cb(NULL, 0, arg); -- else -- { -- if (p) -- tmpend = p - 1; -- else -- tmpend = lstart + strlen(lstart) - 1; -- if (nospc) -- { -- while(isspace((unsigned char)*tmpend)) -- tmpend--; -- } -- ret = list_cb(lstart, tmpend - lstart + 1, arg); -- } -- if (ret <= 0) -- return ret; -- if (p == NULL) -- return 1; -- lstart = p + 1; -- } -- } -- -+ int (*list_cb) (const char *elem, int len, void *usr), -+ void *arg) -+{ -+ int ret; -+ const char *lstart, *tmpend, *p; -+ lstart = list_; -+ -+ for (;;) { -+ if (nospc) { -+ while (*lstart && isspace((unsigned char)*lstart)) -+ lstart++; -+ } -+ p = strchr(lstart, sep); -+ if (p == lstart || !*lstart) -+ ret = list_cb(NULL, 0, arg); -+ else { -+ if (p) -+ tmpend = p - 1; -+ else -+ tmpend = lstart + strlen(lstart) - 1; -+ if (nospc) { -+ while (isspace((unsigned char)*tmpend)) -+ tmpend--; -+ } -+ ret = list_cb(lstart, tmpend - lstart + 1, arg); -+ } -+ if (ret <= 0) -+ return ret; -+ if (p == NULL) -+ return 1; -+ lstart = p + 1; -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c -index 760dc26..d03de24 100644 ---- a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c -+++ b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c -@@ -1,6 +1,7 @@ - /* conf_sap.c */ --/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,48 +65,47 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - --/* This is the automatic configuration loader: it is called automatically by -- * OpenSSL when any of a number of standard initialisation functions are called, -- * unless this is overridden by calling OPENSSL_no_config() -+/* -+ * This is the automatic configuration loader: it is called automatically by -+ * OpenSSL when any of a number of standard initialisation functions are -+ * called, unless this is overridden by calling OPENSSL_no_config() - */ - - static int openssl_configured = 0; - - void OPENSSL_config(const char *config_name) -- { -- if (openssl_configured) -- return; -+{ -+ if (openssl_configured) -+ return; - -- OPENSSL_load_builtin_modules(); -+ OPENSSL_load_builtin_modules(); - #ifndef OPENSSL_NO_ENGINE -- /* Need to load ENGINEs */ -- ENGINE_load_builtin_engines(); -+ /* Need to load ENGINEs */ -+ ENGINE_load_builtin_engines(); - #endif -- /* Add others here? */ -+ /* Add others here? */ - -+ ERR_clear_error(); -+ if (CONF_modules_load_file(NULL, config_name, -+ CONF_MFLAGS_DEFAULT_SECTION | -+ CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { -+ BIO *bio_err; -+ ERR_load_crypto_strings(); -+ if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { -+ BIO_printf(bio_err, "Auto configuration failed\n"); -+ ERR_print_errors(bio_err); -+ BIO_free(bio_err); -+ } -+ exit(1); -+ } - -- ERR_clear_error(); -- if (CONF_modules_load_file(NULL, config_name, -- CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) -- { -- BIO *bio_err; -- ERR_load_crypto_strings(); -- if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) -- { -- BIO_printf(bio_err,"Auto configuration failed\n"); -- ERR_print_errors(bio_err); -- BIO_free(bio_err); -- } -- exit(1); -- } -- -- return; -- } -+ return; -+} - - void OPENSSL_no_config() -- { -- openssl_configured = 1; -- } -+{ -+ openssl_configured = 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/constant_time_locl.h b/Cryptlib/OpenSSL/crypto/constant_time_locl.h -new file mode 100644 -index 0000000..c786aea ---- /dev/null -+++ b/Cryptlib/OpenSSL/crypto/constant_time_locl.h -@@ -0,0 +1,211 @@ -+/* crypto/constant_time_locl.h */ -+/*- -+ * Utilities for constant-time cryptography. -+ * -+ * Author: Emilia Kasper (emilia@openssl.org) -+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley -+ * (Google). -+ * ==================================================================== -+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#ifndef HEADER_CONSTANT_TIME_LOCL_H -+# define HEADER_CONSTANT_TIME_LOCL_H -+ -+# include "e_os.h" /* For 'inline' */ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/*- -+ * The boolean methods return a bitmask of all ones (0xff...f) for true -+ * and 0 for false. This is useful for choosing a value based on the result -+ * of a conditional in constant time. For example, -+ * -+ * if (a < b) { -+ * c = a; -+ * } else { -+ * c = b; -+ * } -+ * -+ * can be written as -+ * -+ * unsigned int lt = constant_time_lt(a, b); -+ * c = constant_time_select(lt, a, b); -+ */ -+ -+/* -+ * Returns the given value with the MSB copied to all the other -+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit. -+ * However, this is not ensured by the C standard so you may need to -+ * replace this with something else on odd CPUs. -+ */ -+static inline unsigned int constant_time_msb(unsigned int a); -+ -+/* -+ * Returns 0xff..f if a < b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_lt_8(unsigned int a, -+ unsigned int b); -+ -+/* -+ * Returns 0xff..f if a >= b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_ge_8(unsigned int a, -+ unsigned int b); -+ -+/* -+ * Returns 0xff..f if a == 0 and 0 otherwise. -+ */ -+static inline unsigned int constant_time_is_zero(unsigned int a); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_is_zero_8(unsigned int a); -+ -+/* -+ * Returns 0xff..f if a == b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_eq_8(unsigned int a, -+ unsigned int b); -+/* Signed integers. */ -+static inline unsigned int constant_time_eq_int(int a, int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_eq_int_8(int a, int b); -+ -+/*- -+ * Returns (mask & a) | (~mask & b). -+ * -+ * When |mask| is all 1s or all 0s (as returned by the methods above), -+ * the select methods return either |a| (if |mask| is nonzero) or |b| -+ * (if |mask| is zero). -+ */ -+static inline unsigned int constant_time_select(unsigned int mask, -+ unsigned int a, -+ unsigned int b); -+/* Convenience method for unsigned chars. */ -+static inline unsigned char constant_time_select_8(unsigned char mask, -+ unsigned char a, -+ unsigned char b); -+/* Convenience method for signed integers. */ -+static inline int constant_time_select_int(unsigned int mask, int a, int b); -+ -+static inline unsigned int constant_time_msb(unsigned int a) -+{ -+ return 0 - (a >> (sizeof(a) * 8 - 1)); -+} -+ -+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) -+{ -+ return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); -+} -+ -+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) -+{ -+ return (unsigned char)(constant_time_lt(a, b)); -+} -+ -+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) -+{ -+ return ~constant_time_lt(a, b); -+} -+ -+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) -+{ -+ return (unsigned char)(constant_time_ge(a, b)); -+} -+ -+static inline unsigned int constant_time_is_zero(unsigned int a) -+{ -+ return constant_time_msb(~a & (a - 1)); -+} -+ -+static inline unsigned char constant_time_is_zero_8(unsigned int a) -+{ -+ return (unsigned char)(constant_time_is_zero(a)); -+} -+ -+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) -+{ -+ return constant_time_is_zero(a ^ b); -+} -+ -+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) -+{ -+ return (unsigned char)(constant_time_eq(a, b)); -+} -+ -+static inline unsigned int constant_time_eq_int(int a, int b) -+{ -+ return constant_time_eq((unsigned)(a), (unsigned)(b)); -+} -+ -+static inline unsigned char constant_time_eq_int_8(int a, int b) -+{ -+ return constant_time_eq_8((unsigned)(a), (unsigned)(b)); -+} -+ -+static inline unsigned int constant_time_select(unsigned int mask, -+ unsigned int a, -+ unsigned int b) -+{ -+ return (mask & a) | (~mask & b); -+} -+ -+static inline unsigned char constant_time_select_8(unsigned char mask, -+ unsigned char a, -+ unsigned char b) -+{ -+ return (unsigned char)(constant_time_select(mask, a, b)); -+} -+ -+static inline int constant_time_select_int(unsigned int mask, int a, int b) -+{ -+ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* HEADER_CONSTANT_TIME_LOCL_H */ -diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c -index 9fd41ff..a3a7201 100644 ---- a/Cryptlib/OpenSSL/crypto/cpt_err.c -+++ b/Cryptlib/OpenSSL/crypto/cpt_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,39 +66,37 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) - --static ERR_STRING_DATA CRYPTO_str_functs[]= -- { --{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, --{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, --{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, --{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, --{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, --{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, --{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, --{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, --{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, --{0,NULL} -- }; -+static ERR_STRING_DATA CRYPTO_str_functs[] = { -+ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, -+ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, -+ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, -+ {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, -+ {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, -+ {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, -+ {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, -+ {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, -+ {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA CRYPTO_str_reasons[]= -- { --{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"}, --{0,NULL} -- }; -+static ERR_STRING_DATA CRYPTO_str_reasons[] = { -+ {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK), -+ "no dynlock create callback"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_CRYPTO_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,CRYPTO_str_functs); -- ERR_load_strings(0,CRYPTO_str_reasons); -- } -+ if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, CRYPTO_str_functs); -+ ERR_load_strings(0, CRYPTO_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c -index dec3286..0864a9b 100644 ---- a/Cryptlib/OpenSSL/crypto/cryptlib.c -+++ b/Cryptlib/OpenSSL/crypto/cryptlib.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,21 +58,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -87,10 +87,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -102,7 +102,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -110,7 +110,7 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECDH support in OpenSSL originally developed by -+ * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -@@ -118,443 +118,490 @@ - #include - - #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) --static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ -+static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ - #endif - --static void (MS_FAR *locking_callback)(int mode,int type, -- const char *file,int line)=NULL; --static int (MS_FAR *add_lock_callback)(int *pointer,int amount, -- int type,const char *file,int line)=NULL; --static unsigned long (MS_FAR *id_callback)(void)=NULL; -+static void (MS_FAR *locking_callback) (int mode, int type, -+ const char *file, int line) = NULL; -+static int (MS_FAR *add_lock_callback) (int *pointer, int amount, -+ int type, const char *file, -+ int line) = NULL; -+static unsigned long (MS_FAR *id_callback) (void) = NULL; - - int CRYPTO_num_locks(void) -- { -- return CRYPTO_NUM_LOCKS; -- } -- --void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, -- int line) -- { -- return(locking_callback); -- } -- --int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, -- const char *file,int line) -- { -- return(add_lock_callback); -- } -- --void CRYPTO_set_locking_callback(void (*func)(int mode,int type, -- const char *file,int line)) -- { -- locking_callback=func; -- } -- --void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, -- const char *file,int line)) -- { -- add_lock_callback=func; -- } -- --unsigned long (*CRYPTO_get_id_callback(void))(void) -- { -- return(id_callback); -- } -- --void CRYPTO_set_id_callback(unsigned long (*func)(void)) -- { -- id_callback=func; -- } -+{ -+ return CRYPTO_NUM_LOCKS; -+} -+ -+void (*CRYPTO_get_locking_callback(void)) (int mode, int type, -+ const char *file, int line) { -+ return (locking_callback); -+} -+ -+int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, -+ const char *file, int line) { -+ return (add_lock_callback); -+} -+ -+void CRYPTO_set_locking_callback(void (*func) (int mode, int type, -+ const char *file, int line)) -+{ -+ locking_callback = func; -+} -+ -+void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type, -+ const char *file, int line)) -+{ -+ add_lock_callback = func; -+} -+ -+unsigned long (*CRYPTO_get_id_callback(void)) (void) { -+ return (id_callback); -+} -+ -+void CRYPTO_set_id_callback(unsigned long (*func) (void)) -+{ -+ id_callback = func; -+} - - unsigned long CRYPTO_thread_id(void) -- { -- unsigned long ret=0; -+{ -+ unsigned long ret = 0; - -- if (id_callback == NULL) -- { -+ if (id_callback == NULL) { - #ifdef OPENSSL_SYS_WIN16 -- ret=(unsigned long)GetCurrentTask(); -+ ret = (unsigned long)GetCurrentTask(); - #elif defined(OPENSSL_SYS_WIN32) -- ret=(unsigned long)GetCurrentThreadId(); -+ ret = (unsigned long)GetCurrentThreadId(); - #elif defined(GETPID_IS_MEANINGLESS) -- ret=1L; -+ ret = 1L; - #else -- ret=(unsigned long)getpid(); -+ ret = (unsigned long)getpid(); - #endif -- } -- else -- ret=id_callback(); -- return(ret); -- } -+ } else -+ ret = id_callback(); -+ return (ret); -+} - --static void (*do_dynlock_cb)(int mode, int type, const char *file, int line); -+static void (*do_dynlock_cb) (int mode, int type, const char *file, int line); - --void int_CRYPTO_set_do_dynlock_callback( -- void (*dyn_cb)(int mode, int type, const char *file, int line)) -- { -- do_dynlock_cb = dyn_cb; -- } -+void int_CRYPTO_set_do_dynlock_callback(void (*dyn_cb) -+ (int mode, int type, -+ const char *file, int line)) -+{ -+ do_dynlock_cb = dyn_cb; -+} - - void CRYPTO_lock(int mode, int type, const char *file, int line) -- { -+{ - #ifdef LOCK_DEBUG -- { -- char *rw_text,*operation_text; -- -- if (mode & CRYPTO_LOCK) -- operation_text="lock "; -- else if (mode & CRYPTO_UNLOCK) -- operation_text="unlock"; -- else -- operation_text="ERROR "; -- -- if (mode & CRYPTO_READ) -- rw_text="r"; -- else if (mode & CRYPTO_WRITE) -- rw_text="w"; -- else -- rw_text="ERROR"; -- -- fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n", -- CRYPTO_thread_id(), rw_text, operation_text, -- CRYPTO_get_lock_name(type), file, line); -- } -+ { -+ char *rw_text, *operation_text; -+ -+ if (mode & CRYPTO_LOCK) -+ operation_text = "lock "; -+ else if (mode & CRYPTO_UNLOCK) -+ operation_text = "unlock"; -+ else -+ operation_text = "ERROR "; -+ -+ if (mode & CRYPTO_READ) -+ rw_text = "r"; -+ else if (mode & CRYPTO_WRITE) -+ rw_text = "w"; -+ else -+ rw_text = "ERROR"; -+ -+ fprintf(stderr, "lock:%08lx:(%s)%s %-18s %s:%d\n", -+ CRYPTO_thread_id(), rw_text, operation_text, -+ CRYPTO_get_lock_name(type), file, line); -+ } - #endif -- if (type < 0) -- { -- if (do_dynlock_cb) -- do_dynlock_cb(mode, type, file, line); -- } -- else -- if (locking_callback != NULL) -- locking_callback(mode,type,file,line); -- } -+ if (type < 0) { -+ if (do_dynlock_cb) -+ do_dynlock_cb(mode, type, file, line); -+ } else if (locking_callback != NULL) -+ locking_callback(mode, type, file, line); -+} - - int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, -- int line) -- { -- int ret = 0; -+ int line) -+{ -+ int ret = 0; - -- if (add_lock_callback != NULL) -- { -+ if (add_lock_callback != NULL) { - #ifdef LOCK_DEBUG -- int before= *pointer; -+ int before = *pointer; - #endif - -- ret=add_lock_callback(pointer,amount,type,file,line); -+ ret = add_lock_callback(pointer, amount, type, file, line); - #ifdef LOCK_DEBUG -- fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", -- CRYPTO_thread_id(), -- before,amount,ret, -- CRYPTO_get_lock_name(type), -- file,line); -+ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", -+ CRYPTO_thread_id(), -+ before, amount, ret, CRYPTO_get_lock_name(type), file, line); - #endif -- } -- else -- { -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line); -+ } else { -+ CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, type, file, line); - -- ret= *pointer+amount; -+ ret = *pointer + amount; - #ifdef LOCK_DEBUG -- fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", -- CRYPTO_thread_id(), -- *pointer,amount,ret, -- CRYPTO_get_lock_name(type), -- file,line); -+ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", -+ CRYPTO_thread_id(), -+ *pointer, amount, ret, -+ CRYPTO_get_lock_name(type), file, line); - #endif -- *pointer=ret; -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line); -- } -- return(ret); -- } -+ *pointer = ret; -+ CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, type, file, line); -+ } -+ return (ret); -+} - --#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -- defined(__INTEL__) || \ -- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -+ defined(__INTEL__) || \ -+ defined(__x86_64) || defined(__x86_64__) || \ -+ defined(_M_AMD64) || defined(_M_X64) - --unsigned long OPENSSL_ia32cap_P=0; --unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; } -+unsigned long OPENSSL_ia32cap_P = 0; -+unsigned long *OPENSSL_ia32cap_loc(void) -+{ -+ return &OPENSSL_ia32cap_P; -+} - --#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) --#define OPENSSL_CPUID_SETUP -+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -+# define OPENSSL_CPUID_SETUP - void OPENSSL_cpuid_setup(void) --{ static int trigger=0; -- unsigned long OPENSSL_ia32_cpuid(void); -- char *env; -+{ -+ static int trigger = 0; -+ unsigned long OPENSSL_ia32_cpuid(void); -+ char *env; - -- if (trigger) return; -+ if (trigger) -+ return; - -- trigger=1; -- if ((env=getenv("OPENSSL_ia32cap"))) -- OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10); -+ trigger = 1; -+ if ((env = getenv("OPENSSL_ia32cap"))) -+ OPENSSL_ia32cap_P = strtoul(env, NULL, 0) | (1 << 10); - else -- OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10); -+ OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid() | (1 << 10); - /* - * |(1<<10) sets a reserved bit to signal that variable - * was initialized already... This is to avoid interference - * with cpuid snippets in ELF .init segment. - */ - } --#endif -+# endif - - #else --unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } -+unsigned long *OPENSSL_ia32cap_loc(void) -+{ -+ return NULL; -+} - #endif - int OPENSSL_NONPIC_relocated = 0; - #if !defined(OPENSSL_CPUID_SETUP) --void OPENSSL_cpuid_setup(void) {} -+void OPENSSL_cpuid_setup(void) -+{ -+} - #endif - - #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - --#include --#if defined(__GNUC__) && __GNUC__>=2 --static int DllInit(void) __attribute__((constructor)); --#elif defined(_MSC_VER) -+# include -+# if defined(__GNUC__) && __GNUC__>=2 -+static int DllInit(void) __attribute__ ((constructor)); -+# elif defined(_MSC_VER) - static int DllInit(void); --# ifdef _WIN64 --# pragma section(".CRT$XCU",read) -- __declspec(allocate(".CRT$XCU")) --# else --# pragma data_seg(".CRT$XCU") --# endif -- static int (*p)(void) = DllInit; --# pragma data_seg() --#endif -+# ifdef _WIN64 -+# pragma section(".CRT$XCU",read) -+__declspec(allocate(".CRT$XCU")) -+# else -+# pragma data_seg(".CRT$XCU") -+# endif -+static int (*p) (void) = DllInit; -+# pragma data_seg() -+# endif - - static int DllInit(void) - { --#if defined(_WIN32_WINNT) -- union { int(*f)(void); BYTE *p; } t = { DllInit }; -- HANDLE hModuleSnap = INVALID_HANDLE_VALUE; -- IMAGE_DOS_HEADER *dos_header; -- IMAGE_NT_HEADERS *nt_headers; -- MODULEENTRY32 me32 = {sizeof(me32)}; -- -- hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0); -- if (hModuleSnap != INVALID_HANDLE_VALUE && -- Module32First(hModuleSnap,&me32)) do -- { -- if (t.p >= me32.modBaseAddr && -- t.p < me32.modBaseAddr+me32.modBaseSize) -- { -- dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr; -- if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) -- { -- nt_headers=(IMAGE_NT_HEADERS *) -- ((BYTE *)dos_header+dos_header->e_lfanew); -- if (nt_headers->Signature==IMAGE_NT_SIGNATURE && -- me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase) -- OPENSSL_NONPIC_relocated=1; -- } -- break; -- } -- } while (Module32Next(hModuleSnap,&me32)); -- -- if (hModuleSnap != INVALID_HANDLE_VALUE) -- CloseHandle(hModuleSnap); --#endif -- OPENSSL_cpuid_setup(); -- return 0; -+# if defined(_WIN32_WINNT) -+ union { -+ int (*f) (void); -+ BYTE *p; -+ } t = { -+ DllInit -+ }; -+ HANDLE hModuleSnap = INVALID_HANDLE_VALUE; -+ IMAGE_DOS_HEADER *dos_header; -+ IMAGE_NT_HEADERS *nt_headers; -+ MODULEENTRY32 me32 = { sizeof(me32) }; -+ -+ hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0); -+ if (hModuleSnap != INVALID_HANDLE_VALUE && -+ Module32First(hModuleSnap, &me32)) -+ do { -+ if (t.p >= me32.modBaseAddr && -+ t.p < me32.modBaseAddr + me32.modBaseSize) { -+ dos_header = (IMAGE_DOS_HEADER *) me32.modBaseAddr; -+ if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { -+ nt_headers = (IMAGE_NT_HEADERS *) -+ ((BYTE *) dos_header + dos_header->e_lfanew); -+ if (nt_headers->Signature == IMAGE_NT_SIGNATURE && -+ me32.modBaseAddr != -+ (BYTE *) nt_headers->OptionalHeader.ImageBase) -+ OPENSSL_NONPIC_relocated = 1; -+ } -+ break; -+ } -+ } while (Module32Next(hModuleSnap, &me32)); -+ -+ if (hModuleSnap != INVALID_HANDLE_VALUE) -+ CloseHandle(hModuleSnap); -+# endif -+ OPENSSL_cpuid_setup(); -+ return 0; - } - --#else -+# else - --#ifdef __CYGWIN__ -+# ifdef __CYGWIN__ - /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ --#include --#endif -+# include -+# endif - --/* All we really need to do is remove the 'error' state when a thread -- * detaches */ -- --BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, -- LPVOID lpvReserved) -- { -- switch(fdwReason) -- { -- case DLL_PROCESS_ATTACH: -- OPENSSL_cpuid_setup(); --#if defined(_WIN32_WINNT) -- { -- IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL; -- IMAGE_NT_HEADERS *nt_headers; -- -- if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) -- { -- nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header -- + dos_header->e_lfanew); -- if (nt_headers->Signature==IMAGE_NT_SIGNATURE && -- hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase)) -- OPENSSL_NONPIC_relocated=1; -- } -- } --#endif -- break; -- case DLL_THREAD_ATTACH: -- break; -- case DLL_THREAD_DETACH: -- break; -- case DLL_PROCESS_DETACH: -- break; -- } -- return(TRUE); -- } --#endif -+/* -+ * All we really need to do is remove the 'error' state when a thread -+ * detaches -+ */ -+ -+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) -+{ -+ switch (fdwReason) { -+ case DLL_PROCESS_ATTACH: -+ OPENSSL_cpuid_setup(); -+# if defined(_WIN32_WINNT) -+ { -+ IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL; -+ IMAGE_NT_HEADERS *nt_headers; -+ -+ if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { -+ nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header -+ + dos_header->e_lfanew); -+ if (nt_headers->Signature == IMAGE_NT_SIGNATURE && -+ hinstDLL != -+ (HINSTANCE) (nt_headers->OptionalHeader.ImageBase)) -+ OPENSSL_NONPIC_relocated = 1; -+ } -+ } -+# endif -+ break; -+ case DLL_THREAD_ATTACH: -+ break; -+ case DLL_THREAD_DETACH: -+ break; -+ case DLL_PROCESS_DETACH: -+ break; -+ } -+ return (TRUE); -+} -+# endif - - #endif - - #if defined(_WIN32) && !defined(__CYGWIN__) --#include -+# include - --#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 -+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 - int OPENSSL_isservice(void) --{ HWINSTA h; -- DWORD len; -- WCHAR *name; -+{ -+ HWINSTA h; -+ DWORD len; -+ WCHAR *name; - -- (void)GetDesktopWindow(); /* return value is ignored */ -+ (void)GetDesktopWindow(); /* return value is ignored */ - - h = GetProcessWindowStation(); -- if (h==NULL) return -1; -- -- if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) || -- GetLastError() != ERROR_INSUFFICIENT_BUFFER) -- return -1; -- -- if (len>512) return -1; /* paranoia */ -- len++,len&=~1; /* paranoia */ --#ifdef _MSC_VER -- name=(WCHAR *)_alloca(len+sizeof(WCHAR)); --#else -- name=(WCHAR *)alloca(len+sizeof(WCHAR)); --#endif -- if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) -- return -1; -- -- len++,len&=~1; /* paranoia */ -- name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */ --#if 1 -- /* This doesn't cover "interactive" services [working with real -- * WinSta0's] nor programs started non-interactively by Task -- * Scheduler [those are working with SAWinSta]. */ -- if (wcsstr(name,L"Service-0x")) return 1; --#else -+ if (h == NULL) -+ return -1; -+ -+ if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) || -+ GetLastError() != ERROR_INSUFFICIENT_BUFFER) -+ return -1; -+ -+ if (len > 512) -+ return -1; /* paranoia */ -+ len++, len &= ~1; /* paranoia */ -+# ifdef _MSC_VER -+ name = (WCHAR *)_alloca(len + sizeof(WCHAR)); -+# else -+ name = (WCHAR *)alloca(len + sizeof(WCHAR)); -+# endif -+ if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len)) -+ return -1; -+ -+ len++, len &= ~1; /* paranoia */ -+ name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */ -+# if 1 -+ /* -+ * This doesn't cover "interactive" services [working with real -+ * WinSta0's] nor programs started non-interactively by Task Scheduler -+ * [those are working with SAWinSta]. -+ */ -+ if (wcsstr(name, L"Service-0x")) -+ return 1; -+# else - /* This covers all non-interactive programs such as services. */ -- if (!wcsstr(name,L"WinSta0")) return 1; --#endif -- else return 0; -+ if (!wcsstr(name, L"WinSta0")) -+ return 1; -+# endif -+ else -+ return 0; - } --#else --int OPENSSL_isservice(void) { return 0; } --#endif -+# else -+int OPENSSL_isservice(void) -+{ -+ return 0; -+} -+# endif - --void OPENSSL_showfatal (const char *fmta,...) --{ va_list ap; -- TCHAR buf[256]; -- const TCHAR *fmt; --#ifdef STD_ERROR_HANDLE /* what a dirty trick! */ -- HANDLE h; -- -- if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && -- GetFileType(h)!=FILE_TYPE_UNKNOWN) -- { /* must be console application */ -- va_start (ap,fmta); -- vfprintf (stderr,fmta,ap); -- va_end (ap); -- return; -+void OPENSSL_showfatal(const char *fmta, ...) -+{ -+ va_list ap; -+ TCHAR buf[256]; -+ const TCHAR *fmt; -+# ifdef STD_ERROR_HANDLE /* what a dirty trick! */ -+ HANDLE h; -+ -+ if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL && -+ GetFileType(h) != FILE_TYPE_UNKNOWN) { -+ /* must be console application */ -+ va_start(ap, fmta); -+ vfprintf(stderr, fmta, ap); -+ va_end(ap); -+ return; - } --#endif -- -- if (sizeof(TCHAR)==sizeof(char)) -- fmt=(const TCHAR *)fmta; -- else do -- { int keepgoing; -- size_t len_0=strlen(fmta)+1,i; -- WCHAR *fmtw; -+# endif - --#ifdef _MSC_VER -- fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); --#else -- fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); --#endif -- if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } -+ if (sizeof(TCHAR) == sizeof(char)) -+ fmt = (const TCHAR *)fmta; -+ else -+ do { -+ int keepgoing; -+ size_t len_0 = strlen(fmta) + 1, i; -+ WCHAR *fmtw; - --#ifndef OPENSSL_NO_MULTIBYTE -- if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0)) --#endif -- for (i=0;i=0x0333 -+# ifdef _MSC_VER -+ fmtw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR)); -+# else -+ fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR)); -+# endif -+ if (fmtw == NULL) { -+ fmt = (const TCHAR *)L"no stack?"; -+ break; -+ } -+# ifndef OPENSSL_NO_MULTIBYTE -+ if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0)) -+# endif -+ for (i = 0; i < len_0; i++) -+ fmtw[i] = (WCHAR)fmta[i]; -+ -+ for (i = 0; i < len_0; i++) { -+ if (fmtw[i] == L'%') -+ do { -+ keepgoing = 0; -+ switch (fmtw[i + 1]) { -+ case L'0': -+ case L'1': -+ case L'2': -+ case L'3': -+ case L'4': -+ case L'5': -+ case L'6': -+ case L'7': -+ case L'8': -+ case L'9': -+ case L'.': -+ case L'*': -+ case L'-': -+ i++; -+ keepgoing = 1; -+ break; -+ case L's': -+ fmtw[i + 1] = L'S'; -+ break; -+ case L'S': -+ fmtw[i + 1] = L's'; -+ break; -+ case L'c': -+ fmtw[i + 1] = L'C'; -+ break; -+ case L'C': -+ fmtw[i + 1] = L'c'; -+ break; -+ } -+ } while (keepgoing); -+ } -+ fmt = (const TCHAR *)fmtw; -+ } while (0); -+ -+ va_start(ap, fmta); -+ _vsntprintf(buf, sizeof(buf) / sizeof(TCHAR) - 1, fmt, ap); -+ buf[sizeof(buf) / sizeof(TCHAR) - 1] = _T('\0'); -+ va_end(ap); -+ -+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 - /* this -------------v--- guards NT-specific calls */ -- if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) -- { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); -- const TCHAR *pmsg=buf; -- ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); -- DeregisterEventSource(h); -- } -- else --#endif -- MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); -+ if (check_winnt() && OPENSSL_isservice() > 0) { -+ HANDLE h = RegisterEventSource(0, _T("OPENSSL")); -+ const TCHAR *pmsg = buf; -+ ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0); -+ DeregisterEventSource(h); -+ } else -+# endif -+ MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP); - } - #else --void OPENSSL_showfatal (const char *fmta,...) --{ va_list ap; -+void OPENSSL_showfatal(const char *fmta, ...) -+{ -+ va_list ap; -+ -+ va_start(ap, fmta); -+ vfprintf(stderr, fmta, ap); -+ va_end(ap); -+} - -- va_start (ap,fmta); -- vfprintf (stderr,fmta,ap); -- va_end (ap); -+int OPENSSL_isservice(void) -+{ -+ return 0; - } --int OPENSSL_isservice (void) { return 0; } - #endif - --void OpenSSLDie(const char *file,int line,const char *assertion) -- { -- OPENSSL_showfatal( -- "%s(%d): OpenSSL internal error, assertion failed: %s\n", -- file,line,assertion); -- abort(); -- } -+void OpenSSLDie(const char *file, int line, const char *assertion) -+{ -+ OPENSSL_showfatal -+ ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line, -+ assertion); -+ abort(); -+} - --void *OPENSSL_stderr(void) { return stderr; } -+void *OPENSSL_stderr(void) -+{ -+ return stderr; -+} - - #ifndef OPENSSL_FIPS - - int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) -- { -- size_t i; -- const unsigned char *a = in_a; -- const unsigned char *b = in_b; -- unsigned char x = 0; -+{ -+ size_t i; -+ const unsigned char *a = in_a; -+ const unsigned char *b = in_b; -+ unsigned char x = 0; - -- for (i = 0; i < len; i++) -- x |= a[i] ^ b[i]; -+ for (i = 0; i < len; i++) -+ x |= a[i] ^ b[i]; - -- return x; -- } -+ return x; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c -index ea9f25f..0280225 100644 ---- a/Cryptlib/OpenSSL/crypto/cversion.c -+++ b/Cryptlib/OpenSSL/crypto/cversion.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,59 +59,54 @@ - #include "cryptlib.h" - - #ifndef NO_WINDOWS_BRAINDEATH --#include "buildinf.h" -+# include "buildinf.h" - #endif - - const char *SSLeay_version(int t) -- { -- if (t == SSLEAY_VERSION) -- return OPENSSL_VERSION_TEXT; -- if (t == SSLEAY_BUILT_ON) -- { -+{ -+ if (t == SSLEAY_VERSION) -+ return OPENSSL_VERSION_TEXT; -+ if (t == SSLEAY_BUILT_ON) { - #ifdef DATE -- static char buf[sizeof(DATE)+11]; -+ static char buf[sizeof(DATE) + 11]; - -- BIO_snprintf(buf,sizeof buf,"built on: %s",DATE); -- return(buf); -+ BIO_snprintf(buf, sizeof buf, "built on: %s", DATE); -+ return (buf); - #else -- return("built on: date not available"); -+ return ("built on: date not available"); - #endif -- } -- if (t == SSLEAY_CFLAGS) -- { -+ } -+ if (t == SSLEAY_CFLAGS) { - #ifdef CFLAGS -- static char buf[sizeof(CFLAGS)+11]; -+ static char buf[sizeof(CFLAGS) + 11]; - -- BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS); -- return(buf); -+ BIO_snprintf(buf, sizeof buf, "compiler: %s", CFLAGS); -+ return (buf); - #else -- return("compiler: information not available"); -+ return ("compiler: information not available"); - #endif -- } -- if (t == SSLEAY_PLATFORM) -- { -+ } -+ if (t == SSLEAY_PLATFORM) { - #ifdef PLATFORM -- static char buf[sizeof(PLATFORM)+11]; -+ static char buf[sizeof(PLATFORM) + 11]; - -- BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM); -- return(buf); -+ BIO_snprintf(buf, sizeof buf, "platform: %s", PLATFORM); -+ return (buf); - #else -- return("platform: information not available"); -+ return ("platform: information not available"); - #endif -- } -- if (t == SSLEAY_DIR) -- { -+ } -+ if (t == SSLEAY_DIR) { - #ifdef OPENSSLDIR -- return "OPENSSLDIR: \"" OPENSSLDIR "\""; -+ return "OPENSSLDIR: \"" OPENSSLDIR "\""; - #else -- return "OPENSSLDIR: N/A"; -+ return "OPENSSLDIR: N/A"; - #endif -- } -- return("not available"); -- } -+ } -+ return ("not available"); -+} - - unsigned long SSLeay(void) -- { -- return(SSLEAY_VERSION_NUMBER); -- } -- -+{ -+ return (SSLEAY_VERSION_NUMBER); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c -index 09a7ba5..f89b5b9 100644 ---- a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c -+++ b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,48 +59,45 @@ - #include "des_locl.h" - - DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, -- long length, DES_key_schedule *schedule, -- const_DES_cblock *ivec) -- { -- register DES_LONG tout0,tout1,tin0,tin1; -- register long l=length; -- DES_LONG tin[2]; -- unsigned char *out = &(*output)[0]; -- const unsigned char *iv = &(*ivec)[0]; -+ long length, DES_key_schedule *schedule, -+ const_DES_cblock *ivec) -+{ -+ register DES_LONG tout0, tout1, tin0, tin1; -+ register long l = length; -+ DES_LONG tin[2]; -+ unsigned char *out = &(*output)[0]; -+ const unsigned char *iv = &(*ivec)[0]; -+ -+ c2l(iv, tout0); -+ c2l(iv, tout1); -+ for (; l > 0; l -= 8) { -+ if (l >= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ } else -+ c2ln(in, tin0, tin1, l); - -- c2l(iv,tout0); -- c2l(iv,tout1); -- for (; l>0; l-=8) -- { -- if (l >= 8) -- { -- c2l(in,tin0); -- c2l(in,tin1); -- } -- else -- c2ln(in,tin0,tin1,l); -- -- tin0^=tout0; tin[0]=tin0; -- tin1^=tout1; tin[1]=tin1; -- DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); -- /* fix 15/10/91 eay - thanks to keithr@sco.COM */ -- tout0=tin[0]; -- tout1=tin[1]; -- } -- if (out != NULL) -- { -- l2c(tout0,out); -- l2c(tout1,out); -- } -- tout0=tin0=tin1=tin[0]=tin[1]=0; -- /* -- Transform the data in tout1 so that it will -- match the return value that the MIT Kerberos -- mit_des_cbc_cksum API returns. -- */ -- tout1 = ((tout1 >> 24L) & 0x000000FF) -- | ((tout1 >> 8L) & 0x0000FF00) -- | ((tout1 << 8L) & 0x00FF0000) -- | ((tout1 << 24L) & 0xFF000000); -- return(tout1); -- } -+ tin0 ^= tout0; -+ tin[0] = tin0; -+ tin1 ^= tout1; -+ tin[1] = tin1; -+ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); -+ /* fix 15/10/91 eay - thanks to keithr@sco.COM */ -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ } -+ if (out != NULL) { -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ tout0 = tin0 = tin1 = tin[0] = tin[1] = 0; -+ /* -+ * Transform the data in tout1 so that it will match the return value -+ * that the MIT Kerberos mit_des_cbc_cksum API returns. -+ */ -+ tout1 = ((tout1 >> 24L) & 0x000000FF) -+ | ((tout1 >> 8L) & 0x0000FF00) -+ | ((tout1 << 8L) & 0x00FF0000) -+ | ((tout1 << 24L) & 0xFF000000); -+ return (tout1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c -index 677903a..7ee3599 100644 ---- a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,4 +58,4 @@ - - #define CBC_ENC_C__DONT_UPDATE_IV - --#include "ncbc_enc.c" /* des_cbc_encrypt */ -+#include "ncbc_enc.c" /* des_cbc_encrypt */ -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c -index de34ecc..5d709c1 100644 ---- a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c -+++ b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,196 +59,191 @@ - #include "des_locl.h" - #include "e_os.h" - --/* The input and output encrypted as though 64bit cfb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit cfb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - - void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, DES_key_schedule *ks1, -- DES_key_schedule *ks2, DES_key_schedule *ks3, -- DES_cblock *ivec, int *num, int enc) -- { -- register DES_LONG v0,v1; -- register long l=length; -- register int n= *num; -- DES_LONG ti[2]; -- unsigned char *iv,c,cc; -+ long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int *num, int enc) -+{ -+ register DES_LONG v0, v1; -+ register long l = length; -+ register int n = *num; -+ DES_LONG ti[2]; -+ unsigned char *iv, c, cc; - -- iv=&(*ivec)[0]; -- if (enc) -- { -- while (l--) -- { -- if (n == 0) -- { -- c2l(iv,v0); -- c2l(iv,v1); -+ iv = &(*ivec)[0]; -+ if (enc) { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ c2l(iv, v1); - -- ti[0]=v0; -- ti[1]=v1; -- DES_encrypt3(ti,ks1,ks2,ks3); -- v0=ti[0]; -- v1=ti[1]; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt3(ti, ks1, ks2, ks3); -+ v0 = ti[0]; -+ v1 = ti[1]; - -- iv = &(*ivec)[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- iv = &(*ivec)[0]; -- } -- c= *(in++)^iv[n]; -- *(out++)=c; -- iv[n]=c; -- n=(n+1)&0x07; -- } -- } -- else -- { -- while (l--) -- { -- if (n == 0) -- { -- c2l(iv,v0); -- c2l(iv,v1); -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ iv = &(*ivec)[0]; -+ } -+ c = *(in++) ^ iv[n]; -+ *(out++) = c; -+ iv[n] = c; -+ n = (n + 1) & 0x07; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ c2l(iv, v1); - -- ti[0]=v0; -- ti[1]=v1; -- DES_encrypt3(ti,ks1,ks2,ks3); -- v0=ti[0]; -- v1=ti[1]; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt3(ti, ks1, ks2, ks3); -+ v0 = ti[0]; -+ v1 = ti[1]; - -- iv = &(*ivec)[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- iv = &(*ivec)[0]; -- } -- cc= *(in++); -- c=iv[n]; -- iv[n]=cc; -- *(out++)=c^cc; -- n=(n+1)&0x07; -- } -- } -- v0=v1=ti[0]=ti[1]=c=cc=0; -- *num=n; -- } -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ iv = &(*ivec)[0]; -+ } -+ cc = *(in++); -+ c = iv[n]; -+ iv[n] = cc; -+ *(out++) = c ^ cc; -+ n = (n + 1) & 0x07; -+ } -+ } -+ v0 = v1 = ti[0] = ti[1] = c = cc = 0; -+ *num = n; -+} - --#ifdef undef /* MACRO */ --void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, -- DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec), -- int *num, int enc) -- { -- DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc); -- } -+#ifdef undef /* MACRO */ -+void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, DES_key_schedule ks1, -+ DES_key_schedule ks2, DES_cblock (*ivec), -+ int *num, int enc) -+{ -+ DES_ede3_cfb64_encrypt(in, out, length, ks1, ks2, ks1, ivec, num, enc); -+} - #endif - --/* This is compatible with the single key CFB-r for DES, even thought that's -+/* -+ * This is compatible with the single key CFB-r for DES, even thought that's - * not what EVP needs. - */ - --void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, -- int numbits,long length,DES_key_schedule *ks1, -- DES_key_schedule *ks2,DES_key_schedule *ks3, -- DES_cblock *ivec,int enc) -- { -- register DES_LONG d0,d1,v0,v1; -- register unsigned long l=length,n=((unsigned int)numbits+7)/8; -- register int num=numbits,i; -- DES_LONG ti[2]; -- unsigned char *iv; -- unsigned char ovec[16]; -- -- if (num > 64) return; -- iv = &(*ivec)[0]; -- c2l(iv,v0); -- c2l(iv,v1); -- if (enc) -- { -- while (l >= n) -- { -- l-=n; -- ti[0]=v0; -- ti[1]=v1; -- DES_encrypt3(ti,ks1,ks2,ks3); -- c2ln(in,d0,d1,n); -- in+=n; -- d0^=ti[0]; -- d1^=ti[1]; -- l2cn(d0,d1,out,n); -- out+=n; -- /* 30-08-94 - eay - changed because l>>32 and -- * l<<32 are bad under gcc :-( */ -- if (num == 32) -- { v0=v1; v1=d0; } -- else if (num == 64) -- { v0=d0; v1=d1; } -- else -- { -- iv=&ovec[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- l2c(d0,iv); -- l2c(d1,iv); -- /* shift ovec left most of the bits... */ -- memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); -- /* now the remaining bits */ -- if(num%8 != 0) -- for(i=0 ; i < 8 ; ++i) -- { -- ovec[i]<<=num%8; -- ovec[i]|=ovec[i+1]>>(8-num%8); -- } -- iv=&ovec[0]; -- c2l(iv,v0); -- c2l(iv,v1); -- } -- } -- } -- else -- { -- while (l >= n) -- { -- l-=n; -- ti[0]=v0; -- ti[1]=v1; -- DES_encrypt3(ti,ks1,ks2,ks3); -- c2ln(in,d0,d1,n); -- in+=n; -- /* 30-08-94 - eay - changed because l>>32 and -- * l<<32 are bad under gcc :-( */ -- if (num == 32) -- { v0=v1; v1=d0; } -- else if (num == 64) -- { v0=d0; v1=d1; } -- else -- { -- iv=&ovec[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- l2c(d0,iv); -- l2c(d1,iv); -- /* shift ovec left most of the bits... */ -- memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); -- /* now the remaining bits */ -- if(num%8 != 0) -- for(i=0 ; i < 8 ; ++i) -- { -- ovec[i]<<=num%8; -- ovec[i]|=ovec[i+1]>>(8-num%8); -- } -- iv=&ovec[0]; -- c2l(iv,v0); -- c2l(iv,v1); -- } -- d0^=ti[0]; -- d1^=ti[1]; -- l2cn(d0,d1,out,n); -- out+=n; -- } -- } -- iv = &(*ivec)[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- v0=v1=d0=d1=ti[0]=ti[1]=0; -- } -+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, -+ int numbits, long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int enc) -+{ -+ register DES_LONG d0, d1, v0, v1; -+ register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8; -+ register int num = numbits, i; -+ DES_LONG ti[2]; -+ unsigned char *iv; -+ unsigned char ovec[16]; - -+ if (num > 64) -+ return; -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ if (enc) { -+ while (l >= n) { -+ l -= n; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt3(ti, ks1, ks2, ks3); -+ c2ln(in, d0, d1, n); -+ in += n; -+ d0 ^= ti[0]; -+ d1 ^= ti[1]; -+ l2cn(d0, d1, out, n); -+ out += n; -+ /* -+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under -+ * gcc :-( -+ */ -+ if (num == 32) { -+ v0 = v1; -+ v1 = d0; -+ } else if (num == 64) { -+ v0 = d0; -+ v1 = d1; -+ } else { -+ iv = &ovec[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ l2c(d0, iv); -+ l2c(d1, iv); -+ /* shift ovec left most of the bits... */ -+ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); -+ /* now the remaining bits */ -+ if (num % 8 != 0) -+ for (i = 0; i < 8; ++i) { -+ ovec[i] <<= num % 8; -+ ovec[i] |= ovec[i + 1] >> (8 - num % 8); -+ } -+ iv = &ovec[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ } -+ } -+ } else { -+ while (l >= n) { -+ l -= n; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt3(ti, ks1, ks2, ks3); -+ c2ln(in, d0, d1, n); -+ in += n; -+ /* -+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under -+ * gcc :-( -+ */ -+ if (num == 32) { -+ v0 = v1; -+ v1 = d0; -+ } else if (num == 64) { -+ v0 = d0; -+ v1 = d1; -+ } else { -+ iv = &ovec[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ l2c(d0, iv); -+ l2c(d1, iv); -+ /* shift ovec left most of the bits... */ -+ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); -+ /* now the remaining bits */ -+ if (num % 8 != 0) -+ for (i = 0; i < 8; ++i) { -+ ovec[i] <<= num % 8; -+ ovec[i] |= ovec[i + 1] >> (8 - num % 8); -+ } -+ iv = &ovec[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ } -+ d0 ^= ti[0]; -+ d1 ^= ti[1]; -+ l2cn(d0, d1, out, n); -+ out += n; -+ } -+ } -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c -index 5ec8683..7346774 100644 ---- a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,64 +58,65 @@ - - #include "des_locl.h" - --/* The input and output encrypted as though 64bit cfb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit cfb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - - void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, DES_key_schedule *schedule, -- DES_cblock *ivec, int *num, int enc) -- { -- register DES_LONG v0,v1; -- register long l=length; -- register int n= *num; -- DES_LONG ti[2]; -- unsigned char *iv,c,cc; -- -- iv = &(*ivec)[0]; -- if (enc) -- { -- while (l--) -- { -- if (n == 0) -- { -- c2l(iv,v0); ti[0]=v0; -- c2l(iv,v1); ti[1]=v1; -- DES_encrypt1(ti,schedule,DES_ENCRYPT); -- iv = &(*ivec)[0]; -- v0=ti[0]; l2c(v0,iv); -- v0=ti[1]; l2c(v0,iv); -- iv = &(*ivec)[0]; -- } -- c= *(in++)^iv[n]; -- *(out++)=c; -- iv[n]=c; -- n=(n+1)&0x07; -- } -- } -- else -- { -- while (l--) -- { -- if (n == 0) -- { -- c2l(iv,v0); ti[0]=v0; -- c2l(iv,v1); ti[1]=v1; -- DES_encrypt1(ti,schedule,DES_ENCRYPT); -- iv = &(*ivec)[0]; -- v0=ti[0]; l2c(v0,iv); -- v0=ti[1]; l2c(v0,iv); -- iv = &(*ivec)[0]; -- } -- cc= *(in++); -- c=iv[n]; -- iv[n]=cc; -- *(out++)=c^cc; -- n=(n+1)&0x07; -- } -- } -- v0=v1=ti[0]=ti[1]=c=cc=0; -- *num=n; -- } -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int *num, int enc) -+{ -+ register DES_LONG v0, v1; -+ register long l = length; -+ register int n = *num; -+ DES_LONG ti[2]; -+ unsigned char *iv, c, cc; - -+ iv = &(*ivec)[0]; -+ if (enc) { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ ti[0] = v0; -+ c2l(iv, v1); -+ ti[1] = v1; -+ DES_encrypt1(ti, schedule, DES_ENCRYPT); -+ iv = &(*ivec)[0]; -+ v0 = ti[0]; -+ l2c(v0, iv); -+ v0 = ti[1]; -+ l2c(v0, iv); -+ iv = &(*ivec)[0]; -+ } -+ c = *(in++) ^ iv[n]; -+ *(out++) = c; -+ iv[n] = c; -+ n = (n + 1) & 0x07; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ ti[0] = v0; -+ c2l(iv, v1); -+ ti[1] = v1; -+ DES_encrypt1(ti, schedule, DES_ENCRYPT); -+ iv = &(*ivec)[0]; -+ v0 = ti[0]; -+ l2c(v0, iv); -+ v0 = ti[1]; -+ l2c(v0, iv); -+ iv = &(*ivec)[0]; -+ } -+ cc = *(in++); -+ c = iv[n]; -+ iv[n] = cc; -+ *(out++) = c ^ cc; -+ n = (n + 1) & 0x07; -+ } -+ } -+ v0 = v1 = ti[0] = ti[1] = c = cc = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c -index 720f29a..bd0e299 100644 ---- a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,136 +60,140 @@ - #include "des_locl.h" - #include - --/* The input and output are loaded in multiples of 8 bits. -- * What this means is that if you hame numbits=12 and length=2 -- * the first 12 bits will be retrieved from the first byte and half -- * the second. The second 12 bits will come from the 3rd and half the 4th -- * byte. -+/* -+ * The input and output are loaded in multiples of 8 bits. What this means is -+ * that if you hame numbits=12 and length=2 the first 12 bits will be -+ * retrieved from the first byte and half the second. The second 12 bits -+ * will come from the 3rd and half the 4th byte. -+ */ -+/* -+ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it -+ * will not be compatible with any encryption prior to that date. Ben. - */ --/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it -- * will not be compatible with any encryption prior to that date. Ben. */ - void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, -- long length, DES_key_schedule *schedule, DES_cblock *ivec, -- int enc) -- { -- register DES_LONG d0,d1,v0,v1; -- register unsigned long l=length; -- register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8; -- DES_LONG ti[2]; -- unsigned char *iv; -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int enc) -+{ -+ register DES_LONG d0, d1, v0, v1; -+ register unsigned long l = length; -+ register int num = numbits / 8, n = (numbits + 7) / 8, i, rem = -+ numbits % 8; -+ DES_LONG ti[2]; -+ unsigned char *iv; - #ifndef L_ENDIAN -- unsigned char ovec[16]; -+ unsigned char ovec[16]; - #else -- unsigned int sh[4]; -- unsigned char *ovec=(unsigned char *)sh; -+ unsigned int sh[4]; -+ unsigned char *ovec = (unsigned char *)sh; -+ -+ /* I kind of count that compiler optimizes away this assertioni, */ -+ assert(sizeof(sh[0]) == 4); /* as this holds true for all, */ -+ /* but 16-bit platforms... */ - -- /* I kind of count that compiler optimizes away this assertioni,*/ -- assert (sizeof(sh[0])==4); /* as this holds true for all, */ -- /* but 16-bit platforms... */ -- - #endif - -- if (numbits<=0 || numbits > 64) return; -- iv = &(*ivec)[0]; -- c2l(iv,v0); -- c2l(iv,v1); -- if (enc) -- { -- while (l >= (unsigned long)n) -- { -- l-=n; -- ti[0]=v0; -- ti[1]=v1; -- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); -- c2ln(in,d0,d1,n); -- in+=n; -- d0^=ti[0]; -- d1^=ti[1]; -- l2cn(d0,d1,out,n); -- out+=n; -- /* 30-08-94 - eay - changed because l>>32 and -- * l<<32 are bad under gcc :-( */ -- if (numbits == 32) -- { v0=v1; v1=d0; } -- else if (numbits == 64) -- { v0=d0; v1=d1; } -- else -- { -+ if (numbits <= 0 || numbits > 64) -+ return; -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ if (enc) { -+ while (l >= (unsigned long)n) { -+ l -= n; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); -+ c2ln(in, d0, d1, n); -+ in += n; -+ d0 ^= ti[0]; -+ d1 ^= ti[1]; -+ l2cn(d0, d1, out, n); -+ out += n; -+ /* -+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under -+ * gcc :-( -+ */ -+ if (numbits == 32) { -+ v0 = v1; -+ v1 = d0; -+ } else if (numbits == 64) { -+ v0 = d0; -+ v1 = d1; -+ } else { - #ifndef L_ENDIAN -- iv=&ovec[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- l2c(d0,iv); -- l2c(d1,iv); -+ iv = &ovec[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ l2c(d0, iv); -+ l2c(d1, iv); - #else -- sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; -+ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; - #endif -- if (rem==0) -- memmove(ovec,ovec+num,8); -- else -- for(i=0 ; i < 8 ; ++i) -- ovec[i]=ovec[i+num]<>(8-rem); -+ if (rem == 0) -+ memmove(ovec, ovec + num, 8); -+ else -+ for (i = 0; i < 8; ++i) -+ ovec[i] = ovec[i + num] << rem | -+ ovec[i + num + 1] >> (8 - rem); - #ifdef L_ENDIAN -- v0=sh[0], v1=sh[1]; -+ v0 = sh[0], v1 = sh[1]; - #else -- iv=&ovec[0]; -- c2l(iv,v0); -- c2l(iv,v1); -+ iv = &ovec[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); - #endif -- } -- } -- } -- else -- { -- while (l >= (unsigned long)n) -- { -- l-=n; -- ti[0]=v0; -- ti[1]=v1; -- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); -- c2ln(in,d0,d1,n); -- in+=n; -- /* 30-08-94 - eay - changed because l>>32 and -- * l<<32 are bad under gcc :-( */ -- if (numbits == 32) -- { v0=v1; v1=d0; } -- else if (numbits == 64) -- { v0=d0; v1=d1; } -- else -- { -+ } -+ } -+ } else { -+ while (l >= (unsigned long)n) { -+ l -= n; -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); -+ c2ln(in, d0, d1, n); -+ in += n; -+ /* -+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under -+ * gcc :-( -+ */ -+ if (numbits == 32) { -+ v0 = v1; -+ v1 = d0; -+ } else if (numbits == 64) { -+ v0 = d0; -+ v1 = d1; -+ } else { - #ifndef L_ENDIAN -- iv=&ovec[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- l2c(d0,iv); -- l2c(d1,iv); -+ iv = &ovec[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ l2c(d0, iv); -+ l2c(d1, iv); - #else -- sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; -+ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; - #endif -- if (rem==0) -- memmove(ovec,ovec+num,8); -- else -- for(i=0 ; i < 8 ; ++i) -- ovec[i]=ovec[i+num]<>(8-rem); -+ if (rem == 0) -+ memmove(ovec, ovec + num, 8); -+ else -+ for (i = 0; i < 8; ++i) -+ ovec[i] = ovec[i + num] << rem | -+ ovec[i + num + 1] >> (8 - rem); - #ifdef L_ENDIAN -- v0=sh[0], v1=sh[1]; -+ v0 = sh[0], v1 = sh[1]; - #else -- iv=&ovec[0]; -- c2l(iv,v0); -- c2l(iv,v1); -+ iv = &ovec[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); - #endif -- } -- d0^=ti[0]; -- d1^=ti[1]; -- l2cn(d0,d1,out,n); -- out+=n; -- } -- } -- iv = &(*ivec)[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- v0=v1=d0=d1=ti[0]=ti[1]=0; -- } -- -+ } -+ d0 ^= ti[0]; -+ d1 ^= ti[1]; -+ l2cn(d0, d1, out, n); -+ out += n; -+ } -+ } -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c -index cf71965..7be2a35 100644 ---- a/Cryptlib/OpenSSL/crypto/des/des_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/des_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,353 +59,342 @@ - #include "des_locl.h" - - void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) -- { -- register DES_LONG l,r,t,u; -+{ -+ register DES_LONG l, r, t, u; - #ifdef DES_PTR -- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; -+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; - #endif - #ifndef DES_UNROLL -- register int i; -+ register int i; - #endif -- register DES_LONG *s; -- -- r=data[0]; -- l=data[1]; -- -- IP(r,l); -- /* Things have been modified so that the initial rotate is -- * done outside the loop. This required the -- * DES_SPtrans values in sp.h to be rotated 1 bit to the right. -- * One perl script later and things have a 5% speed up on a sparc2. -- * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> -- * for pointing this out. */ -- /* clear the top bits on machines with 8byte longs */ -- /* shift left by 2 */ -- r=ROTATE(r,29)&0xffffffffL; -- l=ROTATE(l,29)&0xffffffffL; -- -- s=ks->ks->deslong; -- /* I don't know if it is worth the effort of loop unrolling the -- * inner loop */ -- if (enc) -- { -+ register DES_LONG *s; -+ -+ r = data[0]; -+ l = data[1]; -+ -+ IP(r, l); -+ /* -+ * Things have been modified so that the initial rotate is done outside -+ * the loop. This required the DES_SPtrans values in sp.h to be rotated -+ * 1 bit to the right. One perl script later and things have a 5% speed -+ * up on a sparc2. Thanks to Richard Outerbridge -+ * <71755.204@CompuServe.COM> for pointing this out. -+ */ -+ /* clear the top bits on machines with 8byte longs */ -+ /* shift left by 2 */ -+ r = ROTATE(r, 29) & 0xffffffffL; -+ l = ROTATE(l, 29) & 0xffffffffL; -+ -+ s = ks->ks->deslong; -+ /* -+ * I don't know if it is worth the effort of loop unrolling the inner -+ * loop -+ */ -+ if (enc) { - #ifdef DES_UNROLL -- D_ENCRYPT(l,r, 0); /* 1 */ -- D_ENCRYPT(r,l, 2); /* 2 */ -- D_ENCRYPT(l,r, 4); /* 3 */ -- D_ENCRYPT(r,l, 6); /* 4 */ -- D_ENCRYPT(l,r, 8); /* 5 */ -- D_ENCRYPT(r,l,10); /* 6 */ -- D_ENCRYPT(l,r,12); /* 7 */ -- D_ENCRYPT(r,l,14); /* 8 */ -- D_ENCRYPT(l,r,16); /* 9 */ -- D_ENCRYPT(r,l,18); /* 10 */ -- D_ENCRYPT(l,r,20); /* 11 */ -- D_ENCRYPT(r,l,22); /* 12 */ -- D_ENCRYPT(l,r,24); /* 13 */ -- D_ENCRYPT(r,l,26); /* 14 */ -- D_ENCRYPT(l,r,28); /* 15 */ -- D_ENCRYPT(r,l,30); /* 16 */ -+ D_ENCRYPT(l, r, 0); /* 1 */ -+ D_ENCRYPT(r, l, 2); /* 2 */ -+ D_ENCRYPT(l, r, 4); /* 3 */ -+ D_ENCRYPT(r, l, 6); /* 4 */ -+ D_ENCRYPT(l, r, 8); /* 5 */ -+ D_ENCRYPT(r, l, 10); /* 6 */ -+ D_ENCRYPT(l, r, 12); /* 7 */ -+ D_ENCRYPT(r, l, 14); /* 8 */ -+ D_ENCRYPT(l, r, 16); /* 9 */ -+ D_ENCRYPT(r, l, 18); /* 10 */ -+ D_ENCRYPT(l, r, 20); /* 11 */ -+ D_ENCRYPT(r, l, 22); /* 12 */ -+ D_ENCRYPT(l, r, 24); /* 13 */ -+ D_ENCRYPT(r, l, 26); /* 14 */ -+ D_ENCRYPT(l, r, 28); /* 15 */ -+ D_ENCRYPT(r, l, 30); /* 16 */ - #else -- for (i=0; i<32; i+=8) -- { -- D_ENCRYPT(l,r,i+0); /* 1 */ -- D_ENCRYPT(r,l,i+2); /* 2 */ -- D_ENCRYPT(l,r,i+4); /* 3 */ -- D_ENCRYPT(r,l,i+6); /* 4 */ -- } -+ for (i = 0; i < 32; i += 8) { -+ D_ENCRYPT(l, r, i + 0); /* 1 */ -+ D_ENCRYPT(r, l, i + 2); /* 2 */ -+ D_ENCRYPT(l, r, i + 4); /* 3 */ -+ D_ENCRYPT(r, l, i + 6); /* 4 */ -+ } - #endif -- } -- else -- { -+ } else { - #ifdef DES_UNROLL -- D_ENCRYPT(l,r,30); /* 16 */ -- D_ENCRYPT(r,l,28); /* 15 */ -- D_ENCRYPT(l,r,26); /* 14 */ -- D_ENCRYPT(r,l,24); /* 13 */ -- D_ENCRYPT(l,r,22); /* 12 */ -- D_ENCRYPT(r,l,20); /* 11 */ -- D_ENCRYPT(l,r,18); /* 10 */ -- D_ENCRYPT(r,l,16); /* 9 */ -- D_ENCRYPT(l,r,14); /* 8 */ -- D_ENCRYPT(r,l,12); /* 7 */ -- D_ENCRYPT(l,r,10); /* 6 */ -- D_ENCRYPT(r,l, 8); /* 5 */ -- D_ENCRYPT(l,r, 6); /* 4 */ -- D_ENCRYPT(r,l, 4); /* 3 */ -- D_ENCRYPT(l,r, 2); /* 2 */ -- D_ENCRYPT(r,l, 0); /* 1 */ -+ D_ENCRYPT(l, r, 30); /* 16 */ -+ D_ENCRYPT(r, l, 28); /* 15 */ -+ D_ENCRYPT(l, r, 26); /* 14 */ -+ D_ENCRYPT(r, l, 24); /* 13 */ -+ D_ENCRYPT(l, r, 22); /* 12 */ -+ D_ENCRYPT(r, l, 20); /* 11 */ -+ D_ENCRYPT(l, r, 18); /* 10 */ -+ D_ENCRYPT(r, l, 16); /* 9 */ -+ D_ENCRYPT(l, r, 14); /* 8 */ -+ D_ENCRYPT(r, l, 12); /* 7 */ -+ D_ENCRYPT(l, r, 10); /* 6 */ -+ D_ENCRYPT(r, l, 8); /* 5 */ -+ D_ENCRYPT(l, r, 6); /* 4 */ -+ D_ENCRYPT(r, l, 4); /* 3 */ -+ D_ENCRYPT(l, r, 2); /* 2 */ -+ D_ENCRYPT(r, l, 0); /* 1 */ - #else -- for (i=30; i>0; i-=8) -- { -- D_ENCRYPT(l,r,i-0); /* 16 */ -- D_ENCRYPT(r,l,i-2); /* 15 */ -- D_ENCRYPT(l,r,i-4); /* 14 */ -- D_ENCRYPT(r,l,i-6); /* 13 */ -- } -+ for (i = 30; i > 0; i -= 8) { -+ D_ENCRYPT(l, r, i - 0); /* 16 */ -+ D_ENCRYPT(r, l, i - 2); /* 15 */ -+ D_ENCRYPT(l, r, i - 4); /* 14 */ -+ D_ENCRYPT(r, l, i - 6); /* 13 */ -+ } - #endif -- } -+ } - -- /* rotate and clear the top bits on machines with 8byte longs */ -- l=ROTATE(l,3)&0xffffffffL; -- r=ROTATE(r,3)&0xffffffffL; -+ /* rotate and clear the top bits on machines with 8byte longs */ -+ l = ROTATE(l, 3) & 0xffffffffL; -+ r = ROTATE(r, 3) & 0xffffffffL; - -- FP(r,l); -- data[0]=l; -- data[1]=r; -- l=r=t=u=0; -- } -+ FP(r, l); -+ data[0] = l; -+ data[1] = r; -+ l = r = t = u = 0; -+} - - void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) -- { -- register DES_LONG l,r,t,u; -+{ -+ register DES_LONG l, r, t, u; - #ifdef DES_PTR -- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; -+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; - #endif - #ifndef DES_UNROLL -- register int i; -+ register int i; - #endif -- register DES_LONG *s; -- -- r=data[0]; -- l=data[1]; -- -- /* Things have been modified so that the initial rotate is -- * done outside the loop. This required the -- * DES_SPtrans values in sp.h to be rotated 1 bit to the right. -- * One perl script later and things have a 5% speed up on a sparc2. -- * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> -- * for pointing this out. */ -- /* clear the top bits on machines with 8byte longs */ -- r=ROTATE(r,29)&0xffffffffL; -- l=ROTATE(l,29)&0xffffffffL; -- -- s=ks->ks->deslong; -- /* I don't know if it is worth the effort of loop unrolling the -- * inner loop */ -- if (enc) -- { -+ register DES_LONG *s; -+ -+ r = data[0]; -+ l = data[1]; -+ -+ /* -+ * Things have been modified so that the initial rotate is done outside -+ * the loop. This required the DES_SPtrans values in sp.h to be rotated -+ * 1 bit to the right. One perl script later and things have a 5% speed -+ * up on a sparc2. Thanks to Richard Outerbridge -+ * <71755.204@CompuServe.COM> for pointing this out. -+ */ -+ /* clear the top bits on machines with 8byte longs */ -+ r = ROTATE(r, 29) & 0xffffffffL; -+ l = ROTATE(l, 29) & 0xffffffffL; -+ -+ s = ks->ks->deslong; -+ /* -+ * I don't know if it is worth the effort of loop unrolling the inner -+ * loop -+ */ -+ if (enc) { - #ifdef DES_UNROLL -- D_ENCRYPT(l,r, 0); /* 1 */ -- D_ENCRYPT(r,l, 2); /* 2 */ -- D_ENCRYPT(l,r, 4); /* 3 */ -- D_ENCRYPT(r,l, 6); /* 4 */ -- D_ENCRYPT(l,r, 8); /* 5 */ -- D_ENCRYPT(r,l,10); /* 6 */ -- D_ENCRYPT(l,r,12); /* 7 */ -- D_ENCRYPT(r,l,14); /* 8 */ -- D_ENCRYPT(l,r,16); /* 9 */ -- D_ENCRYPT(r,l,18); /* 10 */ -- D_ENCRYPT(l,r,20); /* 11 */ -- D_ENCRYPT(r,l,22); /* 12 */ -- D_ENCRYPT(l,r,24); /* 13 */ -- D_ENCRYPT(r,l,26); /* 14 */ -- D_ENCRYPT(l,r,28); /* 15 */ -- D_ENCRYPT(r,l,30); /* 16 */ -+ D_ENCRYPT(l, r, 0); /* 1 */ -+ D_ENCRYPT(r, l, 2); /* 2 */ -+ D_ENCRYPT(l, r, 4); /* 3 */ -+ D_ENCRYPT(r, l, 6); /* 4 */ -+ D_ENCRYPT(l, r, 8); /* 5 */ -+ D_ENCRYPT(r, l, 10); /* 6 */ -+ D_ENCRYPT(l, r, 12); /* 7 */ -+ D_ENCRYPT(r, l, 14); /* 8 */ -+ D_ENCRYPT(l, r, 16); /* 9 */ -+ D_ENCRYPT(r, l, 18); /* 10 */ -+ D_ENCRYPT(l, r, 20); /* 11 */ -+ D_ENCRYPT(r, l, 22); /* 12 */ -+ D_ENCRYPT(l, r, 24); /* 13 */ -+ D_ENCRYPT(r, l, 26); /* 14 */ -+ D_ENCRYPT(l, r, 28); /* 15 */ -+ D_ENCRYPT(r, l, 30); /* 16 */ - #else -- for (i=0; i<32; i+=8) -- { -- D_ENCRYPT(l,r,i+0); /* 1 */ -- D_ENCRYPT(r,l,i+2); /* 2 */ -- D_ENCRYPT(l,r,i+4); /* 3 */ -- D_ENCRYPT(r,l,i+6); /* 4 */ -- } -+ for (i = 0; i < 32; i += 8) { -+ D_ENCRYPT(l, r, i + 0); /* 1 */ -+ D_ENCRYPT(r, l, i + 2); /* 2 */ -+ D_ENCRYPT(l, r, i + 4); /* 3 */ -+ D_ENCRYPT(r, l, i + 6); /* 4 */ -+ } - #endif -- } -- else -- { -+ } else { - #ifdef DES_UNROLL -- D_ENCRYPT(l,r,30); /* 16 */ -- D_ENCRYPT(r,l,28); /* 15 */ -- D_ENCRYPT(l,r,26); /* 14 */ -- D_ENCRYPT(r,l,24); /* 13 */ -- D_ENCRYPT(l,r,22); /* 12 */ -- D_ENCRYPT(r,l,20); /* 11 */ -- D_ENCRYPT(l,r,18); /* 10 */ -- D_ENCRYPT(r,l,16); /* 9 */ -- D_ENCRYPT(l,r,14); /* 8 */ -- D_ENCRYPT(r,l,12); /* 7 */ -- D_ENCRYPT(l,r,10); /* 6 */ -- D_ENCRYPT(r,l, 8); /* 5 */ -- D_ENCRYPT(l,r, 6); /* 4 */ -- D_ENCRYPT(r,l, 4); /* 3 */ -- D_ENCRYPT(l,r, 2); /* 2 */ -- D_ENCRYPT(r,l, 0); /* 1 */ -+ D_ENCRYPT(l, r, 30); /* 16 */ -+ D_ENCRYPT(r, l, 28); /* 15 */ -+ D_ENCRYPT(l, r, 26); /* 14 */ -+ D_ENCRYPT(r, l, 24); /* 13 */ -+ D_ENCRYPT(l, r, 22); /* 12 */ -+ D_ENCRYPT(r, l, 20); /* 11 */ -+ D_ENCRYPT(l, r, 18); /* 10 */ -+ D_ENCRYPT(r, l, 16); /* 9 */ -+ D_ENCRYPT(l, r, 14); /* 8 */ -+ D_ENCRYPT(r, l, 12); /* 7 */ -+ D_ENCRYPT(l, r, 10); /* 6 */ -+ D_ENCRYPT(r, l, 8); /* 5 */ -+ D_ENCRYPT(l, r, 6); /* 4 */ -+ D_ENCRYPT(r, l, 4); /* 3 */ -+ D_ENCRYPT(l, r, 2); /* 2 */ -+ D_ENCRYPT(r, l, 0); /* 1 */ - #else -- for (i=30; i>0; i-=8) -- { -- D_ENCRYPT(l,r,i-0); /* 16 */ -- D_ENCRYPT(r,l,i-2); /* 15 */ -- D_ENCRYPT(l,r,i-4); /* 14 */ -- D_ENCRYPT(r,l,i-6); /* 13 */ -- } -+ for (i = 30; i > 0; i -= 8) { -+ D_ENCRYPT(l, r, i - 0); /* 16 */ -+ D_ENCRYPT(r, l, i - 2); /* 15 */ -+ D_ENCRYPT(l, r, i - 4); /* 14 */ -+ D_ENCRYPT(r, l, i - 6); /* 13 */ -+ } - #endif -- } -- /* rotate and clear the top bits on machines with 8byte longs */ -- data[0]=ROTATE(l,3)&0xffffffffL; -- data[1]=ROTATE(r,3)&0xffffffffL; -- l=r=t=u=0; -- } -+ } -+ /* rotate and clear the top bits on machines with 8byte longs */ -+ data[0] = ROTATE(l, 3) & 0xffffffffL; -+ data[1] = ROTATE(r, 3) & 0xffffffffL; -+ l = r = t = u = 0; -+} - - void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, -- DES_key_schedule *ks2, DES_key_schedule *ks3) -- { -- register DES_LONG l,r; -- -- l=data[0]; -- r=data[1]; -- IP(l,r); -- data[0]=l; -- data[1]=r; -- DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT); -- DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT); -- DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT); -- l=data[0]; -- r=data[1]; -- FP(r,l); -- data[0]=l; -- data[1]=r; -- } -+ DES_key_schedule *ks2, DES_key_schedule *ks3) -+{ -+ register DES_LONG l, r; -+ -+ l = data[0]; -+ r = data[1]; -+ IP(l, r); -+ data[0] = l; -+ data[1] = r; -+ DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT); -+ DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT); -+ DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT); -+ l = data[0]; -+ r = data[1]; -+ FP(r, l); -+ data[0] = l; -+ data[1] = r; -+} - - void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, -- DES_key_schedule *ks2, DES_key_schedule *ks3) -- { -- register DES_LONG l,r; -- -- l=data[0]; -- r=data[1]; -- IP(l,r); -- data[0]=l; -- data[1]=r; -- DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT); -- DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT); -- DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT); -- l=data[0]; -- r=data[1]; -- FP(r,l); -- data[0]=l; -- data[1]=r; -- } -+ DES_key_schedule *ks2, DES_key_schedule *ks3) -+{ -+ register DES_LONG l, r; -+ -+ l = data[0]; -+ r = data[1]; -+ IP(l, r); -+ data[0] = l; -+ data[1] = r; -+ DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT); -+ DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT); -+ DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT); -+ l = data[0]; -+ r = data[1]; -+ FP(r, l); -+ data[0] = l; -+ data[1] = r; -+} - - #ifndef DES_DEFAULT_OPTIONS - --#if !defined(OPENSSL_FIPS_DES_ASM) -+# if !defined(OPENSSL_FIPS_DES_ASM) - --#undef CBC_ENC_C__DONT_UPDATE_IV --#include "ncbc_enc.c" /* DES_ncbc_encrypt */ -+# undef CBC_ENC_C__DONT_UPDATE_IV -+# include "ncbc_enc.c" /* DES_ncbc_encrypt */ - - void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, -- long length, DES_key_schedule *ks1, -- DES_key_schedule *ks2, DES_key_schedule *ks3, -- DES_cblock *ivec, int enc) -- { -- register DES_LONG tin0,tin1; -- register DES_LONG tout0,tout1,xor0,xor1; -- register const unsigned char *in; -- unsigned char *out; -- register long l=length; -- DES_LONG tin[2]; -- unsigned char *iv; -- -- in=input; -- out=output; -- iv = &(*ivec)[0]; -- -- if (enc) -- { -- c2l(iv,tout0); -- c2l(iv,tout1); -- for (l-=8; l>=0; l-=8) -- { -- c2l(in,tin0); -- c2l(in,tin1); -- tin0^=tout0; -- tin1^=tout1; -- -- tin[0]=tin0; -- tin[1]=tin1; -- DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); -- tout0=tin[0]; -- tout1=tin[1]; -- -- l2c(tout0,out); -- l2c(tout1,out); -- } -- if (l != -8) -- { -- c2ln(in,tin0,tin1,l+8); -- tin0^=tout0; -- tin1^=tout1; -- -- tin[0]=tin0; -- tin[1]=tin1; -- DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); -- tout0=tin[0]; -- tout1=tin[1]; -- -- l2c(tout0,out); -- l2c(tout1,out); -- } -- iv = &(*ivec)[0]; -- l2c(tout0,iv); -- l2c(tout1,iv); -- } -- else -- { -- register DES_LONG t0,t1; -- -- c2l(iv,xor0); -- c2l(iv,xor1); -- for (l-=8; l>=0; l-=8) -- { -- c2l(in,tin0); -- c2l(in,tin1); -- -- t0=tin0; -- t1=tin1; -- -- tin[0]=tin0; -- tin[1]=tin1; -- DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); -- tout0=tin[0]; -- tout1=tin[1]; -- -- tout0^=xor0; -- tout1^=xor1; -- l2c(tout0,out); -- l2c(tout1,out); -- xor0=t0; -- xor1=t1; -- } -- if (l != -8) -- { -- c2l(in,tin0); -- c2l(in,tin1); -- -- t0=tin0; -- t1=tin1; -- -- tin[0]=tin0; -- tin[1]=tin1; -- DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); -- tout0=tin[0]; -- tout1=tin[1]; -- -- tout0^=xor0; -- tout1^=xor1; -- l2cn(tout0,tout1,out,l+8); -- xor0=t0; -- xor1=t1; -- } -- -- iv = &(*ivec)[0]; -- l2c(xor0,iv); -- l2c(xor1,iv); -- } -- tin0=tin1=tout0=tout1=xor0=xor1=0; -- tin[0]=tin[1]=0; -- } -- --#endif -- --#endif /* DES_DEFAULT_OPTIONS */ -+ long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec, int enc) -+{ -+ register DES_LONG tin0, tin1; -+ register DES_LONG tout0, tout1, xor0, xor1; -+ register const unsigned char *in; -+ unsigned char *out; -+ register long l = length; -+ DES_LONG tin[2]; -+ unsigned char *iv; -+ -+ in = input; -+ out = output; -+ iv = &(*ivec)[0]; -+ -+ if (enc) { -+ c2l(iv, tout0); -+ c2l(iv, tout1); -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ if (l != -8) { -+ c2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ iv = &(*ivec)[0]; -+ l2c(tout0, iv); -+ l2c(tout1, iv); -+ } else { -+ register DES_LONG t0, t1; -+ -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ -+ t0 = tin0; -+ t1 = tin1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ tout0 ^= xor0; -+ tout1 ^= xor1; -+ l2c(tout0, out); -+ l2c(tout1, out); -+ xor0 = t0; -+ xor1 = t1; -+ } -+ if (l != -8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ -+ t0 = tin0; -+ t1 = tin1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ tout0 ^= xor0; -+ tout1 ^= xor1; -+ l2cn(tout0, tout1, out, l + 8); -+ xor0 = t0; -+ xor1 = t1; -+ } -+ -+ iv = &(*ivec)[0]; -+ l2c(xor0, iv); -+ l2c(xor1, iv); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} -+ -+# endif -+ -+#endif /* DES_DEFAULT_OPTIONS */ -diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c -index d4b3047..391fe4c 100644 ---- a/Cryptlib/OpenSSL/crypto/des/des_lib.c -+++ b/Cryptlib/OpenSSL/crypto/des/des_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,46 +61,44 @@ - #include - #include - --OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT; --OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT; -+OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT; -+OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT; - - const char *DES_options(void) -- { -- static int init=1; -- static char buf[32]; -+{ -+ static int init = 1; -+ static char buf[32]; - -- if (init) -- { -- const char *ptr,*unroll,*risc,*size; -+ if (init) { -+ const char *ptr, *unroll, *risc, *size; - - #ifdef DES_PTR -- ptr="ptr"; -+ ptr = "ptr"; - #else -- ptr="idx"; -+ ptr = "idx"; - #endif - #if defined(DES_RISC1) || defined(DES_RISC2) --#ifdef DES_RISC1 -- risc="risc1"; --#endif --#ifdef DES_RISC2 -- risc="risc2"; --#endif -+# ifdef DES_RISC1 -+ risc = "risc1"; -+# endif -+# ifdef DES_RISC2 -+ risc = "risc2"; -+# endif - #else -- risc="cisc"; -+ risc = "cisc"; - #endif - #ifdef DES_UNROLL -- unroll="16"; -+ unroll = "16"; - #else -- unroll="4"; -+ unroll = "4"; - #endif -- if (sizeof(DES_LONG) != sizeof(long)) -- size="int"; -- else -- size="long"; -- BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, -- size); -- init=0; -- } -- return(buf); -- } -- -+ if (sizeof(DES_LONG) != sizeof(long)) -+ size = "int"; -+ else -+ size = "long"; -+ BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, -+ size); -+ init = 0; -+ } -+ return (buf); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c -index 7c33ed7..54b0968 100644 ---- a/Cryptlib/OpenSSL/crypto/des/des_old.c -+++ b/Cryptlib/OpenSSL/crypto/des/des_old.c -@@ -1,6 +1,7 @@ - /* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ - --/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -+/*- -+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * The function names in here are deprecated and are only present to - * provide an interface compatible with libdes. OpenSSL now provides -@@ -15,8 +16,9 @@ - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -@@ -26,7 +28,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -77,197 +79,267 @@ - #include - - const char *_ossl_old_des_options(void) -- { -- return DES_options(); -- } --void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, -- des_key_schedule ks1,des_key_schedule ks2, -- des_key_schedule ks3, int enc) -- { -- DES_ecb3_encrypt((const_DES_cblock *)input, output, -- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -- (DES_key_schedule *)ks3, enc); -- } --DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, -- long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec) -- { -- return DES_cbc_cksum((unsigned char *)input, output, length, -- (DES_key_schedule *)schedule, ivec); -- } --void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, -- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) -- { -- DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, -- length, (DES_key_schedule *)schedule, ivec, enc); -- } --void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, -- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) -- { -- DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, -- length, (DES_key_schedule *)schedule, ivec, enc); -- } --void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, -- des_key_schedule schedule,_ossl_old_des_cblock *ivec, -- _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc) -- { -- DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, -- length, (DES_key_schedule *)schedule, ivec, inw, outw, enc); -- } --void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, -- long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) -- { -- DES_cfb_encrypt(in, out, numbits, length, -- (DES_key_schedule *)schedule, ivec, enc); -- } --void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, -- des_key_schedule ks,int enc) -- { -- DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); -- } --void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc) -- { -- DES_encrypt1(data, (DES_key_schedule *)ks, enc); -- } --void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc) -- { -- DES_encrypt2(data, (DES_key_schedule *)ks, enc); -- } -+{ -+ return DES_options(); -+} -+ -+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, -+ des_key_schedule ks1, des_key_schedule ks2, -+ des_key_schedule ks3, int enc) -+{ -+ DES_ecb3_encrypt((const_DES_cblock *)input, output, -+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3, enc); -+} -+ -+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec) -+{ -+ return DES_cbc_cksum((unsigned char *)input, output, length, -+ (DES_key_schedule *)schedule, ivec); -+} -+ -+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)schedule, ivec, enc); -+} -+ -+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)schedule, ivec, enc); -+} -+ -+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, -+ _ossl_old_des_cblock *inw, -+ _ossl_old_des_cblock *outw, int enc) -+{ -+ DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)schedule, ivec, inw, outw, -+ enc); -+} -+ -+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, -+ int numbits, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_cfb_encrypt(in, out, numbits, length, -+ (DES_key_schedule *)schedule, ivec, enc); -+} -+ -+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, -+ des_key_schedule ks, int enc) -+{ -+ DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); -+} -+ -+void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) -+{ -+ DES_encrypt1(data, (DES_key_schedule *)ks, enc); -+} -+ -+void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc) -+{ -+ DES_encrypt2(data, (DES_key_schedule *)ks, enc); -+} -+ - void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1, -- des_key_schedule ks2, des_key_schedule ks3) -- { -- DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -- (DES_key_schedule *)ks3); -- } -+ des_key_schedule ks2, des_key_schedule ks3) -+{ -+ DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3); -+} -+ - void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1, -- des_key_schedule ks2, des_key_schedule ks3) -- { -- DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -- (DES_key_schedule *)ks3); -- } --void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, -- long length, des_key_schedule ks1, des_key_schedule ks2, -- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc) -- { -- DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, -- length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -- (DES_key_schedule *)ks3, ivec, enc); -- } -+ des_key_schedule ks2, des_key_schedule ks3) -+{ -+ DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3); -+} -+ -+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule ks1, -+ des_key_schedule ks2, -+ des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)ks1, -+ (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, -+ ivec, enc); -+} -+ - void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, -- long length, des_key_schedule ks1, des_key_schedule ks2, -- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc) -- { -- DES_ede3_cfb64_encrypt(in, out, length, -- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -- (DES_key_schedule *)ks3, ivec, num, enc); -- } -+ long length, des_key_schedule ks1, -+ des_key_schedule ks2, -+ des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int *num, -+ int enc) -+{ -+ DES_ede3_cfb64_encrypt(in, out, length, -+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3, ivec, num, enc); -+} -+ - void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, -- long length, des_key_schedule ks1, des_key_schedule ks2, -- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num) -- { -- DES_ede3_ofb64_encrypt(in, out, length, -- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -- (DES_key_schedule *)ks3, ivec, num); -- } -- --#if 0 /* broken code, preserved just in case anyone specifically looks for this */ --void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), -- _ossl_old_des_cblock (*out_white)) -- { -- DES_xwhite_in2out(des_key, in_white, out_white); -- } -+ long length, des_key_schedule ks1, -+ des_key_schedule ks2, -+ des_key_schedule ks3, -+ _ossl_old_des_cblock *ivec, int *num) -+{ -+ DES_ede3_ofb64_encrypt(in, out, length, -+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, -+ (DES_key_schedule *)ks3, ivec, num); -+} -+ -+#if 0 /* broken code, preserved just in case anyone -+ * specifically looks for this */ -+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), -+ _ossl_old_des_cblock (*in_white), -+ _ossl_old_des_cblock (*out_white)) -+{ -+ DES_xwhite_in2out(des_key, in_white, out_white); -+} - #endif - --int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, -- _ossl_old_des_cblock *iv) -- { -- return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); -- } --int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched, -- _ossl_old_des_cblock *iv) -- { -- return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); -- } --char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret) -- { -- return DES_fcrypt(buf, salt, ret); -- } --char *_ossl_old_des_crypt(const char *buf,const char *salt) -- { -- return DES_crypt(buf, salt); -- } --char *_ossl_old_crypt(const char *buf,const char *salt) -- { -- return DES_crypt(buf, salt); -- } --void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, -- int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec) -- { -- DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, -- ivec); -- } --void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, -- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) -- { -- DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, -- length, (DES_key_schedule *)schedule, ivec, enc); -- } --DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, -- long length,int out_count,_ossl_old_des_cblock *seed) -- { -- return DES_quad_cksum((unsigned char *)input, output, length, -- out_count, seed); -- } -+int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched, -+ _ossl_old_des_cblock *iv) -+{ -+ return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); -+} -+ -+int _ossl_old_des_enc_write(int fd, char *buf, int len, -+ des_key_schedule sched, _ossl_old_des_cblock *iv) -+{ -+ return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); -+} -+ -+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret) -+{ -+ return DES_fcrypt(buf, salt, ret); -+} -+ -+char *_ossl_old_des_crypt(const char *buf, const char *salt) -+{ -+ return DES_crypt(buf, salt); -+} -+ -+char *_ossl_old_crypt(const char *buf, const char *salt) -+{ -+ return DES_crypt(buf, salt); -+} -+ -+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, -+ int numbits, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec) -+{ -+ DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, -+ ivec); -+} -+ -+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int enc) -+{ -+ DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, -+ length, (DES_key_schedule *)schedule, ivec, enc); -+} -+ -+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, -+ _ossl_old_des_cblock *output, long length, -+ int out_count, _ossl_old_des_cblock *seed) -+{ -+ return DES_quad_cksum((unsigned char *)input, output, length, -+ out_count, seed); -+} -+ - void _ossl_old_des_random_seed(_ossl_old_des_cblock key) -- { -- RAND_seed(key, sizeof(_ossl_old_des_cblock)); -- } -+{ -+ RAND_seed(key, sizeof(_ossl_old_des_cblock)); -+} -+ - void _ossl_old_des_random_key(_ossl_old_des_cblock ret) -- { -- DES_random_key((DES_cblock *)ret); -- } -+{ -+ DES_random_key((DES_cblock *)ret); -+} -+ - int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, -- int verify) -- { -- return DES_read_password(key, prompt, verify); -- } --int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2, -- const char *prompt, int verify) -- { -- return DES_read_2passwords(key1, key2, prompt, verify); -- } -+ int verify) -+{ -+ return DES_read_password(key, prompt, verify); -+} -+ -+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, -+ _ossl_old_des_cblock *key2, -+ const char *prompt, int verify) -+{ -+ return DES_read_2passwords(key1, key2, prompt, verify); -+} -+ - void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key) -- { -- DES_set_odd_parity(key); -- } -+{ -+ DES_set_odd_parity(key); -+} -+ - int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key) -- { -- return DES_is_weak_key(key); -- } --int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule) -- { -- return DES_set_key(key, (DES_key_schedule *)schedule); -- } --int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule) -- { -- return DES_key_sched(key, (DES_key_schedule *)schedule); -- } --void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key) -- { -- DES_string_to_key(str, key); -- } --void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2) -- { -- DES_string_to_2keys(str, key1, key2); -- } --void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, -- des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc) -- { -- DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, -- ivec, num, enc); -- } --void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, -- des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num) -- { -- DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, -- ivec, num); -- } -+{ -+ return DES_is_weak_key(key); -+} -+ -+int _ossl_old_des_set_key(_ossl_old_des_cblock *key, -+ des_key_schedule schedule) -+{ -+ return DES_set_key(key, (DES_key_schedule *)schedule); -+} -+ -+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, -+ des_key_schedule schedule) -+{ -+ return DES_key_sched(key, (DES_key_schedule *)schedule); -+} -+ -+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key) -+{ -+ DES_string_to_key(str, key); -+} -+ -+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, -+ _ossl_old_des_cblock *key2) -+{ -+ DES_string_to_2keys(str, key1, key2); -+} -+ -+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int *num, -+ int enc) -+{ -+ DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, -+ ivec, num, enc); -+} -+ -+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, -+ long length, des_key_schedule schedule, -+ _ossl_old_des_cblock *ivec, int *num) -+{ -+ DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, -+ ivec, num); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c -index c8fa3ee..f7d28a6 100644 ---- a/Cryptlib/OpenSSL/crypto/des/des_old2.c -+++ b/Cryptlib/OpenSSL/crypto/des/des_old2.c -@@ -1,22 +1,20 @@ - /* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ - --/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -- * -- * The function names in here are deprecated and are only present to -- * provide an interface compatible with OpenSSL 0.9.6c. OpenSSL now -- * provides functions where "des_" has been replaced with "DES_" in -- * the names, to make it possible to make incompatible changes that -- * are needed for C type security and other stuff. -- * -- * Please consider starting to use the DES_ functions rather than the -- * des_ ones. The des_ functions will dissapear completely before -- * OpenSSL 1.0! -- * -- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -+/* -+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The -+ * function names in here are deprecated and are only present to provide an -+ * interface compatible with OpenSSL 0.9.6c. OpenSSL now provides functions -+ * where "des_" has been replaced with "DES_" in the names, to make it -+ * possible to make incompatible changes that are needed for C type security -+ * and other stuff. Please consider starting to use the DES_ functions -+ * rather than the des_ ones. The des_ functions will dissapear completely -+ * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING -+ * WARNING WARNING - */ - --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -@@ -26,7 +24,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -77,6 +75,6 @@ - #include - - void _ossl_096_des_random_seed(DES_cblock *key) -- { -- RAND_seed(key, sizeof(DES_cblock)); -- } -+{ -+ RAND_seed(key, sizeof(DES_cblock)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c -index c3437bc..c49fbd4 100644 ---- a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,25 +59,24 @@ - #include "des_locl.h" - - void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, -- DES_key_schedule *ks1, DES_key_schedule *ks2, -- DES_key_schedule *ks3, -- int enc) -- { -- register DES_LONG l0,l1; -- DES_LONG ll[2]; -- const unsigned char *in = &(*input)[0]; -- unsigned char *out = &(*output)[0]; -+ DES_key_schedule *ks1, DES_key_schedule *ks2, -+ DES_key_schedule *ks3, int enc) -+{ -+ register DES_LONG l0, l1; -+ DES_LONG ll[2]; -+ const unsigned char *in = &(*input)[0]; -+ unsigned char *out = &(*output)[0]; - -- c2l(in,l0); -- c2l(in,l1); -- ll[0]=l0; -- ll[1]=l1; -- if (enc) -- DES_encrypt3(ll,ks1,ks2,ks3); -- else -- DES_decrypt3(ll,ks1,ks2,ks3); -- l0=ll[0]; -- l1=ll[1]; -- l2c(l0,out); -- l2c(l1,out); -- } -+ c2l(in, l0); -+ c2l(in, l1); -+ ll[0] = l0; -+ ll[1] = l1; -+ if (enc) -+ DES_encrypt3(ll, ks1, ks2, ks3); -+ else -+ DES_decrypt3(ll, ks1, ks2, ks3); -+ l0 = ll[0]; -+ l1 = ll[1]; -+ l2c(l0, out); -+ l2c(l1, out); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c -index 75ae6cf..63f44cf 100644 ---- a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,17 +60,21 @@ - #include "spr.h" - - void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, -- DES_key_schedule *ks, int enc) -- { -- register DES_LONG l; -- DES_LONG ll[2]; -- const unsigned char *in = &(*input)[0]; -- unsigned char *out = &(*output)[0]; -+ DES_key_schedule *ks, int enc) -+{ -+ register DES_LONG l; -+ DES_LONG ll[2]; -+ const unsigned char *in = &(*input)[0]; -+ unsigned char *out = &(*output)[0]; - -- c2l(in,l); ll[0]=l; -- c2l(in,l); ll[1]=l; -- DES_encrypt1(ll,ks,enc); -- l=ll[0]; l2c(l,out); -- l=ll[1]; l2c(l,out); -- l=ll[0]=ll[1]=0; -- } -+ c2l(in, l); -+ ll[0] = l; -+ c2l(in, l); -+ ll[1] = l; -+ DES_encrypt1(ll, ks, enc); -+ l = ll[0]; -+ l2c(l, out); -+ l = ll[1]; -+ l2c(l, out); -+ l = ll[0] = ll[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c -index adfcb75..86f27d0 100644 ---- a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c -@@ -1,6 +1,7 @@ - /* ede_cbcm_enc.c */ --/* Written by Ben Laurie for the OpenSSL -- * project 13 Feb 1999. -+/* -+ * Written by Ben Laurie for the OpenSSL project 13 Feb -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,143 +58,132 @@ - */ - - /* -- --This is an implementation of Triple DES Cipher Block Chaining with Output --Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). -- --Note that there is a known attack on this by Biham and Knudsen but it takes --a lot of work: -- --http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz -- --*/ -+ * -+ * This is an implementation of Triple DES Cipher Block Chaining with Output -+ * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). -+ * -+ * Note that there is a known attack on this by Biham and Knudsen but it -+ * takes a lot of work: -+ * -+ * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz -+ * -+ */ - - #include /* To see if OPENSSL_NO_DESCBCM is defined */ - - #ifndef OPENSSL_NO_DESCBCM --#include "des_locl.h" -+# include "des_locl.h" - - void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, -- long length, DES_key_schedule *ks1, DES_key_schedule *ks2, -- DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, -- int enc) -- { -- register DES_LONG tin0,tin1; -- register DES_LONG tout0,tout1,xor0,xor1,m0,m1; -- register long l=length; -+ long length, DES_key_schedule *ks1, -+ DES_key_schedule *ks2, DES_key_schedule *ks3, -+ DES_cblock *ivec1, DES_cblock *ivec2, int enc) -+{ -+ register DES_LONG tin0, tin1; -+ register DES_LONG tout0, tout1, xor0, xor1, m0, m1; -+ register long l = length; - DES_LONG tin[2]; -- unsigned char *iv1,*iv2; -+ unsigned char *iv1, *iv2; - - iv1 = &(*ivec1)[0]; - iv2 = &(*ivec2)[0]; - -- if (enc) -- { -- c2l(iv1,m0); -- c2l(iv1,m1); -- c2l(iv2,tout0); -- c2l(iv2,tout1); -- for (l-=8; l>=-7; l-=8) -- { -- tin[0]=m0; -- tin[1]=m1; -- DES_encrypt1(tin,ks3,1); -- m0=tin[0]; -- m1=tin[1]; -- -- if(l < 0) -- { -- c2ln(in,tin0,tin1,l+8); -- } -- else -- { -- c2l(in,tin0); -- c2l(in,tin1); -- } -- tin0^=tout0; -- tin1^=tout1; -- -- tin[0]=tin0; -- tin[1]=tin1; -- DES_encrypt1(tin,ks1,1); -- tin[0]^=m0; -- tin[1]^=m1; -- DES_encrypt1(tin,ks2,0); -- tin[0]^=m0; -- tin[1]^=m1; -- DES_encrypt1(tin,ks1,1); -- tout0=tin[0]; -- tout1=tin[1]; -- -- l2c(tout0,out); -- l2c(tout1,out); -- } -- iv1=&(*ivec1)[0]; -- l2c(m0,iv1); -- l2c(m1,iv1); -- -- iv2=&(*ivec2)[0]; -- l2c(tout0,iv2); -- l2c(tout1,iv2); -- } -- else -- { -- register DES_LONG t0,t1; -- -- c2l(iv1,m0); -- c2l(iv1,m1); -- c2l(iv2,xor0); -- c2l(iv2,xor1); -- for (l-=8; l>=-7; l-=8) -- { -- tin[0]=m0; -- tin[1]=m1; -- DES_encrypt1(tin,ks3,1); -- m0=tin[0]; -- m1=tin[1]; -- -- c2l(in,tin0); -- c2l(in,tin1); -- -- t0=tin0; -- t1=tin1; -- -- tin[0]=tin0; -- tin[1]=tin1; -- DES_encrypt1(tin,ks1,0); -- tin[0]^=m0; -- tin[1]^=m1; -- DES_encrypt1(tin,ks2,1); -- tin[0]^=m0; -- tin[1]^=m1; -- DES_encrypt1(tin,ks1,0); -- tout0=tin[0]; -- tout1=tin[1]; -- -- tout0^=xor0; -- tout1^=xor1; -- if(l < 0) -- { -- l2cn(tout0,tout1,out,l+8); -- } -- else -- { -- l2c(tout0,out); -- l2c(tout1,out); -- } -- xor0=t0; -- xor1=t1; -- } -- -- iv1=&(*ivec1)[0]; -- l2c(m0,iv1); -- l2c(m1,iv1); -- -- iv2=&(*ivec2)[0]; -- l2c(xor0,iv2); -- l2c(xor1,iv2); -- } -- tin0=tin1=tout0=tout1=xor0=xor1=0; -- tin[0]=tin[1]=0; -+ if (enc) { -+ c2l(iv1, m0); -+ c2l(iv1, m1); -+ c2l(iv2, tout0); -+ c2l(iv2, tout1); -+ for (l -= 8; l >= -7; l -= 8) { -+ tin[0] = m0; -+ tin[1] = m1; -+ DES_encrypt1(tin, ks3, 1); -+ m0 = tin[0]; -+ m1 = tin[1]; -+ -+ if (l < 0) { -+ c2ln(in, tin0, tin1, l + 8); -+ } else { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ } -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_encrypt1(tin, ks1, 1); -+ tin[0] ^= m0; -+ tin[1] ^= m1; -+ DES_encrypt1(tin, ks2, 0); -+ tin[0] ^= m0; -+ tin[1] ^= m1; -+ DES_encrypt1(tin, ks1, 1); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ iv1 = &(*ivec1)[0]; -+ l2c(m0, iv1); -+ l2c(m1, iv1); -+ -+ iv2 = &(*ivec2)[0]; -+ l2c(tout0, iv2); -+ l2c(tout1, iv2); -+ } else { -+ register DES_LONG t0, t1; -+ -+ c2l(iv1, m0); -+ c2l(iv1, m1); -+ c2l(iv2, xor0); -+ c2l(iv2, xor1); -+ for (l -= 8; l >= -7; l -= 8) { -+ tin[0] = m0; -+ tin[1] = m1; -+ DES_encrypt1(tin, ks3, 1); -+ m0 = tin[0]; -+ m1 = tin[1]; -+ -+ c2l(in, tin0); -+ c2l(in, tin1); -+ -+ t0 = tin0; -+ t1 = tin1; -+ -+ tin[0] = tin0; -+ tin[1] = tin1; -+ DES_encrypt1(tin, ks1, 0); -+ tin[0] ^= m0; -+ tin[1] ^= m1; -+ DES_encrypt1(tin, ks2, 1); -+ tin[0] ^= m0; -+ tin[1] ^= m1; -+ DES_encrypt1(tin, ks1, 0); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ -+ tout0 ^= xor0; -+ tout1 ^= xor1; -+ if (l < 0) { -+ l2cn(tout0, tout1, out, l + 8); -+ } else { -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ xor0 = t0; -+ xor1 = t1; -+ } -+ -+ iv1 = &(*ivec1)[0]; -+ l2c(m0, iv1); -+ l2c(m1, iv1); -+ -+ iv2 = &(*ivec2)[0]; -+ l2c(xor0, iv2); -+ l2c(xor1, iv2); - } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c -index e7da2ec..8746e8b 100644 ---- a/Cryptlib/OpenSSL/crypto/des/enc_read.c -+++ b/Cryptlib/OpenSSL/crypto/des/enc_read.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,11 +62,12 @@ - #include "des_locl.h" - - /* This has some uglies in it but it works - even over sockets. */ --/*extern int errno;*/ --OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; -- -- - /* -+ * extern int errno; -+ */ -+OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode) = DES_PCBC_MODE; -+ -+/*- - * WARNINGS: - * - * - The data format used by DES_enc_write() and DES_enc_read() -@@ -83,150 +84,145 @@ OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; - * used on multiple files. - */ - -- - int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, -- DES_cblock *iv) -- { -- /* data to be unencrypted */ -- int net_num=0; -- static unsigned char *net=NULL; -- /* extra unencrypted data -- * for when a block of 100 comes in but is des_read one byte at -- * a time. */ -- static unsigned char *unnet=NULL; -- static int unnet_start=0; -- static int unnet_left=0; -- static unsigned char *tmpbuf=NULL; -- int i; -- long num=0,rnum; -- unsigned char *p; -- -- if (tmpbuf == NULL) -- { -- tmpbuf=OPENSSL_malloc(BSIZE); -- if (tmpbuf == NULL) return(-1); -- } -- if (net == NULL) -- { -- net=OPENSSL_malloc(BSIZE); -- if (net == NULL) return(-1); -- } -- if (unnet == NULL) -- { -- unnet=OPENSSL_malloc(BSIZE); -- if (unnet == NULL) return(-1); -- } -- /* left over data from last decrypt */ -- if (unnet_left != 0) -- { -- if (unnet_left < len) -- { -- /* we still still need more data but will return -- * with the number of bytes we have - should always -- * check the return value */ -- memcpy(buf,&(unnet[unnet_start]), -- unnet_left); -- /* eay 26/08/92 I had the next 2 lines -- * reversed :-( */ -- i=unnet_left; -- unnet_start=unnet_left=0; -- } -- else -- { -- memcpy(buf,&(unnet[unnet_start]),len); -- unnet_start+=len; -- unnet_left-=len; -- i=len; -- } -- return(i); -- } -- -- /* We need to get more data. */ -- if (len > MAXWRITE) len=MAXWRITE; -- -- /* first - get the length */ -- while (net_num < HDRSIZE) -- { -+ DES_cblock *iv) -+{ -+ /* data to be unencrypted */ -+ int net_num = 0; -+ static unsigned char *net = NULL; -+ /* -+ * extra unencrypted data for when a block of 100 comes in but is -+ * des_read one byte at a time. -+ */ -+ static unsigned char *unnet = NULL; -+ static int unnet_start = 0; -+ static int unnet_left = 0; -+ static unsigned char *tmpbuf = NULL; -+ int i; -+ long num = 0, rnum; -+ unsigned char *p; -+ -+ if (tmpbuf == NULL) { -+ tmpbuf = OPENSSL_malloc(BSIZE); -+ if (tmpbuf == NULL) -+ return (-1); -+ } -+ if (net == NULL) { -+ net = OPENSSL_malloc(BSIZE); -+ if (net == NULL) -+ return (-1); -+ } -+ if (unnet == NULL) { -+ unnet = OPENSSL_malloc(BSIZE); -+ if (unnet == NULL) -+ return (-1); -+ } -+ /* left over data from last decrypt */ -+ if (unnet_left != 0) { -+ if (unnet_left < len) { -+ /* -+ * we still still need more data but will return with the number -+ * of bytes we have - should always check the return value -+ */ -+ memcpy(buf, &(unnet[unnet_start]), unnet_left); -+ /* -+ * eay 26/08/92 I had the next 2 lines reversed :-( -+ */ -+ i = unnet_left; -+ unnet_start = unnet_left = 0; -+ } else { -+ memcpy(buf, &(unnet[unnet_start]), len); -+ unnet_start += len; -+ unnet_left -= len; -+ i = len; -+ } -+ return (i); -+ } -+ -+ /* We need to get more data. */ -+ if (len > MAXWRITE) -+ len = MAXWRITE; -+ -+ /* first - get the length */ -+ while (net_num < HDRSIZE) { - #ifndef _WIN32 -- i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); -+ i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); - #else -- i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); -+ i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); - #endif - #ifdef EINTR -- if ((i == -1) && (errno == EINTR)) continue; -+ if ((i == -1) && (errno == EINTR)) -+ continue; - #endif -- if (i <= 0) return(0); -- net_num+=i; -- } -- -- /* we now have at net_num bytes in net */ -- p=net; -- /* num=0; */ -- n2l(p,num); -- /* num should be rounded up to the next group of eight -- * we make sure that we have read a multiple of 8 bytes from the net. -- */ -- if ((num > MAXWRITE) || (num < 0)) /* error */ -- return(-1); -- rnum=(num < 8)?8:((num+7)/8*8); -- -- net_num=0; -- while (net_num < rnum) -- { -- i=read(fd,(void *)&(net[net_num]),rnum-net_num); -+ if (i <= 0) -+ return (0); -+ net_num += i; -+ } -+ -+ /* we now have at net_num bytes in net */ -+ p = net; -+ /* num=0; */ -+ n2l(p, num); -+ /* -+ * num should be rounded up to the next group of eight we make sure that -+ * we have read a multiple of 8 bytes from the net. -+ */ -+ if ((num > MAXWRITE) || (num < 0)) /* error */ -+ return (-1); -+ rnum = (num < 8) ? 8 : ((num + 7) / 8 * 8); -+ -+ net_num = 0; -+ while (net_num < rnum) { -+ i = read(fd, (void *)&(net[net_num]), rnum - net_num); - #ifdef EINTR -- if ((i == -1) && (errno == EINTR)) continue; -+ if ((i == -1) && (errno == EINTR)) -+ continue; - #endif -- if (i <= 0) return(0); -- net_num+=i; -- } -- -- /* Check if there will be data left over. */ -- if (len < num) -- { -- if (DES_rw_mode & DES_PCBC_MODE) -- DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT); -- else -- DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT); -- memcpy(buf,unnet,len); -- unnet_start=len; -- unnet_left=num-len; -- -- /* The following line is done because we return num -- * as the number of bytes read. */ -- num=len; -- } -- else -- { -- /* >output is a multiple of 8 byes, if len < rnum -- * >we must be careful. The user must be aware that this -- * >routine will write more bytes than he asked for. -- * >The length of the buffer must be correct. -- * FIXED - Should be ok now 18-9-90 - eay */ -- if (len < rnum) -- { -- -- if (DES_rw_mode & DES_PCBC_MODE) -- DES_pcbc_encrypt(net,tmpbuf,num,sched,iv, -- DES_DECRYPT); -- else -- DES_cbc_encrypt(net,tmpbuf,num,sched,iv, -- DES_DECRYPT); -- -- /* eay 26/08/92 fix a bug that returned more -- * bytes than you asked for (returned len bytes :-( */ -- memcpy(buf,tmpbuf,num); -- } -- else -- { -- if (DES_rw_mode & DES_PCBC_MODE) -- DES_pcbc_encrypt(net,buf,num,sched,iv, -- DES_DECRYPT); -- else -- DES_cbc_encrypt(net,buf,num,sched,iv, -- DES_DECRYPT); -- } -- } -- return num; -- } -- -+ if (i <= 0) -+ return (0); -+ net_num += i; -+ } -+ -+ /* Check if there will be data left over. */ -+ if (len < num) { -+ if (DES_rw_mode & DES_PCBC_MODE) -+ DES_pcbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT); -+ else -+ DES_cbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT); -+ memcpy(buf, unnet, len); -+ unnet_start = len; -+ unnet_left = num - len; -+ -+ /* -+ * The following line is done because we return num as the number of -+ * bytes read. -+ */ -+ num = len; -+ } else { -+ /*- -+ * >output is a multiple of 8 byes, if len < rnum -+ * >we must be careful. The user must be aware that this -+ * >routine will write more bytes than he asked for. -+ * >The length of the buffer must be correct. -+ * FIXED - Should be ok now 18-9-90 - eay */ -+ if (len < rnum) { -+ -+ if (DES_rw_mode & DES_PCBC_MODE) -+ DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT); -+ else -+ DES_cbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT); -+ -+ /* -+ * eay 26/08/92 fix a bug that returned more bytes than you asked -+ * for (returned len bytes :-( -+ */ -+ memcpy(buf, tmpbuf, num); -+ } else { -+ if (DES_rw_mode & DES_PCBC_MODE) -+ DES_pcbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT); -+ else -+ DES_cbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT); -+ } -+ } -+ return num; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c -index c2f032c..f9437eb 100644 ---- a/Cryptlib/OpenSSL/crypto/des/enc_writ.c -+++ b/Cryptlib/OpenSSL/crypto/des/enc_writ.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - #include "des_locl.h" - #include - --/* -+/*- - * WARNINGS: - * - * - The data format used by DES_enc_write() and DES_enc_read() -@@ -78,98 +78,96 @@ - */ - - int DES_enc_write(int fd, const void *_buf, int len, -- DES_key_schedule *sched, DES_cblock *iv) -- { -+ DES_key_schedule *sched, DES_cblock *iv) -+{ - #ifdef _LIBC -- extern unsigned long time(); -- extern int write(); -+ extern unsigned long time(); -+ extern int write(); - #endif -- const unsigned char *buf=_buf; -- long rnum; -- int i,j,k,outnum; -- static unsigned char *outbuf=NULL; -- unsigned char shortbuf[8]; -- unsigned char *p; -- const unsigned char *cp; -- static int start=1; -+ const unsigned char *buf = _buf; -+ long rnum; -+ int i, j, k, outnum; -+ static unsigned char *outbuf = NULL; -+ unsigned char shortbuf[8]; -+ unsigned char *p; -+ const unsigned char *cp; -+ static int start = 1; - -- if (outbuf == NULL) -- { -- outbuf=OPENSSL_malloc(BSIZE+HDRSIZE); -- if (outbuf == NULL) return(-1); -- } -- /* If we are sending less than 8 bytes, the same char will look -- * the same if we don't pad it out with random bytes */ -- if (start) -- { -- start=0; -- } -+ if (outbuf == NULL) { -+ outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); -+ if (outbuf == NULL) -+ return (-1); -+ } -+ /* -+ * If we are sending less than 8 bytes, the same char will look the same -+ * if we don't pad it out with random bytes -+ */ -+ if (start) { -+ start = 0; -+ } - -- /* lets recurse if we want to send the data in small chunks */ -- if (len > MAXWRITE) -- { -- j=0; -- for (i=0; i MAXWRITE)?MAXWRITE:(len-i),sched,iv); -- if (k < 0) -- return(k); -- else -- j+=k; -- } -- return(j); -- } -+ /* lets recurse if we want to send the data in small chunks */ -+ if (len > MAXWRITE) { -+ j = 0; -+ for (i = 0; i < len; i += k) { -+ k = DES_enc_write(fd, &(buf[i]), -+ ((len - i) > MAXWRITE) ? MAXWRITE : (len - i), -+ sched, iv); -+ if (k < 0) -+ return (k); -+ else -+ j += k; -+ } -+ return (j); -+ } - -- /* write length first */ -- p=outbuf; -- l2n(len,p); -+ /* write length first */ -+ p = outbuf; -+ l2n(len, p); - -- /* pad short strings */ -- if (len < 8) -- { -- cp=shortbuf; -- memcpy(shortbuf,buf,len); -- RAND_pseudo_bytes(shortbuf+len, 8-len); -- rnum=8; -- } -- else -- { -- cp=buf; -- rnum=((len+7)/8*8); /* round up to nearest eight */ -- } -+ /* pad short strings */ -+ if (len < 8) { -+ cp = shortbuf; -+ memcpy(shortbuf, buf, len); -+ RAND_pseudo_bytes(shortbuf + len, 8 - len); -+ rnum = 8; -+ } else { -+ cp = buf; -+ rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */ -+ } - -- if (DES_rw_mode & DES_PCBC_MODE) -- DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv, -- DES_ENCRYPT); -- else -- DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv, -- DES_ENCRYPT); -+ if (DES_rw_mode & DES_PCBC_MODE) -+ DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, -+ iv, DES_ENCRYPT); -+ else -+ DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, -+ iv, DES_ENCRYPT); - -- /* output */ -- outnum=rnum+HDRSIZE; -+ /* output */ -+ outnum = rnum + HDRSIZE; - -- for (j=0; j - #ifdef _OSD_POSIX --#ifndef CHARSET_EBCDIC --#define CHARSET_EBCDIC 1 --#endif -+# ifndef CHARSET_EBCDIC -+# define CHARSET_EBCDIC 1 -+# endif - #endif - #ifdef CHARSET_EBCDIC --#include -+# include - #endif - --/* This version of crypt has been developed from my MIT compatible -- * DES library. -- * Eric Young (eay@cryptsoft.com) -+/* -+ * This version of crypt has been developed from my MIT compatible DES -+ * library. Eric Young (eay@cryptsoft.com) - */ - --/* Modification by Jens Kupferschmidt (Cu) -- * I have included directive PARA for shared memory computers. -- * I have included a directive LONGCRYPT to using this routine to cipher -- * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN -- * definition is the maximum of length of password and can changed. I have -- * defined 24. -+/* -+ * Modification by Jens Kupferschmidt (Cu) I have included directive PARA for -+ * shared memory computers. I have included a directive LONGCRYPT to using -+ * this routine to cipher passwords with more then 8 bytes like HP-UX 10.x it -+ * used. The MAXPLEN definition is the maximum of length of password and can -+ * changed. I have defined 24. - */ - - #include "des_locl.h" - --/* Added more values to handle illegal salt values the way normal -- * crypt() implementations do. The patch was sent by -- * Bjorn Gronvall -+/* -+ * Added more values to handle illegal salt values the way normal crypt() -+ * implementations do. The patch was sent by Bjorn Gronvall - */ --static unsigned const char con_salt[128]={ --0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9, --0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1, --0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9, --0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1, --0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9, --0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01, --0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09, --0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A, --0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12, --0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A, --0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22, --0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24, --0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C, --0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34, --0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C, --0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44, -+static unsigned const char con_salt[128] = { -+ 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, -+ 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, -+ 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, -+ 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, -+ 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, -+ 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, -+ 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, -+ 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, -+ 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, -+ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, -+ 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, -+ 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24, -+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, -+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, -+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, -+ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, - }; - --static unsigned const char cov_2char[64]={ --0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, --0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, --0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, --0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, --0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, --0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, --0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, --0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A -+static unsigned const char cov_2char[64] = { -+ 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, -+ 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, -+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, -+ 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, -+ 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, -+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, -+ 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, -+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A - }; - - char *DES_crypt(const char *buf, const char *salt) -- { -- static char buff[14]; -+{ -+ static char buff[14]; - - #ifndef CHARSET_EBCDIC -- return(DES_fcrypt(buf,salt,buff)); -+ return (DES_fcrypt(buf, salt, buff)); - #else -- char e_salt[2+1]; -- char e_buf[32+1]; /* replace 32 by 8 ? */ -- char *ret; -+ char e_salt[2 + 1]; -+ char e_buf[32 + 1]; /* replace 32 by 8 ? */ -+ char *ret; - -- /* Copy at most 2 chars of salt */ -- if ((e_salt[0] = salt[0]) != '\0') -- e_salt[1] = salt[1]; -+ /* Copy at most 2 chars of salt */ -+ if ((e_salt[0] = salt[0]) != '\0') -+ e_salt[1] = salt[1]; - -- /* Copy at most 32 chars of password */ -- strncpy (e_buf, buf, sizeof(e_buf)); -+ /* Copy at most 32 chars of password */ -+ strncpy(e_buf, buf, sizeof(e_buf)); - -- /* Make sure we have a delimiter */ -- e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0'; -+ /* Make sure we have a delimiter */ -+ e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0'; - -- /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ -- ebcdic2ascii(e_salt, e_salt, sizeof e_salt); -+ /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ -+ ebcdic2ascii(e_salt, e_salt, sizeof e_salt); - -- /* Convert the cleartext password to ASCII */ -- ebcdic2ascii(e_buf, e_buf, sizeof e_buf); -+ /* Convert the cleartext password to ASCII */ -+ ebcdic2ascii(e_buf, e_buf, sizeof e_buf); - -- /* Encrypt it (from/to ASCII) */ -- ret = DES_fcrypt(e_buf,e_salt,buff); -+ /* Encrypt it (from/to ASCII) */ -+ ret = DES_fcrypt(e_buf, e_salt, buff); - -- /* Convert the result back to EBCDIC */ -- ascii2ebcdic(ret, ret, strlen(ret)); -- -- return ret; --#endif -- } -+ /* Convert the result back to EBCDIC */ -+ ascii2ebcdic(ret, ret, strlen(ret)); - -+ return ret; -+#endif -+} - - char *DES_fcrypt(const char *buf, const char *salt, char *ret) -- { -- unsigned int i,j,x,y; -- DES_LONG Eswap0,Eswap1; -- DES_LONG out[2],ll; -- DES_cblock key; -- DES_key_schedule ks; -- unsigned char bb[9]; -- unsigned char *b=bb; -- unsigned char c,u; -- -- /* eay 25/08/92 -- * If you call crypt("pwd","*") as often happens when you -- * have * as the pwd field in /etc/passwd, the function -- * returns *\0XXXXXXXXX -- * The \0 makes the string look like * so the pwd "*" would -- * crypt to "*". This was found when replacing the crypt in -- * our shared libraries. People found that the disabled -- * accounts effectively had no passwd :-(. */ -+{ -+ unsigned int i, j, x, y; -+ DES_LONG Eswap0, Eswap1; -+ DES_LONG out[2], ll; -+ DES_cblock key; -+ DES_key_schedule ks; -+ unsigned char bb[9]; -+ unsigned char *b = bb; -+ unsigned char c, u; -+ -+ /* -+ * eay 25/08/92 If you call crypt("pwd","*") as often happens when you -+ * have * as the pwd field in /etc/passwd, the function returns -+ * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would -+ * crypt to "*". This was found when replacing the crypt in our shared -+ * libraries. People found that the disabled accounts effectively had no -+ * passwd :-(. -+ */ - #ifndef CHARSET_EBCDIC -- x=ret[0]=((salt[0] == '\0')?'A':salt[0]); -- Eswap0=con_salt[x]<<2; -- x=ret[1]=((salt[1] == '\0')?'A':salt[1]); -- Eswap1=con_salt[x]<<6; -+ x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]); -+ Eswap0 = con_salt[x] << 2; -+ x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]); -+ Eswap1 = con_salt[x] << 6; - #else -- x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]); -- Eswap0=con_salt[x]<<2; -- x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]); -- Eswap1=con_salt[x]<<6; -+ x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]); -+ Eswap0 = con_salt[x] << 2; -+ x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]); -+ Eswap1 = con_salt[x] << 6; - #endif - --/* EAY --r=strlen(buf); --r=(r+7)/8; --*/ -- for (i=0; i<8; i++) -- { -- c= *(buf++); -- if (!c) break; -- key[i]=(c<<1); -- } -- for (; i<8; i++) -- key[i]=0; -- -- DES_set_key_unchecked(&key,&ks); -- fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1); -- -- ll=out[0]; l2c(ll,b); -- ll=out[1]; l2c(ll,b); -- y=0; -- u=0x80; -- bb[8]=0; -- for (i=2; i<13; i++) -- { -- c=0; -- for (j=0; j<6; j++) -- { -- c<<=1; -- if (bb[y] & u) c|=1; -- u>>=1; -- if (!u) -- { -- y++; -- u=0x80; -- } -- } -- ret[i]=cov_2char[c]; -- } -- ret[13]='\0'; -- return(ret); -- } -- -+ /* -+ * EAY r=strlen(buf); r=(r+7)/8; -+ */ -+ for (i = 0; i < 8; i++) { -+ c = *(buf++); -+ if (!c) -+ break; -+ key[i] = (c << 1); -+ } -+ for (; i < 8; i++) -+ key[i] = 0; -+ -+ DES_set_key_unchecked(&key, &ks); -+ fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1); -+ -+ ll = out[0]; -+ l2c(ll, b); -+ ll = out[1]; -+ l2c(ll, b); -+ y = 0; -+ u = 0x80; -+ bb[8] = 0; -+ for (i = 2; i < 13; i++) { -+ c = 0; -+ for (j = 0; j < 6; j++) { -+ c <<= 1; -+ if (bb[y] & u) -+ c |= 1; -+ u >>= 1; -+ if (!u) { -+ y++; -+ u = 0x80; -+ } -+ } -+ ret[i] = cov_2char[c]; -+ } -+ ret[13] = '\0'; -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c -index 1390138..f6c88e1 100644 ---- a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c -+++ b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,9 +58,9 @@ - - #include - --/* This version of crypt has been developed from my MIT compatible -- * DES library. -- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au -+/* -+ * This version of crypt has been developed from my MIT compatible DES -+ * library. The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au - * Eric Young (eay@cryptsoft.com) - */ - -@@ -70,76 +70,73 @@ - - #undef PERM_OP - #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ -- (b)^=(t),\ -- (a)^=((t)<<(n))) -+ (b)^=(t),\ -+ (a)^=((t)<<(n))) - - #undef HPERM_OP - #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ -- (a)=(a)^(t)^(t>>(16-(n))))\ -+ (a)=(a)^(t)^(t>>(16-(n))))\ - - void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, -- DES_LONG Eswap1) -- { -- register DES_LONG l,r,t,u; -+ DES_LONG Eswap1) -+{ -+ register DES_LONG l, r, t, u; - #ifdef DES_PTR -- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; -+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; - #endif -- register DES_LONG *s; -- register int j; -- register DES_LONG E0,E1; -+ register DES_LONG *s; -+ register int j; -+ register DES_LONG E0, E1; - -- l=0; -- r=0; -+ l = 0; -+ r = 0; - -- s=(DES_LONG *)ks; -- E0=Eswap0; -- E1=Eswap1; -+ s = (DES_LONG *)ks; -+ E0 = Eswap0; -+ E1 = Eswap1; - -- for (j=0; j<25; j++) -- { -+ for (j = 0; j < 25; j++) { - #ifndef DES_UNROLL -- register int i; -+ register int i; - -- for (i=0; i<32; i+=8) -- { -- D_ENCRYPT(l,r,i+0); /* 1 */ -- D_ENCRYPT(r,l,i+2); /* 2 */ -- D_ENCRYPT(l,r,i+4); /* 1 */ -- D_ENCRYPT(r,l,i+6); /* 2 */ -- } -+ for (i = 0; i < 32; i += 8) { -+ D_ENCRYPT(l, r, i + 0); /* 1 */ -+ D_ENCRYPT(r, l, i + 2); /* 2 */ -+ D_ENCRYPT(l, r, i + 4); /* 1 */ -+ D_ENCRYPT(r, l, i + 6); /* 2 */ -+ } - #else -- D_ENCRYPT(l,r, 0); /* 1 */ -- D_ENCRYPT(r,l, 2); /* 2 */ -- D_ENCRYPT(l,r, 4); /* 3 */ -- D_ENCRYPT(r,l, 6); /* 4 */ -- D_ENCRYPT(l,r, 8); /* 5 */ -- D_ENCRYPT(r,l,10); /* 6 */ -- D_ENCRYPT(l,r,12); /* 7 */ -- D_ENCRYPT(r,l,14); /* 8 */ -- D_ENCRYPT(l,r,16); /* 9 */ -- D_ENCRYPT(r,l,18); /* 10 */ -- D_ENCRYPT(l,r,20); /* 11 */ -- D_ENCRYPT(r,l,22); /* 12 */ -- D_ENCRYPT(l,r,24); /* 13 */ -- D_ENCRYPT(r,l,26); /* 14 */ -- D_ENCRYPT(l,r,28); /* 15 */ -- D_ENCRYPT(r,l,30); /* 16 */ -+ D_ENCRYPT(l, r, 0); /* 1 */ -+ D_ENCRYPT(r, l, 2); /* 2 */ -+ D_ENCRYPT(l, r, 4); /* 3 */ -+ D_ENCRYPT(r, l, 6); /* 4 */ -+ D_ENCRYPT(l, r, 8); /* 5 */ -+ D_ENCRYPT(r, l, 10); /* 6 */ -+ D_ENCRYPT(l, r, 12); /* 7 */ -+ D_ENCRYPT(r, l, 14); /* 8 */ -+ D_ENCRYPT(l, r, 16); /* 9 */ -+ D_ENCRYPT(r, l, 18); /* 10 */ -+ D_ENCRYPT(l, r, 20); /* 11 */ -+ D_ENCRYPT(r, l, 22); /* 12 */ -+ D_ENCRYPT(l, r, 24); /* 13 */ -+ D_ENCRYPT(r, l, 26); /* 14 */ -+ D_ENCRYPT(l, r, 28); /* 15 */ -+ D_ENCRYPT(r, l, 30); /* 16 */ - #endif - -- t=l; -- l=r; -- r=t; -- } -- l=ROTATE(l,3)&0xffffffffL; -- r=ROTATE(r,3)&0xffffffffL; -- -- PERM_OP(l,r,t, 1,0x55555555L); -- PERM_OP(r,l,t, 8,0x00ff00ffL); -- PERM_OP(l,r,t, 2,0x33333333L); -- PERM_OP(r,l,t,16,0x0000ffffL); -- PERM_OP(l,r,t, 4,0x0f0f0f0fL); -+ t = l; -+ l = r; -+ r = t; -+ } -+ l = ROTATE(l, 3) & 0xffffffffL; -+ r = ROTATE(r, 3) & 0xffffffffL; - -- out[0]=r; -- out[1]=l; -- } -+ PERM_OP(l, r, t, 1, 0x55555555L); -+ PERM_OP(r, l, t, 8, 0x00ff00ffL); -+ PERM_OP(l, r, t, 2, 0x33333333L); -+ PERM_OP(r, l, t, 16, 0x0000ffffL); -+ PERM_OP(l, r, t, 4, 0x0f0f0f0fL); - -+ out[0] = r; -+ out[1] = l; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c -index 26bbf9a..45c6750 100644 ---- a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c -+++ b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,68 +58,66 @@ - - #include "des_locl.h" - --/* The input and output encrypted as though 64bit ofb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit ofb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - void DES_ede3_ofb64_encrypt(register const unsigned char *in, -- register unsigned char *out, long length, -- DES_key_schedule *k1, DES_key_schedule *k2, -- DES_key_schedule *k3, DES_cblock *ivec, -- int *num) -- { -- register DES_LONG v0,v1; -- register int n= *num; -- register long l=length; -- DES_cblock d; -- register char *dp; -- DES_LONG ti[2]; -- unsigned char *iv; -- int save=0; -+ register unsigned char *out, long length, -+ DES_key_schedule *k1, DES_key_schedule *k2, -+ DES_key_schedule *k3, DES_cblock *ivec, int *num) -+{ -+ register DES_LONG v0, v1; -+ register int n = *num; -+ register long l = length; -+ DES_cblock d; -+ register char *dp; -+ DES_LONG ti[2]; -+ unsigned char *iv; -+ int save = 0; - -- iv = &(*ivec)[0]; -- c2l(iv,v0); -- c2l(iv,v1); -- ti[0]=v0; -- ti[1]=v1; -- dp=(char *)d; -- l2c(v0,dp); -- l2c(v1,dp); -- while (l--) -- { -- if (n == 0) -- { -- /* ti[0]=v0; */ -- /* ti[1]=v1; */ -- DES_encrypt3(ti,k1,k2,k3); -- v0=ti[0]; -- v1=ti[1]; -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ dp = (char *)d; -+ l2c(v0, dp); -+ l2c(v1, dp); -+ while (l--) { -+ if (n == 0) { -+ /* ti[0]=v0; */ -+ /* ti[1]=v1; */ -+ DES_encrypt3(ti, k1, k2, k3); -+ v0 = ti[0]; -+ v1 = ti[1]; - -- dp=(char *)d; -- l2c(v0,dp); -- l2c(v1,dp); -- save++; -- } -- *(out++)= *(in++)^d[n]; -- n=(n+1)&0x07; -- } -- if (save) -- { --/* v0=ti[0]; -- v1=ti[1];*/ -- iv = &(*ivec)[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- } -- v0=v1=ti[0]=ti[1]=0; -- *num=n; -- } -+ dp = (char *)d; -+ l2c(v0, dp); -+ l2c(v1, dp); -+ save++; -+ } -+ *(out++) = *(in++) ^ d[n]; -+ n = (n + 1) & 0x07; -+ } -+ if (save) { -+/*- v0=ti[0]; -+ v1=ti[1];*/ -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ } -+ v0 = v1 = ti[0] = ti[1] = 0; -+ *num = n; -+} - --#ifdef undef /* MACRO */ -+#ifdef undef /* MACRO */ - void DES_ede2_ofb64_encrypt(register unsigned char *in, -- register unsigned char *out, long length, DES_key_schedule k1, -- DES_key_schedule k2, DES_cblock (*ivec), int *num) -- { -- DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num); -- } -+ register unsigned char *out, long length, -+ DES_key_schedule k1, DES_key_schedule k2, -+ DES_cblock (*ivec), int *num) -+{ -+ DES_ede3_ofb64_encrypt(in, out, length, k1, k2, k1, ivec, num); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c -index 8ca3d49..8e72dec 100644 ---- a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,53 +58,52 @@ - - #include "des_locl.h" - --/* The input and output encrypted as though 64bit ofb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit ofb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - void DES_ofb64_encrypt(register const unsigned char *in, -- register unsigned char *out, long length, -- DES_key_schedule *schedule, DES_cblock *ivec, int *num) -- { -- register DES_LONG v0,v1,t; -- register int n= *num; -- register long l=length; -- DES_cblock d; -- register unsigned char *dp; -- DES_LONG ti[2]; -- unsigned char *iv; -- int save=0; -- -- iv = &(*ivec)[0]; -- c2l(iv,v0); -- c2l(iv,v1); -- ti[0]=v0; -- ti[1]=v1; -- dp=d; -- l2c(v0,dp); -- l2c(v1,dp); -- while (l--) -- { -- if (n == 0) -- { -- DES_encrypt1(ti,schedule,DES_ENCRYPT); -- dp=d; -- t=ti[0]; l2c(t,dp); -- t=ti[1]; l2c(t,dp); -- save++; -- } -- *(out++)= *(in++)^d[n]; -- n=(n+1)&0x07; -- } -- if (save) -- { -- v0=ti[0]; -- v1=ti[1]; -- iv = &(*ivec)[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- } -- t=v0=v1=ti[0]=ti[1]=0; -- *num=n; -- } -+ register unsigned char *out, long length, -+ DES_key_schedule *schedule, DES_cblock *ivec, int *num) -+{ -+ register DES_LONG v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ DES_cblock d; -+ register unsigned char *dp; -+ DES_LONG ti[2]; -+ unsigned char *iv; -+ int save = 0; - -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ dp = d; -+ l2c(v0, dp); -+ l2c(v1, dp); -+ while (l--) { -+ if (n == 0) { -+ DES_encrypt1(ti, schedule, DES_ENCRYPT); -+ dp = d; -+ t = ti[0]; -+ l2c(t, dp); -+ t = ti[1]; -+ l2c(t, dp); -+ save++; -+ } -+ *(out++) = *(in++) ^ d[n]; -+ n = (n + 1) & 0x07; -+ } -+ if (save) { -+ v0 = ti[0]; -+ v1 = ti[1]; -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ } -+ t = v0 = v1 = ti[0] = ti[1] = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c -index e887a3c..02a7877 100644 ---- a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,78 +58,74 @@ - - #include "des_locl.h" - --/* The input and output are loaded in multiples of 8 bits. -- * What this means is that if you hame numbits=12 and length=2 -- * the first 12 bits will be retrieved from the first byte and half -- * the second. The second 12 bits will come from the 3rd and half the 4th -- * byte. -+/* -+ * The input and output are loaded in multiples of 8 bits. What this means is -+ * that if you hame numbits=12 and length=2 the first 12 bits will be -+ * retrieved from the first byte and half the second. The second 12 bits -+ * will come from the 3rd and half the 4th byte. - */ - void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, -- long length, DES_key_schedule *schedule, -- DES_cblock *ivec) -- { -- register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8; -- register DES_LONG mask0,mask1; -- register long l=length; -- register int num=numbits; -- DES_LONG ti[2]; -- unsigned char *iv; -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec) -+{ -+ register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8; -+ register DES_LONG mask0, mask1; -+ register long l = length; -+ register int num = numbits; -+ DES_LONG ti[2]; -+ unsigned char *iv; - -- if (num > 64) return; -- if (num > 32) -- { -- mask0=0xffffffffL; -- if (num >= 64) -- mask1=mask0; -- else -- mask1=(1L<<(num-32))-1; -- } -- else -- { -- if (num == 32) -- mask0=0xffffffffL; -- else -- mask0=(1L< 64) -+ return; -+ if (num > 32) { -+ mask0 = 0xffffffffL; -+ if (num >= 64) -+ mask1 = mask0; -+ else -+ mask1 = (1L << (num - 32)) - 1; -+ } else { -+ if (num == 32) -+ mask0 = 0xffffffffL; -+ else -+ mask0 = (1L << num) - 1; -+ mask1 = 0x00000000L; -+ } - -- iv = &(*ivec)[0]; -- c2l(iv,v0); -- c2l(iv,v1); -- ti[0]=v0; -- ti[1]=v1; -- while (l-- > 0) -- { -- ti[0]=v0; -- ti[1]=v1; -- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); -- vv0=ti[0]; -- vv1=ti[1]; -- c2ln(in,d0,d1,n); -- in+=n; -- d0=(d0^vv0)&mask0; -- d1=(d1^vv1)&mask1; -- l2cn(d0,d1,out,n); -- out+=n; -+ iv = &(*ivec)[0]; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ while (l-- > 0) { -+ ti[0] = v0; -+ ti[1] = v1; -+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); -+ vv0 = ti[0]; -+ vv1 = ti[1]; -+ c2ln(in, d0, d1, n); -+ in += n; -+ d0 = (d0 ^ vv0) & mask0; -+ d1 = (d1 ^ vv1) & mask1; -+ l2cn(d0, d1, out, n); -+ out += n; - -- if (num == 32) -- { v0=v1; v1=vv0; } -- else if (num == 64) -- { v0=vv0; v1=vv1; } -- else if (num > 32) /* && num != 64 */ -- { -- v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL; -- v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL; -- } -- else /* num < 32 */ -- { -- v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; -- v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL; -- } -- } -- iv = &(*ivec)[0]; -- l2c(v0,iv); -- l2c(v1,iv); -- v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0; -- } -+ if (num == 32) { -+ v0 = v1; -+ v1 = vv0; -+ } else if (num == 64) { -+ v0 = vv0; -+ v1 = vv1; -+ } else if (num > 32) { /* && num != 64 */ -+ v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL; -+ v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL; -+ } else { /* num < 32 */ - -+ v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL; -+ v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL; -+ } -+ } -+ iv = &(*ivec)[0]; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c -index 17a40f9..144d5ed 100644 ---- a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,65 +59,57 @@ - #include "des_locl.h" - - void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, -- long length, DES_key_schedule *schedule, -- DES_cblock *ivec, int enc) -- { -- register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1; -- DES_LONG tin[2]; -- const unsigned char *in; -- unsigned char *out,*iv; -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, int enc) -+{ -+ register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1; -+ DES_LONG tin[2]; -+ const unsigned char *in; -+ unsigned char *out, *iv; - -- in=input; -- out=output; -- iv = &(*ivec)[0]; -+ in = input; -+ out = output; -+ iv = &(*ivec)[0]; - -- if (enc) -- { -- c2l(iv,xor0); -- c2l(iv,xor1); -- for (; length>0; length-=8) -- { -- if (length >= 8) -- { -- c2l(in,sin0); -- c2l(in,sin1); -- } -- else -- c2ln(in,sin0,sin1,length); -- tin[0]=sin0^xor0; -- tin[1]=sin1^xor1; -- DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); -- tout0=tin[0]; -- tout1=tin[1]; -- xor0=sin0^tout0; -- xor1=sin1^tout1; -- l2c(tout0,out); -- l2c(tout1,out); -- } -- } -- else -- { -- c2l(iv,xor0); c2l(iv,xor1); -- for (; length>0; length-=8) -- { -- c2l(in,sin0); -- c2l(in,sin1); -- tin[0]=sin0; -- tin[1]=sin1; -- DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- if (length >= 8) -- { -- l2c(tout0,out); -- l2c(tout1,out); -- } -- else -- l2cn(tout0,tout1,out,length); -- xor0=tout0^sin0; -- xor1=tout1^sin1; -- } -- } -- tin[0]=tin[1]=0; -- sin0=sin1=xor0=xor1=tout0=tout1=0; -- } -+ if (enc) { -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (; length > 0; length -= 8) { -+ if (length >= 8) { -+ c2l(in, sin0); -+ c2l(in, sin1); -+ } else -+ c2ln(in, sin0, sin1, length); -+ tin[0] = sin0 ^ xor0; -+ tin[1] = sin1 ^ xor1; -+ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); -+ tout0 = tin[0]; -+ tout1 = tin[1]; -+ xor0 = sin0 ^ tout0; -+ xor1 = sin1 ^ tout1; -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } -+ } else { -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (; length > 0; length -= 8) { -+ c2l(in, sin0); -+ c2l(in, sin1); -+ tin[0] = sin0; -+ tin[1] = sin1; -+ DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ if (length >= 8) { -+ l2c(tout0, out); -+ l2c(tout1, out); -+ } else -+ l2cn(tout0, tout1, out, length); -+ xor0 = tout0 ^ sin0; -+ xor1 = tout1 ^ sin1; -+ } -+ } -+ tin[0] = tin[1] = 0; -+ sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c -index dac2012..2a168a5 100644 ---- a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c -+++ b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,91 +49,95 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer -- * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 -- * This module in only based on the code in this paper and is -- * almost definitely not the same as the MIT implementation. -+/* -+ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE -+ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in -+ * only based on the code in this paper and is almost definitely not the same -+ * as the MIT implementation. - */ - #include "des_locl.h" - - /* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */ --#define Q_B0(a) (((DES_LONG)(a))) --#define Q_B1(a) (((DES_LONG)(a))<<8) --#define Q_B2(a) (((DES_LONG)(a))<<16) --#define Q_B3(a) (((DES_LONG)(a))<<24) -+#define Q_B0(a) (((DES_LONG)(a))) -+#define Q_B1(a) (((DES_LONG)(a))<<8) -+#define Q_B2(a) (((DES_LONG)(a))<<16) -+#define Q_B3(a) (((DES_LONG)(a))<<24) - - /* used to scramble things a bit */ - /* Got the value MIT uses via brute force :-) 2/10/90 eay */ --#define NOISE ((DES_LONG)83653421L) -+#define NOISE ((DES_LONG)83653421L) - - DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], -- long length, int out_count, DES_cblock *seed) -- { -- DES_LONG z0,z1,t0,t1; -- int i; -- long l; -- const unsigned char *cp; -+ long length, int out_count, DES_cblock *seed) -+{ -+ DES_LONG z0, z1, t0, t1; -+ int i; -+ long l; -+ const unsigned char *cp; - #ifdef _CRAY -- struct lp_st { int a:32; int b:32; } *lp; -+ struct lp_st { -+ int a:32; -+ int b:32; -+ } *lp; - #else -- DES_LONG *lp; -+ DES_LONG *lp; - #endif - -- if (out_count < 1) out_count=1; -+ if (out_count < 1) -+ out_count = 1; - #ifdef _CRAY -- lp = (struct lp_st *) &(output[0])[0]; -+ lp = (struct lp_st *)&(output[0])[0]; - #else -- lp = (DES_LONG *) &(output[0])[0]; -+ lp = (DES_LONG *)&(output[0])[0]; - #endif - -- z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]); -- z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]); -+ z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) | -+ Q_B3((*seed)[3]); -+ z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) | -+ Q_B3((*seed)[7]); - -- for (i=0; ((i<4)&&(i 0) -- { -- if (l > 1) -- { -- t0= (DES_LONG)(*(cp++)); -- t0|=(DES_LONG)Q_B1(*(cp++)); -- l--; -- } -- else -- t0= (DES_LONG)(*(cp++)); -- l--; -- /* add */ -- t0+=z0; -- t0&=0xffffffffL; -- t1=z1; -- /* square, well sort of square */ -- z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL)) -- &0xffffffffL)%0x7fffffffL; -- z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL; -- } -- if (lp != NULL) -- { -- /* The MIT library assumes that the checksum is -- * composed of 2*out_count 32 bit ints */ -+ for (i = 0; ((i < 4) && (i < out_count)); i++) { -+ cp = input; -+ l = length; -+ while (l > 0) { -+ if (l > 1) { -+ t0 = (DES_LONG)(*(cp++)); -+ t0 |= (DES_LONG)Q_B1(*(cp++)); -+ l--; -+ } else -+ t0 = (DES_LONG)(*(cp++)); -+ l--; -+ /* add */ -+ t0 += z0; -+ t0 &= 0xffffffffL; -+ t1 = z1; -+ /* square, well sort of square */ -+ z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL)) -+ & 0xffffffffL) % 0x7fffffffL; -+ z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) % -+ 0x7fffffffL; -+ } -+ if (lp != NULL) { -+ /* -+ * The MIT library assumes that the checksum is composed of -+ * 2*out_count 32 bit ints -+ */ - #ifdef _CRAY -- (*lp).a = z0; -- (*lp).b = z1; -- lp++; -+ (*lp).a = z0; -+ (*lp).b = z1; -+ lp++; - #else -- *lp++ = z0; -- *lp++ = z1; -+ *lp++ = z0; -+ *lp++ = z1; - #endif -- } -- } -- return(z0); -- } -- -+ } -+ } -+ return (z0); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c -index 2398165..b75cc5f 100644 ---- a/Cryptlib/OpenSSL/crypto/des/rand_key.c -+++ b/Cryptlib/OpenSSL/crypto/des/rand_key.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,12 +57,11 @@ - #include - - int DES_random_key(DES_cblock *ret) -- { -- do -- { -- if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) -- return (0); -- } while (DES_is_weak_key(ret)); -- DES_set_odd_parity(ret); -- return (1); -- } -+{ -+ do { -+ if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) -+ return (0); -+ } while (DES_is_weak_key(ret)); -+ DES_set_odd_parity(ret); -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c -index ee6969f..01e275f 100644 ---- a/Cryptlib/OpenSSL/crypto/des/read2pwd.c -+++ b/Cryptlib/OpenSSL/crypto/des/read2pwd.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,21 +58,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -87,10 +87,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -102,7 +102,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -115,26 +115,26 @@ - #include - - int DES_read_password(DES_cblock *key, const char *prompt, int verify) -- { -- int ok; -- char buf[BUFSIZ],buff[BUFSIZ]; -+{ -+ int ok; -+ char buf[BUFSIZ], buff[BUFSIZ]; - -- if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) -- DES_string_to_key(buf,key); -- OPENSSL_cleanse(buf,BUFSIZ); -- OPENSSL_cleanse(buff,BUFSIZ); -- return(ok); -- } -+ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0) -+ DES_string_to_key(buf, key); -+ OPENSSL_cleanse(buf, BUFSIZ); -+ OPENSSL_cleanse(buff, BUFSIZ); -+ return (ok); -+} - --int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, -- int verify) -- { -- int ok; -- char buf[BUFSIZ],buff[BUFSIZ]; -+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, -+ const char *prompt, int verify) -+{ -+ int ok; -+ char buf[BUFSIZ], buff[BUFSIZ]; - -- if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) -- DES_string_to_2keys(buf,key1,key2); -- OPENSSL_cleanse(buf,BUFSIZ); -- OPENSSL_cleanse(buff,BUFSIZ); -- return(ok); -- } -+ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0) -+ DES_string_to_2keys(buf, key1, key2); -+ OPENSSL_cleanse(buf, BUFSIZ); -+ OPENSSL_cleanse(buff, BUFSIZ); -+ return (ok); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c -index d937d08..f5a84c5 100644 ---- a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,39 +60,41 @@ - #include "des_locl.h" - #include "des_ver.h" - --int _des_crypt(char *buf,int len,struct desparams *desp); -+int _des_crypt(char *buf, int len, struct desparams *desp); - int _des_crypt(char *buf, int len, struct desparams *desp) -- { -- DES_key_schedule ks; -- int enc; -+{ -+ DES_key_schedule ks; -+ int enc; - -- DES_set_key_unchecked(&desp->des_key,&ks); -- enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT; -+ DES_set_key_unchecked(&desp->des_key, &ks); -+ enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT; - -- if (desp->des_mode == CBC) -- DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf, -- (DES_cblock *)desp->UDES.UDES_buf,&ks, -- enc); -- else -- { -- DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf, -- len,&ks,&desp->des_ivec,enc); -+ if (desp->des_mode == CBC) -+ DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf, -+ (DES_cblock *)desp->UDES.UDES_buf, &ks, enc); -+ else { -+ DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf, -+ len, &ks, &desp->des_ivec, enc); - #ifdef undef -- /* len will always be %8 if called from common_crypt -- * in secure_rpc. -- * Libdes's cbc encrypt does not copy back the iv, -- * so we have to do it here. */ -- /* It does now :-) eay 20/09/95 */ -+ /* -+ * len will always be %8 if called from common_crypt in secure_rpc. -+ * Libdes's cbc encrypt does not copy back the iv, so we have to do -+ * it here. -+ */ -+ /* It does now :-) eay 20/09/95 */ - -- a=(char *)&(desp->UDES.UDES_buf[len-8]); -- b=(char *)&(desp->des_ivec[0]); -+ a = (char *)&(desp->UDES.UDES_buf[len - 8]); -+ b = (char *)&(desp->des_ivec[0]); - -- *(a++)= *(b++); *(a++)= *(b++); -- *(a++)= *(b++); *(a++)= *(b++); -- *(a++)= *(b++); *(a++)= *(b++); -- *(a++)= *(b++); *(a++)= *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); -+ *(a++) = *(b++); - #endif -- } -- return(1); -- } -- -+ } -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c -index c0806d5..fdc8d50 100644 ---- a/Cryptlib/OpenSSL/crypto/des/set_key.c -+++ b/Cryptlib/OpenSSL/crypto/des/set_key.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,14 +49,15 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* set_key.c v 1.4 eay 24/9/91 -+/*- -+ * set_key.c v 1.4 eay 24/9/91 - * 1.4 Speed up by 400% :-) - * 1.3 added register declarations. - * 1.2 unrolled make_key_sched a bit more -@@ -65,51 +66,61 @@ - */ - #include "des_locl.h" - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -+OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key); /* defaults to false */ - --OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ -- --static const unsigned char odd_parity[256]={ -- 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, -- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, -- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, -- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, -- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, -- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, -- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, --112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, --128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, --145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, --161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, --176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, --193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, --208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, --224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, --241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254}; -+static const unsigned char odd_parity[256] = { -+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, -+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, -+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, -+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, -+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, -+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, -+ 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, -+ 110, -+ 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, -+ 127, -+ 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, -+ 143, -+ 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, -+ 158, -+ 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, -+ 174, -+ 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, -+ 191, -+ 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, -+ 206, -+ 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, -+ 223, -+ 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, -+ 239, -+ 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, -+ 254 -+}; - - void DES_set_odd_parity(DES_cblock *key) -- { -- unsigned int i; -+{ -+ unsigned int i; - -- for (i=0; i>(n))^(b))&(m)),\ -- * (b)^=(t),\ -- * (a)=((a)^((t)<<(n)))) -+ * (b)^=(t),\ -+ * (a)=((a)^((t)<<(n)))) - */ - - #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ -- (a)=(a)^(t)^(t>>(16-(n)))) -+ (a)=(a)^(t)^(t>>(16-(n)))) - --static const DES_LONG des_skb[8][64]={ -- { -- /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ -- 0x00000000L,0x00000010L,0x20000000L,0x20000010L, -- 0x00010000L,0x00010010L,0x20010000L,0x20010010L, -- 0x00000800L,0x00000810L,0x20000800L,0x20000810L, -- 0x00010800L,0x00010810L,0x20010800L,0x20010810L, -- 0x00000020L,0x00000030L,0x20000020L,0x20000030L, -- 0x00010020L,0x00010030L,0x20010020L,0x20010030L, -- 0x00000820L,0x00000830L,0x20000820L,0x20000830L, -- 0x00010820L,0x00010830L,0x20010820L,0x20010830L, -- 0x00080000L,0x00080010L,0x20080000L,0x20080010L, -- 0x00090000L,0x00090010L,0x20090000L,0x20090010L, -- 0x00080800L,0x00080810L,0x20080800L,0x20080810L, -- 0x00090800L,0x00090810L,0x20090800L,0x20090810L, -- 0x00080020L,0x00080030L,0x20080020L,0x20080030L, -- 0x00090020L,0x00090030L,0x20090020L,0x20090030L, -- 0x00080820L,0x00080830L,0x20080820L,0x20080830L, -- 0x00090820L,0x00090830L,0x20090820L,0x20090830L, -- },{ -- /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ -- 0x00000000L,0x02000000L,0x00002000L,0x02002000L, -- 0x00200000L,0x02200000L,0x00202000L,0x02202000L, -- 0x00000004L,0x02000004L,0x00002004L,0x02002004L, -- 0x00200004L,0x02200004L,0x00202004L,0x02202004L, -- 0x00000400L,0x02000400L,0x00002400L,0x02002400L, -- 0x00200400L,0x02200400L,0x00202400L,0x02202400L, -- 0x00000404L,0x02000404L,0x00002404L,0x02002404L, -- 0x00200404L,0x02200404L,0x00202404L,0x02202404L, -- 0x10000000L,0x12000000L,0x10002000L,0x12002000L, -- 0x10200000L,0x12200000L,0x10202000L,0x12202000L, -- 0x10000004L,0x12000004L,0x10002004L,0x12002004L, -- 0x10200004L,0x12200004L,0x10202004L,0x12202004L, -- 0x10000400L,0x12000400L,0x10002400L,0x12002400L, -- 0x10200400L,0x12200400L,0x10202400L,0x12202400L, -- 0x10000404L,0x12000404L,0x10002404L,0x12002404L, -- 0x10200404L,0x12200404L,0x10202404L,0x12202404L, -- },{ -- /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ -- 0x00000000L,0x00000001L,0x00040000L,0x00040001L, -- 0x01000000L,0x01000001L,0x01040000L,0x01040001L, -- 0x00000002L,0x00000003L,0x00040002L,0x00040003L, -- 0x01000002L,0x01000003L,0x01040002L,0x01040003L, -- 0x00000200L,0x00000201L,0x00040200L,0x00040201L, -- 0x01000200L,0x01000201L,0x01040200L,0x01040201L, -- 0x00000202L,0x00000203L,0x00040202L,0x00040203L, -- 0x01000202L,0x01000203L,0x01040202L,0x01040203L, -- 0x08000000L,0x08000001L,0x08040000L,0x08040001L, -- 0x09000000L,0x09000001L,0x09040000L,0x09040001L, -- 0x08000002L,0x08000003L,0x08040002L,0x08040003L, -- 0x09000002L,0x09000003L,0x09040002L,0x09040003L, -- 0x08000200L,0x08000201L,0x08040200L,0x08040201L, -- 0x09000200L,0x09000201L,0x09040200L,0x09040201L, -- 0x08000202L,0x08000203L,0x08040202L,0x08040203L, -- 0x09000202L,0x09000203L,0x09040202L,0x09040203L, -- },{ -- /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ -- 0x00000000L,0x00100000L,0x00000100L,0x00100100L, -- 0x00000008L,0x00100008L,0x00000108L,0x00100108L, -- 0x00001000L,0x00101000L,0x00001100L,0x00101100L, -- 0x00001008L,0x00101008L,0x00001108L,0x00101108L, -- 0x04000000L,0x04100000L,0x04000100L,0x04100100L, -- 0x04000008L,0x04100008L,0x04000108L,0x04100108L, -- 0x04001000L,0x04101000L,0x04001100L,0x04101100L, -- 0x04001008L,0x04101008L,0x04001108L,0x04101108L, -- 0x00020000L,0x00120000L,0x00020100L,0x00120100L, -- 0x00020008L,0x00120008L,0x00020108L,0x00120108L, -- 0x00021000L,0x00121000L,0x00021100L,0x00121100L, -- 0x00021008L,0x00121008L,0x00021108L,0x00121108L, -- 0x04020000L,0x04120000L,0x04020100L,0x04120100L, -- 0x04020008L,0x04120008L,0x04020108L,0x04120108L, -- 0x04021000L,0x04121000L,0x04021100L,0x04121100L, -- 0x04021008L,0x04121008L,0x04021108L,0x04121108L, -- },{ -- /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ -- 0x00000000L,0x10000000L,0x00010000L,0x10010000L, -- 0x00000004L,0x10000004L,0x00010004L,0x10010004L, -- 0x20000000L,0x30000000L,0x20010000L,0x30010000L, -- 0x20000004L,0x30000004L,0x20010004L,0x30010004L, -- 0x00100000L,0x10100000L,0x00110000L,0x10110000L, -- 0x00100004L,0x10100004L,0x00110004L,0x10110004L, -- 0x20100000L,0x30100000L,0x20110000L,0x30110000L, -- 0x20100004L,0x30100004L,0x20110004L,0x30110004L, -- 0x00001000L,0x10001000L,0x00011000L,0x10011000L, -- 0x00001004L,0x10001004L,0x00011004L,0x10011004L, -- 0x20001000L,0x30001000L,0x20011000L,0x30011000L, -- 0x20001004L,0x30001004L,0x20011004L,0x30011004L, -- 0x00101000L,0x10101000L,0x00111000L,0x10111000L, -- 0x00101004L,0x10101004L,0x00111004L,0x10111004L, -- 0x20101000L,0x30101000L,0x20111000L,0x30111000L, -- 0x20101004L,0x30101004L,0x20111004L,0x30111004L, -- },{ -- /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ -- 0x00000000L,0x08000000L,0x00000008L,0x08000008L, -- 0x00000400L,0x08000400L,0x00000408L,0x08000408L, -- 0x00020000L,0x08020000L,0x00020008L,0x08020008L, -- 0x00020400L,0x08020400L,0x00020408L,0x08020408L, -- 0x00000001L,0x08000001L,0x00000009L,0x08000009L, -- 0x00000401L,0x08000401L,0x00000409L,0x08000409L, -- 0x00020001L,0x08020001L,0x00020009L,0x08020009L, -- 0x00020401L,0x08020401L,0x00020409L,0x08020409L, -- 0x02000000L,0x0A000000L,0x02000008L,0x0A000008L, -- 0x02000400L,0x0A000400L,0x02000408L,0x0A000408L, -- 0x02020000L,0x0A020000L,0x02020008L,0x0A020008L, -- 0x02020400L,0x0A020400L,0x02020408L,0x0A020408L, -- 0x02000001L,0x0A000001L,0x02000009L,0x0A000009L, -- 0x02000401L,0x0A000401L,0x02000409L,0x0A000409L, -- 0x02020001L,0x0A020001L,0x02020009L,0x0A020009L, -- 0x02020401L,0x0A020401L,0x02020409L,0x0A020409L, -- },{ -- /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ -- 0x00000000L,0x00000100L,0x00080000L,0x00080100L, -- 0x01000000L,0x01000100L,0x01080000L,0x01080100L, -- 0x00000010L,0x00000110L,0x00080010L,0x00080110L, -- 0x01000010L,0x01000110L,0x01080010L,0x01080110L, -- 0x00200000L,0x00200100L,0x00280000L,0x00280100L, -- 0x01200000L,0x01200100L,0x01280000L,0x01280100L, -- 0x00200010L,0x00200110L,0x00280010L,0x00280110L, -- 0x01200010L,0x01200110L,0x01280010L,0x01280110L, -- 0x00000200L,0x00000300L,0x00080200L,0x00080300L, -- 0x01000200L,0x01000300L,0x01080200L,0x01080300L, -- 0x00000210L,0x00000310L,0x00080210L,0x00080310L, -- 0x01000210L,0x01000310L,0x01080210L,0x01080310L, -- 0x00200200L,0x00200300L,0x00280200L,0x00280300L, -- 0x01200200L,0x01200300L,0x01280200L,0x01280300L, -- 0x00200210L,0x00200310L,0x00280210L,0x00280310L, -- 0x01200210L,0x01200310L,0x01280210L,0x01280310L, -- },{ -- /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ -- 0x00000000L,0x04000000L,0x00040000L,0x04040000L, -- 0x00000002L,0x04000002L,0x00040002L,0x04040002L, -- 0x00002000L,0x04002000L,0x00042000L,0x04042000L, -- 0x00002002L,0x04002002L,0x00042002L,0x04042002L, -- 0x00000020L,0x04000020L,0x00040020L,0x04040020L, -- 0x00000022L,0x04000022L,0x00040022L,0x04040022L, -- 0x00002020L,0x04002020L,0x00042020L,0x04042020L, -- 0x00002022L,0x04002022L,0x00042022L,0x04042022L, -- 0x00000800L,0x04000800L,0x00040800L,0x04040800L, -- 0x00000802L,0x04000802L,0x00040802L,0x04040802L, -- 0x00002800L,0x04002800L,0x00042800L,0x04042800L, -- 0x00002802L,0x04002802L,0x00042802L,0x04042802L, -- 0x00000820L,0x04000820L,0x00040820L,0x04040820L, -- 0x00000822L,0x04000822L,0x00040822L,0x04040822L, -- 0x00002820L,0x04002820L,0x00042820L,0x04042820L, -- 0x00002822L,0x04002822L,0x00042822L,0x04042822L, -- }}; -+static const DES_LONG des_skb[8][64] = { -+ { -+ /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ -+ 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, -+ 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L, -+ 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L, -+ 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L, -+ 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, -+ 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, -+ 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L, -+ 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L, -+ 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L, -+ 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, -+ 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, -+ 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L, -+ 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L, -+ 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L, -+ 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, -+ 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, -+ }, -+ { -+ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ -+ 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, -+ 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L, -+ 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L, -+ 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L, -+ 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, -+ 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, -+ 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L, -+ 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L, -+ 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L, -+ 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, -+ 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, -+ 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L, -+ 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L, -+ 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L, -+ 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, -+ 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, -+ }, -+ { -+ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ -+ 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, -+ 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L, -+ 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L, -+ 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L, -+ 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, -+ 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, -+ 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L, -+ 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L, -+ 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L, -+ 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, -+ 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, -+ 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L, -+ 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L, -+ 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L, -+ 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, -+ 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, -+ }, -+ { -+ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ -+ 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, -+ 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L, -+ 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L, -+ 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L, -+ 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, -+ 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, -+ 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L, -+ 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L, -+ 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L, -+ 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, -+ 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, -+ 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L, -+ 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L, -+ 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L, -+ 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, -+ 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, -+ }, -+ { -+ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ -+ 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, -+ 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L, -+ 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L, -+ 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L, -+ 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, -+ 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, -+ 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L, -+ 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L, -+ 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L, -+ 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, -+ 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, -+ 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L, -+ 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L, -+ 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L, -+ 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, -+ 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, -+ }, -+ { -+ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ -+ 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, -+ 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L, -+ 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L, -+ 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L, -+ 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, -+ 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, -+ 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L, -+ 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L, -+ 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L, -+ 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, -+ 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, -+ 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L, -+ 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L, -+ 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L, -+ 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, -+ 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, -+ }, -+ { -+ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ -+ 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, -+ 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L, -+ 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L, -+ 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L, -+ 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, -+ 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, -+ 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L, -+ 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L, -+ 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L, -+ 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, -+ 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, -+ 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L, -+ 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L, -+ 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L, -+ 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, -+ 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, -+ }, -+ { -+ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ -+ 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, -+ 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L, -+ 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L, -+ 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L, -+ 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, -+ 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, -+ 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L, -+ 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L, -+ 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L, -+ 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, -+ 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, -+ 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L, -+ 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L, -+ 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L, -+ 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, -+ 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, -+ } -+}; - - int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) -- { -- if (DES_check_key) -- { -- return DES_set_key_checked(key, schedule); -- } -- else -- { -- DES_set_key_unchecked(key, schedule); -- return 0; -- } -- } -+{ -+ if (DES_check_key) { -+ return DES_set_key_checked(key, schedule); -+ } else { -+ DES_set_key_unchecked(key, schedule); -+ return 0; -+ } -+} - --/* return 0 if key parity is odd (correct), -+/*- -+ * return 0 if key parity is odd (correct), - * return -1 if key parity error, - * return -2 if illegal weak key. - */ - int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) -- { -- if (!DES_check_key_parity(key)) -- return(-1); -- if (DES_is_weak_key(key)) -- return(-2); -- DES_set_key_unchecked(key, schedule); -- return 0; -- } -+{ -+ if (!DES_check_key_parity(key)) -+ return (-1); -+ if (DES_is_weak_key(key)) -+ return (-2); -+ DES_set_key_unchecked(key, schedule); -+ return 0; -+} - - void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) -- { -- static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; -- register DES_LONG c,d,t,s,t2; -- register const unsigned char *in; -- register DES_LONG *k; -- register int i; -+{ -+ static int shifts2[16] = -+ { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -+ register DES_LONG c, d, t, s, t2; -+ register const unsigned char *in; -+ register DES_LONG *k; -+ register int i; - - #ifdef OPENBSD_DEV_CRYPTO -- memcpy(schedule->key,key,sizeof schedule->key); -- schedule->session=NULL; -+ memcpy(schedule->key, key, sizeof schedule->key); -+ schedule->session = NULL; - #endif -- k = &schedule->ks->deslong[0]; -- in = &(*key)[0]; -+ k = &schedule->ks->deslong[0]; -+ in = &(*key)[0]; - - #ifdef OPENSSL_FIPS -- FIPS_selftest_check(); -+ FIPS_selftest_check(); - #endif - -- c2l(in,c); -- c2l(in,d); -+ c2l(in, c); -+ c2l(in, d); - -- /* do PC1 in 47 simple operations :-) -- * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) -- * for the inspiration. :-) */ -- PERM_OP (d,c,t,4,0x0f0f0f0fL); -- HPERM_OP(c,t,-2,0xcccc0000L); -- HPERM_OP(d,t,-2,0xcccc0000L); -- PERM_OP (d,c,t,1,0x55555555L); -- PERM_OP (c,d,t,8,0x00ff00ffL); -- PERM_OP (d,c,t,1,0x55555555L); -- d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) | -- ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L)); -- c&=0x0fffffffL; -+ /* -+ * do PC1 in 47 simple operations :-) Thanks to John Fletcher -+ * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-) -+ */ -+ PERM_OP(d, c, t, 4, 0x0f0f0f0fL); -+ HPERM_OP(c, t, -2, 0xcccc0000L); -+ HPERM_OP(d, t, -2, 0xcccc0000L); -+ PERM_OP(d, c, t, 1, 0x55555555L); -+ PERM_OP(c, d, t, 8, 0x00ff00ffL); -+ PERM_OP(d, c, t, 1, 0x55555555L); -+ d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | -+ ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); -+ c &= 0x0fffffffL; - -- for (i=0; i>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); } -- else -- { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); } -- c&=0x0fffffffL; -- d&=0x0fffffffL; -- /* could be a few less shifts but I am to lazy at this -- * point in time to investigate */ -- s= des_skb[0][ (c )&0x3f ]| -- des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]| -- des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]| -- des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) | -- ((c>>22L)&0x38)]; -- t= des_skb[4][ (d )&0x3f ]| -- des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| -- des_skb[6][ (d>>15L)&0x3f ]| -- des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)]; -+ for (i = 0; i < ITERATIONS; i++) { -+ if (shifts2[i]) { -+ c = ((c >> 2L) | (c << 26L)); -+ d = ((d >> 2L) | (d << 26L)); -+ } else { -+ c = ((c >> 1L) | (c << 27L)); -+ d = ((d >> 1L) | (d << 27L)); -+ } -+ c &= 0x0fffffffL; -+ d &= 0x0fffffffL; -+ /* -+ * could be a few less shifts but I am to lazy at this point in time -+ * to investigate -+ */ -+ s = des_skb[0][(c) & 0x3f] | -+ des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | -+ des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | -+ des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | -+ ((c >> 22L) & 0x38)]; -+ t = des_skb[4][(d) & 0x3f] | -+ des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | -+ des_skb[6][(d >> 15L) & 0x3f] | -+ des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; - -- /* table contained 0213 4657 */ -- t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL; -- *(k++)=ROTATE(t2,30)&0xffffffffL; -+ /* table contained 0213 4657 */ -+ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; -+ *(k++) = ROTATE(t2, 30) & 0xffffffffL; - -- t2=((s>>16L)|(t&0xffff0000L)); -- *(k++)=ROTATE(t2,26)&0xffffffffL; -- } -- } -+ t2 = ((s >> 16L) | (t & 0xffff0000L)); -+ *(k++) = ROTATE(t2, 26) & 0xffffffffL; -+ } -+} - - int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) -- { -- return(DES_set_key(key,schedule)); -- } --/* -+{ -+ return (DES_set_key(key, schedule)); -+} -+ -+/*- - #undef des_fixup_key_parity - void des_fixup_key_parity(des_cblock *key) -- { -- des_set_odd_parity(key); -- } -+ { -+ des_set_odd_parity(key); -+ } - */ -- -diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c -index 9c2054b..d6468b3 100644 ---- a/Cryptlib/OpenSSL/crypto/des/str2key.c -+++ b/Cryptlib/OpenSSL/crypto/des/str2key.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,115 +60,105 @@ - #include - - void DES_string_to_key(const char *str, DES_cblock *key) -- { -- DES_key_schedule ks; -- int i,length; -- register unsigned char j; -+{ -+ DES_key_schedule ks; -+ int i, length; -+ register unsigned char j; - -- memset(key,0,8); -- length=strlen(str); -+ memset(key, 0, 8); -+ length = strlen(str); - #ifdef OLD_STR_TO_KEY -- for (i=0; i>4)&0x0f); -- j=((j<<2)&0xcc)|((j>>2)&0x33); -- j=((j<<1)&0xaa)|((j>>1)&0x55); -- (*key)[7-(i%8)]^=j; -- } -- } -+ for (i = 0; i < length; i++) -+ (*key)[i % 8] ^= (str[i] << 1); -+#else /* MIT COMPATIBLE */ -+ for (i = 0; i < length; i++) { -+ j = str[i]; -+ if ((i % 16) < 8) -+ (*key)[i % 8] ^= (j << 1); -+ else { -+ /* Reverse the bit order 05/05/92 eay */ -+ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); -+ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); -+ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); -+ (*key)[7 - (i % 8)] ^= j; -+ } -+ } - #endif -- DES_set_odd_parity(key); -+ DES_set_odd_parity(key); - #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY -- if(DES_is_weak_key(key)) -- (*key)[7] ^= 0xF0; -- DES_set_key(key,&ks); -+ if (DES_is_weak_key(key)) -+ (*key)[7] ^= 0xF0; -+ DES_set_key(key, &ks); - #else -- DES_set_key_unchecked(key,&ks); -+ DES_set_key_unchecked(key, &ks); - #endif -- DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); -- OPENSSL_cleanse(&ks,sizeof(ks)); -- DES_set_odd_parity(key); -- } -+ DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); -+ OPENSSL_cleanse(&ks, sizeof(ks)); -+ DES_set_odd_parity(key); -+} - - void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) -- { -- DES_key_schedule ks; -- int i,length; -- register unsigned char j; -+{ -+ DES_key_schedule ks; -+ int i, length; -+ register unsigned char j; - -- memset(key1,0,8); -- memset(key2,0,8); -- length=strlen(str); -+ memset(key1, 0, 8); -+ memset(key2, 0, 8); -+ length = strlen(str); - #ifdef OLD_STR_TO_KEY -- if (length <= 8) -- { -- for (i=0; i>4)&0x0f); -- j=((j<<2)&0xcc)|((j>>2)&0x33); -- j=((j<<1)&0xaa)|((j>>1)&0x55); -- if ((i%16) < 8) -- (*key1)[7-(i%8)]^=j; -- else -- (*key2)[7-(i%8)]^=j; -- } -- } -- if (length <= 8) memcpy(key2,key1,8); -+ if (length <= 8) { -+ for (i = 0; i < length; i++) { -+ (*key2)[i] = (*key1)[i] = (str[i] << 1); -+ } -+ } else { -+ for (i = 0; i < length; i++) { -+ if ((i / 8) & 1) -+ (*key2)[i % 8] ^= (str[i] << 1); -+ else -+ (*key1)[i % 8] ^= (str[i] << 1); -+ } -+ } -+#else /* MIT COMPATIBLE */ -+ for (i = 0; i < length; i++) { -+ j = str[i]; -+ if ((i % 32) < 16) { -+ if ((i % 16) < 8) -+ (*key1)[i % 8] ^= (j << 1); -+ else -+ (*key2)[i % 8] ^= (j << 1); -+ } else { -+ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); -+ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); -+ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); -+ if ((i % 16) < 8) -+ (*key1)[7 - (i % 8)] ^= j; -+ else -+ (*key2)[7 - (i % 8)] ^= j; -+ } -+ } -+ if (length <= 8) -+ memcpy(key2, key1, 8); - #endif -- DES_set_odd_parity(key1); -- DES_set_odd_parity(key2); -+ DES_set_odd_parity(key1); -+ DES_set_odd_parity(key2); - #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY -- if(DES_is_weak_key(key1)) -- (*key1)[7] ^= 0xF0; -- DES_set_key(key1,&ks); -+ if (DES_is_weak_key(key1)) -+ (*key1)[7] ^= 0xF0; -+ DES_set_key(key1, &ks); - #else -- DES_set_key_unchecked(key1,&ks); -+ DES_set_key_unchecked(key1, &ks); - #endif -- DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1); -+ DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); - #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY -- if(DES_is_weak_key(key2)) -- (*key2)[7] ^= 0xF0; -- DES_set_key(key2,&ks); -+ if (DES_is_weak_key(key2)) -+ (*key2)[7] ^= 0xF0; -+ DES_set_key(key2, &ks); - #else -- DES_set_key_unchecked(key2,&ks); -+ DES_set_key_unchecked(key2, &ks); - #endif -- DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); -- OPENSSL_cleanse(&ks,sizeof(ks)); -- DES_set_odd_parity(key1); -- DES_set_odd_parity(key2); -- } -+ DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); -+ OPENSSL_cleanse(&ks, sizeof(ks)); -+ DES_set_odd_parity(key1); -+ DES_set_odd_parity(key2); -+} -diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c -index dc0c761..3b614f4 100644 ---- a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c -+++ b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,138 +60,157 @@ - - /* RSA's DESX */ - --#if 0 /* broken code, preserved just in case anyone specifically looks for this */ --static unsigned char desx_white_in2out[256]={ --0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, --0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, --0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36, --0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C, --0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60, --0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA, --0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E, --0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF, --0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6, --0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3, --0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C, --0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2, --0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5, --0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5, --0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F, --0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB, -- }; -+#if 0 /* broken code, preserved just in case anyone -+ * specifically looks for this */ -+static unsigned char desx_white_in2out[256] = { -+ 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C, -+ 0x1B, 0x33, 0xFD, 0xD0, -+ 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B, -+ 0x31, 0xBB, 0x21, 0x5A, -+ 0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3, -+ 0x27, 0x5F, 0x80, 0x36, -+ 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0, -+ 0xA6, 0x3F, 0xD8, 0x0C, -+ 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7, -+ 0xE8, 0x07, 0xB8, 0x60, -+ 0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E, -+ 0x86, 0x00, 0x84, 0xFA, -+ 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12, -+ 0xBA, 0x3C, 0x06, 0x4E, -+ 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71, -+ 0x74, 0xD3, 0xE4, 0xBF, -+ 0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03, -+ 0x79, 0x89, 0x62, 0xC6, -+ 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02, -+ 0x75, 0xD5, 0x61, 0xE3, -+ 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57, -+ 0x63, 0xCA, 0x3D, 0x6C, -+ 0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F, -+ 0x58, 0xE0, 0x01, 0xE2, -+ 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B, -+ 0x82, 0xF9, 0x40, 0xB5, -+ 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28, -+ 0xAA, 0x98, 0x9D, 0xA5, -+ 0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E, -+ 0xDD, 0x76, 0x5C, 0x2F, -+ 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9, -+ 0x4C, 0xFF, 0x43, 0xAB, -+}; - - void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, -- DES_cblock *out_white) -- { -- int out0,out1; -- int i; -- const unsigned char *key = &(*des_key)[0]; -- const unsigned char *in = &(*in_white)[0]; -- unsigned char *out = &(*out_white)[0]; -+ DES_cblock *out_white) -+{ -+ int out0, out1; -+ int i; -+ const unsigned char *key = &(*des_key)[0]; -+ const unsigned char *in = &(*in_white)[0]; -+ unsigned char *out = &(*out_white)[0]; - -- out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0; -- out0=out1=0; -- for (i=0; i<8; i++) -- { -- out[i]=key[i]^desx_white_in2out[out0^out1]; -- out0=out1; -- out1=(int)out[i&0x07]; -- } -+ out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0; -+ out0 = out1 = 0; -+ for (i = 0; i < 8; i++) { -+ out[i] = key[i] ^ desx_white_in2out[out0 ^ out1]; -+ out0 = out1; -+ out1 = (int)out[i & 0x07]; -+ } - -- out0=out[0]; -- out1=out[i]; /* BUG: out-of-bounds read */ -- for (i=0; i<8; i++) -- { -- out[i]=in[i]^desx_white_in2out[out0^out1]; -- out0=out1; -- out1=(int)out[i&0x07]; -- } -- } -+ out0 = out[0]; -+ out1 = out[i]; /* BUG: out-of-bounds read */ -+ for (i = 0; i < 8; i++) { -+ out[i] = in[i] ^ desx_white_in2out[out0 ^ out1]; -+ out0 = out1; -+ out1 = (int)out[i & 0x07]; -+ } -+} - #endif - - void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, -- long length, DES_key_schedule *schedule, -- DES_cblock *ivec, const_DES_cblock *inw, -- const_DES_cblock *outw, int enc) -- { -- register DES_LONG tin0,tin1; -- register DES_LONG tout0,tout1,xor0,xor1; -- register DES_LONG inW0,inW1,outW0,outW1; -- register const unsigned char *in2; -- register long l=length; -- DES_LONG tin[2]; -- unsigned char *iv; -- -- in2 = &(*inw)[0]; -- c2l(in2,inW0); -- c2l(in2,inW1); -- in2 = &(*outw)[0]; -- c2l(in2,outW0); -- c2l(in2,outW1); -+ long length, DES_key_schedule *schedule, -+ DES_cblock *ivec, const_DES_cblock *inw, -+ const_DES_cblock *outw, int enc) -+{ -+ register DES_LONG tin0, tin1; -+ register DES_LONG tout0, tout1, xor0, xor1; -+ register DES_LONG inW0, inW1, outW0, outW1; -+ register const unsigned char *in2; -+ register long l = length; -+ DES_LONG tin[2]; -+ unsigned char *iv; - -- iv = &(*ivec)[0]; -+ in2 = &(*inw)[0]; -+ c2l(in2, inW0); -+ c2l(in2, inW1); -+ in2 = &(*outw)[0]; -+ c2l(in2, outW0); -+ c2l(in2, outW1); - -- if (enc) -- { -- c2l(iv,tout0); -- c2l(iv,tout1); -- for (l-=8; l>=0; l-=8) -- { -- c2l(in,tin0); -- c2l(in,tin1); -- tin0^=tout0^inW0; tin[0]=tin0; -- tin1^=tout1^inW1; tin[1]=tin1; -- DES_encrypt1(tin,schedule,DES_ENCRYPT); -- tout0=tin[0]^outW0; l2c(tout0,out); -- tout1=tin[1]^outW1; l2c(tout1,out); -- } -- if (l != -8) -- { -- c2ln(in,tin0,tin1,l+8); -- tin0^=tout0^inW0; tin[0]=tin0; -- tin1^=tout1^inW1; tin[1]=tin1; -- DES_encrypt1(tin,schedule,DES_ENCRYPT); -- tout0=tin[0]^outW0; l2c(tout0,out); -- tout1=tin[1]^outW1; l2c(tout1,out); -- } -- iv = &(*ivec)[0]; -- l2c(tout0,iv); -- l2c(tout1,iv); -- } -- else -- { -- c2l(iv,xor0); -- c2l(iv,xor1); -- for (l-=8; l>0; l-=8) -- { -- c2l(in,tin0); tin[0]=tin0^outW0; -- c2l(in,tin1); tin[1]=tin1^outW1; -- DES_encrypt1(tin,schedule,DES_DECRYPT); -- tout0=tin[0]^xor0^inW0; -- tout1=tin[1]^xor1^inW1; -- l2c(tout0,out); -- l2c(tout1,out); -- xor0=tin0; -- xor1=tin1; -- } -- if (l != -8) -- { -- c2l(in,tin0); tin[0]=tin0^outW0; -- c2l(in,tin1); tin[1]=tin1^outW1; -- DES_encrypt1(tin,schedule,DES_DECRYPT); -- tout0=tin[0]^xor0^inW0; -- tout1=tin[1]^xor1^inW1; -- l2cn(tout0,tout1,out,l+8); -- xor0=tin0; -- xor1=tin1; -- } -+ iv = &(*ivec)[0]; - -- iv = &(*ivec)[0]; -- l2c(xor0,iv); -- l2c(xor1,iv); -- } -- tin0=tin1=tout0=tout1=xor0=xor1=0; -- inW0=inW1=outW0=outW1=0; -- tin[0]=tin[1]=0; -- } -+ if (enc) { -+ c2l(iv, tout0); -+ c2l(iv, tout1); -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ tin0 ^= tout0 ^ inW0; -+ tin[0] = tin0; -+ tin1 ^= tout1 ^ inW1; -+ tin[1] = tin1; -+ DES_encrypt1(tin, schedule, DES_ENCRYPT); -+ tout0 = tin[0] ^ outW0; -+ l2c(tout0, out); -+ tout1 = tin[1] ^ outW1; -+ l2c(tout1, out); -+ } -+ if (l != -8) { -+ c2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0 ^ inW0; -+ tin[0] = tin0; -+ tin1 ^= tout1 ^ inW1; -+ tin[1] = tin1; -+ DES_encrypt1(tin, schedule, DES_ENCRYPT); -+ tout0 = tin[0] ^ outW0; -+ l2c(tout0, out); -+ tout1 = tin[1] ^ outW1; -+ l2c(tout1, out); -+ } -+ iv = &(*ivec)[0]; -+ l2c(tout0, iv); -+ l2c(tout1, iv); -+ } else { -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ for (l -= 8; l > 0; l -= 8) { -+ c2l(in, tin0); -+ tin[0] = tin0 ^ outW0; -+ c2l(in, tin1); -+ tin[1] = tin1 ^ outW1; -+ DES_encrypt1(tin, schedule, DES_DECRYPT); -+ tout0 = tin[0] ^ xor0 ^ inW0; -+ tout1 = tin[1] ^ xor1 ^ inW1; -+ l2c(tout0, out); -+ l2c(tout1, out); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ if (l != -8) { -+ c2l(in, tin0); -+ tin[0] = tin0 ^ outW0; -+ c2l(in, tin1); -+ tin[1] = tin1 ^ outW1; -+ DES_encrypt1(tin, schedule, DES_DECRYPT); -+ tout0 = tin[0] ^ xor0 ^ inW0; -+ tout1 = tin[1] ^ xor1 ^ inW1; -+ l2cn(tout0, tout1, out, l + 8); -+ xor0 = tin0; -+ xor1 = tin1; -+ } - -+ iv = &(*ivec)[0]; -+ l2c(xor0, iv); -+ l2c(xor1, iv); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ inW0 = inW1 = outW0 = outW1 = 0; -+ tin[0] = tin[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c -index 76740af..d534986 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c -@@ -1,6 +1,7 @@ - /* dh_asn1.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -66,22 +67,23 @@ - /* Override the default free and new methods */ - static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- if(operation == ASN1_OP_NEW_PRE) { -- *pval = (ASN1_VALUE *)DH_new(); -- if(*pval) return 2; -- return 0; -- } else if(operation == ASN1_OP_FREE_PRE) { -- DH_free((DH *)*pval); -- *pval = NULL; -- return 2; -- } -- return 1; -+ if (operation == ASN1_OP_NEW_PRE) { -+ *pval = (ASN1_VALUE *)DH_new(); -+ if (*pval) -+ return 2; -+ return 0; -+ } else if (operation == ASN1_OP_FREE_PRE) { -+ DH_free((DH *)*pval); -+ *pval = NULL; -+ return 2; -+ } -+ return 1; - } - - ASN1_SEQUENCE_cb(DHparams, dh_cb) = { -- ASN1_SIMPLE(DH, p, BIGNUM), -- ASN1_SIMPLE(DH, g, BIGNUM), -- ASN1_OPT(DH, length, ZLONG), -+ ASN1_SIMPLE(DH, p, BIGNUM), -+ ASN1_SIMPLE(DH, g, BIGNUM), -+ ASN1_OPT(DH, length, ZLONG), - } ASN1_SEQUENCE_END_cb(DH, DHparams) - - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c -index 316cb92..7909fd6 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,7 +61,8 @@ - #include - #include - --/* Check that p is a safe prime and -+/*- -+ * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 -@@ -73,74 +74,78 @@ - #ifndef OPENSSL_FIPS - - int DH_check(const DH *dh, int *ret) -- { -- int ok=0; -- BN_CTX *ctx=NULL; -- BN_ULONG l; -- BIGNUM *q=NULL; -+{ -+ int ok = 0; -+ BN_CTX *ctx = NULL; -+ BN_ULONG l; -+ BIGNUM *q = NULL; - -- *ret=0; -- ctx=BN_CTX_new(); -- if (ctx == NULL) goto err; -- q=BN_new(); -- if (q == NULL) goto err; -+ *ret = 0; -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ q = BN_new(); -+ if (q == NULL) -+ goto err; - -- if (BN_is_word(dh->g,DH_GENERATOR_2)) -- { -- l=BN_mod_word(dh->p,24); -- if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; -- } --#if 0 -- else if (BN_is_word(dh->g,DH_GENERATOR_3)) -- { -- l=BN_mod_word(dh->p,12); -- if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; -- } --#endif -- else if (BN_is_word(dh->g,DH_GENERATOR_5)) -- { -- l=BN_mod_word(dh->p,10); -- if ((l != 3) && (l != 7)) -- *ret|=DH_NOT_SUITABLE_GENERATOR; -- } -- else -- *ret|=DH_UNABLE_TO_CHECK_GENERATOR; -+ if (BN_is_word(dh->g, DH_GENERATOR_2)) { -+ l = BN_mod_word(dh->p, 24); -+ if (l != 11) -+ *ret |= DH_NOT_SUITABLE_GENERATOR; -+ } -+# if 0 -+ else if (BN_is_word(dh->g, DH_GENERATOR_3)) { -+ l = BN_mod_word(dh->p, 12); -+ if (l != 5) -+ *ret |= DH_NOT_SUITABLE_GENERATOR; -+ } -+# endif -+ else if (BN_is_word(dh->g, DH_GENERATOR_5)) { -+ l = BN_mod_word(dh->p, 10); -+ if ((l != 3) && (l != 7)) -+ *ret |= DH_NOT_SUITABLE_GENERATOR; -+ } else -+ *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - -- if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) -- *ret|=DH_CHECK_P_NOT_PRIME; -- else -- { -- if (!BN_rshift1(q,dh->p)) goto err; -- if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) -- *ret|=DH_CHECK_P_NOT_SAFE_PRIME; -- } -- ok=1; --err: -- if (ctx != NULL) BN_CTX_free(ctx); -- if (q != NULL) BN_free(q); -- return(ok); -- } -+ if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) -+ *ret |= DH_CHECK_P_NOT_PRIME; -+ else { -+ if (!BN_rshift1(q, dh->p)) -+ goto err; -+ if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL)) -+ *ret |= DH_CHECK_P_NOT_SAFE_PRIME; -+ } -+ ok = 1; -+ err: -+ if (ctx != NULL) -+ BN_CTX_free(ctx); -+ if (q != NULL) -+ BN_free(q); -+ return (ok); -+} - - int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) -- { -- int ok=0; -- BIGNUM *q=NULL; -+{ -+ int ok = 0; -+ BIGNUM *q = NULL; - -- *ret=0; -- q=BN_new(); -- if (q == NULL) goto err; -- BN_set_word(q,1); -- if (BN_cmp(pub_key,q) <= 0) -- *ret|=DH_CHECK_PUBKEY_TOO_SMALL; -- BN_copy(q,dh->p); -- BN_sub_word(q,1); -- if (BN_cmp(pub_key,q) >= 0) -- *ret|=DH_CHECK_PUBKEY_TOO_LARGE; -+ *ret = 0; -+ q = BN_new(); -+ if (q == NULL) -+ goto err; -+ BN_set_word(q, 1); -+ if (BN_cmp(pub_key, q) <= 0) -+ *ret |= DH_CHECK_PUBKEY_TOO_SMALL; -+ BN_copy(q, dh->p); -+ BN_sub_word(q, 1); -+ if (BN_cmp(pub_key, q) >= 0) -+ *ret |= DH_CHECK_PUBKEY_TOO_LARGE; - -- ok = 1; --err: -- if (q != NULL) BN_free(q); -- return(ok); -- } -+ ok = 1; -+ err: -+ if (q != NULL) -+ BN_free(q); -+ return (ok); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c -index acc05f2..b622119 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,6 @@ - * - */ - -- - /* This file contains deprecated functions as wrappers to the new ones */ - - #include -@@ -61,23 +60,23 @@ - #include - #include - --static void *dummy=&dummy; -+static void *dummy = &dummy; - - #ifndef OPENSSL_NO_DEPRECATED - DH *DH_generate_parameters(int prime_len, int generator, -- void (*callback)(int,int,void *), void *cb_arg) -- { -- BN_GENCB cb; -- DH *ret=NULL; -+ void (*callback) (int, int, void *), void *cb_arg) -+{ -+ BN_GENCB cb; -+ DH *ret = NULL; - -- if((ret=DH_new()) == NULL) -- return NULL; -+ if ((ret = DH_new()) == NULL) -+ return NULL; - -- BN_GENCB_set_old(&cb, callback, cb_arg); -+ BN_GENCB_set_old(&cb, callback, cb_arg); - -- if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) -- return ret; -- DH_free(ret); -- return NULL; -- } -+ if (DH_generate_parameters_ex(ret, prime_len, generator, &cb)) -+ return ret; -+ DH_free(ret); -+ return NULL; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c -index 13263c8..7e8ce82 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_err.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,44 +66,41 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) - --static ERR_STRING_DATA DH_str_functs[]= -- { --{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, --{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, --{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, --{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, --{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, --{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, --{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, --{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, --{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, --{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, --{0,NULL} -- }; -+static ERR_STRING_DATA DH_str_functs[] = { -+ {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, -+ {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, -+ {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, -+ {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, -+ {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, -+ {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, -+ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, -+ {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, -+ {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, -+ {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA DH_str_reasons[]= -- { --{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, --{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, --{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, --{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, --{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, --{0,NULL} -- }; -+static ERR_STRING_DATA DH_str_reasons[] = { -+ {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"}, -+ {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, -+ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, -+ {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, -+ {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_DH_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(DH_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,DH_str_functs); -- ERR_load_strings(0,DH_str_reasons); -- } -+ if (ERR_func_error_string(DH_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, DH_str_functs); -+ ERR_load_strings(0, DH_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c -index 999e1de..560d4bb 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,16 +49,16 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* NB: These functions have been upgraded - the previous prototypes are in -- * dh_depr.c as wrappers to these ones. -- * - Geoff -+/* -+ * NB: These functions have been upgraded - the previous prototypes are in -+ * dh_depr.c as wrappers to these ones. - Geoff - */ - - #include -@@ -68,16 +68,19 @@ - - #ifndef OPENSSL_FIPS - --static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); -+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, -+ BN_GENCB *cb); - --int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) -- { -- if(ret->meth->generate_params) -- return ret->meth->generate_params(ret, prime_len, generator, cb); -- return dh_builtin_genparams(ret, prime_len, generator, cb); -- } -+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, -+ BN_GENCB *cb) -+{ -+ if (ret->meth->generate_params) -+ return ret->meth->generate_params(ret, prime_len, generator, cb); -+ return dh_builtin_genparams(ret, prime_len, generator, cb); -+} - --/* We generate DH parameters as follows -+/*- -+ * We generate DH parameters as follows - * find a prime q which is prime_len/2 bits long. - * p=(2*q)+1 or (p-1)/2 = q - * For this case, g is a generator if -@@ -98,82 +101,93 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c - * Since DH should be using a safe prime (both p and q are prime), - * this generator function can take a very very long time to run. - */ --/* Actually there is no reason to insist that 'generator' be a generator. -+/* -+ * Actually there is no reason to insist that 'generator' be a generator. - * It's just as OK (and in some sense better) to use a generator of the - * order-q subgroup. - */ --static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) -- { -- BIGNUM *t1,*t2; -- int g,ok= -1; -- BN_CTX *ctx=NULL; -+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, -+ BN_GENCB *cb) -+{ -+ BIGNUM *t1, *t2; -+ int g, ok = -1; -+ BN_CTX *ctx = NULL; - -- ctx=BN_CTX_new(); -- if (ctx == NULL) goto err; -- BN_CTX_start(ctx); -- t1 = BN_CTX_get(ctx); -- t2 = BN_CTX_get(ctx); -- if (t1 == NULL || t2 == NULL) goto err; -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ t1 = BN_CTX_get(ctx); -+ t2 = BN_CTX_get(ctx); -+ if (t1 == NULL || t2 == NULL) -+ goto err; - -- /* Make sure 'ret' has the necessary elements */ -- if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; -- if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; -- -- if (generator <= 1) -- { -- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); -- goto err; -- } -- if (generator == DH_GENERATOR_2) -- { -- if (!BN_set_word(t1,24)) goto err; -- if (!BN_set_word(t2,11)) goto err; -- g=2; -- } --#if 0 /* does not work for safe primes */ -- else if (generator == DH_GENERATOR_3) -- { -- if (!BN_set_word(t1,12)) goto err; -- if (!BN_set_word(t2,5)) goto err; -- g=3; -- } --#endif -- else if (generator == DH_GENERATOR_5) -- { -- if (!BN_set_word(t1,10)) goto err; -- if (!BN_set_word(t2,3)) goto err; -- /* BN_set_word(t3,7); just have to miss -- * out on these ones :-( */ -- g=5; -- } -- else -- { -- /* in the general case, don't worry if 'generator' is a -- * generator or not: since we are using safe primes, -- * it will generate either an order-q or an order-2q group, -- * which both is OK */ -- if (!BN_set_word(t1,2)) goto err; -- if (!BN_set_word(t2,1)) goto err; -- g=generator; -- } -- -- if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; -- if(!BN_GENCB_call(cb, 3, 0)) goto err; -- if (!BN_set_word(ret->g,g)) goto err; -- ok=1; --err: -- if (ok == -1) -- { -- DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); -- ok=0; -- } -+ /* Make sure 'ret' has the necessary elements */ -+ if (!ret->p && ((ret->p = BN_new()) == NULL)) -+ goto err; -+ if (!ret->g && ((ret->g = BN_new()) == NULL)) -+ goto err; -+ -+ if (generator <= 1) { -+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); -+ goto err; -+ } -+ if (generator == DH_GENERATOR_2) { -+ if (!BN_set_word(t1, 24)) -+ goto err; -+ if (!BN_set_word(t2, 11)) -+ goto err; -+ g = 2; -+ } -+# if 0 /* does not work for safe primes */ -+ else if (generator == DH_GENERATOR_3) { -+ if (!BN_set_word(t1, 12)) -+ goto err; -+ if (!BN_set_word(t2, 5)) -+ goto err; -+ g = 3; -+ } -+# endif -+ else if (generator == DH_GENERATOR_5) { -+ if (!BN_set_word(t1, 10)) -+ goto err; -+ if (!BN_set_word(t2, 3)) -+ goto err; -+ /* -+ * BN_set_word(t3,7); just have to miss out on these ones :-( -+ */ -+ g = 5; -+ } else { -+ /* -+ * in the general case, don't worry if 'generator' is a generator or -+ * not: since we are using safe primes, it will generate either an -+ * order-q or an order-2q group, which both is OK -+ */ -+ if (!BN_set_word(t1, 2)) -+ goto err; -+ if (!BN_set_word(t2, 1)) -+ goto err; -+ g = generator; -+ } -+ -+ if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb)) -+ goto err; -+ if (!BN_GENCB_call(cb, 3, 0)) -+ goto err; -+ if (!BN_set_word(ret->g, g)) -+ goto err; -+ ok = 1; -+ err: -+ if (ok == -1) { -+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB); -+ ok = 0; -+ } - -- if (ctx != NULL) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- return ok; -- } -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ return ok; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c -index 79dd331..4de8e27 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_key.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_key.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -67,201 +67,192 @@ - static int generate_key(DH *dh); - static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); - static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, -- const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); -+ const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - static int dh_init(DH *dh); - static int dh_finish(DH *dh); - - int DH_generate_key(DH *dh) -- { -- return dh->meth->generate_key(dh); -- } -+{ -+ return dh->meth->generate_key(dh); -+} - - int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -- { -- return dh->meth->compute_key(key, pub_key, dh); -- } -+{ -+ return dh->meth->compute_key(key, pub_key, dh); -+} - - static DH_METHOD dh_ossl = { --"OpenSSL DH Method", --generate_key, --compute_key, --dh_bn_mod_exp, --dh_init, --dh_finish, --0, --NULL, --NULL -+ "OpenSSL DH Method", -+ generate_key, -+ compute_key, -+ dh_bn_mod_exp, -+ dh_init, -+ dh_finish, -+ 0, -+ NULL, -+ NULL - }; - - const DH_METHOD *DH_OpenSSL(void) - { -- return &dh_ossl; -+ return &dh_ossl; - } - - static int generate_key(DH *dh) -- { -- int ok=0; -- int generate_new_key=0; -- unsigned l; -- BN_CTX *ctx; -- BN_MONT_CTX *mont=NULL; -- BIGNUM *pub_key=NULL,*priv_key=NULL; -+{ -+ int ok = 0; -+ int generate_new_key = 0; -+ unsigned l; -+ BN_CTX *ctx; -+ BN_MONT_CTX *mont = NULL; -+ BIGNUM *pub_key = NULL, *priv_key = NULL; - -- ctx = BN_CTX_new(); -- if (ctx == NULL) goto err; -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; - -- if (dh->priv_key == NULL) -- { -- priv_key=BN_new(); -- if (priv_key == NULL) goto err; -- generate_new_key=1; -- } -- else -- priv_key=dh->priv_key; -+ if (dh->priv_key == NULL) { -+ priv_key = BN_new(); -+ if (priv_key == NULL) -+ goto err; -+ generate_new_key = 1; -+ } else -+ priv_key = dh->priv_key; - -- if (dh->pub_key == NULL) -- { -- pub_key=BN_new(); -- if (pub_key == NULL) goto err; -- } -- else -- pub_key=dh->pub_key; -+ if (dh->pub_key == NULL) { -+ pub_key = BN_new(); -+ if (pub_key == NULL) -+ goto err; -+ } else -+ pub_key = dh->pub_key; - -+ if (dh->flags & DH_FLAG_CACHE_MONT_P) { -+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, -+ CRYPTO_LOCK_DH, dh->p, ctx); -+ if (!mont) -+ goto err; -+ } - -- if (dh->flags & DH_FLAG_CACHE_MONT_P) -- { -- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, -- CRYPTO_LOCK_DH, dh->p, ctx); -- if (!mont) -- goto err; -- } -+ if (generate_new_key) { -+ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; /* secret -+ * exponent -+ * length */ -+ if (!BN_rand(priv_key, l, 0, 0)) -+ goto err; -+ } - -- if (generate_new_key) -- { -- l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ -- if (!BN_rand(priv_key, l, 0, 0)) goto err; -- } -+ { -+ BIGNUM local_prk; -+ BIGNUM *prk; - -- { -- BIGNUM local_prk; -- BIGNUM *prk; -+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_init(&local_prk); -+ prk = &local_prk; -+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); -+ } else -+ prk = priv_key; - -- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) -- { -- BN_init(&local_prk); -- prk = &local_prk; -- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); -- } -- else -- prk = priv_key; -+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) -+ goto err; -+ } - -- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err; -- } -- -- dh->pub_key=pub_key; -- dh->priv_key=priv_key; -- ok=1; --err: -- if (ok != 1) -- DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); -+ dh->pub_key = pub_key; -+ dh->priv_key = priv_key; -+ ok = 1; -+ err: -+ if (ok != 1) -+ DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB); - -- if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); -- if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); -- BN_CTX_free(ctx); -- return(ok); -- } -+ if ((pub_key != NULL) && (dh->pub_key == NULL)) -+ BN_free(pub_key); -+ if ((priv_key != NULL) && (dh->priv_key == NULL)) -+ BN_free(priv_key); -+ BN_CTX_free(ctx); -+ return (ok); -+} - - static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -- { -- BN_CTX *ctx=NULL; -- BN_MONT_CTX *mont=NULL; -- BIGNUM *tmp; -- int ret= -1; -- int check_result; -+{ -+ BN_CTX *ctx = NULL; -+ BN_MONT_CTX *mont = NULL; -+ BIGNUM *tmp; -+ int ret = -1; -+ int check_result; - -- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) -- { -- DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); -- goto err; -- } -+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); -+ goto err; -+ } - -- ctx = BN_CTX_new(); -- if (ctx == NULL) goto err; -- BN_CTX_start(ctx); -- tmp = BN_CTX_get(ctx); -- -- if (dh->priv_key == NULL) -- { -- DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); -- goto err; -- } -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ tmp = BN_CTX_get(ctx); - -- if (dh->flags & DH_FLAG_CACHE_MONT_P) -- { -- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, -- CRYPTO_LOCK_DH, dh->p, ctx); -- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) -- { -- /* XXX */ -- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); -- } -- if (!mont) -- goto err; -- } -+ if (dh->priv_key == NULL) { -+ DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE); -+ goto err; -+ } - -- if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) -- { -- DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); -- goto err; -- } -+ if (dh->flags & DH_FLAG_CACHE_MONT_P) { -+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, -+ CRYPTO_LOCK_DH, dh->p, ctx); -+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { -+ /* XXX */ -+ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); -+ } -+ if (!mont) -+ goto err; -+ } - -- if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) -- { -- DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); -- goto err; -- } -+ if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) { -+ DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY); -+ goto err; -+ } - -- ret=BN_bn2bin(tmp,key); --err: -- if (ctx != NULL) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- return(ret); -- } -+ if (!dh-> -+ meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) { -+ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } - --static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, -- const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx) -- { -- /* If a is only one word long and constant time is false, use the faster -- * exponenentiation function. -- */ -- if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) -- { -- BN_ULONG A = a->d[0]; -- return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); -- } -- else -- return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); -- } -+ ret = BN_bn2bin(tmp, key); -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ return (ret); -+} - -+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, -+ const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -+{ -+ /* -+ * If a is only one word long and constant time is false, use the faster -+ * exponenentiation function. -+ */ -+ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) { -+ BN_ULONG A = a->d[0]; -+ return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx); -+ } else -+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); -+} - - static int dh_init(DH *dh) -- { -- dh->flags |= DH_FLAG_CACHE_MONT_P; -- return(1); -- } -+{ -+ dh->flags |= DH_FLAG_CACHE_MONT_P; -+ return (1); -+} - - static int dh_finish(DH *dh) -- { -- if(dh->method_mont_p) -- BN_MONT_CTX_free(dh->method_mont_p); -- return(1); -- } -+{ -+ if (dh->method_mont_p) -+ BN_MONT_CTX_free(dh->method_mont_p); -+ return (1); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c -index 7aef080..0b8a5a0 100644 ---- a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c -+++ b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,187 +61,191 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - --const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT; -+const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT; - - static const DH_METHOD *default_DH_method = NULL; - - void DH_set_default_method(const DH_METHOD *meth) -- { -- default_DH_method = meth; -- } -+{ -+ default_DH_method = meth; -+} - - const DH_METHOD *DH_get_default_method(void) -- { -- if(!default_DH_method) -- default_DH_method = DH_OpenSSL(); -- return default_DH_method; -- } -+{ -+ if (!default_DH_method) -+ default_DH_method = DH_OpenSSL(); -+ return default_DH_method; -+} - - int DH_set_method(DH *dh, const DH_METHOD *meth) -- { -- /* NB: The caller is specifically setting a method, so it's not up to us -- * to deal with which ENGINE it comes from. */ -- const DH_METHOD *mtmp; -- mtmp = dh->meth; -- if (mtmp->finish) mtmp->finish(dh); -+{ -+ /* -+ * NB: The caller is specifically setting a method, so it's not up to us -+ * to deal with which ENGINE it comes from. -+ */ -+ const DH_METHOD *mtmp; -+ mtmp = dh->meth; -+ if (mtmp->finish) -+ mtmp->finish(dh); - #ifndef OPENSSL_NO_ENGINE -- if (dh->engine) -- { -- ENGINE_finish(dh->engine); -- dh->engine = NULL; -- } -+ if (dh->engine) { -+ ENGINE_finish(dh->engine); -+ dh->engine = NULL; -+ } - #endif -- dh->meth = meth; -- if (meth->init) meth->init(dh); -- return 1; -- } -+ dh->meth = meth; -+ if (meth->init) -+ meth->init(dh); -+ return 1; -+} - - DH *DH_new(void) -- { -- return DH_new_method(NULL); -- } -+{ -+ return DH_new_method(NULL); -+} - - DH *DH_new_method(ENGINE *engine) -- { -- DH *ret; -+{ -+ DH *ret; - -- ret=(DH *)OPENSSL_malloc(sizeof(DH)); -- if (ret == NULL) -- { -- DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -+ ret = (DH *)OPENSSL_malloc(sizeof(DH)); -+ if (ret == NULL) { -+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } - -- ret->meth = DH_get_default_method(); -+ ret->meth = DH_get_default_method(); - #ifndef OPENSSL_NO_ENGINE -- if (engine) -- { -- if (!ENGINE_init(engine)) -- { -- DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); -- OPENSSL_free(ret); -- return NULL; -- } -- ret->engine = engine; -- } -- else -- ret->engine = ENGINE_get_default_DH(); -- if(ret->engine) -- { -- ret->meth = ENGINE_get_DH(ret->engine); -- if(!ret->meth) -- { -- DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); -- ENGINE_finish(ret->engine); -- OPENSSL_free(ret); -- return NULL; -- } -- } -+ if (engine) { -+ if (!ENGINE_init(engine)) { -+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ ret->engine = engine; -+ } else -+ ret->engine = ENGINE_get_default_DH(); -+ if (ret->engine) { -+ ret->meth = ENGINE_get_DH(ret->engine); -+ if (!ret->meth) { -+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); -+ ENGINE_finish(ret->engine); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ } - #endif - -- ret->pad=0; -- ret->version=0; -- ret->p=NULL; -- ret->g=NULL; -- ret->length=0; -- ret->pub_key=NULL; -- ret->priv_key=NULL; -- ret->q=NULL; -- ret->j=NULL; -- ret->seed = NULL; -- ret->seedlen = 0; -- ret->counter = NULL; -- ret->method_mont_p=NULL; -- ret->references = 1; -- ret->flags=ret->meth->flags; -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); -- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) -- { -+ ret->pad = 0; -+ ret->version = 0; -+ ret->p = NULL; -+ ret->g = NULL; -+ ret->length = 0; -+ ret->pub_key = NULL; -+ ret->priv_key = NULL; -+ ret->q = NULL; -+ ret->j = NULL; -+ ret->seed = NULL; -+ ret->seedlen = 0; -+ ret->counter = NULL; -+ ret->method_mont_p = NULL; -+ ret->references = 1; -+ ret->flags = ret->meth->flags; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); -+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - #ifndef OPENSSL_NO_ENGINE -- if (ret->engine) -- ENGINE_finish(ret->engine); -+ if (ret->engine) -+ ENGINE_finish(ret->engine); - #endif -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); -- OPENSSL_free(ret); -- ret=NULL; -- } -- return(ret); -- } -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+ return (ret); -+} - - void DH_free(DH *r) -- { -- int i; -- if(r == NULL) return; -- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); -+{ -+ int i; -+ if (r == NULL) -+ return; -+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); - #ifdef REF_PRINT -- REF_PRINT("DH",r); -+ REF_PRINT("DH", r); - #endif -- if (i > 0) return; -+ if (i > 0) -+ return; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"DH_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "DH_free, bad reference count\n"); -+ abort(); -+ } - #endif - -- if (r->meth->finish) -- r->meth->finish(r); -+ if (r->meth->finish) -+ r->meth->finish(r); - #ifndef OPENSSL_NO_ENGINE -- if (r->engine) -- ENGINE_finish(r->engine); -+ if (r->engine) -+ ENGINE_finish(r->engine); - #endif - -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); -- -- if (r->p != NULL) BN_clear_free(r->p); -- if (r->g != NULL) BN_clear_free(r->g); -- if (r->q != NULL) BN_clear_free(r->q); -- if (r->j != NULL) BN_clear_free(r->j); -- if (r->seed) OPENSSL_free(r->seed); -- if (r->counter != NULL) BN_clear_free(r->counter); -- if (r->pub_key != NULL) BN_clear_free(r->pub_key); -- if (r->priv_key != NULL) BN_clear_free(r->priv_key); -- OPENSSL_free(r); -- } -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); -+ -+ if (r->p != NULL) -+ BN_clear_free(r->p); -+ if (r->g != NULL) -+ BN_clear_free(r->g); -+ if (r->q != NULL) -+ BN_clear_free(r->q); -+ if (r->j != NULL) -+ BN_clear_free(r->j); -+ if (r->seed) -+ OPENSSL_free(r->seed); -+ if (r->counter != NULL) -+ BN_clear_free(r->counter); -+ if (r->pub_key != NULL) -+ BN_clear_free(r->pub_key); -+ if (r->priv_key != NULL) -+ BN_clear_free(r->priv_key); -+ OPENSSL_free(r); -+} - - int DH_up_ref(DH *r) -- { -- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); -+{ -+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); - #ifdef REF_PRINT -- REF_PRINT("DH",r); -+ REF_PRINT("DH", r); - #endif - #ifdef REF_CHECK -- if (i < 2) -- { -- fprintf(stderr, "DH_up, bad reference count\n"); -- abort(); -- } -+ if (i < 2) { -+ fprintf(stderr, "DH_up, bad reference count\n"); -+ abort(); -+ } - #endif -- return ((i > 1) ? 1 : 0); -- } -+ return ((i > 1) ? 1 : 0); -+} - - int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, -- new_func, dup_func, free_func); -- } -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, -+ new_func, dup_func, free_func); -+} - - int DH_set_ex_data(DH *d, int idx, void *arg) -- { -- return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); -- } -+{ -+ return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); -+} - - void *DH_get_ex_data(DH *d, int idx) -- { -- return(CRYPTO_get_ex_data(&d->ex_data,idx)); -- } -+{ -+ return (CRYPTO_get_ex_data(&d->ex_data, idx)); -+} - - int DH_size(const DH *dh) -- { -- return(BN_num_bytes(dh->p)); -- } -+{ -+ return (BN_num_bytes(dh->p)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c -index bc7d7a0..88f9244 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c -@@ -1,6 +1,7 @@ - /* dsa_asn1.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,29 +65,29 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -- - /* Override the default new methods */ - static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- if(operation == ASN1_OP_NEW_PRE) { -- DSA_SIG *sig; -- sig = OPENSSL_malloc(sizeof(DSA_SIG)); -- sig->r = NULL; -- sig->s = NULL; -- *pval = (ASN1_VALUE *)sig; -- if(sig) return 2; -- DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- return 1; -+ if (operation == ASN1_OP_NEW_PRE) { -+ DSA_SIG *sig; -+ sig = OPENSSL_malloc(sizeof(DSA_SIG)); -+ sig->r = NULL; -+ sig->s = NULL; -+ *pval = (ASN1_VALUE *)sig; -+ if (sig) -+ return 2; -+ DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ return 1; - } - - ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { -- ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), -- ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) -+ ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), -+ ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) - } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) - - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) -@@ -94,127 +95,137 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) - /* Override the default free and new methods */ - static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- if(operation == ASN1_OP_NEW_PRE) { -- *pval = (ASN1_VALUE *)DSA_new(); -- if(*pval) return 2; -- return 0; -- } else if(operation == ASN1_OP_FREE_PRE) { -- DSA_free((DSA *)*pval); -- *pval = NULL; -- return 2; -- } -- return 1; -+ if (operation == ASN1_OP_NEW_PRE) { -+ *pval = (ASN1_VALUE *)DSA_new(); -+ if (*pval) -+ return 2; -+ return 0; -+ } else if (operation == ASN1_OP_FREE_PRE) { -+ DSA_free((DSA *)*pval); -+ *pval = NULL; -+ return 2; -+ } -+ return 1; - } - - ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { -- ASN1_SIMPLE(DSA, version, LONG), -- ASN1_SIMPLE(DSA, p, BIGNUM), -- ASN1_SIMPLE(DSA, q, BIGNUM), -- ASN1_SIMPLE(DSA, g, BIGNUM), -- ASN1_SIMPLE(DSA, pub_key, BIGNUM), -- ASN1_SIMPLE(DSA, priv_key, BIGNUM) -+ ASN1_SIMPLE(DSA, version, LONG), -+ ASN1_SIMPLE(DSA, p, BIGNUM), -+ ASN1_SIMPLE(DSA, q, BIGNUM), -+ ASN1_SIMPLE(DSA, g, BIGNUM), -+ ASN1_SIMPLE(DSA, pub_key, BIGNUM), -+ ASN1_SIMPLE(DSA, priv_key, BIGNUM) - } ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) - - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) - - ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { -- ASN1_SIMPLE(DSA, p, BIGNUM), -- ASN1_SIMPLE(DSA, q, BIGNUM), -- ASN1_SIMPLE(DSA, g, BIGNUM), -+ ASN1_SIMPLE(DSA, p, BIGNUM), -+ ASN1_SIMPLE(DSA, q, BIGNUM), -+ ASN1_SIMPLE(DSA, g, BIGNUM), - } ASN1_SEQUENCE_END_cb(DSA, DSAparams) - - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) - --/* DSA public key is a bit trickier... its effectively a CHOICE type -- * decided by a field called write_params which can either write out -- * just the public key as an INTEGER or the parameters and public key -- * in a SEQUENCE -+/* -+ * DSA public key is a bit trickier... its effectively a CHOICE type decided -+ * by a field called write_params which can either write out just the public -+ * key as an INTEGER or the parameters and public key in a SEQUENCE - */ - - ASN1_SEQUENCE(dsa_pub_internal) = { -- ASN1_SIMPLE(DSA, pub_key, BIGNUM), -- ASN1_SIMPLE(DSA, p, BIGNUM), -- ASN1_SIMPLE(DSA, q, BIGNUM), -- ASN1_SIMPLE(DSA, g, BIGNUM) -+ ASN1_SIMPLE(DSA, pub_key, BIGNUM), -+ ASN1_SIMPLE(DSA, p, BIGNUM), -+ ASN1_SIMPLE(DSA, q, BIGNUM), -+ ASN1_SIMPLE(DSA, g, BIGNUM) - } ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) - - ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { -- ASN1_SIMPLE(DSA, pub_key, BIGNUM), -- ASN1_EX_COMBINE(0, 0, dsa_pub_internal) -+ ASN1_SIMPLE(DSA, pub_key, BIGNUM), -+ ASN1_EX_COMBINE(0, 0, dsa_pub_internal) - } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) - - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) - --int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, -- unsigned int *siglen, DSA *dsa) -- { -- DSA_SIG *s; -+int DSA_sign(int type, const unsigned char *dgst, int dlen, -+ unsigned char *sig, unsigned int *siglen, DSA *dsa) -+{ -+ DSA_SIG *s; - #ifdef OPENSSL_FIPS -- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) -- { -- DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return 0; -- } -+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { -+ DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return 0; -+ } - #endif -- RAND_seed(dgst, dlen); -- s=DSA_do_sign(dgst,dlen,dsa); -- if (s == NULL) -- { -- *siglen=0; -- return(0); -- } -- *siglen=i2d_DSA_SIG(s,&sig); -- DSA_SIG_free(s); -- return(1); -- } -+ RAND_seed(dgst, dlen); -+ s = DSA_do_sign(dgst, dlen, dsa); -+ if (s == NULL) { -+ *siglen = 0; -+ return (0); -+ } -+ *siglen = i2d_DSA_SIG(s, &sig); -+ DSA_SIG_free(s); -+ return (1); -+} - - int DSA_size(const DSA *r) -- { -- int ret,i; -- ASN1_INTEGER bs; -- unsigned char buf[4]; /* 4 bytes looks really small. -- However, i2d_ASN1_INTEGER() will not look -- beyond the first byte, as long as the second -- parameter is NULL. */ -- -- i=BN_num_bits(r->q); -- bs.length=(i+7)/8; -- bs.data=buf; -- bs.type=V_ASN1_INTEGER; -- /* If the top bit is set the asn1 encoding is 1 larger. */ -- buf[0]=0xff; -- -- i=i2d_ASN1_INTEGER(&bs,NULL); -- i+=i; /* r and s */ -- ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); -- return(ret); -- } -- --/* data has already been hashed (probably with SHA or SHA-1). */ --/* returns -- * 1: correct signature -- * 0: incorrect signature -- * -1: error -+{ -+ int ret, i; -+ ASN1_INTEGER bs; -+ unsigned char buf[4]; /* 4 bytes looks really small. However, -+ * i2d_ASN1_INTEGER() will not look beyond -+ * the first byte, as long as the second -+ * parameter is NULL. */ -+ -+ i = BN_num_bits(r->q); -+ bs.length = (i + 7) / 8; -+ bs.data = buf; -+ bs.type = V_ASN1_INTEGER; -+ /* If the top bit is set the asn1 encoding is 1 larger. */ -+ buf[0] = 0xff; -+ -+ i = i2d_ASN1_INTEGER(&bs, NULL); -+ i += i; /* r and s */ -+ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); -+ return (ret); -+} -+ -+/*- -+ * data has already been hashed (probably with SHA or SHA-1). */ -+/* -+ * returns 1: correct signature 0: incorrect signature -1: error - */ - int DSA_verify(int type, const unsigned char *dgst, int dgst_len, -- const unsigned char *sigbuf, int siglen, DSA *dsa) -- { -- DSA_SIG *s; -- int ret=-1; -+ const unsigned char *sigbuf, int siglen, DSA *dsa) -+{ -+ DSA_SIG *s; -+ const unsigned char *p = sigbuf; -+ unsigned char *der = NULL; -+ int derlen = -1; -+ int ret = -1; -+ - #ifdef OPENSSL_FIPS -- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) -- { -- DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return 0; -- } -+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { -+ DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return 0; -+ } - #endif - -- s = DSA_SIG_new(); -- if (s == NULL) return(ret); -- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; -- ret=DSA_do_verify(dgst,dgst_len,s,dsa); --err: -- DSA_SIG_free(s); -- return(ret); -- } -- -+ s = DSA_SIG_new(); -+ if (s == NULL) -+ return (ret); -+ if (d2i_DSA_SIG(&s, &p, siglen) == NULL) -+ goto err; -+ /* Ensure signature uses DER and doesn't have trailing garbage */ -+ derlen = i2d_DSA_SIG(s, &der); -+ if (derlen != siglen || memcmp(sigbuf, der, derlen)) -+ goto err; -+ ret = DSA_do_verify(dgst, dgst_len, s, dsa); -+ err: -+ if (derlen > 0) { -+ OPENSSL_cleanse(der, derlen); -+ OPENSSL_free(der); -+ } -+ DSA_SIG_free(s); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c -index f2da680..54f88bc 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,54 +53,61 @@ - * - */ - --/* This file contains deprecated function(s) that are now wrappers to the new -- * version(s). */ -+/* -+ * This file contains deprecated function(s) that are now wrappers to the new -+ * version(s). -+ */ - - #undef GENUINE_DSA - - #ifdef GENUINE_DSA --/* Parameter generation follows the original release of FIPS PUB 186, -- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ --#define HASH EVP_sha() -+/* -+ * Parameter generation follows the original release of FIPS PUB 186, -+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) -+ */ -+# define HASH EVP_sha() - #else --/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, -- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in -- * FIPS PUB 180-1) */ --#define HASH EVP_sha1() --#endif -+/* -+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, -+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB -+ * 180-1) -+ */ -+# define HASH EVP_sha1() -+#endif - --static void *dummy=&dummy; -+static void *dummy = &dummy; - - #ifndef OPENSSL_NO_SHA - --#include --#include --#include "cryptlib.h" --#include --#include --#include --#include --#include -+# include -+# include -+# include "cryptlib.h" -+# include -+# include -+# include -+# include -+# include - --#ifndef OPENSSL_NO_DEPRECATED -+# ifndef OPENSSL_NO_DEPRECATED - DSA *DSA_generate_parameters(int bits, -- unsigned char *seed_in, int seed_len, -- int *counter_ret, unsigned long *h_ret, -- void (*callback)(int, int, void *), -- void *cb_arg) -- { -- BN_GENCB cb; -- DSA *ret; -+ unsigned char *seed_in, int seed_len, -+ int *counter_ret, unsigned long *h_ret, -+ void (*callback) (int, int, void *), -+ void *cb_arg) -+{ -+ BN_GENCB cb; -+ DSA *ret; - -- if ((ret=DSA_new()) == NULL) return NULL; -+ if ((ret = DSA_new()) == NULL) -+ return NULL; - -- BN_GENCB_set_old(&cb, callback, cb_arg); -+ BN_GENCB_set_old(&cb, callback, cb_arg); - -- if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, -- counter_ret, h_ret, &cb)) -- return ret; -- DSA_free(ret); -- return NULL; -- } --#endif -+ if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, -+ counter_ret, h_ret, &cb)) -+ return ret; -+ DSA_free(ret); -+ return NULL; -+} -+# endif - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c -index 872839a..57f06fe 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,55 +66,54 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason) - --static ERR_STRING_DATA DSA_str_functs[]= -- { --{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, --{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, --{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, --{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, --{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, --{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, --{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, --{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"}, --{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, --{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, --{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, --{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, --{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, --{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, --{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, --{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, --{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, --{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, --{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, --{0,NULL} -- }; -+static ERR_STRING_DATA DSA_str_functs[] = { -+ {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, -+ {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, -+ {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, -+ {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, -+ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, -+ {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, -+ {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, -+ {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"}, -+ {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, -+ {ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, -+ {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, -+ {ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, -+ {ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, -+ {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, -+ {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, -+ {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, -+ {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, -+ {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, -+ {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA DSA_str_reasons[]= -- { --{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, --{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, --{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, --{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, --{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, --{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"}, --{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, --{0,NULL} -- }; -+static ERR_STRING_DATA DSA_str_reasons[] = { -+ {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"}, -+ {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), -+ "data too large for key size"}, -+ {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, -+ {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, -+ {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, -+ {ERR_REASON(DSA_R_NON_FIPS_METHOD), "non fips method"}, -+ {ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), -+ "operation not allowed in fips mode"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_DSA_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,DSA_str_functs); -- ERR_load_strings(0,DSA_str_reasons); -- } -+ if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, DSA_str_functs); -+ ERR_load_strings(0, DSA_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c -index 7a9d188..cb2e0bb 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,266 +59,294 @@ - #undef GENUINE_DSA - - #ifdef GENUINE_DSA --/* Parameter generation follows the original release of FIPS PUB 186, -- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ --#define HASH EVP_sha() -+/* -+ * Parameter generation follows the original release of FIPS PUB 186, -+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) -+ */ -+# define HASH EVP_sha() - #else --/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, -- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in -- * FIPS PUB 180-1) */ --#define HASH EVP_sha1() --#endif -+/* -+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, -+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB -+ * 180-1) -+ */ -+# define HASH EVP_sha1() -+#endif - - #include /* To see if OPENSSL_NO_SHA is defined */ - - #ifndef OPENSSL_NO_SHA - --#include --#include --#include "cryptlib.h" --#include --#include --#include --#include --#include -+# include -+# include -+# include "cryptlib.h" -+# include -+# include -+# include -+# include -+# include - --#ifndef OPENSSL_FIPS -+# ifndef OPENSSL_FIPS - - static int dsa_builtin_paramgen(DSA *ret, int bits, -- unsigned char *seed_in, int seed_len, -- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -+ unsigned char *seed_in, int seed_len, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb); - - int DSA_generate_parameters_ex(DSA *ret, int bits, -- unsigned char *seed_in, int seed_len, -- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) -- { -- if(ret->meth->dsa_paramgen) -- return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, -- counter_ret, h_ret, cb); -- return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, -- counter_ret, h_ret, cb); -- } -+ unsigned char *seed_in, int seed_len, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb) -+{ -+ if (ret->meth->dsa_paramgen) -+ return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, -+ counter_ret, h_ret, cb); -+ return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, -+ counter_ret, h_ret, cb); -+} - - static int dsa_builtin_paramgen(DSA *ret, int bits, -- unsigned char *seed_in, int seed_len, -- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) -- { -- int ok=0; -- unsigned char seed[SHA_DIGEST_LENGTH]; -- unsigned char md[SHA_DIGEST_LENGTH]; -- unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; -- BIGNUM *r0,*W,*X,*c,*test; -- BIGNUM *g=NULL,*q=NULL,*p=NULL; -- BN_MONT_CTX *mont=NULL; -- int k,n=0,i,m=0; -- int counter=0; -- int r=0; -- BN_CTX *ctx=NULL; -- unsigned int h=2; -- -- if (bits < 512) bits=512; -- bits=(bits+63)/64*64; -- -- /* NB: seed_len == 0 is special case: copy generated seed to -- * seed_in if it is not NULL. -- */ -- if (seed_len && (seed_len < 20)) -- seed_in = NULL; /* seed buffer too small -- ignore */ -- if (seed_len > 20) -- seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, -- * but our internal buffers are restricted to 160 bits*/ -- if ((seed_in != NULL) && (seed_len == 20)) -- { -- memcpy(seed,seed_in,seed_len); -- /* set seed_in to NULL to avoid it being copied back */ -- seed_in = NULL; -- } -- -- if ((ctx=BN_CTX_new()) == NULL) goto err; -- -- if ((mont=BN_MONT_CTX_new()) == NULL) goto err; -- -- BN_CTX_start(ctx); -- r0 = BN_CTX_get(ctx); -- g = BN_CTX_get(ctx); -- W = BN_CTX_get(ctx); -- q = BN_CTX_get(ctx); -- X = BN_CTX_get(ctx); -- c = BN_CTX_get(ctx); -- p = BN_CTX_get(ctx); -- test = BN_CTX_get(ctx); -- -- if (!BN_lshift(test,BN_value_one(),bits-1)) -- goto err; -- -- for (;;) -- { -- for (;;) /* find q */ -- { -- int seed_is_random; -- -- /* step 1 */ -- if(!BN_GENCB_call(cb, 0, m++)) -- goto err; -- -- if (!seed_len) -- { -- RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); -- seed_is_random = 1; -- } -- else -- { -- seed_is_random = 0; -- seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ -- } -- memcpy(buf,seed,SHA_DIGEST_LENGTH); -- memcpy(buf2,seed,SHA_DIGEST_LENGTH); -- /* precompute "SEED + 1" for step 7: */ -- for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) -- { -- buf[i]++; -- if (buf[i] != 0) break; -- } -- -- /* step 2 */ -- EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); -- EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); -- for (i=0; i 0) -- break; -- if (r != 0) -- goto err; -- -- /* do a callback call */ -- /* step 5 */ -- } -- -- if(!BN_GENCB_call(cb, 2, 0)) goto err; -- if(!BN_GENCB_call(cb, 3, 0)) goto err; -- -- /* step 6 */ -- counter=0; -- /* "offset = 2" */ -- -- n=(bits-1)/160; -- -- for (;;) -- { -- if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) -- goto err; -- -- /* step 7 */ -- BN_zero(W); -- /* now 'buf' contains "SEED + offset - 1" */ -- for (k=0; k<=n; k++) -- { -- /* obtain "SEED + offset + k" by incrementing: */ -- for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) -- { -- buf[i]++; -- if (buf[i] != 0) break; -- } -- -- EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); -- -- /* step 8 */ -- if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) -- goto err; -- if (!BN_lshift(r0,r0,160*k)) goto err; -- if (!BN_add(W,W,r0)) goto err; -- } -- -- /* more of step 8 */ -- if (!BN_mask_bits(W,bits-1)) goto err; -- if (!BN_copy(X,W)) goto err; -- if (!BN_add(X,X,test)) goto err; -- -- /* step 9 */ -- if (!BN_lshift1(r0,q)) goto err; -- if (!BN_mod(c,X,r0,ctx)) goto err; -- if (!BN_sub(r0,c,BN_value_one())) goto err; -- if (!BN_sub(p,X,r0)) goto err; -- -- /* step 10 */ -- if (BN_cmp(p,test) >= 0) -- { -- /* step 11 */ -- r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, -- ctx, 1, cb); -- if (r > 0) -- goto end; /* found it */ -- if (r != 0) -- goto err; -- } -- -- /* step 13 */ -- counter++; -- /* "offset = offset + n + 1" */ -- -- /* step 14 */ -- if (counter >= 4096) break; -- } -- } --end: -- if(!BN_GENCB_call(cb, 2, 1)) -- goto err; -- -- /* We now need to generate g */ -- /* Set r0=(p-1)/q */ -- if (!BN_sub(test,p,BN_value_one())) goto err; -- if (!BN_div(r0,NULL,test,q,ctx)) goto err; -- -- if (!BN_set_word(test,h)) goto err; -- if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; -- -- for (;;) -- { -- /* g=test^r0%p */ -- if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; -- if (!BN_is_one(g)) break; -- if (!BN_add(test,test,BN_value_one())) goto err; -- h++; -- } -- -- if(!BN_GENCB_call(cb, 3, 1)) -- goto err; -- -- ok=1; --err: -- if (ok) -- { -- if(ret->p) BN_free(ret->p); -- if(ret->q) BN_free(ret->q); -- if(ret->g) BN_free(ret->g); -- ret->p=BN_dup(p); -- ret->q=BN_dup(q); -- ret->g=BN_dup(g); -- if (ret->p == NULL || ret->q == NULL || ret->g == NULL) -- { -- ok=0; -- goto err; -- } -- if (seed_in != NULL) memcpy(seed_in,seed,20); -- if (counter_ret != NULL) *counter_ret=counter; -- if (h_ret != NULL) *h_ret=h; -- } -- if(ctx) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- if (mont != NULL) BN_MONT_CTX_free(mont); -- return ok; -- } --#endif -+ unsigned char *seed_in, int seed_len, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb) -+{ -+ int ok = 0; -+ unsigned char seed[SHA_DIGEST_LENGTH]; -+ unsigned char md[SHA_DIGEST_LENGTH]; -+ unsigned char buf[SHA_DIGEST_LENGTH], buf2[SHA_DIGEST_LENGTH]; -+ BIGNUM *r0, *W, *X, *c, *test; -+ BIGNUM *g = NULL, *q = NULL, *p = NULL; -+ BN_MONT_CTX *mont = NULL; -+ int k, n = 0, i, m = 0; -+ int counter = 0; -+ int r = 0; -+ BN_CTX *ctx = NULL; -+ unsigned int h = 2; -+ -+ if (bits < 512) -+ bits = 512; -+ bits = (bits + 63) / 64 * 64; -+ -+ /* -+ * NB: seed_len == 0 is special case: copy generated seed to seed_in if -+ * it is not NULL. -+ */ -+ if (seed_len && (seed_len < 20)) -+ seed_in = NULL; /* seed buffer too small -- ignore */ -+ if (seed_len > 20) -+ seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger -+ * SEED, but our internal buffers are -+ * restricted to 160 bits */ -+ if ((seed_in != NULL) && (seed_len == 20)) { -+ memcpy(seed, seed_in, seed_len); -+ /* set seed_in to NULL to avoid it being copied back */ -+ seed_in = NULL; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ -+ if ((mont = BN_MONT_CTX_new()) == NULL) -+ goto err; -+ -+ BN_CTX_start(ctx); -+ r0 = BN_CTX_get(ctx); -+ g = BN_CTX_get(ctx); -+ W = BN_CTX_get(ctx); -+ q = BN_CTX_get(ctx); -+ X = BN_CTX_get(ctx); -+ c = BN_CTX_get(ctx); -+ p = BN_CTX_get(ctx); -+ test = BN_CTX_get(ctx); -+ -+ if (!BN_lshift(test, BN_value_one(), bits - 1)) -+ goto err; -+ -+ for (;;) { -+ for (;;) { /* find q */ -+ int seed_is_random; -+ -+ /* step 1 */ -+ if (!BN_GENCB_call(cb, 0, m++)) -+ goto err; -+ -+ if (!seed_len) { -+ RAND_pseudo_bytes(seed, SHA_DIGEST_LENGTH); -+ seed_is_random = 1; -+ } else { -+ seed_is_random = 0; -+ seed_len = 0; /* use random seed if 'seed_in' turns out to -+ * be bad */ -+ } -+ memcpy(buf, seed, SHA_DIGEST_LENGTH); -+ memcpy(buf2, seed, SHA_DIGEST_LENGTH); -+ /* precompute "SEED + 1" for step 7: */ -+ for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) { -+ buf[i]++; -+ if (buf[i] != 0) -+ break; -+ } -+ -+ /* step 2 */ -+ EVP_Digest(seed, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL); -+ EVP_Digest(buf, SHA_DIGEST_LENGTH, buf2, NULL, HASH, NULL); -+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) -+ md[i] ^= buf2[i]; -+ -+ /* step 3 */ -+ md[0] |= 0x80; -+ md[SHA_DIGEST_LENGTH - 1] |= 0x01; -+ if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, q)) -+ goto err; -+ -+ /* step 4 */ -+ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, -+ seed_is_random, cb); -+ if (r > 0) -+ break; -+ if (r != 0) -+ goto err; -+ -+ /* do a callback call */ -+ /* step 5 */ -+ } -+ -+ if (!BN_GENCB_call(cb, 2, 0)) -+ goto err; -+ if (!BN_GENCB_call(cb, 3, 0)) -+ goto err; -+ -+ /* step 6 */ -+ counter = 0; -+ /* "offset = 2" */ -+ -+ n = (bits - 1) / 160; -+ -+ for (;;) { -+ if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) -+ goto err; -+ -+ /* step 7 */ -+ BN_zero(W); -+ /* now 'buf' contains "SEED + offset - 1" */ -+ for (k = 0; k <= n; k++) { -+ /* -+ * obtain "SEED + offset + k" by incrementing: -+ */ -+ for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) { -+ buf[i]++; -+ if (buf[i] != 0) -+ break; -+ } -+ -+ EVP_Digest(buf, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL); -+ -+ /* step 8 */ -+ if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, r0)) -+ goto err; -+ if (!BN_lshift(r0, r0, 160 * k)) -+ goto err; -+ if (!BN_add(W, W, r0)) -+ goto err; -+ } -+ -+ /* more of step 8 */ -+ if (!BN_mask_bits(W, bits - 1)) -+ goto err; -+ if (!BN_copy(X, W)) -+ goto err; -+ if (!BN_add(X, X, test)) -+ goto err; -+ -+ /* step 9 */ -+ if (!BN_lshift1(r0, q)) -+ goto err; -+ if (!BN_mod(c, X, r0, ctx)) -+ goto err; -+ if (!BN_sub(r0, c, BN_value_one())) -+ goto err; -+ if (!BN_sub(p, X, r0)) -+ goto err; -+ -+ /* step 10 */ -+ if (BN_cmp(p, test) >= 0) { -+ /* step 11 */ -+ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); -+ if (r > 0) -+ goto end; /* found it */ -+ if (r != 0) -+ goto err; -+ } -+ -+ /* step 13 */ -+ counter++; -+ /* "offset = offset + n + 1" */ -+ -+ /* step 14 */ -+ if (counter >= 4096) -+ break; -+ } -+ } -+ end: -+ if (!BN_GENCB_call(cb, 2, 1)) -+ goto err; -+ -+ /* We now need to generate g */ -+ /* Set r0=(p-1)/q */ -+ if (!BN_sub(test, p, BN_value_one())) -+ goto err; -+ if (!BN_div(r0, NULL, test, q, ctx)) -+ goto err; -+ -+ if (!BN_set_word(test, h)) -+ goto err; -+ if (!BN_MONT_CTX_set(mont, p, ctx)) -+ goto err; -+ -+ for (;;) { -+ /* g=test^r0%p */ -+ if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) -+ goto err; -+ if (!BN_is_one(g)) -+ break; -+ if (!BN_add(test, test, BN_value_one())) -+ goto err; -+ h++; -+ } -+ -+ if (!BN_GENCB_call(cb, 3, 1)) -+ goto err; -+ -+ ok = 1; -+ err: -+ if (ok) { -+ if (ret->p) -+ BN_free(ret->p); -+ if (ret->q) -+ BN_free(ret->q); -+ if (ret->g) -+ BN_free(ret->g); -+ ret->p = BN_dup(p); -+ ret->q = BN_dup(q); -+ ret->g = BN_dup(g); -+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { -+ ok = 0; -+ goto err; -+ } -+ if (seed_in != NULL) -+ memcpy(seed_in, seed, 20); -+ if (counter_ret != NULL) -+ *counter_ret = counter; -+ if (h_ret != NULL) -+ *h_ret = h; -+ } -+ if (ctx) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (mont != NULL) -+ BN_MONT_CTX_free(mont); -+ return ok; -+} -+# endif - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c -index 5e39124..8da6016 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,73 +60,75 @@ - #include - #include "cryptlib.h" - #ifndef OPENSSL_NO_SHA --#include --#include --#include -+# include -+# include -+# include - --#ifndef OPENSSL_FIPS -+# ifndef OPENSSL_FIPS - - static int dsa_builtin_keygen(DSA *dsa); - - int DSA_generate_key(DSA *dsa) -- { -- if(dsa->meth->dsa_keygen) -- return dsa->meth->dsa_keygen(dsa); -- return dsa_builtin_keygen(dsa); -- } -+{ -+ if (dsa->meth->dsa_keygen) -+ return dsa->meth->dsa_keygen(dsa); -+ return dsa_builtin_keygen(dsa); -+} - - static int dsa_builtin_keygen(DSA *dsa) -- { -- int ok=0; -- BN_CTX *ctx=NULL; -- BIGNUM *pub_key=NULL,*priv_key=NULL; -+{ -+ int ok = 0; -+ BN_CTX *ctx = NULL; -+ BIGNUM *pub_key = NULL, *priv_key = NULL; - -- if ((ctx=BN_CTX_new()) == NULL) goto err; -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; - -- if (dsa->priv_key == NULL) -- { -- if ((priv_key=BN_new()) == NULL) goto err; -- } -- else -- priv_key=dsa->priv_key; -+ if (dsa->priv_key == NULL) { -+ if ((priv_key = BN_new()) == NULL) -+ goto err; -+ } else -+ priv_key = dsa->priv_key; - -- do -- if (!BN_rand_range(priv_key,dsa->q)) goto err; -- while (BN_is_zero(priv_key)); -+ do -+ if (!BN_rand_range(priv_key, dsa->q)) -+ goto err; -+ while (BN_is_zero(priv_key)) ; - -- if (dsa->pub_key == NULL) -- { -- if ((pub_key=BN_new()) == NULL) goto err; -- } -- else -- pub_key=dsa->pub_key; -- -- { -- BIGNUM local_prk; -- BIGNUM *prk; -+ if (dsa->pub_key == NULL) { -+ if ((pub_key = BN_new()) == NULL) -+ goto err; -+ } else -+ pub_key = dsa->pub_key; - -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) -- { -- BN_init(&local_prk); -- prk = &local_prk; -- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); -- } -- else -- prk = priv_key; -+ { -+ BIGNUM local_prk; -+ BIGNUM *prk; - -- if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err; -- } -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_init(&local_prk); -+ prk = &local_prk; -+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); -+ } else -+ prk = priv_key; - -- dsa->priv_key=priv_key; -- dsa->pub_key=pub_key; -- ok=1; -+ if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) -+ goto err; -+ } - --err: -- if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key); -- if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key); -- if (ctx != NULL) BN_CTX_free(ctx); -- return(ok); -- } --#endif -+ dsa->priv_key = priv_key; -+ dsa->pub_key = pub_key; -+ ok = 1; -+ -+ err: -+ if ((pub_key != NULL) && (dsa->pub_key == NULL)) -+ BN_free(pub_key); -+ if ((priv_key != NULL) && (dsa->priv_key == NULL)) -+ BN_free(priv_key); -+ if (ctx != NULL) -+ BN_CTX_free(ctx); -+ return (ok); -+} -+# endif - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c -index 85556d1..45116c5 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,253 +64,253 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #ifndef OPENSSL_NO_DH --#include -+# include - #endif - --const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; -+const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT; - - static const DSA_METHOD *default_DSA_method = NULL; - - void DSA_set_default_method(const DSA_METHOD *meth) -- { -+{ - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) -- { -- DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); -- return; -- } -+ if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) { -+ DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); -+ return; -+ } - #endif -- -- default_DSA_method = meth; -- } -+ -+ default_DSA_method = meth; -+} - - const DSA_METHOD *DSA_get_default_method(void) -- { -- if(!default_DSA_method) -- default_DSA_method = DSA_OpenSSL(); -- return default_DSA_method; -- } -+{ -+ if (!default_DSA_method) -+ default_DSA_method = DSA_OpenSSL(); -+ return default_DSA_method; -+} - - DSA *DSA_new(void) -- { -- return DSA_new_method(NULL); -- } -+{ -+ return DSA_new_method(NULL); -+} - - int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) -- { -- /* NB: The caller is specifically setting a method, so it's not up to us -- * to deal with which ENGINE it comes from. */ -- const DSA_METHOD *mtmp; -+{ -+ /* -+ * NB: The caller is specifically setting a method, so it's not up to us -+ * to deal with which ENGINE it comes from. -+ */ -+ const DSA_METHOD *mtmp; - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) -- { -- DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); -- return 0; -- } -+ if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) { -+ DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); -+ return 0; -+ } - #endif -- mtmp = dsa->meth; -- if (mtmp->finish) mtmp->finish(dsa); -+ mtmp = dsa->meth; -+ if (mtmp->finish) -+ mtmp->finish(dsa); - #ifndef OPENSSL_NO_ENGINE -- if (dsa->engine) -- { -- ENGINE_finish(dsa->engine); -- dsa->engine = NULL; -- } -+ if (dsa->engine) { -+ ENGINE_finish(dsa->engine); -+ dsa->engine = NULL; -+ } - #endif -- dsa->meth = meth; -- if (meth->init) meth->init(dsa); -- return 1; -- } -+ dsa->meth = meth; -+ if (meth->init) -+ meth->init(dsa); -+ return 1; -+} - - DSA *DSA_new_method(ENGINE *engine) -- { -- DSA *ret; -+{ -+ DSA *ret; - -- ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); -- if (ret == NULL) -- { -- DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- ret->meth = DSA_get_default_method(); -+ ret = (DSA *)OPENSSL_malloc(sizeof(DSA)); -+ if (ret == NULL) { -+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ ret->meth = DSA_get_default_method(); - #ifndef OPENSSL_NO_ENGINE -- if (engine) -- { -- if (!ENGINE_init(engine)) -- { -- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); -- OPENSSL_free(ret); -- return NULL; -- } -- ret->engine = engine; -- } -- else -- ret->engine = ENGINE_get_default_DSA(); -- if(ret->engine) -- { -- ret->meth = ENGINE_get_DSA(ret->engine); -- if(!ret->meth) -- { -- DSAerr(DSA_F_DSA_NEW_METHOD, -- ERR_R_ENGINE_LIB); -- ENGINE_finish(ret->engine); -- OPENSSL_free(ret); -- return NULL; -- } -- } -+ if (engine) { -+ if (!ENGINE_init(engine)) { -+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ ret->engine = engine; -+ } else -+ ret->engine = ENGINE_get_default_DSA(); -+ if (ret->engine) { -+ ret->meth = ENGINE_get_DSA(ret->engine); -+ if (!ret->meth) { -+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); -+ ENGINE_finish(ret->engine); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ } - #endif - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) -- { -- DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); --#ifndef OPENSSL_NO_ENGINE -- if (ret->engine) -- ENGINE_finish(ret->engine); --#endif -- OPENSSL_free(ret); -- return NULL; -- } -+ if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) { -+ DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); -+# ifndef OPENSSL_NO_ENGINE -+ if (ret->engine) -+ ENGINE_finish(ret->engine); -+# endif -+ OPENSSL_free(ret); -+ return NULL; -+ } - #endif - -- ret->pad=0; -- ret->version=0; -- ret->write_params=1; -- ret->p=NULL; -- ret->q=NULL; -- ret->g=NULL; -+ ret->pad = 0; -+ ret->version = 0; -+ ret->write_params = 1; -+ ret->p = NULL; -+ ret->q = NULL; -+ ret->g = NULL; - -- ret->pub_key=NULL; -- ret->priv_key=NULL; -+ ret->pub_key = NULL; -+ ret->priv_key = NULL; - -- ret->kinv=NULL; -- ret->r=NULL; -- ret->method_mont_p=NULL; -+ ret->kinv = NULL; -+ ret->r = NULL; -+ ret->method_mont_p = NULL; - -- ret->references=1; -- ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); -- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) -- { -+ ret->references = 1; -+ ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); -+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - #ifndef OPENSSL_NO_ENGINE -- if (ret->engine) -- ENGINE_finish(ret->engine); -+ if (ret->engine) -+ ENGINE_finish(ret->engine); - #endif -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); -- OPENSSL_free(ret); -- ret=NULL; -- } -- -- return(ret); -- } -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+ -+ return (ret); -+} - - void DSA_free(DSA *r) -- { -- int i; -+{ -+ int i; - -- if (r == NULL) return; -+ if (r == NULL) -+ return; - -- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA); -+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA); - #ifdef REF_PRINT -- REF_PRINT("DSA",r); -+ REF_PRINT("DSA", r); - #endif -- if (i > 0) return; -+ if (i > 0) -+ return; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"DSA_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "DSA_free, bad reference count\n"); -+ abort(); -+ } - #endif - -- if(r->meth->finish) -- r->meth->finish(r); -+ if (r->meth->finish) -+ r->meth->finish(r); - #ifndef OPENSSL_NO_ENGINE -- if(r->engine) -- ENGINE_finish(r->engine); -+ if (r->engine) -+ ENGINE_finish(r->engine); - #endif - -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); - -- if (r->p != NULL) BN_clear_free(r->p); -- if (r->q != NULL) BN_clear_free(r->q); -- if (r->g != NULL) BN_clear_free(r->g); -- if (r->pub_key != NULL) BN_clear_free(r->pub_key); -- if (r->priv_key != NULL) BN_clear_free(r->priv_key); -- if (r->kinv != NULL) BN_clear_free(r->kinv); -- if (r->r != NULL) BN_clear_free(r->r); -- OPENSSL_free(r); -- } -+ if (r->p != NULL) -+ BN_clear_free(r->p); -+ if (r->q != NULL) -+ BN_clear_free(r->q); -+ if (r->g != NULL) -+ BN_clear_free(r->g); -+ if (r->pub_key != NULL) -+ BN_clear_free(r->pub_key); -+ if (r->priv_key != NULL) -+ BN_clear_free(r->priv_key); -+ if (r->kinv != NULL) -+ BN_clear_free(r->kinv); -+ if (r->r != NULL) -+ BN_clear_free(r->r); -+ OPENSSL_free(r); -+} - - int DSA_up_ref(DSA *r) -- { -- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); -+{ -+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); - #ifdef REF_PRINT -- REF_PRINT("DSA",r); -+ REF_PRINT("DSA", r); - #endif - #ifdef REF_CHECK -- if (i < 2) -- { -- fprintf(stderr, "DSA_up_ref, bad reference count\n"); -- abort(); -- } -+ if (i < 2) { -+ fprintf(stderr, "DSA_up_ref, bad reference count\n"); -+ abort(); -+ } - #endif -- return ((i > 1) ? 1 : 0); -- } -+ return ((i > 1) ? 1 : 0); -+} - - int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, -- new_func, dup_func, free_func); -- } -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, -+ new_func, dup_func, free_func); -+} - - int DSA_set_ex_data(DSA *d, int idx, void *arg) -- { -- return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); -- } -+{ -+ return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); -+} - - void *DSA_get_ex_data(DSA *d, int idx) -- { -- return(CRYPTO_get_ex_data(&d->ex_data,idx)); -- } -+{ -+ return (CRYPTO_get_ex_data(&d->ex_data, idx)); -+} - - #ifndef OPENSSL_NO_DH - DH *DSA_dup_DH(const DSA *r) -- { -- /* DSA has p, q, g, optional pub_key, optional priv_key. -- * DH has p, optional length, g, optional pub_key, optional priv_key. -- */ -+{ -+ /* -+ * DSA has p, q, g, optional pub_key, optional priv_key. DH has p, -+ * optional length, g, optional pub_key, optional priv_key. -+ */ - -- DH *ret = NULL; -+ DH *ret = NULL; - -- if (r == NULL) -- goto err; -- ret = DH_new(); -- if (ret == NULL) -- goto err; -- if (r->p != NULL) -- if ((ret->p = BN_dup(r->p)) == NULL) -- goto err; -- if (r->q != NULL) -- ret->length = BN_num_bits(r->q); -- if (r->g != NULL) -- if ((ret->g = BN_dup(r->g)) == NULL) -- goto err; -- if (r->pub_key != NULL) -- if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) -- goto err; -- if (r->priv_key != NULL) -- if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) -- goto err; -+ if (r == NULL) -+ goto err; -+ ret = DH_new(); -+ if (ret == NULL) -+ goto err; -+ if (r->p != NULL) -+ if ((ret->p = BN_dup(r->p)) == NULL) -+ goto err; -+ if (r->q != NULL) -+ ret->length = BN_num_bits(r->q); -+ if (r->g != NULL) -+ if ((ret->g = BN_dup(r->g)) == NULL) -+ goto err; -+ if (r->pub_key != NULL) -+ if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) -+ goto err; -+ if (r->priv_key != NULL) -+ if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) -+ goto err; - -- return ret; -+ return ret; - - err: -- if (ret != NULL) -- DH_free(ret); -- return NULL; -- } -+ if (ret != NULL) -+ DH_free(ret); -+ return NULL; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c -index 1727760..f993844 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -68,31 +68,33 @@ - #ifndef OPENSSL_FIPS - - static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); --static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); --static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, -- DSA *dsa); -+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp); -+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, -+ DSA_SIG *sig, DSA *dsa); - static int dsa_init(DSA *dsa); - static int dsa_finish(DSA *dsa); - - static DSA_METHOD openssl_dsa_meth = { --"OpenSSL DSA method", --dsa_do_sign, --dsa_sign_setup, --dsa_do_verify, --NULL, /* dsa_mod_exp, */ --NULL, /* dsa_bn_mod_exp, */ --dsa_init, --dsa_finish, --0, --NULL, --NULL, --NULL -+ "OpenSSL DSA method", -+ dsa_do_sign, -+ dsa_sign_setup, -+ dsa_do_verify, -+ NULL, /* dsa_mod_exp, */ -+ NULL, /* dsa_bn_mod_exp, */ -+ dsa_init, -+ dsa_finish, -+ 0, -+ NULL, -+ NULL, -+ NULL - }; - --/* These macro wrappers replace attempts to use the dsa_mod_exp() and -+/*- -+ * These macro wrappers replace attempts to use the dsa_mod_exp() and - * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of - * having a the macro work as an expression by bundling an "err_instr". So; -- * -+ * - * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, - * dsa->method_mont_p)) goto err; - * -@@ -102,296 +104,309 @@ NULL - * dsa->method_mont_p); - */ - --#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ -- do { \ -- int _tmp_res53; \ -- if((dsa)->meth->dsa_mod_exp) \ -- _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ -- (a2), (p2), (m), (ctx), (in_mont)); \ -- else \ -- _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ -- (m), (ctx), (in_mont)); \ -- if(!_tmp_res53) err_instr; \ -- } while(0) --#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ -- do { \ -- int _tmp_res53; \ -- if((dsa)->meth->bn_mod_exp) \ -- _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ -- (m), (ctx), (m_ctx)); \ -- else \ -- _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ -- if(!_tmp_res53) err_instr; \ -- } while(0) -+# define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ -+ do { \ -+ int _tmp_res53; \ -+ if((dsa)->meth->dsa_mod_exp) \ -+ _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ -+ (a2), (p2), (m), (ctx), (in_mont)); \ -+ else \ -+ _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ -+ (m), (ctx), (in_mont)); \ -+ if(!_tmp_res53) err_instr; \ -+ } while(0) -+# define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ -+ do { \ -+ int _tmp_res53; \ -+ if((dsa)->meth->bn_mod_exp) \ -+ _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ -+ (m), (ctx), (m_ctx)); \ -+ else \ -+ _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ -+ if(!_tmp_res53) err_instr; \ -+ } while(0) - - const DSA_METHOD *DSA_OpenSSL(void) - { -- return &openssl_dsa_meth; -+ return &openssl_dsa_meth; - } - - static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -- { -- BIGNUM *kinv=NULL,*r=NULL,*s=NULL; -- BIGNUM m; -- BIGNUM xr; -- BN_CTX *ctx=NULL; -- int i,reason=ERR_R_BN_LIB; -- DSA_SIG *ret=NULL; -- -- BN_init(&m); -- BN_init(&xr); -- -- if (!dsa->p || !dsa->q || !dsa->g) -- { -- reason=DSA_R_MISSING_PARAMETERS; -- goto err; -- } -- -- s=BN_new(); -- if (s == NULL) goto err; -- -- i=BN_num_bytes(dsa->q); /* should be 20 */ -- if ((dlen > i) || (dlen > 50)) -- { -- reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; -- goto err; -- } -- -- ctx=BN_CTX_new(); -- if (ctx == NULL) goto err; -- -- if ((dsa->kinv == NULL) || (dsa->r == NULL)) -- { -- if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; -- } -- else -- { -- kinv=dsa->kinv; -- dsa->kinv=NULL; -- r=dsa->r; -- dsa->r=NULL; -- } -- -- if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; -- -- /* Compute s = inv(k) (m + xr) mod q */ -- if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ -- if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ -- if (BN_cmp(s,dsa->q) > 0) -- if (!BN_sub(s,s,dsa->q)) -- goto err; -- if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; -- -- ret=DSA_SIG_new(); -- if (ret == NULL) goto err; -- ret->r = r; -- ret->s = s; -- --err: -- if (!ret) -- { -- DSAerr(DSA_F_DSA_DO_SIGN,reason); -- BN_free(r); -- BN_free(s); -- } -- if (ctx != NULL) BN_CTX_free(ctx); -- BN_clear_free(&m); -- BN_clear_free(&xr); -- if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ -- BN_clear_free(kinv); -- return(ret); -- } -- --static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) -- { -- BN_CTX *ctx; -- BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; -- int ret=0; -- -- if (!dsa->p || !dsa->q || !dsa->g) -- { -- DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); -- return 0; -- } -- -- BN_init(&k); -- BN_init(&kq); -- -- if (ctx_in == NULL) -- { -- if ((ctx=BN_CTX_new()) == NULL) goto err; -- } -- else -- ctx=ctx_in; -- -- if ((r=BN_new()) == NULL) goto err; -- -- /* Get random k */ -- do -- if (!BN_rand_range(&k, dsa->q)) goto err; -- while (BN_is_zero(&k)); -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) -- { -- BN_set_flags(&k, BN_FLG_CONSTTIME); -- } -- -- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) -- { -- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, -- CRYPTO_LOCK_DSA, -- dsa->p, ctx)) -- goto err; -- } -- -- /* Compute r = (g^k mod p) mod q */ -- -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) -- { -- if (!BN_copy(&kq, &k)) goto err; -- -- /* We do not want timing information to leak the length of k, -- * so we compute g^k using an equivalent exponent of fixed length. -- * -- * (This is a kludge that we need because the BN_mod_exp_mont() -- * does not let us specify the desired timing behaviour.) */ -- -- if (!BN_add(&kq, &kq, dsa->q)) goto err; -- if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) -- { -- if (!BN_add(&kq, &kq, dsa->q)) goto err; -- } -- -- K = &kq; -- } -- else -- { -- K = &k; -- } -- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, -- dsa->method_mont_p); -- if (!BN_mod(r,r,dsa->q,ctx)) goto err; -- -- /* Compute part of 's = inv(k) (m + xr) mod q' */ -- if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; -- -- if (*kinvp != NULL) BN_clear_free(*kinvp); -- *kinvp=kinv; -- kinv=NULL; -- if (*rp != NULL) BN_clear_free(*rp); -- *rp=r; -- ret=1; --err: -- if (!ret) -- { -- DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); -- if (kinv != NULL) BN_clear_free(kinv); -- if (r != NULL) BN_clear_free(r); -- } -- if (ctx_in == NULL) BN_CTX_free(ctx); -- if (kinv != NULL) BN_clear_free(kinv); -- BN_clear_free(&k); -- BN_clear_free(&kq); -- return(ret); -- } -- --static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, -- DSA *dsa) -- { -- BN_CTX *ctx; -- BIGNUM u1,u2,t1; -- BN_MONT_CTX *mont=NULL; -- int ret = -1; -- if (!dsa->p || !dsa->q || !dsa->g) -- { -- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); -- return -1; -- } -- -- if (BN_num_bits(dsa->q) != 160) -- { -- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); -- return -1; -- } -- -- if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) -- { -- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); -- return -1; -- } -- -- BN_init(&u1); -- BN_init(&u2); -- BN_init(&t1); -- -- if ((ctx=BN_CTX_new()) == NULL) goto err; -- -- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || -- BN_ucmp(sig->r, dsa->q) >= 0) -- { -- ret = 0; -- goto err; -- } -- if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || -- BN_ucmp(sig->s, dsa->q) >= 0) -- { -- ret = 0; -- goto err; -- } -- -- /* Calculate W = inv(S) mod Q -- * save W in u2 */ -- if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; -- -- /* save M in u1 */ -- if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; -- -- /* u1 = M * w mod q */ -- if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; -- -- /* u2 = r * w mod q */ -- if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; -- -- -- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) -- { -- mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, -- CRYPTO_LOCK_DSA, dsa->p, ctx); -- if (!mont) -- goto err; -- } -- -- -- DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); -- /* BN_copy(&u1,&t1); */ -- /* let u1 = u1 mod q */ -- if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; -- -- /* V is now in u1. If the signature is correct, it will be -- * equal to R. */ -- ret=(BN_ucmp(&u1, sig->r) == 0); -- -- err: -- /* XXX: surely this is wrong - if ret is 0, it just didn't verify; -- there is no error in BN. Test should be ret == -1 (Ben) */ -- if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); -- if (ctx != NULL) BN_CTX_free(ctx); -- BN_free(&u1); -- BN_free(&u2); -- BN_free(&t1); -- return(ret); -- } -+{ -+ BIGNUM *kinv = NULL, *r = NULL, *s = NULL; -+ BIGNUM m; -+ BIGNUM xr; -+ BN_CTX *ctx = NULL; -+ int i, reason = ERR_R_BN_LIB; -+ DSA_SIG *ret = NULL; -+ -+ BN_init(&m); -+ BN_init(&xr); -+ -+ if (!dsa->p || !dsa->q || !dsa->g) { -+ reason = DSA_R_MISSING_PARAMETERS; -+ goto err; -+ } -+ -+ s = BN_new(); -+ if (s == NULL) -+ goto err; -+ -+ i = BN_num_bytes(dsa->q); /* should be 20 */ -+ if ((dlen > i) || (dlen > 50)) { -+ reason = DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; -+ goto err; -+ } -+ -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ -+ if ((dsa->kinv == NULL) || (dsa->r == NULL)) { -+ if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) -+ goto err; -+ } else { -+ kinv = dsa->kinv; -+ dsa->kinv = NULL; -+ r = dsa->r; -+ dsa->r = NULL; -+ } -+ -+ if (BN_bin2bn(dgst, dlen, &m) == NULL) -+ goto err; -+ -+ /* Compute s = inv(k) (m + xr) mod q */ -+ if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) -+ goto err; /* s = xr */ -+ if (!BN_add(s, &xr, &m)) -+ goto err; /* s = m + xr */ -+ if (BN_cmp(s, dsa->q) > 0) -+ if (!BN_sub(s, s, dsa->q)) -+ goto err; -+ if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) -+ goto err; -+ -+ ret = DSA_SIG_new(); -+ if (ret == NULL) -+ goto err; -+ ret->r = r; -+ ret->s = s; -+ -+ err: -+ if (!ret) { -+ DSAerr(DSA_F_DSA_DO_SIGN, reason); -+ BN_free(r); -+ BN_free(s); -+ } -+ if (ctx != NULL) -+ BN_CTX_free(ctx); -+ BN_clear_free(&m); -+ BN_clear_free(&xr); -+ if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ -+ BN_clear_free(kinv); -+ return (ret); -+} -+ -+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp) -+{ -+ BN_CTX *ctx; -+ BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; -+ int ret = 0; -+ -+ if (!dsa->p || !dsa->q || !dsa->g) { -+ DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); -+ return 0; -+ } -+ -+ BN_init(&k); -+ BN_init(&kq); -+ -+ if (ctx_in == NULL) { -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ } else -+ ctx = ctx_in; -+ -+ if ((r = BN_new()) == NULL) -+ goto err; -+ -+ /* Get random k */ -+ do -+ if (!BN_rand_range(&k, dsa->q)) -+ goto err; -+ while (BN_is_zero(&k)) ; -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_set_flags(&k, BN_FLG_CONSTTIME); -+ } -+ -+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { -+ if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, -+ CRYPTO_LOCK_DSA, dsa->p, ctx)) -+ goto err; -+ } -+ -+ /* Compute r = (g^k mod p) mod q */ -+ -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -+ if (!BN_copy(&kq, &k)) -+ goto err; -+ -+ /* -+ * We do not want timing information to leak the length of k, so we -+ * compute g^k using an equivalent exponent of fixed length. (This -+ * is a kludge that we need because the BN_mod_exp_mont() does not -+ * let us specify the desired timing behaviour.) -+ */ -+ -+ if (!BN_add(&kq, &kq, dsa->q)) -+ goto err; -+ if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) { -+ if (!BN_add(&kq, &kq, dsa->q)) -+ goto err; -+ } -+ -+ K = &kq; -+ } else { -+ K = &k; -+ } -+ DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, -+ dsa->method_mont_p); -+ if (!BN_mod(r, r, dsa->q, ctx)) -+ goto err; -+ -+ /* Compute part of 's = inv(k) (m + xr) mod q' */ -+ if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL) -+ goto err; -+ -+ if (*kinvp != NULL) -+ BN_clear_free(*kinvp); -+ *kinvp = kinv; -+ kinv = NULL; -+ if (*rp != NULL) -+ BN_clear_free(*rp); -+ *rp = r; -+ ret = 1; -+ err: -+ if (!ret) { -+ DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB); -+ if (kinv != NULL) -+ BN_clear_free(kinv); -+ if (r != NULL) -+ BN_clear_free(r); -+ } -+ if (ctx_in == NULL) -+ BN_CTX_free(ctx); -+ if (kinv != NULL) -+ BN_clear_free(kinv); -+ BN_clear_free(&k); -+ BN_clear_free(&kq); -+ return (ret); -+} -+ -+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, -+ DSA_SIG *sig, DSA *dsa) -+{ -+ BN_CTX *ctx; -+ BIGNUM u1, u2, t1; -+ BN_MONT_CTX *mont = NULL; -+ int ret = -1; -+ if (!dsa->p || !dsa->q || !dsa->g) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS); -+ return -1; -+ } -+ -+ if (BN_num_bits(dsa->q) != 160) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); -+ return -1; -+ } -+ -+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ BN_init(&u1); -+ BN_init(&u2); -+ BN_init(&t1); -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ -+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || -+ BN_ucmp(sig->r, dsa->q) >= 0) { -+ ret = 0; -+ goto err; -+ } -+ if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || -+ BN_ucmp(sig->s, dsa->q) >= 0) { -+ ret = 0; -+ goto err; -+ } -+ -+ /* -+ * Calculate W = inv(S) mod Q save W in u2 -+ */ -+ if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL) -+ goto err; -+ -+ /* save M in u1 */ -+ if (BN_bin2bn(dgst, dgst_len, &u1) == NULL) -+ goto err; -+ -+ /* u1 = M * w mod q */ -+ if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) -+ goto err; -+ -+ /* u2 = r * w mod q */ -+ if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) -+ goto err; -+ -+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { -+ mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, -+ CRYPTO_LOCK_DSA, dsa->p, ctx); -+ if (!mont) -+ goto err; -+ } -+ -+ DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, -+ ctx, mont); -+ /* BN_copy(&u1,&t1); */ -+ /* let u1 = u1 mod q */ -+ if (!BN_mod(&u1, &t1, dsa->q, ctx)) -+ goto err; -+ -+ /* -+ * V is now in u1. If the signature is correct, it will be equal to R. -+ */ -+ ret = (BN_ucmp(&u1, sig->r) == 0); -+ -+ err: -+ /* -+ * XXX: surely this is wrong - if ret is 0, it just didn't verify; there -+ * is no error in BN. Test should be ret == -1 (Ben) -+ */ -+ if (ret != 1) -+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); -+ if (ctx != NULL) -+ BN_CTX_free(ctx); -+ BN_free(&u1); -+ BN_free(&u2); -+ BN_free(&t1); -+ return (ret); -+} - - static int dsa_init(DSA *dsa) - { -- dsa->flags|=DSA_FLAG_CACHE_MONT_P; -- return(1); -+ dsa->flags |= DSA_FLAG_CACHE_MONT_P; -+ return (1); - } - - static int dsa_finish(DSA *dsa) - { -- if(dsa->method_mont_p) -- BN_MONT_CTX_free(dsa->method_mont_p); -- return(1); -+ if (dsa->method_mont_p) -+ BN_MONT_CTX_free(dsa->method_mont_p); -+ return (1); - } - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c -index 4cfbbe5..0b32261 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,31 +65,28 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -- --DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -- { -+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -+{ - #ifdef OPENSSL_FIPS -- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) -- { -- DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return NULL; -- } -+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return NULL; -+ } - #endif -- return dsa->meth->dsa_do_sign(dgst, dlen, dsa); -- } -+ return dsa->meth->dsa_do_sign(dgst, dlen, dsa); -+} - - int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) -- { -+{ - #ifdef OPENSSL_FIPS -- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) -- { -- DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return 0; -- } -+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { -+ DSAerr(DSA_F_DSA_SIGN_SETUP, -+ DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return 0; -+ } - #endif -- return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); -- } -- -+ return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); -+} -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c -index 24c021d..6cc4479 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,32 +64,30 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #ifndef OPENSSL_NO_DH --#include -+# include - #endif - - DSA_SIG *DSA_SIG_new(void) -- { -- DSA_SIG *sig; -- sig = OPENSSL_malloc(sizeof(DSA_SIG)); -- if (!sig) -- return NULL; -- sig->r = NULL; -- sig->s = NULL; -- return sig; -- } -+{ -+ DSA_SIG *sig; -+ sig = OPENSSL_malloc(sizeof(DSA_SIG)); -+ if (!sig) -+ return NULL; -+ sig->r = NULL; -+ sig->s = NULL; -+ return sig; -+} - - void DSA_SIG_free(DSA_SIG *sig) -- { -- if (sig) -- { -- if (sig->r) -- BN_free(sig->r); -- if (sig->s) -- BN_free(sig->s); -- OPENSSL_free(sig); -- } -- } -- -+{ -+ if (sig) { -+ if (sig->r) -+ BN_free(sig->r); -+ if (sig->s) -+ BN_free(sig->s); -+ OPENSSL_free(sig); -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c -index c75e423..5a5d9e1 100644 ---- a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c -+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,20 +65,19 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #include - - int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, -- DSA *dsa) -- { -+ DSA *dsa) -+{ - #ifdef OPENSSL_FIPS -- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) -- { -- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return 0; -- } -+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return 0; -+ } - #endif -- return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); -- } -+ return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); -+} -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c -index 417abb6..25c9c13 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c -@@ -1,6 +1,7 @@ - /* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,292 +63,275 @@ - - #ifndef DSO_DL - DSO_METHOD *DSO_METHOD_dl(void) -- { -- return NULL; -- } -+{ -+ return NULL; -+} - #else - --#include -+# include - - /* Part of the hack in "dl_load" ... */ --#define DSO_MAX_TRANSLATED_SIZE 256 -+# define DSO_MAX_TRANSLATED_SIZE 256 - - static int dl_load(DSO *dso); - static int dl_unload(DSO *dso); - static void *dl_bind_var(DSO *dso, const char *symname); - static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); --#if 0 -+# if 0 - static int dl_unbind_var(DSO *dso, char *symname, void *symptr); - static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); - static int dl_init(DSO *dso); - static int dl_finish(DSO *dso); - static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); --#endif -+# endif - static char *dl_name_converter(DSO *dso, const char *filename); --static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); -+static char *dl_merger(DSO *dso, const char *filespec1, -+ const char *filespec2); - - static DSO_METHOD dso_meth_dl = { -- "OpenSSL 'dl' shared library method", -- dl_load, -- dl_unload, -- dl_bind_var, -- dl_bind_func, -+ "OpenSSL 'dl' shared library method", -+ dl_load, -+ dl_unload, -+ dl_bind_var, -+ dl_bind_func, - /* For now, "unbind" doesn't exist */ --#if 0 -- NULL, /* unbind_var */ -- NULL, /* unbind_func */ --#endif -- NULL, /* ctrl */ -- dl_name_converter, -- dl_merger, -- NULL, /* init */ -- NULL /* finish */ -- }; -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif -+ NULL, /* ctrl */ -+ dl_name_converter, -+ dl_merger, -+ NULL, /* init */ -+ NULL /* finish */ -+}; - - DSO_METHOD *DSO_METHOD_dl(void) -- { -- return(&dso_meth_dl); -- } -+{ -+ return (&dso_meth_dl); -+} - --/* For this DSO_METHOD, our meth_data STACK will contain; -- * (i) the handle (shl_t) returned from shl_load(). -- * NB: I checked on HPUX11 and shl_t is itself a pointer -- * type so the cast is safe. -+/* -+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle -+ * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is -+ * itself a pointer type so the cast is safe. - */ - - static int dl_load(DSO *dso) -- { -- shl_t ptr = NULL; -- /* We don't do any fancy retries or anything, just take the method's -- * (or DSO's if it has the callback set) best translation of the -- * platform-independant filename and try once with that. */ -- char *filename= DSO_convert_filename(dso, NULL); -+{ -+ shl_t ptr = NULL; -+ /* -+ * We don't do any fancy retries or anything, just take the method's (or -+ * DSO's if it has the callback set) best translation of the -+ * platform-independant filename and try once with that. -+ */ -+ char *filename = DSO_convert_filename(dso, NULL); - -- if(filename == NULL) -- { -- DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); -- goto err; -- } -- ptr = shl_load(filename, BIND_IMMEDIATE | -- (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); -- ERR_add_error_data(4, "filename(", filename, "): ", -- strerror(errno)); -- goto err; -- } -- if(!sk_push(dso->meth_data, (char *)ptr)) -- { -- DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR); -- goto err; -- } -- /* Success, stick the converted filename we've loaded under into the DSO -- * (it also serves as the indicator that we are currently loaded). */ -- dso->loaded_filename = filename; -- return(1); --err: -- /* Cleanup! */ -- if(filename != NULL) -- OPENSSL_free(filename); -- if(ptr != NULL) -- shl_unload(ptr); -- return(0); -- } -+ if (filename == NULL) { -+ DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME); -+ goto err; -+ } -+ ptr = shl_load(filename, BIND_IMMEDIATE | -+ (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 : -+ DYNAMIC_PATH), 0L); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED); -+ ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno)); -+ goto err; -+ } -+ if (!sk_push(dso->meth_data, (char *)ptr)) { -+ DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR); -+ goto err; -+ } -+ /* -+ * Success, stick the converted filename we've loaded under into the DSO -+ * (it also serves as the indicator that we are currently loaded). -+ */ -+ dso->loaded_filename = filename; -+ return (1); -+ err: -+ /* Cleanup! */ -+ if (filename != NULL) -+ OPENSSL_free(filename); -+ if (ptr != NULL) -+ shl_unload(ptr); -+ return (0); -+} - - static int dl_unload(DSO *dso) -- { -- shl_t ptr; -- if(dso == NULL) -- { -- DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -- if(sk_num(dso->meth_data) < 1) -- return(1); -- /* Is this statement legal? */ -- ptr = (shl_t)sk_pop(dso->meth_data); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE); -- /* Should push the value back onto the stack in -- * case of a retry. */ -- sk_push(dso->meth_data, (char *)ptr); -- return(0); -- } -- shl_unload(ptr); -- return(1); -- } -+{ -+ shl_t ptr; -+ if (dso == NULL) { -+ DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ if (sk_num(dso->meth_data) < 1) -+ return (1); -+ /* Is this statement legal? */ -+ ptr = (shl_t) sk_pop(dso->meth_data); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE); -+ /* -+ * Should push the value back onto the stack in case of a retry. -+ */ -+ sk_push(dso->meth_data, (char *)ptr); -+ return (0); -+ } -+ shl_unload(ptr); -+ return (1); -+} - - static void *dl_bind_var(DSO *dso, const char *symname) -- { -- shl_t ptr; -- void *sym; -+{ -+ shl_t ptr; -+ void *sym; - -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(sk_num(dso->meth_data) < 1) -- { -- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR); -- return(NULL); -- } -- ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE); -- return(NULL); -- } -- if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) -- { -- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE); -- ERR_add_error_data(4, "symname(", symname, "): ", -- strerror(errno)); -- return(NULL); -- } -- return(sym); -- } -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { -+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno)); -+ return (NULL); -+ } -+ return (sym); -+} - - static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) -- { -- shl_t ptr; -- void *sym; -+{ -+ shl_t ptr; -+ void *sym; - -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(sk_num(dso->meth_data) < 1) -- { -- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR); -- return(NULL); -- } -- ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE); -- return(NULL); -- } -- if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) -- { -- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE); -- ERR_add_error_data(4, "symname(", symname, "): ", -- strerror(errno)); -- return(NULL); -- } -- return((DSO_FUNC_TYPE)sym); -- } -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { -+ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno)); -+ return (NULL); -+ } -+ return ((DSO_FUNC_TYPE)sym); -+} - - static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) -- { -- char *merged; -+{ -+ char *merged; - -- if(!filespec1 && !filespec2) -- { -- DSOerr(DSO_F_DL_MERGER, -- ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- /* If the first file specification is a rooted path, it rules. -- same goes if the second file specification is missing. */ -- if (!filespec2 || filespec1[0] == '/') -- { -- merged = OPENSSL_malloc(strlen(filespec1) + 1); -- if(!merged) -- { -- DSOerr(DSO_F_DL_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- strcpy(merged, filespec1); -- } -- /* If the first file specification is missing, the second one rules. */ -- else if (!filespec1) -- { -- merged = OPENSSL_malloc(strlen(filespec2) + 1); -- if(!merged) -- { -- DSOerr(DSO_F_DL_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- strcpy(merged, filespec2); -- } -- else -- /* This part isn't as trivial as it looks. It assumes that -- the second file specification really is a directory, and -- makes no checks whatsoever. Therefore, the result becomes -- the concatenation of filespec2 followed by a slash followed -- by filespec1. */ -- { -- int spec2len, len; -+ if (!filespec1 && !filespec2) { -+ DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ /* -+ * If the first file specification is a rooted path, it rules. same goes -+ * if the second file specification is missing. -+ */ -+ if (!filespec2 || filespec1[0] == '/') { -+ merged = OPENSSL_malloc(strlen(filespec1) + 1); -+ if (!merged) { -+ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ strcpy(merged, filespec1); -+ } -+ /* -+ * If the first file specification is missing, the second one rules. -+ */ -+ else if (!filespec1) { -+ merged = OPENSSL_malloc(strlen(filespec2) + 1); -+ if (!merged) { -+ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ strcpy(merged, filespec2); -+ } else -+ /* -+ * This part isn't as trivial as it looks. It assumes that the -+ * second file specification really is a directory, and makes no -+ * checks whatsoever. Therefore, the result becomes the -+ * concatenation of filespec2 followed by a slash followed by -+ * filespec1. -+ */ -+ { -+ int spec2len, len; - -- spec2len = (filespec2 ? strlen(filespec2) : 0); -- len = spec2len + (filespec1 ? strlen(filespec1) : 0); -+ spec2len = (filespec2 ? strlen(filespec2) : 0); -+ len = spec2len + (filespec1 ? strlen(filespec1) : 0); - -- if(filespec2 && filespec2[spec2len - 1] == '/') -- { -- spec2len--; -- len--; -- } -- merged = OPENSSL_malloc(len + 2); -- if(!merged) -- { -- DSOerr(DSO_F_DL_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- strcpy(merged, filespec2); -- merged[spec2len] = '/'; -- strcpy(&merged[spec2len + 1], filespec1); -- } -- return(merged); -- } -+ if (filespec2 && filespec2[spec2len - 1] == '/') { -+ spec2len--; -+ len--; -+ } -+ merged = OPENSSL_malloc(len + 2); -+ if (!merged) { -+ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ strcpy(merged, filespec2); -+ merged[spec2len] = '/'; -+ strcpy(&merged[spec2len + 1], filespec1); -+ } -+ return (merged); -+} - --/* This function is identical to the one in dso_dlfcn.c, but as it is highly -- * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the -- * same time, there's no great duplicating the code. Figuring out an elegant -- * way to share one copy of the code would be more difficult and would not -- * leave the implementations independant. */ --#if defined(__hpux) -+/* -+ * This function is identical to the one in dso_dlfcn.c, but as it is highly -+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at -+ * the same time, there's no great duplicating the code. Figuring out an -+ * elegant way to share one copy of the code would be more difficult and -+ * would not leave the implementations independant. -+ */ -+# if defined(__hpux) - static const char extension[] = ".sl"; --#else -+# else - static const char extension[] = ".so"; --#endif -+# endif - static char *dl_name_converter(DSO *dso, const char *filename) -- { -- char *translated; -- int len, rsize, transform; -+{ -+ char *translated; -+ int len, rsize, transform; - -- len = strlen(filename); -- rsize = len + 1; -- transform = (strstr(filename, "/") == NULL); -- { -- /* We will convert this to "%s.s?" or "lib%s.s?" */ -- rsize += strlen(extension);/* The length of ".s?" */ -- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -- rsize += 3; /* The length of "lib" */ -- } -- translated = OPENSSL_malloc(rsize); -- if(translated == NULL) -- { -- DSOerr(DSO_F_DL_NAME_CONVERTER, -- DSO_R_NAME_TRANSLATION_FAILED); -- return(NULL); -- } -- if(transform) -- { -- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -- sprintf(translated, "lib%s%s", filename, extension); -- else -- sprintf(translated, "%s%s", filename, extension); -- } -- else -- sprintf(translated, "%s", filename); -- return(translated); -- } -+ len = strlen(filename); -+ rsize = len + 1; -+ transform = (strstr(filename, "/") == NULL); -+ { -+ /* We will convert this to "%s.s?" or "lib%s.s?" */ -+ rsize += strlen(extension); /* The length of ".s?" */ -+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -+ rsize += 3; /* The length of "lib" */ -+ } -+ translated = OPENSSL_malloc(rsize); -+ if (translated == NULL) { -+ DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); -+ return (NULL); -+ } -+ if (transform) { -+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -+ sprintf(translated, "lib%s%s", filename, extension); -+ else -+ sprintf(translated, "%s%s", filename, extension); -+ } else -+ sprintf(translated, "%s", filename); -+ return (translated); -+} - --#endif /* DSO_DL */ -+#endif /* DSO_DL */ -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c -index d91e821..f01255a 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c -@@ -1,6 +1,7 @@ - /* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,320 +63,298 @@ - - #ifndef DSO_DLFCN - DSO_METHOD *DSO_METHOD_dlfcn(void) -- { -- return NULL; -- } -+{ -+ return NULL; -+} - #else - --#ifdef HAVE_DLFCN_H --#include --#endif -+# ifdef HAVE_DLFCN_H -+# include -+# endif - - /* Part of the hack in "dlfcn_load" ... */ --#define DSO_MAX_TRANSLATED_SIZE 256 -+# define DSO_MAX_TRANSLATED_SIZE 256 - - static int dlfcn_load(DSO *dso); - static int dlfcn_unload(DSO *dso); - static void *dlfcn_bind_var(DSO *dso, const char *symname); - static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); --#if 0 -+# if 0 - static int dlfcn_unbind(DSO *dso, char *symname, void *symptr); - static int dlfcn_init(DSO *dso); - static int dlfcn_finish(DSO *dso); - static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); --#endif -+# endif - static char *dlfcn_name_converter(DSO *dso, const char *filename); - static char *dlfcn_merger(DSO *dso, const char *filespec1, -- const char *filespec2); -+ const char *filespec2); - - static DSO_METHOD dso_meth_dlfcn = { -- "OpenSSL 'dlfcn' shared library method", -- dlfcn_load, -- dlfcn_unload, -- dlfcn_bind_var, -- dlfcn_bind_func, -+ "OpenSSL 'dlfcn' shared library method", -+ dlfcn_load, -+ dlfcn_unload, -+ dlfcn_bind_var, -+ dlfcn_bind_func, - /* For now, "unbind" doesn't exist */ --#if 0 -- NULL, /* unbind_var */ -- NULL, /* unbind_func */ --#endif -- NULL, /* ctrl */ -- dlfcn_name_converter, -- dlfcn_merger, -- NULL, /* init */ -- NULL /* finish */ -- }; -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif -+ NULL, /* ctrl */ -+ dlfcn_name_converter, -+ dlfcn_merger, -+ NULL, /* init */ -+ NULL /* finish */ -+}; - - DSO_METHOD *DSO_METHOD_dlfcn(void) -- { -- return(&dso_meth_dlfcn); -- } -+{ -+ return (&dso_meth_dlfcn); -+} - --/* Prior to using the dlopen() function, we should decide on the flag -- * we send. There's a few different ways of doing this and it's a -- * messy venn-diagram to match up which platforms support what. So -- * as we don't have autoconf yet, I'm implementing a hack that could -- * be hacked further relatively easily to deal with cases as we find -- * them. Initially this is to cope with OpenBSD. */ --#if defined(__OpenBSD__) || defined(__NetBSD__) --# ifdef DL_LAZY --# define DLOPEN_FLAG DL_LAZY --# else --# ifdef RTLD_NOW --# define DLOPEN_FLAG RTLD_NOW --# else --# define DLOPEN_FLAG 0 --# endif --# endif --#else --# ifdef OPENSSL_SYS_SUNOS --# define DLOPEN_FLAG 1 --# else --# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ --# endif --#endif -+/* -+ * Prior to using the dlopen() function, we should decide on the flag we -+ * send. There's a few different ways of doing this and it's a messy -+ * venn-diagram to match up which platforms support what. So as we don't have -+ * autoconf yet, I'm implementing a hack that could be hacked further -+ * relatively easily to deal with cases as we find them. Initially this is to -+ * cope with OpenBSD. -+ */ -+# if defined(__OpenBSD__) || defined(__NetBSD__) -+# ifdef DL_LAZY -+# define DLOPEN_FLAG DL_LAZY -+# else -+# ifdef RTLD_NOW -+# define DLOPEN_FLAG RTLD_NOW -+# else -+# define DLOPEN_FLAG 0 -+# endif -+# endif -+# else -+# ifdef OPENSSL_SYS_SUNOS -+# define DLOPEN_FLAG 1 -+# else -+# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ -+# endif -+# endif - --/* For this DSO_METHOD, our meth_data STACK will contain; -- * (i) the handle (void*) returned from dlopen(). -+/* -+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle -+ * (void*) returned from dlopen(). - */ - - static int dlfcn_load(DSO *dso) -- { -- void *ptr = NULL; -- /* See applicable comments in dso_dl.c */ -- char *filename = DSO_convert_filename(dso, NULL); -- int flags = DLOPEN_FLAG; -- -- if(filename == NULL) -- { -- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); -- goto err; -- } -+{ -+ void *ptr = NULL; -+ /* See applicable comments in dso_dl.c */ -+ char *filename = DSO_convert_filename(dso, NULL); -+ int flags = DLOPEN_FLAG; - --#ifdef RTLD_GLOBAL -- if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) -- flags |= RTLD_GLOBAL; --#endif -- ptr = dlopen(filename, flags); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); -- ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); -- goto err; -- } -- if(!sk_push(dso->meth_data, (char *)ptr)) -- { -- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR); -- goto err; -- } -- /* Success */ -- dso->loaded_filename = filename; -- return(1); --err: -- /* Cleanup! */ -- if(filename != NULL) -- OPENSSL_free(filename); -- if(ptr != NULL) -- dlclose(ptr); -- return(0); -+ if (filename == NULL) { -+ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME); -+ goto err; -+ } -+# ifdef RTLD_GLOBAL -+ if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) -+ flags |= RTLD_GLOBAL; -+# endif -+ ptr = dlopen(filename, flags); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED); -+ ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); -+ goto err; -+ } -+ if (!sk_push(dso->meth_data, (char *)ptr)) { -+ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR); -+ goto err; -+ } -+ /* Success */ -+ dso->loaded_filename = filename; -+ return (1); -+ err: -+ /* Cleanup! */ -+ if (filename != NULL) -+ OPENSSL_free(filename); -+ if (ptr != NULL) -+ dlclose(ptr); -+ return (0); - } - - static int dlfcn_unload(DSO *dso) -- { -- void *ptr; -- if(dso == NULL) -- { -- DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -- if(sk_num(dso->meth_data) < 1) -- return(1); -- ptr = (void *)sk_pop(dso->meth_data); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE); -- /* Should push the value back onto the stack in -- * case of a retry. */ -- sk_push(dso->meth_data, (char *)ptr); -- return(0); -- } -- /* For now I'm not aware of any errors associated with dlclose() */ -- dlclose(ptr); -- return(1); -- } -+{ -+ void *ptr; -+ if (dso == NULL) { -+ DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ if (sk_num(dso->meth_data) < 1) -+ return (1); -+ ptr = (void *)sk_pop(dso->meth_data); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE); -+ /* -+ * Should push the value back onto the stack in case of a retry. -+ */ -+ sk_push(dso->meth_data, (char *)ptr); -+ return (0); -+ } -+ /* For now I'm not aware of any errors associated with dlclose() */ -+ dlclose(ptr); -+ return (1); -+} - - static void *dlfcn_bind_var(DSO *dso, const char *symname) -- { -- void *ptr, *sym; -+{ -+ void *ptr, *sym; - -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(sk_num(dso->meth_data) < 1) -- { -- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR); -- return(NULL); -- } -- ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE); -- return(NULL); -- } -- sym = dlsym(ptr, symname); -- if(sym == NULL) -- { -- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE); -- ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); -- return(NULL); -- } -- return(sym); -- } -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ sym = dlsym(ptr, symname); -+ if (sym == NULL) { -+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); -+ return (NULL); -+ } -+ return (sym); -+} - - static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) -- { -- void *ptr; -- union { -- DSO_FUNC_TYPE sym; -- void *dlret; -- } u; -+{ -+ void *ptr; -+ union { -+ DSO_FUNC_TYPE sym; -+ void *dlret; -+ } u; - -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(sk_num(dso->meth_data) < 1) -- { -- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR); -- return(NULL); -- } -- ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); -- return(NULL); -- } -- u.dlret = dlsym(ptr, symname); -- if(u.dlret == NULL) -- { -- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); -- ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); -- return(NULL); -- } -- return u.sym; -- } -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ u.dlret = dlsym(ptr, symname); -+ if (u.dlret == NULL) { -+ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); -+ return (NULL); -+ } -+ return u.sym; -+} - - static char *dlfcn_merger(DSO *dso, const char *filespec1, -- const char *filespec2) -- { -- char *merged; -- -- if(!filespec1 && !filespec2) -- { -- DSOerr(DSO_F_DLFCN_MERGER, -- ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- /* If the first file specification is a rooted path, it rules. -- same goes if the second file specification is missing. */ -- if (!filespec2 || filespec1[0] == '/') -- { -- merged = OPENSSL_malloc(strlen(filespec1) + 1); -- if(!merged) -- { -- DSOerr(DSO_F_DLFCN_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- strcpy(merged, filespec1); -- } -- /* If the first file specification is missing, the second one rules. */ -- else if (!filespec1) -- { -- merged = OPENSSL_malloc(strlen(filespec2) + 1); -- if(!merged) -- { -- DSOerr(DSO_F_DLFCN_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- strcpy(merged, filespec2); -- } -- else -- /* This part isn't as trivial as it looks. It assumes that -- the second file specification really is a directory, and -- makes no checks whatsoever. Therefore, the result becomes -- the concatenation of filespec2 followed by a slash followed -- by filespec1. */ -- { -- int spec2len, len; -+ const char *filespec2) -+{ -+ char *merged; - -- spec2len = (filespec2 ? strlen(filespec2) : 0); -- len = spec2len + (filespec1 ? strlen(filespec1) : 0); -+ if (!filespec1 && !filespec2) { -+ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ /* -+ * If the first file specification is a rooted path, it rules. same goes -+ * if the second file specification is missing. -+ */ -+ if (!filespec2 || filespec1[0] == '/') { -+ merged = OPENSSL_malloc(strlen(filespec1) + 1); -+ if (!merged) { -+ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ strcpy(merged, filespec1); -+ } -+ /* -+ * If the first file specification is missing, the second one rules. -+ */ -+ else if (!filespec1) { -+ merged = OPENSSL_malloc(strlen(filespec2) + 1); -+ if (!merged) { -+ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ strcpy(merged, filespec2); -+ } else -+ /* -+ * This part isn't as trivial as it looks. It assumes that the -+ * second file specification really is a directory, and makes no -+ * checks whatsoever. Therefore, the result becomes the -+ * concatenation of filespec2 followed by a slash followed by -+ * filespec1. -+ */ -+ { -+ int spec2len, len; - -- if(filespec2 && filespec2[spec2len - 1] == '/') -- { -- spec2len--; -- len--; -- } -- merged = OPENSSL_malloc(len + 2); -- if(!merged) -- { -- DSOerr(DSO_F_DLFCN_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- strcpy(merged, filespec2); -- merged[spec2len] = '/'; -- strcpy(&merged[spec2len + 1], filespec1); -- } -- return(merged); -- } -+ spec2len = (filespec2 ? strlen(filespec2) : 0); -+ len = spec2len + (filespec1 ? strlen(filespec1) : 0); - --#ifdef OPENSSL_SYS_MACOSX --#define DSO_ext ".dylib" --#define DSO_extlen 6 --#else --#define DSO_ext ".so" --#define DSO_extlen 3 --#endif -+ if (filespec2 && filespec2[spec2len - 1] == '/') { -+ spec2len--; -+ len--; -+ } -+ merged = OPENSSL_malloc(len + 2); -+ if (!merged) { -+ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ strcpy(merged, filespec2); -+ merged[spec2len] = '/'; -+ strcpy(&merged[spec2len + 1], filespec1); -+ } -+ return (merged); -+} - -+# ifdef OPENSSL_SYS_MACOSX -+# define DSO_ext ".dylib" -+# define DSO_extlen 6 -+# else -+# define DSO_ext ".so" -+# define DSO_extlen 3 -+# endif - - static char *dlfcn_name_converter(DSO *dso, const char *filename) -- { -- char *translated; -- int len, rsize, transform; -+{ -+ char *translated; -+ int len, rsize, transform; - -- len = strlen(filename); -- rsize = len + 1; -- transform = (strstr(filename, "/") == NULL); -- if(transform) -- { -- /* We will convert this to "%s.so" or "lib%s.so" etc */ -- rsize += DSO_extlen; /* The length of ".so" */ -- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -- rsize += 3; /* The length of "lib" */ -- } -- translated = OPENSSL_malloc(rsize); -- if(translated == NULL) -- { -- DSOerr(DSO_F_DLFCN_NAME_CONVERTER, -- DSO_R_NAME_TRANSLATION_FAILED); -- return(NULL); -- } -- if(transform) -- { -- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -- sprintf(translated, "lib%s" DSO_ext, filename); -- else -- sprintf(translated, "%s" DSO_ext, filename); -- } -- else -- sprintf(translated, "%s", filename); -- return(translated); -- } -+ len = strlen(filename); -+ rsize = len + 1; -+ transform = (strstr(filename, "/") == NULL); -+ if (transform) { -+ /* We will convert this to "%s.so" or "lib%s.so" etc */ -+ rsize += DSO_extlen; /* The length of ".so" */ -+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -+ rsize += 3; /* The length of "lib" */ -+ } -+ translated = OPENSSL_malloc(rsize); -+ if (translated == NULL) { -+ DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); -+ return (NULL); -+ } -+ if (transform) { -+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) -+ sprintf(translated, "lib%s" DSO_ext, filename); -+ else -+ sprintf(translated, "%s" DSO_ext, filename); -+ } else -+ sprintf(translated, "%s", filename); -+ return (translated); -+} - --#endif /* DSO_DLFCN */ -+#endif /* DSO_DLFCN */ -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c -index a8b0a21..7a1927e 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_err.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,83 +66,81 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) - --static ERR_STRING_DATA DSO_str_functs[]= -- { --{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, --{ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, --{ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, --{ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, --{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, --{ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, --{ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, --{ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, --{ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, --{ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, --{ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, --{ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, --{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, --{ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"}, --{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, --{ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"}, --{ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, --{ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, --{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, --{ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, --{ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, --{ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, --{ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, --{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, --{ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, --{ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, --{ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, --{ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, --{ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, --{ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, --{ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, --{ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, --{ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, --{ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, --{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, --{ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, --{ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, --{0,NULL} -- }; -+static ERR_STRING_DATA DSO_str_functs[] = { -+ {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, -+ {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, -+ {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, -+ {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, -+ {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, -+ {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, -+ {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, -+ {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, -+ {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, -+ {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, -+ {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, -+ {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, -+ {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, -+ {ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"}, -+ {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, -+ {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"}, -+ {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, -+ {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, -+ {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, -+ {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, -+ {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, -+ {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, -+ {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, -+ {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, -+ {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, -+ {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, -+ {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, -+ {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, -+ {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, -+ {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, -+ {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, -+ {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, -+ {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, -+ {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, -+ {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, -+ {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, -+ {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA DSO_str_reasons[]= -- { --{ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"}, --{ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"}, --{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE) ,"empty file structure"}, --{ERR_REASON(DSO_R_FAILURE) ,"failure"}, --{ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"}, --{ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"}, --{ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"}, --{ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"}, --{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"}, --{ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"}, --{ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"}, --{ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"}, --{ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"}, --{ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"}, --{ERR_REASON(DSO_R_SYM_FAILURE) ,"could not bind to the requested symbol name"}, --{ERR_REASON(DSO_R_UNLOAD_FAILED) ,"could not unload the shared library"}, --{ERR_REASON(DSO_R_UNSUPPORTED) ,"functionality not supported"}, --{0,NULL} -- }; -+static ERR_STRING_DATA DSO_str_reasons[] = { -+ {ERR_REASON(DSO_R_CTRL_FAILED), "control command failed"}, -+ {ERR_REASON(DSO_R_DSO_ALREADY_LOADED), "dso already loaded"}, -+ {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE), "empty file structure"}, -+ {ERR_REASON(DSO_R_FAILURE), "failure"}, -+ {ERR_REASON(DSO_R_FILENAME_TOO_BIG), "filename too big"}, -+ {ERR_REASON(DSO_R_FINISH_FAILED), "cleanup method function failed"}, -+ {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX), "incorrect file syntax"}, -+ {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"}, -+ {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"}, -+ {ERR_REASON(DSO_R_NO_FILENAME), "no filename"}, -+ {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION), "no file specification"}, -+ {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"}, -+ {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"}, -+ {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"}, -+ {ERR_REASON(DSO_R_SYM_FAILURE), -+ "could not bind to the requested symbol name"}, -+ {ERR_REASON(DSO_R_UNLOAD_FAILED), "could not unload the shared library"}, -+ {ERR_REASON(DSO_R_UNSUPPORTED), "functionality not supported"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_DSO_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,DSO_str_functs); -- ERR_load_strings(0,DSO_str_reasons); -- } -+ if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, DSO_str_functs); -+ ERR_load_strings(0, DSO_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c -index 49bdd71..f158466 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c -@@ -1,6 +1,7 @@ - /* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,403 +65,365 @@ - static DSO_METHOD *default_DSO_meth = NULL; - - DSO *DSO_new(void) -- { -- return(DSO_new_method(NULL)); -- } -+{ -+ return (DSO_new_method(NULL)); -+} - - void DSO_set_default_method(DSO_METHOD *meth) -- { -- default_DSO_meth = meth; -- } -+{ -+ default_DSO_meth = meth; -+} - - DSO_METHOD *DSO_get_default_method(void) -- { -- return(default_DSO_meth); -- } -+{ -+ return (default_DSO_meth); -+} - - DSO_METHOD *DSO_get_method(DSO *dso) -- { -- return(dso->meth); -- } -+{ -+ return (dso->meth); -+} - - DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth) -- { -- DSO_METHOD *mtmp; -- mtmp = dso->meth; -- dso->meth = meth; -- return(mtmp); -- } -+{ -+ DSO_METHOD *mtmp; -+ mtmp = dso->meth; -+ dso->meth = meth; -+ return (mtmp); -+} - - DSO *DSO_new_method(DSO_METHOD *meth) -- { -- DSO *ret; -- -- if(default_DSO_meth == NULL) -- /* We default to DSO_METH_openssl() which in turn defaults -- * to stealing the "best available" method. Will fallback -- * to DSO_METH_null() in the worst case. */ -- default_DSO_meth = DSO_METHOD_openssl(); -- ret = (DSO *)OPENSSL_malloc(sizeof(DSO)); -- if(ret == NULL) -- { -- DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- memset(ret, 0, sizeof(DSO)); -- ret->meth_data = sk_new_null(); -- if(ret->meth_data == NULL) -- { -- /* sk_new doesn't generate any errors so we do */ -- DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE); -- OPENSSL_free(ret); -- return(NULL); -- } -- if(meth == NULL) -- ret->meth = default_DSO_meth; -- else -- ret->meth = meth; -- ret->references = 1; -- if((ret->meth->init != NULL) && !ret->meth->init(ret)) -- { -- OPENSSL_free(ret); -- ret=NULL; -- } -- return(ret); -- } -+{ -+ DSO *ret; -+ -+ if (default_DSO_meth == NULL) -+ /* -+ * We default to DSO_METH_openssl() which in turn defaults to -+ * stealing the "best available" method. Will fallback to -+ * DSO_METH_null() in the worst case. -+ */ -+ default_DSO_meth = DSO_METHOD_openssl(); -+ ret = (DSO *)OPENSSL_malloc(sizeof(DSO)); -+ if (ret == NULL) { -+ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ memset(ret, 0, sizeof(DSO)); -+ ret->meth_data = sk_new_null(); -+ if (ret->meth_data == NULL) { -+ /* sk_new doesn't generate any errors so we do */ -+ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ OPENSSL_free(ret); -+ return (NULL); -+ } -+ if (meth == NULL) -+ ret->meth = default_DSO_meth; -+ else -+ ret->meth = meth; -+ ret->references = 1; -+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+ return (ret); -+} - - int DSO_free(DSO *dso) -- { -- int i; -- -- if(dso == NULL) -- { -- DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -- -- i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO); -+{ -+ int i; -+ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ -+ i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO); - #ifdef REF_PRINT -- REF_PRINT("DSO",dso); -+ REF_PRINT("DSO", dso); - #endif -- if(i > 0) return(1); -+ if (i > 0) -+ return (1); - #ifdef REF_CHECK -- if(i < 0) -- { -- fprintf(stderr,"DSO_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "DSO_free, bad reference count\n"); -+ abort(); -+ } - #endif - -- if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) -- { -- DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED); -- return(0); -- } -- -- if((dso->meth->finish != NULL) && !dso->meth->finish(dso)) -- { -- DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED); -- return(0); -- } -- -- sk_free(dso->meth_data); -- if(dso->filename != NULL) -- OPENSSL_free(dso->filename); -- if(dso->loaded_filename != NULL) -- OPENSSL_free(dso->loaded_filename); -- -- OPENSSL_free(dso); -- return(1); -- } -+ if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { -+ DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); -+ return (0); -+ } - --int DSO_flags(DSO *dso) -- { -- return((dso == NULL) ? 0 : dso->flags); -- } -+ if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { -+ DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED); -+ return (0); -+ } - -+ sk_free(dso->meth_data); -+ if (dso->filename != NULL) -+ OPENSSL_free(dso->filename); -+ if (dso->loaded_filename != NULL) -+ OPENSSL_free(dso->loaded_filename); -+ -+ OPENSSL_free(dso); -+ return (1); -+} -+ -+int DSO_flags(DSO *dso) -+{ -+ return ((dso == NULL) ? 0 : dso->flags); -+} - - int DSO_up_ref(DSO *dso) -- { -- if (dso == NULL) -- { -- DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -+{ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } - -- CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO); -- return(1); -- } -+ CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO); -+ return (1); -+} - - DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) -- { -- DSO *ret; -- int allocated = 0; -- -- if(dso == NULL) -- { -- ret = DSO_new_method(meth); -- if(ret == NULL) -- { -- DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- allocated = 1; -- /* Pass the provided flags to the new DSO object */ -- if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) -- { -- DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED); -- goto err; -- } -- } -- else -- ret = dso; -- /* Don't load if we're currently already loaded */ -- if(ret->filename != NULL) -- { -- DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED); -- goto err; -- } -- /* filename can only be NULL if we were passed a dso that already has -- * one set. */ -- if(filename != NULL) -- if(!DSO_set_filename(ret, filename)) -- { -- DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED); -- goto err; -- } -- filename = ret->filename; -- if(filename == NULL) -- { -- DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME); -- goto err; -- } -- if(ret->meth->dso_load == NULL) -- { -- DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED); -- goto err; -- } -- if(!ret->meth->dso_load(ret)) -- { -- DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED); -- goto err; -- } -- /* Load succeeded */ -- return(ret); --err: -- if(allocated) -- DSO_free(ret); -- return(NULL); -- } -+{ -+ DSO *ret; -+ int allocated = 0; -+ -+ if (dso == NULL) { -+ ret = DSO_new_method(meth); -+ if (ret == NULL) { -+ DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ allocated = 1; -+ /* Pass the provided flags to the new DSO object */ -+ if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) { -+ DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED); -+ goto err; -+ } -+ } else -+ ret = dso; -+ /* Don't load if we're currently already loaded */ -+ if (ret->filename != NULL) { -+ DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED); -+ goto err; -+ } -+ /* -+ * filename can only be NULL if we were passed a dso that already has one -+ * set. -+ */ -+ if (filename != NULL) -+ if (!DSO_set_filename(ret, filename)) { -+ DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED); -+ goto err; -+ } -+ filename = ret->filename; -+ if (filename == NULL) { -+ DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME); -+ goto err; -+ } -+ if (ret->meth->dso_load == NULL) { -+ DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED); -+ goto err; -+ } -+ if (!ret->meth->dso_load(ret)) { -+ DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED); -+ goto err; -+ } -+ /* Load succeeded */ -+ return (ret); -+ err: -+ if (allocated) -+ DSO_free(ret); -+ return (NULL); -+} - - void *DSO_bind_var(DSO *dso, const char *symname) -- { -- void *ret = NULL; -- -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(dso->meth->dso_bind_var == NULL) -- { -- DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED); -- return(NULL); -- } -- if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) -- { -- DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE); -- return(NULL); -- } -- /* Success */ -- return(ret); -- } -+{ -+ void *ret = NULL; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (dso->meth->dso_bind_var == NULL) { -+ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED); -+ return (NULL); -+ } -+ if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) { -+ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE); -+ return (NULL); -+ } -+ /* Success */ -+ return (ret); -+} - - DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) -- { -- DSO_FUNC_TYPE ret = NULL; -- -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(dso->meth->dso_bind_func == NULL) -- { -- DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED); -- return(NULL); -- } -- if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) -- { -- DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE); -- return(NULL); -- } -- /* Success */ -- return(ret); -- } -- --/* I don't really like these *_ctrl functions very much to be perfectly -- * honest. For one thing, I think I have to return a negative value for -- * any error because possible DSO_ctrl() commands may return values -- * such as "size"s that can legitimately be zero (making the standard -- * "if(DSO_cmd(...))" form that works almost everywhere else fail at -- * odd times. I'd prefer "output" values to be passed by reference and -- * the return value as success/failure like usual ... but we conform -- * when we must... :-) */ -+{ -+ DSO_FUNC_TYPE ret = NULL; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (dso->meth->dso_bind_func == NULL) { -+ DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED); -+ return (NULL); -+ } -+ if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) { -+ DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE); -+ return (NULL); -+ } -+ /* Success */ -+ return (ret); -+} -+ -+/* -+ * I don't really like these *_ctrl functions very much to be perfectly -+ * honest. For one thing, I think I have to return a negative value for any -+ * error because possible DSO_ctrl() commands may return values such as -+ * "size"s that can legitimately be zero (making the standard -+ * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd -+ * times. I'd prefer "output" values to be passed by reference and the return -+ * value as success/failure like usual ... but we conform when we must... :-) -+ */ - long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) -- { -- if(dso == NULL) -- { -- DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER); -- return(-1); -- } -- /* We should intercept certain generic commands and only pass control -- * to the method-specific ctrl() function if it's something we don't -- * handle. */ -- switch(cmd) -- { -- case DSO_CTRL_GET_FLAGS: -- return dso->flags; -- case DSO_CTRL_SET_FLAGS: -- dso->flags = (int)larg; -- return(0); -- case DSO_CTRL_OR_FLAGS: -- dso->flags |= (int)larg; -- return(0); -- default: -- break; -- } -- if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) -- { -- DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED); -- return(-1); -- } -- return(dso->meth->dso_ctrl(dso,cmd,larg,parg)); -- } -+{ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER); -+ return (-1); -+ } -+ /* -+ * We should intercept certain generic commands and only pass control to -+ * the method-specific ctrl() function if it's something we don't handle. -+ */ -+ switch (cmd) { -+ case DSO_CTRL_GET_FLAGS: -+ return dso->flags; -+ case DSO_CTRL_SET_FLAGS: -+ dso->flags = (int)larg; -+ return (0); -+ case DSO_CTRL_OR_FLAGS: -+ dso->flags |= (int)larg; -+ return (0); -+ default: -+ break; -+ } -+ if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) { -+ DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED); -+ return (-1); -+ } -+ return (dso->meth->dso_ctrl(dso, cmd, larg, parg)); -+} - - int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, -- DSO_NAME_CONVERTER_FUNC *oldcb) -- { -- if(dso == NULL) -- { -- DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, -- ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -- if(oldcb) -- *oldcb = dso->name_converter; -- dso->name_converter = cb; -- return(1); -- } -+ DSO_NAME_CONVERTER_FUNC *oldcb) -+{ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ if (oldcb) -+ *oldcb = dso->name_converter; -+ dso->name_converter = cb; -+ return (1); -+} - - const char *DSO_get_filename(DSO *dso) -- { -- if(dso == NULL) -- { -- DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- return(dso->filename); -- } -+{ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ return (dso->filename); -+} - - int DSO_set_filename(DSO *dso, const char *filename) -- { -- char *copied; -- -- if((dso == NULL) || (filename == NULL)) -- { -- DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -- if(dso->loaded_filename) -- { -- DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED); -- return(0); -- } -- /* We'll duplicate filename */ -- copied = OPENSSL_malloc(strlen(filename) + 1); -- if(copied == NULL) -- { -- DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- BUF_strlcpy(copied, filename, strlen(filename) + 1); -- if(dso->filename) -- OPENSSL_free(dso->filename); -- dso->filename = copied; -- return(1); -- } -+{ -+ char *copied; -+ -+ if ((dso == NULL) || (filename == NULL)) { -+ DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ if (dso->loaded_filename) { -+ DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED); -+ return (0); -+ } -+ /* We'll duplicate filename */ -+ copied = OPENSSL_malloc(strlen(filename) + 1); -+ if (copied == NULL) { -+ DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ BUF_strlcpy(copied, filename, strlen(filename) + 1); -+ if (dso->filename) -+ OPENSSL_free(dso->filename); -+ dso->filename = copied; -+ return (1); -+} - - char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) -- { -- char *result = NULL; -- -- if(dso == NULL || filespec1 == NULL) -- { -- DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(filespec1 == NULL) -- filespec1 = dso->filename; -- if(filespec1 == NULL) -- { -- DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION); -- return(NULL); -- } -- if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) -- { -- if(dso->merger != NULL) -- result = dso->merger(dso, filespec1, filespec2); -- else if(dso->meth->dso_merger != NULL) -- result = dso->meth->dso_merger(dso, -- filespec1, filespec2); -- } -- return(result); -- } -+{ -+ char *result = NULL; -+ -+ if (dso == NULL || filespec1 == NULL) { -+ DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (filespec1 == NULL) -+ filespec1 = dso->filename; -+ if (filespec1 == NULL) { -+ DSOerr(DSO_F_DSO_MERGE, DSO_R_NO_FILE_SPECIFICATION); -+ return (NULL); -+ } -+ if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { -+ if (dso->merger != NULL) -+ result = dso->merger(dso, filespec1, filespec2); -+ else if (dso->meth->dso_merger != NULL) -+ result = dso->meth->dso_merger(dso, filespec1, filespec2); -+ } -+ return (result); -+} - - char *DSO_convert_filename(DSO *dso, const char *filename) -- { -- char *result = NULL; -- -- if(dso == NULL) -- { -- DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(filename == NULL) -- filename = dso->filename; -- if(filename == NULL) -- { -- DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); -- return(NULL); -- } -- if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) -- { -- if(dso->name_converter != NULL) -- result = dso->name_converter(dso, filename); -- else if(dso->meth->dso_name_converter != NULL) -- result = dso->meth->dso_name_converter(dso, filename); -- } -- if(result == NULL) -- { -- result = OPENSSL_malloc(strlen(filename) + 1); -- if(result == NULL) -- { -- DSOerr(DSO_F_DSO_CONVERT_FILENAME, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- BUF_strlcpy(result, filename, strlen(filename) + 1); -- } -- return(result); -- } -+{ -+ char *result = NULL; -+ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (filename == NULL) -+ filename = dso->filename; -+ if (filename == NULL) { -+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME); -+ return (NULL); -+ } -+ if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { -+ if (dso->name_converter != NULL) -+ result = dso->name_converter(dso, filename); -+ else if (dso->meth->dso_name_converter != NULL) -+ result = dso->meth->dso_name_converter(dso, filename); -+ } -+ if (result == NULL) { -+ result = OPENSSL_malloc(strlen(filename) + 1); -+ if (result == NULL) { -+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ BUF_strlcpy(result, filename, strlen(filename) + 1); -+ } -+ return (result); -+} - - const char *DSO_get_loaded_filename(DSO *dso) -- { -- if(dso == NULL) -- { -- DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, -- ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- return(dso->loaded_filename); -- } -+{ -+ if (dso == NULL) { -+ DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ return (dso->loaded_filename); -+} -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c -index 4972984..3d11272 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_null.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_null.c -@@ -1,6 +1,7 @@ - /* dso_null.c */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,33 +57,34 @@ - * - */ - --/* This "NULL" method is provided as the fallback for systems that have -- * no appropriate support for "shared-libraries". */ -+/* -+ * This "NULL" method is provided as the fallback for systems that have no -+ * appropriate support for "shared-libraries". -+ */ - - #include - #include "cryptlib.h" - #include - - static DSO_METHOD dso_meth_null = { -- "NULL shared library method", -- NULL, /* load */ -- NULL, /* unload */ -- NULL, /* bind_var */ -- NULL, /* bind_func */ -+ "NULL shared library method", -+ NULL, /* load */ -+ NULL, /* unload */ -+ NULL, /* bind_var */ -+ NULL, /* bind_func */ - /* For now, "unbind" doesn't exist */ - #if 0 -- NULL, /* unbind_var */ -- NULL, /* unbind_func */ -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ - #endif -- NULL, /* ctrl */ -- NULL, /* dso_name_converter */ -- NULL, /* dso_merger */ -- NULL, /* init */ -- NULL /* finish */ -- }; -+ NULL, /* ctrl */ -+ NULL, /* dso_name_converter */ -+ NULL, /* dso_merger */ -+ NULL, /* init */ -+ NULL /* finish */ -+}; - - DSO_METHOD *DSO_METHOD_null(void) -- { -- return(&dso_meth_null); -- } -- -+{ -+ return (&dso_meth_null); -+} -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c -index a4395eb..27b7d55 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c -@@ -1,6 +1,7 @@ - /* dso_openssl.c */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -63,19 +64,18 @@ - /* We just pinch the method from an appropriate "default" method. */ - - DSO_METHOD *DSO_METHOD_openssl(void) -- { -+{ - #ifdef DEF_DSO_METHOD -- return(DEF_DSO_METHOD()); -+ return (DEF_DSO_METHOD()); - #elif defined(DSO_DLFCN) -- return(DSO_METHOD_dlfcn()); -+ return (DSO_METHOD_dlfcn()); - #elif defined(DSO_DL) -- return(DSO_METHOD_dl()); -+ return (DSO_METHOD_dl()); - #elif defined(DSO_WIN32) -- return(DSO_METHOD_win32()); -+ return (DSO_METHOD_win32()); - #elif defined(DSO_VMS) -- return(DSO_METHOD_vms()); -+ return (DSO_METHOD_vms()); - #else -- return(DSO_METHOD_null()); -+ return (DSO_METHOD_null()); - #endif -- } -- -+} -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c -index 2c434ee..12e1db3 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c -@@ -1,6 +1,7 @@ - /* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,443 +63,442 @@ - #include "cryptlib.h" - #include - #ifdef OPENSSL_SYS_VMS --#pragma message disable DOLLARID --#include --#include --#include --#include --#include -+# pragma message disable DOLLARID -+# include -+# include -+# include -+# include -+# include - #endif - - #ifndef OPENSSL_SYS_VMS - DSO_METHOD *DSO_METHOD_vms(void) -- { -- return NULL; -- } -+{ -+ return NULL; -+} - #else --#pragma message disable DOLLARID -+# pragma message disable DOLLARID - - static int vms_load(DSO *dso); - static int vms_unload(DSO *dso); - static void *vms_bind_var(DSO *dso, const char *symname); - static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); --#if 0 -+# if 0 - static int vms_unbind_var(DSO *dso, char *symname, void *symptr); - static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); - static int vms_init(DSO *dso); - static int vms_finish(DSO *dso); - static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); --#endif -+# endif - static char *vms_name_converter(DSO *dso, const char *filename); - static char *vms_merger(DSO *dso, const char *filespec1, -- const char *filespec2); -+ const char *filespec2); - - static DSO_METHOD dso_meth_vms = { -- "OpenSSL 'VMS' shared library method", -- vms_load, -- NULL, /* unload */ -- vms_bind_var, -- vms_bind_func, -+ "OpenSSL 'VMS' shared library method", -+ vms_load, -+ NULL, /* unload */ -+ vms_bind_var, -+ vms_bind_func, - /* For now, "unbind" doesn't exist */ --#if 0 -- NULL, /* unbind_var */ -- NULL, /* unbind_func */ --#endif -- NULL, /* ctrl */ -- vms_name_converter, -- vms_merger, -- NULL, /* init */ -- NULL /* finish */ -- }; -- --/* On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif -+ NULL, /* ctrl */ -+ vms_name_converter, -+ vms_merger, -+ NULL, /* init */ -+ NULL /* finish */ -+}; -+ -+/* -+ * On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends - * on the reference to the file name being the same for all calls regarding - * one shared image, so we'll just store it in an instance of the following - * structure and put a pointer to that instance in the meth_data stack. - */ --typedef struct dso_internal_st -- { -- /* This should contain the name only, no directory, -- * no extension, nothing but a name. */ -- struct dsc$descriptor_s filename_dsc; -- char filename[FILENAME_MAX+1]; -- /* This contains whatever is not in filename, if needed. -- * Normally not defined. */ -- struct dsc$descriptor_s imagename_dsc; -- char imagename[FILENAME_MAX+1]; -- } DSO_VMS_INTERNAL; -- -+typedef struct dso_internal_st { -+ /* -+ * This should contain the name only, no directory, no extension, nothing -+ * but a name. -+ */ -+ struct dsc$descriptor_s filename_dsc; -+ char filename[FILENAME_MAX + 1]; -+ /* -+ * This contains whatever is not in filename, if needed. Normally not -+ * defined. -+ */ -+ struct dsc$descriptor_s imagename_dsc; -+ char imagename[FILENAME_MAX + 1]; -+} DSO_VMS_INTERNAL; - - DSO_METHOD *DSO_METHOD_vms(void) -- { -- return(&dso_meth_vms); -- } -+{ -+ return (&dso_meth_vms); -+} - - static int vms_load(DSO *dso) -- { -- void *ptr = NULL; -- /* See applicable comments in dso_dl.c */ -- char *filename = DSO_convert_filename(dso, NULL); -- DSO_VMS_INTERNAL *p; -- const char *sp1, *sp2; /* Search result */ -- -- if(filename == NULL) -- { -- DSOerr(DSO_F_VMS_LOAD,DSO_R_NO_FILENAME); -- goto err; -- } -- -- /* A file specification may look like this: -- * -- * node::dev:[dir-spec]name.type;ver -- * -- * or (for compatibility with TOPS-20): -- * -- * node::dev:name.type;ver -- * -- * and the dir-spec uses '.' as separator. Also, a dir-spec -- * may consist of several parts, with mixed use of [] and <>: -- * -- * [dir1.] -- * -- * We need to split the file specification into the name and -- * the rest (both before and after the name itself). -- */ -- /* Start with trying to find the end of a dir-spec, and save the -- position of the byte after in sp1 */ -- sp1 = strrchr(filename, ']'); -- sp2 = strrchr(filename, '>'); -- if (sp1 == NULL) sp1 = sp2; -- if (sp2 != NULL && sp2 > sp1) sp1 = sp2; -- if (sp1 == NULL) sp1 = strrchr(filename, ':'); -- if (sp1 == NULL) -- sp1 = filename; -- else -- sp1++; /* The byte after the found character */ -- /* Now, let's see if there's a type, and save the position in sp2 */ -- sp2 = strchr(sp1, '.'); -- /* If we found it, that's where we'll cut. Otherwise, look for a -- version number and save the position in sp2 */ -- if (sp2 == NULL) sp2 = strchr(sp1, ';'); -- /* If there was still nothing to find, set sp2 to point at the end of -- the string */ -- if (sp2 == NULL) sp2 = sp1 + strlen(sp1); -- -- /* Check that we won't get buffer overflows */ -- if (sp2 - sp1 > FILENAME_MAX -- || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) -- { -- DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG); -- goto err; -- } -- -- p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); -- if(p == NULL) -- { -- DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- strncpy(p->filename, sp1, sp2-sp1); -- p->filename[sp2-sp1] = '\0'; -- -- strncpy(p->imagename, filename, sp1-filename); -- p->imagename[sp1-filename] = '\0'; -- strcat(p->imagename, sp2); -- -- p->filename_dsc.dsc$w_length = strlen(p->filename); -- p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -- p->filename_dsc.dsc$b_class = DSC$K_CLASS_S; -- p->filename_dsc.dsc$a_pointer = p->filename; -- p->imagename_dsc.dsc$w_length = strlen(p->imagename); -- p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -- p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; -- p->imagename_dsc.dsc$a_pointer = p->imagename; -- -- if(!sk_push(dso->meth_data, (char *)p)) -- { -- DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR); -- goto err; -- } -- -- /* Success (for now, we lie. We actually do not know...) */ -- dso->loaded_filename = filename; -- return(1); --err: -- /* Cleanup! */ -- if(p != NULL) -- OPENSSL_free(p); -- if(filename != NULL) -- OPENSSL_free(filename); -- return(0); -- } -- --/* Note that this doesn't actually unload the shared image, as there is no -+{ -+ void *ptr = NULL; -+ /* See applicable comments in dso_dl.c */ -+ char *filename = DSO_convert_filename(dso, NULL); -+ DSO_VMS_INTERNAL *p; -+ const char *sp1, *sp2; /* Search result */ -+ -+ if (filename == NULL) { -+ DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); -+ goto err; -+ } -+ -+ /*- -+ * A file specification may look like this: -+ * -+ * node::dev:[dir-spec]name.type;ver -+ * -+ * or (for compatibility with TOPS-20): -+ * -+ * node::dev:name.type;ver -+ * -+ * and the dir-spec uses '.' as separator. Also, a dir-spec -+ * may consist of several parts, with mixed use of [] and <>: -+ * -+ * [dir1.] -+ * -+ * We need to split the file specification into the name and -+ * the rest (both before and after the name itself). -+ */ -+ /* -+ * Start with trying to find the end of a dir-spec, and save the position -+ * of the byte after in sp1 -+ */ -+ sp1 = strrchr(filename, ']'); -+ sp2 = strrchr(filename, '>'); -+ if (sp1 == NULL) -+ sp1 = sp2; -+ if (sp2 != NULL && sp2 > sp1) -+ sp1 = sp2; -+ if (sp1 == NULL) -+ sp1 = strrchr(filename, ':'); -+ if (sp1 == NULL) -+ sp1 = filename; -+ else -+ sp1++; /* The byte after the found character */ -+ /* Now, let's see if there's a type, and save the position in sp2 */ -+ sp2 = strchr(sp1, '.'); -+ /* -+ * If we found it, that's where we'll cut. Otherwise, look for a version -+ * number and save the position in sp2 -+ */ -+ if (sp2 == NULL) -+ sp2 = strchr(sp1, ';'); -+ /* -+ * If there was still nothing to find, set sp2 to point at the end of the -+ * string -+ */ -+ if (sp2 == NULL) -+ sp2 = sp1 + strlen(sp1); -+ -+ /* Check that we won't get buffer overflows */ -+ if (sp2 - sp1 > FILENAME_MAX -+ || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) { -+ DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG); -+ goto err; -+ } -+ -+ p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); -+ if (p == NULL) { -+ DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ strncpy(p->filename, sp1, sp2 - sp1); -+ p->filename[sp2 - sp1] = '\0'; -+ -+ strncpy(p->imagename, filename, sp1 - filename); -+ p->imagename[sp1 - filename] = '\0'; -+ strcat(p->imagename, sp2); -+ -+ p->filename_dsc.dsc$w_length = strlen(p->filename); -+ p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -+ p->filename_dsc.dsc$b_class = DSC$K_CLASS_S; -+ p->filename_dsc.dsc$a_pointer = p->filename; -+ p->imagename_dsc.dsc$w_length = strlen(p->imagename); -+ p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -+ p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; -+ p->imagename_dsc.dsc$a_pointer = p->imagename; -+ -+ if (!sk_push(dso->meth_data, (char *)p)) { -+ DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR); -+ goto err; -+ } -+ -+ /* Success (for now, we lie. We actually do not know...) */ -+ dso->loaded_filename = filename; -+ return (1); -+ err: -+ /* Cleanup! */ -+ if (p != NULL) -+ OPENSSL_free(p); -+ if (filename != NULL) -+ OPENSSL_free(filename); -+ return (0); -+} -+ -+/* -+ * Note that this doesn't actually unload the shared image, as there is no - * such thing in VMS. Next time it get loaded again, a new copy will - * actually be loaded. - */ - static int vms_unload(DSO *dso) -- { -- DSO_VMS_INTERNAL *p; -- if(dso == NULL) -- { -- DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -- if(sk_num(dso->meth_data) < 1) -- return(1); -- p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data); -- if(p == NULL) -- { -- DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE); -- return(0); -- } -- /* Cleanup */ -- OPENSSL_free(p); -- return(1); -- } -- --/* We must do this in a separate function because of the way the exception -- handler works (it makes this function return */ -+{ -+ DSO_VMS_INTERNAL *p; -+ if (dso == NULL) { -+ DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ if (sk_num(dso->meth_data) < 1) -+ return (1); -+ p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data); -+ if (p == NULL) { -+ DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE); -+ return (0); -+ } -+ /* Cleanup */ -+ OPENSSL_free(p); -+ return (1); -+} -+ -+/* -+ * We must do this in a separate function because of the way the exception -+ * handler works (it makes this function return -+ */ - static int do_find_symbol(DSO_VMS_INTERNAL *ptr, -- struct dsc$descriptor_s *symname_dsc, void **sym, -- unsigned long flags) -- { -- /* Make sure that signals are caught and returned instead of -- aborting the program. The exception handler gets unestablished -- automatically on return from this function. */ -- lib$establish(lib$sig_to_ret); -- -- if(ptr->imagename_dsc.dsc$w_length) -- return lib$find_image_symbol(&ptr->filename_dsc, -- symname_dsc, sym, -- &ptr->imagename_dsc, flags); -- else -- return lib$find_image_symbol(&ptr->filename_dsc, -- symname_dsc, sym, -- 0, flags); -- } -+ struct dsc$descriptor_s *symname_dsc, void **sym, -+ unsigned long flags) -+{ -+ /* -+ * Make sure that signals are caught and returned instead of aborting the -+ * program. The exception handler gets unestablished automatically on -+ * return from this function. -+ */ -+ lib$establish(lib$sig_to_ret); -+ -+ if (ptr->imagename_dsc.dsc$w_length) -+ return lib$find_image_symbol(&ptr->filename_dsc, -+ symname_dsc, sym, -+ &ptr->imagename_dsc, flags); -+ else -+ return lib$find_image_symbol(&ptr->filename_dsc, -+ symname_dsc, sym, 0, flags); -+} - - void vms_bind_sym(DSO *dso, const char *symname, void **sym) -- { -- DSO_VMS_INTERNAL *ptr; -- int status; --#if 0 -- int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't -- defined in VMS older than 7.0 or so */ --#else -- int flags = 0; --#endif -- struct dsc$descriptor_s symname_dsc; -- *sym = NULL; -- -- symname_dsc.dsc$w_length = strlen(symname); -- symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -- symname_dsc.dsc$b_class = DSC$K_CLASS_S; -- symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ -- -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER); -- return; -- } -- if(sk_num(dso->meth_data) < 1) -- { -- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR); -- return; -- } -- ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, -- sk_num(dso->meth_data) - 1); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE); -- return; -- } -- -- if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0; -- -- status = do_find_symbol(ptr, &symname_dsc, sym, flags); -- -- if(!$VMS_STATUS_SUCCESS(status)) -- { -- unsigned short length; -- char errstring[257]; -- struct dsc$descriptor_s errstring_dsc; -- -- errstring_dsc.dsc$w_length = sizeof(errstring); -- errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -- errstring_dsc.dsc$b_class = DSC$K_CLASS_S; -- errstring_dsc.dsc$a_pointer = errstring; -- -- *sym = NULL; -- -- status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); -- -- if (!$VMS_STATUS_SUCCESS(status)) -- lib$signal(status); /* This is really bad. Abort! */ -- else -- { -- errstring[length] = '\0'; -- -- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_SYM_FAILURE); -- if (ptr->imagename_dsc.dsc$w_length) -- ERR_add_error_data(9, -- "Symbol ", symname, -- " in ", ptr->filename, -- " (", ptr->imagename, ")", -- ": ", errstring); -- else -- ERR_add_error_data(6, -- "Symbol ", symname, -- " in ", ptr->filename, -- ": ", errstring); -- } -- return; -- } -- return; -- } -+{ -+ DSO_VMS_INTERNAL *ptr; -+ int status; -+# if 0 -+ int flags = (1 << 4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't -+ * defined in VMS older than 7.0 or so */ -+# else -+ int flags = 0; -+# endif -+ struct dsc$descriptor_s symname_dsc; -+ *sym = NULL; -+ -+ symname_dsc.dsc$w_length = strlen(symname); -+ symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -+ symname_dsc.dsc$b_class = DSC$K_CLASS_S; -+ symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER); -+ return; -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR); -+ return; -+ } -+ ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, -+ sk_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE); -+ return; -+ } -+ -+ if (dso->flags & DSO_FLAG_UPCASE_SYMBOL) -+ flags = 0; -+ -+ status = do_find_symbol(ptr, &symname_dsc, sym, flags); -+ -+ if (!$VMS_STATUS_SUCCESS(status)) { -+ unsigned short length; -+ char errstring[257]; -+ struct dsc$descriptor_s errstring_dsc; -+ -+ errstring_dsc.dsc$w_length = sizeof(errstring); -+ errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -+ errstring_dsc.dsc$b_class = DSC$K_CLASS_S; -+ errstring_dsc.dsc$a_pointer = errstring; -+ -+ *sym = NULL; -+ -+ status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); -+ -+ if (!$VMS_STATUS_SUCCESS(status)) -+ lib$signal(status); /* This is really bad. Abort! */ -+ else { -+ errstring[length] = '\0'; -+ -+ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE); -+ if (ptr->imagename_dsc.dsc$w_length) -+ ERR_add_error_data(9, -+ "Symbol ", symname, -+ " in ", ptr->filename, -+ " (", ptr->imagename, ")", -+ ": ", errstring); -+ else -+ ERR_add_error_data(6, -+ "Symbol ", symname, -+ " in ", ptr->filename, ": ", errstring); -+ } -+ return; -+ } -+ return; -+} - - static void *vms_bind_var(DSO *dso, const char *symname) -- { -- void *sym = 0; -- vms_bind_sym(dso, symname, &sym); -- return sym; -- } -+{ -+ void *sym = 0; -+ vms_bind_sym(dso, symname, &sym); -+ return sym; -+} - - static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) -- { -- DSO_FUNC_TYPE sym = 0; -- vms_bind_sym(dso, symname, (void **)&sym); -- return sym; -- } -- --static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) -- { -- int status; -- int filespec1len, filespec2len; -- struct FAB fab; --#ifdef NAML$C_MAXRSS -- struct NAML nam; -- char esa[NAML$C_MAXRSS]; --#else -- struct NAM nam; -- char esa[NAM$C_MAXRSS]; --#endif -- char *merged; -- -- if (!filespec1) filespec1 = ""; -- if (!filespec2) filespec2 = ""; -- filespec1len = strlen(filespec1); -- filespec2len = strlen(filespec2); -+{ -+ DSO_FUNC_TYPE sym = 0; -+ vms_bind_sym(dso, symname, (void **)&sym); -+ return sym; -+} - -- fab = cc$rms_fab; --#ifdef NAML$C_MAXRSS -- nam = cc$rms_naml; --#else -- nam = cc$rms_nam; --#endif -- -- fab.fab$l_fna = (char *)filespec1; -- fab.fab$b_fns = filespec1len; -- fab.fab$l_dna = (char *)filespec2; -- fab.fab$b_dns = filespec2len; --#ifdef NAML$C_MAXRSS -- if (filespec1len > NAM$C_MAXRSS) -- { -- fab.fab$l_fna = 0; -- fab.fab$b_fns = 0; -- nam.naml$l_long_filename = (char *)filespec1; -- nam.naml$l_long_filename_size = filespec1len; -- } -- if (filespec2len > NAM$C_MAXRSS) -- { -- fab.fab$l_dna = 0; -- fab.fab$b_dns = 0; -- nam.naml$l_long_defname = (char *)filespec2; -- nam.naml$l_long_defname_size = filespec2len; -- } -- nam.naml$l_esa = esa; -- nam.naml$b_ess = NAM$C_MAXRSS; -- nam.naml$l_long_expand = esa; -- nam.naml$l_long_expand_alloc = sizeof(esa); -- nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; -- nam.naml$v_no_short_upcase = 1; -- fab.fab$l_naml = &nam; --#else -- nam.nam$l_esa = esa; -- nam.nam$b_ess = NAM$C_MAXRSS; -- nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; -- fab.fab$l_nam = &nam; --#endif -- -- status = sys$parse(&fab, 0, 0); -- -- if(!$VMS_STATUS_SUCCESS(status)) -- { -- unsigned short length; -- char errstring[257]; -- struct dsc$descriptor_s errstring_dsc; -- -- errstring_dsc.dsc$w_length = sizeof(errstring); -- errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -- errstring_dsc.dsc$b_class = DSC$K_CLASS_S; -- errstring_dsc.dsc$a_pointer = errstring; -- -- status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); -- -- if (!$VMS_STATUS_SUCCESS(status)) -- lib$signal(status); /* This is really bad. Abort! */ -- else -- { -- errstring[length] = '\0'; -- -- DSOerr(DSO_F_VMS_MERGER,DSO_R_FAILURE); -- ERR_add_error_data(7, -- "filespec \"", filespec1, "\", ", -- "defaults \"", filespec2, "\": ", -- errstring); -- } -- return(NULL); -- } --#ifdef NAML$C_MAXRSS -- if (nam.naml$l_long_expand_size) -- { -- merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); -- if(!merged) -- goto malloc_err; -- strncpy(merged, nam.naml$l_long_expand, -- nam.naml$l_long_expand_size); -- merged[nam.naml$l_long_expand_size] = '\0'; -- } -- else -- { -- merged = OPENSSL_malloc(nam.naml$b_esl + 1); -- if(!merged) -- goto malloc_err; -- strncpy(merged, nam.naml$l_esa, -- nam.naml$b_esl); -- merged[nam.naml$b_esl] = '\0'; -- } --#else -- merged = OPENSSL_malloc(nam.nam$b_esl + 1); -- if(!merged) -- goto malloc_err; -- strncpy(merged, nam.nam$l_esa, -- nam.nam$b_esl); -- merged[nam.nam$b_esl] = '\0'; --#endif -- return(merged); -+static char *vms_merger(DSO *dso, const char *filespec1, -+ const char *filespec2) -+{ -+ int status; -+ int filespec1len, filespec2len; -+ struct FAB fab; -+# ifdef NAML$C_MAXRSS -+ struct NAML nam; -+ char esa[NAML$C_MAXRSS]; -+# else -+ struct NAM nam; -+ char esa[NAM$C_MAXRSS]; -+# endif -+ char *merged; -+ -+ if (!filespec1) -+ filespec1 = ""; -+ if (!filespec2) -+ filespec2 = ""; -+ filespec1len = strlen(filespec1); -+ filespec2len = strlen(filespec2); -+ -+ fab = cc$rms_fab; -+# ifdef NAML$C_MAXRSS -+ nam = cc$rms_naml; -+# else -+ nam = cc$rms_nam; -+# endif -+ -+ fab.fab$l_fna = (char *)filespec1; -+ fab.fab$b_fns = filespec1len; -+ fab.fab$l_dna = (char *)filespec2; -+ fab.fab$b_dns = filespec2len; -+# ifdef NAML$C_MAXRSS -+ if (filespec1len > NAM$C_MAXRSS) { -+ fab.fab$l_fna = 0; -+ fab.fab$b_fns = 0; -+ nam.naml$l_long_filename = (char *)filespec1; -+ nam.naml$l_long_filename_size = filespec1len; -+ } -+ if (filespec2len > NAM$C_MAXRSS) { -+ fab.fab$l_dna = 0; -+ fab.fab$b_dns = 0; -+ nam.naml$l_long_defname = (char *)filespec2; -+ nam.naml$l_long_defname_size = filespec2len; -+ } -+ nam.naml$l_esa = esa; -+ nam.naml$b_ess = NAM$C_MAXRSS; -+ nam.naml$l_long_expand = esa; -+ nam.naml$l_long_expand_alloc = sizeof(esa); -+ nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; -+ nam.naml$v_no_short_upcase = 1; -+ fab.fab$l_naml = &nam; -+# else -+ nam.nam$l_esa = esa; -+ nam.nam$b_ess = NAM$C_MAXRSS; -+ nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; -+ fab.fab$l_nam = &nam; -+# endif -+ -+ status = sys$parse(&fab, 0, 0); -+ -+ if (!$VMS_STATUS_SUCCESS(status)) { -+ unsigned short length; -+ char errstring[257]; -+ struct dsc$descriptor_s errstring_dsc; -+ -+ errstring_dsc.dsc$w_length = sizeof(errstring); -+ errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; -+ errstring_dsc.dsc$b_class = DSC$K_CLASS_S; -+ errstring_dsc.dsc$a_pointer = errstring; -+ -+ status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); -+ -+ if (!$VMS_STATUS_SUCCESS(status)) -+ lib$signal(status); /* This is really bad. Abort! */ -+ else { -+ errstring[length] = '\0'; -+ -+ DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE); -+ ERR_add_error_data(7, -+ "filespec \"", filespec1, "\", ", -+ "defaults \"", filespec2, "\": ", errstring); -+ } -+ return (NULL); -+ } -+# ifdef NAML$C_MAXRSS -+ if (nam.naml$l_long_expand_size) { -+ merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); -+ if (!merged) -+ goto malloc_err; -+ strncpy(merged, nam.naml$l_long_expand, nam.naml$l_long_expand_size); -+ merged[nam.naml$l_long_expand_size] = '\0'; -+ } else { -+ merged = OPENSSL_malloc(nam.naml$b_esl + 1); -+ if (!merged) -+ goto malloc_err; -+ strncpy(merged, nam.naml$l_esa, nam.naml$b_esl); -+ merged[nam.naml$b_esl] = '\0'; -+ } -+# else -+ merged = OPENSSL_malloc(nam.nam$b_esl + 1); -+ if (!merged) -+ goto malloc_err; -+ strncpy(merged, nam.nam$l_esa, nam.nam$b_esl); -+ merged[nam.nam$b_esl] = '\0'; -+# endif -+ return (merged); - malloc_err: -- DSOerr(DSO_F_VMS_MERGER, -- ERR_R_MALLOC_FAILURE); -- } -+ DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE); -+} - - static char *vms_name_converter(DSO *dso, const char *filename) -- { -- int len = strlen(filename); -- char *not_translated = OPENSSL_malloc(len+1); -- strcpy(not_translated,filename); -- return(not_translated); -- } -- --#endif /* OPENSSL_SYS_VMS */ -+{ -+ int len = strlen(filename); -+ char *not_translated = OPENSSL_malloc(len + 1); -+ strcpy(not_translated, filename); -+ return (not_translated); -+} -+ -+#endif /* OPENSSL_SYS_VMS */ -diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c -index f340052..973e7eb 100644 ---- a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c -+++ b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c -@@ -1,6 +1,7 @@ - /* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -63,601 +64,546 @@ - - #if !defined(DSO_WIN32) - DSO_METHOD *DSO_METHOD_win32(void) -- { -- return NULL; -- } -+{ -+ return NULL; -+} - #else - --#ifdef _WIN32_WCE --# if _WIN32_WCE < 300 --static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName) -- { -- WCHAR lpProcNameW[64]; -- int i; -- -- for (i=0;lpProcName[i] && i<64;i++) -- lpProcNameW[i] = (WCHAR)lpProcName[i]; -- if (i==64) return NULL; -- lpProcNameW[i] = 0; -- -- return GetProcAddressW(hModule,lpProcNameW); -- } --# endif --# undef GetProcAddress --# define GetProcAddress GetProcAddressA -+# ifdef _WIN32_WCE -+# if _WIN32_WCE < 300 -+static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName) -+{ -+ WCHAR lpProcNameW[64]; -+ int i; -+ -+ for (i = 0; lpProcName[i] && i < 64; i++) -+ lpProcNameW[i] = (WCHAR)lpProcName[i]; -+ if (i == 64) -+ return NULL; -+ lpProcNameW[i] = 0; -+ -+ return GetProcAddressW(hModule, lpProcNameW); -+} -+# endif -+# undef GetProcAddress -+# define GetProcAddress GetProcAddressA - - static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) -- { -- WCHAR *fnamw; -- size_t len_0=strlen(lpLibFileName)+1,i; -- --#ifdef _MSC_VER -- fnamw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); --#else -- fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); --#endif -- if (fnamw == NULL) return NULL; -- --#if defined(_WIN32_WCE) && _WIN32_WCE>=101 -- if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0)) --#endif -- for (i=0;i=101 -+ if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0)) -+# endif -+ for (i = 0; i < len_0; i++) -+ fnamw[i] = (WCHAR)lpLibFileName[i]; -+ -+ return LoadLibraryW(fnamw); -+} -+# endif - - /* Part of the hack in "win32_load" ... */ --#define DSO_MAX_TRANSLATED_SIZE 256 -+# define DSO_MAX_TRANSLATED_SIZE 256 - - static int win32_load(DSO *dso); - static int win32_unload(DSO *dso); - static void *win32_bind_var(DSO *dso, const char *symname); - static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); --#if 0 -+# if 0 - static int win32_unbind_var(DSO *dso, char *symname, void *symptr); - static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); - static int win32_init(DSO *dso); - static int win32_finish(DSO *dso); - static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); --#endif -+# endif - static char *win32_name_converter(DSO *dso, const char *filename); - static char *win32_merger(DSO *dso, const char *filespec1, -- const char *filespec2); -+ const char *filespec2); - - static const char *openssl_strnchr(const char *string, int c, size_t len); - - static DSO_METHOD dso_meth_win32 = { -- "OpenSSL 'win32' shared library method", -- win32_load, -- win32_unload, -- win32_bind_var, -- win32_bind_func, -+ "OpenSSL 'win32' shared library method", -+ win32_load, -+ win32_unload, -+ win32_bind_var, -+ win32_bind_func, - /* For now, "unbind" doesn't exist */ --#if 0 -- NULL, /* unbind_var */ -- NULL, /* unbind_func */ --#endif -- NULL, /* ctrl */ -- win32_name_converter, -- win32_merger, -- NULL, /* init */ -- NULL /* finish */ -- }; -+# if 0 -+ NULL, /* unbind_var */ -+ NULL, /* unbind_func */ -+# endif -+ NULL, /* ctrl */ -+ win32_name_converter, -+ win32_merger, -+ NULL, /* init */ -+ NULL /* finish */ -+}; - - DSO_METHOD *DSO_METHOD_win32(void) -- { -- return(&dso_meth_win32); -- } -+{ -+ return (&dso_meth_win32); -+} - --/* For this DSO_METHOD, our meth_data STACK will contain; -- * (i) a pointer to the handle (HINSTANCE) returned from -- * LoadLibrary(), and copied. -+/* -+ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to -+ * the handle (HINSTANCE) returned from LoadLibrary(), and copied. - */ - - static int win32_load(DSO *dso) -- { -- HINSTANCE h = NULL, *p = NULL; -- /* See applicable comments from dso_dl.c */ -- char *filename = DSO_convert_filename(dso, NULL); -- -- if(filename == NULL) -- { -- DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME); -- goto err; -- } -- h = LoadLibraryA(filename); -- if(h == NULL) -- { -- DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED); -- ERR_add_error_data(3, "filename(", filename, ")"); -- goto err; -- } -- p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE)); -- if(p == NULL) -- { -- DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- *p = h; -- if(!sk_push(dso->meth_data, (char *)p)) -- { -- DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR); -- goto err; -- } -- /* Success */ -- dso->loaded_filename = filename; -- return(1); --err: -- /* Cleanup !*/ -- if(filename != NULL) -- OPENSSL_free(filename); -- if(p != NULL) -- OPENSSL_free(p); -- if(h != NULL) -- FreeLibrary(h); -- return(0); -- } -+{ -+ HINSTANCE h = NULL, *p = NULL; -+ /* See applicable comments from dso_dl.c */ -+ char *filename = DSO_convert_filename(dso, NULL); -+ -+ if (filename == NULL) { -+ DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME); -+ goto err; -+ } -+ h = LoadLibraryA(filename); -+ if (h == NULL) { -+ DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED); -+ ERR_add_error_data(3, "filename(", filename, ")"); -+ goto err; -+ } -+ p = (HINSTANCE *) OPENSSL_malloc(sizeof(HINSTANCE)); -+ if (p == NULL) { -+ DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ *p = h; -+ if (!sk_push(dso->meth_data, (char *)p)) { -+ DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR); -+ goto err; -+ } -+ /* Success */ -+ dso->loaded_filename = filename; -+ return (1); -+ err: -+ /* Cleanup ! */ -+ if (filename != NULL) -+ OPENSSL_free(filename); -+ if (p != NULL) -+ OPENSSL_free(p); -+ if (h != NULL) -+ FreeLibrary(h); -+ return (0); -+} - - static int win32_unload(DSO *dso) -- { -- HINSTANCE *p; -- if(dso == NULL) -- { -- DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -- if(sk_num(dso->meth_data) < 1) -- return(1); -- p = (HINSTANCE *)sk_pop(dso->meth_data); -- if(p == NULL) -- { -- DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE); -- return(0); -- } -- if(!FreeLibrary(*p)) -- { -- DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED); -- /* We should push the value back onto the stack in -- * case of a retry. */ -- sk_push(dso->meth_data, (char *)p); -- return(0); -- } -- /* Cleanup */ -- OPENSSL_free(p); -- return(1); -- } -- --/* Using GetProcAddress for variables? TODO: Check this out in -- * the Win32 API docs, there's probably a variant for variables. */ -+{ -+ HINSTANCE *p; -+ if (dso == NULL) { -+ DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ if (sk_num(dso->meth_data) < 1) -+ return (1); -+ p = (HINSTANCE *) sk_pop(dso->meth_data); -+ if (p == NULL) { -+ DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE); -+ return (0); -+ } -+ if (!FreeLibrary(*p)) { -+ DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED); -+ /* -+ * We should push the value back onto the stack in case of a retry. -+ */ -+ sk_push(dso->meth_data, (char *)p); -+ return (0); -+ } -+ /* Cleanup */ -+ OPENSSL_free(p); -+ return (1); -+} -+ -+/* -+ * Using GetProcAddress for variables? TODO: Check this out in the Win32 API -+ * docs, there's probably a variant for variables. -+ */ - static void *win32_bind_var(DSO *dso, const char *symname) -- { -- HINSTANCE *ptr; -- void *sym; -- -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(sk_num(dso->meth_data) < 1) -- { -- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR); -- return(NULL); -- } -- ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE); -- return(NULL); -- } -- sym = GetProcAddress(*ptr, symname); -- if(sym == NULL) -- { -- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE); -- ERR_add_error_data(3, "symname(", symname, ")"); -- return(NULL); -- } -- return(sym); -- } -+{ -+ HINSTANCE *ptr; -+ void *sym; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ sym = GetProcAddress(*ptr, symname); -+ if (sym == NULL) { -+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(3, "symname(", symname, ")"); -+ return (NULL); -+ } -+ return (sym); -+} - - static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) -- { -- HINSTANCE *ptr; -- void *sym; -- -- if((dso == NULL) || (symname == NULL)) -- { -- DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(sk_num(dso->meth_data) < 1) -- { -- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR); -- return(NULL); -- } -- ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -- if(ptr == NULL) -- { -- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE); -- return(NULL); -- } -- sym = GetProcAddress(*ptr, symname); -- if(sym == NULL) -- { -- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE); -- ERR_add_error_data(3, "symname(", symname, ")"); -- return(NULL); -- } -- return((DSO_FUNC_TYPE)sym); -- } -- --struct file_st -- { -- const char *node; int nodelen; -- const char *device; int devicelen; -- const char *predir; int predirlen; -- const char *dir; int dirlen; -- const char *file; int filelen; -- }; -+{ -+ HINSTANCE *ptr; -+ void *sym; -+ -+ if ((dso == NULL) || (symname == NULL)) { -+ DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (sk_num(dso->meth_data) < 1) { -+ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR); -+ return (NULL); -+ } -+ ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); -+ if (ptr == NULL) { -+ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE); -+ return (NULL); -+ } -+ sym = GetProcAddress(*ptr, symname); -+ if (sym == NULL) { -+ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE); -+ ERR_add_error_data(3, "symname(", symname, ")"); -+ return (NULL); -+ } -+ return ((DSO_FUNC_TYPE)sym); -+} -+ -+struct file_st { -+ const char *node; -+ int nodelen; -+ const char *device; -+ int devicelen; -+ const char *predir; -+ int predirlen; -+ const char *dir; -+ int dirlen; -+ const char *file; -+ int filelen; -+}; - - static struct file_st *win32_splitter(DSO *dso, const char *filename, -- int assume_last_is_dir) -- { -- struct file_st *result = NULL; -- enum { IN_NODE, IN_DEVICE, IN_FILE } position; -- const char *start = filename; -- char last; -- -- if (!filename) -- { -- DSOerr(DSO_F_WIN32_SPLITTER,DSO_R_NO_FILENAME); -- /*goto err;*/ -- return(NULL); -- } -- -- result = OPENSSL_malloc(sizeof(struct file_st)); -- if(result == NULL) -- { -- DSOerr(DSO_F_WIN32_SPLITTER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- -- memset(result, 0, sizeof(struct file_st)); -- position = IN_DEVICE; -- -- if((filename[0] == '\\' && filename[1] == '\\') -- || (filename[0] == '/' && filename[1] == '/')) -- { -- position = IN_NODE; -- filename += 2; -- start = filename; -- result->node = start; -- } -- -- do -- { -- last = filename[0]; -- switch(last) -- { -- case ':': -- if(position != IN_DEVICE) -- { -- DSOerr(DSO_F_WIN32_SPLITTER, -- DSO_R_INCORRECT_FILE_SYNTAX); -- /*goto err;*/ -- OPENSSL_free(result); -- return(NULL); -- } -- result->device = start; -- result->devicelen = filename - start; -- position = IN_FILE; -- start = ++filename; -- result->dir = start; -- break; -- case '\\': -- case '/': -- if(position == IN_NODE) -- { -- result->nodelen = filename - start; -- position = IN_FILE; -- start = ++filename; -- result->dir = start; -- } -- else if(position == IN_DEVICE) -- { -- position = IN_FILE; -- filename++; -- result->dir = start; -- result->dirlen = filename - start; -- start = filename; -- } -- else -- { -- filename++; -- result->dirlen += filename - start; -- start = filename; -- } -- break; -- case '\0': -- if(position == IN_NODE) -- { -- result->nodelen = filename - start; -- } -- else -- { -- if(filename - start > 0) -- { -- if (assume_last_is_dir) -- { -- if (position == IN_DEVICE) -- { -- result->dir = start; -- result->dirlen = 0; -- } -- result->dirlen += -- filename - start; -- } -- else -- { -- result->file = start; -- result->filelen = -- filename - start; -- } -- } -- } -- break; -- default: -- filename++; -- break; -- } -- } -- while(last); -- -- if(!result->nodelen) result->node = NULL; -- if(!result->devicelen) result->device = NULL; -- if(!result->dirlen) result->dir = NULL; -- if(!result->filelen) result->file = NULL; -- -- return(result); -- } -+ int assume_last_is_dir) -+{ -+ struct file_st *result = NULL; -+ enum { IN_NODE, IN_DEVICE, IN_FILE } position; -+ const char *start = filename; -+ char last; -+ -+ if (!filename) { -+ DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME); -+ /* -+ * goto err; -+ */ -+ return (NULL); -+ } -+ -+ result = OPENSSL_malloc(sizeof(struct file_st)); -+ if (result == NULL) { -+ DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ -+ memset(result, 0, sizeof(struct file_st)); -+ position = IN_DEVICE; -+ -+ if ((filename[0] == '\\' && filename[1] == '\\') -+ || (filename[0] == '/' && filename[1] == '/')) { -+ position = IN_NODE; -+ filename += 2; -+ start = filename; -+ result->node = start; -+ } -+ -+ do { -+ last = filename[0]; -+ switch (last) { -+ case ':': -+ if (position != IN_DEVICE) { -+ DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX); -+ /* -+ * goto err; -+ */ -+ OPENSSL_free(result); -+ return (NULL); -+ } -+ result->device = start; -+ result->devicelen = filename - start; -+ position = IN_FILE; -+ start = ++filename; -+ result->dir = start; -+ break; -+ case '\\': -+ case '/': -+ if (position == IN_NODE) { -+ result->nodelen = filename - start; -+ position = IN_FILE; -+ start = ++filename; -+ result->dir = start; -+ } else if (position == IN_DEVICE) { -+ position = IN_FILE; -+ filename++; -+ result->dir = start; -+ result->dirlen = filename - start; -+ start = filename; -+ } else { -+ filename++; -+ result->dirlen += filename - start; -+ start = filename; -+ } -+ break; -+ case '\0': -+ if (position == IN_NODE) { -+ result->nodelen = filename - start; -+ } else { -+ if (filename - start > 0) { -+ if (assume_last_is_dir) { -+ if (position == IN_DEVICE) { -+ result->dir = start; -+ result->dirlen = 0; -+ } -+ result->dirlen += filename - start; -+ } else { -+ result->file = start; -+ result->filelen = filename - start; -+ } -+ } -+ } -+ break; -+ default: -+ filename++; -+ break; -+ } -+ } -+ while (last); -+ -+ if (!result->nodelen) -+ result->node = NULL; -+ if (!result->devicelen) -+ result->device = NULL; -+ if (!result->dirlen) -+ result->dir = NULL; -+ if (!result->filelen) -+ result->file = NULL; -+ -+ return (result); -+} - - static char *win32_joiner(DSO *dso, const struct file_st *file_split) -- { -- int len = 0, offset = 0; -- char *result = NULL; -- const char *start; -- -- if(!file_split) -- { -- DSOerr(DSO_F_WIN32_JOINER, -- ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if(file_split->node) -- { -- len += 2 + file_split->nodelen; /* 2 for starting \\ */ -- if(file_split->predir || file_split->dir || file_split->file) -- len++; /* 1 for ending \ */ -- } -- else if(file_split->device) -- { -- len += file_split->devicelen + 1; /* 1 for ending : */ -- } -- len += file_split->predirlen; -- if(file_split->predir && (file_split->dir || file_split->file)) -- { -- len++; /* 1 for ending \ */ -- } -- len += file_split->dirlen; -- if(file_split->dir && file_split->file) -- { -- len++; /* 1 for ending \ */ -- } -- len += file_split->filelen; -- -- if(!len) -- { -- DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE); -- return(NULL); -- } -- -- result = OPENSSL_malloc(len + 1); -- if (!result) -- { -- DSOerr(DSO_F_WIN32_JOINER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- -- if(file_split->node) -- { -- strcpy(&result[offset], "\\\\"); offset += 2; -- strncpy(&result[offset], file_split->node, -- file_split->nodelen); offset += file_split->nodelen; -- if(file_split->predir || file_split->dir || file_split->file) -- { -- result[offset] = '\\'; offset++; -- } -- } -- else if(file_split->device) -- { -- strncpy(&result[offset], file_split->device, -- file_split->devicelen); offset += file_split->devicelen; -- result[offset] = ':'; offset++; -- } -- start = file_split->predir; -- while(file_split->predirlen > (start - file_split->predir)) -- { -- const char *end = openssl_strnchr(start, '/', -- file_split->predirlen - (start - file_split->predir)); -- if(!end) -- end = start -- + file_split->predirlen -- - (start - file_split->predir); -- strncpy(&result[offset], start, -- end - start); offset += end - start; -- result[offset] = '\\'; offset++; -- start = end + 1; -- } --#if 0 /* Not needed, since the directory converter above already appeneded -- a backslash */ -- if(file_split->predir && (file_split->dir || file_split->file)) -- { -- result[offset] = '\\'; offset++; -- } --#endif -- start = file_split->dir; -- while(file_split->dirlen > (start - file_split->dir)) -- { -- const char *end = openssl_strnchr(start, '/', -- file_split->dirlen - (start - file_split->dir)); -- if(!end) -- end = start -- + file_split->dirlen -- - (start - file_split->dir); -- strncpy(&result[offset], start, -- end - start); offset += end - start; -- result[offset] = '\\'; offset++; -- start = end + 1; -- } --#if 0 /* Not needed, since the directory converter above already appeneded -- a backslash */ -- if(file_split->dir && file_split->file) -- { -- result[offset] = '\\'; offset++; -- } --#endif -- strncpy(&result[offset], file_split->file, -- file_split->filelen); offset += file_split->filelen; -- result[offset] = '\0'; -- return(result); -- } -- --static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2) -- { -- char *merged = NULL; -- struct file_st *filespec1_split = NULL; -- struct file_st *filespec2_split = NULL; -- -- if(!filespec1 && !filespec2) -- { -- DSOerr(DSO_F_WIN32_MERGER, -- ERR_R_PASSED_NULL_PARAMETER); -- return(NULL); -- } -- if (!filespec2) -- { -- merged = OPENSSL_malloc(strlen(filespec1) + 1); -- if(!merged) -- { -- DSOerr(DSO_F_WIN32_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- strcpy(merged, filespec1); -- } -- else if (!filespec1) -- { -- merged = OPENSSL_malloc(strlen(filespec2) + 1); -- if(!merged) -- { -- DSOerr(DSO_F_WIN32_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- strcpy(merged, filespec2); -- } -- else -- { -- filespec1_split = win32_splitter(dso, filespec1, 0); -- if (!filespec1_split) -- { -- DSOerr(DSO_F_WIN32_MERGER, -- ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- filespec2_split = win32_splitter(dso, filespec2, 1); -- if (!filespec2_split) -- { -- DSOerr(DSO_F_WIN32_MERGER, -- ERR_R_MALLOC_FAILURE); -- OPENSSL_free(filespec1_split); -- return(NULL); -- } -- -- /* Fill in into filespec1_split */ -- if (!filespec1_split->node && !filespec1_split->device) -- { -- filespec1_split->node = filespec2_split->node; -- filespec1_split->nodelen = filespec2_split->nodelen; -- filespec1_split->device = filespec2_split->device; -- filespec1_split->devicelen = filespec2_split->devicelen; -- } -- if (!filespec1_split->dir) -- { -- filespec1_split->dir = filespec2_split->dir; -- filespec1_split->dirlen = filespec2_split->dirlen; -- } -- else if (filespec1_split->dir[0] != '\\' -- && filespec1_split->dir[0] != '/') -- { -- filespec1_split->predir = filespec2_split->dir; -- filespec1_split->predirlen = filespec2_split->dirlen; -- } -- if (!filespec1_split->file) -- { -- filespec1_split->file = filespec2_split->file; -- filespec1_split->filelen = filespec2_split->filelen; -- } -- -- merged = win32_joiner(dso, filespec1_split); -- } -- OPENSSL_free(filespec1_split); -- OPENSSL_free(filespec2_split); -- return(merged); -- } -+{ -+ int len = 0, offset = 0; -+ char *result = NULL; -+ const char *start; -+ -+ if (!file_split) { -+ DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (file_split->node) { -+ len += 2 + file_split->nodelen; /* 2 for starting \\ */ -+ if (file_split->predir || file_split->dir || file_split->file) -+ len++; /* 1 for ending \ */ -+ } else if (file_split->device) { -+ len += file_split->devicelen + 1; /* 1 for ending : */ -+ } -+ len += file_split->predirlen; -+ if (file_split->predir && (file_split->dir || file_split->file)) { -+ len++; /* 1 for ending \ */ -+ } -+ len += file_split->dirlen; -+ if (file_split->dir && file_split->file) { -+ len++; /* 1 for ending \ */ -+ } -+ len += file_split->filelen; -+ -+ if (!len) { -+ DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE); -+ return (NULL); -+ } -+ -+ result = OPENSSL_malloc(len + 1); -+ if (!result) { -+ DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ -+ if (file_split->node) { -+ strcpy(&result[offset], "\\\\"); -+ offset += 2; -+ strncpy(&result[offset], file_split->node, file_split->nodelen); -+ offset += file_split->nodelen; -+ if (file_split->predir || file_split->dir || file_split->file) { -+ result[offset] = '\\'; -+ offset++; -+ } -+ } else if (file_split->device) { -+ strncpy(&result[offset], file_split->device, file_split->devicelen); -+ offset += file_split->devicelen; -+ result[offset] = ':'; -+ offset++; -+ } -+ start = file_split->predir; -+ while (file_split->predirlen > (start - file_split->predir)) { -+ const char *end = openssl_strnchr(start, '/', -+ file_split->predirlen - (start - -+ file_split->predir)); -+ if (!end) -+ end = start -+ + file_split->predirlen - (start - file_split->predir); -+ strncpy(&result[offset], start, end - start); -+ offset += end - start; -+ result[offset] = '\\'; -+ offset++; -+ start = end + 1; -+ } -+# if 0 /* Not needed, since the directory converter -+ * above already appeneded a backslash */ -+ if (file_split->predir && (file_split->dir || file_split->file)) { -+ result[offset] = '\\'; -+ offset++; -+ } -+# endif -+ start = file_split->dir; -+ while (file_split->dirlen > (start - file_split->dir)) { -+ const char *end = openssl_strnchr(start, '/', -+ file_split->dirlen - (start - -+ file_split->dir)); -+ if (!end) -+ end = start + file_split->dirlen - (start - file_split->dir); -+ strncpy(&result[offset], start, end - start); -+ offset += end - start; -+ result[offset] = '\\'; -+ offset++; -+ start = end + 1; -+ } -+# if 0 /* Not needed, since the directory converter -+ * above already appeneded a backslash */ -+ if (file_split->dir && file_split->file) { -+ result[offset] = '\\'; -+ offset++; -+ } -+# endif -+ strncpy(&result[offset], file_split->file, file_split->filelen); -+ offset += file_split->filelen; -+ result[offset] = '\0'; -+ return (result); -+} -+ -+static char *win32_merger(DSO *dso, const char *filespec1, -+ const char *filespec2) -+{ -+ char *merged = NULL; -+ struct file_st *filespec1_split = NULL; -+ struct file_st *filespec2_split = NULL; -+ -+ if (!filespec1 && !filespec2) { -+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER); -+ return (NULL); -+ } -+ if (!filespec2) { -+ merged = OPENSSL_malloc(strlen(filespec1) + 1); -+ if (!merged) { -+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ strcpy(merged, filespec1); -+ } else if (!filespec1) { -+ merged = OPENSSL_malloc(strlen(filespec2) + 1); -+ if (!merged) { -+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ strcpy(merged, filespec2); -+ } else { -+ filespec1_split = win32_splitter(dso, filespec1, 0); -+ if (!filespec1_split) { -+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ filespec2_split = win32_splitter(dso, filespec2, 1); -+ if (!filespec2_split) { -+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); -+ OPENSSL_free(filespec1_split); -+ return (NULL); -+ } -+ -+ /* Fill in into filespec1_split */ -+ if (!filespec1_split->node && !filespec1_split->device) { -+ filespec1_split->node = filespec2_split->node; -+ filespec1_split->nodelen = filespec2_split->nodelen; -+ filespec1_split->device = filespec2_split->device; -+ filespec1_split->devicelen = filespec2_split->devicelen; -+ } -+ if (!filespec1_split->dir) { -+ filespec1_split->dir = filespec2_split->dir; -+ filespec1_split->dirlen = filespec2_split->dirlen; -+ } else if (filespec1_split->dir[0] != '\\' -+ && filespec1_split->dir[0] != '/') { -+ filespec1_split->predir = filespec2_split->dir; -+ filespec1_split->predirlen = filespec2_split->dirlen; -+ } -+ if (!filespec1_split->file) { -+ filespec1_split->file = filespec2_split->file; -+ filespec1_split->filelen = filespec2_split->filelen; -+ } -+ -+ merged = win32_joiner(dso, filespec1_split); -+ } -+ OPENSSL_free(filespec1_split); -+ OPENSSL_free(filespec2_split); -+ return (merged); -+} - - static char *win32_name_converter(DSO *dso, const char *filename) -- { -- char *translated; -- int len, transform; -- -- len = strlen(filename); -- transform = ((strstr(filename, "/") == NULL) && -- (strstr(filename, "\\") == NULL) && -- (strstr(filename, ":") == NULL)); -- if(transform) -- /* We will convert this to "%s.dll" */ -- translated = OPENSSL_malloc(len + 5); -- else -- /* We will simply duplicate filename */ -- translated = OPENSSL_malloc(len + 1); -- if(translated == NULL) -- { -- DSOerr(DSO_F_WIN32_NAME_CONVERTER, -- DSO_R_NAME_TRANSLATION_FAILED); -- return(NULL); -- } -- if(transform) -- sprintf(translated, "%s.dll", filename); -- else -- sprintf(translated, "%s", filename); -- return(translated); -- } -+{ -+ char *translated; -+ int len, transform; -+ -+ len = strlen(filename); -+ transform = ((strstr(filename, "/") == NULL) && -+ (strstr(filename, "\\") == NULL) && -+ (strstr(filename, ":") == NULL)); -+ if (transform) -+ /* We will convert this to "%s.dll" */ -+ translated = OPENSSL_malloc(len + 5); -+ else -+ /* We will simply duplicate filename */ -+ translated = OPENSSL_malloc(len + 1); -+ if (translated == NULL) { -+ DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); -+ return (NULL); -+ } -+ if (transform) -+ sprintf(translated, "%s.dll", filename); -+ else -+ sprintf(translated, "%s", filename); -+ return (translated); -+} - - static const char *openssl_strnchr(const char *string, int c, size_t len) -- { -- size_t i; -- const char *p; -- for (i = 0, p = string; i < len && *p; i++, p++) -- { -- if (*p == c) -- return p; -- } -- return NULL; -- } -- -- --#endif /* OPENSSL_SYS_WIN32 */ -+{ -+ size_t i; -+ const char *p; -+ for (i = 0, p = string; i < len && *p; i++, p++) { -+ if (*p == c) -+ return p; -+ } -+ return NULL; -+} -+ -+#endif /* OPENSSL_SYS_WIN32 */ -diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c -index 7f82c41..e91b9b7 100644 ---- a/Cryptlib/OpenSSL/crypto/dyn_lck.c -+++ b/Cryptlib/OpenSSL/crypto/dyn_lck.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,21 +58,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -87,10 +87,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -102,7 +102,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -110,7 +110,7 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECDH support in OpenSSL originally developed by -+ * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -@@ -118,311 +118,305 @@ - #include - - #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) --static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ -+static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ - #endif - - DECLARE_STACK_OF(CRYPTO_dynlock) - IMPLEMENT_STACK_OF(CRYPTO_dynlock) - - /* real #defines in crypto.h, keep these upto date */ --static const char* const lock_names[CRYPTO_NUM_LOCKS] = -- { -- "<>", -- "err", -- "ex_data", -- "x509", -- "x509_info", -- "x509_pkey", -- "x509_crl", -- "x509_req", -- "dsa", -- "rsa", -- "evp_pkey", -- "x509_store", -- "ssl_ctx", -- "ssl_cert", -- "ssl_session", -- "ssl_sess_cert", -- "ssl", -- "ssl_method", -- "rand", -- "rand2", -- "debug_malloc", -- "BIO", -- "gethostbyname", -- "getservbyname", -- "readdir", -- "RSA_blinding", -- "dh", -- "debug_malloc2", -- "dso", -- "dynlock", -- "engine", -- "ui", -- "ecdsa", -- "ec", -- "ecdh", -- "bn", -- "ec_pre_comp", -- "store", -- "comp", -+static const char *const lock_names[CRYPTO_NUM_LOCKS] = { -+ "<>", -+ "err", -+ "ex_data", -+ "x509", -+ "x509_info", -+ "x509_pkey", -+ "x509_crl", -+ "x509_req", -+ "dsa", -+ "rsa", -+ "evp_pkey", -+ "x509_store", -+ "ssl_ctx", -+ "ssl_cert", -+ "ssl_session", -+ "ssl_sess_cert", -+ "ssl", -+ "ssl_method", -+ "rand", -+ "rand2", -+ "debug_malloc", -+ "BIO", -+ "gethostbyname", -+ "getservbyname", -+ "readdir", -+ "RSA_blinding", -+ "dh", -+ "debug_malloc2", -+ "dso", -+ "dynlock", -+ "engine", -+ "ui", -+ "ecdsa", -+ "ec", -+ "ecdh", -+ "bn", -+ "ec_pre_comp", -+ "store", -+ "comp", - #ifndef OPENSSL_FIPS - # if CRYPTO_NUM_LOCKS != 39 - # error "Inconsistency between crypto.h and cryptlib.c" - # endif - #else -- "fips", -- "fips2", -+ "fips", -+ "fips2", - # if CRYPTO_NUM_LOCKS != 41 - # error "Inconsistency between crypto.h and cryptlib.c" - # endif - #endif -- }; -- --/* This is for applications to allocate new type names in the non-dynamic -- array of lock names. These are numbered with positive numbers. */ --static STACK *app_locks=NULL; -+}; - --/* For applications that want a more dynamic way of handling threads, the -- following stack is used. These are externally numbered with negative -- numbers. */ --static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; -+/* -+ * This is for applications to allocate new type names in the non-dynamic -+ * array of lock names. These are numbered with positive numbers. -+ */ -+static STACK *app_locks = NULL; - -+/* -+ * For applications that want a more dynamic way of handling threads, the -+ * following stack is used. These are externally numbered with negative -+ * numbers. -+ */ -+static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL; - - static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) -- (const char *file,int line)=NULL; --static void (MS_FAR *dynlock_lock_callback)(int mode, -- struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; --static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, -- const char *file,int line)=NULL; -+ (const char *file, int line) = NULL; -+static void (MS_FAR *dynlock_lock_callback) (int mode, -+ struct CRYPTO_dynlock_value *l, -+ const char *file, int line) = -+ NULL; -+static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value -+ *l, const char *file, -+ int line) = NULL; - - int CRYPTO_get_new_lockid(char *name) -- { -- char *str; -- int i; -+{ -+ char *str; -+ int i; - - #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) -- /* A hack to make Visual C++ 5.0 work correctly when linking as -- * a DLL using /MT. Without this, the application cannot use -- * and floating point printf's. -- * It also seems to be needed for Visual C 1.5 (win16) */ -- SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; -+ /* -+ * A hack to make Visual C++ 5.0 work correctly when linking as a DLL -+ * using /MT. Without this, the application cannot use and floating point -+ * printf's. It also seems to be needed for Visual C 1.5 (win16) -+ */ -+ SSLeay_MSVC5_hack = (double)name[0] * (double)name[1]; - #endif - -- if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL)) -- { -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- if ((str=BUF_strdup(name)) == NULL) -- { -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- i=sk_push(app_locks,str); -- if (!i) -- OPENSSL_free(str); -- else -- i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ -- return(i); -- } -+ if ((app_locks == NULL) && ((app_locks = sk_new_null()) == NULL)) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ if ((str = BUF_strdup(name)) == NULL) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ i = sk_push(app_locks, str); -+ if (!i) -+ OPENSSL_free(str); -+ else -+ i += CRYPTO_NUM_LOCKS; /* gap of one :-) */ -+ return (i); -+} - - int CRYPTO_get_new_dynlockid(void) -- { -- int i = 0; -- CRYPTO_dynlock *pointer = NULL; -- -- if (dynlock_create_callback == NULL) -- { -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); -- return(0); -- } -- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -- if ((dyn_locks == NULL) -- && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL)) -- { -- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -- -- pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock)); -- if (pointer == NULL) -- { -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- pointer->references = 1; -- pointer->data = dynlock_create_callback(__FILE__,__LINE__); -- if (pointer->data == NULL) -- { -- OPENSSL_free(pointer); -- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- -- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -- /* First, try to find an existing empty slot */ -- i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); -- /* If there was none, push, thereby creating a new one */ -- if (i == -1) -- /* Since sk_push() returns the number of items on the -- stack, not the location of the pushed item, we need -- to transform the returned number into a position, -- by decreasing it. */ -- i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1; -- else -- /* If we found a place with a NULL pointer, put our pointer -- in it. */ -- (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); -- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -- -- if (i == -1) -- { -- dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); -- OPENSSL_free(pointer); -- } -- else -- i += 1; /* to avoid 0 */ -- return -i; -- } -+{ -+ int i = 0; -+ CRYPTO_dynlock *pointer = NULL; -+ -+ if (dynlock_create_callback == NULL) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, -+ CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); -+ return (0); -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -+ if ((dyn_locks == NULL) -+ && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ -+ pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock)); -+ if (pointer == NULL) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ pointer->references = 1; -+ pointer->data = dynlock_create_callback(__FILE__, __LINE__); -+ if (pointer->data == NULL) { -+ OPENSSL_free(pointer); -+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -+ /* First, try to find an existing empty slot */ -+ i = sk_CRYPTO_dynlock_find(dyn_locks, NULL); -+ /* If there was none, push, thereby creating a new one */ -+ if (i == -1) -+ /* -+ * Since sk_push() returns the number of items on the stack, not the -+ * location of the pushed item, we need to transform the returned -+ * number into a position, by decreasing it. -+ */ -+ i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1; -+ else -+ /* -+ * If we found a place with a NULL pointer, put our pointer in it. -+ */ -+ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer); -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ -+ if (i == -1) { -+ dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); -+ OPENSSL_free(pointer); -+ } else -+ i += 1; /* to avoid 0 */ -+ return -i; -+} - - void CRYPTO_destroy_dynlockid(int i) -- { -- CRYPTO_dynlock *pointer = NULL; -- if (i) -- i = -i-1; -- if (dynlock_destroy_callback == NULL) -- return; -- -- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -- -- if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) -- { -- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -- return; -- } -- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); -- if (pointer != NULL) -- { -- --pointer->references; -+{ -+ CRYPTO_dynlock *pointer = NULL; -+ if (i) -+ i = -i - 1; -+ if (dynlock_destroy_callback == NULL) -+ return; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -+ -+ if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ return; -+ } -+ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); -+ if (pointer != NULL) { -+ --pointer->references; - #ifdef REF_CHECK -- if (pointer->references < 0) -- { -- fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n"); -- abort(); -- } -- else -+ if (pointer->references < 0) { -+ fprintf(stderr, -+ "CRYPTO_destroy_dynlockid, bad reference count\n"); -+ abort(); -+ } else - #endif -- if (pointer->references <= 0) -- { -- (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); -- } -- else -- pointer = NULL; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -- -- if (pointer) -- { -- dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); -- OPENSSL_free(pointer); -- } -- } -+ if (pointer->references <= 0) { -+ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); -+ } else -+ pointer = NULL; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ -+ if (pointer) { -+ dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); -+ OPENSSL_free(pointer); -+ } -+} - - struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) -- { -- CRYPTO_dynlock *pointer = NULL; -- if (i) -- i = -i-1; -+{ -+ CRYPTO_dynlock *pointer = NULL; -+ if (i) -+ i = -i - 1; - -- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); -+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - -- if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) -- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); -- if (pointer) -- pointer->references++; -+ if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) -+ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); -+ if (pointer) -+ pointer->references++; - -- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); -+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - -- if (pointer) -- return pointer->data; -- return NULL; -- } -+ if (pointer) -+ return pointer->data; -+ return NULL; -+} - - struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) -- (const char *file,int line) -- { -- return(dynlock_create_callback); -- } -+ (const char *file, int line) { -+ return (dynlock_create_callback); -+} - --void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, -- struct CRYPTO_dynlock_value *l, const char *file,int line) -- { -- return(dynlock_lock_callback); -- } -+void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, -+ struct CRYPTO_dynlock_value -+ *l, const char *file, -+ int line) { -+ return (dynlock_lock_callback); -+} - - void (*CRYPTO_get_dynlock_destroy_callback(void)) -- (struct CRYPTO_dynlock_value *l, const char *file,int line) -- { -- return(dynlock_destroy_callback); -- } -+ (struct CRYPTO_dynlock_value *l, const char *file, int line) { -+ return (dynlock_destroy_callback); -+} - - void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) -- (const char *file, int line)) -- { -- dynlock_create_callback=func; -- } -+ (const char *file, int line)) -+{ -+ dynlock_create_callback = func; -+} - - static void do_dynlock(int mode, int type, const char *file, int line) -- { -- if (dynlock_lock_callback != NULL) -- { -- struct CRYPTO_dynlock_value *pointer -- = CRYPTO_get_dynlock_value(type); -- -- OPENSSL_assert(pointer != NULL); -- -- dynlock_lock_callback(mode, pointer, file, line); -- -- CRYPTO_destroy_dynlockid(type); -- } -- } -- --void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, -- struct CRYPTO_dynlock_value *l, const char *file, int line)) -- { -- /* Set callback so CRYPTO_lock() can now handle dynamic locks. -- * This is OK because at this point and application shouldn't be using -- * OpenSSL from multiple threads because it is setting up the locking -- * callbacks. -- */ -- static int done = 0; -- if (!done) -- { -- int_CRYPTO_set_do_dynlock_callback(do_dynlock); -- done = 1; -- } -- -- dynlock_lock_callback=func; -- } -+{ -+ if (dynlock_lock_callback != NULL) { -+ struct CRYPTO_dynlock_value *pointer = CRYPTO_get_dynlock_value(type); -+ -+ OPENSSL_assert(pointer != NULL); -+ -+ dynlock_lock_callback(mode, pointer, file, line); -+ -+ CRYPTO_destroy_dynlockid(type); -+ } -+} -+ -+void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode, -+ struct -+ CRYPTO_dynlock_value *l, -+ const char *file, -+ int line)) -+{ -+ /* -+ * Set callback so CRYPTO_lock() can now handle dynamic locks. This is OK -+ * because at this point and application shouldn't be using OpenSSL from -+ * multiple threads because it is setting up the locking callbacks. -+ */ -+ static int done = 0; -+ if (!done) { -+ int_CRYPTO_set_do_dynlock_callback(do_dynlock); -+ done = 1; -+ } -+ -+ dynlock_lock_callback = func; -+} - - void CRYPTO_set_dynlock_destroy_callback(void (*func) -- (struct CRYPTO_dynlock_value *l, const char *file, int line)) -- { -- dynlock_destroy_callback=func; -- } -+ (struct CRYPTO_dynlock_value *l, -+ const char *file, int line)) -+{ -+ dynlock_destroy_callback = func; -+} - - const char *CRYPTO_get_lock_name(int type) -- { -- if (type < 0) -- return("dynamic"); -- else if (type < CRYPTO_NUM_LOCKS) -- return(lock_names[type]); -- else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks)) -- return("ERROR"); -- else -- return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); -- } -- -+{ -+ if (type < 0) -+ return ("dynamic"); -+ else if (type < CRYPTO_NUM_LOCKS) -+ return (lock_names[type]); -+ else if (type - CRYPTO_NUM_LOCKS > sk_num(app_locks)) -+ return ("ERROR"); -+ else -+ return (sk_value(app_locks, type - CRYPTO_NUM_LOCKS)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c -index 43e53bc..4b7652c 100644 ---- a/Cryptlib/OpenSSL/crypto/ebcdic.c -+++ b/Cryptlib/OpenSSL/crypto/ebcdic.c -@@ -2,198 +2,262 @@ - - #ifndef CHARSET_EBCDIC - --#include --#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) --static void *dummy=&dummy; --#endif -+# include -+# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -+static void *dummy = &dummy; -+# endif - --#else /*CHARSET_EBCDIC*/ -+#else /* CHARSET_EBCDIC */ - --#include "ebcdic.h" --/* Initial Port for Apache-1.3 by -+# include "ebcdic.h" -+/*- -+ * Initial Port for Apache-1.3 by - * Adapted for OpenSSL-0.9.4 by - */ - --#ifdef _OSD_POSIX -+# ifdef _OSD_POSIX - /* -- "BS2000 OSD" is a POSIX subsystem on a main frame. -- It is made by Siemens AG, Germany, for their BS2000 mainframe machines. -- Within the POSIX subsystem, the same character set was chosen as in -- "native BS2000", namely EBCDIC. (EDF04) -- -- The name "ASCII" in these routines is misleading: actually, conversion -- is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; -- that means that (western european) national characters are preserved. -- -- This table is identical to the one used by rsh/rcp/ftp and other POSIX tools. --*/ -+ * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens -+ * AG, Germany, for their BS2000 mainframe machines. Within the POSIX -+ * subsystem, the same character set was chosen as in "native BS2000", namely -+ * EBCDIC. (EDF04) -+ * -+ * The name "ASCII" in these routines is misleading: actually, conversion is -+ * not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; that means -+ * that (western european) national characters are preserved. -+ * -+ * This table is identical to the one used by rsh/rcp/ftp and other POSIX -+ * tools. -+ */ - - /* Here's the bijective ebcdic-to-ascii table: */ - const unsigned char os_toascii[256] = { --/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, -- 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/ --/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, -- 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/ --/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, -- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/ --/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, -- 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/ --/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, -- 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/ --/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, -- 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/ --/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, -- 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ --/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, -- 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/ --/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, -- 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/ --/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, -- 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/ --/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, -- 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/ --/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, -- 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/ --/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, -- 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/ --/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, -- 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/ --/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, -- 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/ --/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, -- 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /*0123456789.{.}.~*/ -+ /* -+ * 00 -+ */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, -+ 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ -+ /* -+ * 10 -+ */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, -+ 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ -+ /* -+ * 20 -+ */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, -+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ -+ /* -+ * 30 -+ */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, -+ 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ -+ /* -+ * 40 -+ */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, -+ 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */ -+ /* -+ * 50 -+ */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, -+ 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */ -+ /* -+ * 60 -+ */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, -+ 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ -+ /* -+ * 70 -+ */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, -+ 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */ -+ /* -+ * 80 -+ */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, -+ 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ -+ /* -+ * 90 -+ */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, -+ 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ -+ /* -+ * a0 -+ */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, -+ 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */ -+ /* -+ * b0 -+ */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, -+ 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */ -+ /* -+ * c0 -+ */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, -+ 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */ -+ /* -+ * d0 -+ */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, -+ 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */ -+ /* -+ * e0 -+ */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, -+ 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */ -+ /* -+ * f0 -+ */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, -+ 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */ - }; - -- - /* The ascii-to-ebcdic table: */ - const unsigned char os_toebcdic[256] = { --/*00*/ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, -- 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/ --/*10*/ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, -- 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/ --/*20*/ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, -- 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ --/*30*/ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, -- 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /*0123456789:;<=>?*/ --/*40*/ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, -- 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /*@ABCDEFGHIJKLMNO*/ --/*50*/ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, -- 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /*PQRSTUVWXYZ[\]^_*/ --/*60*/ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, -- 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /*`abcdefghijklmno*/ --/*70*/ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, -- 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /*pqrstuvwxyz{|}~.*/ --/*80*/ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, -- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /*................*/ --/*90*/ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, -- 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /*................*/ --/*a0*/ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, -- 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /*................*/ --/*b0*/ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, -- 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /*................*/ --/*c0*/ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, -- 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /*................*/ --/*d0*/ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, -- 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /*................*/ --/*e0*/ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, -- 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /*................*/ --/*f0*/ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, -- 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /*................*/ -+ /* -+ * 00 -+ */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, -+ 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ -+ /* -+ * 10 -+ */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, -+ 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ -+ /* -+ * 20 -+ */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, -+ 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ -+ /* -+ * 30 -+ */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, -+ 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ -+ /* -+ * 40 -+ */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, -+ 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ -+ /* -+ * 50 -+ */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, -+ 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */ -+ /* -+ * 60 -+ */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, -+ 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ -+ /* -+ * 70 -+ */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, -+ 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */ -+ /* -+ * 80 -+ */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, -+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ -+ /* -+ * 90 -+ */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, -+ 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */ -+ /* -+ * a0 -+ */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, -+ 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */ -+ /* -+ * b0 -+ */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, -+ 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ -+ /* -+ * c0 -+ */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, -+ 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ -+ /* -+ * d0 -+ */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, -+ 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */ -+ /* -+ * e0 -+ */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, -+ 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ -+ /* -+ * f0 -+ */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, -+ 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ - }; - --#else /*_OSD_POSIX*/ -+# else /*_OSD_POSIX*/ - - /* --This code does basic character mapping for IBM's TPF and OS/390 operating systems. --It is a modified version of the BS2000 table. -- --Bijective EBCDIC (character set IBM-1047) to US-ASCII table: --This table is bijective - there are no ambigous or duplicate characters. --*/ -+ * This code does basic character mapping for IBM's TPF and OS/390 operating -+ * systems. It is a modified version of the BS2000 table. -+ * -+ * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is -+ * bijective - there are no ambigous or duplicate characters. -+ */ - const unsigned char os_toascii[256] = { -- 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ -+ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ - 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ -- 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */ -+ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */ - 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ -- 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */ -+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */ - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ -- 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */ -+ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */ - 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ -- 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */ -- 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */ -- 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */ -+ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */ -+ 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */ -+ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */ - 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */ -- 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */ -+ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */ - 0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */ -- 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */ -+ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */ - 0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */ -- 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */ -+ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */ - 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ -- 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */ -+ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */ - 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ -- 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */ -+ 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */ - 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */ -- 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */ -+ 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */ - 0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */ -- 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */ -+ 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */ - 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */ -- 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */ -+ 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */ - 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */ -- 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */ -+ 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */ - 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */ -- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */ -- 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */ -+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */ -+ 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */ - }; - -- - /* --The US-ASCII to EBCDIC (character set IBM-1047) table: --This table is bijective (no ambiguous or duplicate characters) --*/ -+ * The US-ASCII to EBCDIC (character set IBM-1047) table: This table is -+ * bijective (no ambiguous or duplicate characters) -+ */ - const unsigned char os_toebcdic[256] = { -- 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */ -+ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */ - 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ -- 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */ -+ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */ - 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ -- 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */ -- 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ -- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */ -+ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */ -+ 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ -+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */ - 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ -- 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */ -+ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */ - 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ -- 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */ -+ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */ - 0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */ -- 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */ -+ 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */ - 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ -- 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */ -+ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */ - 0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */ -- 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */ -+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */ - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ -- 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */ -+ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */ - 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */ -- 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */ -+ 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */ - 0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */ -- 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */ -+ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */ - 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ -- 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */ -+ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */ - 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ -- 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */ -+ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */ - 0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */ -- 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */ -+ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */ - 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ -- 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */ -- 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ -+ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */ -+ 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ - }; --#endif /*_OSD_POSIX*/ -+# endif/*_OSD_POSIX*/ - --/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset) -- * dest and srce may be identical, or separate memory blocks, but -- * should not overlap. These functions intentionally have an interface -- * compatible to memcpy(3). -+/* -+ * Translate a memory block from EBCDIC (host charset) to ASCII (net charset) -+ * dest and srce may be identical, or separate memory blocks, but should not -+ * overlap. These functions intentionally have an interface compatible to -+ * memcpy(3). - */ - --void * --ebcdic2ascii(void *dest, const void *srce, size_t count) -+void *ebcdic2ascii(void *dest, const void *srce, size_t count) - { - unsigned char *udest = dest; - const unsigned char *usrce = srce; -@@ -205,8 +269,7 @@ ebcdic2ascii(void *dest, const void *srce, size_t count) - return dest; - } - --void * --ascii2ebcdic(void *dest, const void *srce, size_t count) -+void *ascii2ebcdic(void *dest, const void *srce, size_t count) - { - unsigned char *udest = dest; - const unsigned char *usrce = srce; -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c -index 6b570a3..d3ba5d7 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c -@@ -21,7 +21,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -71,319 +71,393 @@ - - #include "ec_lcl.h" - -- --/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective -+/*- -+ * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective - * coordinates. -- * Uses algorithm Mdouble in appendix of -- * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over -+ * Uses algorithm Mdouble in appendix of -+ * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - * modified to not require precomputation of c=b^{2^{m-1}}. - */ --static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx) -- { -- BIGNUM *t1; -- int ret = 0; -- -- /* Since Mdouble is static we can guarantee that ctx != NULL. */ -- BN_CTX_start(ctx); -- t1 = BN_CTX_get(ctx); -- if (t1 == NULL) goto err; -- -- if (!group->meth->field_sqr(group, x, x, ctx)) goto err; -- if (!group->meth->field_sqr(group, t1, z, ctx)) goto err; -- if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err; -- if (!group->meth->field_sqr(group, x, x, ctx)) goto err; -- if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err; -- if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err; -- if (!BN_GF2m_add(x, x, t1)) goto err; -- -- ret = 1; -+static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, -+ BN_CTX *ctx) -+{ -+ BIGNUM *t1; -+ int ret = 0; -+ -+ /* Since Mdouble is static we can guarantee that ctx != NULL. */ -+ BN_CTX_start(ctx); -+ t1 = BN_CTX_get(ctx); -+ if (t1 == NULL) -+ goto err; -+ -+ if (!group->meth->field_sqr(group, x, x, ctx)) -+ goto err; -+ if (!group->meth->field_sqr(group, t1, z, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, z, x, t1, ctx)) -+ goto err; -+ if (!group->meth->field_sqr(group, x, x, ctx)) -+ goto err; -+ if (!group->meth->field_sqr(group, t1, t1, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) -+ goto err; -+ if (!BN_GF2m_add(x, x, t1)) -+ goto err; -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- return ret; -- } -+ BN_CTX_end(ctx); -+ return ret; -+} - --/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery -+/*- -+ * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery - * projective coordinates. -- * Uses algorithm Madd in appendix of -- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over -+ * Uses algorithm Madd in appendix of -+ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - */ --static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, -- const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx) -- { -- BIGNUM *t1, *t2; -- int ret = 0; -- -- /* Since Madd is static we can guarantee that ctx != NULL. */ -- BN_CTX_start(ctx); -- t1 = BN_CTX_get(ctx); -- t2 = BN_CTX_get(ctx); -- if (t2 == NULL) goto err; -- -- if (!BN_copy(t1, x)) goto err; -- if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err; -- if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err; -- if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err; -- if (!BN_GF2m_add(z1, z1, x1)) goto err; -- if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err; -- if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err; -- if (!BN_GF2m_add(x1, x1, t2)) goto err; -- -- ret = 1; -+static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, -+ BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2, -+ BN_CTX *ctx) -+{ -+ BIGNUM *t1, *t2; -+ int ret = 0; -+ -+ /* Since Madd is static we can guarantee that ctx != NULL. */ -+ BN_CTX_start(ctx); -+ t1 = BN_CTX_get(ctx); -+ t2 = BN_CTX_get(ctx); -+ if (t2 == NULL) -+ goto err; -+ -+ if (!BN_copy(t1, x)) -+ goto err; -+ if (!group->meth->field_mul(group, x1, x1, z2, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, z1, z1, x2, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, t2, x1, z1, ctx)) -+ goto err; -+ if (!BN_GF2m_add(z1, z1, x1)) -+ goto err; -+ if (!group->meth->field_sqr(group, z1, z1, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, x1, z1, t1, ctx)) -+ goto err; -+ if (!BN_GF2m_add(x1, x1, t2)) -+ goto err; -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- return ret; -- } -- --/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) -- * using Montgomery point multiplication algorithm Mxy() in appendix of -- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over -+ BN_CTX_end(ctx); -+ return ret; -+} -+ -+/*- -+ * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) -+ * using Montgomery point multiplication algorithm Mxy() in appendix of -+ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - * Returns: - * 0 on error - * 1 if return value should be the point at infinity - * 2 otherwise - */ --static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, -- BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx) -- { -- BIGNUM *t3, *t4, *t5; -- int ret = 0; -- -- if (BN_is_zero(z1)) -- { -- BN_zero(x2); -- BN_zero(z2); -- return 1; -- } -- -- if (BN_is_zero(z2)) -- { -- if (!BN_copy(x2, x)) return 0; -- if (!BN_GF2m_add(z2, x, y)) return 0; -- return 2; -- } -- -- /* Since Mxy is static we can guarantee that ctx != NULL. */ -- BN_CTX_start(ctx); -- t3 = BN_CTX_get(ctx); -- t4 = BN_CTX_get(ctx); -- t5 = BN_CTX_get(ctx); -- if (t5 == NULL) goto err; -- -- if (!BN_one(t5)) goto err; -- -- if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err; -- -- if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err; -- if (!BN_GF2m_add(z1, z1, x1)) goto err; -- if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err; -- if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err; -- if (!BN_GF2m_add(z2, z2, x2)) goto err; -- -- if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err; -- if (!group->meth->field_sqr(group, t4, x, ctx)) goto err; -- if (!BN_GF2m_add(t4, t4, y)) goto err; -- if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err; -- if (!BN_GF2m_add(t4, t4, z2)) goto err; -- -- if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err; -- if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err; -- if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err; -- if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err; -- if (!BN_GF2m_add(z2, x2, x)) goto err; -- -- if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err; -- if (!BN_GF2m_add(z2, z2, y)) goto err; -- -- ret = 2; -+static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, -+ BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, -+ BN_CTX *ctx) -+{ -+ BIGNUM *t3, *t4, *t5; -+ int ret = 0; -+ -+ if (BN_is_zero(z1)) { -+ BN_zero(x2); -+ BN_zero(z2); -+ return 1; -+ } -+ -+ if (BN_is_zero(z2)) { -+ if (!BN_copy(x2, x)) -+ return 0; -+ if (!BN_GF2m_add(z2, x, y)) -+ return 0; -+ return 2; -+ } -+ -+ /* Since Mxy is static we can guarantee that ctx != NULL. */ -+ BN_CTX_start(ctx); -+ t3 = BN_CTX_get(ctx); -+ t4 = BN_CTX_get(ctx); -+ t5 = BN_CTX_get(ctx); -+ if (t5 == NULL) -+ goto err; -+ -+ if (!BN_one(t5)) -+ goto err; -+ -+ if (!group->meth->field_mul(group, t3, z1, z2, ctx)) -+ goto err; -+ -+ if (!group->meth->field_mul(group, z1, z1, x, ctx)) -+ goto err; -+ if (!BN_GF2m_add(z1, z1, x1)) -+ goto err; -+ if (!group->meth->field_mul(group, z2, z2, x, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, x1, z2, x1, ctx)) -+ goto err; -+ if (!BN_GF2m_add(z2, z2, x2)) -+ goto err; -+ -+ if (!group->meth->field_mul(group, z2, z2, z1, ctx)) -+ goto err; -+ if (!group->meth->field_sqr(group, t4, x, ctx)) -+ goto err; -+ if (!BN_GF2m_add(t4, t4, y)) -+ goto err; -+ if (!group->meth->field_mul(group, t4, t4, t3, ctx)) -+ goto err; -+ if (!BN_GF2m_add(t4, t4, z2)) -+ goto err; -+ -+ if (!group->meth->field_mul(group, t3, t3, x, ctx)) -+ goto err; -+ if (!group->meth->field_div(group, t3, t5, t3, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, t4, t3, t4, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, x2, x1, t3, ctx)) -+ goto err; -+ if (!BN_GF2m_add(z2, x2, x)) -+ goto err; -+ -+ if (!group->meth->field_mul(group, z2, z2, t4, ctx)) -+ goto err; -+ if (!BN_GF2m_add(z2, z2, y)) -+ goto err; -+ -+ ret = 2; - - err: -- BN_CTX_end(ctx); -- return ret; -- } -+ BN_CTX_end(ctx); -+ return ret; -+} - --/* Computes scalar*point and stores the result in r. -+/*- -+ * Computes scalar*point and stores the result in r. - * point can not equal r. - * Uses a modified algorithm 2P of -- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over -+ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". - * - * To protect against side-channel attack the function uses constant time - * swap avoiding conditional branches. - */ --static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, -- const EC_POINT *point, BN_CTX *ctx) -- { -- BIGNUM *x1, *x2, *z1, *z2; -- int ret = 0, i, j; -- BN_ULONG mask; -- -- if (r == point) -- { -- ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); -- return 0; -- } -- -- /* if result should be point at infinity */ -- if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || -- EC_POINT_is_at_infinity(group, point)) -- { -- return EC_POINT_set_to_infinity(group, r); -- } -- -- /* only support affine coordinates */ -- if (!point->Z_is_one) return 0; -- -- /* Since point_multiply is static we can guarantee that ctx != NULL. */ -- BN_CTX_start(ctx); -- x1 = BN_CTX_get(ctx); -- z1 = BN_CTX_get(ctx); -- if (z1 == NULL) goto err; -- -- x2 = &r->X; -- z2 = &r->Y; -- -- bn_wexpand(x1, group->field.top); -- bn_wexpand(z1, group->field.top); -- bn_wexpand(x2, group->field.top); -- bn_wexpand(z2, group->field.top); -- -- if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ -- if (!BN_one(z1)) goto err; /* z1 = 1 */ -- if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ -- if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err; -- if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */ -- -- /* find top most bit and go one past it */ -- i = scalar->top - 1; j = BN_BITS2 - 1; -- mask = BN_TBIT; -- while (!(scalar->d[i] & mask)) { mask >>= 1; j--; } -- mask >>= 1; j--; -- /* if top most bit was at word break, go to next word */ -- if (!mask) -- { -- i--; j = BN_BITS2 - 1; -- mask = BN_TBIT; -- } -- -- for (; i >= 0; i--) -- { -- for (; j >= 0; j--) -- { -- BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); -- BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); -- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; -- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; -- BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); -- BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); -- mask >>= 1; -- } -- j = BN_BITS2 - 1; -- mask = BN_TBIT; -- } -- -- /* convert out of "projective" coordinates */ -- i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); -- if (i == 0) goto err; -- else if (i == 1) -- { -- if (!EC_POINT_set_to_infinity(group, r)) goto err; -- } -- else -- { -- if (!BN_one(&r->Z)) goto err; -- r->Z_is_one = 1; -- } -- -- /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ -- BN_set_negative(&r->X, 0); -- BN_set_negative(&r->Y, 0); -- -- ret = 1; -+static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, -+ EC_POINT *r, -+ const BIGNUM *scalar, -+ const EC_POINT *point, -+ BN_CTX *ctx) -+{ -+ BIGNUM *x1, *x2, *z1, *z2; -+ int ret = 0, i, j; -+ BN_ULONG mask; -+ -+ if (r == point) { -+ ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); -+ return 0; -+ } -+ -+ /* if result should be point at infinity */ -+ if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || -+ EC_POINT_is_at_infinity(group, point)) { -+ return EC_POINT_set_to_infinity(group, r); -+ } -+ -+ /* only support affine coordinates */ -+ if (!point->Z_is_one) -+ return 0; -+ -+ /* -+ * Since point_multiply is static we can guarantee that ctx != NULL. -+ */ -+ BN_CTX_start(ctx); -+ x1 = BN_CTX_get(ctx); -+ z1 = BN_CTX_get(ctx); -+ if (z1 == NULL) -+ goto err; -+ -+ x2 = &r->X; -+ z2 = &r->Y; -+ -+ bn_wexpand(x1, group->field.top); -+ bn_wexpand(z1, group->field.top); -+ bn_wexpand(x2, group->field.top); -+ bn_wexpand(z2, group->field.top); -+ -+ if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) -+ goto err; /* x1 = x */ -+ if (!BN_one(z1)) -+ goto err; /* z1 = 1 */ -+ if (!group->meth->field_sqr(group, z2, x1, ctx)) -+ goto err; /* z2 = x1^2 = x^2 */ -+ if (!group->meth->field_sqr(group, x2, z2, ctx)) -+ goto err; -+ if (!BN_GF2m_add(x2, x2, &group->b)) -+ goto err; /* x2 = x^4 + b */ -+ -+ /* find top most bit and go one past it */ -+ i = scalar->top - 1; -+ j = BN_BITS2 - 1; -+ mask = BN_TBIT; -+ while (!(scalar->d[i] & mask)) { -+ mask >>= 1; -+ j--; -+ } -+ mask >>= 1; -+ j--; -+ /* if top most bit was at word break, go to next word */ -+ if (!mask) { -+ i--; -+ j = BN_BITS2 - 1; -+ mask = BN_TBIT; -+ } -+ -+ for (; i >= 0; i--) { -+ for (; j >= 0; j--) { -+ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); -+ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); -+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) -+ goto err; -+ if (!gf2m_Mdouble(group, x1, z1, ctx)) -+ goto err; -+ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); -+ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); -+ mask >>= 1; -+ } -+ j = BN_BITS2 - 1; -+ mask = BN_TBIT; -+ } -+ -+ /* convert out of "projective" coordinates */ -+ i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); -+ if (i == 0) -+ goto err; -+ else if (i == 1) { -+ if (!EC_POINT_set_to_infinity(group, r)) -+ goto err; -+ } else { -+ if (!BN_one(&r->Z)) -+ goto err; -+ r->Z_is_one = 1; -+ } -+ -+ /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ -+ BN_set_negative(&r->X, 0); -+ BN_set_negative(&r->Y, 0); -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- return ret; -- } -- -+ BN_CTX_end(ctx); -+ return ret; -+} - --/* Computes the sum -+/*- -+ * Computes the sum - * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] - * gracefully ignoring NULL scalar values. - */ --int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, -- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- int ret = 0; -- size_t i; -- EC_POINT *p=NULL; -- EC_POINT *acc = NULL; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- /* This implementation is more efficient than the wNAF implementation for 2 -- * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points, -- * or if we can perform a fast multiplication based on precomputation. -- */ -- if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group))) -- { -- ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); -- goto err; -- } -- -- if ((p = EC_POINT_new(group)) == NULL) goto err; -- if ((acc = EC_POINT_new(group)) == NULL) goto err; -- -- if (!EC_POINT_set_to_infinity(group, acc)) goto err; -- -- if (scalar) -- { -- if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err; -- if (BN_is_negative(scalar)) -- if (!group->meth->invert(group, p, ctx)) goto err; -- if (!group->meth->add(group, acc, acc, p, ctx)) goto err; -- } -- -- for (i = 0; i < num; i++) -- { -- if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err; -- if (BN_is_negative(scalars[i])) -- if (!group->meth->invert(group, p, ctx)) goto err; -- if (!group->meth->add(group, acc, acc, p, ctx)) goto err; -- } -- -- if (!EC_POINT_copy(r, acc)) goto err; -- -- ret = 1; -- -- err: -- if (p) EC_POINT_free(p); -- if (acc) EC_POINT_free(acc); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --/* Precomputation for point multiplication: fall back to wNAF methods -- * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ -+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, -+ const BIGNUM *scalar, size_t num, -+ const EC_POINT *points[], const BIGNUM *scalars[], -+ BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ int ret = 0; -+ size_t i; -+ EC_POINT *p = NULL; -+ EC_POINT *acc = NULL; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ /* -+ * This implementation is more efficient than the wNAF implementation for -+ * 2 or fewer points. Use the ec_wNAF_mul implementation for 3 or more -+ * points, or if we can perform a fast multiplication based on -+ * precomputation. -+ */ -+ if ((scalar && (num > 1)) || (num > 2) -+ || (num == 0 && EC_GROUP_have_precompute_mult(group))) { -+ ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); -+ goto err; -+ } -+ -+ if ((p = EC_POINT_new(group)) == NULL) -+ goto err; -+ if ((acc = EC_POINT_new(group)) == NULL) -+ goto err; -+ -+ if (!EC_POINT_set_to_infinity(group, acc)) -+ goto err; -+ -+ if (scalar) { -+ if (!ec_GF2m_montgomery_point_multiply -+ (group, p, scalar, group->generator, ctx)) -+ goto err; -+ if (BN_is_negative(scalar)) -+ if (!group->meth->invert(group, p, ctx)) -+ goto err; -+ if (!group->meth->add(group, acc, acc, p, ctx)) -+ goto err; -+ } -+ -+ for (i = 0; i < num; i++) { -+ if (!ec_GF2m_montgomery_point_multiply -+ (group, p, scalars[i], points[i], ctx)) -+ goto err; -+ if (BN_is_negative(scalars[i])) -+ if (!group->meth->invert(group, p, ctx)) -+ goto err; -+ if (!group->meth->add(group, acc, acc, p, ctx)) -+ goto err; -+ } -+ -+ if (!EC_POINT_copy(r, acc)) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ if (p) -+ EC_POINT_free(p); -+ if (acc) -+ EC_POINT_free(acc); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+/* -+ * Precomputation for point multiplication: fall back to wNAF methods because -+ * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate -+ */ - - int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -- { -- return ec_wNAF_precompute_mult(group, ctx); -- } -+{ -+ return ec_wNAF_precompute_mult(group, ctx); -+} - - int ec_GF2m_have_precompute_mult(const EC_GROUP *group) -- { -- return ec_wNAF_have_precompute_mult(group); -- } -+{ -+ return ec_wNAF_have_precompute_mult(group); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c -index c06b3b6..5df41e2 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c -@@ -21,7 +21,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -71,906 +71,965 @@ - - #include "ec_lcl.h" - -- - const EC_METHOD *EC_GF2m_simple_method(void) -- { -- static const EC_METHOD ret = { -- NID_X9_62_characteristic_two_field, -- ec_GF2m_simple_group_init, -- ec_GF2m_simple_group_finish, -- ec_GF2m_simple_group_clear_finish, -- ec_GF2m_simple_group_copy, -- ec_GF2m_simple_group_set_curve, -- ec_GF2m_simple_group_get_curve, -- ec_GF2m_simple_group_get_degree, -- ec_GF2m_simple_group_check_discriminant, -- ec_GF2m_simple_point_init, -- ec_GF2m_simple_point_finish, -- ec_GF2m_simple_point_clear_finish, -- ec_GF2m_simple_point_copy, -- ec_GF2m_simple_point_set_to_infinity, -- 0 /* set_Jprojective_coordinates_GFp */, -- 0 /* get_Jprojective_coordinates_GFp */, -- ec_GF2m_simple_point_set_affine_coordinates, -- ec_GF2m_simple_point_get_affine_coordinates, -- ec_GF2m_simple_set_compressed_coordinates, -- ec_GF2m_simple_point2oct, -- ec_GF2m_simple_oct2point, -- ec_GF2m_simple_add, -- ec_GF2m_simple_dbl, -- ec_GF2m_simple_invert, -- ec_GF2m_simple_is_at_infinity, -- ec_GF2m_simple_is_on_curve, -- ec_GF2m_simple_cmp, -- ec_GF2m_simple_make_affine, -- ec_GF2m_simple_points_make_affine, -- -- /* the following three method functions are defined in ec2_mult.c */ -- ec_GF2m_simple_mul, -- ec_GF2m_precompute_mult, -- ec_GF2m_have_precompute_mult, -- -- ec_GF2m_simple_field_mul, -- ec_GF2m_simple_field_sqr, -- ec_GF2m_simple_field_div, -- 0 /* field_encode */, -- 0 /* field_decode */, -- 0 /* field_set_to_one */ }; -- -- return &ret; -- } -- -- --/* Initialize a GF(2^m)-based EC_GROUP structure. -- * Note that all other members are handled by EC_GROUP_new. -+{ -+ static const EC_METHOD ret = { -+ NID_X9_62_characteristic_two_field, -+ ec_GF2m_simple_group_init, -+ ec_GF2m_simple_group_finish, -+ ec_GF2m_simple_group_clear_finish, -+ ec_GF2m_simple_group_copy, -+ ec_GF2m_simple_group_set_curve, -+ ec_GF2m_simple_group_get_curve, -+ ec_GF2m_simple_group_get_degree, -+ ec_GF2m_simple_group_check_discriminant, -+ ec_GF2m_simple_point_init, -+ ec_GF2m_simple_point_finish, -+ ec_GF2m_simple_point_clear_finish, -+ ec_GF2m_simple_point_copy, -+ ec_GF2m_simple_point_set_to_infinity, -+ 0 /* set_Jprojective_coordinates_GFp */ , -+ 0 /* get_Jprojective_coordinates_GFp */ , -+ ec_GF2m_simple_point_set_affine_coordinates, -+ ec_GF2m_simple_point_get_affine_coordinates, -+ ec_GF2m_simple_set_compressed_coordinates, -+ ec_GF2m_simple_point2oct, -+ ec_GF2m_simple_oct2point, -+ ec_GF2m_simple_add, -+ ec_GF2m_simple_dbl, -+ ec_GF2m_simple_invert, -+ ec_GF2m_simple_is_at_infinity, -+ ec_GF2m_simple_is_on_curve, -+ ec_GF2m_simple_cmp, -+ ec_GF2m_simple_make_affine, -+ ec_GF2m_simple_points_make_affine, -+ -+ /* -+ * the following three method functions are defined in ec2_mult.c -+ */ -+ ec_GF2m_simple_mul, -+ ec_GF2m_precompute_mult, -+ ec_GF2m_have_precompute_mult, -+ -+ ec_GF2m_simple_field_mul, -+ ec_GF2m_simple_field_sqr, -+ ec_GF2m_simple_field_div, -+ 0 /* field_encode */ , -+ 0 /* field_decode */ , -+ 0 /* field_set_to_one */ -+ }; -+ -+ return &ret; -+} -+ -+/* -+ * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members -+ * are handled by EC_GROUP_new. - */ - int ec_GF2m_simple_group_init(EC_GROUP *group) -- { -- BN_init(&group->field); -- BN_init(&group->a); -- BN_init(&group->b); -- return 1; -- } -- -- --/* Free a GF(2^m)-based EC_GROUP structure. -- * Note that all other members are handled by EC_GROUP_free. -+{ -+ BN_init(&group->field); -+ BN_init(&group->a); -+ BN_init(&group->b); -+ return 1; -+} -+ -+/* -+ * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are -+ * handled by EC_GROUP_free. - */ - void ec_GF2m_simple_group_finish(EC_GROUP *group) -- { -- BN_free(&group->field); -- BN_free(&group->a); -- BN_free(&group->b); -- } -- -- --/* Clear and free a GF(2^m)-based EC_GROUP structure. -- * Note that all other members are handled by EC_GROUP_clear_free. -+{ -+ BN_free(&group->field); -+ BN_free(&group->a); -+ BN_free(&group->b); -+} -+ -+/* -+ * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other -+ * members are handled by EC_GROUP_clear_free. - */ - void ec_GF2m_simple_group_clear_finish(EC_GROUP *group) -- { -- BN_clear_free(&group->field); -- BN_clear_free(&group->a); -- BN_clear_free(&group->b); -- group->poly[0] = 0; -- group->poly[1] = 0; -- group->poly[2] = 0; -- group->poly[3] = 0; -- group->poly[4] = 0; -- } -- -- --/* Copy a GF(2^m)-based EC_GROUP structure. -- * Note that all other members are handled by EC_GROUP_copy. -+{ -+ BN_clear_free(&group->field); -+ BN_clear_free(&group->a); -+ BN_clear_free(&group->b); -+ group->poly[0] = 0; -+ group->poly[1] = 0; -+ group->poly[2] = 0; -+ group->poly[3] = 0; -+ group->poly[4] = 0; -+} -+ -+/* -+ * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are -+ * handled by EC_GROUP_copy. - */ - int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) -- { -- int i; -- if (!BN_copy(&dest->field, &src->field)) return 0; -- if (!BN_copy(&dest->a, &src->a)) return 0; -- if (!BN_copy(&dest->b, &src->b)) return 0; -- dest->poly[0] = src->poly[0]; -- dest->poly[1] = src->poly[1]; -- dest->poly[2] = src->poly[2]; -- dest->poly[3] = src->poly[3]; -- dest->poly[4] = src->poly[4]; -- if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) -- return 0; -- if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) -- return 0; -- for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; -- for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; -- return 1; -- } -- -+{ -+ int i; -+ if (!BN_copy(&dest->field, &src->field)) -+ return 0; -+ if (!BN_copy(&dest->a, &src->a)) -+ return 0; -+ if (!BN_copy(&dest->b, &src->b)) -+ return 0; -+ dest->poly[0] = src->poly[0]; -+ dest->poly[1] = src->poly[1]; -+ dest->poly[2] = src->poly[2]; -+ dest->poly[3] = src->poly[3]; -+ dest->poly[4] = src->poly[4]; -+ if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) -+ == NULL) -+ return 0; -+ if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) -+ == NULL) -+ return 0; -+ for (i = dest->a.top; i < dest->a.dmax; i++) -+ dest->a.d[i] = 0; -+ for (i = dest->b.top; i < dest->b.dmax; i++) -+ dest->b.d[i] = 0; -+ return 1; -+} - - /* Set the curve parameters of an EC_GROUP structure. */ - int ec_GF2m_simple_group_set_curve(EC_GROUP *group, -- const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- int ret = 0, i; -- -- /* group->field */ -- if (!BN_copy(&group->field, p)) goto err; -- i = BN_GF2m_poly2arr(&group->field, group->poly, 5); -- if ((i != 5) && (i != 3)) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -- goto err; -- } -- -- /* group->a */ -- if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; -- if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; -- for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; -- -- /* group->b */ -- if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; -- if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; -- for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; -- -- ret = 1; -- err: -- return ret; -- } -- -- --/* Get the curve parameters of an EC_GROUP structure. -- * If p, a, or b are NULL then there values will not be set but the method will return with success. -+ const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ int ret = 0, i; -+ -+ /* group->field */ -+ if (!BN_copy(&group->field, p)) -+ goto err; -+ i = BN_GF2m_poly2arr(&group->field, group->poly, 5); -+ if ((i != 5) && (i != 3)) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ goto err; -+ } -+ -+ /* group->a */ -+ if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) -+ goto err; -+ if (bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) -+ == NULL) -+ goto err; -+ for (i = group->a.top; i < group->a.dmax; i++) -+ group->a.d[i] = 0; -+ -+ /* group->b */ -+ if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) -+ goto err; -+ if (bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) -+ == NULL) -+ goto err; -+ for (i = group->b.top; i < group->b.dmax; i++) -+ group->b.d[i] = 0; -+ -+ ret = 1; -+ err: -+ return ret; -+} -+ -+/* -+ * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL -+ * then there values will not be set but the method will return with success. - */ --int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -- { -- int ret = 0; -- -- if (p != NULL) -- { -- if (!BN_copy(p, &group->field)) return 0; -- } -- -- if (a != NULL) -- { -- if (!BN_copy(a, &group->a)) goto err; -- } -- -- if (b != NULL) -- { -- if (!BN_copy(b, &group->b)) goto err; -- } -- -- ret = 1; -- -- err: -- return ret; -- } -- -- --/* Gets the degree of the field. For a curve over GF(2^m) this is the value m. */ --int ec_GF2m_simple_group_get_degree(const EC_GROUP *group) -- { -- return BN_num_bits(&group->field)-1; -- } -+int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, -+ BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -+{ -+ int ret = 0; -+ -+ if (p != NULL) { -+ if (!BN_copy(p, &group->field)) -+ return 0; -+ } -+ -+ if (a != NULL) { -+ if (!BN_copy(a, &group->a)) -+ goto err; -+ } -+ -+ if (b != NULL) { -+ if (!BN_copy(b, &group->b)) -+ goto err; -+ } -+ -+ ret = 1; - -+ err: -+ return ret; -+} - --/* Checks the discriminant of the curve. -- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) -+/* -+ * Gets the degree of the field. For a curve over GF(2^m) this is the value -+ * m. - */ --int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) -- { -- int ret = 0; -- BIGNUM *b; -- BN_CTX *new_ctx = NULL; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- BN_CTX_start(ctx); -- b = BN_CTX_get(ctx); -- if (b == NULL) goto err; -- -- if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) goto err; -- -- /* check the discriminant: -- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) -- */ -- if (BN_is_zero(b)) goto err; -- -- ret = 1; -- --err: -- if (ctx != NULL) -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -+int ec_GF2m_simple_group_get_degree(const EC_GROUP *group) -+{ -+ return BN_num_bits(&group->field) - 1; -+} - -+/* -+ * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an -+ * elliptic curve <=> b != 0 (mod p) -+ */ -+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, -+ BN_CTX *ctx) -+{ -+ int ret = 0; -+ BIGNUM *b; -+ BN_CTX *new_ctx = NULL; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ BN_CTX_start(ctx); -+ b = BN_CTX_get(ctx); -+ if (b == NULL) -+ goto err; -+ -+ if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) -+ goto err; -+ -+ /* -+ * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic -+ * curve <=> b != 0 (mod p) -+ */ -+ if (BN_is_zero(b)) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ if (ctx != NULL) -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} - - /* Initializes an EC_POINT. */ - int ec_GF2m_simple_point_init(EC_POINT *point) -- { -- BN_init(&point->X); -- BN_init(&point->Y); -- BN_init(&point->Z); -- return 1; -- } -- -+{ -+ BN_init(&point->X); -+ BN_init(&point->Y); -+ BN_init(&point->Z); -+ return 1; -+} - - /* Frees an EC_POINT. */ - void ec_GF2m_simple_point_finish(EC_POINT *point) -- { -- BN_free(&point->X); -- BN_free(&point->Y); -- BN_free(&point->Z); -- } -- -+{ -+ BN_free(&point->X); -+ BN_free(&point->Y); -+ BN_free(&point->Z); -+} - - /* Clears and frees an EC_POINT. */ - void ec_GF2m_simple_point_clear_finish(EC_POINT *point) -- { -- BN_clear_free(&point->X); -- BN_clear_free(&point->Y); -- BN_clear_free(&point->Z); -- point->Z_is_one = 0; -- } -- -- --/* Copy the contents of one EC_POINT into another. Assumes dest is initialized. */ -+{ -+ BN_clear_free(&point->X); -+ BN_clear_free(&point->Y); -+ BN_clear_free(&point->Z); -+ point->Z_is_one = 0; -+} -+ -+/* -+ * Copy the contents of one EC_POINT into another. Assumes dest is -+ * initialized. -+ */ - int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) -- { -- if (!BN_copy(&dest->X, &src->X)) return 0; -- if (!BN_copy(&dest->Y, &src->Y)) return 0; -- if (!BN_copy(&dest->Z, &src->Z)) return 0; -- dest->Z_is_one = src->Z_is_one; -- -- return 1; -- } -- -- --/* Set an EC_POINT to the point at infinity. -- * A point at infinity is represented by having Z=0. -+{ -+ if (!BN_copy(&dest->X, &src->X)) -+ return 0; -+ if (!BN_copy(&dest->Y, &src->Y)) -+ return 0; -+ if (!BN_copy(&dest->Z, &src->Z)) -+ return 0; -+ dest->Z_is_one = src->Z_is_one; -+ -+ return 1; -+} -+ -+/* -+ * Set an EC_POINT to the point at infinity. A point at infinity is -+ * represented by having Z=0. - */ --int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) -- { -- point->Z_is_one = 0; -- BN_zero(&point->Z); -- return 1; -- } -+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, -+ EC_POINT *point) -+{ -+ point->Z_is_one = 0; -+ BN_zero(&point->Z); -+ return 1; -+} -+ -+/* -+ * Set the coordinates of an EC_POINT using affine coordinates. Note that -+ * the simple implementation only uses affine coordinates. -+ */ -+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, -+ EC_POINT *point, -+ const BIGNUM *x, -+ const BIGNUM *y, BN_CTX *ctx) -+{ -+ int ret = 0; -+ if (x == NULL || y == NULL) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ -+ if (!BN_copy(&point->X, x)) -+ goto err; -+ BN_set_negative(&point->X, 0); -+ if (!BN_copy(&point->Y, y)) -+ goto err; -+ BN_set_negative(&point->Y, 0); -+ if (!BN_copy(&point->Z, BN_value_one())) -+ goto err; -+ BN_set_negative(&point->Z, 0); -+ point->Z_is_one = 1; -+ ret = 1; - -+ err: -+ return ret; -+} - --/* Set the coordinates of an EC_POINT using affine coordinates. -- * Note that the simple implementation only uses affine coordinates. -+/* -+ * Gets the affine coordinates of an EC_POINT. Note that the simple -+ * implementation only uses affine coordinates. - */ --int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) -- { -- int ret = 0; -- if (x == NULL || y == NULL) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- -- if (!BN_copy(&point->X, x)) goto err; -- BN_set_negative(&point->X, 0); -- if (!BN_copy(&point->Y, y)) goto err; -- BN_set_negative(&point->Y, 0); -- if (!BN_copy(&point->Z, BN_value_one())) goto err; -- BN_set_negative(&point->Z, 0); -- point->Z_is_one = 1; -- ret = 1; -- -- err: -- return ret; -- } -- -- --/* Gets the affine coordinates of an EC_POINT. -- * Note that the simple implementation only uses affine coordinates. -- */ --int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, -- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) -- { -- int ret = 0; -- -- if (EC_POINT_is_at_infinity(group, point)) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); -- return 0; -- } -- -- if (BN_cmp(&point->Z, BN_value_one())) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (x != NULL) -- { -- if (!BN_copy(x, &point->X)) goto err; -- BN_set_negative(x, 0); -- } -- if (y != NULL) -- { -- if (!BN_copy(y, &point->Y)) goto err; -- BN_set_negative(y, 0); -- } -- ret = 1; -- -- err: -- return ret; -- } -+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, -+ const EC_POINT *point, -+ BIGNUM *x, BIGNUM *y, -+ BN_CTX *ctx) -+{ -+ int ret = 0; -+ -+ if (EC_POINT_is_at_infinity(group, point)) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, -+ EC_R_POINT_AT_INFINITY); -+ return 0; -+ } -+ -+ if (BN_cmp(&point->Z, BN_value_one())) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (x != NULL) { -+ if (!BN_copy(x, &point->X)) -+ goto err; -+ BN_set_negative(x, 0); -+ } -+ if (y != NULL) { -+ if (!BN_copy(y, &point->Y)) -+ goto err; -+ BN_set_negative(y, 0); -+ } -+ ret = 1; - -+ err: -+ return ret; -+} - - /* Include patented algorithms. */ - #include "ec2_smpt.c" - -- --/* Converts an EC_POINT to an octet string. -- * If buf is NULL, the encoded length will be returned. -- * If the length len of buf is smaller than required an error will be returned. -- * -- * The point compression section of this function is patented by Certicom Corp. -- * under US Patent 6,141,420. Point compression is disabled by default and can -- * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at -- * Configure-time. -+/* -+ * Converts an EC_POINT to an octet string. If buf is NULL, the encoded -+ * length will be returned. If the length len of buf is smaller than required -+ * an error will be returned. The point compression section of this function -+ * is patented by Certicom Corp. under US Patent 6,141,420. Point -+ * compression is disabled by default and can be enabled by defining the -+ * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time. - */ --size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, -- unsigned char *buf, size_t len, BN_CTX *ctx) -- { -- size_t ret; -- BN_CTX *new_ctx = NULL; -- int used_ctx = 0; -- BIGNUM *x, *y, *yxi; -- size_t field_len, i, skip; -+size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, -+ point_conversion_form_t form, -+ unsigned char *buf, size_t len, BN_CTX *ctx) -+{ -+ size_t ret; -+ BN_CTX *new_ctx = NULL; -+ int used_ctx = 0; -+ BIGNUM *x, *y, *yxi; -+ size_t field_len, i, skip; - - #ifndef OPENSSL_EC_BIN_PT_COMP -- if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID)) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED); -- goto err; -- } -+ if ((form == POINT_CONVERSION_COMPRESSED) -+ || (form == POINT_CONVERSION_HYBRID)) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED); -+ goto err; -+ } - #endif - -- if ((form != POINT_CONVERSION_COMPRESSED) -- && (form != POINT_CONVERSION_UNCOMPRESSED) -- && (form != POINT_CONVERSION_HYBRID)) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); -- goto err; -- } -- -- if (EC_POINT_is_at_infinity(group, point)) -- { -- /* encodes to a single 0 octet */ -- if (buf != NULL) -- { -- if (len < 1) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); -- return 0; -- } -- buf[0] = 0; -- } -- return 1; -- } -- -- -- /* ret := required output buffer length */ -- field_len = (EC_GROUP_get_degree(group) + 7) / 8; -- ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; -- -- /* if 'buf' is NULL, just return required length */ -- if (buf != NULL) -- { -- if (len < ret) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); -- goto err; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- used_ctx = 1; -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- yxi = BN_CTX_get(ctx); -- if (yxi == NULL) goto err; -- -- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; -- -- buf[0] = form; -+ if ((form != POINT_CONVERSION_COMPRESSED) -+ && (form != POINT_CONVERSION_UNCOMPRESSED) -+ && (form != POINT_CONVERSION_HYBRID)) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); -+ goto err; -+ } -+ -+ if (EC_POINT_is_at_infinity(group, point)) { -+ /* encodes to a single 0 octet */ -+ if (buf != NULL) { -+ if (len < 1) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); -+ return 0; -+ } -+ buf[0] = 0; -+ } -+ return 1; -+ } -+ -+ /* ret := required output buffer length */ -+ field_len = (EC_GROUP_get_degree(group) + 7) / 8; -+ ret = -+ (form == -+ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; -+ -+ /* if 'buf' is NULL, just return required length */ -+ if (buf != NULL) { -+ if (len < ret) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); -+ goto err; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ used_ctx = 1; -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ yxi = BN_CTX_get(ctx); -+ if (yxi == NULL) -+ goto err; -+ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) -+ goto err; -+ -+ buf[0] = form; - #ifdef OPENSSL_EC_BIN_PT_COMP -- if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) -- { -- if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err; -- if (BN_is_odd(yxi)) buf[0]++; -- } -+ if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) { -+ if (!group->meth->field_div(group, yxi, y, x, ctx)) -+ goto err; -+ if (BN_is_odd(yxi)) -+ buf[0]++; -+ } - #endif - -- i = 1; -- -- skip = field_len - BN_num_bytes(x); -- if (skip > field_len) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- while (skip > 0) -- { -- buf[i++] = 0; -- skip--; -- } -- skip = BN_bn2bin(x, buf + i); -- i += skip; -- if (i != 1 + field_len) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) -- { -- skip = field_len - BN_num_bytes(y); -- if (skip > field_len) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- while (skip > 0) -- { -- buf[i++] = 0; -- skip--; -- } -- skip = BN_bn2bin(y, buf + i); -- i += skip; -- } -- -- if (i != ret) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- if (used_ctx) -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -+ i = 1; -+ -+ skip = field_len - BN_num_bytes(x); -+ if (skip > field_len) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ while (skip > 0) { -+ buf[i++] = 0; -+ skip--; -+ } -+ skip = BN_bn2bin(x, buf + i); -+ i += skip; -+ if (i != 1 + field_len) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (form == POINT_CONVERSION_UNCOMPRESSED -+ || form == POINT_CONVERSION_HYBRID) { -+ skip = field_len - BN_num_bytes(y); -+ if (skip > field_len) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ while (skip > 0) { -+ buf[i++] = 0; -+ skip--; -+ } -+ skip = BN_bn2bin(y, buf + i); -+ i += skip; -+ } -+ -+ if (i != ret) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ -+ if (used_ctx) -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; - - err: -- if (used_ctx) -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return 0; -- } -- -- --/* Converts an octet string representation to an EC_POINT. -- * Note that the simple implementation only uses affine coordinates. -+ if (used_ctx) -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return 0; -+} -+ -+/* -+ * Converts an octet string representation to an EC_POINT. Note that the -+ * simple implementation only uses affine coordinates. - */ - int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, -- const unsigned char *buf, size_t len, BN_CTX *ctx) -- { -- point_conversion_form_t form; -- int y_bit; -- BN_CTX *new_ctx = NULL; -- BIGNUM *x, *y, *yxi; -- size_t field_len, enc_len; -- int ret = 0; -- -- if (len == 0) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); -- return 0; -- } -- form = buf[0]; -- y_bit = form & 1; -- form = form & ~1U; -- if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) -- && (form != POINT_CONVERSION_UNCOMPRESSED) -- && (form != POINT_CONVERSION_HYBRID)) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- return 0; -- } -- if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- return 0; -- } -- -- if (form == 0) -- { -- if (len != 1) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- return 0; -- } -- -- return EC_POINT_set_to_infinity(group, point); -- } -- -- field_len = (EC_GROUP_get_degree(group) + 7) / 8; -- enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; -- -- if (len != enc_len) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- return 0; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- yxi = BN_CTX_get(ctx); -- if (yxi == NULL) goto err; -- -- if (!BN_bin2bn(buf + 1, field_len, x)) goto err; -- if (BN_ucmp(x, &group->field) >= 0) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- goto err; -- } -- -- if (form == POINT_CONVERSION_COMPRESSED) -- { -- if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err; -- } -- else -- { -- if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err; -- if (BN_ucmp(y, &group->field) >= 0) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- goto err; -- } -- if (form == POINT_CONVERSION_HYBRID) -- { -- if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err; -- if (y_bit != BN_is_odd(yxi)) -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- goto err; -- } -- } -- -- if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; -- } -- -- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ -- { -- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); -- goto err; -- } -- -- ret = 1; -- -- err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -+ const unsigned char *buf, size_t len, -+ BN_CTX *ctx) -+{ -+ point_conversion_form_t form; -+ int y_bit; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *x, *y, *yxi; -+ size_t field_len, enc_len; -+ int ret = 0; -+ -+ if (len == 0) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); -+ return 0; -+ } -+ form = buf[0]; -+ y_bit = form & 1; -+ form = form & ~1U; -+ if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) -+ && (form != POINT_CONVERSION_UNCOMPRESSED) -+ && (form != POINT_CONVERSION_HYBRID)) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ return 0; -+ } -+ if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ return 0; -+ } -+ -+ if (form == 0) { -+ if (len != 1) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ return 0; -+ } -+ -+ return EC_POINT_set_to_infinity(group, point); -+ } -+ -+ field_len = (EC_GROUP_get_degree(group) + 7) / 8; -+ enc_len = -+ (form == -+ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; -+ -+ if (len != enc_len) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ return 0; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ yxi = BN_CTX_get(ctx); -+ if (yxi == NULL) -+ goto err; -+ -+ if (!BN_bin2bn(buf + 1, field_len, x)) -+ goto err; -+ if (BN_ucmp(x, &group->field) >= 0) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ goto err; -+ } -+ -+ if (form == POINT_CONVERSION_COMPRESSED) { -+ if (!EC_POINT_set_compressed_coordinates_GF2m -+ (group, point, x, y_bit, ctx)) -+ goto err; -+ } else { -+ if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) -+ goto err; -+ if (BN_ucmp(y, &group->field) >= 0) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ goto err; -+ } -+ if (form == POINT_CONVERSION_HYBRID) { -+ if (!group->meth->field_div(group, yxi, y, x, ctx)) -+ goto err; -+ if (y_bit != BN_is_odd(yxi)) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ goto err; -+ } -+ } -+ -+ if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) -+ goto err; -+ } -+ -+ /* test required by X9.62 */ -+ if (!EC_POINT_is_on_curve(group, point, ctx)) { -+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); -+ goto err; -+ } -+ -+ ret = 1; - -- --/* Computes a + b and stores the result in r. r could be a or b, a could be b. -- * Uses algorithm A.10.2 of IEEE P1363. -+ err: -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+/* -+ * Computes a + b and stores the result in r. r could be a or b, a could be -+ * b. Uses algorithm A.10.2 of IEEE P1363. - */ --int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; -- int ret = 0; -- -- if (EC_POINT_is_at_infinity(group, a)) -- { -- if (!EC_POINT_copy(r, b)) return 0; -- return 1; -- } -- -- if (EC_POINT_is_at_infinity(group, b)) -- { -- if (!EC_POINT_copy(r, a)) return 0; -- return 1; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- x0 = BN_CTX_get(ctx); -- y0 = BN_CTX_get(ctx); -- x1 = BN_CTX_get(ctx); -- y1 = BN_CTX_get(ctx); -- x2 = BN_CTX_get(ctx); -- y2 = BN_CTX_get(ctx); -- s = BN_CTX_get(ctx); -- t = BN_CTX_get(ctx); -- if (t == NULL) goto err; -- -- if (a->Z_is_one) -- { -- if (!BN_copy(x0, &a->X)) goto err; -- if (!BN_copy(y0, &a->Y)) goto err; -- } -- else -- { -- if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) goto err; -- } -- if (b->Z_is_one) -- { -- if (!BN_copy(x1, &b->X)) goto err; -- if (!BN_copy(y1, &b->Y)) goto err; -- } -- else -- { -- if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) goto err; -- } -- -- -- if (BN_GF2m_cmp(x0, x1)) -- { -- if (!BN_GF2m_add(t, x0, x1)) goto err; -- if (!BN_GF2m_add(s, y0, y1)) goto err; -- if (!group->meth->field_div(group, s, s, t, ctx)) goto err; -- if (!group->meth->field_sqr(group, x2, s, ctx)) goto err; -- if (!BN_GF2m_add(x2, x2, &group->a)) goto err; -- if (!BN_GF2m_add(x2, x2, s)) goto err; -- if (!BN_GF2m_add(x2, x2, t)) goto err; -- } -- else -- { -- if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) -- { -- if (!EC_POINT_set_to_infinity(group, r)) goto err; -- ret = 1; -- goto err; -- } -- if (!group->meth->field_div(group, s, y1, x1, ctx)) goto err; -- if (!BN_GF2m_add(s, s, x1)) goto err; -- -- if (!group->meth->field_sqr(group, x2, s, ctx)) goto err; -- if (!BN_GF2m_add(x2, x2, s)) goto err; -- if (!BN_GF2m_add(x2, x2, &group->a)) goto err; -- } -- -- if (!BN_GF2m_add(y2, x1, x2)) goto err; -- if (!group->meth->field_mul(group, y2, y2, s, ctx)) goto err; -- if (!BN_GF2m_add(y2, y2, x2)) goto err; -- if (!BN_GF2m_add(y2, y2, y1)) goto err; -- -- if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) goto err; -- -- ret = 1; -+int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, -+ const EC_POINT *b, BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; -+ int ret = 0; -+ -+ if (EC_POINT_is_at_infinity(group, a)) { -+ if (!EC_POINT_copy(r, b)) -+ return 0; -+ return 1; -+ } -+ -+ if (EC_POINT_is_at_infinity(group, b)) { -+ if (!EC_POINT_copy(r, a)) -+ return 0; -+ return 1; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ x0 = BN_CTX_get(ctx); -+ y0 = BN_CTX_get(ctx); -+ x1 = BN_CTX_get(ctx); -+ y1 = BN_CTX_get(ctx); -+ x2 = BN_CTX_get(ctx); -+ y2 = BN_CTX_get(ctx); -+ s = BN_CTX_get(ctx); -+ t = BN_CTX_get(ctx); -+ if (t == NULL) -+ goto err; -+ -+ if (a->Z_is_one) { -+ if (!BN_copy(x0, &a->X)) -+ goto err; -+ if (!BN_copy(y0, &a->Y)) -+ goto err; -+ } else { -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) -+ goto err; -+ } -+ if (b->Z_is_one) { -+ if (!BN_copy(x1, &b->X)) -+ goto err; -+ if (!BN_copy(y1, &b->Y)) -+ goto err; -+ } else { -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) -+ goto err; -+ } -+ -+ if (BN_GF2m_cmp(x0, x1)) { -+ if (!BN_GF2m_add(t, x0, x1)) -+ goto err; -+ if (!BN_GF2m_add(s, y0, y1)) -+ goto err; -+ if (!group->meth->field_div(group, s, s, t, ctx)) -+ goto err; -+ if (!group->meth->field_sqr(group, x2, s, ctx)) -+ goto err; -+ if (!BN_GF2m_add(x2, x2, &group->a)) -+ goto err; -+ if (!BN_GF2m_add(x2, x2, s)) -+ goto err; -+ if (!BN_GF2m_add(x2, x2, t)) -+ goto err; -+ } else { -+ if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) { -+ if (!EC_POINT_set_to_infinity(group, r)) -+ goto err; -+ ret = 1; -+ goto err; -+ } -+ if (!group->meth->field_div(group, s, y1, x1, ctx)) -+ goto err; -+ if (!BN_GF2m_add(s, s, x1)) -+ goto err; -+ -+ if (!group->meth->field_sqr(group, x2, s, ctx)) -+ goto err; -+ if (!BN_GF2m_add(x2, x2, s)) -+ goto err; -+ if (!BN_GF2m_add(x2, x2, &group->a)) -+ goto err; -+ } -+ -+ if (!BN_GF2m_add(y2, x1, x2)) -+ goto err; -+ if (!group->meth->field_mul(group, y2, y2, s, ctx)) -+ goto err; -+ if (!BN_GF2m_add(y2, y2, x2)) -+ goto err; -+ if (!BN_GF2m_add(y2, y2, y1)) -+ goto err; -+ -+ if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) -+ goto err; -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --/* Computes 2 * a and stores the result in r. r could be a. -- * Uses algorithm A.10.2 of IEEE P1363. -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+/* -+ * Computes 2 * a and stores the result in r. r could be a. Uses algorithm -+ * A.10.2 of IEEE P1363. - */ --int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) -- { -- return ec_GF2m_simple_add(group, r, a, a, ctx); -- } -- -+int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, -+ BN_CTX *ctx) -+{ -+ return ec_GF2m_simple_add(group, r, a, a, ctx); -+} - - int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) -- { -- if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) -- /* point is its own inverse */ -- return 1; -- -- if (!EC_POINT_make_affine(group, point, ctx)) return 0; -- return BN_GF2m_add(&point->Y, &point->X, &point->Y); -- } -+{ -+ if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) -+ /* point is its own inverse */ -+ return 1; - -+ if (!EC_POINT_make_affine(group, point, ctx)) -+ return 0; -+ return BN_GF2m_add(&point->Y, &point->X, &point->Y); -+} - - /* Indicates whether the given point is the point at infinity. */ --int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) -- { -- return BN_is_zero(&point->Z); -- } -- -- --/* Determines whether the given EC_POINT is an actual point on the curve defined -+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, -+ const EC_POINT *point) -+{ -+ return BN_is_zero(&point->Z); -+} -+ -+/*- -+ * Determines whether the given EC_POINT is an actual point on the curve defined - * in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation: - * y^2 + x*y = x^3 + a*x^2 + b. - */ --int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) -- { -- int ret = -1; -- BN_CTX *new_ctx = NULL; -- BIGNUM *lh, *y2; -- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); -- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -- -- if (EC_POINT_is_at_infinity(group, point)) -- return 1; -- -- field_mul = group->meth->field_mul; -- field_sqr = group->meth->field_sqr; -- -- /* only support affine coordinates */ -- if (!point->Z_is_one) return -1; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return -1; -- } -- -- BN_CTX_start(ctx); -- y2 = BN_CTX_get(ctx); -- lh = BN_CTX_get(ctx); -- if (lh == NULL) goto err; -- -- /* We have a curve defined by a Weierstrass equation -- * y^2 + x*y = x^3 + a*x^2 + b. -- * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 -- * <=> ((x + a) * x + y ) * x + b + y^2 = 0 -- */ -- if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err; -- if (!field_mul(group, lh, lh, &point->X, ctx)) goto err; -- if (!BN_GF2m_add(lh, lh, &point->Y)) goto err; -- if (!field_mul(group, lh, lh, &point->X, ctx)) goto err; -- if (!BN_GF2m_add(lh, lh, &group->b)) goto err; -- if (!field_sqr(group, y2, &point->Y, ctx)) goto err; -- if (!BN_GF2m_add(lh, lh, y2)) goto err; -- ret = BN_is_zero(lh); -+int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, -+ BN_CTX *ctx) -+{ -+ int ret = -1; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *lh, *y2; -+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, -+ const BIGNUM *, BN_CTX *); -+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -+ -+ if (EC_POINT_is_at_infinity(group, point)) -+ return 1; -+ -+ field_mul = group->meth->field_mul; -+ field_sqr = group->meth->field_sqr; -+ -+ /* only support affine coordinates */ -+ if (!point->Z_is_one) -+ return -1; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return -1; -+ } -+ -+ BN_CTX_start(ctx); -+ y2 = BN_CTX_get(ctx); -+ lh = BN_CTX_get(ctx); -+ if (lh == NULL) -+ goto err; -+ -+ /*- -+ * We have a curve defined by a Weierstrass equation -+ * y^2 + x*y = x^3 + a*x^2 + b. -+ * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 -+ * <=> ((x + a) * x + y ) * x + b + y^2 = 0 -+ */ -+ if (!BN_GF2m_add(lh, &point->X, &group->a)) -+ goto err; -+ if (!field_mul(group, lh, lh, &point->X, ctx)) -+ goto err; -+ if (!BN_GF2m_add(lh, lh, &point->Y)) -+ goto err; -+ if (!field_mul(group, lh, lh, &point->X, ctx)) -+ goto err; -+ if (!BN_GF2m_add(lh, lh, &group->b)) -+ goto err; -+ if (!field_sqr(group, y2, &point->Y, ctx)) -+ goto err; -+ if (!BN_GF2m_add(lh, lh, y2)) -+ goto err; -+ ret = BN_is_zero(lh); - err: -- if (ctx) BN_CTX_end(ctx); -- if (new_ctx) BN_CTX_free(new_ctx); -- return ret; -- } -- -- --/* Indicates whether two points are equal. -+ if (ctx) -+ BN_CTX_end(ctx); -+ if (new_ctx) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+/*- -+ * Indicates whether two points are equal. - * Return values: - * -1 error - * 0 equal (in affine coordinates) - * 1 not equal - */ --int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) -- { -- BIGNUM *aX, *aY, *bX, *bY; -- BN_CTX *new_ctx = NULL; -- int ret = -1; -- -- if (EC_POINT_is_at_infinity(group, a)) -- { -- return EC_POINT_is_at_infinity(group, b) ? 0 : 1; -- } -- -- if (EC_POINT_is_at_infinity(group, b)) -- return 1; -- -- if (a->Z_is_one && b->Z_is_one) -- { -- return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return -1; -- } -- -- BN_CTX_start(ctx); -- aX = BN_CTX_get(ctx); -- aY = BN_CTX_get(ctx); -- bX = BN_CTX_get(ctx); -- bY = BN_CTX_get(ctx); -- if (bY == NULL) goto err; -- -- if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) goto err; -- if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) goto err; -- ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; -- -- err: -- if (ctx) BN_CTX_end(ctx); -- if (new_ctx) BN_CTX_free(new_ctx); -- return ret; -- } -+int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, -+ const EC_POINT *b, BN_CTX *ctx) -+{ -+ BIGNUM *aX, *aY, *bX, *bY; -+ BN_CTX *new_ctx = NULL; -+ int ret = -1; -+ -+ if (EC_POINT_is_at_infinity(group, a)) { -+ return EC_POINT_is_at_infinity(group, b) ? 0 : 1; -+ } -+ -+ if (EC_POINT_is_at_infinity(group, b)) -+ return 1; -+ -+ if (a->Z_is_one && b->Z_is_one) { -+ return ((BN_cmp(&a->X, &b->X) == 0) -+ && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return -1; -+ } -+ -+ BN_CTX_start(ctx); -+ aX = BN_CTX_get(ctx); -+ aY = BN_CTX_get(ctx); -+ bX = BN_CTX_get(ctx); -+ bY = BN_CTX_get(ctx); -+ if (bY == NULL) -+ goto err; -+ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) -+ goto err; -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) -+ goto err; -+ ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; - -+ err: -+ if (ctx) -+ BN_CTX_end(ctx); -+ if (new_ctx) -+ BN_CTX_free(new_ctx); -+ return ret; -+} - - /* Forces the given EC_POINT to internally use affine coordinates. */ --int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- BIGNUM *x, *y; -- int ret = 0; -- -- if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) -- return 1; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- if (y == NULL) goto err; -- -- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; -- if (!BN_copy(&point->X, x)) goto err; -- if (!BN_copy(&point->Y, y)) goto err; -- if (!BN_one(&point->Z)) goto err; -- -- ret = 1; -- -- err: -- if (ctx) BN_CTX_end(ctx); -- if (new_ctx) BN_CTX_free(new_ctx); -- return ret; -- } -- -- --/* Forces each of the EC_POINTs in the given array to use affine coordinates. */ --int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) -- { -- size_t i; -- -- for (i = 0; i < num; i++) -- { -- if (!group->meth->make_affine(group, points[i], ctx)) return 0; -- } -- -- return 1; -- } -+int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, -+ BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *x, *y; -+ int ret = 0; -+ -+ if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) -+ return 1; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ if (y == NULL) -+ goto err; -+ -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) -+ goto err; -+ if (!BN_copy(&point->X, x)) -+ goto err; -+ if (!BN_copy(&point->Y, y)) -+ goto err; -+ if (!BN_one(&point->Z)) -+ goto err; -+ -+ ret = 1; - -+ err: -+ if (ctx) -+ BN_CTX_end(ctx); -+ if (new_ctx) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+/* -+ * Forces each of the EC_POINTs in the given array to use affine coordinates. -+ */ -+int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, -+ EC_POINT *points[], BN_CTX *ctx) -+{ -+ size_t i; - --/* Wrapper to simple binary polynomial field multiplication implementation. */ --int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); -- } -+ for (i = 0; i < num; i++) { -+ if (!group->meth->make_affine(group, points[i], ctx)) -+ return 0; -+ } - -+ return 1; -+} - --/* Wrapper to simple binary polynomial field squaring implementation. */ --int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -- { -- return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); -- } -+/* Wrapper to simple binary polynomial field multiplication implementation. */ -+int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, -+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -+{ -+ return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); -+} - -+/* Wrapper to simple binary polynomial field squaring implementation. */ -+int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, -+ const BIGNUM *a, BN_CTX *ctx) -+{ -+ return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); -+} - - /* Wrapper to simple binary polynomial field division implementation. */ --int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- return BN_GF2m_mod_div(r, a, b, &group->field, ctx); -- } -+int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, -+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -+{ -+ return BN_GF2m_mod_div(r, a, b, &group->field, ctx); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c -index ae55539..4ca2545 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,144 +62,147 @@ - #include - #include - -- - int EC_GROUP_get_basis_type(const EC_GROUP *group) -- { -- int i=0; -- -- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != -- NID_X9_62_characteristic_two_field) -- /* everything else is currently not supported */ -- return 0; -- -- while (group->poly[i] != 0) -- i++; -- -- if (i == 4) -- return NID_X9_62_ppBasis; -- else if (i == 2) -- return NID_X9_62_tpBasis; -- else -- /* everything else is currently not supported */ -- return 0; -- } -+{ -+ int i = 0; -+ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != -+ NID_X9_62_characteristic_two_field) -+ /* everything else is currently not supported */ -+ return 0; -+ -+ while (group->poly[i] != 0) -+ i++; -+ -+ if (i == 4) -+ return NID_X9_62_ppBasis; -+ else if (i == 2) -+ return NID_X9_62_tpBasis; -+ else -+ /* everything else is currently not supported */ -+ return 0; -+} - - int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) -- { -- if (group == NULL) -- return 0; -- -- if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve -- || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) -- { -- ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- -- if (k) -- *k = group->poly[1]; -- -- return 1; -- } -+{ -+ if (group == NULL) -+ return 0; -+ -+ if (EC_GROUP_method_of(group)->group_set_curve != -+ ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0) -+ && (group->poly[1] != 0) -+ && (group->poly[2] == 0))) { -+ ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ -+ if (k) -+ *k = group->poly[1]; -+ -+ return 1; -+} - - int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, -- unsigned int *k2, unsigned int *k3) -- { -- if (group == NULL) -- return 0; -- -- if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve -- || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) -- { -- ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- -- if (k1) -- *k1 = group->poly[3]; -- if (k2) -- *k2 = group->poly[2]; -- if (k3) -- *k3 = group->poly[1]; -- -- return 1; -- } -- -- -+ unsigned int *k2, unsigned int *k3) -+{ -+ if (group == NULL) -+ return 0; -+ -+ if (EC_GROUP_method_of(group)->group_set_curve != -+ ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0) -+ && (group->poly[1] != 0) -+ && (group->poly[2] != 0) -+ && (group->poly[3] != 0) -+ && (group->poly[4] == 0))) { -+ ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ -+ if (k1) -+ *k1 = group->poly[3]; -+ if (k2) -+ *k2 = group->poly[2]; -+ if (k3) -+ *k3 = group->poly[1]; -+ -+ return 1; -+} - - /* some structures needed for the asn1 encoding */ - typedef struct x9_62_pentanomial_st { -- long k1; -- long k2; -- long k3; -- } X9_62_PENTANOMIAL; -+ long k1; -+ long k2; -+ long k3; -+} X9_62_PENTANOMIAL; - - typedef struct x9_62_characteristic_two_st { -- long m; -- ASN1_OBJECT *type; -- union { -- char *ptr; -- /* NID_X9_62_onBasis */ -- ASN1_NULL *onBasis; -- /* NID_X9_62_tpBasis */ -- ASN1_INTEGER *tpBasis; -- /* NID_X9_62_ppBasis */ -- X9_62_PENTANOMIAL *ppBasis; -- /* anything else */ -- ASN1_TYPE *other; -- } p; -- } X9_62_CHARACTERISTIC_TWO; -+ long m; -+ ASN1_OBJECT *type; -+ union { -+ char *ptr; -+ /* NID_X9_62_onBasis */ -+ ASN1_NULL *onBasis; -+ /* NID_X9_62_tpBasis */ -+ ASN1_INTEGER *tpBasis; -+ /* NID_X9_62_ppBasis */ -+ X9_62_PENTANOMIAL *ppBasis; -+ /* anything else */ -+ ASN1_TYPE *other; -+ } p; -+} X9_62_CHARACTERISTIC_TWO; - - typedef struct x9_62_fieldid_st { -- ASN1_OBJECT *fieldType; -- union { -- char *ptr; -- /* NID_X9_62_prime_field */ -- ASN1_INTEGER *prime; -- /* NID_X9_62_characteristic_two_field */ -- X9_62_CHARACTERISTIC_TWO *char_two; -- /* anything else */ -- ASN1_TYPE *other; -- } p; -- } X9_62_FIELDID; -+ ASN1_OBJECT *fieldType; -+ union { -+ char *ptr; -+ /* NID_X9_62_prime_field */ -+ ASN1_INTEGER *prime; -+ /* NID_X9_62_characteristic_two_field */ -+ X9_62_CHARACTERISTIC_TWO *char_two; -+ /* anything else */ -+ ASN1_TYPE *other; -+ } p; -+} X9_62_FIELDID; - - typedef struct x9_62_curve_st { -- ASN1_OCTET_STRING *a; -- ASN1_OCTET_STRING *b; -- ASN1_BIT_STRING *seed; -- } X9_62_CURVE; -+ ASN1_OCTET_STRING *a; -+ ASN1_OCTET_STRING *b; -+ ASN1_BIT_STRING *seed; -+} X9_62_CURVE; - - typedef struct ec_parameters_st { -- long version; -- X9_62_FIELDID *fieldID; -- X9_62_CURVE *curve; -- ASN1_OCTET_STRING *base; -- ASN1_INTEGER *order; -- ASN1_INTEGER *cofactor; -- } ECPARAMETERS; -+ long version; -+ X9_62_FIELDID *fieldID; -+ X9_62_CURVE *curve; -+ ASN1_OCTET_STRING *base; -+ ASN1_INTEGER *order; -+ ASN1_INTEGER *cofactor; -+} ECPARAMETERS; - - struct ecpk_parameters_st { -- int type; -- union { -- ASN1_OBJECT *named_curve; -- ECPARAMETERS *parameters; -- ASN1_NULL *implicitlyCA; -- } value; -- }/* ECPKPARAMETERS */; -+ int type; -+ union { -+ ASN1_OBJECT *named_curve; -+ ECPARAMETERS *parameters; -+ ASN1_NULL *implicitlyCA; -+ } value; -+} /* ECPKPARAMETERS */ ; - - /* SEC1 ECPrivateKey */ - typedef struct ec_privatekey_st { -- long version; -- ASN1_OCTET_STRING *privateKey; -- ECPKPARAMETERS *parameters; -- ASN1_BIT_STRING *publicKey; -- } EC_PRIVATEKEY; -+ long version; -+ ASN1_OCTET_STRING *privateKey; -+ ECPKPARAMETERS *parameters; -+ ASN1_BIT_STRING *publicKey; -+} EC_PRIVATEKEY; - - /* the OpenSSL ASN.1 definitions */ - ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { -- ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), -- ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), -- ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) -+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), -+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), -+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) - } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) - - DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) -@@ -208,15 +211,15 @@ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) - ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); - - ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { -- ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), -- ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), -- ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) -+ ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), -+ ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), -+ ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) - } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); - - ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { -- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), -- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), -- ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) -+ ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), -+ ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), -+ ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) - } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) - - DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) -@@ -225,37 +228,37 @@ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) - ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); - - ASN1_ADB(X9_62_FIELDID) = { -- ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), -- ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) -+ ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), -+ ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) - } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); - - ASN1_SEQUENCE(X9_62_FIELDID) = { -- ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), -- ASN1_ADB_OBJECT(X9_62_FIELDID) -+ ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), -+ ASN1_ADB_OBJECT(X9_62_FIELDID) - } ASN1_SEQUENCE_END(X9_62_FIELDID) - - ASN1_SEQUENCE(X9_62_CURVE) = { -- ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), -- ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), -- ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) -+ ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), -+ ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) - } ASN1_SEQUENCE_END(X9_62_CURVE) - - ASN1_SEQUENCE(ECPARAMETERS) = { -- ASN1_SIMPLE(ECPARAMETERS, version, LONG), -- ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), -- ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), -- ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), -- ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), -- ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) -+ ASN1_SIMPLE(ECPARAMETERS, version, LONG), -+ ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), -+ ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), -+ ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), -+ ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) - } ASN1_SEQUENCE_END(ECPARAMETERS) - - DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) - IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) - - ASN1_CHOICE(ECPKPARAMETERS) = { -- ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), -- ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), -- ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) -+ ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), -+ ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), -+ ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) - } ASN1_CHOICE_END(ECPKPARAMETERS) - - DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS) -@@ -263,10 +266,10 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS) - IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS) - - ASN1_SEQUENCE(EC_PRIVATEKEY) = { -- ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), -- ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), -- ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), -- ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) -+ ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), -+ ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), -+ ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), -+ ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) - } ASN1_SEQUENCE_END(EC_PRIVATEKEY) - - DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) -@@ -275,1155 +278,999 @@ IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) - - /* some declarations of internal function */ - --/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ -+/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ - static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); --/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ -+/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ - static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); --/* ec_asn1_parameters2group() creates a EC_GROUP object from a -- * ECPARAMETERS object */ --static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); --/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a -- * EC_GROUP object */ --static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *); --/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a -- * ECPKPARAMETERS object */ --static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); --/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a -- * EC_GROUP object */ --static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, -- ECPKPARAMETERS *); -- -+/* -+ * ec_asn1_parameters2group() creates a EC_GROUP object from a ECPARAMETERS -+ * object -+ */ -+static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); -+/* -+ * ec_asn1_group2parameters() creates a ECPARAMETERS object from a EC_GROUP -+ * object -+ */ -+static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, -+ ECPARAMETERS *); -+/* -+ * ec_asn1_pkparameters2group() creates a EC_GROUP object from a -+ * ECPKPARAMETERS object -+ */ -+static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); -+/* -+ * ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a -+ * EC_GROUP object -+ */ -+static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, -+ ECPKPARAMETERS *); - - /* the function definitions */ - - static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) -- { -- int ok=0, nid; -- BIGNUM *tmp = NULL; -- -- if (group == NULL || field == NULL) -- return 0; -- -- /* clear the old values (if necessary) */ -- if (field->fieldType != NULL) -- ASN1_OBJECT_free(field->fieldType); -- if (field->p.other != NULL) -- ASN1_TYPE_free(field->p.other); -- -- nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); -- /* set OID for the field */ -- if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); -- goto err; -- } -- -- if (nid == NID_X9_62_prime_field) -- { -- if ((tmp = BN_new()) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- /* the parameters are specified by the prime number p */ -- if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); -- goto err; -- } -- /* set the prime number */ -- field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL); -- if (field->p.prime == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); -- goto err; -- } -- } -- else /* nid == NID_X9_62_characteristic_two_field */ -- { -- int field_type; -- X9_62_CHARACTERISTIC_TWO *char_two; -- -- field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); -- char_two = field->p.char_two; -- -- if (char_two == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- char_two->m = (long)EC_GROUP_get_degree(group); -- -- field_type = EC_GROUP_get_basis_type(group); -- -- if (field_type == 0) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); -- goto err; -- } -- /* set base type OID */ -- if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); -- goto err; -- } -- -- if (field_type == NID_X9_62_tpBasis) -- { -- unsigned int k; -- -- if (!EC_GROUP_get_trinomial_basis(group, &k)) -- goto err; -- -- char_two->p.tpBasis = ASN1_INTEGER_new(); -- if (!char_two->p.tpBasis) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, -- ERR_R_ASN1_LIB); -- goto err; -- } -- } -- else if (field_type == NID_X9_62_ppBasis) -- { -- unsigned int k1, k2, k3; -- -- if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) -- goto err; -- -- char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); -- if (!char_two->p.ppBasis) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* set k? values */ -- char_two->p.ppBasis->k1 = (long)k1; -- char_two->p.ppBasis->k2 = (long)k2; -- char_two->p.ppBasis->k3 = (long)k3; -- } -- else /* field_type == NID_X9_62_onBasis */ -- { -- /* for ONB the parameters are (asn1) NULL */ -- char_two->p.onBasis = ASN1_NULL_new(); -- if (!char_two->p.onBasis) -- { -- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- } -- -- ok = 1; -- --err : if (tmp) -- BN_free(tmp); -- return(ok); -+{ -+ int ok = 0, nid; -+ BIGNUM *tmp = NULL; -+ -+ if (group == NULL || field == NULL) -+ return 0; -+ -+ /* clear the old values (if necessary) */ -+ if (field->fieldType != NULL) -+ ASN1_OBJECT_free(field->fieldType); -+ if (field->p.other != NULL) -+ ASN1_TYPE_free(field->p.other); -+ -+ nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); -+ /* set OID for the field */ -+ if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); -+ goto err; -+ } -+ -+ if (nid == NID_X9_62_prime_field) { -+ if ((tmp = BN_new()) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ /* the parameters are specified by the prime number p */ -+ if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); -+ goto err; -+ } -+ /* set the prime number */ -+ field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); -+ if (field->p.prime == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ } else { /* nid == NID_X9_62_characteristic_two_field */ -+ -+ int field_type; -+ X9_62_CHARACTERISTIC_TWO *char_two; -+ -+ field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); -+ char_two = field->p.char_two; -+ -+ if (char_two == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ char_two->m = (long)EC_GROUP_get_degree(group); -+ -+ field_type = EC_GROUP_get_basis_type(group); -+ -+ if (field_type == 0) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); -+ goto err; -+ } -+ /* set base type OID */ -+ if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); -+ goto err; -+ } -+ -+ if (field_type == NID_X9_62_tpBasis) { -+ unsigned int k; -+ -+ if (!EC_GROUP_get_trinomial_basis(group, &k)) -+ goto err; -+ -+ char_two->p.tpBasis = ASN1_INTEGER_new(); -+ if (!char_two->p.tpBasis) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ } else if (field_type == NID_X9_62_ppBasis) { -+ unsigned int k1, k2, k3; -+ -+ if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) -+ goto err; -+ -+ char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); -+ if (!char_two->p.ppBasis) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* set k? values */ -+ char_two->p.ppBasis->k1 = (long)k1; -+ char_two->p.ppBasis->k2 = (long)k2; -+ char_two->p.ppBasis->k3 = (long)k3; -+ } else { /* field_type == NID_X9_62_onBasis */ -+ -+ /* for ONB the parameters are (asn1) NULL */ -+ char_two->p.onBasis = ASN1_NULL_new(); -+ if (!char_two->p.onBasis) { -+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ } -+ -+ ok = 1; -+ -+ err:if (tmp) -+ BN_free(tmp); -+ return (ok); - } - - static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) -- { -- int ok=0, nid; -- BIGNUM *tmp_1=NULL, *tmp_2=NULL; -- unsigned char *buffer_1=NULL, *buffer_2=NULL, -- *a_buf=NULL, *b_buf=NULL; -- size_t len_1, len_2; -- unsigned char char_zero = 0; -- -- if (!group || !curve || !curve->a || !curve->b) -- return 0; -- -- if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); -- -- /* get a and b */ -- if (nid == NID_X9_62_prime_field) -- { -- if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); -- goto err; -- } -- } -- else /* nid == NID_X9_62_characteristic_two_field */ -- { -- if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); -- goto err; -- } -- } -- -- len_1 = (size_t)BN_num_bytes(tmp_1); -- len_2 = (size_t)BN_num_bytes(tmp_2); -- -- if (len_1 == 0) -- { -- /* len_1 == 0 => a == 0 */ -- a_buf = &char_zero; -- len_1 = 1; -- } -- else -- { -- if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); -- goto err; -- } -- a_buf = buffer_1; -- } -- -- if (len_2 == 0) -- { -- /* len_2 == 0 => b == 0 */ -- b_buf = &char_zero; -- len_2 = 1; -- } -- else -- { -- if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); -- goto err; -- } -- b_buf = buffer_2; -- } -- -- /* set a and b */ -- if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || -- !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); -- goto err; -- } -- -- /* set the seed (optional) */ -- if (group->seed) -- { -- if (!curve->seed) -- if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); -- curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; -- if (!ASN1_BIT_STRING_set(curve->seed, group->seed, -- (int)group->seed_len)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); -- goto err; -- } -- } -- else -- { -- if (curve->seed) -- { -- ASN1_BIT_STRING_free(curve->seed); -- curve->seed = NULL; -- } -- } -- -- ok = 1; -- --err: if (buffer_1) -- OPENSSL_free(buffer_1); -- if (buffer_2) -- OPENSSL_free(buffer_2); -- if (tmp_1) -- BN_free(tmp_1); -- if (tmp_2) -- BN_free(tmp_2); -- return(ok); -- } -+{ -+ int ok = 0, nid; -+ BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; -+ unsigned char *buffer_1 = NULL, *buffer_2 = NULL, -+ *a_buf = NULL, *b_buf = NULL; -+ size_t len_1, len_2; -+ unsigned char char_zero = 0; -+ -+ if (!group || !curve || !curve->a || !curve->b) -+ return 0; -+ -+ if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); -+ -+ /* get a and b */ -+ if (nid == NID_X9_62_prime_field) { -+ if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { /* nid == NID_X9_62_characteristic_two_field */ -+ -+ if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ -+ len_1 = (size_t)BN_num_bytes(tmp_1); -+ len_2 = (size_t)BN_num_bytes(tmp_2); -+ -+ if (len_1 == 0) { -+ /* len_1 == 0 => a == 0 */ -+ a_buf = &char_zero; -+ len_1 = 1; -+ } else { -+ if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); -+ goto err; -+ } -+ a_buf = buffer_1; -+ } -+ -+ if (len_2 == 0) { -+ /* len_2 == 0 => b == 0 */ -+ b_buf = &char_zero; -+ len_2 = 1; -+ } else { -+ if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); -+ goto err; -+ } -+ b_buf = buffer_2; -+ } -+ -+ /* set a and b */ -+ if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || -+ !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ -+ /* set the seed (optional) */ -+ if (group->seed) { -+ if (!curve->seed) -+ if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); -+ curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ if (!ASN1_BIT_STRING_set(curve->seed, group->seed, -+ (int)group->seed_len)) { -+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ } else { -+ if (curve->seed) { -+ ASN1_BIT_STRING_free(curve->seed); -+ curve->seed = NULL; -+ } -+ } -+ -+ ok = 1; -+ -+ err:if (buffer_1) -+ OPENSSL_free(buffer_1); -+ if (buffer_2) -+ OPENSSL_free(buffer_2); -+ if (tmp_1) -+ BN_free(tmp_1); -+ if (tmp_2) -+ BN_free(tmp_2); -+ return (ok); -+} - - static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, - ECPARAMETERS *param) -- { -- int ok=0; -- size_t len=0; -- ECPARAMETERS *ret=NULL; -- BIGNUM *tmp=NULL; -- unsigned char *buffer=NULL; -- const EC_POINT *point=NULL; -- point_conversion_form_t form; -- -- if ((tmp = BN_new()) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (param == NULL) -- { -- if ((ret = ECPARAMETERS_new()) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- else -- ret = param; -- -- /* set the version (always one) */ -- ret->version = (long)0x1; -- -- /* set the fieldID */ -- if (!ec_asn1_group2fieldid(group, ret->fieldID)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -- goto err; -- } -- -- /* set the curve */ -- if (!ec_asn1_group2curve(group, ret->curve)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -- goto err; -- } -- -- /* set the base point */ -- if ((point = EC_GROUP_get0_generator(group)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); -- goto err; -- } -- -- form = EC_GROUP_get_point_conversion_form(group); -- -- len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); -- if (len == 0) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -- goto err; -- } -- if ((buffer = OPENSSL_malloc(len)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -- goto err; -- } -- if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); -- goto err; -- } -- -- /* set the order */ -- if (!EC_GROUP_get_order(group, tmp, NULL)) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -- goto err; -- } -- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); -- if (ret->order == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); -- goto err; -- } -- -- /* set the cofactor (optional) */ -- if (EC_GROUP_get_cofactor(group, tmp, NULL)) -- { -- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); -- if (ret->cofactor == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); -- goto err; -- } -- } -- -- ok = 1; -- --err : if(!ok) -- { -- if (ret && !param) -- ECPARAMETERS_free(ret); -- ret = NULL; -- } -- if (tmp) -- BN_free(tmp); -- if (buffer) -- OPENSSL_free(buffer); -- return(ret); -- } -- --ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, -+{ -+ int ok = 0; -+ size_t len = 0; -+ ECPARAMETERS *ret = NULL; -+ BIGNUM *tmp = NULL; -+ unsigned char *buffer = NULL; -+ const EC_POINT *point = NULL; -+ point_conversion_form_t form; -+ -+ if ((tmp = BN_new()) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (param == NULL) { -+ if ((ret = ECPARAMETERS_new()) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } else -+ ret = param; -+ -+ /* set the version (always one) */ -+ ret->version = (long)0x1; -+ -+ /* set the fieldID */ -+ if (!ec_asn1_group2fieldid(group, ret->fieldID)) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* set the curve */ -+ if (!ec_asn1_group2curve(group, ret->curve)) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* set the base point */ -+ if ((point = EC_GROUP_get0_generator(group)) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); -+ goto err; -+ } -+ -+ form = EC_GROUP_get_point_conversion_form(group); -+ -+ len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); -+ if (len == 0) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -+ goto err; -+ } -+ if ((buffer = OPENSSL_malloc(len)) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -+ goto err; -+ } -+ if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ -+ /* set the order */ -+ if (!EC_GROUP_get_order(group, tmp, NULL)) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); -+ goto err; -+ } -+ ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); -+ if (ret->order == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ -+ /* set the cofactor (optional) */ -+ if (EC_GROUP_get_cofactor(group, tmp, NULL)) { -+ ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); -+ if (ret->cofactor == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ } -+ -+ ok = 1; -+ -+ err:if (!ok) { -+ if (ret && !param) -+ ECPARAMETERS_free(ret); -+ ret = NULL; -+ } -+ if (tmp) -+ BN_free(tmp); -+ if (buffer) -+ OPENSSL_free(buffer); -+ return (ret); -+} -+ -+ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, - ECPKPARAMETERS *params) -- { -- int ok = 1, tmp; -- ECPKPARAMETERS *ret = params; -- -- if (ret == NULL) -- { -- if ((ret = ECPKPARAMETERS_new()) == NULL) -- { -- ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, -- ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- } -- else -- { -- if (ret->type == 0 && ret->value.named_curve) -- ASN1_OBJECT_free(ret->value.named_curve); -- else if (ret->type == 1 && ret->value.parameters) -- ECPARAMETERS_free(ret->value.parameters); -- } -- -- if (EC_GROUP_get_asn1_flag(group)) -- { -- /* use the asn1 OID to describe the -- * the elliptic curve parameters -- */ -- tmp = EC_GROUP_get_curve_name(group); -- if (tmp) -- { -- ret->type = 0; -- if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) -- ok = 0; -- } -- else -- /* we don't kmow the nid => ERROR */ -- ok = 0; -- } -- else -- { -- /* use the ECPARAMETERS structure */ -- ret->type = 1; -- if ((ret->value.parameters = ec_asn1_group2parameters( -- group, NULL)) == NULL) -- ok = 0; -- } -- -- if (!ok) -- { -- ECPKPARAMETERS_free(ret); -- return NULL; -- } -- return ret; -- } -+{ -+ int ok = 1, tmp; -+ ECPKPARAMETERS *ret = params; -+ -+ if (ret == NULL) { -+ if ((ret = ECPKPARAMETERS_new()) == NULL) { -+ ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ } else { -+ if (ret->type == 0 && ret->value.named_curve) -+ ASN1_OBJECT_free(ret->value.named_curve); -+ else if (ret->type == 1 && ret->value.parameters) -+ ECPARAMETERS_free(ret->value.parameters); -+ } -+ -+ if (EC_GROUP_get_asn1_flag(group)) { -+ /* -+ * use the asn1 OID to describe the the elliptic curve parameters -+ */ -+ tmp = EC_GROUP_get_curve_name(group); -+ if (tmp) { -+ ret->type = 0; -+ if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) -+ ok = 0; -+ } else -+ /* we don't kmow the nid => ERROR */ -+ ok = 0; -+ } else { -+ /* use the ECPARAMETERS structure */ -+ ret->type = 1; -+ if ((ret->value.parameters = -+ ec_asn1_group2parameters(group, NULL)) == NULL) -+ ok = 0; -+ } -+ -+ if (!ok) { -+ ECPKPARAMETERS_free(ret); -+ return NULL; -+ } -+ return ret; -+} - - static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) -- { -- int ok = 0, tmp; -- EC_GROUP *ret = NULL; -- BIGNUM *p = NULL, *a = NULL, *b = NULL; -- EC_POINT *point=NULL; -- long field_bits; -- -- if (!params->fieldID || !params->fieldID->fieldType || -- !params->fieldID->p.ptr) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -- goto err; -- } -- -- /* now extract the curve parameters a and b */ -- if (!params->curve || !params->curve->a || -- !params->curve->a->data || !params->curve->b || -- !params->curve->b->data) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -- goto err; -- } -- a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); -- if (a == NULL) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); -- goto err; -- } -- b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); -- if (b == NULL) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); -- goto err; -- } -- -- /* get the field parameters */ -- tmp = OBJ_obj2nid(params->fieldID->fieldType); -- -- if (tmp == NID_X9_62_characteristic_two_field) -- { -- X9_62_CHARACTERISTIC_TWO *char_two; -- -- char_two = params->fieldID->p.char_two; -- -- field_bits = char_two->m; -- if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); -- goto err; -- } -- -- if ((p = BN_new()) == NULL) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* get the base type */ -- tmp = OBJ_obj2nid(char_two->type); -- -- if (tmp == NID_X9_62_tpBasis) -- { -- long tmp_long; -- -- if (!char_two->p.tpBasis) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -- goto err; -- } -- -- tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); -- -- if (!(char_two->m > tmp_long && tmp_long > 0)) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS); -- goto err; -- } -- -- /* create the polynomial */ -- if (!BN_set_bit(p, (int)char_two->m)) -- goto err; -- if (!BN_set_bit(p, (int)tmp_long)) -- goto err; -- if (!BN_set_bit(p, 0)) -- goto err; -- } -- else if (tmp == NID_X9_62_ppBasis) -- { -- X9_62_PENTANOMIAL *penta; -- -- penta = char_two->p.ppBasis; -- if (!penta) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -- goto err; -- } -- -- if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS); -- goto err; -- } -- -- /* create the polynomial */ -- if (!BN_set_bit(p, (int)char_two->m)) goto err; -- if (!BN_set_bit(p, (int)penta->k1)) goto err; -- if (!BN_set_bit(p, (int)penta->k2)) goto err; -- if (!BN_set_bit(p, (int)penta->k3)) goto err; -- if (!BN_set_bit(p, 0)) goto err; -- } -- else if (tmp == NID_X9_62_onBasis) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); -- goto err; -- } -- else /* error */ -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -- goto err; -- } -- -- /* create the EC_GROUP structure */ -- ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); -- } -- else if (tmp == NID_X9_62_prime_field) -- { -- /* we have a curve over a prime field */ -- /* extract the prime number */ -- if (!params->fieldID->p.prime) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -- goto err; -- } -- p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); -- if (p == NULL) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); -- goto err; -- } -- -- if (BN_is_negative(p) || BN_is_zero(p)) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); -- goto err; -- } -- -- field_bits = BN_num_bits(p); -- if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); -- goto err; -- } -- -- /* create the EC_GROUP structure */ -- ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); -- } -- else -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); -- goto err; -- } -- -- if (ret == NULL) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); -- goto err; -- } -- -- /* extract seed (optional) */ -- if (params->curve->seed != NULL) -- { -- if (ret->seed != NULL) -- OPENSSL_free(ret->seed); -- if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- memcpy(ret->seed, params->curve->seed->data, -- params->curve->seed->length); -- ret->seed_len = params->curve->seed->length; -- } -- -- if (!params->order || !params->base || !params->base->data) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -- goto err; -- } -- -- if ((point = EC_POINT_new(ret)) == NULL) goto err; -- -- /* set the point conversion form */ -- EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) -- (params->base->data[0] & ~0x01)); -- -- /* extract the ec point */ -- if (!EC_POINT_oct2point(ret, point, params->base->data, -- params->base->length, NULL)) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); -- goto err; -- } -- -- /* extract the order */ -- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); -- goto err; -- } -- if (BN_is_negative(a) || BN_is_zero(a)) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); -- goto err; -- } -- if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */ -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); -- goto err; -- } -- -- /* extract the cofactor (optional) */ -- if (params->cofactor == NULL) -- { -- if (b) -- { -- BN_free(b); -- b = NULL; -- } -- } -- else -- if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); -- goto err; -- } -- /* set the generator, order and cofactor (if present) */ -- if (!EC_GROUP_set_generator(ret, point, a, b)) -- { -- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); -- goto err; -- } -- -- ok = 1; -- --err: if (!ok) -- { -- if (ret) -- EC_GROUP_clear_free(ret); -- ret = NULL; -- } -- -- if (p) -- BN_free(p); -- if (a) -- BN_free(a); -- if (b) -- BN_free(b); -- if (point) -- EC_POINT_free(point); -- return(ret); -+{ -+ int ok = 0, tmp; -+ EC_GROUP *ret = NULL; -+ BIGNUM *p = NULL, *a = NULL, *b = NULL; -+ EC_POINT *point = NULL; -+ long field_bits; -+ -+ if (!params->fieldID || !params->fieldID->fieldType || -+ !params->fieldID->p.ptr) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -+ goto err; -+ } -+ -+ /* now extract the curve parameters a and b */ -+ if (!params->curve || !params->curve->a || -+ !params->curve->a->data || !params->curve->b || -+ !params->curve->b->data) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -+ goto err; -+ } -+ a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); -+ if (a == NULL) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); -+ goto err; -+ } -+ b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); -+ if (b == NULL) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* get the field parameters */ -+ tmp = OBJ_obj2nid(params->fieldID->fieldType); -+ -+ if (tmp == NID_X9_62_characteristic_two_field) { -+ X9_62_CHARACTERISTIC_TWO *char_two; -+ -+ char_two = params->fieldID->p.char_two; -+ -+ field_bits = char_two->m; -+ if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); -+ goto err; -+ } -+ -+ if ((p = BN_new()) == NULL) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* get the base type */ -+ tmp = OBJ_obj2nid(char_two->type); -+ -+ if (tmp == NID_X9_62_tpBasis) { -+ long tmp_long; -+ -+ if (!char_two->p.tpBasis) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -+ goto err; -+ } -+ -+ tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); -+ -+ if (!(char_two->m > tmp_long && tmp_long > 0)) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, -+ EC_R_INVALID_TRINOMIAL_BASIS); -+ goto err; -+ } -+ -+ /* create the polynomial */ -+ if (!BN_set_bit(p, (int)char_two->m)) -+ goto err; -+ if (!BN_set_bit(p, (int)tmp_long)) -+ goto err; -+ if (!BN_set_bit(p, 0)) -+ goto err; -+ } else if (tmp == NID_X9_62_ppBasis) { -+ X9_62_PENTANOMIAL *penta; -+ -+ penta = char_two->p.ppBasis; -+ if (!penta) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -+ goto err; -+ } -+ -+ if (! -+ (char_two->m > penta->k3 && penta->k3 > penta->k2 -+ && penta->k2 > penta->k1 && penta->k1 > 0)) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, -+ EC_R_INVALID_PENTANOMIAL_BASIS); -+ goto err; -+ } -+ -+ /* create the polynomial */ -+ if (!BN_set_bit(p, (int)char_two->m)) -+ goto err; -+ if (!BN_set_bit(p, (int)penta->k1)) -+ goto err; -+ if (!BN_set_bit(p, (int)penta->k2)) -+ goto err; -+ if (!BN_set_bit(p, (int)penta->k3)) -+ goto err; -+ if (!BN_set_bit(p, 0)) -+ goto err; -+ } else if (tmp == NID_X9_62_onBasis) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); -+ goto err; -+ } else { /* error */ -+ -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -+ goto err; -+ } -+ -+ /* create the EC_GROUP structure */ -+ ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); -+ } else if (tmp == NID_X9_62_prime_field) { -+ /* we have a curve over a prime field */ -+ /* extract the prime number */ -+ if (!params->fieldID->p.prime) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -+ goto err; -+ } -+ p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); -+ if (p == NULL) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ -+ if (BN_is_negative(p) || BN_is_zero(p)) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); -+ goto err; -+ } -+ -+ field_bits = BN_num_bits(p); -+ if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); -+ goto err; -+ } -+ -+ /* create the EC_GROUP structure */ -+ ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); -+ } else { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); -+ goto err; -+ } -+ -+ if (ret == NULL) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* extract seed (optional) */ -+ if (params->curve->seed != NULL) { -+ if (ret->seed != NULL) -+ OPENSSL_free(ret->seed); -+ if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ memcpy(ret->seed, params->curve->seed->data, -+ params->curve->seed->length); -+ ret->seed_len = params->curve->seed->length; -+ } -+ -+ if (!params->order || !params->base || !params->base->data) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); -+ goto err; -+ } -+ -+ if ((point = EC_POINT_new(ret)) == NULL) -+ goto err; -+ -+ /* set the point conversion form */ -+ EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) -+ (params->base->data[0] & ~0x01)); -+ -+ /* extract the ec point */ -+ if (!EC_POINT_oct2point(ret, point, params->base->data, -+ params->base->length, NULL)) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* extract the order */ -+ if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ if (BN_is_negative(a) || BN_is_zero(a)) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); -+ goto err; -+ } -+ if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */ -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); -+ goto err; -+ } -+ -+ /* extract the cofactor (optional) */ -+ if (params->cofactor == NULL) { -+ if (b) { -+ BN_free(b); -+ b = NULL; -+ } -+ } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ /* set the generator, order and cofactor (if present) */ -+ if (!EC_GROUP_set_generator(ret, point, a, b)) { -+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ ok = 1; -+ -+ err:if (!ok) { -+ if (ret) -+ EC_GROUP_clear_free(ret); -+ ret = NULL; -+ } -+ -+ if (p) -+ BN_free(p); -+ if (a) -+ BN_free(a); -+ if (b) -+ BN_free(b); -+ if (point) -+ EC_POINT_free(point); -+ return (ret); - } - - EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) -- { -- EC_GROUP *ret=NULL; -- int tmp=0; -- -- if (params == NULL) -- { -- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, -- EC_R_MISSING_PARAMETERS); -- return NULL; -- } -- -- if (params->type == 0) -- { /* the curve is given by an OID */ -- tmp = OBJ_obj2nid(params->value.named_curve); -- if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) -- { -- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, -- EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); -- return NULL; -- } -- EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); -- } -- else if (params->type == 1) -- { /* the parameters are given by a ECPARAMETERS -- * structure */ -- ret = ec_asn1_parameters2group(params->value.parameters); -- if (!ret) -- { -- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); -- return NULL; -- } -- EC_GROUP_set_asn1_flag(ret, 0x0); -- } -- else if (params->type == 2) -- { /* implicitlyCA */ -- return NULL; -- } -- else -- { -- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); -- return NULL; -- } -- -- return ret; -- } -+{ -+ EC_GROUP *ret = NULL; -+ int tmp = 0; -+ -+ if (params == NULL) { -+ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_MISSING_PARAMETERS); -+ return NULL; -+ } -+ -+ if (params->type == 0) { /* the curve is given by an OID */ -+ tmp = OBJ_obj2nid(params->value.named_curve); -+ if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { -+ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, -+ EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); -+ return NULL; -+ } -+ EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); -+ } else if (params->type == 1) { /* the parameters are given by a -+ * ECPARAMETERS structure */ -+ ret = ec_asn1_parameters2group(params->value.parameters); -+ if (!ret) { -+ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); -+ return NULL; -+ } -+ EC_GROUP_set_asn1_flag(ret, 0x0); -+ } else if (params->type == 2) { /* implicitlyCA */ -+ return NULL; -+ } else { -+ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); -+ return NULL; -+ } -+ -+ return ret; -+} - - /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ - - EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) -- { -- EC_GROUP *group = NULL; -- ECPKPARAMETERS *params = NULL; -- -- if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) -- { -- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); -- ECPKPARAMETERS_free(params); -- return NULL; -- } -- -- if ((group = ec_asn1_pkparameters2group(params)) == NULL) -- { -- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); -- return NULL; -- } -- -- -- if (a && *a) -- EC_GROUP_clear_free(*a); -- if (a) -- *a = group; -- -- ECPKPARAMETERS_free(params); -- return(group); -- } -+{ -+ EC_GROUP *group = NULL; -+ ECPKPARAMETERS *params = NULL; -+ -+ if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { -+ ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); -+ ECPKPARAMETERS_free(params); -+ return NULL; -+ } -+ -+ if ((group = ec_asn1_pkparameters2group(params)) == NULL) { -+ ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); -+ return NULL; -+ } -+ -+ if (a && *a) -+ EC_GROUP_clear_free(*a); -+ if (a) -+ *a = group; -+ -+ ECPKPARAMETERS_free(params); -+ return (group); -+} - - int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) -- { -- int ret=0; -- ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); -- if (tmp == NULL) -- { -- ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); -- return 0; -- } -- if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) -- { -- ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); -- ECPKPARAMETERS_free(tmp); -- return 0; -- } -- ECPKPARAMETERS_free(tmp); -- return(ret); -- } -+{ -+ int ret = 0; -+ ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); -+ if (tmp == NULL) { -+ ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); -+ return 0; -+ } -+ if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { -+ ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); -+ ECPKPARAMETERS_free(tmp); -+ return 0; -+ } -+ ECPKPARAMETERS_free(tmp); -+ return (ret); -+} - - /* some EC_KEY functions */ - - EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) -- { -- int ok=0; -- EC_KEY *ret=NULL; -- EC_PRIVATEKEY *priv_key=NULL; -- -- if ((priv_key = EC_PRIVATEKEY_new()) == NULL) -- { -- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) -- { -- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); -- EC_PRIVATEKEY_free(priv_key); -- return NULL; -- } -- -- if (a == NULL || *a == NULL) -- { -- if ((ret = EC_KEY_new()) == NULL) -- { -- ECerr(EC_F_D2I_ECPRIVATEKEY, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (a) -- *a = ret; -- } -- else -- ret = *a; -- -- if (priv_key->parameters) -- { -- if (ret->group) -- EC_GROUP_clear_free(ret->group); -- ret->group = ec_asn1_pkparameters2group(priv_key->parameters); -- } -- -- if (ret->group == NULL) -- { -- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); -- goto err; -- } -- -- ret->version = priv_key->version; -- -- if (priv_key->privateKey) -- { -- ret->priv_key = BN_bin2bn( -- M_ASN1_STRING_data(priv_key->privateKey), -- M_ASN1_STRING_length(priv_key->privateKey), -- ret->priv_key); -- if (ret->priv_key == NULL) -- { -- ECerr(EC_F_D2I_ECPRIVATEKEY, -- ERR_R_BN_LIB); -- goto err; -- } -- } -- else -- { -- ECerr(EC_F_D2I_ECPRIVATEKEY, -- EC_R_MISSING_PRIVATE_KEY); -- goto err; -- } -- -- if (priv_key->publicKey) -- { -- const unsigned char *pub_oct; -- size_t pub_oct_len; -- -- if (ret->pub_key) -- EC_POINT_clear_free(ret->pub_key); -- ret->pub_key = EC_POINT_new(ret->group); -- if (ret->pub_key == NULL) -- { -- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); -- goto err; -- } -- pub_oct = M_ASN1_STRING_data(priv_key->publicKey); -- pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); -- /* save the point conversion form */ -- ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); -- if (!EC_POINT_oct2point(ret->group, ret->pub_key, -- pub_oct, pub_oct_len, NULL)) -- { -- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); -- goto err; -- } -- } -- -- ok = 1; --err: -- if (!ok) -- { -- if (ret) -- EC_KEY_free(ret); -- ret = NULL; -- } -- -- if (priv_key) -- EC_PRIVATEKEY_free(priv_key); -- -- return(ret); -- } -- --int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) -- { -- int ret=0, ok=0; -- unsigned char *buffer=NULL; -- size_t buf_len=0, tmp_len; -- EC_PRIVATEKEY *priv_key=NULL; -- -- if (a == NULL || a->group == NULL || a->priv_key == NULL) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, -- ERR_R_PASSED_NULL_PARAMETER); -- goto err; -- } -- -- if ((priv_key = EC_PRIVATEKEY_new()) == NULL) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- priv_key->version = a->version; -- -- buf_len = (size_t)BN_num_bytes(a->priv_key); -- buffer = OPENSSL_malloc(buf_len); -- if (buffer == NULL) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!BN_bn2bin(a->priv_key, buffer)) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); -- goto err; -- } -- -- if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); -- goto err; -- } -- -- if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) -- { -- if ((priv_key->parameters = ec_asn1_group2pkparameters( -- a->group, priv_key->parameters)) == NULL) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); -- goto err; -- } -- } -- -- if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) -- { -- priv_key->publicKey = M_ASN1_BIT_STRING_new(); -- if (priv_key->publicKey == NULL) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- tmp_len = EC_POINT_point2oct(a->group, a->pub_key, -- a->conv_form, NULL, 0, NULL); -- -- if (tmp_len > buf_len) -- { -- unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); -- if (!tmp_buffer) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- buffer = tmp_buffer; -- buf_len = tmp_len; -- } -- -- if (!EC_POINT_point2oct(a->group, a->pub_key, -- a->conv_form, buffer, buf_len, NULL)) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); -- goto err; -- } -- -- priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); -- priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; -- if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, -- buf_len)) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); -- goto err; -- } -- } -- -- if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) -- { -- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); -- goto err; -- } -- ok=1; --err: -- if (buffer) -- OPENSSL_free(buffer); -- if (priv_key) -- EC_PRIVATEKEY_free(priv_key); -- return(ok?ret:0); -- } -+{ -+ int ok = 0; -+ EC_KEY *ret = NULL; -+ EC_PRIVATEKEY *priv_key = NULL; -+ -+ if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { -+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { -+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); -+ EC_PRIVATEKEY_free(priv_key); -+ return NULL; -+ } -+ -+ if (a == NULL || *a == NULL) { -+ if ((ret = EC_KEY_new()) == NULL) { -+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } else -+ ret = *a; -+ -+ if (priv_key->parameters) { -+ if (ret->group) -+ EC_GROUP_clear_free(ret->group); -+ ret->group = ec_asn1_pkparameters2group(priv_key->parameters); -+ } -+ -+ if (ret->group == NULL) { -+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ ret->version = priv_key->version; -+ -+ if (priv_key->privateKey) { -+ ret->priv_key = BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey), -+ M_ASN1_STRING_length(priv_key->privateKey), -+ ret->priv_key); -+ if (ret->priv_key == NULL) { -+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ } else { -+ ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY); -+ goto err; -+ } -+ -+ if (priv_key->publicKey) { -+ const unsigned char *pub_oct; -+ size_t pub_oct_len; -+ -+ if (ret->pub_key) -+ EC_POINT_clear_free(ret->pub_key); -+ ret->pub_key = EC_POINT_new(ret->group); -+ if (ret->pub_key == NULL) { -+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ pub_oct = M_ASN1_STRING_data(priv_key->publicKey); -+ pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); -+ /* save the point conversion form */ -+ ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); -+ if (!EC_POINT_oct2point(ret->group, ret->pub_key, -+ pub_oct, pub_oct_len, NULL)) { -+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ -+ if (a) -+ *a = ret; -+ ok = 1; -+ err: -+ if (!ok) { -+ if (ret && (a == NULL || *a != ret)) -+ EC_KEY_free(ret); -+ ret = NULL; -+ } -+ -+ if (priv_key) -+ EC_PRIVATEKEY_free(priv_key); -+ -+ return (ret); -+} -+ -+int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) -+{ -+ int ret = 0, ok = 0; -+ unsigned char *buffer = NULL; -+ size_t buf_len = 0, tmp_len; -+ EC_PRIVATEKEY *priv_key = NULL; -+ -+ if (a == NULL || a->group == NULL || a->priv_key == NULL) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ priv_key->version = a->version; -+ -+ buf_len = (size_t)BN_num_bytes(a->priv_key); -+ buffer = OPENSSL_malloc(buf_len); -+ if (buffer == NULL) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!BN_bn2bin(a->priv_key, buffer)) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ -+ if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { -+ if ((priv_key->parameters = -+ ec_asn1_group2pkparameters(a->group, -+ priv_key->parameters)) == NULL) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ -+ if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) { -+ priv_key->publicKey = M_ASN1_BIT_STRING_new(); -+ if (priv_key->publicKey == NULL) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ tmp_len = EC_POINT_point2oct(a->group, a->pub_key, -+ a->conv_form, NULL, 0, NULL); -+ -+ if (tmp_len > buf_len) { -+ unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); -+ if (!tmp_buffer) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ buffer = tmp_buffer; -+ buf_len = tmp_len; -+ } -+ -+ if (!EC_POINT_point2oct(a->group, a->pub_key, -+ a->conv_form, buffer, buf_len, NULL)) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); -+ priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ } -+ -+ if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { -+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ ok = 1; -+ err: -+ if (buffer) -+ OPENSSL_free(buffer); -+ if (priv_key) -+ EC_PRIVATEKEY_free(priv_key); -+ return (ok ? ret : 0); -+} - - int i2d_ECParameters(EC_KEY *a, unsigned char **out) -- { -- if (a == NULL) -- { -- ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- return i2d_ECPKParameters(a->group, out); -- } -+{ -+ if (a == NULL) { -+ ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ return i2d_ECPKParameters(a->group, out); -+} - - EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) -- { -- EC_KEY *ret; -- -- if (in == NULL || *in == NULL) -- { -- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- -- if (a == NULL || *a == NULL) -- { -- if ((ret = EC_KEY_new()) == NULL) -- { -- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- if (a) -- *a = ret; -- } -- else -- ret = *a; -- -- if (!d2i_ECPKParameters(&ret->group, in, len)) -- { -- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); -- return NULL; -- } -- -- return ret; -- } -+{ -+ EC_KEY *ret; -+ -+ if (in == NULL || *in == NULL) { -+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ if (a == NULL || *a == NULL) { -+ if ((ret = EC_KEY_new()) == NULL) { -+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ } else -+ ret = *a; -+ -+ if (!d2i_ECPKParameters(&ret->group, in, len)) { -+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); -+ if (a == NULL || *a != ret) -+ EC_KEY_free(ret); -+ return NULL; -+ } -+ -+ if (a) -+ *a = ret; -+ -+ return ret; -+} - - EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) -- { -- EC_KEY *ret=NULL; -- -- if (a == NULL || (*a) == NULL || (*a)->group == NULL) -- { -- /* sorry, but a EC_GROUP-structur is necessary -- * to set the public key */ -- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- ret = *a; -- if (ret->pub_key == NULL && -- (ret->pub_key = EC_POINT_new(ret->group)) == NULL) -- { -- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) -- { -- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); -- return 0; -- } -- /* save the point conversion form */ -- ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01); -- *in += len; -- return ret; -- } -+{ -+ EC_KEY *ret = NULL; -+ -+ if (a == NULL || (*a) == NULL || (*a)->group == NULL) { -+ /* -+ * sorry, but a EC_GROUP-structur is necessary to set the public key -+ */ -+ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ ret = *a; -+ if (ret->pub_key == NULL && -+ (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { -+ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { -+ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); -+ return 0; -+ } -+ /* save the point conversion form */ -+ ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); -+ *in += len; -+ return ret; -+} - - int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) -- { -- size_t buf_len=0; -- int new_buffer = 0; -- -- if (a == NULL) -- { -- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- -- buf_len = EC_POINT_point2oct(a->group, a->pub_key, -- a->conv_form, NULL, 0, NULL); -- -- if (out == NULL || buf_len == 0) -- /* out == NULL => just return the length of the octet string */ -- return buf_len; -- -- if (*out == NULL) -- { -- if ((*out = OPENSSL_malloc(buf_len)) == NULL) -- { -- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- new_buffer = 1; -- } -- if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, -- *out, buf_len, NULL)) -- { -- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); -- OPENSSL_free(*out); -- *out = NULL; -- return 0; -- } -- if (!new_buffer) -- *out += buf_len; -- return buf_len; -- } -+{ -+ size_t buf_len = 0; -+ int new_buffer = 0; -+ -+ if (a == NULL) { -+ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ -+ buf_len = EC_POINT_point2oct(a->group, a->pub_key, -+ a->conv_form, NULL, 0, NULL); -+ -+ if (out == NULL || buf_len == 0) -+ /* out == NULL => just return the length of the octet string */ -+ return buf_len; -+ -+ if (*out == NULL) { -+ if ((*out = OPENSSL_malloc(buf_len)) == NULL) { -+ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ new_buffer = 1; -+ } -+ if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, -+ *out, buf_len, NULL)) { -+ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); -+ OPENSSL_free(*out); -+ *out = NULL; -+ return 0; -+ } -+ if (!new_buffer) -+ *out += buf_len; -+ return buf_len; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c -index 0e316b4..d3f5349 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_check.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_check.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,67 +57,64 @@ - #include - - int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) -- { -- int ret = 0; -- BIGNUM *order; -- BN_CTX *new_ctx = NULL; -- EC_POINT *point = NULL; -+{ -+ int ret = 0; -+ BIGNUM *order; -+ BN_CTX *new_ctx = NULL; -+ EC_POINT *point = NULL; - -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- { -- ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- BN_CTX_start(ctx); -- if ((order = BN_CTX_get(ctx)) == NULL) goto err; -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) { -+ ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ BN_CTX_start(ctx); -+ if ((order = BN_CTX_get(ctx)) == NULL) -+ goto err; - -- /* check the discriminant */ -- if (!EC_GROUP_check_discriminant(group, ctx)) -- { -- ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); -- goto err; -- } -+ /* check the discriminant */ -+ if (!EC_GROUP_check_discriminant(group, ctx)) { -+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); -+ goto err; -+ } - -- /* check the generator */ -- if (group->generator == NULL) -- { -- ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); -- goto err; -- } -- if (!EC_POINT_is_on_curve(group, group->generator, ctx)) -- { -- ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); -- goto err; -- } -+ /* check the generator */ -+ if (group->generator == NULL) { -+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); -+ goto err; -+ } -+ if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { -+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); -+ goto err; -+ } - -- /* check the order of the generator */ -- if ((point = EC_POINT_new(group)) == NULL) goto err; -- if (!EC_GROUP_get_order(group, order, ctx)) goto err; -- if (BN_is_zero(order)) -- { -- ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); -- goto err; -- } -- -- if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err; -- if (!EC_POINT_is_at_infinity(group, point)) -- { -- ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); -- goto err; -- } -+ /* check the order of the generator */ -+ if ((point = EC_POINT_new(group)) == NULL) -+ goto err; -+ if (!EC_GROUP_get_order(group, order, ctx)) -+ goto err; -+ if (BN_is_zero(order)) { -+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); -+ goto err; -+ } - -- ret = 1; -+ if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) -+ goto err; -+ if (!EC_POINT_is_at_infinity(group, point)) { -+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); -+ goto err; -+ } - --err: -- if (ctx != NULL) -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- if (point) -- EC_POINT_free(point); -- return ret; -- } -+ ret = 1; -+ -+ err: -+ if (ctx != NULL) -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ if (point) -+ EC_POINT_free(point); -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c -index beac209..b435620 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,13 +58,13 @@ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -- * Portions of the attached software ("Contribution") are developed by -+ * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * -- * The elliptic curve binary polynomial software is originally written by -+ * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ -@@ -74,1197 +74,1262 @@ - #include - - typedef struct ec_curve_data_st { -- int field_type; /* either NID_X9_62_prime_field or -- * NID_X9_62_characteristic_two_field */ -- const char *p; /* either a prime number or a polynomial */ -- const char *a; -- const char *b; -- const char *x; /* the x coordinate of the generator */ -- const char *y; /* the y coordinate of the generator */ -- const char *order; /* the order of the group generated by the -- * generator */ -- const BN_ULONG cofactor;/* the cofactor */ -- const unsigned char *seed;/* the seed (optional) */ -- size_t seed_len; -- const char *comment; /* a short description of the curve */ -+ int field_type; /* either NID_X9_62_prime_field or -+ * NID_X9_62_characteristic_two_field */ -+ const char *p; /* either a prime number or a polynomial */ -+ const char *a; -+ const char *b; -+ const char *x; /* the x coordinate of the generator */ -+ const char *y; /* the y coordinate of the generator */ -+ const char *order; /* the order of the group generated by the -+ * generator */ -+ const BN_ULONG cofactor; /* the cofactor */ -+ const unsigned char *seed; /* the seed (optional) */ -+ size_t seed_len; -+ const char *comment; /* a short description of the curve */ - } EC_CURVE_DATA; - - /* the nist prime curves */ - static const unsigned char _EC_NIST_PRIME_192_SEED[] = { -- 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57, -- 0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5}; -+ 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, -+ 0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5 -+}; -+ - static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -- "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", -- "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", -- "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", -- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1, -- _EC_NIST_PRIME_192_SEED, 20, -- "NIST/X9.62/SECG curve over a 192 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -+ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", -+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", -+ "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", -+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 1, -+ _EC_NIST_PRIME_192_SEED, 20, -+ "NIST/X9.62/SECG curve over a 192 bit prime field" -+}; - - static const unsigned char _EC_NIST_PRIME_224_SEED[] = { -- 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45, -- 0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5}; -+ 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, -+ 0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5 -+}; -+ - static const EC_CURVE_DATA _EC_NIST_PRIME_224 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", -- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", -- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", -- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1, -- _EC_NIST_PRIME_224_SEED, 20, -- "NIST/SECG curve over a 224 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", -+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", -+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", -+ "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, -+ _EC_NIST_PRIME_224_SEED, 20, -+ "NIST/SECG curve over a 224 bit prime field" -+}; - - static const unsigned char _EC_NIST_PRIME_384_SEED[] = { -- 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, -- 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73}; -+ 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, -+ 0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73 -+}; -+ - static const EC_CURVE_DATA _EC_NIST_PRIME_384 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" -- "FFF0000000000000000FFFFFFFF", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" -- "FFF0000000000000000FFFFFFFC", -- "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563" -- "98D8A2ED19D2A85C8EDD3EC2AEF", -- "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F" -- "25DBF55296C3A545E3872760AB7", -- "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b" -- "1ce1d7e819d7a431d7c90ea0e5f", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" -- "DB248B0A77AECEC196ACCC52973",1, -- _EC_NIST_PRIME_384_SEED, 20, -- "NIST/SECG curve over a 384 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" -+ "FFF0000000000000000FFFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" -+ "FFF0000000000000000FFFFFFFC", -+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563" -+ "98D8A2ED19D2A85C8EDD3EC2AEF", -+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F" -+ "25DBF55296C3A545E3872760AB7", -+ "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b" -+ "1ce1d7e819d7a431d7c90ea0e5f", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" -+ "DB248B0A77AECEC196ACCC52973", 1, -+ _EC_NIST_PRIME_384_SEED, 20, -+ "NIST/SECG curve over a 384 bit prime field" -+}; - - static const unsigned char _EC_NIST_PRIME_521_SEED[] = { -- 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, -- 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA}; -+ 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, -+ 0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA -+}; -+ - static const EC_CURVE_DATA _EC_NIST_PRIME_521 = { -- NID_X9_62_prime_field, -- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", -- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", -- "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156" -- "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", -- "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14" -- "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", -- "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9" -- "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", -- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" -- "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1, -- _EC_NIST_PRIME_521_SEED, 20, -- "NIST/SECG curve over a 521 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", -+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", -+ "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156" -+ "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", -+ "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14" -+ "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", -+ "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9" -+ "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", -+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" -+ "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 1, -+ _EC_NIST_PRIME_521_SEED, 20, -+ "NIST/SECG curve over a 521 bit prime field" -+}; -+ - /* the x9.62 prime curves (minus the nist prime curves) */ - static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = { -- 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B, -- 0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6}; -+ 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, -+ 0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -- "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", -- "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", -- "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", -- "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1, -- _EC_X9_62_PRIME_192V2_SEED, 20, -- "X9.62 curve over a 192 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -+ "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", -+ "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", -+ "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", -+ "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 1, -+ _EC_X9_62_PRIME_192V2_SEED, 20, -+ "X9.62 curve over a 192 bit prime field" -+}; - - static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { -- 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6, -- 0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E}; -+ 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, -+ 0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -- "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", -- "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", -- "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", -- "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1, -- _EC_X9_62_PRIME_192V3_SEED, 20, -- "X9.62 curve over a 192 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -+ "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", -+ "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", -+ "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", -+ "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 1, -+ _EC_X9_62_PRIME_192V3_SEED, 20, -+ "X9.62 curve over a 192 bit prime field" -+}; - - static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { -- 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0, -- 0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D}; -+ 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, -+ 0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { -- NID_X9_62_prime_field, -- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -- "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", -- "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", -- "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", -- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1, -- _EC_X9_62_PRIME_239V1_SEED, 20, -- "X9.62 curve over a 239 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -+ "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", -+ "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", -+ "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 1, -+ _EC_X9_62_PRIME_239V1_SEED, 20, -+ "X9.62 curve over a 239 bit prime field" -+}; - - static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { -- 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B, -- 0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16}; -+ 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, -+ 0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { -- NID_X9_62_prime_field, -- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -- "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", -- "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", -- "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", -- "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1, -- _EC_X9_62_PRIME_239V2_SEED, 20, -- "X9.62 curve over a 239 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -+ "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", -+ "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", -+ "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", -+ "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 1, -+ _EC_X9_62_PRIME_239V2_SEED, 20, -+ "X9.62 curve over a 239 bit prime field" -+}; - - static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { -- 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A, -- 0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF}; -+ 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, -+ 0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { -- NID_X9_62_prime_field, -- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -- "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", -- "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", -- "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", -- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1, -- _EC_X9_62_PRIME_239V3_SEED, 20, -- "X9.62 curve over a 239 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -+ "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", -+ "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", -+ "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 1, -+ _EC_X9_62_PRIME_239V3_SEED, 20, -+ "X9.62 curve over a 239 bit prime field" -+}; - - static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { -- 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, -- 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90}; -+ 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, -+ 0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { -- NID_X9_62_prime_field, -- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", -- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", -- "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", -- "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", -- "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", -- "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1, -- _EC_X9_62_PRIME_256V1_SEED, 20, -- "X9.62/SECG curve over a 256 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", -+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", -+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", -+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", -+ "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", -+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1, -+ _EC_X9_62_PRIME_256V1_SEED, 20, -+ "X9.62/SECG curve over a 256 bit prime field" -+}; -+ - /* the secg prime curves (minus the nist and x9.62 prime curves) */ - static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { -- 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68, -- 0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1}; -+ 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, -+ 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = { -- NID_X9_62_prime_field, -- "DB7C2ABF62E35E668076BEAD208B", -- "DB7C2ABF62E35E668076BEAD2088", -- "659EF8BA043916EEDE8911702B22", -- "09487239995A5EE76B55F9C2F098", -- "a89ce5af8724c0a23e0e0ff77500", -- "DB7C2ABF62E35E7628DFAC6561C5",1, -- _EC_SECG_PRIME_112R1_SEED, 20, -- "SECG/WTLS curve over a 112 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "DB7C2ABF62E35E668076BEAD208B", -+ "DB7C2ABF62E35E668076BEAD2088", -+ "659EF8BA043916EEDE8911702B22", -+ "09487239995A5EE76B55F9C2F098", -+ "a89ce5af8724c0a23e0e0ff77500", -+ "DB7C2ABF62E35E7628DFAC6561C5", 1, -+ _EC_SECG_PRIME_112R1_SEED, 20, -+ "SECG/WTLS curve over a 112 bit prime field" -+}; - - static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = { -- 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68, -- 0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4}; -+ 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, -+ 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = { -- NID_X9_62_prime_field, -- "DB7C2ABF62E35E668076BEAD208B", -- "6127C24C05F38A0AAAF65C0EF02C", -- "51DEF1815DB5ED74FCC34C85D709", -- "4BA30AB5E892B4E1649DD0928643", -- "adcd46f5882e3747def36e956e97", -- "36DF0AAFD8B8D7597CA10520D04B",4, -- _EC_SECG_PRIME_112R2_SEED, 20, -- "SECG curve over a 112 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "DB7C2ABF62E35E668076BEAD208B", -+ "6127C24C05F38A0AAAF65C0EF02C", -+ "51DEF1815DB5ED74FCC34C85D709", -+ "4BA30AB5E892B4E1649DD0928643", -+ "adcd46f5882e3747def36e956e97", -+ "36DF0AAFD8B8D7597CA10520D04B", 4, -+ _EC_SECG_PRIME_112R2_SEED, 20, -+ "SECG curve over a 112 bit prime field" -+}; - - static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = { -- 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, -- 0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79}; -+ 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, -+ 0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = { -- NID_X9_62_prime_field, -- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", -- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", -- "E87579C11079F43DD824993C2CEE5ED3", -- "161FF7528B899B2D0C28607CA52C5B86", -- "cf5ac8395bafeb13c02da292dded7a83", -- "FFFFFFFE0000000075A30D1B9038A115",1, -- _EC_SECG_PRIME_128R1_SEED, 20, -- "SECG curve over a 128 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", -+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", -+ "E87579C11079F43DD824993C2CEE5ED3", -+ "161FF7528B899B2D0C28607CA52C5B86", -+ "cf5ac8395bafeb13c02da292dded7a83", -+ "FFFFFFFE0000000075A30D1B9038A115", 1, -+ _EC_SECG_PRIME_128R1_SEED, 20, -+ "SECG curve over a 128 bit prime field" -+}; - - static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = { -- 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75, -- 0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4}; -+ 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, -+ 0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = { -- NID_X9_62_prime_field, -- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", -- "D6031998D1B3BBFEBF59CC9BBFF9AEE1", -- "5EEEFCA380D02919DC2C6558BB6D8A5D", -- "7B6AA5D85E572983E6FB32A7CDEBC140", -- "27b6916a894d3aee7106fe805fc34b44", -- "3FFFFFFF7FFFFFFFBE0024720613B5A3",4, -- _EC_SECG_PRIME_128R2_SEED, 20, -- "SECG curve over a 128 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", -+ "D6031998D1B3BBFEBF59CC9BBFF9AEE1", -+ "5EEEFCA380D02919DC2C6558BB6D8A5D", -+ "7B6AA5D85E572983E6FB32A7CDEBC140", -+ "27b6916a894d3aee7106fe805fc34b44", -+ "3FFFFFFF7FFFFFFFBE0024720613B5A3", 4, -+ _EC_SECG_PRIME_128R2_SEED, 20, -+ "SECG curve over a 128 bit prime field" -+}; - - static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", -- "0", -- "7", -- "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", -- "938cf935318fdced6bc28286531733c3f03c4fee", -- "0100000000000000000001B8FA16DFAB9ACA16B6B3",1, -- NULL, 0, -- "SECG curve over a 160 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", -+ "0", -+ "7", -+ "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", -+ "938cf935318fdced6bc28286531733c3f03c4fee", -+ "0100000000000000000001B8FA16DFAB9ACA16B6B3", 1, -+ NULL, 0, -+ "SECG curve over a 160 bit prime field" -+}; - - static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = { -- 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76, -- 0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45}; -+ 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, -+ 0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", -- "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", -- "4A96B5688EF573284664698968C38BB913CBFC82", -- "23a628553168947d59dcc912042351377ac5fb32", -- "0100000000000000000001F4C8F927AED3CA752257",1, -- _EC_SECG_PRIME_160R1_SEED, 20, -- "SECG curve over a 160 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", -+ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", -+ "4A96B5688EF573284664698968C38BB913CBFC82", -+ "23a628553168947d59dcc912042351377ac5fb32", -+ "0100000000000000000001F4C8F927AED3CA752257", 1, -+ _EC_SECG_PRIME_160R1_SEED, 20, -+ "SECG curve over a 160 bit prime field" -+}; - - static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = { -- 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09, -- 0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51}; -+ 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, -+ 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", -- "B4E134D3FB59EB8BAB57274904664D5AF50388BA", -- "52DCB034293A117E1F4FF11B30F7199D3144CE6D", -- "feaffef2e331f296e071fa0df9982cfea7d43f2e", -- "0100000000000000000000351EE786A818F3A1A16B",1, -- _EC_SECG_PRIME_160R2_SEED, 20, -- "SECG/WTLS curve over a 160 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", -+ "B4E134D3FB59EB8BAB57274904664D5AF50388BA", -+ "52DCB034293A117E1F4FF11B30F7199D3144CE6D", -+ "feaffef2e331f296e071fa0df9982cfea7d43f2e", -+ "0100000000000000000000351EE786A818F3A1A16B", 1, -+ _EC_SECG_PRIME_160R2_SEED, 20, -+ "SECG/WTLS curve over a 160 bit prime field" -+}; - - static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", -- "0", -- "3", -- "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", -- "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", -- "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1, -- NULL, 20, -- "SECG curve over a 192 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", -+ "0", -+ "3", -+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", -+ "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", -+ "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 1, -+ NULL, 20, -+ "SECG curve over a 192 bit prime field" -+}; - - static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", -- "0", -- "5", -- "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", -- "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", -- "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1, -- NULL, 20, -- "SECG curve over a 224 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", -+ "0", -+ "5", -+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", -+ "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", -+ "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 1, -+ NULL, 20, -+ "SECG curve over a 224 bit prime field" -+}; - - static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", -- "0", -- "7", -- "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", -- "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1, -- NULL, 20, -- "SECG curve over a 256 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", -+ "0", -+ "7", -+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", -+ "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 1, -+ NULL, 20, -+ "SECG curve over a 256 bit prime field" -+}; - - /* some wap/wtls curves */ - static const EC_CURVE_DATA _EC_WTLS_8 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", -- "0", -- "3", -- "1", -- "2", -- "0100000000000001ECEA551AD837E9",1, -- NULL, 20, -- "WTLS curve over a 112 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", -+ "0", -+ "3", -+ "1", -+ "2", -+ "0100000000000001ECEA551AD837E9", 1, -+ NULL, 20, -+ "WTLS curve over a 112 bit prime field" -+}; - - static const EC_CURVE_DATA _EC_WTLS_9 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", -- "0", -- "3", -- "1", -- "2", -- "0100000000000000000001CDC98AE0E2DE574ABF33",1, -- NULL, 20, -- "WTLS curve over a 160 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", -+ "0", -+ "3", -+ "1", -+ "2", -+ "0100000000000000000001CDC98AE0E2DE574ABF33", 1, -+ NULL, 20, -+ "WTLS curve over a 160 bit prime field" -+}; - - static const EC_CURVE_DATA _EC_WTLS_12 = { -- NID_X9_62_prime_field, -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", -- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", -- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", -- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", -- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, -- NULL, 0, -- "WTLS curvs over a 224 bit prime field" -- }; -+ NID_X9_62_prime_field, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", -+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", -+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", -+ "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, -+ NULL, 0, -+ "WTLS curvs over a 224 bit prime field" -+}; - - /* characteristic two curves */ - static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = { -- 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87, -- 0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9}; -+ 0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, -+ 0x56, 0x15, 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = { -- NID_X9_62_characteristic_two_field, -- "020000000000000000000000000201", -- "003088250CA6E7C7FE649CE85820F7", -- "00E8BEE4D3E2260744188BE0E9C723", -- "009D73616F35F4AB1407D73562C10F", -- "00A52830277958EE84D1315ED31886", -- "0100000000000000D9CCEC8A39E56F", 2, -- _EC_SECG_CHAR2_113R1_SEED, 20, -- "SECG curve over a 113 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "020000000000000000000000000201", -+ "003088250CA6E7C7FE649CE85820F7", -+ "00E8BEE4D3E2260744188BE0E9C723", -+ "009D73616F35F4AB1407D73562C10F", -+ "00A52830277958EE84D1315ED31886", -+ "0100000000000000D9CCEC8A39E56F", 2, -+ _EC_SECG_CHAR2_113R1_SEED, 20, -+ "SECG curve over a 113 bit binary field" -+}; - - static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = { -- 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, -- 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D}; -+ 0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, -+ 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D -+}; -+ - static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = { -- NID_X9_62_characteristic_two_field, -- "020000000000000000000000000201", -- "00689918DBEC7E5A0DD6DFC0AA55C7", -- "0095E9A9EC9B297BD4BF36E059184F", -- "01A57A6A7B26CA5EF52FCDB8164797", -- "00B3ADC94ED1FE674C06E695BABA1D", -- "010000000000000108789B2496AF93", 2, -- _EC_SECG_CHAR2_113R2_SEED, 20, -- "SECG curve over a 113 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "020000000000000000000000000201", -+ "00689918DBEC7E5A0DD6DFC0AA55C7", -+ "0095E9A9EC9B297BD4BF36E059184F", -+ "01A57A6A7B26CA5EF52FCDB8164797", -+ "00B3ADC94ED1FE674C06E695BABA1D", -+ "010000000000000108789B2496AF93", 2, -+ _EC_SECG_CHAR2_113R2_SEED, 20, -+ "SECG curve over a 113 bit binary field" -+}; - - static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = { -- 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98, -- 0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2}; -+ 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, -+ 0x5B, 0xD3, 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = { -- NID_X9_62_characteristic_two_field, -- "080000000000000000000000000000010D", -- "07A11B09A76B562144418FF3FF8C2570B8", -- "0217C05610884B63B9C6C7291678F9D341", -- "0081BAF91FDF9833C40F9C181343638399", -- "078C6E7EA38C001F73C8134B1B4EF9E150", -- "0400000000000000023123953A9464B54D", 2, -- _EC_SECG_CHAR2_131R1_SEED, 20, -- "SECG/WTLS curve over a 131 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "080000000000000000000000000000010D", -+ "07A11B09A76B562144418FF3FF8C2570B8", -+ "0217C05610884B63B9C6C7291678F9D341", -+ "0081BAF91FDF9833C40F9C181343638399", -+ "078C6E7EA38C001F73C8134B1B4EF9E150", -+ "0400000000000000023123953A9464B54D", 2, -+ _EC_SECG_CHAR2_131R1_SEED, 20, -+ "SECG/WTLS curve over a 131 bit binary field" -+}; - - static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = { -- 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76, -- 0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3}; -+ 0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, -+ 0x87, 0x56, 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = { -- NID_X9_62_characteristic_two_field, -- "080000000000000000000000000000010D", -- "03E5A88919D7CAFCBF415F07C2176573B2", -- "04B8266A46C55657AC734CE38F018F2192", -- "0356DCD8F2F95031AD652D23951BB366A8", -- "0648F06D867940A5366D9E265DE9EB240F", -- "0400000000000000016954A233049BA98F", 2, -- _EC_SECG_CHAR2_131R2_SEED, 20, -- "SECG curve over a 131 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "080000000000000000000000000000010D", -+ "03E5A88919D7CAFCBF415F07C2176573B2", -+ "04B8266A46C55657AC734CE38F018F2192", -+ "0356DCD8F2F95031AD652D23951BB366A8", -+ "0648F06D867940A5366D9E265DE9EB240F", -+ "0400000000000000016954A233049BA98F", 2, -+ _EC_SECG_CHAR2_131R2_SEED, 20, -+ "SECG curve over a 131 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = { -- NID_X9_62_characteristic_two_field, -- "0800000000000000000000000000000000000000C9", -- "1", -- "1", -- "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", -- "0289070FB05D38FF58321F2E800536D538CCDAA3D9", -- "04000000000000000000020108A2E0CC0D99F8A5EF", 2, -- NULL, 0, -- "NIST/SECG/WTLS curve over a 163 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "0800000000000000000000000000000000000000C9", -+ "1", -+ "1", -+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", -+ "0289070FB05D38FF58321F2E800536D538CCDAA3D9", -+ "04000000000000000000020108A2E0CC0D99F8A5EF", 2, -+ NULL, 0, -+ "NIST/SECG/WTLS curve over a 163 bit binary field" -+}; - - static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = { -- 0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67, -- 0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C}; -+ 0x24, 0xB7, 0xB1, 0x37, 0xC8, 0xA1, 0x4D, 0x69, 0x6E, 0x67, -+ 0x68, 0x75, 0x61, 0x51, 0x75, 0x6F, 0xD0, 0xDA, 0x2E, 0x5C -+}; -+ - static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = { -- NID_X9_62_characteristic_two_field, -- "0800000000000000000000000000000000000000C9", -- "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", -- "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", -- "0369979697AB43897789566789567F787A7876A654", -- "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", -- "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2, --/* The algorithm used to derive the curve parameters from -- * the seed used here is slightly different than the -- * algorithm described in X9.62 . -- */ -+ NID_X9_62_characteristic_two_field, -+ "0800000000000000000000000000000000000000C9", -+ "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", -+ "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", -+ "0369979697AB43897789566789567F787A7876A654", -+ "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", -+ "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2, -+ /* -+ * The algorithm used to derive the curve parameters from the seed used -+ * here is slightly different than the algorithm described in X9.62 . -+ */ - #if 0 -- _EC_SECG_CHAR2_163R1_SEED, 20, -+ _EC_SECG_CHAR2_163R1_SEED, 20, - #else -- NULL, 0, -+ NULL, 0, - #endif -- "SECG curve over a 163 bit binary field" -- }; -+ "SECG curve over a 163 bit binary field" -+}; - - static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = { -- 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12, -- 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68}; --static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={ -- NID_X9_62_characteristic_two_field, -- "0800000000000000000000000000000000000000C9", -- "1", -- "020A601907B8C953CA1481EB10512F78744A3205FD", -- "03F0EBA16286A2D57EA0991168D4994637E8343E36", -- "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", -- "040000000000000000000292FE77E70C12A4234C33", 2, --/* The seed here was used to created the curve parameters in normal -- * basis representation (and not the polynomial representation used here) -- */ -+ 0x85, 0xE2, 0x5B, 0xFE, 0x5C, 0x86, 0x22, 0x6C, 0xDB, 0x12, -+ 0x01, 0x6F, 0x75, 0x53, 0xF9, 0xD0, 0xE6, 0x93, 0xA2, 0x68 -+}; -+ -+static const EC_CURVE_DATA _EC_NIST_CHAR2_163B = { -+ NID_X9_62_characteristic_two_field, -+ "0800000000000000000000000000000000000000C9", -+ "1", -+ "020A601907B8C953CA1481EB10512F78744A3205FD", -+ "03F0EBA16286A2D57EA0991168D4994637E8343E36", -+ "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", -+ "040000000000000000000292FE77E70C12A4234C33", 2, -+ /* -+ * The seed here was used to created the curve parameters in normal basis -+ * representation (and not the polynomial representation used here) -+ */ - #if 0 -- _EC_NIST_CHAR2_163B_SEED, 20, -+ _EC_NIST_CHAR2_163B_SEED, 20, - #else -- NULL, 0, -+ NULL, 0, - #endif -- "NIST/SECG curve over a 163 bit binary field" -- }; -+ "NIST/SECG curve over a 163 bit binary field" -+}; - - static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = { -- 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75, -- 0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30}; -+ 0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, -+ 0x61, 0x51, 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = { -- NID_X9_62_characteristic_two_field, -- "02000000000000000000000000000000000000000000008001", -- "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", -- "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", -- "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", -- "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", -- "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, -- _EC_SECG_CHAR2_193R1_SEED, 20, -- "SECG curve over a 193 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "02000000000000000000000000000000000000000000008001", -+ "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", -+ "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", -+ "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", -+ "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", -+ "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, -+ _EC_SECG_CHAR2_193R1_SEED, 20, -+ "SECG curve over a 193 bit binary field" -+}; - - static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = { -- 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15, -- 0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11}; -+ 0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, -+ 0x17, 0x51, 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11 -+}; -+ - static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = { -- NID_X9_62_characteristic_two_field, -- "02000000000000000000000000000000000000000000008001", -- "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", -- "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", -- "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", -- "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", -- "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, -- _EC_SECG_CHAR2_193R2_SEED, 20, -- "SECG curve over a 193 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "02000000000000000000000000000000000000000000008001", -+ "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", -+ "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", -+ "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", -+ "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", -+ "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, -+ _EC_SECG_CHAR2_193R2_SEED, 20, -+ "SECG curve over a 193 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = { -- NID_X9_62_characteristic_two_field, -- "020000000000000000000000000000000000000004000000000000000001", -- "0", -- "1", -- "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", -- "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", -- "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, -- NULL, 0, -- "NIST/SECG/WTLS curve over a 233 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "020000000000000000000000000000000000000004000000000000000001", -+ "0", -+ "1", -+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", -+ "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", -+ "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, -+ NULL, 0, -+ "NIST/SECG/WTLS curve over a 233 bit binary field" -+}; - - static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = { -- 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1, -- 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3}; -+ 0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, -+ 0x4B, 0x34, 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3 -+}; -+ - static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = { -- NID_X9_62_characteristic_two_field, -- "020000000000000000000000000000000000000004000000000000000001", -- "000000000000000000000000000000000000000000000000000000000001", -- "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", -- "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", -- "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", -- "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, -- _EC_NIST_CHAR2_233B_SEED, 20, -- "NIST/SECG/WTLS curve over a 233 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "020000000000000000000000000000000000000004000000000000000001", -+ "000000000000000000000000000000000000000000000000000000000001", -+ "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", -+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", -+ "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", -+ "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, -+ _EC_NIST_CHAR2_233B_SEED, 20, -+ "NIST/SECG/WTLS curve over a 233 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000004000000000000000000000000000000000000001", -- "0", -- "1", -- "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", -- "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", -- "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, -- NULL, 0, -- "SECG curve over a 239 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000004000000000000000000000000000000000000001", -+ "0", -+ "1", -+ "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", -+ "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", -+ "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, -+ NULL, 0, -+ "SECG curve over a 239 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = { -- NID_X9_62_characteristic_two_field, -- "080000000000000000000000000000000000000000000000000000000000000000001" -- "0A1", -- "0", -- "1", -- "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492" -- "836", -- "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2" -- "259", -- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" -- "C61", 4, -- NULL, 20, -- "NIST/SECG curve over a 283 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "080000000000000000000000000000000000000000000000000000000000000000001" -+ "0A1", -+ "0", -+ "1", -+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492" -+ "836", -+ "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2" -+ "259", -+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" -+ "C61", 4, -+ NULL, 20, -+ "NIST/SECG curve over a 283 bit binary field" -+}; - - static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = { -- 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D, -- 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE}; -+ 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, -+ 0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE -+}; -+ - static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = { -- NID_X9_62_characteristic_two_field, -- "080000000000000000000000000000000000000000000000000000000000000000001" -- "0A1", -- "000000000000000000000000000000000000000000000000000000000000000000000" -- "001", -- "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A" -- "2F5", -- "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12" -- "053", -- "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811" -- "2F4", -- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" -- "307", 2, -- _EC_NIST_CHAR2_283B_SEED, 20, -- "NIST/SECG curve over a 283 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "080000000000000000000000000000000000000000000000000000000000000000001" -+ "0A1", -+ "000000000000000000000000000000000000000000000000000000000000000000000" -+ "001", -+ "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A" -+ "2F5", -+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12" -+ "053", -+ "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811" -+ "2F4", -+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" -+ "307", 2, -+ _EC_NIST_CHAR2_283B_SEED, 20, -+ "NIST/SECG curve over a 283 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = { -- NID_X9_62_characteristic_two_field, -- "020000000000000000000000000000000000000000000000000000000000000000000" -- "00000000000008000000000000000000001", -- "0", -- "1", -- "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601" -- "89EB5AAAA62EE222EB1B35540CFE9023746", -- "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6" -- "C42E9C55215AA9CA27A5863EC48D8E0286B", -- "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" -- "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, -- NULL, 0, -- "NIST/SECG curve over a 409 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "020000000000000000000000000000000000000000000000000000000000000000000" -+ "00000000000008000000000000000000001", -+ "0", -+ "1", -+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601" -+ "89EB5AAAA62EE222EB1B35540CFE9023746", -+ "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6" -+ "C42E9C55215AA9CA27A5863EC48D8E0286B", -+ "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" -+ "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, -+ NULL, 0, -+ "NIST/SECG curve over a 409 bit binary field" -+}; - - static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = { -- 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21, -- 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B}; -+ 0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, -+ 0x3D, 0x09, 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B -+}; -+ - static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = { -- NID_X9_62_characteristic_two_field, -- "020000000000000000000000000000000000000000000000000000000000000000000" -- "00000000000008000000000000000000001", -- "000000000000000000000000000000000000000000000000000000000000000000000" -- "00000000000000000000000000000000001", -- "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19" -- "7B272822F6CD57A55AA4F50AE317B13545F", -- "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255" -- "A868A1180515603AEAB60794E54BB7996A7", -- "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514" -- "F1FDF4B4F40D2181B3681C364BA0273C706", -- "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" -- "7BE5FA47C3C9E052F838164CD37D9A21173", 2, -- _EC_NIST_CHAR2_409B_SEED, 20, -- "NIST/SECG curve over a 409 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "020000000000000000000000000000000000000000000000000000000000000000000" -+ "00000000000008000000000000000000001", -+ "000000000000000000000000000000000000000000000000000000000000000000000" -+ "00000000000000000000000000000000001", -+ "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19" -+ "7B272822F6CD57A55AA4F50AE317B13545F", -+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255" -+ "A868A1180515603AEAB60794E54BB7996A7", -+ "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514" -+ "F1FDF4B4F40D2181B3681C364BA0273C706", -+ "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" -+ "7BE5FA47C3C9E052F838164CD37D9A21173", 2, -+ _EC_NIST_CHAR2_409B_SEED, 20, -+ "NIST/SECG curve over a 409 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000000000000000000000000000" -- "000000000000000000000000000000000000000000000000000000000000000000000" -- "00425", -- "0", -- "1", -- "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709" -- "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0" -- "1C8972", -- "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497" -- "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E" -- "F1C7A3", -- "020000000000000000000000000000000000000000000000000000000000000000000" -- "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" -- "7C1001", 4, -- NULL, 0, -- "NIST/SECG curve over a 571 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000000000000000000000000000" -+ "000000000000000000000000000000000000000000000000000000000000000000000" -+ "00425", -+ "0", -+ "1", -+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709" -+ "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0" -+ "1C8972", -+ "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497" -+ "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E" -+ "F1C7A3", -+ "020000000000000000000000000000000000000000000000000000000000000000000" -+ "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" -+ "7C1001", 4, -+ NULL, 0, -+ "NIST/SECG curve over a 571 bit binary field" -+}; - - static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = { -- 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B, -- 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10}; -+ 0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, -+ 0x0F, 0x61, 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10 -+}; -+ - static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000000000000000000000000000" -- "000000000000000000000000000000000000000000000000000000000000000000000" -- "00425", -- "000000000000000000000000000000000000000000000000000000000000000000000" -- "000000000000000000000000000000000000000000000000000000000000000000000" -- "000001", -- "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA" -- "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29" -- "55727A", -- "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53" -- "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E" -- "EC2D19", -- "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423" -- "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B" -- "8AC15B", -- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" -- "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" -- "E84E47", 2, -- _EC_NIST_CHAR2_571B_SEED, 20, -- "NIST/SECG curve over a 571 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000000000000000000000000000" -+ "000000000000000000000000000000000000000000000000000000000000000000000" -+ "00425", -+ "000000000000000000000000000000000000000000000000000000000000000000000" -+ "000000000000000000000000000000000000000000000000000000000000000000000" -+ "000001", -+ "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA" -+ "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29" -+ "55727A", -+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53" -+ "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E" -+ "EC2D19", -+ "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423" -+ "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B" -+ "8AC15B", -+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" -+ "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" -+ "E84E47", 2, -+ _EC_NIST_CHAR2_571B_SEED, 20, -+ "NIST/SECG curve over a 571 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = { -- 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, -- 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54}; -+ 0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, -+ 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { -- NID_X9_62_characteristic_two_field, -- "080000000000000000000000000000000000000107", -- "072546B5435234A422E0789675F432C89435DE5242", -- "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", -- "07AF69989546103D79329FCC3D74880F33BBE803CB", -- "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", -- "0400000000000000000001E60FC8821CC74DAEAFC1", 2, -- _EC_X9_62_CHAR2_163V1_SEED, 20, -- "X9.62 curve over a 163 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "080000000000000000000000000000000000000107", -+ "072546B5435234A422E0789675F432C89435DE5242", -+ "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", -+ "07AF69989546103D79329FCC3D74880F33BBE803CB", -+ "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", -+ "0400000000000000000001E60FC8821CC74DAEAFC1", 2, -+ _EC_X9_62_CHAR2_163V1_SEED, 20, -+ "X9.62 curve over a 163 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { -- 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76, -- 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD}; -+ 0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, -+ 0x87, 0x56, 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { -- NID_X9_62_characteristic_two_field, -- "080000000000000000000000000000000000000107", -- "0108B39E77C4B108BED981ED0E890E117C511CF072", -- "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", -- "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", -- "079F684DDF6684C5CD258B3890021B2386DFD19FC5", -- "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, -- _EC_X9_62_CHAR2_163V2_SEED, 20, -- "X9.62 curve over a 163 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "080000000000000000000000000000000000000107", -+ "0108B39E77C4B108BED981ED0E890E117C511CF072", -+ "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", -+ "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", -+ "079F684DDF6684C5CD258B3890021B2386DFD19FC5", -+ "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, -+ _EC_X9_62_CHAR2_163V2_SEED, 20, -+ "X9.62 curve over a 163 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { -- 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67, -- 0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8}; -+ 0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, -+ 0x68, 0x75, 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { -- NID_X9_62_characteristic_two_field, -- "080000000000000000000000000000000000000107", -- "07A526C63D3E25A256A007699F5447E32AE456B50E", -- "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", -- "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", -- "05B935590C155E17EA48EB3FF3718B893DF59A05D0", -- "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, -- _EC_X9_62_CHAR2_163V3_SEED, 20, -- "X9.62 curve over a 163 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "080000000000000000000000000000000000000107", -+ "07A526C63D3E25A256A007699F5447E32AE456B50E", -+ "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", -+ "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", -+ "05B935590C155E17EA48EB3FF3718B893DF59A05D0", -+ "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, -+ _EC_X9_62_CHAR2_163V3_SEED, 20, -+ "X9.62 curve over a 163 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { -- NID_X9_62_characteristic_two_field, -- "0100000000000000000000000000000000080000000007", -- "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", -- "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", -- "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", -- "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", -- "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, -- NULL, 0, -- "X9.62 curve over a 176 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "0100000000000000000000000000000000080000000007", -+ "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", -+ "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", -+ "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", -+ "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", -+ "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, -+ NULL, 0, -+ "X9.62 curve over a 176 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { -- 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76, -- 0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84}; -+ 0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, -+ 0x87, 0x56, 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000201", -- "2866537B676752636A68F56554E12640276B649EF7526267", -- "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", -- "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", -- "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", -- "40000000000000000000000004A20E90C39067C893BBB9A5", 2, -- _EC_X9_62_CHAR2_191V1_SEED, 20, -- "X9.62 curve over a 191 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000201", -+ "2866537B676752636A68F56554E12640276B649EF7526267", -+ "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", -+ "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", -+ "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", -+ "40000000000000000000000004A20E90C39067C893BBB9A5", 2, -+ _EC_X9_62_CHAR2_191V1_SEED, 20, -+ "X9.62 curve over a 191 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { -- 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76, -- 0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15}; -+ 0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, -+ 0x87, 0x56, 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000201", -- "401028774D7777C7B7666D1366EA432071274F89FF01E718", -- "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", -- "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", -- "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", -- "20000000000000000000000050508CB89F652824E06B8173", 4, -- _EC_X9_62_CHAR2_191V2_SEED, 20, -- "X9.62 curve over a 191 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000201", -+ "401028774D7777C7B7666D1366EA432071274F89FF01E718", -+ "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", -+ "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", -+ "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", -+ "20000000000000000000000050508CB89F652824E06B8173", 4, -+ _EC_X9_62_CHAR2_191V2_SEED, 20, -+ "X9.62 curve over a 191 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { -- 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76, -- 0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F}; -+ 0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, -+ 0x87, 0x56, 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000201", -- "6C01074756099122221056911C77D77E77A777E7E7E77FCB", -- "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", -- "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", -- "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", -- "155555555555555555555555610C0B196812BFB6288A3EA3", 6, -- _EC_X9_62_CHAR2_191V3_SEED, 20, -- "X9.62 curve over a 191 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000201", -+ "6C01074756099122221056911C77D77E77A777E7E7E77FCB", -+ "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", -+ "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", -+ "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", -+ "155555555555555555555555610C0B196812BFB6288A3EA3", 6, -+ _EC_X9_62_CHAR2_191V3_SEED, 20, -+ "X9.62 curve over a 191 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { -- NID_X9_62_characteristic_two_field, -- "010000000000000000000000000000000800000000000000000007", -- "0000000000000000000000000000000000000000000000000000", -- "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", -- "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", -- "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", -- "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, -- NULL, 0, -- "X9.62 curve over a 208 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "010000000000000000000000000000000800000000000000000007", -+ "0000000000000000000000000000000000000000000000000000", -+ "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", -+ "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", -+ "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", -+ "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, -+ NULL, 0, -+ "X9.62 curve over a 208 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { -- 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, -- 0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D}; -+ 0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, -+ 0x51, 0x75, 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000000001000000001", -- "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", -- "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", -- "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", -- "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", -- "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, -- _EC_X9_62_CHAR2_239V1_SEED, 20, -- "X9.62 curve over a 239 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000000001000000001", -+ "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", -+ "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", -+ "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", -+ "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", -+ "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, -+ _EC_X9_62_CHAR2_239V1_SEED, 20, -+ "X9.62 curve over a 239 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { -- 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76, -- 0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D}; -+ 0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, -+ 0x87, 0x56, 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000000001000000001", -- "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", -- "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", -- "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", -- "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", -- "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, -- _EC_X9_62_CHAR2_239V2_SEED, 20, -- "X9.62 curve over a 239 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000000001000000001", -+ "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", -+ "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", -+ "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", -+ "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", -+ "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, -+ _EC_X9_62_CHAR2_239V2_SEED, 20, -+ "X9.62 curve over a 239 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { -- 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, -- 0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41}; -+ 0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, -+ 0x51, 0x75, 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000000001000000001", -- "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", -- "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", -- "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", -- "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", -- "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, -- _EC_X9_62_CHAR2_239V3_SEED, 20, -- "X9.62 curve over a 239 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000000001000000001", -+ "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", -+ "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", -+ "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", -+ "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", -+ "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, -+ _EC_X9_62_CHAR2_239V3_SEED, 20, -+ "X9.62 curve over a 239 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { -- NID_X9_62_characteristic_two_field, -- "010000000000000000000000000000000000000000000000000000010000000000000" -- "B", -- "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", -- "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", -- "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", -- "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", -- "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", -- 0xFF06, -- NULL, 0, -- "X9.62 curve over a 272 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "010000000000000000000000000000000000000000000000000000010000000000000" -+ "B", -+ "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", -+ "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", -+ "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", -+ "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", -+ "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", -+ 0xFF06, -+ NULL, 0, -+ "X9.62 curve over a 272 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { -- NID_X9_62_characteristic_two_field, -- "010000000000000000000000000000000000000000000000000000000000000000000" -- "000000807", -- "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039" -- "6C8E681", -- "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558" -- "27340BE", -- "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7" -- "40A2614", -- "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1" -- "B92C03B", -- "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" -- "443051D", 0xFE2E, -- NULL, 0, -- "X9.62 curve over a 304 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "010000000000000000000000000000000000000000000000000000000000000000000" -+ "000000807", -+ "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039" -+ "6C8E681", -+ "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558" -+ "27340BE", -+ "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7" -+ "40A2614", -+ "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1" -+ "B92C03B", -+ "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" -+ "443051D", 0xFE2E, -+ NULL, 0, -+ "X9.62 curve over a 304 bit binary field" -+}; - - static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { -- 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76, -- 0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6}; -+ 0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, -+ 0x87, 0x56, 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6 -+}; -+ - static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000000000000000000000000000" -- "000100000000000000001", -- "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05" -- "656FB549016A96656A557", -- "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968" -- "7742B6329E70680231988", -- "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9" -- "8E8E707C07A2239B1B097", -- "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E" -- "4AE2DE211305A407104BD", -- "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" -- "64FE7719E74F490758D3B", 0x4C, -- _EC_X9_62_CHAR2_359V1_SEED, 20, -- "X9.62 curve over a 359 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000000000000000000000000000" -+ "000100000000000000001", -+ "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05" -+ "656FB549016A96656A557", -+ "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968" -+ "7742B6329E70680231988", -+ "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9" -+ "8E8E707C07A2239B1B097", -+ "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E" -+ "4AE2DE211305A407104BD", -+ "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" -+ "64FE7719E74F490758D3B", 0x4C, -+ _EC_X9_62_CHAR2_359V1_SEED, 20, -+ "X9.62 curve over a 359 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { -- NID_X9_62_characteristic_two_field, -- "010000000000000000000000000000000000000000000000000000000000000000000" -- "0002000000000000000000007", -- "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62" -- "F0AB7519CCD2A1A906AE30D", -- "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112" -- "D84D164F444F8F74786046A", -- "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78" -- "9E927BE216F02E1FB136A5F", -- "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855" -- "ADAA81E2A0750B80FDA2310", -- "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" -- "9AE40A6F131E9CFCE5BD967", 0xFF70, -- NULL, 0, -- "X9.62 curve over a 368 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "010000000000000000000000000000000000000000000000000000000000000000000" -+ "0002000000000000000000007", -+ "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62" -+ "F0AB7519CCD2A1A906AE30D", -+ "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112" -+ "D84D164F444F8F74786046A", -+ "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78" -+ "9E927BE216F02E1FB136A5F", -+ "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855" -+ "ADAA81E2A0750B80FDA2310", -+ "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" -+ "9AE40A6F131E9CFCE5BD967", 0xFF70, -+ NULL, 0, -+ "X9.62 curve over a 368 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { -- NID_X9_62_characteristic_two_field, -- "800000000000000000000000000000000000000000000000000000000000000000000" -- "000000001000000000000000000000000000001", -- "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E" -- "B9906D0957F6C6FEACD615468DF104DE296CD8F", -- "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6" -- "26D4E50A8DD731B107A9962381FB5D807BF2618", -- "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2" -- "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", -- "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6" -- "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", -- "0340340340340340340340340340340340340340340340340340340323C313FAB5058" -- "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, -- NULL, 0, -- "X9.62 curve over a 431 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "800000000000000000000000000000000000000000000000000000000000000000000" -+ "000000001000000000000000000000000000001", -+ "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E" -+ "B9906D0957F6C6FEACD615468DF104DE296CD8F", -+ "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6" -+ "26D4E50A8DD731B107A9962381FB5D807BF2618", -+ "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2" -+ "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", -+ "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6" -+ "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", -+ "0340340340340340340340340340340340340340340340340340340323C313FAB5058" -+ "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, -+ NULL, 0, -+ "X9.62 curve over a 431 bit binary field" -+}; - - static const EC_CURVE_DATA _EC_WTLS_1 = { -- NID_X9_62_characteristic_two_field, -- "020000000000000000000000000201", -- "1", -- "1", -- "01667979A40BA497E5D5C270780617", -- "00F44B4AF1ECC2630E08785CEBCC15", -- "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, -- NULL, 0, -- "WTLS curve over a 113 bit binary field" -- }; -+ NID_X9_62_characteristic_two_field, -+ "020000000000000000000000000201", -+ "1", -+ "1", -+ "01667979A40BA497E5D5C270780617", -+ "00F44B4AF1ECC2630E08785CEBCC15", -+ "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, -+ NULL, 0, -+ "WTLS curve over a 113 bit binary field" -+}; - - /* IPSec curves */ --/* NOTE: The of curves over a extension field of non prime degree -- * is not recommended (Weil-descent). -- * As the group order is not a prime this curve is not suitable -- * for ECDSA. -+/* -+ * NOTE: The of curves over a extension field of non prime degree is not -+ * recommended (Weil-descent). As the group order is not a prime this curve -+ * is not suitable for ECDSA. - */ - static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { -- NID_X9_62_characteristic_two_field, -- "0800000000000000000000004000000000000001", -- "0", -- "07338f", -- "7b", -- "1c8", -- "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3, -- NULL, 0, -- "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" -- "\tNot suitable for ECDSA.\n\tQuestionable extension field!" -- }; -- --/* NOTE: The of curves over a extension field of non prime degree -- * is not recommended (Weil-descent). -- * As the group order is not a prime this curve is not suitable -- * for ECDSA. -+ NID_X9_62_characteristic_two_field, -+ "0800000000000000000000004000000000000001", -+ "0", -+ "07338f", -+ "7b", -+ "1c8", -+ "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C", 3, -+ NULL, 0, -+ "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" -+ "\tNot suitable for ECDSA.\n\tQuestionable extension field!" -+}; -+ -+/* -+ * NOTE: The of curves over a extension field of non prime degree is not -+ * recommended (Weil-descent). As the group order is not a prime this curve -+ * is not suitable for ECDSA. - */ - static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { -- NID_X9_62_characteristic_two_field, -- "020000000000000000000000000000200000000000000001", -- "0", -- "1ee9", -- "18", -- "0d", -- "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2, -- NULL, 0, -- "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" -- "\tNot suitable for ECDSA.\n\tQuestionable extension field!" -- }; -+ NID_X9_62_characteristic_two_field, -+ "020000000000000000000000000000200000000000000001", -+ "0", -+ "1ee9", -+ "18", -+ "0d", -+ "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E", 2, -+ NULL, 0, -+ "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" -+ "\tNot suitable for ECDSA.\n\tQuestionable extension field!" -+}; - - typedef struct _ec_list_element_st { -- int nid; -- const EC_CURVE_DATA *data; -- } ec_list_element; -+ int nid; -+ const EC_CURVE_DATA *data; -+} ec_list_element; - - static const ec_list_element curve_list[] = { -- /* prime field curves */ -- /* secg curves */ -- { NID_secp112r1, &_EC_SECG_PRIME_112R1}, -- { NID_secp112r2, &_EC_SECG_PRIME_112R2}, -- { NID_secp128r1, &_EC_SECG_PRIME_128R1}, -- { NID_secp128r2, &_EC_SECG_PRIME_128R2}, -- { NID_secp160k1, &_EC_SECG_PRIME_160K1}, -- { NID_secp160r1, &_EC_SECG_PRIME_160R1}, -- { NID_secp160r2, &_EC_SECG_PRIME_160R2}, -- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ -- { NID_secp192k1, &_EC_SECG_PRIME_192K1}, -- { NID_secp224k1, &_EC_SECG_PRIME_224K1}, -- { NID_secp224r1, &_EC_NIST_PRIME_224}, -- { NID_secp256k1, &_EC_SECG_PRIME_256K1}, -- /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ -- { NID_secp384r1, &_EC_NIST_PRIME_384}, -- { NID_secp521r1, &_EC_NIST_PRIME_521}, -- /* X9.62 curves */ -- { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, -- { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, -- { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, -- { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, -- { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2}, -- { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, -- { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, -- /* characteristic two field curves */ -- /* NIST/SECG curves */ -- { NID_sect113r1, &_EC_SECG_CHAR2_113R1}, -- { NID_sect113r2, &_EC_SECG_CHAR2_113R2}, -- { NID_sect131r1, &_EC_SECG_CHAR2_131R1}, -- { NID_sect131r2, &_EC_SECG_CHAR2_131R2}, -- { NID_sect163k1, &_EC_NIST_CHAR2_163K }, -- { NID_sect163r1, &_EC_SECG_CHAR2_163R1}, -- { NID_sect163r2, &_EC_NIST_CHAR2_163B }, -- { NID_sect193r1, &_EC_SECG_CHAR2_193R1}, -- { NID_sect193r2, &_EC_SECG_CHAR2_193R2}, -- { NID_sect233k1, &_EC_NIST_CHAR2_233K }, -- { NID_sect233r1, &_EC_NIST_CHAR2_233B }, -- { NID_sect239k1, &_EC_SECG_CHAR2_239K1}, -- { NID_sect283k1, &_EC_NIST_CHAR2_283K }, -- { NID_sect283r1, &_EC_NIST_CHAR2_283B }, -- { NID_sect409k1, &_EC_NIST_CHAR2_409K }, -- { NID_sect409r1, &_EC_NIST_CHAR2_409B }, -- { NID_sect571k1, &_EC_NIST_CHAR2_571K }, -- { NID_sect571r1, &_EC_NIST_CHAR2_571B }, -- /* X9.62 curves */ -- { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, -- { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, -- { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3}, -- { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1}, -- { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1}, -- { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2}, -- { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3}, -- { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1}, -- { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1}, -- { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2}, -- { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3}, -- { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1}, -- { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1}, -- { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, -- { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, -- { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, -- /* the WAP/WTLS curves -- * [unlike SECG, spec has its own OIDs for curves from X9.62] */ -- { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, -- { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, -- { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, -- { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, -- { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, -- { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, -- { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, -- { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 }, -- { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, -- { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, -- { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, -- /* IPSec curves */ -- { NID_ipsec3, &_EC_IPSEC_155_ID3}, -- { NID_ipsec4, &_EC_IPSEC_185_ID4}, --}; -- --static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element); -- --static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) -- { -- EC_GROUP *group=NULL; -- EC_POINT *P=NULL; -- BN_CTX *ctx=NULL; -- BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL; -- int ok=0; -- -- if ((ctx = BN_CTX_new()) == NULL) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || -- (b = BN_new()) == NULL || (x = BN_new()) == NULL || -- (y = BN_new()) == NULL || (order = BN_new()) == NULL) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a) -- || !BN_hex2bn(&b, data->b)) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); -- goto err; -- } -- -- if (data->field_type == NID_X9_62_prime_field) -- { -- if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -- goto err; -- } -- } -- else -- { /* field_type == NID_X9_62_characteristic_two_field */ -- if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -- goto err; -- } -- } -- -- if ((P = EC_POINT_new(group)) == NULL) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -- goto err; -- } -- -- if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); -- goto err; -- } -- if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -- goto err; -- } -- if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); -- goto err; -- } -- if (!EC_GROUP_set_generator(group, P, order, x)) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -- goto err; -- } -- if (data->seed) -- { -- if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) -- { -- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -- goto err; -- } -- } -- ok=1; --err: -- if (!ok) -- { -- EC_GROUP_free(group); -- group = NULL; -- } -- if (P) -- EC_POINT_free(P); -- if (ctx) -- BN_CTX_free(ctx); -- if (p) -- BN_free(p); -- if (a) -- BN_free(a); -- if (b) -- BN_free(b); -- if (order) -- BN_free(order); -- if (x) -- BN_free(x); -- if (y) -- BN_free(y); -- return group; -- } -+ /* prime field curves */ -+ /* secg curves */ -+ {NID_secp112r1, &_EC_SECG_PRIME_112R1}, -+ {NID_secp112r2, &_EC_SECG_PRIME_112R2}, -+ {NID_secp128r1, &_EC_SECG_PRIME_128R1}, -+ {NID_secp128r2, &_EC_SECG_PRIME_128R2}, -+ {NID_secp160k1, &_EC_SECG_PRIME_160K1}, -+ {NID_secp160r1, &_EC_SECG_PRIME_160R1}, -+ {NID_secp160r2, &_EC_SECG_PRIME_160R2}, -+ /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ -+ {NID_secp192k1, &_EC_SECG_PRIME_192K1}, -+ {NID_secp224k1, &_EC_SECG_PRIME_224K1}, -+ {NID_secp224r1, &_EC_NIST_PRIME_224}, -+ {NID_secp256k1, &_EC_SECG_PRIME_256K1}, -+ /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ -+ {NID_secp384r1, &_EC_NIST_PRIME_384}, -+ {NID_secp521r1, &_EC_NIST_PRIME_521}, -+ /* X9.62 curves */ -+ {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, -+ {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, -+ {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, -+ {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, -+ {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2}, -+ {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, -+ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, -+ /* characteristic two field curves */ -+ /* NIST/SECG curves */ -+ {NID_sect113r1, &_EC_SECG_CHAR2_113R1}, -+ {NID_sect113r2, &_EC_SECG_CHAR2_113R2}, -+ {NID_sect131r1, &_EC_SECG_CHAR2_131R1}, -+ {NID_sect131r2, &_EC_SECG_CHAR2_131R2}, -+ {NID_sect163k1, &_EC_NIST_CHAR2_163K}, -+ {NID_sect163r1, &_EC_SECG_CHAR2_163R1}, -+ {NID_sect163r2, &_EC_NIST_CHAR2_163B}, -+ {NID_sect193r1, &_EC_SECG_CHAR2_193R1}, -+ {NID_sect193r2, &_EC_SECG_CHAR2_193R2}, -+ {NID_sect233k1, &_EC_NIST_CHAR2_233K}, -+ {NID_sect233r1, &_EC_NIST_CHAR2_233B}, -+ {NID_sect239k1, &_EC_SECG_CHAR2_239K1}, -+ {NID_sect283k1, &_EC_NIST_CHAR2_283K}, -+ {NID_sect283r1, &_EC_NIST_CHAR2_283B}, -+ {NID_sect409k1, &_EC_NIST_CHAR2_409K}, -+ {NID_sect409r1, &_EC_NIST_CHAR2_409B}, -+ {NID_sect571k1, &_EC_NIST_CHAR2_571K}, -+ {NID_sect571r1, &_EC_NIST_CHAR2_571B}, -+ /* X9.62 curves */ -+ {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, -+ {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, -+ {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3}, -+ {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1}, -+ {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1}, -+ {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2}, -+ {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3}, -+ {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1}, -+ {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1}, -+ {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2}, -+ {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3}, -+ {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1}, -+ {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1}, -+ {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, -+ {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, -+ {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, -+ /* -+ * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves -+ * from X9.62] -+ */ -+ {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, -+ {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, -+ {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, -+ {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, -+ {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, -+ {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, -+ {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, -+ {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9}, -+ {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, -+ {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, -+ {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, -+ /* IPSec curves */ -+ {NID_ipsec3, &_EC_IPSEC_155_ID3}, -+ {NID_ipsec4, &_EC_IPSEC_185_ID4}, -+}; -+ -+static size_t curve_list_length = -+ sizeof(curve_list) / sizeof(ec_list_element); -+ -+static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA * data) -+{ -+ EC_GROUP *group = NULL; -+ EC_POINT *P = NULL; -+ BN_CTX *ctx = NULL; -+ BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = -+ NULL; -+ int ok = 0; -+ -+ if ((ctx = BN_CTX_new()) == NULL) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || -+ (b = BN_new()) == NULL || (x = BN_new()) == NULL || -+ (y = BN_new()) == NULL || (order = BN_new()) == NULL) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a) -+ || !BN_hex2bn(&b, data->b)) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (data->field_type == NID_X9_62_prime_field) { -+ if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { /* field_type == -+ * NID_X9_62_characteristic_two_field */ -+ if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ -+ if ((P = EC_POINT_new(group)) == NULL) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); -+ goto err; -+ } -+ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -+ goto err; -+ } -+ if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); -+ goto err; -+ } -+ if (!EC_GROUP_set_generator(group, P, order, x)) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -+ goto err; -+ } -+ if (data->seed) { -+ if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) { -+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ ok = 1; -+ err: -+ if (!ok) { -+ EC_GROUP_free(group); -+ group = NULL; -+ } -+ if (P) -+ EC_POINT_free(P); -+ if (ctx) -+ BN_CTX_free(ctx); -+ if (p) -+ BN_free(p); -+ if (a) -+ BN_free(a); -+ if (b) -+ BN_free(b); -+ if (order) -+ BN_free(order); -+ if (x) -+ BN_free(x); -+ if (y) -+ BN_free(y); -+ return group; -+} - - EC_GROUP *EC_GROUP_new_by_curve_name(int nid) -- { -- size_t i; -- EC_GROUP *ret = NULL; -+{ -+ size_t i; -+ EC_GROUP *ret = NULL; - -- if (nid <= 0) -- return NULL; -+ if (nid <= 0) -+ return NULL; - -- for (i=0; icomment; -- } -+ for (i = 0; i < min; i++) { -+ r[i].nid = curve_list[i].nid; -+ r[i].comment = curve_list[i].data->comment; -+ } - -- return curve_list_length; -- } -+ return curve_list_length; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c -index d45640b..29b68f6 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,7 +58,7 @@ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * -- * Portions of the attached software ("Contribution") are developed by -+ * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source -@@ -72,73 +72,70 @@ - #include - #include "ec_lcl.h" - -+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ const EC_METHOD *meth; -+ EC_GROUP *ret; - --EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- const EC_METHOD *meth; -- EC_GROUP *ret; -- -- meth = EC_GFp_nist_method(); -- -- ret = EC_GROUP_new(meth); -- if (ret == NULL) -- return NULL; -- -- if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) -- { -- unsigned long err; -- -- err = ERR_peek_last_error(); -- -- if (!(ERR_GET_LIB(err) == ERR_LIB_EC && -- ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || -- (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) -- { -- /* real error */ -- -- EC_GROUP_clear_free(ret); -- return NULL; -- } -- -- -- /* not an actual error, we just cannot use EC_GFp_nist_method */ -- -- ERR_clear_error(); -- -- EC_GROUP_clear_free(ret); -- meth = EC_GFp_mont_method(); -- -- ret = EC_GROUP_new(meth); -- if (ret == NULL) -- return NULL; -- -- if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) -- { -- EC_GROUP_clear_free(ret); -- return NULL; -- } -- } -- -- return ret; -- } -- -- --EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- const EC_METHOD *meth; -- EC_GROUP *ret; -- -- meth = EC_GF2m_simple_method(); -- -- ret = EC_GROUP_new(meth); -- if (ret == NULL) -- return NULL; -- -- if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) -- { -- EC_GROUP_clear_free(ret); -- return NULL; -- } -- -- return ret; -- } -+ meth = EC_GFp_nist_method(); -+ -+ ret = EC_GROUP_new(meth); -+ if (ret == NULL) -+ return NULL; -+ -+ if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { -+ unsigned long err; -+ -+ err = ERR_peek_last_error(); -+ -+ if (!(ERR_GET_LIB(err) == ERR_LIB_EC && -+ ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || -+ (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) { -+ /* real error */ -+ -+ EC_GROUP_clear_free(ret); -+ return NULL; -+ } -+ -+ /* -+ * not an actual error, we just cannot use EC_GFp_nist_method -+ */ -+ -+ ERR_clear_error(); -+ -+ EC_GROUP_clear_free(ret); -+ meth = EC_GFp_mont_method(); -+ -+ ret = EC_GROUP_new(meth); -+ if (ret == NULL) -+ return NULL; -+ -+ if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { -+ EC_GROUP_clear_free(ret); -+ return NULL; -+ } -+ } -+ -+ return ret; -+} -+ -+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ const EC_METHOD *meth; -+ EC_GROUP *ret; -+ -+ meth = EC_GF2m_simple_method(); -+ -+ ret = EC_GROUP_new(meth); -+ if (ret == NULL) -+ return NULL; -+ -+ if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) { -+ EC_GROUP_clear_free(ret); -+ return NULL; -+ } -+ -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c -index d04c895..185116a 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_err.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,175 +66,210 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) - --static ERR_STRING_DATA EC_str_functs[]= -- { --{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, --{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, --{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, --{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, --{ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, --{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, --{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, --{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, --{ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, --{ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, --{ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, --{ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"}, --{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"}, --{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"}, --{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"}, --{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, --{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, --{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, --{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, --{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, --{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"}, --{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"}, --{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"}, --{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"}, --{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GF2m_simple_point_get_affine_coordinates"}, --{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GF2m_simple_point_set_affine_coordinates"}, --{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GF2m_simple_set_compressed_coordinates"}, --{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, --{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, --{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, --{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), "ec_GFp_mont_field_set_to_one"}, --{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, --{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), "ec_GFp_mont_group_set_curve"}, --{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), "EC_GFP_MONT_GROUP_SET_CURVE_GFP"}, --{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"}, --{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, --{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), "ec_GFp_simple_group_set_curve"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GFp_simple_point_get_affine_coordinates"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GFp_simple_point_set_affine_coordinates"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GFp_simple_set_compressed_coordinates"}, --{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"}, --{ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"}, --{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), "EC_GROUP_check_discriminant"}, --{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, --{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"}, --{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"}, --{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"}, --{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, --{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"}, --{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, --{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"}, --{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"}, --{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, --{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, --{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, --{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, --{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, --{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, --{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"}, --{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, --{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, --{ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, --{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"}, --{ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"}, --{ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, --{ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, --{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, --{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, --{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, --{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, --{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, --{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, --{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), "EC_POINT_get_affine_coordinates_GF2m"}, --{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"}, --{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"}, --{ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"}, --{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, --{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, --{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, --{ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"}, --{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, --{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, --{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, --{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), "EC_POINT_set_affine_coordinates_GF2m"}, --{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"}, --{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), "EC_POINT_set_compressed_coordinates_GF2m"}, --{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"}, --{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"}, --{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, --{ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, --{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"}, --{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, --{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, --{ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, --{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, --{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, --{ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, --{ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, --{0,NULL} -- }; -+static ERR_STRING_DATA EC_str_functs[] = { -+ {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, -+ {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, -+ {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, -+ {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, -+ {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, -+ {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, -+ {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, -+ {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, -+ {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, -+ {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, -+ {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, -+ {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"}, -+ {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"}, -+ {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"}, -+ {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"}, -+ {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, -+ {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, -+ {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, -+ {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, -+ {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), -+ "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, -+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), -+ "ec_GF2m_simple_group_check_discriminant"}, -+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), -+ "ec_GF2m_simple_group_set_curve"}, -+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"}, -+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"}, -+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), -+ "ec_GF2m_simple_point_get_affine_coordinates"}, -+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), -+ "ec_GF2m_simple_point_set_affine_coordinates"}, -+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), -+ "ec_GF2m_simple_set_compressed_coordinates"}, -+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, -+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, -+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, -+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), -+ "ec_GFp_mont_field_set_to_one"}, -+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, -+ {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), -+ "ec_GFp_mont_group_set_curve"}, -+ {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), -+ "EC_GFP_MONT_GROUP_SET_CURVE_GFP"}, -+ {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"}, -+ {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, -+ {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), -+ "ec_GFp_nist_group_set_curve"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), -+ "ec_GFp_simple_group_check_discriminant"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), -+ "ec_GFp_simple_group_set_curve"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), -+ "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), -+ "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), -+ "ec_GFp_simple_points_make_affine"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), -+ "ec_GFp_simple_point_get_affine_coordinates"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), -+ "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), -+ "ec_GFp_simple_point_set_affine_coordinates"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), -+ "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), -+ "ec_GFp_simple_set_compressed_coordinates"}, -+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), -+ "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"}, -+ {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"}, -+ {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), -+ "EC_GROUP_check_discriminant"}, -+ {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, -+ {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"}, -+ {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"}, -+ {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"}, -+ {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, -+ {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"}, -+ {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, -+ {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), -+ "EC_GROUP_get_pentanomial_basis"}, -+ {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), -+ "EC_GROUP_get_trinomial_basis"}, -+ {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, -+ {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, -+ {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, -+ {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, -+ {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, -+ {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, -+ {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"}, -+ {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, -+ {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, -+ {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, -+ {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"}, -+ {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"}, -+ {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, -+ {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, -+ {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, -+ {ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, -+ {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, -+ {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, -+ {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, -+ {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, -+ {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), -+ "EC_POINT_get_affine_coordinates_GF2m"}, -+ {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), -+ "EC_POINT_get_affine_coordinates_GFp"}, -+ {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), -+ "EC_POINT_get_Jprojective_coordinates_GFp"}, -+ {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"}, -+ {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, -+ {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, -+ {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, -+ {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"}, -+ {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, -+ {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, -+ {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, -+ {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), -+ "EC_POINT_set_affine_coordinates_GF2m"}, -+ {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), -+ "EC_POINT_set_affine_coordinates_GFp"}, -+ {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), -+ "EC_POINT_set_compressed_coordinates_GF2m"}, -+ {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), -+ "EC_POINT_set_compressed_coordinates_GFp"}, -+ {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), -+ "EC_POINT_set_Jprojective_coordinates_GFp"}, -+ {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, -+ {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, -+ {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"}, -+ {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, -+ {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, -+ {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, -+ {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, -+ {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, -+ {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, -+ {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA EC_str_reasons[]= -- { --{ERR_REASON(EC_R_ASN1_ERROR) ,"asn1 error"}, --{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD) ,"asn1 unknown field"}, --{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"}, --{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"}, --{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"}, --{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"}, --{ERR_REASON(EC_R_FIELD_TOO_LARGE) ,"field too large"}, --{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"}, --{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"}, --{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"}, --{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"}, --{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"}, --{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"}, --{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"}, --{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"}, --{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"}, --{ERR_REASON(EC_R_INVALID_GROUP_ORDER) ,"invalid group order"}, --{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"}, --{ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"}, --{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"}, --{ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"}, --{ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"}, --{ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"}, --{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"}, --{ERR_REASON(EC_R_NOT_IMPLEMENTED) ,"not implemented"}, --{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"}, --{ERR_REASON(EC_R_NO_FIELD_MOD) ,"no field mod"}, --{ERR_REASON(EC_R_PASSED_NULL_PARAMETER) ,"passed null parameter"}, --{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"}, --{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"}, --{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"}, --{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"}, --{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"}, --{ERR_REASON(EC_R_UNDEFINED_ORDER) ,"undefined order"}, --{ERR_REASON(EC_R_UNKNOWN_GROUP) ,"unknown group"}, --{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"}, --{ERR_REASON(EC_R_UNSUPPORTED_FIELD) ,"unsupported field"}, --{ERR_REASON(EC_R_WRONG_ORDER) ,"wrong order"}, --{0,NULL} -- }; -+static ERR_STRING_DATA EC_str_reasons[] = { -+ {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"}, -+ {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"}, -+ {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"}, -+ {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE), -+ "d2i ecpkparameters failure"}, -+ {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"}, -+ {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), -+ "ec group new by name failure"}, -+ {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"}, -+ {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE), -+ "group2pkparameters failure"}, -+ {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE), -+ "i2d ecpkparameters failure"}, -+ {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"}, -+ {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"}, -+ {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"}, -+ {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"}, -+ {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"}, -+ {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"}, -+ {ERR_REASON(EC_R_INVALID_FORM), "invalid form"}, -+ {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"}, -+ {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"}, -+ {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, -+ {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"}, -+ {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"}, -+ {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"}, -+ {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"}, -+ {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME), -+ "not a supported NIST prime"}, -+ {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"}, -+ {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"}, -+ {ERR_REASON(EC_R_NO_FIELD_MOD), "no field mod"}, -+ {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"}, -+ {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE), -+ "pkparameters2group failure"}, -+ {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"}, -+ {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"}, -+ {ERR_REASON(EC_R_SLOT_FULL), "slot full"}, -+ {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"}, -+ {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"}, -+ {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"}, -+ {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"}, -+ {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"}, -+ {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_EC_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(EC_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,EC_str_functs); -- ERR_load_strings(0,EC_str_reasons); -- } -+ if (ERR_func_error_string(EC_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, EC_str_functs); -+ ERR_load_strings(0, EC_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c -index 6c933d2..7e48015 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,416 +57,404 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * Portions originally developed by SUN MICROSYSTEMS, INC., and -+ * Portions originally developed by SUN MICROSYSTEMS, INC., and - * contributed to the OpenSSL project. - */ - - #include - #include "ec_lcl.h" - #include --#include - - EC_KEY *EC_KEY_new(void) -- { -- EC_KEY *ret; -- -- ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); -- if (ret == NULL) -- { -- ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- -- ret->version = 1; -- ret->group = NULL; -- ret->pub_key = NULL; -- ret->priv_key= NULL; -- ret->enc_flag= 0; -- ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; -- ret->references= 1; -- ret->method_data = NULL; -- return(ret); -- } -+{ -+ EC_KEY *ret; -+ -+ ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); -+ if (ret == NULL) { -+ ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ -+ ret->version = 1; -+ ret->group = NULL; -+ ret->pub_key = NULL; -+ ret->priv_key = NULL; -+ ret->enc_flag = 0; -+ ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; -+ ret->references = 1; -+ ret->method_data = NULL; -+ return (ret); -+} - - EC_KEY *EC_KEY_new_by_curve_name(int nid) -- { -- EC_KEY *ret = EC_KEY_new(); -- if (ret == NULL) -- return NULL; -- ret->group = EC_GROUP_new_by_curve_name(nid); -- if (ret->group == NULL) -- { -- EC_KEY_free(ret); -- return NULL; -- } -- return ret; -- } -+{ -+ EC_KEY *ret = EC_KEY_new(); -+ if (ret == NULL) -+ return NULL; -+ ret->group = EC_GROUP_new_by_curve_name(nid); -+ if (ret->group == NULL) { -+ EC_KEY_free(ret); -+ return NULL; -+ } -+ return ret; -+} - - void EC_KEY_free(EC_KEY *r) -- { -- int i; -+{ -+ int i; - -- if (r == NULL) return; -+ if (r == NULL) -+ return; - -- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC); -+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); - #ifdef REF_PRINT -- REF_PRINT("EC_KEY",r); -+ REF_PRINT("EC_KEY", r); - #endif -- if (i > 0) return; -+ if (i > 0) -+ return; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"EC_KEY_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "EC_KEY_free, bad reference count\n"); -+ abort(); -+ } - #endif - -- if (r->group != NULL) -- EC_GROUP_free(r->group); -- if (r->pub_key != NULL) -- EC_POINT_free(r->pub_key); -- if (r->priv_key != NULL) -- BN_clear_free(r->priv_key); -+ if (r->group != NULL) -+ EC_GROUP_free(r->group); -+ if (r->pub_key != NULL) -+ EC_POINT_free(r->pub_key); -+ if (r->priv_key != NULL) -+ BN_clear_free(r->priv_key); - -- EC_EX_DATA_free_all_data(&r->method_data); -+ EC_EX_DATA_free_all_data(&r->method_data); - -- OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); -+ OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); - -- OPENSSL_free(r); -- } -+ OPENSSL_free(r); -+} - - EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) -- { -- EC_EXTRA_DATA *d; -- -- if (dest == NULL || src == NULL) -- { -- ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- /* copy the parameters */ -- if (src->group) -- { -- const EC_METHOD *meth = EC_GROUP_method_of(src->group); -- /* clear the old group */ -- if (dest->group) -- EC_GROUP_free(dest->group); -- dest->group = EC_GROUP_new(meth); -- if (dest->group == NULL) -- return NULL; -- if (!EC_GROUP_copy(dest->group, src->group)) -- return NULL; -- } -- /* copy the public key */ -- if (src->pub_key && src->group) -- { -- if (dest->pub_key) -- EC_POINT_free(dest->pub_key); -- dest->pub_key = EC_POINT_new(src->group); -- if (dest->pub_key == NULL) -- return NULL; -- if (!EC_POINT_copy(dest->pub_key, src->pub_key)) -- return NULL; -- } -- /* copy the private key */ -- if (src->priv_key) -- { -- if (dest->priv_key == NULL) -- { -- dest->priv_key = BN_new(); -- if (dest->priv_key == NULL) -- return NULL; -- } -- if (!BN_copy(dest->priv_key, src->priv_key)) -- return NULL; -- } -- /* copy method/extra data */ -- EC_EX_DATA_free_all_data(&dest->method_data); -- -- for (d = src->method_data; d != NULL; d = d->next) -- { -- void *t = d->dup_func(d->data); -- -- if (t == NULL) -- return 0; -- if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func)) -- return 0; -- } -- -- /* copy the rest */ -- dest->enc_flag = src->enc_flag; -- dest->conv_form = src->conv_form; -- dest->version = src->version; -- -- return dest; -- } -+{ -+ EC_EXTRA_DATA *d; -+ -+ if (dest == NULL || src == NULL) { -+ ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ /* copy the parameters */ -+ if (src->group) { -+ const EC_METHOD *meth = EC_GROUP_method_of(src->group); -+ /* clear the old group */ -+ if (dest->group) -+ EC_GROUP_free(dest->group); -+ dest->group = EC_GROUP_new(meth); -+ if (dest->group == NULL) -+ return NULL; -+ if (!EC_GROUP_copy(dest->group, src->group)) -+ return NULL; -+ } -+ /* copy the public key */ -+ if (src->pub_key && src->group) { -+ if (dest->pub_key) -+ EC_POINT_free(dest->pub_key); -+ dest->pub_key = EC_POINT_new(src->group); -+ if (dest->pub_key == NULL) -+ return NULL; -+ if (!EC_POINT_copy(dest->pub_key, src->pub_key)) -+ return NULL; -+ } -+ /* copy the private key */ -+ if (src->priv_key) { -+ if (dest->priv_key == NULL) { -+ dest->priv_key = BN_new(); -+ if (dest->priv_key == NULL) -+ return NULL; -+ } -+ if (!BN_copy(dest->priv_key, src->priv_key)) -+ return NULL; -+ } -+ /* copy method/extra data */ -+ EC_EX_DATA_free_all_data(&dest->method_data); -+ -+ for (d = src->method_data; d != NULL; d = d->next) { -+ void *t = d->dup_func(d->data); -+ -+ if (t == NULL) -+ return 0; -+ if (!EC_EX_DATA_set_data -+ (&dest->method_data, t, d->dup_func, d->free_func, -+ d->clear_free_func)) -+ return 0; -+ } -+ -+ /* copy the rest */ -+ dest->enc_flag = src->enc_flag; -+ dest->conv_form = src->conv_form; -+ dest->version = src->version; -+ -+ return dest; -+} - - EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) -- { -- EC_KEY *ret = EC_KEY_new(); -- if (ret == NULL) -- return NULL; -- if (EC_KEY_copy(ret, ec_key) == NULL) -- { -- EC_KEY_free(ret); -- return NULL; -- } -- return ret; -- } -+{ -+ EC_KEY *ret = EC_KEY_new(); -+ if (ret == NULL) -+ return NULL; -+ if (EC_KEY_copy(ret, ec_key) == NULL) { -+ EC_KEY_free(ret); -+ return NULL; -+ } -+ return ret; -+} - - int EC_KEY_up_ref(EC_KEY *r) -- { -- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); -+{ -+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); - #ifdef REF_PRINT -- REF_PRINT("EC_KEY",r); -+ REF_PRINT("EC_KEY", r); - #endif - #ifdef REF_CHECK -- if (i < 2) -- { -- fprintf(stderr, "EC_KEY_up, bad reference count\n"); -- abort(); -- } -+ if (i < 2) { -+ fprintf(stderr, "EC_KEY_up, bad reference count\n"); -+ abort(); -+ } - #endif -- return ((i > 1) ? 1 : 0); -- } -+ return ((i > 1) ? 1 : 0); -+} - - int EC_KEY_generate_key(EC_KEY *eckey) -- { -- int ok = 0; -- BN_CTX *ctx = NULL; -- BIGNUM *priv_key = NULL, *order = NULL; -- EC_POINT *pub_key = NULL; -- -- if (!eckey || !eckey->group) -- { -- ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- -- if ((order = BN_new()) == NULL) goto err; -- if ((ctx = BN_CTX_new()) == NULL) goto err; -- -- if (eckey->priv_key == NULL) -- { -- priv_key = BN_new(); -- if (priv_key == NULL) -- goto err; -- } -- else -- priv_key = eckey->priv_key; -- -- if (!EC_GROUP_get_order(eckey->group, order, ctx)) -- goto err; -- -- do -- if (!BN_rand_range(priv_key, order)) -- goto err; -- while (BN_is_zero(priv_key)); -- -- if (eckey->pub_key == NULL) -- { -- pub_key = EC_POINT_new(eckey->group); -- if (pub_key == NULL) -- goto err; -- } -- else -- pub_key = eckey->pub_key; -- -- if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) -- goto err; -- -- eckey->priv_key = priv_key; -- eckey->pub_key = pub_key; -- -- ok=1; -- --err: -- if (order) -- BN_free(order); -- if (pub_key != NULL && eckey->pub_key == NULL) -- EC_POINT_free(pub_key); -- if (priv_key != NULL && eckey->priv_key == NULL) -- BN_free(priv_key); -- if (ctx != NULL) -- BN_CTX_free(ctx); -- return(ok); -- } -+{ -+ int ok = 0; -+ BN_CTX *ctx = NULL; -+ BIGNUM *priv_key = NULL, *order = NULL; -+ EC_POINT *pub_key = NULL; -+ -+ if (!eckey || !eckey->group) { -+ ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ -+ if ((order = BN_new()) == NULL) -+ goto err; -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ -+ if (eckey->priv_key == NULL) { -+ priv_key = BN_new(); -+ if (priv_key == NULL) -+ goto err; -+ } else -+ priv_key = eckey->priv_key; -+ -+ if (!EC_GROUP_get_order(eckey->group, order, ctx)) -+ goto err; -+ -+ do -+ if (!BN_rand_range(priv_key, order)) -+ goto err; -+ while (BN_is_zero(priv_key)) ; -+ -+ if (eckey->pub_key == NULL) { -+ pub_key = EC_POINT_new(eckey->group); -+ if (pub_key == NULL) -+ goto err; -+ } else -+ pub_key = eckey->pub_key; -+ -+ if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) -+ goto err; -+ -+ eckey->priv_key = priv_key; -+ eckey->pub_key = pub_key; -+ -+ ok = 1; -+ -+ err: -+ if (order) -+ BN_free(order); -+ if (pub_key != NULL && eckey->pub_key == NULL) -+ EC_POINT_free(pub_key); -+ if (priv_key != NULL && eckey->priv_key == NULL) -+ BN_free(priv_key); -+ if (ctx != NULL) -+ BN_CTX_free(ctx); -+ return (ok); -+} - - int EC_KEY_check_key(const EC_KEY *eckey) -- { -- int ok = 0; -- BN_CTX *ctx = NULL; -- const BIGNUM *order = NULL; -- EC_POINT *point = NULL; -- -- if (!eckey || !eckey->group || !eckey->pub_key) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- -- if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); -- goto err; -- } -- -- if ((ctx = BN_CTX_new()) == NULL) -- goto err; -- if ((point = EC_POINT_new(eckey->group)) == NULL) -- goto err; -- -- /* testing whether the pub_key is on the elliptic curve */ -- if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); -- goto err; -- } -- /* testing whether pub_key * order is the point at infinity */ -- order = &eckey->group->order; -- if (BN_is_zero(order)) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); -- goto err; -- } -- if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); -- goto err; -- } -- if (!EC_POINT_is_at_infinity(eckey->group, point)) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); -- goto err; -- } -- /* in case the priv_key is present : -- * check if generator * priv_key == pub_key -- */ -- if (eckey->priv_key) -- { -- if (BN_cmp(eckey->priv_key, order) >= 0) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); -- goto err; -- } -- if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, -- NULL, NULL, ctx)) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); -- goto err; -- } -- if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, -- ctx) != 0) -- { -- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); -- goto err; -- } -- } -- ok = 1; --err: -- if (ctx != NULL) -- BN_CTX_free(ctx); -- if (point != NULL) -- EC_POINT_free(point); -- return(ok); -- } -+{ -+ int ok = 0; -+ BN_CTX *ctx = NULL; -+ const BIGNUM *order = NULL; -+ EC_POINT *point = NULL; -+ -+ if (!eckey || !eckey->group || !eckey->pub_key) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ -+ if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); -+ goto err; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ if ((point = EC_POINT_new(eckey->group)) == NULL) -+ goto err; -+ -+ /* testing whether the pub_key is on the elliptic curve */ -+ if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); -+ goto err; -+ } -+ /* testing whether pub_key * order is the point at infinity */ -+ order = &eckey->group->order; -+ if (BN_is_zero(order)) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); -+ goto err; -+ } -+ if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ if (!EC_POINT_is_at_infinity(eckey->group, point)) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); -+ goto err; -+ } -+ /* -+ * in case the priv_key is present : check if generator * priv_key == -+ * pub_key -+ */ -+ if (eckey->priv_key) { -+ if (BN_cmp(eckey->priv_key, order) >= 0) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); -+ goto err; -+ } -+ if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, -+ NULL, NULL, ctx)) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) { -+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); -+ goto err; -+ } -+ } -+ ok = 1; -+ err: -+ if (ctx != NULL) -+ BN_CTX_free(ctx); -+ if (point != NULL) -+ EC_POINT_free(point); -+ return (ok); -+} - - const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) -- { -- return key->group; -- } -+{ -+ return key->group; -+} - - int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) -- { -- if (key->group != NULL) -- EC_GROUP_free(key->group); -- key->group = EC_GROUP_dup(group); -- return (key->group == NULL) ? 0 : 1; -- } -+{ -+ if (key->group != NULL) -+ EC_GROUP_free(key->group); -+ key->group = EC_GROUP_dup(group); -+ return (key->group == NULL) ? 0 : 1; -+} - - const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) -- { -- return key->priv_key; -- } -+{ -+ return key->priv_key; -+} - - int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) -- { -- if (key->priv_key) -- BN_clear_free(key->priv_key); -- key->priv_key = BN_dup(priv_key); -- return (key->priv_key == NULL) ? 0 : 1; -- } -+{ -+ if (key->priv_key) -+ BN_clear_free(key->priv_key); -+ key->priv_key = BN_dup(priv_key); -+ return (key->priv_key == NULL) ? 0 : 1; -+} - - const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) -- { -- return key->pub_key; -- } -+{ -+ return key->pub_key; -+} - - int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) -- { -- if (key->pub_key != NULL) -- EC_POINT_free(key->pub_key); -- key->pub_key = EC_POINT_dup(pub_key, key->group); -- return (key->pub_key == NULL) ? 0 : 1; -- } -+{ -+ if (key->pub_key != NULL) -+ EC_POINT_free(key->pub_key); -+ key->pub_key = EC_POINT_dup(pub_key, key->group); -+ return (key->pub_key == NULL) ? 0 : 1; -+} - - unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) -- { -- return key->enc_flag; -- } -+{ -+ return key->enc_flag; -+} - - void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) -- { -- key->enc_flag = flags; -- } -+{ -+ key->enc_flag = flags; -+} - - point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) -- { -- return key->conv_form; -- } -+{ -+ return key->conv_form; -+} - - void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) -- { -- key->conv_form = cform; -- if (key->group != NULL) -- EC_GROUP_set_point_conversion_form(key->group, cform); -- } -+{ -+ key->conv_form = cform; -+ if (key->group != NULL) -+ EC_GROUP_set_point_conversion_form(key->group, cform); -+} - - void *EC_KEY_get_key_method_data(EC_KEY *key, -- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) -- { -- void *ret; -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)) -+{ -+ void *ret; - -- CRYPTO_r_lock(CRYPTO_LOCK_EC); -- ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); -- CRYPTO_r_unlock(CRYPTO_LOCK_EC); -+ CRYPTO_r_lock(CRYPTO_LOCK_EC); -+ ret = -+ EC_EX_DATA_get_data(key->method_data, dup_func, free_func, -+ clear_free_func); -+ CRYPTO_r_unlock(CRYPTO_LOCK_EC); - -- return ret; -- } -+ return ret; -+} - - void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, -- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) -- { -- EC_EXTRA_DATA *ex_data; -- -- CRYPTO_w_lock(CRYPTO_LOCK_EC); -- ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); -- if (ex_data == NULL) -- EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); -- CRYPTO_w_unlock(CRYPTO_LOCK_EC); -- -- return ex_data; -- } -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)) -+{ -+ EC_EXTRA_DATA *ex_data; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_EC); -+ ex_data = -+ EC_EX_DATA_get_data(key->method_data, dup_func, free_func, -+ clear_free_func); -+ if (ex_data == NULL) -+ EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, -+ clear_free_func); -+ CRYPTO_w_unlock(CRYPTO_LOCK_EC); -+ -+ return ex_data; -+} - - void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) -- { -- if (key->group != NULL) -- EC_GROUP_set_asn1_flag(key->group, flag); -- } -+{ -+ if (key->group != NULL) -+ EC_GROUP_set_asn1_flag(key->group, flag); -+} - - int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) -- { -- if (key->group == NULL) -- return 0; -- return EC_GROUP_precompute_mult(key->group, ctx); -- } -+{ -+ if (key->group == NULL) -+ return 0; -+ return EC_GROUP_precompute_mult(key->group, ctx); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -index e7d11ff..8d8b807 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,7 +57,7 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * Binary polynomial ECC support in OpenSSL originally developed by -+ * Binary polynomial ECC support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -@@ -70,1095 +70,1042 @@ - - static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; - -- - /* functions for EC_GROUP objects */ - - EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) -- { -- EC_GROUP *ret; -- -- if (meth == NULL) -- { -- ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- if (meth->group_init == 0) -- { -- ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return NULL; -- } -- -- ret = OPENSSL_malloc(sizeof *ret); -- if (ret == NULL) -- { -- ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- ret->meth = meth; -- -- ret->extra_data = NULL; -- -- ret->generator = NULL; -- BN_init(&ret->order); -- BN_init(&ret->cofactor); -- -- ret->curve_name = 0; -- ret->asn1_flag = 0; -- ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; -- -- ret->seed = NULL; -- ret->seed_len = 0; -- -- if (!meth->group_init(ret)) -- { -- OPENSSL_free(ret); -- return NULL; -- } -- -- return ret; -- } -- -+{ -+ EC_GROUP *ret; - --void EC_GROUP_free(EC_GROUP *group) -- { -- if (!group) return; -+ if (meth == NULL) { -+ ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ if (meth->group_init == 0) { -+ ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return NULL; -+ } - -- if (group->meth->group_finish != 0) -- group->meth->group_finish(group); -+ ret = OPENSSL_malloc(sizeof *ret); -+ if (ret == NULL) { -+ ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } - -- EC_EX_DATA_free_all_data(&group->extra_data); -+ ret->meth = meth; - -- if (group->generator != NULL) -- EC_POINT_free(group->generator); -- BN_free(&group->order); -- BN_free(&group->cofactor); -+ ret->extra_data = NULL; - -- if (group->seed) -- OPENSSL_free(group->seed); -+ ret->generator = NULL; -+ BN_init(&ret->order); -+ BN_init(&ret->cofactor); - -- OPENSSL_free(group); -- } -- -- --void EC_GROUP_clear_free(EC_GROUP *group) -- { -- if (!group) return; -+ ret->curve_name = 0; -+ ret->asn1_flag = 0; -+ ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; - -- if (group->meth->group_clear_finish != 0) -- group->meth->group_clear_finish(group); -- else if (group->meth->group_finish != 0) -- group->meth->group_finish(group); -+ ret->seed = NULL; -+ ret->seed_len = 0; - -- EC_EX_DATA_clear_free_all_data(&group->extra_data); -+ if (!meth->group_init(ret)) { -+ OPENSSL_free(ret); -+ return NULL; -+ } - -- if (group->generator != NULL) -- EC_POINT_clear_free(group->generator); -- BN_clear_free(&group->order); -- BN_clear_free(&group->cofactor); -+ return ret; -+} - -- if (group->seed) -- { -- OPENSSL_cleanse(group->seed, group->seed_len); -- OPENSSL_free(group->seed); -- } -- -- OPENSSL_cleanse(group, sizeof *group); -- OPENSSL_free(group); -- } -+void EC_GROUP_free(EC_GROUP *group) -+{ -+ if (!group) -+ return; - -+ if (group->meth->group_finish != 0) -+ group->meth->group_finish(group); - --int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) -- { -- EC_EXTRA_DATA *d; -- -- if (dest->meth->group_copy == 0) -- { -- ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (dest->meth != src->meth) -- { -- ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- if (dest == src) -- return 1; -- -- EC_EX_DATA_free_all_data(&dest->extra_data); -- -- for (d = src->extra_data; d != NULL; d = d->next) -- { -- void *t = d->dup_func(d->data); -- -- if (t == NULL) -- return 0; -- if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func)) -- return 0; -- } -- -- if (src->generator != NULL) -- { -- if (dest->generator == NULL) -- { -- dest->generator = EC_POINT_new(dest); -- if (dest->generator == NULL) return 0; -- } -- if (!EC_POINT_copy(dest->generator, src->generator)) return 0; -- } -- else -- { -- /* src->generator == NULL */ -- if (dest->generator != NULL) -- { -- EC_POINT_clear_free(dest->generator); -- dest->generator = NULL; -- } -- } -- -- if (!BN_copy(&dest->order, &src->order)) return 0; -- if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; -- -- dest->curve_name = src->curve_name; -- dest->asn1_flag = src->asn1_flag; -- dest->asn1_form = src->asn1_form; -- -- if (src->seed) -- { -- if (dest->seed) -- OPENSSL_free(dest->seed); -- dest->seed = OPENSSL_malloc(src->seed_len); -- if (dest->seed == NULL) -- return 0; -- if (!memcpy(dest->seed, src->seed, src->seed_len)) -- return 0; -- dest->seed_len = src->seed_len; -- } -- else -- { -- if (dest->seed) -- OPENSSL_free(dest->seed); -- dest->seed = NULL; -- dest->seed_len = 0; -- } -- -- -- return dest->meth->group_copy(dest, src); -- } -+ EC_EX_DATA_free_all_data(&group->extra_data); - -+ if (group->generator != NULL) -+ EC_POINT_free(group->generator); -+ BN_free(&group->order); -+ BN_free(&group->cofactor); - --EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) -- { -- EC_GROUP *t = NULL; -- int ok = 0; -+ if (group->seed) -+ OPENSSL_free(group->seed); - -- if (a == NULL) return NULL; -+ OPENSSL_free(group); -+} - -- if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL); -- if (!EC_GROUP_copy(t, a)) goto err; -+void EC_GROUP_clear_free(EC_GROUP *group) -+{ -+ if (!group) -+ return; - -- ok = 1; -+ if (group->meth->group_clear_finish != 0) -+ group->meth->group_clear_finish(group); -+ else if (group->meth->group_finish != 0) -+ group->meth->group_finish(group); - -- err: -- if (!ok) -- { -- if (t) EC_GROUP_free(t); -- return NULL; -- } -- else return t; -- } -+ EC_EX_DATA_clear_free_all_data(&group->extra_data); - -+ if (group->generator != NULL) -+ EC_POINT_clear_free(group->generator); -+ BN_clear_free(&group->order); -+ BN_clear_free(&group->cofactor); - --const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) -- { -- return group->meth; -- } -+ if (group->seed) { -+ OPENSSL_cleanse(group->seed, group->seed_len); -+ OPENSSL_free(group->seed); -+ } - -+ OPENSSL_cleanse(group, sizeof *group); -+ OPENSSL_free(group); -+} - --int EC_METHOD_get_field_type(const EC_METHOD *meth) -- { -- return meth->field_type; -+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) -+{ -+ EC_EXTRA_DATA *d; -+ -+ if (dest->meth->group_copy == 0) { -+ ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (dest->meth != src->meth) { -+ ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ if (dest == src) -+ return 1; -+ -+ EC_EX_DATA_free_all_data(&dest->extra_data); -+ -+ for (d = src->extra_data; d != NULL; d = d->next) { -+ void *t = d->dup_func(d->data); -+ -+ if (t == NULL) -+ return 0; -+ if (!EC_EX_DATA_set_data -+ (&dest->extra_data, t, d->dup_func, d->free_func, -+ d->clear_free_func)) -+ return 0; -+ } -+ -+ if (src->generator != NULL) { -+ if (dest->generator == NULL) { -+ dest->generator = EC_POINT_new(dest); -+ if (dest->generator == NULL) -+ return 0; -+ } -+ if (!EC_POINT_copy(dest->generator, src->generator)) -+ return 0; -+ } else { -+ /* src->generator == NULL */ -+ if (dest->generator != NULL) { -+ EC_POINT_clear_free(dest->generator); -+ dest->generator = NULL; - } -+ } -+ -+ if (!BN_copy(&dest->order, &src->order)) -+ return 0; -+ if (!BN_copy(&dest->cofactor, &src->cofactor)) -+ return 0; -+ -+ dest->curve_name = src->curve_name; -+ dest->asn1_flag = src->asn1_flag; -+ dest->asn1_form = src->asn1_form; -+ -+ if (src->seed) { -+ if (dest->seed) -+ OPENSSL_free(dest->seed); -+ dest->seed = OPENSSL_malloc(src->seed_len); -+ if (dest->seed == NULL) -+ return 0; -+ if (!memcpy(dest->seed, src->seed, src->seed_len)) -+ return 0; -+ dest->seed_len = src->seed_len; -+ } else { -+ if (dest->seed) -+ OPENSSL_free(dest->seed); -+ dest->seed = NULL; -+ dest->seed_len = 0; -+ } -+ -+ return dest->meth->group_copy(dest, src); -+} - -+EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) -+{ -+ EC_GROUP *t = NULL; -+ int ok = 0; - --int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) -- { -- if (generator == NULL) -- { -- ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); -- return 0 ; -- } -+ if (a == NULL) -+ return NULL; - -- if (group->generator == NULL) -- { -- group->generator = EC_POINT_new(group); -- if (group->generator == NULL) return 0; -- } -- if (!EC_POINT_copy(group->generator, generator)) return 0; -+ if ((t = EC_GROUP_new(a->meth)) == NULL) -+ return (NULL); -+ if (!EC_GROUP_copy(t, a)) -+ goto err; - -- if (order != NULL) -- { if (!BN_copy(&group->order, order)) return 0; } -- else -- BN_zero(&group->order); -+ ok = 1; - -- if (cofactor != NULL) -- { if (!BN_copy(&group->cofactor, cofactor)) return 0; } -- else -- BN_zero(&group->cofactor); -+ err: -+ if (!ok) { -+ if (t) -+ EC_GROUP_free(t); -+ return NULL; -+ } else -+ return t; -+} - -- return 1; -- } -+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) -+{ -+ return group->meth; -+} - -+int EC_METHOD_get_field_type(const EC_METHOD *meth) -+{ -+ return meth->field_type; -+} -+ -+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, -+ const BIGNUM *order, const BIGNUM *cofactor) -+{ -+ if (generator == NULL) { -+ ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ -+ if (group->generator == NULL) { -+ group->generator = EC_POINT_new(group); -+ if (group->generator == NULL) -+ return 0; -+ } -+ if (!EC_POINT_copy(group->generator, generator)) -+ return 0; -+ -+ if (order != NULL) { -+ if (!BN_copy(&group->order, order)) -+ return 0; -+ } else -+ BN_zero(&group->order); -+ -+ if (cofactor != NULL) { -+ if (!BN_copy(&group->cofactor, cofactor)) -+ return 0; -+ } else -+ BN_zero(&group->cofactor); -+ -+ return 1; -+} - - const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) -- { -- return group->generator; -- } -- -+{ -+ return group->generator; -+} - - int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) -- { -- if (!BN_copy(order, &group->order)) -- return 0; -+{ -+ if (!BN_copy(order, &group->order)) -+ return 0; - -- return !BN_is_zero(order); -- } -+ return !BN_is_zero(order); -+} - -+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, -+ BN_CTX *ctx) -+{ -+ if (!BN_copy(cofactor, &group->cofactor)) -+ return 0; - --int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) -- { -- if (!BN_copy(cofactor, &group->cofactor)) -- return 0; -- -- return !BN_is_zero(&group->cofactor); -- } -- -+ return !BN_is_zero(&group->cofactor); -+} - - void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) -- { -- group->curve_name = nid; -- } -- -+{ -+ group->curve_name = nid; -+} - - int EC_GROUP_get_curve_name(const EC_GROUP *group) -- { -- return group->curve_name; -- } -- -+{ -+ return group->curve_name; -+} - - void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) -- { -- group->asn1_flag = flag; -- } -- -+{ -+ group->asn1_flag = flag; -+} - - int EC_GROUP_get_asn1_flag(const EC_GROUP *group) -- { -- return group->asn1_flag; -- } -+{ -+ return group->asn1_flag; -+} - -- --void EC_GROUP_set_point_conversion_form(EC_GROUP *group, -+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, - point_conversion_form_t form) -- { -- group->asn1_form = form; -- } -- -- --point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group) -- { -- return group->asn1_form; -- } -+{ -+ group->asn1_form = form; -+} - -+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP -+ *group) -+{ -+ return group->asn1_form; -+} - - size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) -- { -- if (group->seed) -- { -- OPENSSL_free(group->seed); -- group->seed = NULL; -- group->seed_len = 0; -- } -- -- if (!len || !p) -- return 1; -+{ -+ if (group->seed) { -+ OPENSSL_free(group->seed); -+ group->seed = NULL; -+ group->seed_len = 0; -+ } - -- if ((group->seed = OPENSSL_malloc(len)) == NULL) -- return 0; -- memcpy(group->seed, p, len); -- group->seed_len = len; -+ if (!len || !p) -+ return 1; - -- return len; -- } -+ if ((group->seed = OPENSSL_malloc(len)) == NULL) -+ return 0; -+ memcpy(group->seed, p, len); -+ group->seed_len = len; - -+ return len; -+} - - unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) -- { -- return group->seed; -- } -- -+{ -+ return group->seed; -+} - - size_t EC_GROUP_get_seed_len(const EC_GROUP *group) -- { -- return group->seed_len; -- } -- -- --int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- if (group->meth->group_set_curve == 0) -- { -- ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- return group->meth->group_set_curve(group, p, a, b, ctx); -- } -- -- --int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -- { -- if (group->meth->group_get_curve == 0) -- { -- ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- return group->meth->group_get_curve(group, p, a, b, ctx); -- } -- -- --int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- if (group->meth->group_set_curve == 0) -- { -- ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- return group->meth->group_set_curve(group, p, a, b, ctx); -- } -- -- --int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -- { -- if (group->meth->group_get_curve == 0) -- { -- ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- return group->meth->group_get_curve(group, p, a, b, ctx); -- } -- -+{ -+ return group->seed_len; -+} -+ -+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ if (group->meth->group_set_curve == 0) { -+ ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ return group->meth->group_set_curve(group, p, a, b, ctx); -+} -+ -+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, -+ BIGNUM *b, BN_CTX *ctx) -+{ -+ if (group->meth->group_get_curve == 0) { -+ ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ return group->meth->group_get_curve(group, p, a, b, ctx); -+} -+ -+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ if (group->meth->group_set_curve == 0) { -+ ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ return group->meth->group_set_curve(group, p, a, b, ctx); -+} -+ -+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, -+ BIGNUM *b, BN_CTX *ctx) -+{ -+ if (group->meth->group_get_curve == 0) { -+ ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ return group->meth->group_get_curve(group, p, a, b, ctx); -+} - - int EC_GROUP_get_degree(const EC_GROUP *group) -- { -- if (group->meth->group_get_degree == 0) -- { -- ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- return group->meth->group_get_degree(group); -- } -- -+{ -+ if (group->meth->group_get_degree == 0) { -+ ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ return group->meth->group_get_degree(group); -+} - - int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) -- { -- if (group->meth->group_check_discriminant == 0) -- { -- ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- return group->meth->group_check_discriminant(group, ctx); -- } -- -+{ -+ if (group->meth->group_check_discriminant == 0) { -+ ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ return group->meth->group_check_discriminant(group, ctx); -+} - - int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) -- { -- int r = 0; -- BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; -- BN_CTX *ctx_new = NULL; -- -- /* compare the field types*/ -- if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != -- EC_METHOD_get_field_type(EC_GROUP_method_of(b))) -- return 1; -- /* compare the curve name (if present in both) */ -- if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && -- EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) -- return 1; -- -- if (!ctx) -- ctx_new = ctx = BN_CTX_new(); -- if (!ctx) -- return -1; -- -- BN_CTX_start(ctx); -- a1 = BN_CTX_get(ctx); -- a2 = BN_CTX_get(ctx); -- a3 = BN_CTX_get(ctx); -- b1 = BN_CTX_get(ctx); -- b2 = BN_CTX_get(ctx); -- b3 = BN_CTX_get(ctx); -- if (!b3) -- { -- BN_CTX_end(ctx); -- if (ctx_new) -- BN_CTX_free(ctx); -- return -1; -- } -- -- /* XXX This approach assumes that the external representation -- * of curves over the same field type is the same. -- */ -- if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || -- !b->meth->group_get_curve(b, b1, b2, b3, ctx)) -- r = 1; -- -- if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) -- r = 1; -- -- /* XXX EC_POINT_cmp() assumes that the methods are equal */ -- if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), -- EC_GROUP_get0_generator(b), ctx)) -- r = 1; -- -- if (!r) -- { -- /* compare the order and cofactor */ -- if (!EC_GROUP_get_order(a, a1, ctx) || -- !EC_GROUP_get_order(b, b1, ctx) || -- !EC_GROUP_get_cofactor(a, a2, ctx) || -- !EC_GROUP_get_cofactor(b, b2, ctx)) -- { -- BN_CTX_end(ctx); -- if (ctx_new) -- BN_CTX_free(ctx); -- return -1; -- } -- if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) -- r = 1; -- } -- -- BN_CTX_end(ctx); -- if (ctx_new) -- BN_CTX_free(ctx); -- -- return r; -- } -+{ -+ int r = 0; -+ BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; -+ BN_CTX *ctx_new = NULL; -+ -+ /* compare the field types */ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != -+ EC_METHOD_get_field_type(EC_GROUP_method_of(b))) -+ return 1; -+ /* compare the curve name (if present in both) */ -+ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && -+ EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) -+ return 1; -+ -+ if (!ctx) -+ ctx_new = ctx = BN_CTX_new(); -+ if (!ctx) -+ return -1; -+ -+ BN_CTX_start(ctx); -+ a1 = BN_CTX_get(ctx); -+ a2 = BN_CTX_get(ctx); -+ a3 = BN_CTX_get(ctx); -+ b1 = BN_CTX_get(ctx); -+ b2 = BN_CTX_get(ctx); -+ b3 = BN_CTX_get(ctx); -+ if (!b3) { -+ BN_CTX_end(ctx); -+ if (ctx_new) -+ BN_CTX_free(ctx); -+ return -1; -+ } -+ -+ /* -+ * XXX This approach assumes that the external representation of curves -+ * over the same field type is the same. -+ */ -+ if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || -+ !b->meth->group_get_curve(b, b1, b2, b3, ctx)) -+ r = 1; -+ -+ if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) -+ r = 1; -+ -+ /* XXX EC_POINT_cmp() assumes that the methods are equal */ -+ if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), -+ EC_GROUP_get0_generator(b), ctx)) -+ r = 1; -+ -+ if (!r) { -+ /* compare the order and cofactor */ -+ if (!EC_GROUP_get_order(a, a1, ctx) || -+ !EC_GROUP_get_order(b, b1, ctx) || -+ !EC_GROUP_get_cofactor(a, a2, ctx) || -+ !EC_GROUP_get_cofactor(b, b2, ctx)) { -+ BN_CTX_end(ctx); -+ if (ctx_new) -+ BN_CTX_free(ctx); -+ return -1; -+ } -+ if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) -+ r = 1; -+ } - -+ BN_CTX_end(ctx); -+ if (ctx_new) -+ BN_CTX_free(ctx); -+ -+ return r; -+} - - /* this has 'package' visibility */ - int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, -- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) -- { -- EC_EXTRA_DATA *d; -- -- if (ex_data == NULL) -- return 0; -- -- for (d = *ex_data; d != NULL; d = d->next) -- { -- if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) -- { -- ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); -- return 0; -- } -- } -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)) -+{ -+ EC_EXTRA_DATA *d; -+ -+ if (ex_data == NULL) -+ return 0; -+ -+ for (d = *ex_data; d != NULL; d = d->next) { -+ if (d->dup_func == dup_func && d->free_func == free_func -+ && d->clear_free_func == clear_free_func) { -+ ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); -+ return 0; -+ } -+ } - -- if (data == NULL) -- /* no explicit entry needed */ -- return 1; -+ if (data == NULL) -+ /* no explicit entry needed */ -+ return 1; - -- d = OPENSSL_malloc(sizeof *d); -- if (d == NULL) -- return 0; -+ d = OPENSSL_malloc(sizeof *d); -+ if (d == NULL) -+ return 0; - -- d->data = data; -- d->dup_func = dup_func; -- d->free_func = free_func; -- d->clear_free_func = clear_free_func; -+ d->data = data; -+ d->dup_func = dup_func; -+ d->free_func = free_func; -+ d->clear_free_func = clear_free_func; - -- d->next = *ex_data; -- *ex_data = d; -+ d->next = *ex_data; -+ *ex_data = d; - -- return 1; -- } -+ return 1; -+} - - /* this has 'package' visibility */ - void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, -- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) -- { -- const EC_EXTRA_DATA *d; -- -- for (d = ex_data; d != NULL; d = d->next) -- { -- if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) -- return d->data; -- } -- -- return NULL; -- } -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)) -+{ -+ const EC_EXTRA_DATA *d; -+ -+ for (d = ex_data; d != NULL; d = d->next) { -+ if (d->dup_func == dup_func && d->free_func == free_func -+ && d->clear_free_func == clear_free_func) -+ return d->data; -+ } -+ -+ return NULL; -+} - - /* this has 'package' visibility */ - void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, -- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) -- { -- EC_EXTRA_DATA **p; -- -- if (ex_data == NULL) -- return; -- -- for (p = ex_data; *p != NULL; p = &((*p)->next)) -- { -- if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) -- { -- EC_EXTRA_DATA *next = (*p)->next; -- -- (*p)->free_func((*p)->data); -- OPENSSL_free(*p); -- -- *p = next; -- return; -- } -- } -- } -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)) -+{ -+ EC_EXTRA_DATA **p; -+ -+ if (ex_data == NULL) -+ return; -+ -+ for (p = ex_data; *p != NULL; p = &((*p)->next)) { -+ if ((*p)->dup_func == dup_func && (*p)->free_func == free_func -+ && (*p)->clear_free_func == clear_free_func) { -+ EC_EXTRA_DATA *next = (*p)->next; -+ -+ (*p)->free_func((*p)->data); -+ OPENSSL_free(*p); -+ -+ *p = next; -+ return; -+ } -+ } -+} - - /* this has 'package' visibility */ - void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, -- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) -- { -- EC_EXTRA_DATA **p; -- -- if (ex_data == NULL) -- return; -- -- for (p = ex_data; *p != NULL; p = &((*p)->next)) -- { -- if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) -- { -- EC_EXTRA_DATA *next = (*p)->next; -- -- (*p)->clear_free_func((*p)->data); -- OPENSSL_free(*p); -- -- *p = next; -- return; -- } -- } -- } -+ void *(*dup_func) (void *), -+ void (*free_func) (void *), -+ void (*clear_free_func) (void *)) -+{ -+ EC_EXTRA_DATA **p; -+ -+ if (ex_data == NULL) -+ return; -+ -+ for (p = ex_data; *p != NULL; p = &((*p)->next)) { -+ if ((*p)->dup_func == dup_func && (*p)->free_func == free_func -+ && (*p)->clear_free_func == clear_free_func) { -+ EC_EXTRA_DATA *next = (*p)->next; -+ -+ (*p)->clear_free_func((*p)->data); -+ OPENSSL_free(*p); -+ -+ *p = next; -+ return; -+ } -+ } -+} - - /* this has 'package' visibility */ - void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) -- { -- EC_EXTRA_DATA *d; -- -- if (ex_data == NULL) -- return; -- -- d = *ex_data; -- while (d) -- { -- EC_EXTRA_DATA *next = d->next; -- -- d->free_func(d->data); -- OPENSSL_free(d); -- -- d = next; -- } -- *ex_data = NULL; -- } -+{ -+ EC_EXTRA_DATA *d; -+ -+ if (ex_data == NULL) -+ return; -+ -+ d = *ex_data; -+ while (d) { -+ EC_EXTRA_DATA *next = d->next; -+ -+ d->free_func(d->data); -+ OPENSSL_free(d); -+ -+ d = next; -+ } -+ *ex_data = NULL; -+} - - /* this has 'package' visibility */ - void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) -- { -- EC_EXTRA_DATA *d; -- -- if (ex_data == NULL) -- return; -- -- d = *ex_data; -- while (d) -- { -- EC_EXTRA_DATA *next = d->next; -- -- d->clear_free_func(d->data); -- OPENSSL_free(d); -- -- d = next; -- } -- *ex_data = NULL; -- } -+{ -+ EC_EXTRA_DATA *d; -+ -+ if (ex_data == NULL) -+ return; -+ -+ d = *ex_data; -+ while (d) { -+ EC_EXTRA_DATA *next = d->next; - -+ d->clear_free_func(d->data); -+ OPENSSL_free(d); -+ -+ d = next; -+ } -+ *ex_data = NULL; -+} - - /* functions for EC_POINT objects */ - - EC_POINT *EC_POINT_new(const EC_GROUP *group) -- { -- EC_POINT *ret; -- -- if (group == NULL) -- { -- ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- if (group->meth->point_init == 0) -- { -- ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return NULL; -- } -- -- ret = OPENSSL_malloc(sizeof *ret); -- if (ret == NULL) -- { -- ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- ret->meth = group->meth; -- -- if (!ret->meth->point_init(ret)) -- { -- OPENSSL_free(ret); -- return NULL; -- } -- -- return ret; -- } -- -+{ -+ EC_POINT *ret; -+ -+ if (group == NULL) { -+ ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ if (group->meth->point_init == 0) { -+ ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return NULL; -+ } -+ -+ ret = OPENSSL_malloc(sizeof *ret); -+ if (ret == NULL) { -+ ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ ret->meth = group->meth; -+ -+ if (!ret->meth->point_init(ret)) { -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ -+ return ret; -+} - - void EC_POINT_free(EC_POINT *point) -- { -- if (!point) return; -+{ -+ if (!point) -+ return; - -- if (point->meth->point_finish != 0) -- point->meth->point_finish(point); -- OPENSSL_free(point); -- } -- -+ if (point->meth->point_finish != 0) -+ point->meth->point_finish(point); -+ OPENSSL_free(point); -+} - - void EC_POINT_clear_free(EC_POINT *point) -- { -- if (!point) return; -- -- if (point->meth->point_clear_finish != 0) -- point->meth->point_clear_finish(point); -- else if (point->meth != NULL && point->meth->point_finish != 0) -- point->meth->point_finish(point); -- OPENSSL_cleanse(point, sizeof *point); -- OPENSSL_free(point); -- } -- -+{ -+ if (!point) -+ return; -+ -+ if (point->meth->point_clear_finish != 0) -+ point->meth->point_clear_finish(point); -+ else if (point->meth != NULL && point->meth->point_finish != 0) -+ point->meth->point_finish(point); -+ OPENSSL_cleanse(point, sizeof *point); -+ OPENSSL_free(point); -+} - - int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) -- { -- if (dest->meth->point_copy == 0) -- { -- ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (dest->meth != src->meth) -- { -- ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- if (dest == src) -- return 1; -- return dest->meth->point_copy(dest, src); -- } -- -+{ -+ if (dest->meth->point_copy == 0) { -+ ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (dest->meth != src->meth) { -+ ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ if (dest == src) -+ return 1; -+ return dest->meth->point_copy(dest, src); -+} - - EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) -- { -- EC_POINT *t; -- int r; -- -- if (a == NULL) return NULL; -- -- t = EC_POINT_new(group); -- if (t == NULL) return(NULL); -- r = EC_POINT_copy(t, a); -- if (!r) -- { -- EC_POINT_free(t); -- return NULL; -- } -- else return t; -- } -- -+{ -+ EC_POINT *t; -+ int r; -+ -+ if (a == NULL) -+ return NULL; -+ -+ t = EC_POINT_new(group); -+ if (t == NULL) -+ return (NULL); -+ r = EC_POINT_copy(t, a); -+ if (!r) { -+ EC_POINT_free(t); -+ return NULL; -+ } else -+ return t; -+} - - const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) -- { -- return point->meth; -- } -- -+{ -+ return point->meth; -+} - - int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) -- { -- if (group->meth->point_set_to_infinity == 0) -- { -- ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_set_to_infinity(group, point); -- } -- -- --int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) -- { -- if (group->meth->point_set_Jprojective_coordinates_GFp == 0) -- { -- ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); -- } -- -- --int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, -- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) -- { -- if (group->meth->point_get_Jprojective_coordinates_GFp == 0) -- { -- ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); -- } -- -- --int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) -- { -- if (group->meth->point_set_affine_coordinates == 0) -- { -- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); -- } -- -- --int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) -- { -- if (group->meth->point_set_affine_coordinates == 0) -- { -- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); -- } -- -- --int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, -- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) -- { -- if (group->meth->point_get_affine_coordinates == 0) -- { -- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); -- } -- -- --int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, -- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) -- { -- if (group->meth->point_get_affine_coordinates == 0) -- { -- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); -- } -- -- --int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x, int y_bit, BN_CTX *ctx) -- { -- if (group->meth->point_set_compressed_coordinates == 0) -- { -- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); -- } -- -- --int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x, int y_bit, BN_CTX *ctx) -- { -- if (group->meth->point_set_compressed_coordinates == 0) -- { -- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); -- } -- -- --size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, -- unsigned char *buf, size_t len, BN_CTX *ctx) -- { -- if (group->meth->point2oct == 0) -- { -- ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->point2oct(group, point, form, buf, len, ctx); -- } -- -+{ -+ if (group->meth->point_set_to_infinity == 0) { -+ ECerr(EC_F_EC_POINT_SET_TO_INFINITY, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_set_to_infinity(group, point); -+} -+ -+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, -+ EC_POINT *point, const BIGNUM *x, -+ const BIGNUM *y, const BIGNUM *z, -+ BN_CTX *ctx) -+{ -+ if (group->meth->point_set_Jprojective_coordinates_GFp == 0) { -+ ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, -+ EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, -+ y, z, ctx); -+} -+ -+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, -+ const EC_POINT *point, BIGNUM *x, -+ BIGNUM *y, BIGNUM *z, -+ BN_CTX *ctx) -+{ -+ if (group->meth->point_get_Jprojective_coordinates_GFp == 0) { -+ ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, -+ EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, -+ y, z, ctx); -+} -+ -+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, -+ EC_POINT *point, const BIGNUM *x, -+ const BIGNUM *y, BN_CTX *ctx) -+{ -+ if (group->meth->point_set_affine_coordinates == 0) { -+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, -+ EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); -+} -+ -+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, -+ EC_POINT *point, const BIGNUM *x, -+ const BIGNUM *y, BN_CTX *ctx) -+{ -+ if (group->meth->point_set_affine_coordinates == 0) { -+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, -+ EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); -+} -+ -+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, -+ const EC_POINT *point, BIGNUM *x, -+ BIGNUM *y, BN_CTX *ctx) -+{ -+ if (group->meth->point_get_affine_coordinates == 0) { -+ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, -+ EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); -+} -+ -+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, -+ const EC_POINT *point, BIGNUM *x, -+ BIGNUM *y, BN_CTX *ctx) -+{ -+ if (group->meth->point_get_affine_coordinates == 0) { -+ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, -+ EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); -+} -+ -+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, -+ EC_POINT *point, const BIGNUM *x, -+ int y_bit, BN_CTX *ctx) -+{ -+ if (group->meth->point_set_compressed_coordinates == 0) { -+ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, -+ EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_set_compressed_coordinates(group, point, x, -+ y_bit, ctx); -+} -+ -+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, -+ EC_POINT *point, const BIGNUM *x, -+ int y_bit, BN_CTX *ctx) -+{ -+ if (group->meth->point_set_compressed_coordinates == 0) { -+ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, -+ EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point_set_compressed_coordinates(group, point, x, -+ y_bit, ctx); -+} -+ -+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, -+ point_conversion_form_t form, unsigned char *buf, -+ size_t len, BN_CTX *ctx) -+{ -+ if (group->meth->point2oct == 0) { -+ ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->point2oct(group, point, form, buf, len, ctx); -+} - - int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, -- const unsigned char *buf, size_t len, BN_CTX *ctx) -- { -- if (group->meth->oct2point == 0) -- { -- ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->oct2point(group, point, buf, len, ctx); -- } -- -- --int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) -- { -- if (group->meth->add == 0) -- { -- ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) -- { -- ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->add(group, r, a, b, ctx); -- } -- -- --int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) -- { -- if (group->meth->dbl == 0) -- { -- ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if ((group->meth != r->meth) || (r->meth != a->meth)) -- { -- ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->dbl(group, r, a, ctx); -- } -- -+ const unsigned char *buf, size_t len, BN_CTX *ctx) -+{ -+ if (group->meth->oct2point == 0) { -+ ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->oct2point(group, point, buf, len, ctx); -+} -+ -+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, -+ const EC_POINT *b, BN_CTX *ctx) -+{ -+ if (group->meth->add == 0) { -+ ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if ((group->meth != r->meth) || (r->meth != a->meth) -+ || (a->meth != b->meth)) { -+ ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->add(group, r, a, b, ctx); -+} -+ -+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, -+ BN_CTX *ctx) -+{ -+ if (group->meth->dbl == 0) { -+ ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if ((group->meth != r->meth) || (r->meth != a->meth)) { -+ ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->dbl(group, r, a, ctx); -+} - - int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) -- { -- if (group->meth->invert == 0) -- { -- ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != a->meth) -- { -- ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->invert(group, a, ctx); -- } -- -+{ -+ if (group->meth->invert == 0) { -+ ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != a->meth) { -+ ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->invert(group, a, ctx); -+} - - int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) -- { -- if (group->meth->is_at_infinity == 0) -- { -- ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->is_at_infinity(group, point); -- } -- -- --int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) -- { -- if (group->meth->is_on_curve == 0) -- { -- ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->is_on_curve(group, point, ctx); -- } -- -- --int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) -- { -- if (group->meth->point_cmp == 0) -- { -- ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return -1; -- } -- if ((group->meth != a->meth) || (a->meth != b->meth)) -- { -- ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); -- return -1; -- } -- return group->meth->point_cmp(group, a, b, ctx); -- } -- -+{ -+ if (group->meth->is_at_infinity == 0) { -+ ECerr(EC_F_EC_POINT_IS_AT_INFINITY, -+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->is_at_infinity(group, point); -+} -+ -+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, -+ BN_CTX *ctx) -+{ -+ if (group->meth->is_on_curve == 0) { -+ ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->is_on_curve(group, point, ctx); -+} -+ -+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, -+ BN_CTX *ctx) -+{ -+ if (group->meth->point_cmp == 0) { -+ ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return -1; -+ } -+ if ((group->meth != a->meth) || (a->meth != b->meth)) { -+ ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); -+ return -1; -+ } -+ return group->meth->point_cmp(group, a, b, ctx); -+} - - int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) -- { -- if (group->meth->make_affine == 0) -- { -- ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- if (group->meth != point->meth) -- { -- ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- return group->meth->make_affine(group, point, ctx); -- } -- -- --int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) -- { -- size_t i; -- -- if (group->meth->points_make_affine == 0) -- { -- ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return 0; -- } -- for (i = 0; i < num; i++) -- { -- if (group->meth != points[i]->meth) -- { -- ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- } -- return group->meth->points_make_affine(group, num, points, ctx); -- } -- -- --/* Functions for point multiplication. -- * -- * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; -- * otherwise we dispatch through methods. -+{ -+ if (group->meth->make_affine == 0) { -+ ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ if (group->meth != point->meth) { -+ ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ return group->meth->make_affine(group, point, ctx); -+} -+ -+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, -+ EC_POINT *points[], BN_CTX *ctx) -+{ -+ size_t i; -+ -+ if (group->meth->points_make_affine == 0) { -+ ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return 0; -+ } -+ for (i = 0; i < num; i++) { -+ if (group->meth != points[i]->meth) { -+ ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ } -+ return group->meth->points_make_affine(group, num, points, ctx); -+} -+ -+/* -+ * Functions for point multiplication. If group->meth->mul is 0, we use the -+ * wNAF-based implementations in ec_mult.c; otherwise we dispatch through -+ * methods. - */ - - int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, -- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) -- { -- if (group->meth->mul == 0) -- /* use default */ -- return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); -+ size_t num, const EC_POINT *points[], -+ const BIGNUM *scalars[], BN_CTX *ctx) -+{ -+ if (group->meth->mul == 0) -+ /* use default */ -+ return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - -- return group->meth->mul(group, r, scalar, num, points, scalars, ctx); -- } -+ return group->meth->mul(group, r, scalar, num, points, scalars, ctx); -+} - - int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, -- const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) -- { -- /* just a convenient interface to EC_POINTs_mul() */ -+ const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) -+{ -+ /* just a convenient interface to EC_POINTs_mul() */ - -- const EC_POINT *points[1]; -- const BIGNUM *scalars[1]; -+ const EC_POINT *points[1]; -+ const BIGNUM *scalars[1]; - -- points[0] = point; -- scalars[0] = p_scalar; -+ points[0] = point; -+ scalars[0] = p_scalar; - -- return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); -- } -+ return EC_POINTs_mul(group, r, g_scalar, -+ (point != NULL -+ && p_scalar != NULL), points, scalars, ctx); -+} - - int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -- { -- if (group->meth->mul == 0) -- /* use default */ -- return ec_wNAF_precompute_mult(group, ctx); -+{ -+ if (group->meth->mul == 0) -+ /* use default */ -+ return ec_wNAF_precompute_mult(group, ctx); - -- if (group->meth->precompute_mult != 0) -- return group->meth->precompute_mult(group, ctx); -- else -- return 1; /* nothing to do, so report success */ -- } -+ if (group->meth->precompute_mult != 0) -+ return group->meth->precompute_mult(group, ctx); -+ else -+ return 1; /* nothing to do, so report success */ -+} - - int EC_GROUP_have_precompute_mult(const EC_GROUP *group) -- { -- if (group->meth->mul == 0) -- /* use default */ -- return ec_wNAF_have_precompute_mult(group); -- -- if (group->meth->have_precompute_mult != 0) -- return group->meth->have_precompute_mult(group); -- else -- return 0; /* cannot tell whether precomputation has been performed */ -- } -+{ -+ if (group->meth->mul == 0) -+ /* use default */ -+ return ec_wNAF_have_precompute_mult(group); -+ -+ if (group->meth->have_precompute_mult != 0) -+ return group->meth->have_precompute_mult(group); -+ else -+ return 0; /* cannot tell whether precomputation has -+ * been performed */ -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c -index ee42269..333cbc9 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -67,7 +67,6 @@ - - #include "ec_lcl.h" - -- - /* - * This file implements the wNAF-based interleaving multi-exponentation method - * (); -@@ -75,114 +74,107 @@ - * (). - */ - -- -- -- - /* structure for precomputed multiples of the generator */ - typedef struct ec_pre_comp_st { -- const EC_GROUP *group; /* parent EC_GROUP object */ -- size_t blocksize; /* block size for wNAF splitting */ -- size_t numblocks; /* max. number of blocks for which we have precomputation */ -- size_t w; /* window size */ -- EC_POINT **points; /* array with pre-calculated multiples of generator: -- * 'num' pointers to EC_POINT objects followed by a NULL */ -- size_t num; /* numblocks * 2^(w-1) */ -- int references; -+ const EC_GROUP *group; /* parent EC_GROUP object */ -+ size_t blocksize; /* block size for wNAF splitting */ -+ size_t numblocks; /* max. number of blocks for which we have -+ * precomputation */ -+ size_t w; /* window size */ -+ EC_POINT **points; /* array with pre-calculated multiples of -+ * generator: 'num' pointers to EC_POINT -+ * objects followed by a NULL */ -+ size_t num; /* numblocks * 2^(w-1) */ -+ int references; - } EC_PRE_COMP; -- -+ - /* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ - static void *ec_pre_comp_dup(void *); - static void ec_pre_comp_free(void *); - static void ec_pre_comp_clear_free(void *); - - static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) -- { -- EC_PRE_COMP *ret = NULL; -- -- if (!group) -- return NULL; -- -- ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); -- if (!ret) -- { -- ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); -- return ret; -- } -- ret->group = group; -- ret->blocksize = 8; /* default */ -- ret->numblocks = 0; -- ret->w = 4; /* default */ -- ret->points = NULL; -- ret->num = 0; -- ret->references = 1; -- return ret; -- } -+{ -+ EC_PRE_COMP *ret = NULL; -+ -+ if (!group) -+ return NULL; -+ -+ ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); -+ if (!ret) { -+ ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); -+ return ret; -+ } -+ ret->group = group; -+ ret->blocksize = 8; /* default */ -+ ret->numblocks = 0; -+ ret->w = 4; /* default */ -+ ret->points = NULL; -+ ret->num = 0; -+ ret->references = 1; -+ return ret; -+} - - static void *ec_pre_comp_dup(void *src_) -- { -- EC_PRE_COMP *src = src_; -+{ -+ EC_PRE_COMP *src = src_; - -- /* no need to actually copy, these objects never change! */ -+ /* no need to actually copy, these objects never change! */ - -- CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); -+ CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); - -- return src_; -- } -+ return src_; -+} - - static void ec_pre_comp_free(void *pre_) -- { -- int i; -- EC_PRE_COMP *pre = pre_; -+{ -+ int i; -+ EC_PRE_COMP *pre = pre_; - -- if (!pre) -- return; -+ if (!pre) -+ return; - -- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); -- if (i > 0) -- return; -+ i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); -+ if (i > 0) -+ return; - -- if (pre->points) -- { -- EC_POINT **p; -+ if (pre->points) { -+ EC_POINT **p; - -- for (p = pre->points; *p != NULL; p++) -- EC_POINT_free(*p); -- OPENSSL_free(pre->points); -- } -- OPENSSL_free(pre); -- } -+ for (p = pre->points; *p != NULL; p++) -+ EC_POINT_free(*p); -+ OPENSSL_free(pre->points); -+ } -+ OPENSSL_free(pre); -+} - - static void ec_pre_comp_clear_free(void *pre_) -- { -- int i; -- EC_PRE_COMP *pre = pre_; -- -- if (!pre) -- return; -- -- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); -- if (i > 0) -- return; -- -- if (pre->points) -- { -- EC_POINT **p; -- -- for (p = pre->points; *p != NULL; p++) -- { -- EC_POINT_clear_free(*p); -- OPENSSL_cleanse(p, sizeof *p); -- } -- OPENSSL_free(pre->points); -- } -- OPENSSL_cleanse(pre, sizeof *pre); -- OPENSSL_free(pre); -- } -- -- -- -- --/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. -+{ -+ int i; -+ EC_PRE_COMP *pre = pre_; -+ -+ if (!pre) -+ return; -+ -+ i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); -+ if (i > 0) -+ return; -+ -+ if (pre->points) { -+ EC_POINT **p; -+ -+ for (p = pre->points; *p != NULL; p++) { -+ EC_POINT_clear_free(*p); -+ OPENSSL_cleanse(p, sizeof *p); -+ } -+ OPENSSL_free(pre->points); -+ } -+ OPENSSL_cleanse(pre, sizeof *pre); -+ OPENSSL_free(pre); -+} -+ -+/*- -+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. - * This is an array r[] of values that are either zero or odd with an - * absolute value less than 2^w satisfying - * scalar = \sum_j r[j]*2^j -@@ -191,562 +183,544 @@ static void ec_pre_comp_clear_free(void *pre_) - * w-1 zeros away from that next non-zero digit. - */ - static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) -- { -- int window_val; -- int ok = 0; -- signed char *r = NULL; -- int sign = 1; -- int bit, next_bit, mask; -- size_t len = 0, j; -- -- if (BN_is_zero(scalar)) -- { -- r = OPENSSL_malloc(1); -- if (!r) -- { -- ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- r[0] = 0; -- *ret_len = 1; -- return r; -- } -- -- if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ -- { -- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- bit = 1 << w; /* at most 128 */ -- next_bit = bit << 1; /* at most 256 */ -- mask = next_bit - 1; /* at most 255 */ -- -- if (BN_is_negative(scalar)) -- { -- sign = -1; -- } -- -- len = BN_num_bits(scalar); -- r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation -- * (*ret_len will be set to the actual length, i.e. at most -- * BN_num_bits(scalar) + 1) */ -- if (r == NULL) -- { -- ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (scalar->d == NULL || scalar->top == 0) -- { -- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- window_val = scalar->d[0] & mask; -- j = 0; -- while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */ -- { -- int digit = 0; -- -- /* 0 <= window_val <= 2^(w+1) */ -- -- if (window_val & 1) -- { -- /* 0 < window_val < 2^(w+1) */ -- -- if (window_val & bit) -- { -- digit = window_val - next_bit; /* -2^w < digit < 0 */ -- --#if 1 /* modified wNAF */ -- if (j + w + 1 >= len) -- { -- /* special case for generating modified wNAFs: -- * no new bits will be added into window_val, -- * so using a positive digit here will decrease -- * the total length of the representation */ -- -- digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ -- } -+{ -+ int window_val; -+ int ok = 0; -+ signed char *r = NULL; -+ int sign = 1; -+ int bit, next_bit, mask; -+ size_t len = 0, j; -+ -+ if (BN_is_zero(scalar)) { -+ r = OPENSSL_malloc(1); -+ if (!r) { -+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ r[0] = 0; -+ *ret_len = 1; -+ return r; -+ } -+ -+ if (w <= 0 || w > 7) { /* 'signed char' can represent integers with -+ * absolute values less than 2^7 */ -+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ bit = 1 << w; /* at most 128 */ -+ next_bit = bit << 1; /* at most 256 */ -+ mask = next_bit - 1; /* at most 255 */ -+ -+ if (BN_is_negative(scalar)) { -+ sign = -1; -+ } -+ -+ len = BN_num_bits(scalar); -+ r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer -+ * than binary representation (*ret_len will -+ * be set to the actual length, i.e. at most -+ * BN_num_bits(scalar) + 1) */ -+ if (r == NULL) { -+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (scalar->d == NULL || scalar->top == 0) { -+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ window_val = scalar->d[0] & mask; -+ j = 0; -+ while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len, -+ * window_val will not -+ * increase */ -+ int digit = 0; -+ -+ /* 0 <= window_val <= 2^(w+1) */ -+ -+ if (window_val & 1) { -+ /* 0 < window_val < 2^(w+1) */ -+ -+ if (window_val & bit) { -+ digit = window_val - next_bit; /* -2^w < digit < 0 */ -+ -+#if 1 /* modified wNAF */ -+ if (j + w + 1 >= len) { -+ /* -+ * special case for generating modified wNAFs: no new -+ * bits will be added into window_val, so using a -+ * positive digit here will decrease the total length of -+ * the representation -+ */ -+ -+ digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ -+ } - #endif -- } -- else -- { -- digit = window_val; /* 0 < digit < 2^w */ -- } -- -- if (digit <= -bit || digit >= bit || !(digit & 1)) -- { -- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- window_val -= digit; -- -- /* now window_val is 0 or 2^(w+1) in standard wNAF generation; -- * for modified window NAFs, it may also be 2^w -- */ -- if (window_val != 0 && window_val != next_bit && window_val != bit) -- { -- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- r[j++] = sign * digit; -- -- window_val >>= 1; -- window_val += bit * BN_is_bit_set(scalar, j + w); -- -- if (window_val > next_bit) -- { -- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- if (j > len + 1) -- { -- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- len = j; -- ok = 1; -+ } else { -+ digit = window_val; /* 0 < digit < 2^w */ -+ } -+ -+ if (digit <= -bit || digit >= bit || !(digit & 1)) { -+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ window_val -= digit; -+ -+ /* -+ * now window_val is 0 or 2^(w+1) in standard wNAF generation; -+ * for modified window NAFs, it may also be 2^w -+ */ -+ if (window_val != 0 && window_val != next_bit -+ && window_val != bit) { -+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ -+ r[j++] = sign * digit; -+ -+ window_val >>= 1; -+ window_val += bit * BN_is_bit_set(scalar, j + w); -+ -+ if (window_val > next_bit) { -+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ -+ if (j > len + 1) { -+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ len = j; -+ ok = 1; - - err: -- if (!ok) -- { -- OPENSSL_free(r); -- r = NULL; -- } -- if (ok) -- *ret_len = len; -- return r; -- } -- -- --/* TODO: table should be optimised for the wNAF-based implementation, -- * sometimes smaller windows will give better performance -- * (thus the boundaries should be increased) -+ if (!ok) { -+ OPENSSL_free(r); -+ r = NULL; -+ } -+ if (ok) -+ *ret_len = len; -+ return r; -+} -+ -+/* -+ * TODO: table should be optimised for the wNAF-based implementation, -+ * sometimes smaller windows will give better performance (thus the -+ * boundaries should be increased) - */ - #define EC_window_bits_for_scalar_size(b) \ -- ((size_t) \ -- ((b) >= 2000 ? 6 : \ -- (b) >= 800 ? 5 : \ -- (b) >= 300 ? 4 : \ -- (b) >= 70 ? 3 : \ -- (b) >= 20 ? 2 : \ -- 1)) -- --/* Compute -+ ((size_t) \ -+ ((b) >= 2000 ? 6 : \ -+ (b) >= 800 ? 5 : \ -+ (b) >= 300 ? 4 : \ -+ (b) >= 70 ? 3 : \ -+ (b) >= 20 ? 2 : \ -+ 1)) -+ -+/*- -+ * Compute - * \sum scalars[i]*points[i], - * also including - * scalar*generator - * in the addition if scalar != NULL - */ - int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, -- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- const EC_POINT *generator = NULL; -- EC_POINT *tmp = NULL; -- size_t totalnum; -- size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ -- size_t pre_points_per_block = 0; -- size_t i, j; -- int k; -- int r_is_inverted = 0; -- int r_is_at_infinity = 1; -- size_t *wsize = NULL; /* individual window sizes */ -- signed char **wNAF = NULL; /* individual wNAFs */ -- size_t *wNAF_len = NULL; -- size_t max_len = 0; -- size_t num_val; -- EC_POINT **val = NULL; /* precomputation */ -- EC_POINT **v; -- EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ -- const EC_PRE_COMP *pre_comp = NULL; -- int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, -- * i.e. precomputation is not available */ -- int ret = 0; -- -- if (group->meth != r->meth) -- { -- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- -- if ((scalar == NULL) && (num == 0)) -- { -- return EC_POINT_set_to_infinity(group, r); -- } -- -- for (i = 0; i < num; i++) -- { -- if (group->meth != points[i]->meth) -- { -- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); -- return 0; -- } -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- goto err; -- } -- -- if (scalar != NULL) -- { -- generator = EC_GROUP_get0_generator(group); -- if (generator == NULL) -- { -- ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); -- goto err; -- } -- -- /* look if we can use precomputed multiples of generator */ -- -- pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); -- -- if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) -- { -- blocksize = pre_comp->blocksize; -- -- /* determine maximum number of blocks that wNAF splitting may yield -- * (NB: maximum wNAF length is bit length plus one) */ -- numblocks = (BN_num_bits(scalar) / blocksize) + 1; -- -- /* we cannot use more blocks than we have precomputation for */ -- if (numblocks > pre_comp->numblocks) -- numblocks = pre_comp->numblocks; -- -- pre_points_per_block = 1u << (pre_comp->w - 1); -- -- /* check that pre_comp looks sane */ -- if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- else -- { -- /* can't use precomputation */ -- pre_comp = NULL; -- numblocks = 1; -- num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */ -- } -- } -- -- totalnum = num + numblocks; -- -- wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); -- wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); -- wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */ -- val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); -- -- if (!wsize || !wNAF_len || !wNAF || !val_sub) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- wNAF[0] = NULL; /* preliminary pivot */ -- -- /* num_val will be the total number of temporarily precomputed points */ -- num_val = 0; -- -- for (i = 0; i < num + num_scalar; i++) -- { -- size_t bits; -- -- bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); -- wsize[i] = EC_window_bits_for_scalar_size(bits); -- num_val += 1u << (wsize[i] - 1); -- wNAF[i + 1] = NULL; /* make sure we always have a pivot */ -- wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); -- if (wNAF[i] == NULL) -- goto err; -- if (wNAF_len[i] > max_len) -- max_len = wNAF_len[i]; -- } -- -- if (numblocks) -- { -- /* we go here iff scalar != NULL */ -- -- if (pre_comp == NULL) -- { -- if (num_scalar != 1) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- /* we have already generated a wNAF for 'scalar' */ -- } -- else -- { -- signed char *tmp_wNAF = NULL; -- size_t tmp_len = 0; -- -- if (num_scalar != 0) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- /* use the window size for which we have precomputation */ -- wsize[num] = pre_comp->w; -- tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); -- if (!tmp_wNAF) -- goto err; -- -- if (tmp_len <= max_len) -- { -- /* One of the other wNAFs is at least as long -- * as the wNAF belonging to the generator, -- * so wNAF splitting will not buy us anything. */ -- -- numblocks = 1; -- totalnum = num + 1; /* don't use wNAF splitting */ -- wNAF[num] = tmp_wNAF; -- wNAF[num + 1] = NULL; -- wNAF_len[num] = tmp_len; -- if (tmp_len > max_len) -- max_len = tmp_len; -- /* pre_comp->points starts with the points that we need here: */ -- val_sub[num] = pre_comp->points; -- } -- else -- { -- /* don't include tmp_wNAF directly into wNAF array -- * - use wNAF splitting and include the blocks */ -- -- signed char *pp; -- EC_POINT **tmp_points; -- -- if (tmp_len < numblocks * blocksize) -- { -- /* possibly we can do with fewer blocks than estimated */ -- numblocks = (tmp_len + blocksize - 1) / blocksize; -- if (numblocks > pre_comp->numblocks) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- totalnum = num + numblocks; -- } -- -- /* split wNAF in 'numblocks' parts */ -- pp = tmp_wNAF; -- tmp_points = pre_comp->points; -- -- for (i = num; i < totalnum; i++) -- { -- if (i < totalnum - 1) -- { -- wNAF_len[i] = blocksize; -- if (tmp_len < blocksize) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- tmp_len -= blocksize; -- } -- else -- /* last block gets whatever is left -- * (this could be more or less than 'blocksize'!) */ -- wNAF_len[i] = tmp_len; -- -- wNAF[i + 1] = NULL; -- wNAF[i] = OPENSSL_malloc(wNAF_len[i]); -- if (wNAF[i] == NULL) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); -- OPENSSL_free(tmp_wNAF); -- goto err; -- } -- memcpy(wNAF[i], pp, wNAF_len[i]); -- if (wNAF_len[i] > max_len) -- max_len = wNAF_len[i]; -- -- if (*tmp_points == NULL) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -- OPENSSL_free(tmp_wNAF); -- goto err; -- } -- val_sub[i] = tmp_points; -- tmp_points += pre_points_per_block; -- pp += blocksize; -- } -- OPENSSL_free(tmp_wNAF); -- } -- } -- } -- -- /* All points we precompute now go into a single array 'val'. -- * 'val_sub[i]' is a pointer to the subarray for the i-th point, -- * or to a subarray of 'pre_comp->points' if we already have precomputation. */ -- val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); -- if (val == NULL) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- val[num_val] = NULL; /* pivot element */ -- -- /* allocate points for precomputation */ -- v = val; -- for (i = 0; i < num + num_scalar; i++) -- { -- val_sub[i] = v; -- for (j = 0; j < (1u << (wsize[i] - 1)); j++) -- { -- *v = EC_POINT_new(group); -- if (*v == NULL) goto err; -- v++; -- } -- } -- if (!(v == val + num_val)) -- { -- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- if (!(tmp = EC_POINT_new(group))) -- goto err; -- -- /* prepare precomputed values: -- * val_sub[i][0] := points[i] -- * val_sub[i][1] := 3 * points[i] -- * val_sub[i][2] := 5 * points[i] -- * ... -- */ -- for (i = 0; i < num + num_scalar; i++) -- { -- if (i < num) -- { -- if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err; -- } -- else -- { -- if (!EC_POINT_copy(val_sub[i][0], generator)) goto err; -- } -- -- if (wsize[i] > 1) -- { -- if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; -- for (j = 1; j < (1u << (wsize[i] - 1)); j++) -- { -- if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; -- } -- } -- } -- --#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ -- if (!EC_POINTs_make_affine(group, num_val, val, ctx)) -- goto err; -+ size_t num, const EC_POINT *points[], const BIGNUM *scalars[], -+ BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ const EC_POINT *generator = NULL; -+ EC_POINT *tmp = NULL; -+ size_t totalnum; -+ size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ -+ size_t pre_points_per_block = 0; -+ size_t i, j; -+ int k; -+ int r_is_inverted = 0; -+ int r_is_at_infinity = 1; -+ size_t *wsize = NULL; /* individual window sizes */ -+ signed char **wNAF = NULL; /* individual wNAFs */ -+ size_t *wNAF_len = NULL; -+ size_t max_len = 0; -+ size_t num_val; -+ EC_POINT **val = NULL; /* precomputation */ -+ EC_POINT **v; -+ EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or -+ * 'pre_comp->points' */ -+ const EC_PRE_COMP *pre_comp = NULL; -+ int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be -+ * treated like other scalars, i.e. -+ * precomputation is not available */ -+ int ret = 0; -+ -+ if (group->meth != r->meth) { -+ ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ -+ if ((scalar == NULL) && (num == 0)) { -+ return EC_POINT_set_to_infinity(group, r); -+ } -+ -+ for (i = 0; i < num; i++) { -+ if (group->meth != points[i]->meth) { -+ ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); -+ return 0; -+ } -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ } -+ -+ if (scalar != NULL) { -+ generator = EC_GROUP_get0_generator(group); -+ if (generator == NULL) { -+ ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); -+ goto err; -+ } -+ -+ /* look if we can use precomputed multiples of generator */ -+ -+ pre_comp = -+ EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, -+ ec_pre_comp_free, ec_pre_comp_clear_free); -+ -+ if (pre_comp && pre_comp->numblocks -+ && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == -+ 0)) { -+ blocksize = pre_comp->blocksize; -+ -+ /* -+ * determine maximum number of blocks that wNAF splitting may -+ * yield (NB: maximum wNAF length is bit length plus one) -+ */ -+ numblocks = (BN_num_bits(scalar) / blocksize) + 1; -+ -+ /* -+ * we cannot use more blocks than we have precomputation for -+ */ -+ if (numblocks > pre_comp->numblocks) -+ numblocks = pre_comp->numblocks; -+ -+ pre_points_per_block = 1u << (pre_comp->w - 1); -+ -+ /* check that pre_comp looks sane */ -+ if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } else { -+ /* can't use precomputation */ -+ pre_comp = NULL; -+ numblocks = 1; -+ num_scalar = 1; /* treat 'scalar' like 'num'-th element of -+ * 'scalars' */ -+ } -+ } -+ -+ totalnum = num + numblocks; -+ -+ wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); -+ wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); -+ wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space -+ * for pivot */ -+ val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); -+ -+ if (!wsize || !wNAF_len || !wNAF || !val_sub) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ wNAF[0] = NULL; /* preliminary pivot */ -+ -+ /* -+ * num_val will be the total number of temporarily precomputed points -+ */ -+ num_val = 0; -+ -+ for (i = 0; i < num + num_scalar; i++) { -+ size_t bits; -+ -+ bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); -+ wsize[i] = EC_window_bits_for_scalar_size(bits); -+ num_val += 1u << (wsize[i] - 1); -+ wNAF[i + 1] = NULL; /* make sure we always have a pivot */ -+ wNAF[i] = -+ compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], -+ &wNAF_len[i]); -+ if (wNAF[i] == NULL) -+ goto err; -+ if (wNAF_len[i] > max_len) -+ max_len = wNAF_len[i]; -+ } -+ -+ if (numblocks) { -+ /* we go here iff scalar != NULL */ -+ -+ if (pre_comp == NULL) { -+ if (num_scalar != 1) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ /* we have already generated a wNAF for 'scalar' */ -+ } else { -+ signed char *tmp_wNAF = NULL; -+ size_t tmp_len = 0; -+ -+ if (num_scalar != 0) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ /* -+ * use the window size for which we have precomputation -+ */ -+ wsize[num] = pre_comp->w; -+ tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); -+ if (!tmp_wNAF) -+ goto err; -+ -+ if (tmp_len <= max_len) { -+ /* -+ * One of the other wNAFs is at least as long as the wNAF -+ * belonging to the generator, so wNAF splitting will not buy -+ * us anything. -+ */ -+ -+ numblocks = 1; -+ totalnum = num + 1; /* don't use wNAF splitting */ -+ wNAF[num] = tmp_wNAF; -+ wNAF[num + 1] = NULL; -+ wNAF_len[num] = tmp_len; -+ if (tmp_len > max_len) -+ max_len = tmp_len; -+ /* -+ * pre_comp->points starts with the points that we need here: -+ */ -+ val_sub[num] = pre_comp->points; -+ } else { -+ /* -+ * don't include tmp_wNAF directly into wNAF array - use wNAF -+ * splitting and include the blocks -+ */ -+ -+ signed char *pp; -+ EC_POINT **tmp_points; -+ -+ if (tmp_len < numblocks * blocksize) { -+ /* -+ * possibly we can do with fewer blocks than estimated -+ */ -+ numblocks = (tmp_len + blocksize - 1) / blocksize; -+ if (numblocks > pre_comp->numblocks) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ totalnum = num + numblocks; -+ } -+ -+ /* split wNAF in 'numblocks' parts */ -+ pp = tmp_wNAF; -+ tmp_points = pre_comp->points; -+ -+ for (i = num; i < totalnum; i++) { -+ if (i < totalnum - 1) { -+ wNAF_len[i] = blocksize; -+ if (tmp_len < blocksize) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ tmp_len -= blocksize; -+ } else -+ /* -+ * last block gets whatever is left (this could be -+ * more or less than 'blocksize'!) -+ */ -+ wNAF_len[i] = tmp_len; -+ -+ wNAF[i + 1] = NULL; -+ wNAF[i] = OPENSSL_malloc(wNAF_len[i]); -+ if (wNAF[i] == NULL) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); -+ OPENSSL_free(tmp_wNAF); -+ goto err; -+ } -+ memcpy(wNAF[i], pp, wNAF_len[i]); -+ if (wNAF_len[i] > max_len) -+ max_len = wNAF_len[i]; -+ -+ if (*tmp_points == NULL) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -+ OPENSSL_free(tmp_wNAF); -+ goto err; -+ } -+ val_sub[i] = tmp_points; -+ tmp_points += pre_points_per_block; -+ pp += blocksize; -+ } -+ OPENSSL_free(tmp_wNAF); -+ } -+ } -+ } -+ -+ /* -+ * All points we precompute now go into a single array 'val'. -+ * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a -+ * subarray of 'pre_comp->points' if we already have precomputation. -+ */ -+ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); -+ if (val == NULL) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ val[num_val] = NULL; /* pivot element */ -+ -+ /* allocate points for precomputation */ -+ v = val; -+ for (i = 0; i < num + num_scalar; i++) { -+ val_sub[i] = v; -+ for (j = 0; j < (1u << (wsize[i] - 1)); j++) { -+ *v = EC_POINT_new(group); -+ if (*v == NULL) -+ goto err; -+ v++; -+ } -+ } -+ if (!(v == val + num_val)) { -+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (!(tmp = EC_POINT_new(group))) -+ goto err; -+ -+ /*- -+ * prepare precomputed values: -+ * val_sub[i][0] := points[i] -+ * val_sub[i][1] := 3 * points[i] -+ * val_sub[i][2] := 5 * points[i] -+ * ... -+ */ -+ for (i = 0; i < num + num_scalar; i++) { -+ if (i < num) { -+ if (!EC_POINT_copy(val_sub[i][0], points[i])) -+ goto err; -+ } else { -+ if (!EC_POINT_copy(val_sub[i][0], generator)) -+ goto err; -+ } -+ -+ if (wsize[i] > 1) { -+ if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) -+ goto err; -+ for (j = 1; j < (1u << (wsize[i] - 1)); j++) { -+ if (!EC_POINT_add -+ (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) -+ goto err; -+ } -+ } -+ } -+ -+#if 1 /* optional; EC_window_bits_for_scalar_size -+ * assumes we do this step */ -+ if (!EC_POINTs_make_affine(group, num_val, val, ctx)) -+ goto err; - #endif - -- r_is_at_infinity = 1; -- -- for (k = max_len - 1; k >= 0; k--) -- { -- if (!r_is_at_infinity) -- { -- if (!EC_POINT_dbl(group, r, r, ctx)) goto err; -- } -- -- for (i = 0; i < totalnum; i++) -- { -- if (wNAF_len[i] > (size_t)k) -- { -- int digit = wNAF[i][k]; -- int is_neg; -- -- if (digit) -- { -- is_neg = digit < 0; -- -- if (is_neg) -- digit = -digit; -- -- if (is_neg != r_is_inverted) -- { -- if (!r_is_at_infinity) -- { -- if (!EC_POINT_invert(group, r, ctx)) goto err; -- } -- r_is_inverted = !r_is_inverted; -- } -- -- /* digit > 0 */ -- -- if (r_is_at_infinity) -- { -- if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err; -- r_is_at_infinity = 0; -- } -- else -- { -- if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err; -- } -- } -- } -- } -- } -- -- if (r_is_at_infinity) -- { -- if (!EC_POINT_set_to_infinity(group, r)) goto err; -- } -- else -- { -- if (r_is_inverted) -- if (!EC_POINT_invert(group, r, ctx)) goto err; -- } -- -- ret = 1; -+ r_is_at_infinity = 1; -+ -+ for (k = max_len - 1; k >= 0; k--) { -+ if (!r_is_at_infinity) { -+ if (!EC_POINT_dbl(group, r, r, ctx)) -+ goto err; -+ } -+ -+ for (i = 0; i < totalnum; i++) { -+ if (wNAF_len[i] > (size_t)k) { -+ int digit = wNAF[i][k]; -+ int is_neg; -+ -+ if (digit) { -+ is_neg = digit < 0; -+ -+ if (is_neg) -+ digit = -digit; -+ -+ if (is_neg != r_is_inverted) { -+ if (!r_is_at_infinity) { -+ if (!EC_POINT_invert(group, r, ctx)) -+ goto err; -+ } -+ r_is_inverted = !r_is_inverted; -+ } -+ -+ /* digit > 0 */ -+ -+ if (r_is_at_infinity) { -+ if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) -+ goto err; -+ r_is_at_infinity = 0; -+ } else { -+ if (!EC_POINT_add -+ (group, r, r, val_sub[i][digit >> 1], ctx)) -+ goto err; -+ } -+ } -+ } -+ } -+ } -+ -+ if (r_is_at_infinity) { -+ if (!EC_POINT_set_to_infinity(group, r)) -+ goto err; -+ } else { -+ if (r_is_inverted) -+ if (!EC_POINT_invert(group, r, ctx)) -+ goto err; -+ } -+ -+ ret = 1; - - err: -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- if (tmp != NULL) -- EC_POINT_free(tmp); -- if (wsize != NULL) -- OPENSSL_free(wsize); -- if (wNAF_len != NULL) -- OPENSSL_free(wNAF_len); -- if (wNAF != NULL) -- { -- signed char **w; -- -- for (w = wNAF; *w != NULL; w++) -- OPENSSL_free(*w); -- -- OPENSSL_free(wNAF); -- } -- if (val != NULL) -- { -- for (v = val; *v != NULL; v++) -- EC_POINT_clear_free(*v); -- -- OPENSSL_free(val); -- } -- if (val_sub != NULL) -- { -- OPENSSL_free(val_sub); -- } -- return ret; -- } -- -- --/* ec_wNAF_precompute_mult() -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ if (tmp != NULL) -+ EC_POINT_free(tmp); -+ if (wsize != NULL) -+ OPENSSL_free(wsize); -+ if (wNAF_len != NULL) -+ OPENSSL_free(wNAF_len); -+ if (wNAF != NULL) { -+ signed char **w; -+ -+ for (w = wNAF; *w != NULL; w++) -+ OPENSSL_free(*w); -+ -+ OPENSSL_free(wNAF); -+ } -+ if (val != NULL) { -+ for (v = val; *v != NULL; v++) -+ EC_POINT_clear_free(*v); -+ -+ OPENSSL_free(val); -+ } -+ if (val_sub != NULL) { -+ OPENSSL_free(val_sub); -+ } -+ return ret; -+} -+ -+/*- -+ * ec_wNAF_precompute_mult() - * creates an EC_PRE_COMP object with preprecomputed multiples of the generator - * for use with wNAF splitting as implemented in ec_wNAF_mul(). -- * -+ * - * 'pre_comp->points' is an array of multiples of the generator - * of the following form: - * points[0] = generator; -@@ -763,178 +737,175 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - * points[2^(w-1)*numblocks] = NULL - */ - int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -- { -- const EC_POINT *generator; -- EC_POINT *tmp_point = NULL, *base = NULL, **var; -- BN_CTX *new_ctx = NULL; -- BIGNUM *order; -- size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; -- EC_POINT **points = NULL; -- EC_PRE_COMP *pre_comp; -- int ret = 0; -- -- /* if there is an old EC_PRE_COMP object, throw it away */ -- EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); -- -- if ((pre_comp = ec_pre_comp_new(group)) == NULL) -- return 0; -- -- generator = EC_GROUP_get0_generator(group); -- if (generator == NULL) -- { -- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); -- goto err; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- goto err; -- } -- -- BN_CTX_start(ctx); -- order = BN_CTX_get(ctx); -- if (order == NULL) goto err; -- -- if (!EC_GROUP_get_order(group, order, ctx)) goto err; -- if (BN_is_zero(order)) -- { -- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); -- goto err; -- } -- -- bits = BN_num_bits(order); -- /* The following parameters mean we precompute (approximately) -- * one point per bit. -- * -- * TBD: The combination 8, 4 is perfect for 160 bits; for other -- * bit lengths, other parameter combinations might provide better -- * efficiency. -- */ -- blocksize = 8; -- w = 4; -- if (EC_window_bits_for_scalar_size(bits) > w) -- { -- /* let's not make the window too small ... */ -- w = EC_window_bits_for_scalar_size(bits); -- } -- -- numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ -- -- pre_points_per_block = 1u << (w - 1); -- num = pre_points_per_block * numblocks; /* number of points to compute and store */ -- -- points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); -- if (!points) -- { -- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- var = points; -- var[num] = NULL; /* pivot */ -- for (i = 0; i < num; i++) -- { -- if ((var[i] = EC_POINT_new(group)) == NULL) -- { -- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- -- if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) -- { -- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!EC_POINT_copy(base, generator)) -- goto err; -- -- /* do the precomputation */ -- for (i = 0; i < numblocks; i++) -- { -- size_t j; -- -- if (!EC_POINT_dbl(group, tmp_point, base, ctx)) -- goto err; -- -- if (!EC_POINT_copy(*var++, base)) -- goto err; -- -- for (j = 1; j < pre_points_per_block; j++, var++) -- { -- /* calculate odd multiples of the current base point */ -- if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) -- goto err; -- } -- -- if (i < numblocks - 1) -- { -- /* get the next base (multiply current one by 2^blocksize) */ -- size_t k; -- -- if (blocksize <= 2) -- { -- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- if (!EC_POINT_dbl(group, base, tmp_point, ctx)) -- goto err; -- for (k = 2; k < blocksize; k++) -- { -- if (!EC_POINT_dbl(group,base,base,ctx)) -- goto err; -- } -- } -- } -- -- if (!EC_POINTs_make_affine(group, num, points, ctx)) -- goto err; -- -- pre_comp->group = group; -- pre_comp->blocksize = blocksize; -- pre_comp->numblocks = numblocks; -- pre_comp->w = w; -- pre_comp->points = points; -- points = NULL; -- pre_comp->num = num; -- -- if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, -- ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) -- goto err; -- pre_comp = NULL; -- -- ret = 1; -+{ -+ const EC_POINT *generator; -+ EC_POINT *tmp_point = NULL, *base = NULL, **var; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *order; -+ size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; -+ EC_POINT **points = NULL; -+ EC_PRE_COMP *pre_comp; -+ int ret = 0; -+ -+ /* if there is an old EC_PRE_COMP object, throw it away */ -+ EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, -+ ec_pre_comp_free, ec_pre_comp_clear_free); -+ -+ if ((pre_comp = ec_pre_comp_new(group)) == NULL) -+ return 0; -+ -+ generator = EC_GROUP_get0_generator(group); -+ if (generator == NULL) { -+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); -+ goto err; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ } -+ -+ BN_CTX_start(ctx); -+ order = BN_CTX_get(ctx); -+ if (order == NULL) -+ goto err; -+ -+ if (!EC_GROUP_get_order(group, order, ctx)) -+ goto err; -+ if (BN_is_zero(order)) { -+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); -+ goto err; -+ } -+ -+ bits = BN_num_bits(order); -+ /* -+ * The following parameters mean we precompute (approximately) one point -+ * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other -+ * bit lengths, other parameter combinations might provide better -+ * efficiency. -+ */ -+ blocksize = 8; -+ w = 4; -+ if (EC_window_bits_for_scalar_size(bits) > w) { -+ /* let's not make the window too small ... */ -+ w = EC_window_bits_for_scalar_size(bits); -+ } -+ -+ numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks -+ * to use for wNAF -+ * splitting */ -+ -+ pre_points_per_block = 1u << (w - 1); -+ num = pre_points_per_block * numblocks; /* number of points to compute -+ * and store */ -+ -+ points = OPENSSL_malloc(sizeof(EC_POINT *) * (num + 1)); -+ if (!points) { -+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ var = points; -+ var[num] = NULL; /* pivot */ -+ for (i = 0; i < num; i++) { -+ if ((var[i] = EC_POINT_new(group)) == NULL) { -+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) { -+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!EC_POINT_copy(base, generator)) -+ goto err; -+ -+ /* do the precomputation */ -+ for (i = 0; i < numblocks; i++) { -+ size_t j; -+ -+ if (!EC_POINT_dbl(group, tmp_point, base, ctx)) -+ goto err; -+ -+ if (!EC_POINT_copy(*var++, base)) -+ goto err; -+ -+ for (j = 1; j < pre_points_per_block; j++, var++) { -+ /* -+ * calculate odd multiples of the current base point -+ */ -+ if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) -+ goto err; -+ } -+ -+ if (i < numblocks - 1) { -+ /* -+ * get the next base (multiply current one by 2^blocksize) -+ */ -+ size_t k; -+ -+ if (blocksize <= 2) { -+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (!EC_POINT_dbl(group, base, tmp_point, ctx)) -+ goto err; -+ for (k = 2; k < blocksize; k++) { -+ if (!EC_POINT_dbl(group, base, base, ctx)) -+ goto err; -+ } -+ } -+ } -+ -+ if (!EC_POINTs_make_affine(group, num, points, ctx)) -+ goto err; -+ -+ pre_comp->group = group; -+ pre_comp->blocksize = blocksize; -+ pre_comp->numblocks = numblocks; -+ pre_comp->w = w; -+ pre_comp->points = points; -+ points = NULL; -+ pre_comp->num = num; -+ -+ if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, -+ ec_pre_comp_dup, ec_pre_comp_free, -+ ec_pre_comp_clear_free)) -+ goto err; -+ pre_comp = NULL; -+ -+ ret = 1; - err: -- if (ctx != NULL) -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- if (pre_comp) -- ec_pre_comp_free(pre_comp); -- if (points) -- { -- EC_POINT **p; -- -- for (p = points; *p != NULL; p++) -- EC_POINT_free(*p); -- OPENSSL_free(points); -- } -- if (tmp_point) -- EC_POINT_free(tmp_point); -- if (base) -- EC_POINT_free(base); -- return ret; -- } -- -+ if (ctx != NULL) -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ if (pre_comp) -+ ec_pre_comp_free(pre_comp); -+ if (points) { -+ EC_POINT **p; -+ -+ for (p = points; *p != NULL; p++) -+ EC_POINT_free(*p); -+ OPENSSL_free(points); -+ } -+ if (tmp_point) -+ EC_POINT_free(tmp_point); -+ if (base) -+ EC_POINT_free(base); -+ return ret; -+} - - int ec_wNAF_have_precompute_mult(const EC_GROUP *group) -- { -- if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) -- return 1; -- else -- return 0; -- } -+{ -+ if (EC_EX_DATA_get_data -+ (group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, -+ ec_pre_comp_clear_free) != NULL) -+ return 1; -+ else -+ return 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c -index f7c8a30..96b294d 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ec_print.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ec_print.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,140 +56,124 @@ - #include - #include "ec_lcl.h" - --BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, -- const EC_POINT *point, -+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, -+ const EC_POINT *point, - point_conversion_form_t form, -- BIGNUM *ret, -- BN_CTX *ctx) -- { -- size_t buf_len=0; -- unsigned char *buf; -+ BIGNUM *ret, BN_CTX *ctx) -+{ -+ size_t buf_len = 0; -+ unsigned char *buf; - -- buf_len = EC_POINT_point2oct(group, point, form, -- NULL, 0, ctx); -- if (buf_len == 0) -- return NULL; -+ buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx); -+ if (buf_len == 0) -+ return NULL; - -- if ((buf = OPENSSL_malloc(buf_len)) == NULL) -- return NULL; -+ if ((buf = OPENSSL_malloc(buf_len)) == NULL) -+ return NULL; - -- if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) -- { -- OPENSSL_free(buf); -- return NULL; -- } -+ if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) { -+ OPENSSL_free(buf); -+ return NULL; -+ } - -- ret = BN_bin2bn(buf, buf_len, ret); -+ ret = BN_bin2bn(buf, buf_len, ret); - -- OPENSSL_free(buf); -+ OPENSSL_free(buf); - -- return ret; -+ return ret; - } - - EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, -- const BIGNUM *bn, -- EC_POINT *point, -- BN_CTX *ctx) -- { -- size_t buf_len=0; -- unsigned char *buf; -- EC_POINT *ret; -- -- if ((buf_len = BN_num_bytes(bn)) == 0) return NULL; -- buf = OPENSSL_malloc(buf_len); -- if (buf == NULL) -- return NULL; -- -- if (!BN_bn2bin(bn, buf)) -- { -- OPENSSL_free(buf); -- return NULL; -- } -- -- if (point == NULL) -- { -- if ((ret = EC_POINT_new(group)) == NULL) -- { -- OPENSSL_free(buf); -- return NULL; -- } -- } -- else -- ret = point; -- -- if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) -- { -- if (point == NULL) -- EC_POINT_clear_free(ret); -- OPENSSL_free(buf); -- return NULL; -- } -- -- OPENSSL_free(buf); -- return ret; -- } -+ const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx) -+{ -+ size_t buf_len = 0; -+ unsigned char *buf; -+ EC_POINT *ret; -+ -+ if ((buf_len = BN_num_bytes(bn)) == 0) -+ return NULL; -+ buf = OPENSSL_malloc(buf_len); -+ if (buf == NULL) -+ return NULL; -+ -+ if (!BN_bn2bin(bn, buf)) { -+ OPENSSL_free(buf); -+ return NULL; -+ } -+ -+ if (point == NULL) { -+ if ((ret = EC_POINT_new(group)) == NULL) { -+ OPENSSL_free(buf); -+ return NULL; -+ } -+ } else -+ ret = point; -+ -+ if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) { -+ if (point == NULL) -+ EC_POINT_clear_free(ret); -+ OPENSSL_free(buf); -+ return NULL; -+ } -+ -+ OPENSSL_free(buf); -+ return ret; -+} - - static const char *HEX_DIGITS = "0123456789ABCDEF"; - - /* the return value must be freed (using OPENSSL_free()) */ - char *EC_POINT_point2hex(const EC_GROUP *group, - const EC_POINT *point, -- point_conversion_form_t form, -- BN_CTX *ctx) -- { -- char *ret, *p; -- size_t buf_len=0,i; -- unsigned char *buf, *pbuf; -- -- buf_len = EC_POINT_point2oct(group, point, form, -- NULL, 0, ctx); -- if (buf_len == 0) -- return NULL; -- -- if ((buf = OPENSSL_malloc(buf_len)) == NULL) -- return NULL; -- -- if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) -- { -- OPENSSL_free(buf); -- return NULL; -- } -- -- ret = (char *)OPENSSL_malloc(buf_len*2+2); -- if (ret == NULL) -- { -- OPENSSL_free(buf); -- return NULL; -- } -- p = ret; -- pbuf = buf; -- for (i=buf_len; i > 0; i--) -- { -- int v = (int) *(pbuf++); -- *(p++)=HEX_DIGITS[v>>4]; -- *(p++)=HEX_DIGITS[v&0x0F]; -- } -- *p='\0'; -- -- OPENSSL_free(buf); -- -- return ret; -- } -+ point_conversion_form_t form, BN_CTX *ctx) -+{ -+ char *ret, *p; -+ size_t buf_len = 0, i; -+ unsigned char *buf, *pbuf; -+ -+ buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx); -+ if (buf_len == 0) -+ return NULL; -+ -+ if ((buf = OPENSSL_malloc(buf_len)) == NULL) -+ return NULL; -+ -+ if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) { -+ OPENSSL_free(buf); -+ return NULL; -+ } -+ -+ ret = (char *)OPENSSL_malloc(buf_len * 2 + 2); -+ if (ret == NULL) { -+ OPENSSL_free(buf); -+ return NULL; -+ } -+ p = ret; -+ pbuf = buf; -+ for (i = buf_len; i > 0; i--) { -+ int v = (int)*(pbuf++); -+ *(p++) = HEX_DIGITS[v >> 4]; -+ *(p++) = HEX_DIGITS[v & 0x0F]; -+ } -+ *p = '\0'; -+ -+ OPENSSL_free(buf); -+ -+ return ret; -+} - - EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, -- const char *buf, -- EC_POINT *point, -- BN_CTX *ctx) -- { -- EC_POINT *ret=NULL; -- BIGNUM *tmp_bn=NULL; -+ const char *buf, EC_POINT *point, BN_CTX *ctx) -+{ -+ EC_POINT *ret = NULL; -+ BIGNUM *tmp_bn = NULL; - -- if (!BN_hex2bn(&tmp_bn, buf)) -- return NULL; -+ if (!BN_hex2bn(&tmp_bn, buf)) -+ return NULL; - -- ret = EC_POINT_bn2point(group, tmp_bn, point, ctx); -+ ret = EC_POINT_bn2point(group, tmp_bn, point, ctx); - -- BN_clear_free(tmp_bn); -+ BN_clear_free(tmp_bn); - -- return ret; -- } -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c -index 9fc4a46..1bfae5d 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,251 +65,236 @@ - - #include "ec_lcl.h" - -- - const EC_METHOD *EC_GFp_mont_method(void) -- { -- static const EC_METHOD ret = { -- NID_X9_62_prime_field, -- ec_GFp_mont_group_init, -- ec_GFp_mont_group_finish, -- ec_GFp_mont_group_clear_finish, -- ec_GFp_mont_group_copy, -- ec_GFp_mont_group_set_curve, -- ec_GFp_simple_group_get_curve, -- ec_GFp_simple_group_get_degree, -- ec_GFp_simple_group_check_discriminant, -- ec_GFp_simple_point_init, -- ec_GFp_simple_point_finish, -- ec_GFp_simple_point_clear_finish, -- ec_GFp_simple_point_copy, -- ec_GFp_simple_point_set_to_infinity, -- ec_GFp_simple_set_Jprojective_coordinates_GFp, -- ec_GFp_simple_get_Jprojective_coordinates_GFp, -- ec_GFp_simple_point_set_affine_coordinates, -- ec_GFp_simple_point_get_affine_coordinates, -- ec_GFp_simple_set_compressed_coordinates, -- ec_GFp_simple_point2oct, -- ec_GFp_simple_oct2point, -- ec_GFp_simple_add, -- ec_GFp_simple_dbl, -- ec_GFp_simple_invert, -- ec_GFp_simple_is_at_infinity, -- ec_GFp_simple_is_on_curve, -- ec_GFp_simple_cmp, -- ec_GFp_simple_make_affine, -- ec_GFp_simple_points_make_affine, -- 0 /* mul */, -- 0 /* precompute_mult */, -- 0 /* have_precompute_mult */, -- ec_GFp_mont_field_mul, -- ec_GFp_mont_field_sqr, -- 0 /* field_div */, -- ec_GFp_mont_field_encode, -- ec_GFp_mont_field_decode, -- ec_GFp_mont_field_set_to_one }; -- -- return &ret; -- } -- -+{ -+ static const EC_METHOD ret = { -+ NID_X9_62_prime_field, -+ ec_GFp_mont_group_init, -+ ec_GFp_mont_group_finish, -+ ec_GFp_mont_group_clear_finish, -+ ec_GFp_mont_group_copy, -+ ec_GFp_mont_group_set_curve, -+ ec_GFp_simple_group_get_curve, -+ ec_GFp_simple_group_get_degree, -+ ec_GFp_simple_group_check_discriminant, -+ ec_GFp_simple_point_init, -+ ec_GFp_simple_point_finish, -+ ec_GFp_simple_point_clear_finish, -+ ec_GFp_simple_point_copy, -+ ec_GFp_simple_point_set_to_infinity, -+ ec_GFp_simple_set_Jprojective_coordinates_GFp, -+ ec_GFp_simple_get_Jprojective_coordinates_GFp, -+ ec_GFp_simple_point_set_affine_coordinates, -+ ec_GFp_simple_point_get_affine_coordinates, -+ ec_GFp_simple_set_compressed_coordinates, -+ ec_GFp_simple_point2oct, -+ ec_GFp_simple_oct2point, -+ ec_GFp_simple_add, -+ ec_GFp_simple_dbl, -+ ec_GFp_simple_invert, -+ ec_GFp_simple_is_at_infinity, -+ ec_GFp_simple_is_on_curve, -+ ec_GFp_simple_cmp, -+ ec_GFp_simple_make_affine, -+ ec_GFp_simple_points_make_affine, -+ 0 /* mul */ , -+ 0 /* precompute_mult */ , -+ 0 /* have_precompute_mult */ , -+ ec_GFp_mont_field_mul, -+ ec_GFp_mont_field_sqr, -+ 0 /* field_div */ , -+ ec_GFp_mont_field_encode, -+ ec_GFp_mont_field_decode, -+ ec_GFp_mont_field_set_to_one -+ }; -+ -+ return &ret; -+} - - int ec_GFp_mont_group_init(EC_GROUP *group) -- { -- int ok; -- -- ok = ec_GFp_simple_group_init(group); -- group->field_data1 = NULL; -- group->field_data2 = NULL; -- return ok; -- } -+{ -+ int ok; - -+ ok = ec_GFp_simple_group_init(group); -+ group->field_data1 = NULL; -+ group->field_data2 = NULL; -+ return ok; -+} - - void ec_GFp_mont_group_finish(EC_GROUP *group) -- { -- if (group->field_data1 != NULL) -- { -- BN_MONT_CTX_free(group->field_data1); -- group->field_data1 = NULL; -- } -- if (group->field_data2 != NULL) -- { -- BN_free(group->field_data2); -- group->field_data2 = NULL; -- } -- ec_GFp_simple_group_finish(group); -- } -- -+{ -+ if (group->field_data1 != NULL) { -+ BN_MONT_CTX_free(group->field_data1); -+ group->field_data1 = NULL; -+ } -+ if (group->field_data2 != NULL) { -+ BN_free(group->field_data2); -+ group->field_data2 = NULL; -+ } -+ ec_GFp_simple_group_finish(group); -+} - - void ec_GFp_mont_group_clear_finish(EC_GROUP *group) -- { -- if (group->field_data1 != NULL) -- { -- BN_MONT_CTX_free(group->field_data1); -- group->field_data1 = NULL; -- } -- if (group->field_data2 != NULL) -- { -- BN_clear_free(group->field_data2); -- group->field_data2 = NULL; -- } -- ec_GFp_simple_group_clear_finish(group); -- } -- -+{ -+ if (group->field_data1 != NULL) { -+ BN_MONT_CTX_free(group->field_data1); -+ group->field_data1 = NULL; -+ } -+ if (group->field_data2 != NULL) { -+ BN_clear_free(group->field_data2); -+ group->field_data2 = NULL; -+ } -+ ec_GFp_simple_group_clear_finish(group); -+} - - int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) -- { -- if (dest->field_data1 != NULL) -- { -- BN_MONT_CTX_free(dest->field_data1); -- dest->field_data1 = NULL; -- } -- if (dest->field_data2 != NULL) -- { -- BN_clear_free(dest->field_data2); -- dest->field_data2 = NULL; -- } -- -- if (!ec_GFp_simple_group_copy(dest, src)) return 0; -- -- if (src->field_data1 != NULL) -- { -- dest->field_data1 = BN_MONT_CTX_new(); -- if (dest->field_data1 == NULL) return 0; -- if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err; -- } -- if (src->field_data2 != NULL) -- { -- dest->field_data2 = BN_dup(src->field_data2); -- if (dest->field_data2 == NULL) goto err; -- } -- -- return 1; -+{ -+ if (dest->field_data1 != NULL) { -+ BN_MONT_CTX_free(dest->field_data1); -+ dest->field_data1 = NULL; -+ } -+ if (dest->field_data2 != NULL) { -+ BN_clear_free(dest->field_data2); -+ dest->field_data2 = NULL; -+ } -+ -+ if (!ec_GFp_simple_group_copy(dest, src)) -+ return 0; -+ -+ if (src->field_data1 != NULL) { -+ dest->field_data1 = BN_MONT_CTX_new(); -+ if (dest->field_data1 == NULL) -+ return 0; -+ if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) -+ goto err; -+ } -+ if (src->field_data2 != NULL) { -+ dest->field_data2 = BN_dup(src->field_data2); -+ if (dest->field_data2 == NULL) -+ goto err; -+ } -+ -+ return 1; - - err: -- if (dest->field_data1 != NULL) -- { -- BN_MONT_CTX_free(dest->field_data1); -- dest->field_data1 = NULL; -- } -- return 0; -- } -- -- --int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- BN_MONT_CTX *mont = NULL; -- BIGNUM *one = NULL; -- int ret = 0; -- -- if (group->field_data1 != NULL) -- { -- BN_MONT_CTX_free(group->field_data1); -- group->field_data1 = NULL; -- } -- if (group->field_data2 != NULL) -- { -- BN_free(group->field_data2); -- group->field_data2 = NULL; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- mont = BN_MONT_CTX_new(); -- if (mont == NULL) goto err; -- if (!BN_MONT_CTX_set(mont, p, ctx)) -- { -- ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB); -- goto err; -- } -- one = BN_new(); -- if (one == NULL) goto err; -- if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err; -- -- group->field_data1 = mont; -- mont = NULL; -- group->field_data2 = one; -- one = NULL; -- -- ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); -- -- if (!ret) -- { -- BN_MONT_CTX_free(group->field_data1); -- group->field_data1 = NULL; -- BN_free(group->field_data2); -- group->field_data2 = NULL; -- } -+ if (dest->field_data1 != NULL) { -+ BN_MONT_CTX_free(dest->field_data1); -+ dest->field_data1 = NULL; -+ } -+ return 0; -+} -+ -+int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, -+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ BN_MONT_CTX *mont = NULL; -+ BIGNUM *one = NULL; -+ int ret = 0; -+ -+ if (group->field_data1 != NULL) { -+ BN_MONT_CTX_free(group->field_data1); -+ group->field_data1 = NULL; -+ } -+ if (group->field_data2 != NULL) { -+ BN_free(group->field_data2); -+ group->field_data2 = NULL; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ mont = BN_MONT_CTX_new(); -+ if (mont == NULL) -+ goto err; -+ if (!BN_MONT_CTX_set(mont, p, ctx)) { -+ ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB); -+ goto err; -+ } -+ one = BN_new(); -+ if (one == NULL) -+ goto err; -+ if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) -+ goto err; -+ -+ group->field_data1 = mont; -+ mont = NULL; -+ group->field_data2 = one; -+ one = NULL; -+ -+ ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); -+ -+ if (!ret) { -+ BN_MONT_CTX_free(group->field_data1); -+ group->field_data1 = NULL; -+ BN_free(group->field_data2); -+ group->field_data2 = NULL; -+ } - - err: -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- if (mont != NULL) -- BN_MONT_CTX_free(mont); -- return ret; -- } -- -- --int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- if (group->field_data1 == NULL) -- { -- ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED); -- return 0; -- } -- -- return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); -- } -- -- --int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -- { -- if (group->field_data1 == NULL) -- { -- ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED); -- return 0; -- } -- -- return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); -- } -- -- --int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -- { -- if (group->field_data1 == NULL) -- { -- ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED); -- return 0; -- } -- -- return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx); -- } -- -- --int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -- { -- if (group->field_data1 == NULL) -- { -- ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); -- return 0; -- } -- -- return BN_from_montgomery(r, a, group->field_data1, ctx); -- } -- -- --int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) -- { -- if (group->field_data2 == NULL) -- { -- ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED); -- return 0; -- } -- -- if (!BN_copy(r, group->field_data2)) return 0; -- return 1; -- } -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ if (mont != NULL) -+ BN_MONT_CTX_free(mont); -+ return ret; -+} -+ -+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ if (group->field_data1 == NULL) { -+ ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED); -+ return 0; -+ } -+ -+ return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); -+} -+ -+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, -+ BN_CTX *ctx) -+{ -+ if (group->field_data1 == NULL) { -+ ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED); -+ return 0; -+ } -+ -+ return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); -+} -+ -+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, -+ const BIGNUM *a, BN_CTX *ctx) -+{ -+ if (group->field_data1 == NULL) { -+ ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED); -+ return 0; -+ } -+ -+ return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx); -+} -+ -+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, -+ const BIGNUM *a, BN_CTX *ctx) -+{ -+ if (group->field_data1 == NULL) { -+ ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); -+ return 0; -+ } -+ -+ return BN_from_montgomery(r, a, group->field_data1, ctx); -+} -+ -+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, -+ BN_CTX *ctx) -+{ -+ if (group->field_data2 == NULL) { -+ ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED); -+ return 0; -+ } -+ -+ if (!BN_copy(r, group->field_data2)) -+ return 0; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c -index 71893d5..dd976d3 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -68,169 +68,168 @@ - #include "ec_lcl.h" - - const EC_METHOD *EC_GFp_nist_method(void) -- { -- static const EC_METHOD ret = { -- NID_X9_62_prime_field, -- ec_GFp_simple_group_init, -- ec_GFp_simple_group_finish, -- ec_GFp_simple_group_clear_finish, -- ec_GFp_nist_group_copy, -- ec_GFp_nist_group_set_curve, -- ec_GFp_simple_group_get_curve, -- ec_GFp_simple_group_get_degree, -- ec_GFp_simple_group_check_discriminant, -- ec_GFp_simple_point_init, -- ec_GFp_simple_point_finish, -- ec_GFp_simple_point_clear_finish, -- ec_GFp_simple_point_copy, -- ec_GFp_simple_point_set_to_infinity, -- ec_GFp_simple_set_Jprojective_coordinates_GFp, -- ec_GFp_simple_get_Jprojective_coordinates_GFp, -- ec_GFp_simple_point_set_affine_coordinates, -- ec_GFp_simple_point_get_affine_coordinates, -- ec_GFp_simple_set_compressed_coordinates, -- ec_GFp_simple_point2oct, -- ec_GFp_simple_oct2point, -- ec_GFp_simple_add, -- ec_GFp_simple_dbl, -- ec_GFp_simple_invert, -- ec_GFp_simple_is_at_infinity, -- ec_GFp_simple_is_on_curve, -- ec_GFp_simple_cmp, -- ec_GFp_simple_make_affine, -- ec_GFp_simple_points_make_affine, -- 0 /* mul */, -- 0 /* precompute_mult */, -- 0 /* have_precompute_mult */, -- ec_GFp_nist_field_mul, -- ec_GFp_nist_field_sqr, -- 0 /* field_div */, -- 0 /* field_encode */, -- 0 /* field_decode */, -- 0 /* field_set_to_one */ }; -- -- return &ret; -- } -+{ -+ static const EC_METHOD ret = { -+ NID_X9_62_prime_field, -+ ec_GFp_simple_group_init, -+ ec_GFp_simple_group_finish, -+ ec_GFp_simple_group_clear_finish, -+ ec_GFp_nist_group_copy, -+ ec_GFp_nist_group_set_curve, -+ ec_GFp_simple_group_get_curve, -+ ec_GFp_simple_group_get_degree, -+ ec_GFp_simple_group_check_discriminant, -+ ec_GFp_simple_point_init, -+ ec_GFp_simple_point_finish, -+ ec_GFp_simple_point_clear_finish, -+ ec_GFp_simple_point_copy, -+ ec_GFp_simple_point_set_to_infinity, -+ ec_GFp_simple_set_Jprojective_coordinates_GFp, -+ ec_GFp_simple_get_Jprojective_coordinates_GFp, -+ ec_GFp_simple_point_set_affine_coordinates, -+ ec_GFp_simple_point_get_affine_coordinates, -+ ec_GFp_simple_set_compressed_coordinates, -+ ec_GFp_simple_point2oct, -+ ec_GFp_simple_oct2point, -+ ec_GFp_simple_add, -+ ec_GFp_simple_dbl, -+ ec_GFp_simple_invert, -+ ec_GFp_simple_is_at_infinity, -+ ec_GFp_simple_is_on_curve, -+ ec_GFp_simple_cmp, -+ ec_GFp_simple_make_affine, -+ ec_GFp_simple_points_make_affine, -+ 0 /* mul */ , -+ 0 /* precompute_mult */ , -+ 0 /* have_precompute_mult */ , -+ ec_GFp_nist_field_mul, -+ ec_GFp_nist_field_sqr, -+ 0 /* field_div */ , -+ 0 /* field_encode */ , -+ 0 /* field_decode */ , -+ 0 /* field_set_to_one */ -+ }; -+ -+ return &ret; -+} - - #if BN_BITS2 == 64 --#define NO_32_BIT_TYPE -+# define NO_32_BIT_TYPE - #endif - - int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) -- { -- dest->field_mod_func = src->field_mod_func; -+{ -+ dest->field_mod_func = src->field_mod_func; - -- return ec_GFp_simple_group_copy(dest, src); -- } -+ return ec_GFp_simple_group_copy(dest, src); -+} - - int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, -- const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- int ret = 0; -- BN_CTX *new_ctx = NULL; -- BIGNUM *tmp_bn; -- -- if (ctx == NULL) -- if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; -- -- BN_CTX_start(ctx); -- if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err; -- -- if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) -- group->field_mod_func = BN_nist_mod_192; -- else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) -- { -+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -+{ -+ int ret = 0; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *tmp_bn; -+ -+ if (ctx == NULL) -+ if ((ctx = new_ctx = BN_CTX_new()) == NULL) -+ return 0; -+ -+ BN_CTX_start(ctx); -+ if ((tmp_bn = BN_CTX_get(ctx)) == NULL) -+ goto err; -+ -+ if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) -+ group->field_mod_func = BN_nist_mod_192; -+ else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) { - #ifndef NO_32_BIT_TYPE -- group->field_mod_func = BN_nist_mod_224; -+ group->field_mod_func = BN_nist_mod_224; - #else -- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); -- goto err; -+ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, -+ EC_R_NOT_A_SUPPORTED_NIST_PRIME); -+ goto err; - #endif -- } -- else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) -- { -+ } else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) { - #ifndef NO_32_BIT_TYPE -- group->field_mod_func = BN_nist_mod_256; -+ group->field_mod_func = BN_nist_mod_256; - #else -- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); -- goto err; -+ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, -+ EC_R_NOT_A_SUPPORTED_NIST_PRIME); -+ goto err; - #endif -- } -- else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) -- { -+ } else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) { - #ifndef NO_32_BIT_TYPE -- group->field_mod_func = BN_nist_mod_384; -+ group->field_mod_func = BN_nist_mod_384; - #else -- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); -- goto err; -+ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, -+ EC_R_NOT_A_SUPPORTED_NIST_PRIME); -+ goto err; - #endif -- } -- else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) -- /* this one works in the NO_32_BIT_TYPE case */ -- group->field_mod_func = BN_nist_mod_521; -- else -- { -- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME); -- goto err; -- } -- -- ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); -+ } else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) -+ /* this one works in the NO_32_BIT_TYPE case */ -+ group->field_mod_func = BN_nist_mod_521; -+ else { -+ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME); -+ goto err; -+ } - -- err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -+ ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - -+ err: -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} - - int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *b, BN_CTX *ctx) -- { -- int ret=0; -- BN_CTX *ctx_new=NULL; -- -- if (!group || !r || !a || !b) -- { -- ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); -- goto err; -- } -- if (!ctx) -- if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; -- -- if (!BN_mul(r, a, b, ctx)) goto err; -- if (!group->field_mod_func(r, r, &group->field, ctx)) -- goto err; -- -- ret=1; --err: -- if (ctx_new) -- BN_CTX_free(ctx_new); -- return ret; -- } -- -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ int ret = 0; -+ BN_CTX *ctx_new = NULL; -+ -+ if (!group || !r || !a || !b) { -+ ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ if (!ctx) -+ if ((ctx_new = ctx = BN_CTX_new()) == NULL) -+ goto err; -+ -+ if (!BN_mul(r, a, b, ctx)) -+ goto err; -+ if (!group->field_mod_func(r, r, &group->field, ctx)) -+ goto err; -+ -+ ret = 1; -+ err: -+ if (ctx_new) -+ BN_CTX_free(ctx_new); -+ return ret; -+} - - int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, -- BN_CTX *ctx) -- { -- int ret=0; -- BN_CTX *ctx_new=NULL; -- -- if (!group || !r || !a) -- { -- ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); -- goto err; -- } -- if (!ctx) -- if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; -- -- if (!BN_sqr(r, a, ctx)) goto err; -- if (!group->field_mod_func(r, r, &group->field, ctx)) -- goto err; -- -- ret=1; --err: -- if (ctx_new) -- BN_CTX_free(ctx_new); -- return ret; -- } -+ BN_CTX *ctx) -+{ -+ int ret = 0; -+ BN_CTX *ctx_new = NULL; -+ -+ if (!group || !r || !a) { -+ ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ if (!ctx) -+ if ((ctx_new = ctx = BN_CTX_new()) == NULL) -+ goto err; -+ -+ if (!BN_sqr(r, a, ctx)) -+ goto err; -+ if (!group->field_mod_func(r, r, &group->field, ctx)) -+ goto err; -+ -+ ret = 1; -+ err: -+ if (ctx_new) -+ BN_CTX_free(ctx_new); -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c -index b239088..a0c1540 100644 ---- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c -+++ b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c -@@ -1,8 +1,9 @@ - /* crypto/ec/ecp_smpl.c */ --/* Includes code written by Lenka Fibikova -- * for the OpenSSL project. -- * Includes code written by Bodo Moeller for the OpenSSL project. --*/ -+/* -+ * Includes code written by Lenka Fibikova -+ * for the OpenSSL project. Includes code written by Bodo Moeller for the -+ * OpenSSL project. -+ */ - /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * -@@ -11,7 +12,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -68,1630 +69,1701 @@ - #include "ec_lcl.h" - - const EC_METHOD *EC_GFp_simple_method(void) -- { -- static const EC_METHOD ret = { -- NID_X9_62_prime_field, -- ec_GFp_simple_group_init, -- ec_GFp_simple_group_finish, -- ec_GFp_simple_group_clear_finish, -- ec_GFp_simple_group_copy, -- ec_GFp_simple_group_set_curve, -- ec_GFp_simple_group_get_curve, -- ec_GFp_simple_group_get_degree, -- ec_GFp_simple_group_check_discriminant, -- ec_GFp_simple_point_init, -- ec_GFp_simple_point_finish, -- ec_GFp_simple_point_clear_finish, -- ec_GFp_simple_point_copy, -- ec_GFp_simple_point_set_to_infinity, -- ec_GFp_simple_set_Jprojective_coordinates_GFp, -- ec_GFp_simple_get_Jprojective_coordinates_GFp, -- ec_GFp_simple_point_set_affine_coordinates, -- ec_GFp_simple_point_get_affine_coordinates, -- ec_GFp_simple_set_compressed_coordinates, -- ec_GFp_simple_point2oct, -- ec_GFp_simple_oct2point, -- ec_GFp_simple_add, -- ec_GFp_simple_dbl, -- ec_GFp_simple_invert, -- ec_GFp_simple_is_at_infinity, -- ec_GFp_simple_is_on_curve, -- ec_GFp_simple_cmp, -- ec_GFp_simple_make_affine, -- ec_GFp_simple_points_make_affine, -- 0 /* mul */, -- 0 /* precompute_mult */, -- 0 /* have_precompute_mult */, -- ec_GFp_simple_field_mul, -- ec_GFp_simple_field_sqr, -- 0 /* field_div */, -- 0 /* field_encode */, -- 0 /* field_decode */, -- 0 /* field_set_to_one */ }; -- -- return &ret; -- } -- -- --/* Most method functions in this file are designed to work with -+{ -+ static const EC_METHOD ret = { -+ NID_X9_62_prime_field, -+ ec_GFp_simple_group_init, -+ ec_GFp_simple_group_finish, -+ ec_GFp_simple_group_clear_finish, -+ ec_GFp_simple_group_copy, -+ ec_GFp_simple_group_set_curve, -+ ec_GFp_simple_group_get_curve, -+ ec_GFp_simple_group_get_degree, -+ ec_GFp_simple_group_check_discriminant, -+ ec_GFp_simple_point_init, -+ ec_GFp_simple_point_finish, -+ ec_GFp_simple_point_clear_finish, -+ ec_GFp_simple_point_copy, -+ ec_GFp_simple_point_set_to_infinity, -+ ec_GFp_simple_set_Jprojective_coordinates_GFp, -+ ec_GFp_simple_get_Jprojective_coordinates_GFp, -+ ec_GFp_simple_point_set_affine_coordinates, -+ ec_GFp_simple_point_get_affine_coordinates, -+ ec_GFp_simple_set_compressed_coordinates, -+ ec_GFp_simple_point2oct, -+ ec_GFp_simple_oct2point, -+ ec_GFp_simple_add, -+ ec_GFp_simple_dbl, -+ ec_GFp_simple_invert, -+ ec_GFp_simple_is_at_infinity, -+ ec_GFp_simple_is_on_curve, -+ ec_GFp_simple_cmp, -+ ec_GFp_simple_make_affine, -+ ec_GFp_simple_points_make_affine, -+ 0 /* mul */ , -+ 0 /* precompute_mult */ , -+ 0 /* have_precompute_mult */ , -+ ec_GFp_simple_field_mul, -+ ec_GFp_simple_field_sqr, -+ 0 /* field_div */ , -+ 0 /* field_encode */ , -+ 0 /* field_decode */ , -+ 0 /* field_set_to_one */ -+ }; -+ -+ return &ret; -+} -+ -+/* -+ * Most method functions in this file are designed to work with - * non-trivial representations of field elements if necessary - * (see ecp_mont.c): while standard modular addition and subtraction - * are used, the field_mul and field_sqr methods will be used for - * multiplication, and field_encode and field_decode (if defined) - * will be used for converting between representations. -- -+ * - * Functions ec_GFp_simple_points_make_affine() and - * ec_GFp_simple_point_get_affine_coordinates() specifically assume - * that if a non-trivial representation is used, it is a Montgomery - * representation (i.e. 'encoding' means multiplying by some factor R). - */ - -- - int ec_GFp_simple_group_init(EC_GROUP *group) -- { -- BN_init(&group->field); -- BN_init(&group->a); -- BN_init(&group->b); -- group->a_is_minus3 = 0; -- return 1; -- } -- -+{ -+ BN_init(&group->field); -+ BN_init(&group->a); -+ BN_init(&group->b); -+ group->a_is_minus3 = 0; -+ return 1; -+} - - void ec_GFp_simple_group_finish(EC_GROUP *group) -- { -- BN_free(&group->field); -- BN_free(&group->a); -- BN_free(&group->b); -- } -- -+{ -+ BN_free(&group->field); -+ BN_free(&group->a); -+ BN_free(&group->b); -+} - - void ec_GFp_simple_group_clear_finish(EC_GROUP *group) -- { -- BN_clear_free(&group->field); -- BN_clear_free(&group->a); -- BN_clear_free(&group->b); -- } -- -+{ -+ BN_clear_free(&group->field); -+ BN_clear_free(&group->a); -+ BN_clear_free(&group->b); -+} - - int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) -- { -- if (!BN_copy(&dest->field, &src->field)) return 0; -- if (!BN_copy(&dest->a, &src->a)) return 0; -- if (!BN_copy(&dest->b, &src->b)) return 0; -- -- dest->a_is_minus3 = src->a_is_minus3; -+{ -+ if (!BN_copy(&dest->field, &src->field)) -+ return 0; -+ if (!BN_copy(&dest->a, &src->a)) -+ return 0; -+ if (!BN_copy(&dest->b, &src->b)) -+ return 0; - -- return 1; -- } -+ dest->a_is_minus3 = src->a_is_minus3; - -+ return 1; -+} - - int ec_GFp_simple_group_set_curve(EC_GROUP *group, -- const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- int ret = 0; -- BN_CTX *new_ctx = NULL; -- BIGNUM *tmp_a; -- -- /* p must be a prime > 3 */ -- if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD); -- return 0; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- tmp_a = BN_CTX_get(ctx); -- if (tmp_a == NULL) goto err; -- -- /* group->field */ -- if (!BN_copy(&group->field, p)) goto err; -- BN_set_negative(&group->field, 0); -- -- /* group->a */ -- if (!BN_nnmod(tmp_a, a, p, ctx)) goto err; -- if (group->meth->field_encode) -- { if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; } -- else -- if (!BN_copy(&group->a, tmp_a)) goto err; -- -- /* group->b */ -- if (!BN_nnmod(&group->b, b, p, ctx)) goto err; -- if (group->meth->field_encode) -- if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err; -- -- /* group->a_is_minus3 */ -- if (!BN_add_word(tmp_a, 3)) goto err; -- group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field)); -- -- ret = 1; -+ const BIGNUM *p, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ int ret = 0; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *tmp_a; -+ -+ /* p must be a prime > 3 */ -+ if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD); -+ return 0; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ tmp_a = BN_CTX_get(ctx); -+ if (tmp_a == NULL) -+ goto err; -+ -+ /* group->field */ -+ if (!BN_copy(&group->field, p)) -+ goto err; -+ BN_set_negative(&group->field, 0); -+ -+ /* group->a */ -+ if (!BN_nnmod(tmp_a, a, p, ctx)) -+ goto err; -+ if (group->meth->field_encode) { -+ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) -+ goto err; -+ } else if (!BN_copy(&group->a, tmp_a)) -+ goto err; -+ -+ /* group->b */ -+ if (!BN_nnmod(&group->b, b, p, ctx)) -+ goto err; -+ if (group->meth->field_encode) -+ if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) -+ goto err; -+ -+ /* group->a_is_minus3 */ -+ if (!BN_add_word(tmp_a, 3)) -+ goto err; -+ group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field)); -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -- { -- int ret = 0; -- BN_CTX *new_ctx = NULL; -- -- if (p != NULL) -- { -- if (!BN_copy(p, &group->field)) return 0; -- } -- -- if (a != NULL || b != NULL) -- { -- if (group->meth->field_decode) -- { -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- if (a != NULL) -- { -- if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err; -- } -- if (b != NULL) -- { -- if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err; -- } -- } -- else -- { -- if (a != NULL) -- { -- if (!BN_copy(a, &group->a)) goto err; -- } -- if (b != NULL) -- { -- if (!BN_copy(b, &group->b)) goto err; -- } -- } -- } -- -- ret = 1; -- -- err: -- if (new_ctx) -- BN_CTX_free(new_ctx); -- return ret; -- } -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, -+ BIGNUM *b, BN_CTX *ctx) -+{ -+ int ret = 0; -+ BN_CTX *new_ctx = NULL; -+ -+ if (p != NULL) { -+ if (!BN_copy(p, &group->field)) -+ return 0; -+ } -+ -+ if (a != NULL || b != NULL) { -+ if (group->meth->field_decode) { -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ if (a != NULL) { -+ if (!group->meth->field_decode(group, a, &group->a, ctx)) -+ goto err; -+ } -+ if (b != NULL) { -+ if (!group->meth->field_decode(group, b, &group->b, ctx)) -+ goto err; -+ } -+ } else { -+ if (a != NULL) { -+ if (!BN_copy(a, &group->a)) -+ goto err; -+ } -+ if (b != NULL) { -+ if (!BN_copy(b, &group->b)) -+ goto err; -+ } -+ } -+ } -+ -+ ret = 1; - -+ err: -+ if (new_ctx) -+ BN_CTX_free(new_ctx); -+ return ret; -+} - - int ec_GFp_simple_group_get_degree(const EC_GROUP *group) -- { -- return BN_num_bits(&group->field); -- } -- -+{ -+ return BN_num_bits(&group->field); -+} - - int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) -- { -- int ret = 0; -- BIGNUM *a,*b,*order,*tmp_1,*tmp_2; -- const BIGNUM *p = &group->field; -- BN_CTX *new_ctx = NULL; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- BN_CTX_start(ctx); -- a = BN_CTX_get(ctx); -- b = BN_CTX_get(ctx); -- tmp_1 = BN_CTX_get(ctx); -- tmp_2 = BN_CTX_get(ctx); -- order = BN_CTX_get(ctx); -- if (order == NULL) goto err; -- -- if (group->meth->field_decode) -- { -- if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err; -- if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err; -- } -- else -- { -- if (!BN_copy(a, &group->a)) goto err; -- if (!BN_copy(b, &group->b)) goto err; -- } -- -- /* check the discriminant: -- * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) -- * 0 =< a, b < p */ -- if (BN_is_zero(a)) -- { -- if (BN_is_zero(b)) goto err; -- } -- else if (!BN_is_zero(b)) -- { -- if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err; -- if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err; -- if (!BN_lshift(tmp_1, tmp_2, 2)) goto err; -- /* tmp_1 = 4*a^3 */ -- -- if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err; -- if (!BN_mul_word(tmp_2, 27)) goto err; -- /* tmp_2 = 27*b^2 */ -- -- if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err; -- if (BN_is_zero(a)) goto err; -- } -- ret = 1; -- --err: -- if (ctx != NULL) -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -+{ -+ int ret = 0; -+ BIGNUM *a, *b, *order, *tmp_1, *tmp_2; -+ const BIGNUM *p = &group->field; -+ BN_CTX *new_ctx = NULL; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ BN_CTX_start(ctx); -+ a = BN_CTX_get(ctx); -+ b = BN_CTX_get(ctx); -+ tmp_1 = BN_CTX_get(ctx); -+ tmp_2 = BN_CTX_get(ctx); -+ order = BN_CTX_get(ctx); -+ if (order == NULL) -+ goto err; -+ -+ if (group->meth->field_decode) { -+ if (!group->meth->field_decode(group, a, &group->a, ctx)) -+ goto err; -+ if (!group->meth->field_decode(group, b, &group->b, ctx)) -+ goto err; -+ } else { -+ if (!BN_copy(a, &group->a)) -+ goto err; -+ if (!BN_copy(b, &group->b)) -+ goto err; -+ } -+ -+ /*- -+ * check the discriminant: -+ * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) -+ * 0 =< a, b < p -+ */ -+ if (BN_is_zero(a)) { -+ if (BN_is_zero(b)) -+ goto err; -+ } else if (!BN_is_zero(b)) { -+ if (!BN_mod_sqr(tmp_1, a, p, ctx)) -+ goto err; -+ if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) -+ goto err; -+ if (!BN_lshift(tmp_1, tmp_2, 2)) -+ goto err; -+ /* tmp_1 = 4*a^3 */ -+ -+ if (!BN_mod_sqr(tmp_2, b, p, ctx)) -+ goto err; -+ if (!BN_mul_word(tmp_2, 27)) -+ goto err; -+ /* tmp_2 = 27*b^2 */ -+ -+ if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) -+ goto err; -+ if (BN_is_zero(a)) -+ goto err; -+ } -+ ret = 1; - -+ err: -+ if (ctx != NULL) -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} - - int ec_GFp_simple_point_init(EC_POINT *point) -- { -- BN_init(&point->X); -- BN_init(&point->Y); -- BN_init(&point->Z); -- point->Z_is_one = 0; -- -- return 1; -- } -+{ -+ BN_init(&point->X); -+ BN_init(&point->Y); -+ BN_init(&point->Z); -+ point->Z_is_one = 0; - -+ return 1; -+} - - void ec_GFp_simple_point_finish(EC_POINT *point) -- { -- BN_free(&point->X); -- BN_free(&point->Y); -- BN_free(&point->Z); -- } -- -+{ -+ BN_free(&point->X); -+ BN_free(&point->Y); -+ BN_free(&point->Z); -+} - - void ec_GFp_simple_point_clear_finish(EC_POINT *point) -- { -- BN_clear_free(&point->X); -- BN_clear_free(&point->Y); -- BN_clear_free(&point->Z); -- point->Z_is_one = 0; -- } -- -+{ -+ BN_clear_free(&point->X); -+ BN_clear_free(&point->Y); -+ BN_clear_free(&point->Z); -+ point->Z_is_one = 0; -+} - - int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) -- { -- if (!BN_copy(&dest->X, &src->X)) return 0; -- if (!BN_copy(&dest->Y, &src->Y)) return 0; -- if (!BN_copy(&dest->Z, &src->Z)) return 0; -- dest->Z_is_one = src->Z_is_one; -- -- return 1; -- } -- -- --int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) -- { -- point->Z_is_one = 0; -- BN_zero(&point->Z); -- return 1; -- } -- -- --int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- int ret = 0; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- if (x != NULL) -- { -- if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err; -- if (group->meth->field_encode) -- { -- if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err; -- } -- } -- -- if (y != NULL) -- { -- if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err; -- if (group->meth->field_encode) -- { -- if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err; -- } -- } -- -- if (z != NULL) -- { -- int Z_is_one; -- -- if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err; -- Z_is_one = BN_is_one(&point->Z); -- if (group->meth->field_encode) -- { -- if (Z_is_one && (group->meth->field_set_to_one != 0)) -- { -- if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err; -- } -- else -- { -- if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err; -- } -- } -- point->Z_is_one = Z_is_one; -- } -- -- ret = 1; -- -- err: -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, -- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- int ret = 0; -- -- if (group->meth->field_decode != 0) -- { -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- if (x != NULL) -- { -- if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err; -- } -- if (y != NULL) -- { -- if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err; -- } -- if (z != NULL) -- { -- if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err; -- } -- } -- else -- { -- if (x != NULL) -- { -- if (!BN_copy(x, &point->X)) goto err; -- } -- if (y != NULL) -- { -- if (!BN_copy(y, &point->Y)) goto err; -- } -- if (z != NULL) -- { -- if (!BN_copy(z, &point->Z)) goto err; -- } -- } -- -- ret = 1; -+{ -+ if (!BN_copy(&dest->X, &src->X)) -+ return 0; -+ if (!BN_copy(&dest->Y, &src->Y)) -+ return 0; -+ if (!BN_copy(&dest->Z, &src->Z)) -+ return 0; -+ dest->Z_is_one = src->Z_is_one; -+ -+ return 1; -+} -+ -+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, -+ EC_POINT *point) -+{ -+ point->Z_is_one = 0; -+ BN_zero(&point->Z); -+ return 1; -+} -+ -+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, -+ EC_POINT *point, -+ const BIGNUM *x, -+ const BIGNUM *y, -+ const BIGNUM *z, -+ BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ int ret = 0; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ if (x != NULL) { -+ if (!BN_nnmod(&point->X, x, &group->field, ctx)) -+ goto err; -+ if (group->meth->field_encode) { -+ if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) -+ goto err; -+ } -+ } -+ -+ if (y != NULL) { -+ if (!BN_nnmod(&point->Y, y, &group->field, ctx)) -+ goto err; -+ if (group->meth->field_encode) { -+ if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) -+ goto err; -+ } -+ } -+ -+ if (z != NULL) { -+ int Z_is_one; -+ -+ if (!BN_nnmod(&point->Z, z, &group->field, ctx)) -+ goto err; -+ Z_is_one = BN_is_one(&point->Z); -+ if (group->meth->field_encode) { -+ if (Z_is_one && (group->meth->field_set_to_one != 0)) { -+ if (!group->meth->field_set_to_one(group, &point->Z, ctx)) -+ goto err; -+ } else { -+ if (!group-> -+ meth->field_encode(group, &point->Z, &point->Z, ctx)) -+ goto err; -+ } -+ } -+ point->Z_is_one = Z_is_one; -+ } -+ -+ ret = 1; - - err: -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) -- { -- if (x == NULL || y == NULL) -- { -- /* unlike for projective coordinates, we do not tolerate this */ -- ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- -- return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx); -- } -- -- --int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, -- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- BIGNUM *Z, *Z_1, *Z_2, *Z_3; -- const BIGNUM *Z_; -- int ret = 0; -- -- if (EC_POINT_is_at_infinity(group, point)) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); -- return 0; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- Z = BN_CTX_get(ctx); -- Z_1 = BN_CTX_get(ctx); -- Z_2 = BN_CTX_get(ctx); -- Z_3 = BN_CTX_get(ctx); -- if (Z_3 == NULL) goto err; -- -- /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ -- -- if (group->meth->field_decode) -- { -- if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err; -- Z_ = Z; -- } -- else -- { -- Z_ = &point->Z; -- } -- -- if (BN_is_one(Z_)) -- { -- if (group->meth->field_decode) -- { -- if (x != NULL) -- { -- if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err; -- } -- if (y != NULL) -- { -- if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err; -- } -- } -- else -- { -- if (x != NULL) -- { -- if (!BN_copy(x, &point->X)) goto err; -- } -- if (y != NULL) -- { -- if (!BN_copy(y, &point->Y)) goto err; -- } -- } -- } -- else -- { -- if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); -- goto err; -- } -- -- if (group->meth->field_encode == 0) -- { -- /* field_sqr works on standard representation */ -- if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err; -- } -- else -- { -- if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err; -- } -- -- if (x != NULL) -- { -- /* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */ -- if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err; -- } -- -- if (y != NULL) -- { -- if (group->meth->field_encode == 0) -- { -- /* field_mul works on standard representation */ -- if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err; -- } -- else -- { -- if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err; -- } -- -- /* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */ -- if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err; -- } -- } -- -- ret = 1; -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, -+ const EC_POINT *point, -+ BIGNUM *x, BIGNUM *y, -+ BIGNUM *z, BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ int ret = 0; -+ -+ if (group->meth->field_decode != 0) { -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ if (x != NULL) { -+ if (!group->meth->field_decode(group, x, &point->X, ctx)) -+ goto err; -+ } -+ if (y != NULL) { -+ if (!group->meth->field_decode(group, y, &point->Y, ctx)) -+ goto err; -+ } -+ if (z != NULL) { -+ if (!group->meth->field_decode(group, z, &point->Z, ctx)) -+ goto err; -+ } -+ } else { -+ if (x != NULL) { -+ if (!BN_copy(x, &point->X)) -+ goto err; -+ } -+ if (y != NULL) { -+ if (!BN_copy(y, &point->Y)) -+ goto err; -+ } -+ if (z != NULL) { -+ if (!BN_copy(z, &point->Z)) -+ goto err; -+ } -+ } -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, -- const BIGNUM *x_, int y_bit, BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- BIGNUM *tmp1, *tmp2, *x, *y; -- int ret = 0; -- -- /* clear error queue*/ -- ERR_clear_error(); -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- y_bit = (y_bit != 0); -- -- BN_CTX_start(ctx); -- tmp1 = BN_CTX_get(ctx); -- tmp2 = BN_CTX_get(ctx); -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- if (y == NULL) goto err; -- -- /* Recover y. We have a Weierstrass equation -- * y^2 = x^3 + a*x + b, -- * so y is one of the square roots of x^3 + a*x + b. -- */ -- -- /* tmp1 := x^3 */ -- if (!BN_nnmod(x, x_, &group->field,ctx)) goto err; -- if (group->meth->field_decode == 0) -- { -- /* field_{sqr,mul} work on standard representation */ -- if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err; -- if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err; -- } -- else -- { -- if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err; -- if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err; -- } -- -- /* tmp1 := tmp1 + a*x */ -- if (group->a_is_minus3) -- { -- if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err; -- if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err; -- if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err; -- } -- else -- { -- if (group->meth->field_decode) -- { -- if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err; -- if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err; -- } -- else -- { -- /* field_mul works on standard representation */ -- if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err; -- } -- -- if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err; -- } -- -- /* tmp1 := tmp1 + b */ -- if (group->meth->field_decode) -- { -- if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err; -- if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err; -- } -- else -- { -- if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err; -- } -- -- if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) -- { -- unsigned long err = ERR_peek_last_error(); -- -- if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) -- { -- ERR_clear_error(); -- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); -- } -- else -- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); -- goto err; -- } -- -- if (y_bit != BN_is_odd(y)) -- { -- if (BN_is_zero(y)) -- { -- int kron; -- -- kron = BN_kronecker(x, &group->field, ctx); -- if (kron == -2) goto err; -- -- if (kron == 1) -- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT); -- else -- /* BN_mod_sqrt() should have cought this error (not a square) */ -- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); -- goto err; -- } -- if (!BN_usub(y, &group->field, y)) goto err; -- } -- if (y_bit != BN_is_odd(y)) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; -- -- ret = 1; -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, -+ EC_POINT *point, -+ const BIGNUM *x, -+ const BIGNUM *y, BN_CTX *ctx) -+{ -+ if (x == NULL || y == NULL) { -+ /* -+ * unlike for projective coordinates, we do not tolerate this -+ */ -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ -+ return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, -+ BN_value_one(), ctx); -+} -+ -+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, -+ const EC_POINT *point, -+ BIGNUM *x, BIGNUM *y, -+ BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *Z, *Z_1, *Z_2, *Z_3; -+ const BIGNUM *Z_; -+ int ret = 0; -+ -+ if (EC_POINT_is_at_infinity(group, point)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, -+ EC_R_POINT_AT_INFINITY); -+ return 0; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ Z = BN_CTX_get(ctx); -+ Z_1 = BN_CTX_get(ctx); -+ Z_2 = BN_CTX_get(ctx); -+ Z_3 = BN_CTX_get(ctx); -+ if (Z_3 == NULL) -+ goto err; -+ -+ /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ -+ -+ if (group->meth->field_decode) { -+ if (!group->meth->field_decode(group, Z, &point->Z, ctx)) -+ goto err; -+ Z_ = Z; -+ } else { -+ Z_ = &point->Z; -+ } -+ -+ if (BN_is_one(Z_)) { -+ if (group->meth->field_decode) { -+ if (x != NULL) { -+ if (!group->meth->field_decode(group, x, &point->X, ctx)) -+ goto err; -+ } -+ if (y != NULL) { -+ if (!group->meth->field_decode(group, y, &point->Y, ctx)) -+ goto err; -+ } -+ } else { -+ if (x != NULL) { -+ if (!BN_copy(x, &point->X)) -+ goto err; -+ } -+ if (y != NULL) { -+ if (!BN_copy(y, &point->Y)) -+ goto err; -+ } -+ } -+ } else { -+ if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, -+ ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (group->meth->field_encode == 0) { -+ /* field_sqr works on standard representation */ -+ if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) -+ goto err; -+ } else { -+ if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) -+ goto err; -+ } -+ -+ if (x != NULL) { -+ /* -+ * in the Montgomery case, field_mul will cancel out Montgomery -+ * factor in X: -+ */ -+ if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) -+ goto err; -+ } -+ -+ if (y != NULL) { -+ if (group->meth->field_encode == 0) { -+ /* -+ * field_mul works on standard representation -+ */ -+ if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) -+ goto err; -+ } else { -+ if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) -+ goto err; -+ } -+ -+ /* -+ * in the Montgomery case, field_mul will cancel out Montgomery -+ * factor in Y: -+ */ -+ if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) -+ goto err; -+ } -+ } -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, -- unsigned char *buf, size_t len, BN_CTX *ctx) -- { -- size_t ret; -- BN_CTX *new_ctx = NULL; -- int used_ctx = 0; -- BIGNUM *x, *y; -- size_t field_len, i, skip; -- -- if ((form != POINT_CONVERSION_COMPRESSED) -- && (form != POINT_CONVERSION_UNCOMPRESSED) -- && (form != POINT_CONVERSION_HYBRID)) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); -- goto err; -- } -- -- if (EC_POINT_is_at_infinity(group, point)) -- { -- /* encodes to a single 0 octet */ -- if (buf != NULL) -- { -- if (len < 1) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); -- return 0; -- } -- buf[0] = 0; -- } -- return 1; -- } -- -- -- /* ret := required output buffer length */ -- field_len = BN_num_bytes(&group->field); -- ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; -- -- /* if 'buf' is NULL, just return required length */ -- if (buf != NULL) -- { -- if (len < ret) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); -- goto err; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- used_ctx = 1; -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- if (y == NULL) goto err; -- -- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; -- -- if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) -- buf[0] = form + 1; -- else -- buf[0] = form; -- -- i = 1; -- -- skip = field_len - BN_num_bytes(x); -- if (skip > field_len) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- while (skip > 0) -- { -- buf[i++] = 0; -- skip--; -- } -- skip = BN_bn2bin(x, buf + i); -- i += skip; -- if (i != 1 + field_len) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) -- { -- skip = field_len - BN_num_bytes(y); -- if (skip > field_len) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- while (skip > 0) -- { -- buf[i++] = 0; -- skip--; -- } -- skip = BN_bn2bin(y, buf + i); -- i += skip; -- } -- -- if (i != ret) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- if (used_ctx) -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, -+ EC_POINT *point, -+ const BIGNUM *x_, int y_bit, -+ BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *tmp1, *tmp2, *x, *y; -+ int ret = 0; -+ -+ /* clear error queue */ -+ ERR_clear_error(); -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ y_bit = (y_bit != 0); -+ -+ BN_CTX_start(ctx); -+ tmp1 = BN_CTX_get(ctx); -+ tmp2 = BN_CTX_get(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ if (y == NULL) -+ goto err; -+ -+ /*- -+ * Recover y. We have a Weierstrass equation -+ * y^2 = x^3 + a*x + b, -+ * so y is one of the square roots of x^3 + a*x + b. -+ */ -+ -+ /* tmp1 := x^3 */ -+ if (!BN_nnmod(x, x_, &group->field, ctx)) -+ goto err; -+ if (group->meth->field_decode == 0) { -+ /* field_{sqr,mul} work on standard representation */ -+ if (!group->meth->field_sqr(group, tmp2, x_, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) -+ goto err; -+ } else { -+ if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) -+ goto err; -+ if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) -+ goto err; -+ } -+ -+ /* tmp1 := tmp1 + a*x */ -+ if (group->a_is_minus3) { -+ if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) -+ goto err; -+ if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) -+ goto err; -+ if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) -+ goto err; -+ } else { -+ if (group->meth->field_decode) { -+ if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) -+ goto err; -+ if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) -+ goto err; -+ } else { -+ /* field_mul works on standard representation */ -+ if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) -+ goto err; -+ } -+ -+ if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) -+ goto err; -+ } -+ -+ /* tmp1 := tmp1 + b */ -+ if (group->meth->field_decode) { -+ if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) -+ goto err; -+ if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) -+ goto err; -+ } else { -+ if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) -+ goto err; -+ } -+ -+ if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) { -+ unsigned long err = ERR_peek_last_error(); -+ -+ if (ERR_GET_LIB(err) == ERR_LIB_BN -+ && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { -+ ERR_clear_error(); -+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, -+ EC_R_INVALID_COMPRESSED_POINT); -+ } else -+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, -+ ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (y_bit != BN_is_odd(y)) { -+ if (BN_is_zero(y)) { -+ int kron; -+ -+ kron = BN_kronecker(x, &group->field, ctx); -+ if (kron == -2) -+ goto err; -+ -+ if (kron == 1) -+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, -+ EC_R_INVALID_COMPRESSION_BIT); -+ else -+ /* -+ * BN_mod_sqrt() should have cought this error (not a square) -+ */ -+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, -+ EC_R_INVALID_COMPRESSED_POINT); -+ goto err; -+ } -+ if (!BN_usub(y, &group->field, y)) -+ goto err; -+ } -+ if (y_bit != BN_is_odd(y)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) -+ goto err; -+ -+ ret = 1; - - err: -- if (used_ctx) -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return 0; -- } -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, -+ point_conversion_form_t form, -+ unsigned char *buf, size_t len, BN_CTX *ctx) -+{ -+ size_t ret; -+ BN_CTX *new_ctx = NULL; -+ int used_ctx = 0; -+ BIGNUM *x, *y; -+ size_t field_len, i, skip; -+ -+ if ((form != POINT_CONVERSION_COMPRESSED) -+ && (form != POINT_CONVERSION_UNCOMPRESSED) -+ && (form != POINT_CONVERSION_HYBRID)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); -+ goto err; -+ } -+ -+ if (EC_POINT_is_at_infinity(group, point)) { -+ /* encodes to a single 0 octet */ -+ if (buf != NULL) { -+ if (len < 1) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); -+ return 0; -+ } -+ buf[0] = 0; -+ } -+ return 1; -+ } -+ -+ /* ret := required output buffer length */ -+ field_len = BN_num_bytes(&group->field); -+ ret = -+ (form == -+ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; -+ -+ /* if 'buf' is NULL, just return required length */ -+ if (buf != NULL) { -+ if (len < ret) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); -+ goto err; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ used_ctx = 1; -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ if (y == NULL) -+ goto err; -+ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) -+ goto err; -+ -+ if ((form == POINT_CONVERSION_COMPRESSED -+ || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) -+ buf[0] = form + 1; -+ else -+ buf[0] = form; -+ -+ i = 1; -+ -+ skip = field_len - BN_num_bytes(x); -+ if (skip > field_len) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ while (skip > 0) { -+ buf[i++] = 0; -+ skip--; -+ } -+ skip = BN_bn2bin(x, buf + i); -+ i += skip; -+ if (i != 1 + field_len) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (form == POINT_CONVERSION_UNCOMPRESSED -+ || form == POINT_CONVERSION_HYBRID) { -+ skip = field_len - BN_num_bytes(y); -+ if (skip > field_len) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ while (skip > 0) { -+ buf[i++] = 0; -+ skip--; -+ } -+ skip = BN_bn2bin(y, buf + i); -+ i += skip; -+ } -+ -+ if (i != ret) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ -+ if (used_ctx) -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; - -+ err: -+ if (used_ctx) -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return 0; -+} - - int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, -- const unsigned char *buf, size_t len, BN_CTX *ctx) -- { -- point_conversion_form_t form; -- int y_bit; -- BN_CTX *new_ctx = NULL; -- BIGNUM *x, *y; -- size_t field_len, enc_len; -- int ret = 0; -- -- if (len == 0) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); -- return 0; -- } -- form = buf[0]; -- y_bit = form & 1; -- form = form & ~1U; -- if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) -- && (form != POINT_CONVERSION_UNCOMPRESSED) -- && (form != POINT_CONVERSION_HYBRID)) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- return 0; -- } -- if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- return 0; -- } -- -- if (form == 0) -- { -- if (len != 1) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- return 0; -- } -- -- return EC_POINT_set_to_infinity(group, point); -- } -- -- field_len = BN_num_bytes(&group->field); -- enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; -- -- if (len != enc_len) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- return 0; -- } -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- if (y == NULL) goto err; -- -- if (!BN_bin2bn(buf + 1, field_len, x)) goto err; -- if (BN_ucmp(x, &group->field) >= 0) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- goto err; -- } -- -- if (form == POINT_CONVERSION_COMPRESSED) -- { -- if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err; -- } -- else -- { -- if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err; -- if (BN_ucmp(y, &group->field) >= 0) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- goto err; -- } -- if (form == POINT_CONVERSION_HYBRID) -- { -- if (y_bit != BN_is_odd(y)) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -- goto err; -- } -- } -- -- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; -- } -- -- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ -- { -- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); -- goto err; -- } -- -- ret = 1; -- -+ const unsigned char *buf, size_t len, BN_CTX *ctx) -+{ -+ point_conversion_form_t form; -+ int y_bit; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *x, *y; -+ size_t field_len, enc_len; -+ int ret = 0; -+ -+ if (len == 0) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); -+ return 0; -+ } -+ form = buf[0]; -+ y_bit = form & 1; -+ form = form & ~1U; -+ if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) -+ && (form != POINT_CONVERSION_UNCOMPRESSED) -+ && (form != POINT_CONVERSION_HYBRID)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ return 0; -+ } -+ if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ return 0; -+ } -+ -+ if (form == 0) { -+ if (len != 1) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ return 0; -+ } -+ -+ return EC_POINT_set_to_infinity(group, point); -+ } -+ -+ field_len = BN_num_bytes(&group->field); -+ enc_len = -+ (form == -+ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; -+ -+ if (len != enc_len) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ return 0; -+ } -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ if (y == NULL) -+ goto err; -+ -+ if (!BN_bin2bn(buf + 1, field_len, x)) -+ goto err; -+ if (BN_ucmp(x, &group->field) >= 0) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ goto err; -+ } -+ -+ if (form == POINT_CONVERSION_COMPRESSED) { -+ if (!EC_POINT_set_compressed_coordinates_GFp -+ (group, point, x, y_bit, ctx)) -+ goto err; -+ } else { -+ if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) -+ goto err; -+ if (BN_ucmp(y, &group->field) >= 0) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ goto err; -+ } -+ if (form == POINT_CONVERSION_HYBRID) { -+ if (y_bit != BN_is_odd(y)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); -+ goto err; -+ } -+ } -+ -+ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) -+ goto err; -+ } -+ -+ /* test required by X9.62 */ -+ if (!EC_POINT_is_on_curve(group, point, ctx)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); -+ goto err; -+ } -+ -+ ret = 1; -+ - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) -- { -- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); -- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -- const BIGNUM *p; -- BN_CTX *new_ctx = NULL; -- BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; -- int ret = 0; -- -- if (a == b) -- return EC_POINT_dbl(group, r, a, ctx); -- if (EC_POINT_is_at_infinity(group, a)) -- return EC_POINT_copy(r, b); -- if (EC_POINT_is_at_infinity(group, b)) -- return EC_POINT_copy(r, a); -- -- field_mul = group->meth->field_mul; -- field_sqr = group->meth->field_sqr; -- p = &group->field; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- n0 = BN_CTX_get(ctx); -- n1 = BN_CTX_get(ctx); -- n2 = BN_CTX_get(ctx); -- n3 = BN_CTX_get(ctx); -- n4 = BN_CTX_get(ctx); -- n5 = BN_CTX_get(ctx); -- n6 = BN_CTX_get(ctx); -- if (n6 == NULL) goto end; -- -- /* Note that in this function we must not read components of 'a' or 'b' -- * once we have written the corresponding components of 'r'. -- * ('r' might be one of 'a' or 'b'.) -- */ -- -- /* n1, n2 */ -- if (b->Z_is_one) -- { -- if (!BN_copy(n1, &a->X)) goto end; -- if (!BN_copy(n2, &a->Y)) goto end; -- /* n1 = X_a */ -- /* n2 = Y_a */ -- } -- else -- { -- if (!field_sqr(group, n0, &b->Z, ctx)) goto end; -- if (!field_mul(group, n1, &a->X, n0, ctx)) goto end; -- /* n1 = X_a * Z_b^2 */ -- -- if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end; -- if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end; -- /* n2 = Y_a * Z_b^3 */ -- } -- -- /* n3, n4 */ -- if (a->Z_is_one) -- { -- if (!BN_copy(n3, &b->X)) goto end; -- if (!BN_copy(n4, &b->Y)) goto end; -- /* n3 = X_b */ -- /* n4 = Y_b */ -- } -- else -- { -- if (!field_sqr(group, n0, &a->Z, ctx)) goto end; -- if (!field_mul(group, n3, &b->X, n0, ctx)) goto end; -- /* n3 = X_b * Z_a^2 */ -- -- if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end; -- if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end; -- /* n4 = Y_b * Z_a^3 */ -- } -- -- /* n5, n6 */ -- if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end; -- if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end; -- /* n5 = n1 - n3 */ -- /* n6 = n2 - n4 */ -- -- if (BN_is_zero(n5)) -- { -- if (BN_is_zero(n6)) -- { -- /* a is the same point as b */ -- BN_CTX_end(ctx); -- ret = EC_POINT_dbl(group, r, a, ctx); -- ctx = NULL; -- goto end; -- } -- else -- { -- /* a is the inverse of b */ -- BN_zero(&r->Z); -- r->Z_is_one = 0; -- ret = 1; -- goto end; -- } -- } -- -- /* 'n7', 'n8' */ -- if (!BN_mod_add_quick(n1, n1, n3, p)) goto end; -- if (!BN_mod_add_quick(n2, n2, n4, p)) goto end; -- /* 'n7' = n1 + n3 */ -- /* 'n8' = n2 + n4 */ -- -- /* Z_r */ -- if (a->Z_is_one && b->Z_is_one) -- { -- if (!BN_copy(&r->Z, n5)) goto end; -- } -- else -- { -- if (a->Z_is_one) -- { if (!BN_copy(n0, &b->Z)) goto end; } -- else if (b->Z_is_one) -- { if (!BN_copy(n0, &a->Z)) goto end; } -- else -- { if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; } -- if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end; -- } -- r->Z_is_one = 0; -- /* Z_r = Z_a * Z_b * n5 */ -- -- /* X_r */ -- if (!field_sqr(group, n0, n6, ctx)) goto end; -- if (!field_sqr(group, n4, n5, ctx)) goto end; -- if (!field_mul(group, n3, n1, n4, ctx)) goto end; -- if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end; -- /* X_r = n6^2 - n5^2 * 'n7' */ -- -- /* 'n9' */ -- if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end; -- if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end; -- /* n9 = n5^2 * 'n7' - 2 * X_r */ -- -- /* Y_r */ -- if (!field_mul(group, n0, n0, n6, ctx)) goto end; -- if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */ -- if (!field_mul(group, n1, n2, n5, ctx)) goto end; -- if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end; -- if (BN_is_odd(n0)) -- if (!BN_add(n0, n0, p)) goto end; -- /* now 0 <= n0 < 2*p, and n0 is even */ -- if (!BN_rshift1(&r->Y, n0)) goto end; -- /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ -- -- ret = 1; -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, -+ const EC_POINT *b, BN_CTX *ctx) -+{ -+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, -+ const BIGNUM *, BN_CTX *); -+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -+ const BIGNUM *p; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; -+ int ret = 0; -+ -+ if (a == b) -+ return EC_POINT_dbl(group, r, a, ctx); -+ if (EC_POINT_is_at_infinity(group, a)) -+ return EC_POINT_copy(r, b); -+ if (EC_POINT_is_at_infinity(group, b)) -+ return EC_POINT_copy(r, a); -+ -+ field_mul = group->meth->field_mul; -+ field_sqr = group->meth->field_sqr; -+ p = &group->field; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ n0 = BN_CTX_get(ctx); -+ n1 = BN_CTX_get(ctx); -+ n2 = BN_CTX_get(ctx); -+ n3 = BN_CTX_get(ctx); -+ n4 = BN_CTX_get(ctx); -+ n5 = BN_CTX_get(ctx); -+ n6 = BN_CTX_get(ctx); -+ if (n6 == NULL) -+ goto end; -+ -+ /* -+ * Note that in this function we must not read components of 'a' or 'b' -+ * once we have written the corresponding components of 'r'. ('r' might -+ * be one of 'a' or 'b'.) -+ */ -+ -+ /* n1, n2 */ -+ if (b->Z_is_one) { -+ if (!BN_copy(n1, &a->X)) -+ goto end; -+ if (!BN_copy(n2, &a->Y)) -+ goto end; -+ /* n1 = X_a */ -+ /* n2 = Y_a */ -+ } else { -+ if (!field_sqr(group, n0, &b->Z, ctx)) -+ goto end; -+ if (!field_mul(group, n1, &a->X, n0, ctx)) -+ goto end; -+ /* n1 = X_a * Z_b^2 */ -+ -+ if (!field_mul(group, n0, n0, &b->Z, ctx)) -+ goto end; -+ if (!field_mul(group, n2, &a->Y, n0, ctx)) -+ goto end; -+ /* n2 = Y_a * Z_b^3 */ -+ } -+ -+ /* n3, n4 */ -+ if (a->Z_is_one) { -+ if (!BN_copy(n3, &b->X)) -+ goto end; -+ if (!BN_copy(n4, &b->Y)) -+ goto end; -+ /* n3 = X_b */ -+ /* n4 = Y_b */ -+ } else { -+ if (!field_sqr(group, n0, &a->Z, ctx)) -+ goto end; -+ if (!field_mul(group, n3, &b->X, n0, ctx)) -+ goto end; -+ /* n3 = X_b * Z_a^2 */ -+ -+ if (!field_mul(group, n0, n0, &a->Z, ctx)) -+ goto end; -+ if (!field_mul(group, n4, &b->Y, n0, ctx)) -+ goto end; -+ /* n4 = Y_b * Z_a^3 */ -+ } -+ -+ /* n5, n6 */ -+ if (!BN_mod_sub_quick(n5, n1, n3, p)) -+ goto end; -+ if (!BN_mod_sub_quick(n6, n2, n4, p)) -+ goto end; -+ /* n5 = n1 - n3 */ -+ /* n6 = n2 - n4 */ -+ -+ if (BN_is_zero(n5)) { -+ if (BN_is_zero(n6)) { -+ /* a is the same point as b */ -+ BN_CTX_end(ctx); -+ ret = EC_POINT_dbl(group, r, a, ctx); -+ ctx = NULL; -+ goto end; -+ } else { -+ /* a is the inverse of b */ -+ BN_zero(&r->Z); -+ r->Z_is_one = 0; -+ ret = 1; -+ goto end; -+ } -+ } -+ -+ /* 'n7', 'n8' */ -+ if (!BN_mod_add_quick(n1, n1, n3, p)) -+ goto end; -+ if (!BN_mod_add_quick(n2, n2, n4, p)) -+ goto end; -+ /* 'n7' = n1 + n3 */ -+ /* 'n8' = n2 + n4 */ -+ -+ /* Z_r */ -+ if (a->Z_is_one && b->Z_is_one) { -+ if (!BN_copy(&r->Z, n5)) -+ goto end; -+ } else { -+ if (a->Z_is_one) { -+ if (!BN_copy(n0, &b->Z)) -+ goto end; -+ } else if (b->Z_is_one) { -+ if (!BN_copy(n0, &a->Z)) -+ goto end; -+ } else { -+ if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) -+ goto end; -+ } -+ if (!field_mul(group, &r->Z, n0, n5, ctx)) -+ goto end; -+ } -+ r->Z_is_one = 0; -+ /* Z_r = Z_a * Z_b * n5 */ -+ -+ /* X_r */ -+ if (!field_sqr(group, n0, n6, ctx)) -+ goto end; -+ if (!field_sqr(group, n4, n5, ctx)) -+ goto end; -+ if (!field_mul(group, n3, n1, n4, ctx)) -+ goto end; -+ if (!BN_mod_sub_quick(&r->X, n0, n3, p)) -+ goto end; -+ /* X_r = n6^2 - n5^2 * 'n7' */ -+ -+ /* 'n9' */ -+ if (!BN_mod_lshift1_quick(n0, &r->X, p)) -+ goto end; -+ if (!BN_mod_sub_quick(n0, n3, n0, p)) -+ goto end; -+ /* n9 = n5^2 * 'n7' - 2 * X_r */ -+ -+ /* Y_r */ -+ if (!field_mul(group, n0, n0, n6, ctx)) -+ goto end; -+ if (!field_mul(group, n5, n4, n5, ctx)) -+ goto end; /* now n5 is n5^3 */ -+ if (!field_mul(group, n1, n2, n5, ctx)) -+ goto end; -+ if (!BN_mod_sub_quick(n0, n0, n1, p)) -+ goto end; -+ if (BN_is_odd(n0)) -+ if (!BN_add(n0, n0, p)) -+ goto end; -+ /* now 0 <= n0 < 2*p, and n0 is even */ -+ if (!BN_rshift1(&r->Y, n0)) -+ goto end; -+ /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ -+ -+ ret = 1; - - end: -- if (ctx) /* otherwise we already called BN_CTX_end */ -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) -- { -- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); -- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -- const BIGNUM *p; -- BN_CTX *new_ctx = NULL; -- BIGNUM *n0, *n1, *n2, *n3; -- int ret = 0; -- -- if (EC_POINT_is_at_infinity(group, a)) -- { -- BN_zero(&r->Z); -- r->Z_is_one = 0; -- return 1; -- } -- -- field_mul = group->meth->field_mul; -- field_sqr = group->meth->field_sqr; -- p = &group->field; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- n0 = BN_CTX_get(ctx); -- n1 = BN_CTX_get(ctx); -- n2 = BN_CTX_get(ctx); -- n3 = BN_CTX_get(ctx); -- if (n3 == NULL) goto err; -- -- /* Note that in this function we must not read components of 'a' -- * once we have written the corresponding components of 'r'. -- * ('r' might the same as 'a'.) -- */ -- -- /* n1 */ -- if (a->Z_is_one) -- { -- if (!field_sqr(group, n0, &a->X, ctx)) goto err; -- if (!BN_mod_lshift1_quick(n1, n0, p)) goto err; -- if (!BN_mod_add_quick(n0, n0, n1, p)) goto err; -- if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err; -- /* n1 = 3 * X_a^2 + a_curve */ -- } -- else if (group->a_is_minus3) -- { -- if (!field_sqr(group, n1, &a->Z, ctx)) goto err; -- if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err; -- if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err; -- if (!field_mul(group, n1, n0, n2, ctx)) goto err; -- if (!BN_mod_lshift1_quick(n0, n1, p)) goto err; -- if (!BN_mod_add_quick(n1, n0, n1, p)) goto err; -- /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) -- * = 3 * X_a^2 - 3 * Z_a^4 */ -- } -- else -- { -- if (!field_sqr(group, n0, &a->X, ctx)) goto err; -- if (!BN_mod_lshift1_quick(n1, n0, p)) goto err; -- if (!BN_mod_add_quick(n0, n0, n1, p)) goto err; -- if (!field_sqr(group, n1, &a->Z, ctx)) goto err; -- if (!field_sqr(group, n1, n1, ctx)) goto err; -- if (!field_mul(group, n1, n1, &group->a, ctx)) goto err; -- if (!BN_mod_add_quick(n1, n1, n0, p)) goto err; -- /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ -- } -- -- /* Z_r */ -- if (a->Z_is_one) -- { -- if (!BN_copy(n0, &a->Y)) goto err; -- } -- else -- { -- if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err; -- } -- if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err; -- r->Z_is_one = 0; -- /* Z_r = 2 * Y_a * Z_a */ -- -- /* n2 */ -- if (!field_sqr(group, n3, &a->Y, ctx)) goto err; -- if (!field_mul(group, n2, &a->X, n3, ctx)) goto err; -- if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err; -- /* n2 = 4 * X_a * Y_a^2 */ -- -- /* X_r */ -- if (!BN_mod_lshift1_quick(n0, n2, p)) goto err; -- if (!field_sqr(group, &r->X, n1, ctx)) goto err; -- if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err; -- /* X_r = n1^2 - 2 * n2 */ -- -- /* n3 */ -- if (!field_sqr(group, n0, n3, ctx)) goto err; -- if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err; -- /* n3 = 8 * Y_a^4 */ -- -- /* Y_r */ -- if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err; -- if (!field_mul(group, n0, n1, n0, ctx)) goto err; -- if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err; -- /* Y_r = n1 * (n2 - X_r) - n3 */ -- -- ret = 1; -+ if (ctx) /* otherwise we already called BN_CTX_end */ -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, -+ BN_CTX *ctx) -+{ -+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, -+ const BIGNUM *, BN_CTX *); -+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -+ const BIGNUM *p; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *n0, *n1, *n2, *n3; -+ int ret = 0; -+ -+ if (EC_POINT_is_at_infinity(group, a)) { -+ BN_zero(&r->Z); -+ r->Z_is_one = 0; -+ return 1; -+ } -+ -+ field_mul = group->meth->field_mul; -+ field_sqr = group->meth->field_sqr; -+ p = &group->field; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ n0 = BN_CTX_get(ctx); -+ n1 = BN_CTX_get(ctx); -+ n2 = BN_CTX_get(ctx); -+ n3 = BN_CTX_get(ctx); -+ if (n3 == NULL) -+ goto err; -+ -+ /* -+ * Note that in this function we must not read components of 'a' once we -+ * have written the corresponding components of 'r'. ('r' might the same -+ * as 'a'.) -+ */ -+ -+ /* n1 */ -+ if (a->Z_is_one) { -+ if (!field_sqr(group, n0, &a->X, ctx)) -+ goto err; -+ if (!BN_mod_lshift1_quick(n1, n0, p)) -+ goto err; -+ if (!BN_mod_add_quick(n0, n0, n1, p)) -+ goto err; -+ if (!BN_mod_add_quick(n1, n0, &group->a, p)) -+ goto err; -+ /* n1 = 3 * X_a^2 + a_curve */ -+ } else if (group->a_is_minus3) { -+ if (!field_sqr(group, n1, &a->Z, ctx)) -+ goto err; -+ if (!BN_mod_add_quick(n0, &a->X, n1, p)) -+ goto err; -+ if (!BN_mod_sub_quick(n2, &a->X, n1, p)) -+ goto err; -+ if (!field_mul(group, n1, n0, n2, ctx)) -+ goto err; -+ if (!BN_mod_lshift1_quick(n0, n1, p)) -+ goto err; -+ if (!BN_mod_add_quick(n1, n0, n1, p)) -+ goto err; -+ /*- -+ * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) -+ * = 3 * X_a^2 - 3 * Z_a^4 -+ */ -+ } else { -+ if (!field_sqr(group, n0, &a->X, ctx)) -+ goto err; -+ if (!BN_mod_lshift1_quick(n1, n0, p)) -+ goto err; -+ if (!BN_mod_add_quick(n0, n0, n1, p)) -+ goto err; -+ if (!field_sqr(group, n1, &a->Z, ctx)) -+ goto err; -+ if (!field_sqr(group, n1, n1, ctx)) -+ goto err; -+ if (!field_mul(group, n1, n1, &group->a, ctx)) -+ goto err; -+ if (!BN_mod_add_quick(n1, n1, n0, p)) -+ goto err; -+ /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ -+ } -+ -+ /* Z_r */ -+ if (a->Z_is_one) { -+ if (!BN_copy(n0, &a->Y)) -+ goto err; -+ } else { -+ if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) -+ goto err; -+ } -+ if (!BN_mod_lshift1_quick(&r->Z, n0, p)) -+ goto err; -+ r->Z_is_one = 0; -+ /* Z_r = 2 * Y_a * Z_a */ -+ -+ /* n2 */ -+ if (!field_sqr(group, n3, &a->Y, ctx)) -+ goto err; -+ if (!field_mul(group, n2, &a->X, n3, ctx)) -+ goto err; -+ if (!BN_mod_lshift_quick(n2, n2, 2, p)) -+ goto err; -+ /* n2 = 4 * X_a * Y_a^2 */ -+ -+ /* X_r */ -+ if (!BN_mod_lshift1_quick(n0, n2, p)) -+ goto err; -+ if (!field_sqr(group, &r->X, n1, ctx)) -+ goto err; -+ if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) -+ goto err; -+ /* X_r = n1^2 - 2 * n2 */ -+ -+ /* n3 */ -+ if (!field_sqr(group, n0, n3, ctx)) -+ goto err; -+ if (!BN_mod_lshift_quick(n3, n0, 3, p)) -+ goto err; -+ /* n3 = 8 * Y_a^4 */ -+ -+ /* Y_r */ -+ if (!BN_mod_sub_quick(n0, n2, &r->X, p)) -+ goto err; -+ if (!field_mul(group, n0, n1, n0, ctx)) -+ goto err; -+ if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) -+ goto err; -+ /* Y_r = n1 * (n2 - X_r) - n3 */ -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} - - int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) -- { -- if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) -- /* point is its own inverse */ -- return 1; -- -- return BN_usub(&point->Y, &group->field, &point->Y); -- } -+{ -+ if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) -+ /* point is its own inverse */ -+ return 1; - -+ return BN_usub(&point->Y, &group->field, &point->Y); -+} - - int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) -- { -- return BN_is_zero(&point->Z); -- } -- -- --int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) -- { -- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); -- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -- const BIGNUM *p; -- BN_CTX *new_ctx = NULL; -- BIGNUM *rh, *tmp, *Z4, *Z6; -- int ret = -1; -- -- if (EC_POINT_is_at_infinity(group, point)) -- return 1; -- -- field_mul = group->meth->field_mul; -- field_sqr = group->meth->field_sqr; -- p = &group->field; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return -1; -- } -- -- BN_CTX_start(ctx); -- rh = BN_CTX_get(ctx); -- tmp = BN_CTX_get(ctx); -- Z4 = BN_CTX_get(ctx); -- Z6 = BN_CTX_get(ctx); -- if (Z6 == NULL) goto err; -- -- /* We have a curve defined by a Weierstrass equation -- * y^2 = x^3 + a*x + b. -- * The point to consider is given in Jacobian projective coordinates -- * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). -- * Substituting this and multiplying by Z^6 transforms the above equation into -- * Y^2 = X^3 + a*X*Z^4 + b*Z^6. -- * To test this, we add up the right-hand side in 'rh'. -- */ -- -- /* rh := X^2 */ -- if (!field_sqr(group, rh, &point->X, ctx)) goto err; -- -- if (!point->Z_is_one) -- { -- if (!field_sqr(group, tmp, &point->Z, ctx)) goto err; -- if (!field_sqr(group, Z4, tmp, ctx)) goto err; -- if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err; -- -- /* rh := (rh + a*Z^4)*X */ -- if (group->a_is_minus3) -- { -- if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err; -- if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err; -- if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err; -- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; -- } -- else -- { -- if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err; -- if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; -- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; -- } -- -- /* rh := rh + b*Z^6 */ -- if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err; -- if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; -- } -- else -- { -- /* point->Z_is_one */ -- -- /* rh := (rh + a)*X */ -- if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err; -- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; -- /* rh := rh + b */ -- if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err; -- } -- -- /* 'lh' := Y^2 */ -- if (!field_sqr(group, tmp, &point->Y, ctx)) goto err; -- -- ret = (0 == BN_ucmp(tmp, rh)); -+{ -+ return BN_is_zero(&point->Z); -+} -+ -+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, -+ BN_CTX *ctx) -+{ -+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, -+ const BIGNUM *, BN_CTX *); -+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -+ const BIGNUM *p; -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *rh, *tmp, *Z4, *Z6; -+ int ret = -1; -+ -+ if (EC_POINT_is_at_infinity(group, point)) -+ return 1; -+ -+ field_mul = group->meth->field_mul; -+ field_sqr = group->meth->field_sqr; -+ p = &group->field; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return -1; -+ } -+ -+ BN_CTX_start(ctx); -+ rh = BN_CTX_get(ctx); -+ tmp = BN_CTX_get(ctx); -+ Z4 = BN_CTX_get(ctx); -+ Z6 = BN_CTX_get(ctx); -+ if (Z6 == NULL) -+ goto err; -+ -+ /*- -+ * We have a curve defined by a Weierstrass equation -+ * y^2 = x^3 + a*x + b. -+ * The point to consider is given in Jacobian projective coordinates -+ * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). -+ * Substituting this and multiplying by Z^6 transforms the above equation into -+ * Y^2 = X^3 + a*X*Z^4 + b*Z^6. -+ * To test this, we add up the right-hand side in 'rh'. -+ */ -+ -+ /* rh := X^2 */ -+ if (!field_sqr(group, rh, &point->X, ctx)) -+ goto err; -+ -+ if (!point->Z_is_one) { -+ if (!field_sqr(group, tmp, &point->Z, ctx)) -+ goto err; -+ if (!field_sqr(group, Z4, tmp, ctx)) -+ goto err; -+ if (!field_mul(group, Z6, Z4, tmp, ctx)) -+ goto err; -+ -+ /* rh := (rh + a*Z^4)*X */ -+ if (group->a_is_minus3) { -+ if (!BN_mod_lshift1_quick(tmp, Z4, p)) -+ goto err; -+ if (!BN_mod_add_quick(tmp, tmp, Z4, p)) -+ goto err; -+ if (!BN_mod_sub_quick(rh, rh, tmp, p)) -+ goto err; -+ if (!field_mul(group, rh, rh, &point->X, ctx)) -+ goto err; -+ } else { -+ if (!field_mul(group, tmp, Z4, &group->a, ctx)) -+ goto err; -+ if (!BN_mod_add_quick(rh, rh, tmp, p)) -+ goto err; -+ if (!field_mul(group, rh, rh, &point->X, ctx)) -+ goto err; -+ } -+ -+ /* rh := rh + b*Z^6 */ -+ if (!field_mul(group, tmp, &group->b, Z6, ctx)) -+ goto err; -+ if (!BN_mod_add_quick(rh, rh, tmp, p)) -+ goto err; -+ } else { -+ /* point->Z_is_one */ -+ -+ /* rh := (rh + a)*X */ -+ if (!BN_mod_add_quick(rh, rh, &group->a, p)) -+ goto err; -+ if (!field_mul(group, rh, rh, &point->X, ctx)) -+ goto err; -+ /* rh := rh + b */ -+ if (!BN_mod_add_quick(rh, rh, &group->b, p)) -+ goto err; -+ } -+ -+ /* 'lh' := Y^2 */ -+ if (!field_sqr(group, tmp, &point->Y, ctx)) -+ goto err; -+ -+ ret = (0 == BN_ucmp(tmp, rh)); - - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) -- { -- /* return values: -- * -1 error -- * 0 equal (in affine coordinates) -- * 1 not equal -- */ -- -- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); -- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -- BN_CTX *new_ctx = NULL; -- BIGNUM *tmp1, *tmp2, *Za23, *Zb23; -- const BIGNUM *tmp1_, *tmp2_; -- int ret = -1; -- -- if (EC_POINT_is_at_infinity(group, a)) -- { -- return EC_POINT_is_at_infinity(group, b) ? 0 : 1; -- } -- -- if (EC_POINT_is_at_infinity(group, b)) -- return 1; -- -- if (a->Z_is_one && b->Z_is_one) -- { -- return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; -- } -- -- field_mul = group->meth->field_mul; -- field_sqr = group->meth->field_sqr; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return -1; -- } -- -- BN_CTX_start(ctx); -- tmp1 = BN_CTX_get(ctx); -- tmp2 = BN_CTX_get(ctx); -- Za23 = BN_CTX_get(ctx); -- Zb23 = BN_CTX_get(ctx); -- if (Zb23 == NULL) goto end; -- -- /* We have to decide whether -- * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), -- * or equivalently, whether -- * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). -- */ -- -- if (!b->Z_is_one) -- { -- if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end; -- if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end; -- tmp1_ = tmp1; -- } -- else -- tmp1_ = &a->X; -- if (!a->Z_is_one) -- { -- if (!field_sqr(group, Za23, &a->Z, ctx)) goto end; -- if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end; -- tmp2_ = tmp2; -- } -- else -- tmp2_ = &b->X; -- -- /* compare X_a*Z_b^2 with X_b*Z_a^2 */ -- if (BN_cmp(tmp1_, tmp2_) != 0) -- { -- ret = 1; /* points differ */ -- goto end; -- } -- -- -- if (!b->Z_is_one) -- { -- if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end; -- if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end; -- /* tmp1_ = tmp1 */ -- } -- else -- tmp1_ = &a->Y; -- if (!a->Z_is_one) -- { -- if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end; -- if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end; -- /* tmp2_ = tmp2 */ -- } -- else -- tmp2_ = &b->Y; -- -- /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ -- if (BN_cmp(tmp1_, tmp2_) != 0) -- { -- ret = 1; /* points differ */ -- goto end; -- } -- -- /* points are equal */ -- ret = 0; -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, -+ const EC_POINT *b, BN_CTX *ctx) -+{ -+ /*- -+ * return values: -+ * -1 error -+ * 0 equal (in affine coordinates) -+ * 1 not equal -+ */ -+ -+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, -+ const BIGNUM *, BN_CTX *); -+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *tmp1, *tmp2, *Za23, *Zb23; -+ const BIGNUM *tmp1_, *tmp2_; -+ int ret = -1; -+ -+ if (EC_POINT_is_at_infinity(group, a)) { -+ return EC_POINT_is_at_infinity(group, b) ? 0 : 1; -+ } -+ -+ if (EC_POINT_is_at_infinity(group, b)) -+ return 1; -+ -+ if (a->Z_is_one && b->Z_is_one) { -+ return ((BN_cmp(&a->X, &b->X) == 0) -+ && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; -+ } -+ -+ field_mul = group->meth->field_mul; -+ field_sqr = group->meth->field_sqr; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return -1; -+ } -+ -+ BN_CTX_start(ctx); -+ tmp1 = BN_CTX_get(ctx); -+ tmp2 = BN_CTX_get(ctx); -+ Za23 = BN_CTX_get(ctx); -+ Zb23 = BN_CTX_get(ctx); -+ if (Zb23 == NULL) -+ goto end; -+ -+ /*- -+ * We have to decide whether -+ * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), -+ * or equivalently, whether -+ * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). -+ */ -+ -+ if (!b->Z_is_one) { -+ if (!field_sqr(group, Zb23, &b->Z, ctx)) -+ goto end; -+ if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) -+ goto end; -+ tmp1_ = tmp1; -+ } else -+ tmp1_ = &a->X; -+ if (!a->Z_is_one) { -+ if (!field_sqr(group, Za23, &a->Z, ctx)) -+ goto end; -+ if (!field_mul(group, tmp2, &b->X, Za23, ctx)) -+ goto end; -+ tmp2_ = tmp2; -+ } else -+ tmp2_ = &b->X; -+ -+ /* compare X_a*Z_b^2 with X_b*Z_a^2 */ -+ if (BN_cmp(tmp1_, tmp2_) != 0) { -+ ret = 1; /* points differ */ -+ goto end; -+ } -+ -+ if (!b->Z_is_one) { -+ if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) -+ goto end; -+ if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) -+ goto end; -+ /* tmp1_ = tmp1 */ -+ } else -+ tmp1_ = &a->Y; -+ if (!a->Z_is_one) { -+ if (!field_mul(group, Za23, Za23, &a->Z, ctx)) -+ goto end; -+ if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) -+ goto end; -+ /* tmp2_ = tmp2 */ -+ } else -+ tmp2_ = &b->Y; -+ -+ /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ -+ if (BN_cmp(tmp1_, tmp2_) != 0) { -+ ret = 1; /* points differ */ -+ goto end; -+ } -+ -+ /* points are equal */ -+ ret = 0; - - end: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- BIGNUM *x, *y; -- int ret = 0; -- -- if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) -- return 1; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- if (y == NULL) goto err; -- -- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; -- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; -- if (!point->Z_is_one) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- -- ret = 1; -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, -+ BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *x, *y; -+ int ret = 0; -+ -+ if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) -+ return 1; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ if (y == NULL) -+ goto err; -+ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) -+ goto err; -+ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) -+ goto err; -+ if (!point->Z_is_one) { -+ ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- return ret; -- } -- -- --int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) -- { -- BN_CTX *new_ctx = NULL; -- BIGNUM *tmp, *tmp_Z; -- BIGNUM **prod_Z = NULL; -- size_t i; -- int ret = 0; -- -- if (num == 0) -- return 1; -- -- if (ctx == NULL) -- { -- ctx = new_ctx = BN_CTX_new(); -- if (ctx == NULL) -- return 0; -- } -- -- BN_CTX_start(ctx); -- tmp = BN_CTX_get(ctx); -- tmp_Z = BN_CTX_get(ctx); -- if (tmp == NULL || tmp_Z == NULL) goto err; -- -- prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); -- if (prod_Z == NULL) goto err; -- for (i = 0; i < num; i++) -- { -- prod_Z[i] = BN_new(); -- if (prod_Z[i] == NULL) goto err; -- } -- -- /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, -- * skipping any zero-valued inputs (pretend that they're 1). */ -- -- if (!BN_is_zero(&points[0]->Z)) -- { -- if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; -- } -- else -- { -- if (group->meth->field_set_to_one != 0) -- { -- if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; -- } -- else -- { -- if (!BN_one(prod_Z[0])) goto err; -- } -- } -- -- for (i = 1; i < num; i++) -- { -- if (!BN_is_zero(&points[i]->Z)) -- { -- if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; -- } -- else -- { -- if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; -- } -- } -- -- /* Now use a single explicit inversion to replace every -- * non-zero points[i]->Z by its inverse. */ -- -- if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) -- { -- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); -- goto err; -- } -- if (group->meth->field_encode != 0) -- { -- /* In the Montgomery case, we just turned R*H (representing H) -- * into 1/(R*H), but we need R*(1/H) (representing 1/H); -- * i.e. we need to multiply by the Montgomery factor twice. */ -- if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; -- if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; -- } -- -- for (i = num - 1; i > 0; --i) -- { -- /* Loop invariant: tmp is the product of the inverses of -- * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ -- if (!BN_is_zero(&points[i]->Z)) -- { -- /* Set tmp_Z to the inverse of points[i]->Z (as product -- * of Z inverses 0 .. i, Z values 0 .. i - 1). */ -- if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; -- /* Update tmp to satisfy the loop invariant for i - 1. */ -- if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; -- /* Replace points[i]->Z by its inverse. */ -- if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; -- } -- } -- -- if (!BN_is_zero(&points[0]->Z)) -- { -- /* Replace points[0]->Z by its inverse. */ -- if (!BN_copy(&points[0]->Z, tmp)) goto err; -- } -- -- /* Finally, fix up the X and Y coordinates for all points. */ -- -- for (i = 0; i < num; i++) -- { -- EC_POINT *p = points[i]; -- -- if (!BN_is_zero(&p->Z)) -- { -- /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ -- -- if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; -- if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; -- -- if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; -- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; -- -- if (group->meth->field_set_to_one != 0) -- { -- if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; -- } -- else -- { -- if (!BN_one(&p->Z)) goto err; -- } -- p->Z_is_one = 1; -- } -- } -- -- ret = 1; -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ return ret; -+} -+ -+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, -+ EC_POINT *points[], BN_CTX *ctx) -+{ -+ BN_CTX *new_ctx = NULL; -+ BIGNUM *tmp, *tmp_Z; -+ BIGNUM **prod_Z = NULL; -+ size_t i; -+ int ret = 0; -+ -+ if (num == 0) -+ return 1; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ tmp = BN_CTX_get(ctx); -+ tmp_Z = BN_CTX_get(ctx); -+ if (tmp == NULL || tmp_Z == NULL) -+ goto err; -+ -+ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); -+ if (prod_Z == NULL) -+ goto err; -+ for (i = 0; i < num; i++) { -+ prod_Z[i] = BN_new(); -+ if (prod_Z[i] == NULL) -+ goto err; -+ } -+ -+ /* -+ * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, -+ * skipping any zero-valued inputs (pretend that they're 1). -+ */ -+ -+ if (!BN_is_zero(&points[0]->Z)) { -+ if (!BN_copy(prod_Z[0], &points[0]->Z)) -+ goto err; -+ } else { -+ if (group->meth->field_set_to_one != 0) { -+ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) -+ goto err; -+ } else { -+ if (!BN_one(prod_Z[0])) -+ goto err; -+ } -+ } -+ -+ for (i = 1; i < num; i++) { -+ if (!BN_is_zero(&points[i]->Z)) { -+ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], -+ &points[i]->Z, ctx)) -+ goto err; -+ } else { -+ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) -+ goto err; -+ } -+ } -+ -+ /* -+ * Now use a single explicit inversion to replace every non-zero -+ * points[i]->Z by its inverse. -+ */ -+ -+ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); -+ goto err; -+ } -+ if (group->meth->field_encode != 0) { -+ /* -+ * In the Montgomery case, we just turned R*H (representing H) into -+ * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to -+ * multiply by the Montgomery factor twice. -+ */ -+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) -+ goto err; -+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) -+ goto err; -+ } -+ -+ for (i = num - 1; i > 0; --i) { -+ /* -+ * Loop invariant: tmp is the product of the inverses of points[0]->Z -+ * .. points[i]->Z (zero-valued inputs skipped). -+ */ -+ if (!BN_is_zero(&points[i]->Z)) { -+ /* -+ * Set tmp_Z to the inverse of points[i]->Z (as product of Z -+ * inverses 0 .. i, Z values 0 .. i - 1). -+ */ -+ if (!group-> -+ meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) -+ goto err; -+ /* -+ * Update tmp to satisfy the loop invariant for i - 1. -+ */ -+ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) -+ goto err; -+ /* Replace points[i]->Z by its inverse. */ -+ if (!BN_copy(&points[i]->Z, tmp_Z)) -+ goto err; -+ } -+ } -+ -+ if (!BN_is_zero(&points[0]->Z)) { -+ /* Replace points[0]->Z by its inverse. */ -+ if (!BN_copy(&points[0]->Z, tmp)) -+ goto err; -+ } -+ -+ /* Finally, fix up the X and Y coordinates for all points. */ -+ -+ for (i = 0; i < num; i++) { -+ EC_POINT *p = points[i]; -+ -+ if (!BN_is_zero(&p->Z)) { -+ /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ -+ -+ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) -+ goto err; -+ -+ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) -+ goto err; -+ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) -+ goto err; -+ -+ if (group->meth->field_set_to_one != 0) { -+ if (!group->meth->field_set_to_one(group, &p->Z, ctx)) -+ goto err; -+ } else { -+ if (!BN_one(&p->Z)) -+ goto err; -+ } -+ p->Z_is_one = 1; -+ } -+ } -+ -+ ret = 1; - - err: -- BN_CTX_end(ctx); -- if (new_ctx != NULL) -- BN_CTX_free(new_ctx); -- if (prod_Z != NULL) -- { -- for (i = 0; i < num; i++) -- { -- if (prod_Z[i] != NULL) -- BN_clear_free(prod_Z[i]); -- } -- OPENSSL_free(prod_Z); -- } -- return ret; -- } -- -- --int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -- { -- return BN_mod_mul(r, a, b, &group->field, ctx); -- } -- -- --int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -- { -- return BN_mod_sqr(r, a, &group->field, ctx); -- } -+ BN_CTX_end(ctx); -+ if (new_ctx != NULL) -+ BN_CTX_free(new_ctx); -+ if (prod_Z != NULL) { -+ for (i = 0; i < num; i++) { -+ if (prod_Z[i] == NULL) -+ break; -+ BN_clear_free(prod_Z[i]); -+ } -+ OPENSSL_free(prod_Z); -+ } -+ return ret; -+} -+ -+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, -+ const BIGNUM *b, BN_CTX *ctx) -+{ -+ return BN_mod_mul(r, a, b, &group->field, ctx); -+} -+ -+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, -+ BN_CTX *ctx) -+{ -+ return BN_mod_sqr(r, a, &group->field, ctx); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c -index 4d2ede7..f1ec12d 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c -+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,34 +66,31 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) - --static ERR_STRING_DATA ECDH_str_functs[]= -- { --{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, --{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"}, --{0,NULL} -- }; -+static ERR_STRING_DATA ECDH_str_functs[] = { -+ {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, -+ {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA ECDH_str_reasons[]= -- { --{ERR_REASON(ECDH_R_KDF_FAILED) ,"KDF failed"}, --{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) ,"no private value"}, --{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"}, --{0,NULL} -- }; -+static ERR_STRING_DATA ECDH_str_reasons[] = { -+ {ERR_REASON(ECDH_R_KDF_FAILED), "KDF failed"}, -+ {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE), "no private value"}, -+ {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_ECDH_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,ECDH_str_functs); -- ERR_load_strings(0,ECDH_str_reasons); -- } -+ if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, ECDH_str_functs); -+ ERR_load_strings(0, ECDH_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c -index f44da92..4045fb2 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c -+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c -@@ -21,7 +21,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -69,15 +69,16 @@ - - #include "ech_locl.h" - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - - int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, -- EC_KEY *eckey, -- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) -+ EC_KEY *eckey, -+ void *(*KDF) (const void *in, size_t inlen, void *out, -+ size_t *outlen)) - { -- ECDH_DATA *ecdh = ecdh_check(eckey); -- if (ecdh == NULL) -- return 0; -- return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); -+ ECDH_DATA *ecdh = ecdh_check(eckey); -+ if (ecdh == NULL) -+ return 0; -+ return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); - } -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c -index f9ba5fb..4bba074 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c -@@ -21,7 +21,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -70,179 +70,173 @@ - #include "ech_locl.h" - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include - --const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; -+const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT; - - static const ECDH_METHOD *default_ECDH_method = NULL; - - static void *ecdh_data_new(void); - static void *ecdh_data_dup(void *); --static void ecdh_data_free(void *); -+static void ecdh_data_free(void *); - - void ECDH_set_default_method(const ECDH_METHOD *meth) -- { -- default_ECDH_method = meth; -- } -+{ -+ default_ECDH_method = meth; -+} - - const ECDH_METHOD *ECDH_get_default_method(void) -- { -- if(!default_ECDH_method) -- default_ECDH_method = ECDH_OpenSSL(); -- return default_ECDH_method; -- } -+{ -+ if (!default_ECDH_method) -+ default_ECDH_method = ECDH_OpenSSL(); -+ return default_ECDH_method; -+} - - int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) -- { -- ECDH_DATA *ecdh; -+{ -+ ECDH_DATA *ecdh; - -- ecdh = ecdh_check(eckey); -+ ecdh = ecdh_check(eckey); - -- if (ecdh == NULL) -- return 0; -+ if (ecdh == NULL) -+ return 0; - - #ifndef OPENSSL_NO_ENGINE -- if (ecdh->engine) -- { -- ENGINE_finish(ecdh->engine); -- ecdh->engine = NULL; -- } -+ if (ecdh->engine) { -+ ENGINE_finish(ecdh->engine); -+ ecdh->engine = NULL; -+ } - #endif -- ecdh->meth = meth; -+ ecdh->meth = meth; - #if 0 -- if (meth->init) -- meth->init(eckey); -+ if (meth->init) -+ meth->init(eckey); - #endif -- return 1; -- } -+ return 1; -+} - - static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) -- { -- ECDH_DATA *ret; -+{ -+ ECDH_DATA *ret; - -- ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); -- if (ret == NULL) -- { -- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -+ ret = (ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); -+ if (ret == NULL) { -+ ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } - -- ret->init = NULL; -+ ret->init = NULL; - -- ret->meth = ECDH_get_default_method(); -- ret->engine = engine; -+ ret->meth = ECDH_get_default_method(); -+ ret->engine = engine; - #ifndef OPENSSL_NO_ENGINE -- if (!ret->engine) -- ret->engine = ENGINE_get_default_ECDH(); -- if (ret->engine) -- { -- ret->meth = ENGINE_get_ECDH(ret->engine); -- if (!ret->meth) -- { -- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); -- ENGINE_finish(ret->engine); -- OPENSSL_free(ret); -- return NULL; -- } -- } -+ if (!ret->engine) -+ ret->engine = ENGINE_get_default_ECDH(); -+ if (ret->engine) { -+ ret->meth = ENGINE_get_ECDH(ret->engine); -+ if (!ret->meth) { -+ ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); -+ ENGINE_finish(ret->engine); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ } - #endif - -- ret->flags = ret->meth->flags; -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); -+ ret->flags = ret->meth->flags; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); - #if 0 -- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) -- { -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); -- OPENSSL_free(ret); -- ret=NULL; -- } --#endif -- return(ret); -- } -+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+#endif -+ return (ret); -+} - - static void *ecdh_data_new(void) -- { -- return (void *)ECDH_DATA_new_method(NULL); -- } -+{ -+ return (void *)ECDH_DATA_new_method(NULL); -+} - - static void *ecdh_data_dup(void *data) - { -- ECDH_DATA *r = (ECDH_DATA *)data; -+ ECDH_DATA *r = (ECDH_DATA *)data; - -- /* XXX: dummy operation */ -- if (r == NULL) -- return NULL; -+ /* XXX: dummy operation */ -+ if (r == NULL) -+ return NULL; - -- return (void *)ecdh_data_new(); -+ return (void *)ecdh_data_new(); - } - - void ecdh_data_free(void *data) -- { -- ECDH_DATA *r = (ECDH_DATA *)data; -+{ -+ ECDH_DATA *r = (ECDH_DATA *)data; - - #ifndef OPENSSL_NO_ENGINE -- if (r->engine) -- ENGINE_finish(r->engine); -+ if (r->engine) -+ ENGINE_finish(r->engine); - #endif - -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); - -- OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); -+ OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); - -- OPENSSL_free(r); -- } -+ OPENSSL_free(r); -+} - - ECDH_DATA *ecdh_check(EC_KEY *key) -- { -- ECDH_DATA *ecdh_data; -- -- void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, -- ecdh_data_free, ecdh_data_free); -- if (data == NULL) -- { -- ecdh_data = (ECDH_DATA *)ecdh_data_new(); -- if (ecdh_data == NULL) -- return NULL; -- data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, -- ecdh_data_dup, ecdh_data_free, ecdh_data_free); -- if (data != NULL) -- { -- /* Another thread raced us to install the key_method -- * data and won. */ -- ecdh_data_free(ecdh_data); -- ecdh_data = (ECDH_DATA *)data; -- } -- } -- else -- ecdh_data = (ECDH_DATA *)data; -- -- -- return ecdh_data; -- } -+{ -+ ECDH_DATA *ecdh_data; -+ -+ void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, -+ ecdh_data_free, ecdh_data_free); -+ if (data == NULL) { -+ ecdh_data = (ECDH_DATA *)ecdh_data_new(); -+ if (ecdh_data == NULL) -+ return NULL; -+ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, -+ ecdh_data_dup, ecdh_data_free, -+ ecdh_data_free); -+ if (data != NULL) { -+ /* -+ * Another thread raced us to install the key_method data and -+ * won. -+ */ -+ ecdh_data_free(ecdh_data); -+ ecdh_data = (ECDH_DATA *)data; -+ } -+ } else -+ ecdh_data = (ECDH_DATA *)data; -+ -+ return ecdh_data; -+} - - int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, -- new_func, dup_func, free_func); -- } -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, -+ new_func, dup_func, free_func); -+} - - int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) -- { -- ECDH_DATA *ecdh; -- ecdh = ecdh_check(d); -- if (ecdh == NULL) -- return 0; -- return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg)); -- } -+{ -+ ECDH_DATA *ecdh; -+ ecdh = ecdh_check(d); -+ if (ecdh == NULL) -+ return 0; -+ return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg)); -+} - - void *ECDH_get_ex_data(EC_KEY *d, int idx) -- { -- ECDH_DATA *ecdh; -- ecdh = ecdh_check(d); -- if (ecdh == NULL) -- return NULL; -- return(CRYPTO_get_ex_data(&ecdh->ex_data,idx)); -- } -+{ -+ ECDH_DATA *ecdh; -+ ecdh = ecdh_check(d); -+ if (ecdh == NULL) -+ return NULL; -+ return (CRYPTO_get_ex_data(&ecdh->ex_data, idx)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c -index 2a40ff1..6a8243d 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c -+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c -@@ -21,7 +21,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -67,7 +67,6 @@ - * - */ - -- - #include - #include - -@@ -80,134 +79,127 @@ - #include - - static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, -- EC_KEY *ecdh, -- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); -+ EC_KEY *ecdh, -+ void *(*KDF) (const void *in, size_t inlen, -+ void *out, size_t *outlen)); - - static ECDH_METHOD openssl_ecdh_meth = { -- "OpenSSL ECDH method", -- ecdh_compute_key, -+ "OpenSSL ECDH method", -+ ecdh_compute_key, - #if 0 -- NULL, /* init */ -- NULL, /* finish */ -+ NULL, /* init */ -+ NULL, /* finish */ - #endif -- 0, /* flags */ -- NULL /* app_data */ -+ 0, /* flags */ -+ NULL /* app_data */ - }; - - const ECDH_METHOD *ECDH_OpenSSL(void) -- { -- return &openssl_ecdh_meth; -- } -- -+{ -+ return &openssl_ecdh_meth; -+} - --/* This implementation is based on the following primitives in the IEEE 1363 standard: -+/*- -+ * This implementation is based on the following primitives in the IEEE 1363 standard: - * - ECKAS-DH1 - * - ECSVDP-DH - * Finally an optional KDF is applied. - */ - static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, -- EC_KEY *ecdh, -- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) -- { -- BN_CTX *ctx; -- EC_POINT *tmp=NULL; -- BIGNUM *x=NULL, *y=NULL; -- const BIGNUM *priv_key; -- const EC_GROUP* group; -- int ret= -1; -- size_t buflen, len; -- unsigned char *buf=NULL; -- -- if (outlen > INT_MAX) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */ -- return -1; -- } -- -- if ((ctx = BN_CTX_new()) == NULL) goto err; -- BN_CTX_start(ctx); -- x = BN_CTX_get(ctx); -- y = BN_CTX_get(ctx); -- -- priv_key = EC_KEY_get0_private_key(ecdh); -- if (priv_key == NULL) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); -- goto err; -- } -- -- group = EC_KEY_get0_group(ecdh); -- if ((tmp=EC_POINT_new(group)) == NULL) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); -- goto err; -- } -- -- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) -- { -- if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); -- goto err; -- } -- } -- else -- { -- if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); -- goto err; -- } -- } -- -- buflen = (EC_GROUP_get_degree(group) + 7)/8; -- len = BN_num_bytes(x); -- if (len > buflen) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); -- goto err; -- } -- if ((buf = OPENSSL_malloc(buflen)) == NULL) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- memset(buf, 0, buflen - len); -- if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); -- goto err; -- } -- -- if (KDF != 0) -- { -- if (KDF(buf, buflen, out, &outlen) == NULL) -- { -- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); -- goto err; -- } -- ret = outlen; -- } -- else -- { -- /* no KDF, just copy as much as we can */ -- if (outlen > buflen) -- outlen = buflen; -- memcpy(out, buf, outlen); -- ret = outlen; -- } -- --err: -- if (tmp) EC_POINT_free(tmp); -- if (ctx) BN_CTX_end(ctx); -- if (ctx) BN_CTX_free(ctx); -- if (buf) OPENSSL_free(buf); -- return(ret); -- } -+ EC_KEY *ecdh, -+ void *(*KDF) (const void *in, size_t inlen, -+ void *out, size_t *outlen)) -+{ -+ BN_CTX *ctx; -+ EC_POINT *tmp = NULL; -+ BIGNUM *x = NULL, *y = NULL; -+ const BIGNUM *priv_key; -+ const EC_GROUP *group; -+ int ret = -1; -+ size_t buflen, len; -+ unsigned char *buf = NULL; -+ -+ if (outlen > INT_MAX) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of, -+ * anyway */ -+ return -1; -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ -+ priv_key = EC_KEY_get0_private_key(ecdh); -+ if (priv_key == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(ecdh); -+ if ((tmp = EC_POINT_new(group)) == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ } else { -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); -+ goto err; -+ } -+ } -+ -+ buflen = (EC_GROUP_get_degree(group) + 7) / 8; -+ len = BN_num_bytes(x); -+ if (len > buflen) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ if ((buf = OPENSSL_malloc(buflen)) == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ memset(buf, 0, buflen - len); -+ if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (KDF != 0) { -+ if (KDF(buf, buflen, out, &outlen) == NULL) { -+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED); -+ goto err; -+ } -+ ret = outlen; -+ } else { -+ /* no KDF, just copy as much as we can */ -+ if (outlen > buflen) -+ outlen = buflen; -+ memcpy(out, buf, outlen); -+ ret = outlen; -+ } -+ -+ err: -+ if (tmp) -+ EC_POINT_free(tmp); -+ if (ctx) -+ BN_CTX_end(ctx); -+ if (ctx) -+ BN_CTX_free(ctx); -+ if (buf) -+ OPENSSL_free(buf); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c -index b295489..508b079 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,8 +58,8 @@ - #include - - ASN1_SEQUENCE(ECDSA_SIG) = { -- ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), -- ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) -+ ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), -+ ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) - } ASN1_SEQUENCE_END(ECDSA_SIG) - - DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c -index d2a5373..80d91af 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c -+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,40 +66,39 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) - --static ERR_STRING_DATA ECDSA_str_functs[]= -- { --{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, --{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, --{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, --{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, --{0,NULL} -- }; -+static ERR_STRING_DATA ECDSA_str_functs[] = { -+ {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, -+ {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, -+ {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, -+ {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA ECDSA_str_reasons[]= -- { --{ERR_REASON(ECDSA_R_BAD_SIGNATURE) ,"bad signature"}, --{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, --{ERR_REASON(ECDSA_R_ERR_EC_LIB) ,"err ec lib"}, --{ERR_REASON(ECDSA_R_MISSING_PARAMETERS) ,"missing parameters"}, --{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"}, --{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"}, --{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"}, --{0,NULL} -- }; -+static ERR_STRING_DATA ECDSA_str_reasons[] = { -+ {ERR_REASON(ECDSA_R_BAD_SIGNATURE), "bad signature"}, -+ {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), -+ "data too large for key size"}, -+ {ERR_REASON(ECDSA_R_ERR_EC_LIB), "err ec lib"}, -+ {ERR_REASON(ECDSA_R_MISSING_PARAMETERS), "missing parameters"}, -+ {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -+ {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED), -+ "random number generation failed"}, -+ {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_ECDSA_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,ECDSA_str_functs); -- ERR_load_strings(0,ECDSA_str_reasons); -- } -+ if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, ECDSA_str_functs); -+ ERR_load_strings(0, ECDSA_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c -index 81082c9..dfcb6db 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,211 +56,204 @@ - #include - #include "ecs_locl.h" - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include - #include - --const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT; -+const char ECDSA_version[] = "ECDSA" OPENSSL_VERSION_PTEXT; - - static const ECDSA_METHOD *default_ECDSA_method = NULL; - - static void *ecdsa_data_new(void); - static void *ecdsa_data_dup(void *); --static void ecdsa_data_free(void *); -+static void ecdsa_data_free(void *); - - void ECDSA_set_default_method(const ECDSA_METHOD *meth) - { -- default_ECDSA_method = meth; -+ default_ECDSA_method = meth; - } - - const ECDSA_METHOD *ECDSA_get_default_method(void) - { -- if(!default_ECDSA_method) -- default_ECDSA_method = ECDSA_OpenSSL(); -- return default_ECDSA_method; -+ if (!default_ECDSA_method) -+ default_ECDSA_method = ECDSA_OpenSSL(); -+ return default_ECDSA_method; - } - - int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) - { -- ECDSA_DATA *ecdsa; -+ ECDSA_DATA *ecdsa; - -- ecdsa = ecdsa_check(eckey); -+ ecdsa = ecdsa_check(eckey); - -- if (ecdsa == NULL) -- return 0; -+ if (ecdsa == NULL) -+ return 0; - - #ifndef OPENSSL_NO_ENGINE -- if (ecdsa->engine) -- { -- ENGINE_finish(ecdsa->engine); -- ecdsa->engine = NULL; -- } -+ if (ecdsa->engine) { -+ ENGINE_finish(ecdsa->engine); -+ ecdsa->engine = NULL; -+ } - #endif -- ecdsa->meth = meth; -+ ecdsa->meth = meth; - -- return 1; -+ return 1; - } - - static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) - { -- ECDSA_DATA *ret; -+ ECDSA_DATA *ret; - -- ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); -- if (ret == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -+ ret = (ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); -+ if (ret == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } - -- ret->init = NULL; -+ ret->init = NULL; - -- ret->meth = ECDSA_get_default_method(); -- ret->engine = engine; -+ ret->meth = ECDSA_get_default_method(); -+ ret->engine = engine; - #ifndef OPENSSL_NO_ENGINE -- if (!ret->engine) -- ret->engine = ENGINE_get_default_ECDSA(); -- if (ret->engine) -- { -- ret->meth = ENGINE_get_ECDSA(ret->engine); -- if (!ret->meth) -- { -- ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); -- ENGINE_finish(ret->engine); -- OPENSSL_free(ret); -- return NULL; -- } -- } -+ if (!ret->engine) -+ ret->engine = ENGINE_get_default_ECDSA(); -+ if (ret->engine) { -+ ret->meth = ENGINE_get_ECDSA(ret->engine); -+ if (!ret->meth) { -+ ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); -+ ENGINE_finish(ret->engine); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ } - #endif - -- ret->flags = ret->meth->flags; -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); -+ ret->flags = ret->meth->flags; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); - #if 0 -- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) -- { -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); -- OPENSSL_free(ret); -- ret=NULL; -- } --#endif -- return(ret); -+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+#endif -+ return (ret); - } - - static void *ecdsa_data_new(void) - { -- return (void *)ECDSA_DATA_new_method(NULL); -+ return (void *)ECDSA_DATA_new_method(NULL); - } - - static void *ecdsa_data_dup(void *data) - { -- ECDSA_DATA *r = (ECDSA_DATA *)data; -+ ECDSA_DATA *r = (ECDSA_DATA *)data; - -- /* XXX: dummy operation */ -- if (r == NULL) -- return NULL; -+ /* XXX: dummy operation */ -+ if (r == NULL) -+ return NULL; - -- return ecdsa_data_new(); -+ return ecdsa_data_new(); - } - - static void ecdsa_data_free(void *data) - { -- ECDSA_DATA *r = (ECDSA_DATA *)data; -+ ECDSA_DATA *r = (ECDSA_DATA *)data; - - #ifndef OPENSSL_NO_ENGINE -- if (r->engine) -- ENGINE_finish(r->engine); -+ if (r->engine) -+ ENGINE_finish(r->engine); - #endif -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); - -- OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); -+ OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); - -- OPENSSL_free(r); -+ OPENSSL_free(r); - } - - ECDSA_DATA *ecdsa_check(EC_KEY *key) - { -- ECDSA_DATA *ecdsa_data; -- -- void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, -- ecdsa_data_free, ecdsa_data_free); -- if (data == NULL) -- { -- ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); -- if (ecdsa_data == NULL) -- return NULL; -- data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, -- ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); -- if (data != NULL) -- { -- /* Another thread raced us to install the key_method -- * data and won. */ -- ecdsa_data_free(ecdsa_data); -- ecdsa_data = (ECDSA_DATA *)data; -- } -- } -- else -- ecdsa_data = (ECDSA_DATA *)data; -- -- -- return ecdsa_data; -+ ECDSA_DATA *ecdsa_data; -+ -+ void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, -+ ecdsa_data_free, ecdsa_data_free); -+ if (data == NULL) { -+ ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); -+ if (ecdsa_data == NULL) -+ return NULL; -+ data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, -+ ecdsa_data_dup, ecdsa_data_free, -+ ecdsa_data_free); -+ if (data != NULL) { -+ /* -+ * Another thread raced us to install the key_method data and -+ * won. -+ */ -+ ecdsa_data_free(ecdsa_data); -+ ecdsa_data = (ECDSA_DATA *)data; -+ } -+ } else -+ ecdsa_data = (ECDSA_DATA *)data; -+ -+ return ecdsa_data; - } - - int ECDSA_size(const EC_KEY *r) - { -- int ret,i; -- ASN1_INTEGER bs; -- BIGNUM *order=NULL; -- unsigned char buf[4]; -- const EC_GROUP *group; -- -- if (r == NULL) -- return 0; -- group = EC_KEY_get0_group(r); -- if (group == NULL) -- return 0; -- -- if ((order = BN_new()) == NULL) return 0; -- if (!EC_GROUP_get_order(group,order,NULL)) -- { -- BN_clear_free(order); -- return 0; -- } -- i=BN_num_bits(order); -- bs.length=(i+7)/8; -- bs.data=buf; -- bs.type=V_ASN1_INTEGER; -- /* If the top bit is set the asn1 encoding is 1 larger. */ -- buf[0]=0xff; -- -- i=i2d_ASN1_INTEGER(&bs,NULL); -- i+=i; /* r and s */ -- ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); -- BN_clear_free(order); -- return(ret); -+ int ret, i; -+ ASN1_INTEGER bs; -+ BIGNUM *order = NULL; -+ unsigned char buf[4]; -+ const EC_GROUP *group; -+ -+ if (r == NULL) -+ return 0; -+ group = EC_KEY_get0_group(r); -+ if (group == NULL) -+ return 0; -+ -+ if ((order = BN_new()) == NULL) -+ return 0; -+ if (!EC_GROUP_get_order(group, order, NULL)) { -+ BN_clear_free(order); -+ return 0; -+ } -+ i = BN_num_bits(order); -+ bs.length = (i + 7) / 8; -+ bs.data = buf; -+ bs.type = V_ASN1_INTEGER; -+ /* If the top bit is set the asn1 encoding is 1 larger. */ -+ buf[0] = 0xff; -+ -+ i = i2d_ASN1_INTEGER(&bs, NULL); -+ i += i; /* r and s */ -+ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); -+ BN_clear_free(order); -+ return (ret); - } - -- - int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, -- new_func, dup_func, free_func); -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, -+ new_func, dup_func, free_func); - } - - int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) - { -- ECDSA_DATA *ecdsa; -- ecdsa = ecdsa_check(d); -- if (ecdsa == NULL) -- return 0; -- return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); -+ ECDSA_DATA *ecdsa; -+ ecdsa = ecdsa_check(d); -+ if (ecdsa == NULL) -+ return 0; -+ return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg)); - } - - void *ECDSA_get_ex_data(EC_KEY *d, int idx) - { -- ECDSA_DATA *ecdsa; -- ecdsa = ecdsa_check(d); -- if (ecdsa == NULL) -- return NULL; -- return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); -+ ECDSA_DATA *ecdsa; -+ ecdsa = ecdsa_check(d); -+ if (ecdsa == NULL) -+ return NULL; -+ return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx)); - } -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c -index 1bbf328..8b29b24 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c -+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,420 +61,377 @@ - #include - #include - --static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, -- const BIGNUM *, const BIGNUM *, EC_KEY *eckey); --static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -- BIGNUM **rp); --static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, -- const ECDSA_SIG *sig, EC_KEY *eckey); -+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, -+ const BIGNUM *, const BIGNUM *, -+ EC_KEY *eckey); -+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp); -+static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey); - - static ECDSA_METHOD openssl_ecdsa_meth = { -- "OpenSSL ECDSA method", -- ecdsa_do_sign, -- ecdsa_sign_setup, -- ecdsa_do_verify, -+ "OpenSSL ECDSA method", -+ ecdsa_do_sign, -+ ecdsa_sign_setup, -+ ecdsa_do_verify, - #if 0 -- NULL, /* init */ -- NULL, /* finish */ -+ NULL, /* init */ -+ NULL, /* finish */ - #endif -- 0, /* flags */ -- NULL /* app_data */ -+ 0, /* flags */ -+ NULL /* app_data */ - }; - - const ECDSA_METHOD *ECDSA_OpenSSL(void) - { -- return &openssl_ecdsa_meth; -+ return &openssl_ecdsa_meth; - } - - static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -- BIGNUM **rp) -+ BIGNUM **rp) - { -- BN_CTX *ctx = NULL; -- BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; -- EC_POINT *tmp_point=NULL; -- const EC_GROUP *group; -- int ret = 0; -+ BN_CTX *ctx = NULL; -+ BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; -+ EC_POINT *tmp_point = NULL; -+ const EC_GROUP *group; -+ int ret = 0; - -- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -+ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } - -- if (ctx_in == NULL) -- { -- if ((ctx = BN_CTX_new()) == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- else -- ctx = ctx_in; -+ if (ctx_in == NULL) { -+ if ((ctx = BN_CTX_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } else -+ ctx = ctx_in; - -- k = BN_new(); /* this value is later returned in *kinvp */ -- r = BN_new(); /* this value is later returned in *rp */ -- order = BN_new(); -- X = BN_new(); -- if (!k || !r || !order || !X) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if ((tmp_point = EC_POINT_new(group)) == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); -- goto err; -- } -- if (!EC_GROUP_get_order(group, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); -- goto err; -- } -- -- do -- { -- /* get random k */ -- do -- if (!BN_rand_range(k, order)) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, -- ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); -- goto err; -- } -- while (BN_is_zero(k)); -+ k = BN_new(); /* this value is later returned in *kinvp */ -+ r = BN_new(); /* this value is later returned in *rp */ -+ order = BN_new(); -+ X = BN_new(); -+ if (!k || !r || !order || !X) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if ((tmp_point = EC_POINT_new(group)) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); -+ goto err; -+ } -+ if (!EC_GROUP_get_order(group, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); -+ goto err; -+ } - -- /* We do not want timing information to leak the length of k, -- * so we compute G*k using an equivalent scalar of fixed -- * bit-length. */ -+ do { -+ /* get random k */ -+ do -+ if (!BN_rand_range(k, order)) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, -+ ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); -+ goto err; -+ } -+ while (BN_is_zero(k)) ; - -- if (!BN_add(k, k, order)) goto err; -- if (BN_num_bits(k) <= BN_num_bits(order)) -- if (!BN_add(k, k, order)) goto err; -+ /* -+ * We do not want timing information to leak the length of k, so we -+ * compute G*k using an equivalent scalar of fixed bit-length. -+ */ - -- /* compute r the x-coordinate of generator * k */ -- if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); -- goto err; -- } -- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) -- { -- if (!EC_POINT_get_affine_coordinates_GFp(group, -- tmp_point, X, NULL, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); -- goto err; -- } -- } -- else /* NID_X9_62_characteristic_two_field */ -- { -- if (!EC_POINT_get_affine_coordinates_GF2m(group, -- tmp_point, X, NULL, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); -- goto err; -- } -- } -- if (!BN_nnmod(r, X, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); -- goto err; -- } -- } -- while (BN_is_zero(r)); -+ if (!BN_add(k, k, order)) -+ goto err; -+ if (BN_num_bits(k) <= BN_num_bits(order)) -+ if (!BN_add(k, k, order)) -+ goto err; - -- /* compute the inverse of k */ -- if (!BN_mod_inverse(k, k, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); -- goto err; -- } -- /* clear old values if necessary */ -- if (*rp != NULL) -- BN_clear_free(*rp); -- if (*kinvp != NULL) -- BN_clear_free(*kinvp); -- /* save the pre-computed values */ -- *rp = r; -- *kinvp = k; -- ret = 1; --err: -- if (!ret) -- { -- if (k != NULL) BN_clear_free(k); -- if (r != NULL) BN_clear_free(r); -- } -- if (ctx_in == NULL) -- BN_CTX_free(ctx); -- if (order != NULL) -- BN_free(order); -- if (tmp_point != NULL) -- EC_POINT_free(tmp_point); -- if (X) -- BN_clear_free(X); -- return(ret); --} -+ /* compute r the x-coordinate of generator * k */ -+ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); -+ goto err; -+ } -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ if (!EC_POINT_get_affine_coordinates_GFp -+ (group, tmp_point, X, NULL, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { /* NID_X9_62_characteristic_two_field */ - -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, -+ tmp_point, X, NULL, -+ ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ if (!BN_nnmod(r, X, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); -+ goto err; -+ } -+ } -+ while (BN_is_zero(r)); -+ -+ /* compute the inverse of k */ -+ if (!BN_mod_inverse(k, k, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* clear old values if necessary */ -+ if (*rp != NULL) -+ BN_clear_free(*rp); -+ if (*kinvp != NULL) -+ BN_clear_free(*kinvp); -+ /* save the pre-computed values */ -+ *rp = r; -+ *kinvp = k; -+ ret = 1; -+ err: -+ if (!ret) { -+ if (k != NULL) -+ BN_clear_free(k); -+ if (r != NULL) -+ BN_clear_free(r); -+ } -+ if (ctx_in == NULL) -+ BN_CTX_free(ctx); -+ if (order != NULL) -+ BN_free(order); -+ if (tmp_point != NULL) -+ EC_POINT_free(tmp_point); -+ if (X) -+ BN_clear_free(X); -+ return (ret); -+} - --static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, -- const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) -+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, -+ const BIGNUM *in_kinv, const BIGNUM *in_r, -+ EC_KEY *eckey) - { -- int ok = 0, i; -- BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; -- const BIGNUM *ckinv; -- BN_CTX *ctx = NULL; -- const EC_GROUP *group; -- ECDSA_SIG *ret; -- ECDSA_DATA *ecdsa; -- const BIGNUM *priv_key; -+ int ok = 0, i; -+ BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL; -+ const BIGNUM *ckinv; -+ BN_CTX *ctx = NULL; -+ const EC_GROUP *group; -+ ECDSA_SIG *ret; -+ ECDSA_DATA *ecdsa; -+ const BIGNUM *priv_key; - -- ecdsa = ecdsa_check(eckey); -- group = EC_KEY_get0_group(eckey); -- priv_key = EC_KEY_get0_private_key(eckey); -- -- if (group == NULL || priv_key == NULL || ecdsa == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -+ ecdsa = ecdsa_check(eckey); -+ group = EC_KEY_get0_group(eckey); -+ priv_key = EC_KEY_get0_private_key(eckey); - -- ret = ECDSA_SIG_new(); -- if (!ret) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- s = ret->s; -+ if (group == NULL || priv_key == NULL || ecdsa == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } - -- if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || -- (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ ret = ECDSA_SIG_new(); -+ if (!ret) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ s = ret->s; - -- if (!EC_GROUP_get_order(group, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -- goto err; -- } -- i = BN_num_bits(order); -- /* Need to truncate digest if it is too long: first truncate whole -- * bytes. -- */ -- if (8 * dgst_len > i) -- dgst_len = (i + 7)/8; -- if (!BN_bin2bn(dgst, dgst_len, m)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -- goto err; -- } -- /* If still too long truncate remaining bits with a shift */ -- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -- goto err; -- } -- do -- { -- if (in_kinv == NULL || in_r == NULL) -- { -- if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB); -- goto err; -- } -- ckinv = kinv; -- } -- else -- { -- ckinv = in_kinv; -- if (BN_copy(ret->r, in_r) == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -+ if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || -+ (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -- goto err; -- } -- if (!BN_mod_add_quick(s, tmp, m, order)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -- goto err; -- } -- if (!BN_mod_mul(s, s, ckinv, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -- goto err; -- } -- if (BN_is_zero(s)) -- { -- /* if kinv and r have been supplied by the caller -- * don't to generate new kinv and r values */ -- if (in_kinv != NULL && in_r != NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES); -- goto err; -- } -- } -- else -- /* s != 0 => we have a valid signature */ -- break; -- } -- while (1); -+ if (!EC_GROUP_get_order(group, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); -+ goto err; -+ } -+ i = BN_num_bits(order); -+ /* -+ * Need to truncate digest if it is too long: first truncate whole bytes. -+ */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7) / 8; -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ do { -+ if (in_kinv == NULL || in_r == NULL) { -+ if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB); -+ goto err; -+ } -+ ckinv = kinv; -+ } else { -+ ckinv = in_kinv; -+ if (BN_copy(ret->r, in_r) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } - -- ok = 1; --err: -- if (!ok) -- { -- ECDSA_SIG_free(ret); -- ret = NULL; -- } -- if (ctx) -- BN_CTX_free(ctx); -- if (m) -- BN_clear_free(m); -- if (tmp) -- BN_clear_free(tmp); -- if (order) -- BN_free(order); -- if (kinv) -- BN_clear_free(kinv); -- return ret; -+ if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ if (!BN_mod_add_quick(s, tmp, m, order)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ if (!BN_mod_mul(s, s, ckinv, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); -+ goto err; -+ } -+ if (BN_is_zero(s)) { -+ /* -+ * if kinv and r have been supplied by the caller don't to -+ * generate new kinv and r values -+ */ -+ if (in_kinv != NULL && in_r != NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, -+ ECDSA_R_NEED_NEW_SETUP_VALUES); -+ goto err; -+ } -+ } else -+ /* s != 0 => we have a valid signature */ -+ break; -+ } -+ while (1); -+ -+ ok = 1; -+ err: -+ if (!ok) { -+ ECDSA_SIG_free(ret); -+ ret = NULL; -+ } -+ if (ctx) -+ BN_CTX_free(ctx); -+ if (m) -+ BN_clear_free(m); -+ if (tmp) -+ BN_clear_free(tmp); -+ if (order) -+ BN_free(order); -+ if (kinv) -+ BN_clear_free(kinv); -+ return ret; - } - - static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, -- const ECDSA_SIG *sig, EC_KEY *eckey) -+ const ECDSA_SIG *sig, EC_KEY *eckey) - { -- int ret = -1, i; -- BN_CTX *ctx; -- BIGNUM *order, *u1, *u2, *m, *X; -- EC_POINT *point = NULL; -- const EC_GROUP *group; -- const EC_POINT *pub_key; -+ int ret = -1, i; -+ BN_CTX *ctx; -+ BIGNUM *order, *u1, *u2, *m, *X; -+ EC_POINT *point = NULL; -+ const EC_GROUP *group; -+ const EC_POINT *pub_key; -+ -+ /* check input values */ -+ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || -+ (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); -+ return -1; -+ } -+ -+ ctx = BN_CTX_new(); -+ if (!ctx) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ BN_CTX_start(ctx); -+ order = BN_CTX_get(ctx); -+ u1 = BN_CTX_get(ctx); -+ u2 = BN_CTX_get(ctx); -+ m = BN_CTX_get(ctx); -+ X = BN_CTX_get(ctx); -+ if (!X) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (!EC_GROUP_get_order(group, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } - -- /* check input values */ -- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || -- (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); -- return -1; -- } -+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || -+ BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || -+ BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); -+ ret = 0; /* signature is invalid */ -+ goto err; -+ } -+ /* calculate tmp1 = inv(S) mod order */ -+ if (!BN_mod_inverse(u2, sig->s, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* digest -> m */ -+ i = BN_num_bits(order); -+ /* -+ * Need to truncate digest if it is too long: first truncate whole bytes. -+ */ -+ if (8 * dgst_len > i) -+ dgst_len = (i + 7) / 8; -+ if (!BN_bin2bn(dgst, dgst_len, m)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* If still too long truncate remaining bits with a shift */ -+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* u1 = m * tmp mod order */ -+ if (!BN_mod_mul(u1, m, u2, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* u2 = r * w mod q */ -+ if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } - -- ctx = BN_CTX_new(); -- if (!ctx) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -- return -1; -- } -- BN_CTX_start(ctx); -- order = BN_CTX_get(ctx); -- u1 = BN_CTX_get(ctx); -- u2 = BN_CTX_get(ctx); -- m = BN_CTX_get(ctx); -- X = BN_CTX_get(ctx); -- if (!X) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -- goto err; -- } -- -- if (!EC_GROUP_get_order(group, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -- goto err; -- } -+ if ((point = EC_POINT_new(group)) == NULL) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == -+ NID_X9_62_prime_field) { -+ if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } else { /* NID_X9_62_characteristic_two_field */ - -- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || -- BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || -- BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); -- ret = 0; /* signature is invalid */ -- goto err; -- } -- /* calculate tmp1 = inv(S) mod order */ -- if (!BN_mod_inverse(u2, sig->s, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -- goto err; -- } -- /* digest -> m */ -- i = BN_num_bits(order); -- /* Need to truncate digest if it is too long: first truncate whole -- * bytes. -- */ -- if (8 * dgst_len > i) -- dgst_len = (i + 7)/8; -- if (!BN_bin2bn(dgst, dgst_len, m)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -- goto err; -- } -- /* If still too long truncate remaining bits with a shift */ -- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -- goto err; -- } -- /* u1 = m * tmp mod order */ -- if (!BN_mod_mul(u1, m, u2, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -- goto err; -- } -- /* u2 = r * w mod q */ -- if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -- goto err; -- } -+ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } - -- if ((point = EC_POINT_new(group)) == NULL) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -- goto err; -- } -- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) -- { -- if (!EC_POINT_get_affine_coordinates_GFp(group, -- point, X, NULL, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -- goto err; -- } -- } -- else /* NID_X9_62_characteristic_two_field */ -- { -- if (!EC_POINT_get_affine_coordinates_GF2m(group, -- point, X, NULL, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); -- goto err; -- } -- } -- -- if (!BN_nnmod(u1, X, order, ctx)) -- { -- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -- goto err; -- } -- /* if the signature is correct u1 is equal to sig->r */ -- ret = (BN_ucmp(u1, sig->r) == 0); --err: -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- if (point) -- EC_POINT_free(point); -- return ret; -+ if (!BN_nnmod(u1, X, order, ctx)) { -+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); -+ goto err; -+ } -+ /* if the signature is correct u1 is equal to sig->r */ -+ ret = (BN_ucmp(u1, sig->r) == 0); -+ err: -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ if (point) -+ EC_POINT_free(point); -+ return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c -index 353d5af..28652d4 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c -+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -55,52 +55,52 @@ - - #include "ecs_locl.h" - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include - - ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) - { -- return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); -+ return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); - } - - ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, -- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) -+ const BIGNUM *kinv, const BIGNUM *rp, -+ EC_KEY *eckey) - { -- ECDSA_DATA *ecdsa = ecdsa_check(eckey); -- if (ecdsa == NULL) -- return NULL; -- return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); -+ ECDSA_DATA *ecdsa = ecdsa_check(eckey); -+ if (ecdsa == NULL) -+ return NULL; -+ return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); - } - --int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char -- *sig, unsigned int *siglen, EC_KEY *eckey) -+int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char -+ *sig, unsigned int *siglen, EC_KEY *eckey) - { -- return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); -+ return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); - } - --int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char -- *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, -- EC_KEY *eckey) -+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char -+ *sig, unsigned int *siglen, const BIGNUM *kinv, -+ const BIGNUM *r, EC_KEY *eckey) - { -- ECDSA_SIG *s; -- RAND_seed(dgst, dlen); -- s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); -- if (s == NULL) -- { -- *siglen=0; -- return 0; -- } -- *siglen = i2d_ECDSA_SIG(s, &sig); -- ECDSA_SIG_free(s); -- return 1; -+ ECDSA_SIG *s; -+ RAND_seed(dgst, dlen); -+ s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); -+ if (s == NULL) { -+ *siglen = 0; -+ return 0; -+ } -+ *siglen = i2d_ECDSA_SIG(s, &sig); -+ ECDSA_SIG_free(s); -+ return 1; - } - --int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -- BIGNUM **rp) -+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp) - { -- ECDSA_DATA *ecdsa = ecdsa_check(eckey); -- if (ecdsa == NULL) -- return 0; -- return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); -+ ECDSA_DATA *ecdsa = ecdsa_check(eckey); -+ if (ecdsa == NULL) -+ return 0; -+ return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); - } -diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c -index ef9acf7..e909aeb 100644 ---- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c -+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,40 +57,56 @@ - */ - - #include "ecs_locl.h" -+#include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - --/* returns -+/*- -+ * returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ --int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, -- const ECDSA_SIG *sig, EC_KEY *eckey) -- { -- ECDSA_DATA *ecdsa = ecdsa_check(eckey); -- if (ecdsa == NULL) -- return 0; -- return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); -- } -+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey) -+{ -+ ECDSA_DATA *ecdsa = ecdsa_check(eckey); -+ if (ecdsa == NULL) -+ return 0; -+ return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); -+} - --/* returns -+/*- -+ * returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ - int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, -- const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) -- { -- ECDSA_SIG *s; -- int ret=-1; -+ const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) -+{ -+ ECDSA_SIG *s; -+ const unsigned char *p = sigbuf; -+ unsigned char *der = NULL; -+ int derlen = -1; -+ int ret = -1; - -- s = ECDSA_SIG_new(); -- if (s == NULL) return(ret); -- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; -- ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); --err: -- ECDSA_SIG_free(s); -- return(ret); -- } -+ s = ECDSA_SIG_new(); -+ if (s == NULL) -+ return (ret); -+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) -+ goto err; -+ /* Ensure signature uses DER and doesn't have trailing garbage */ -+ derlen = i2d_ECDSA_SIG(s, &der); -+ if (derlen != sig_len || memcmp(sigbuf, der, derlen)) -+ goto err; -+ ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); -+ err: -+ if (derlen > 0) { -+ OPENSSL_cleanse(der, derlen); -+ OPENSSL_free(der); -+ } -+ ECDSA_SIG_free(s); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c -index 8a1b9c7..0683df8 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c -@@ -1,6 +1,7 @@ - /* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte for the OpenSSL -- * project 2000. -+/* -+ * Written by Richard Levitte for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,66 +61,69 @@ - #include "eng_int.h" - - void ENGINE_load_builtin_engines(void) -- { -- /* There's no longer any need for an "openssl" ENGINE unless, one day, -- * it is the *only* way for standard builtin implementations to be be -- * accessed (ie. it would be possible to statically link binaries with -- * *no* builtin implementations). */ -+{ -+ /* -+ * There's no longer any need for an "openssl" ENGINE unless, one day, it -+ * is the *only* way for standard builtin implementations to be be -+ * accessed (ie. it would be possible to statically link binaries with -+ * *no* builtin implementations). -+ */ - #if 0 -- ENGINE_load_openssl(); -+ ENGINE_load_openssl(); - #endif - #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) -- ENGINE_load_padlock(); -+ ENGINE_load_padlock(); - #endif -- ENGINE_load_dynamic(); -+ ENGINE_load_dynamic(); - #ifndef OPENSSL_NO_STATIC_ENGINE --#ifndef OPENSSL_NO_HW --#ifndef OPENSSL_NO_HW_4758_CCA -- ENGINE_load_4758cca(); --#endif --#ifndef OPENSSL_NO_HW_AEP -- ENGINE_load_aep(); --#endif --#ifndef OPENSSL_NO_HW_ATALLA -- ENGINE_load_atalla(); --#endif --#ifndef OPENSSL_NO_HW_CSWIFT -- ENGINE_load_cswift(); --#endif --#ifndef OPENSSL_NO_HW_NCIPHER -- ENGINE_load_chil(); --#endif --#ifndef OPENSSL_NO_HW_NURON -- ENGINE_load_nuron(); --#endif --#ifndef OPENSSL_NO_HW_SUREWARE -- ENGINE_load_sureware(); --#endif --#ifndef OPENSSL_NO_HW_UBSEC -- ENGINE_load_ubsec(); --#endif --#endif --#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) -- ENGINE_load_gmp(); --#endif --#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) -- ENGINE_load_capi(); --#endif -+# ifndef OPENSSL_NO_HW -+# ifndef OPENSSL_NO_HW_4758_CCA -+ ENGINE_load_4758cca(); -+# endif -+# ifndef OPENSSL_NO_HW_AEP -+ ENGINE_load_aep(); -+# endif -+# ifndef OPENSSL_NO_HW_ATALLA -+ ENGINE_load_atalla(); -+# endif -+# ifndef OPENSSL_NO_HW_CSWIFT -+ ENGINE_load_cswift(); -+# endif -+# ifndef OPENSSL_NO_HW_NCIPHER -+ ENGINE_load_chil(); -+# endif -+# ifndef OPENSSL_NO_HW_NURON -+ ENGINE_load_nuron(); -+# endif -+# ifndef OPENSSL_NO_HW_SUREWARE -+ ENGINE_load_sureware(); -+# endif -+# ifndef OPENSSL_NO_HW_UBSEC -+ ENGINE_load_ubsec(); -+# endif -+# endif -+# if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) -+ ENGINE_load_gmp(); -+# endif -+# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) -+ ENGINE_load_capi(); -+# endif - #endif - #ifndef OPENSSL_NO_HW --#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) -- ENGINE_load_cryptodev(); --#endif -+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) -+ ENGINE_load_cryptodev(); -+# endif - #endif -- } -+} - - #if defined(__OpenBSD__) || defined(__FreeBSD__) --void ENGINE_setup_bsd_cryptodev(void) { -- static int bsd_cryptodev_default_loaded = 0; -- if (!bsd_cryptodev_default_loaded) { -- ENGINE_load_cryptodev(); -- ENGINE_register_all_complete(); -- } -- bsd_cryptodev_default_loaded=1; -+void ENGINE_setup_bsd_cryptodev(void) -+{ -+ static int bsd_cryptodev_default_loaded = 0; -+ if (!bsd_cryptodev_default_loaded) { -+ ENGINE_load_cryptodev(); -+ ENGINE_register_all_complete(); -+ } -+ bsd_cryptodev_default_loaded = 1; - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c -index 95c4070..f09bec4 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c -@@ -1,6 +1,7 @@ - /* eng_cnf.c */ --/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,196 +65,178 @@ - /* ENGINE config module */ - - static char *skip_dot(char *name) -- { -- char *p; -- p = strchr(name, '.'); -- if (p) -- return p + 1; -- return name; -- } -+{ -+ char *p; -+ p = strchr(name, '.'); -+ if (p) -+ return p + 1; -+ return name; -+} - - static STACK_OF(ENGINE) *initialized_engines = NULL; - - static int int_engine_init(ENGINE *e) -- { -- if (!ENGINE_init(e)) -- return 0; -- if (!initialized_engines) -- initialized_engines = sk_ENGINE_new_null(); -- if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) -- { -- ENGINE_finish(e); -- return 0; -- } -- return 1; -- } -- -+{ -+ if (!ENGINE_init(e)) -+ return 0; -+ if (!initialized_engines) -+ initialized_engines = sk_ENGINE_new_null(); -+ if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) { -+ ENGINE_finish(e); -+ return 0; -+ } -+ return 1; -+} - - static int int_engine_configure(char *name, char *value, const CONF *cnf) -- { -- int i; -- int ret = 0; -- long do_init = -1; -- STACK_OF(CONF_VALUE) *ecmds; -- CONF_VALUE *ecmd = NULL; -- char *ctrlname, *ctrlvalue; -- ENGINE *e = NULL; -- int soft = 0; -- -- name = skip_dot(name); -+{ -+ int i; -+ int ret = 0; -+ long do_init = -1; -+ STACK_OF(CONF_VALUE) *ecmds; -+ CONF_VALUE *ecmd = NULL; -+ char *ctrlname, *ctrlvalue; -+ ENGINE *e = NULL; -+ int soft = 0; -+ -+ name = skip_dot(name); - #ifdef ENGINE_CONF_DEBUG -- fprintf(stderr, "Configuring engine %s\n", name); -+ fprintf(stderr, "Configuring engine %s\n", name); - #endif -- /* Value is a section containing ENGINE commands */ -- ecmds = NCONF_get_section(cnf, value); -- -- if (!ecmds) -- { -- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR); -- return 0; -- } -- -- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) -- { -- ecmd = sk_CONF_VALUE_value(ecmds, i); -- ctrlname = skip_dot(ecmd->name); -- ctrlvalue = ecmd->value; -+ /* Value is a section containing ENGINE commands */ -+ ecmds = NCONF_get_section(cnf, value); -+ -+ if (!ecmds) { -+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, -+ ENGINE_R_ENGINE_SECTION_ERROR); -+ return 0; -+ } -+ -+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { -+ ecmd = sk_CONF_VALUE_value(ecmds, i); -+ ctrlname = skip_dot(ecmd->name); -+ ctrlvalue = ecmd->value; - #ifdef ENGINE_CONF_DEBUG -- fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue); -+ fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, -+ ctrlvalue); - #endif - -- /* First handle some special pseudo ctrls */ -- -- /* Override engine name to use */ -- if (!strcmp(ctrlname, "engine_id")) -- name = ctrlvalue; -- else if (!strcmp(ctrlname, "soft_load")) -- soft = 1; -- /* Load a dynamic ENGINE */ -- else if (!strcmp(ctrlname, "dynamic_path")) -- { -- e = ENGINE_by_id("dynamic"); -- if (!e) -- goto err; -- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) -- goto err; -- if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) -- goto err; -- if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) -- goto err; -- } -- /* ... add other pseudos here ... */ -- else -- { -- /* At this point we need an ENGINE structural reference -- * if we don't already have one. -- */ -- if (!e) -- { -- e = ENGINE_by_id(name); -- if (!e && soft) -- { -- ERR_clear_error(); -- return 1; -- } -- if (!e) -- goto err; -- } -- /* Allow "EMPTY" to mean no value: this allows a valid -- * "value" to be passed to ctrls of type NO_INPUT -- */ -- if (!strcmp(ctrlvalue, "EMPTY")) -- ctrlvalue = NULL; -- if (!strcmp(ctrlname, "init")) -- { -- if (!NCONF_get_number_e(cnf, value, "init", &do_init)) -- goto err; -- if (do_init == 1) -- { -- if (!int_engine_init(e)) -- goto err; -- } -- else if (do_init != 0) -- { -- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE); -- goto err; -- } -- } -- else if (!strcmp(ctrlname, "default_algorithms")) -- { -- if (!ENGINE_set_default_string(e, ctrlvalue)) -- goto err; -- } -- else if (!ENGINE_ctrl_cmd_string(e, -- ctrlname, ctrlvalue, 0)) -- goto err; -- } -- -- -- -- } -- if (e && (do_init == -1) && !int_engine_init(e)) -- { -- ecmd = NULL; -- goto err; -- } -- ret = 1; -- err: -- if (ret != 1) -- { -- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR); -- if (ecmd) -- ERR_add_error_data(6, "section=", ecmd->section, -- ", name=", ecmd->name, -- ", value=", ecmd->value); -- } -- if (e) -- ENGINE_free(e); -- return ret; -- } -- -+ /* First handle some special pseudo ctrls */ -+ -+ /* Override engine name to use */ -+ if (!strcmp(ctrlname, "engine_id")) -+ name = ctrlvalue; -+ else if (!strcmp(ctrlname, "soft_load")) -+ soft = 1; -+ /* Load a dynamic ENGINE */ -+ else if (!strcmp(ctrlname, "dynamic_path")) { -+ e = ENGINE_by_id("dynamic"); -+ if (!e) -+ goto err; -+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) -+ goto err; -+ if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) -+ goto err; -+ if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) -+ goto err; -+ } -+ /* ... add other pseudos here ... */ -+ else { -+ /* -+ * At this point we need an ENGINE structural reference if we -+ * don't already have one. -+ */ -+ if (!e) { -+ e = ENGINE_by_id(name); -+ if (!e && soft) { -+ ERR_clear_error(); -+ return 1; -+ } -+ if (!e) -+ goto err; -+ } -+ /* -+ * Allow "EMPTY" to mean no value: this allows a valid "value" to -+ * be passed to ctrls of type NO_INPUT -+ */ -+ if (!strcmp(ctrlvalue, "EMPTY")) -+ ctrlvalue = NULL; -+ if (!strcmp(ctrlname, "init")) { -+ if (!NCONF_get_number_e(cnf, value, "init", &do_init)) -+ goto err; -+ if (do_init == 1) { -+ if (!int_engine_init(e)) -+ goto err; -+ } else if (do_init != 0) { -+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, -+ ENGINE_R_INVALID_INIT_VALUE); -+ goto err; -+ } -+ } else if (!strcmp(ctrlname, "default_algorithms")) { -+ if (!ENGINE_set_default_string(e, ctrlvalue)) -+ goto err; -+ } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) -+ goto err; -+ } -+ -+ } -+ if (e && (do_init == -1) && !int_engine_init(e)) { -+ ecmd = NULL; -+ goto err; -+ } -+ ret = 1; -+ err: -+ if (ret != 1) { -+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, -+ ENGINE_R_ENGINE_CONFIGURATION_ERROR); -+ if (ecmd) -+ ERR_add_error_data(6, "section=", ecmd->section, -+ ", name=", ecmd->name, -+ ", value=", ecmd->value); -+ } -+ if (e) -+ ENGINE_free(e); -+ return ret; -+} - - static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) -- { -- STACK_OF(CONF_VALUE) *elist; -- CONF_VALUE *cval; -- int i; -+{ -+ STACK_OF(CONF_VALUE) *elist; -+ CONF_VALUE *cval; -+ int i; - #ifdef ENGINE_CONF_DEBUG -- fprintf(stderr, "Called engine module: name %s, value %s\n", -- CONF_imodule_get_name(md), CONF_imodule_get_value(md)); -+ fprintf(stderr, "Called engine module: name %s, value %s\n", -+ CONF_imodule_get_name(md), CONF_imodule_get_value(md)); - #endif -- /* Value is a section containing ENGINEs to configure */ -- elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); -+ /* Value is a section containing ENGINEs to configure */ -+ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); - -- if (!elist) -- { -- ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR); -- return 0; -- } -+ if (!elist) { -+ ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, -+ ENGINE_R_ENGINES_SECTION_ERROR); -+ return 0; -+ } - -- for (i = 0; i < sk_CONF_VALUE_num(elist); i++) -- { -- cval = sk_CONF_VALUE_value(elist, i); -- if (!int_engine_configure(cval->name, cval->value, cnf)) -- return 0; -- } -+ for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { -+ cval = sk_CONF_VALUE_value(elist, i); -+ if (!int_engine_configure(cval->name, cval->value, cnf)) -+ return 0; -+ } - -- return 1; -- } -+ return 1; -+} - - static void int_engine_module_finish(CONF_IMODULE *md) -- { -- ENGINE *e; -- while ((e = sk_ENGINE_pop(initialized_engines))) -- ENGINE_finish(e); -- sk_ENGINE_free(initialized_engines); -- initialized_engines = NULL; -- } -- -+{ -+ ENGINE *e; -+ while ((e = sk_ENGINE_pop(initialized_engines))) -+ ENGINE_finish(e); -+ sk_ENGINE_free(initialized_engines); -+ initialized_engines = NULL; -+} - - void ENGINE_add_conf_module(void) -- { -- CONF_module_add("engines", -- int_engine_module_init, -- int_engine_module_finish); -- } -+{ -+ CONF_module_add("engines", -+ int_engine_module_init, int_engine_module_finish); -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c -index eef1e2d..c94674e 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c -@@ -36,8 +36,8 @@ - #include - - #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ -- (defined(OpenBSD) || defined(__FreeBSD__)) --#include -+ (defined(OpenBSD) || defined(__FreeBSD__)) -+# include - # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) - # define HAVE_CRYPTODEV - # endif -@@ -48,30 +48,29 @@ - - #ifndef HAVE_CRYPTODEV - --void --ENGINE_load_cryptodev(void) -+void ENGINE_load_cryptodev(void) - { -- /* This is a NOP on platforms without /dev/crypto */ -- return; -+ /* This is a NOP on platforms without /dev/crypto */ -+ return; - } - --#else -- --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include -+#else -+ -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+# include - - struct dev_crypto_state { -- struct session_op d_sess; -- int d_fd; -+ struct session_op d_sess; -+ int d_fd; - }; - - static u_int32_t cryptodev_asymfeat = 0; -@@ -83,144 +82,173 @@ static int cryptodev_max_iv(int cipher); - static int cryptodev_key_length_valid(int cipher, int len); - static int cipher_nid_to_cryptodev(int nid); - static int get_cryptodev_ciphers(const int **cnids); --/*static int get_cryptodev_digests(const int **cnids);*/ -+/* -+ * static int get_cryptodev_digests(const int **cnids); -+ */ - static int cryptodev_usable_ciphers(const int **nids); - static int cryptodev_usable_digests(const int **nids); - static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl); -+ const unsigned char *in, unsigned int inl); - static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc); -+ const unsigned char *iv, int enc); - static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); - static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -- const int **nids, int nid); -+ const int **nids, int nid); - static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, -- const int **nids, int nid); -+ const int **nids, int nid); - static int bn2crparam(const BIGNUM *a, struct crparam *crp); - static int crparam2bn(struct crparam *crp, BIGNUM *a); - static void zapparams(struct crypt_kop *kop); - static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, -- int slen, BIGNUM *s); -+ int slen, BIGNUM *s); - - static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); --static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, -- RSA *rsa, BN_CTX *ctx); --static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx); -+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, -+ BN_CTX *ctx); -+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, -+ BN_CTX *ctx); - static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ const BIGNUM *p, const BIGNUM *m, -+ BN_CTX *ctx, BN_MONT_CTX *m_ctx); - static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, -- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, -- BN_CTX *ctx, BN_MONT_CTX *mont); --static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, -- int dlen, DSA *dsa); -+ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, -+ BIGNUM *p, BN_CTX *ctx, -+ BN_MONT_CTX *mont); -+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, -+ DSA *dsa); - static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, -- DSA_SIG *sig, DSA *dsa); -+ DSA_SIG *sig, DSA *dsa); - static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx); --static int cryptodev_dh_compute_key(unsigned char *key, -- const BIGNUM *pub_key, DH *dh); --static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, -- void (*f)()); -+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx); -+static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, -+ DH *dh); -+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ()); - void ENGINE_load_cryptodev(void); - - static const ENGINE_CMD_DEFN cryptodev_defns[] = { -- { 0, NULL, NULL, 0 } -+ {0, NULL, NULL, 0} - }; - - static struct { -- int id; -- int nid; -- int ivmax; -- int keylen; -+ int id; -+ int nid; -+ int ivmax; -+ int keylen; - } ciphers[] = { -- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, -- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, -- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, -- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, -- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, -- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, -- { 0, NID_undef, 0, 0, }, -+ { -+ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, -+ }, -+ { -+ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, -+ }, -+ { -+ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, -+ }, -+ { -+ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, -+ }, -+ { -+ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, -+ }, -+ { -+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, -+ }, -+ { -+ 0, NID_undef, 0, 0, -+ }, - }; - --#if 0 -+# if 0 - static struct { -- int id; -- int nid; -+ int id; -+ int nid; - } digests[] = { -- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, -- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, -- { CRYPTO_MD5_KPDK, NID_undef, }, -- { CRYPTO_SHA1_KPDK, NID_undef, }, -- { CRYPTO_MD5, NID_md5, }, -- { CRYPTO_SHA1, NID_undef, }, -- { 0, NID_undef, }, -+ { -+ CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, -+ }, -+ { -+ CRYPTO_RIPEMD160_HMAC, NID_ripemd160, -+ }, -+ { -+ CRYPTO_MD5_KPDK, NID_undef, -+ }, -+ { -+ CRYPTO_SHA1_KPDK, NID_undef, -+ }, -+ { -+ CRYPTO_MD5, NID_md5, -+ }, -+ { -+ CRYPTO_SHA1, NID_undef, -+ }, -+ { -+ 0, NID_undef, -+ }, - }; --#endif -+# endif - - /* - * Return a fd if /dev/crypto seems usable, 0 otherwise. - */ --static int --open_dev_crypto(void) -+static int open_dev_crypto(void) - { -- static int fd = -1; -- -- if (fd == -1) { -- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) -- return (-1); -- /* close on exec */ -- if (fcntl(fd, F_SETFD, 1) == -1) { -- close(fd); -- fd = -1; -- return (-1); -- } -- } -- return (fd); -+ static int fd = -1; -+ -+ if (fd == -1) { -+ if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) -+ return (-1); -+ /* close on exec */ -+ if (fcntl(fd, F_SETFD, 1) == -1) { -+ close(fd); -+ fd = -1; -+ return (-1); -+ } -+ } -+ return (fd); - } - --static int --get_dev_crypto(void) -+static int get_dev_crypto(void) - { -- int fd, retfd; -- -- if ((fd = open_dev_crypto()) == -1) -- return (-1); -- if (ioctl(fd, CRIOGET, &retfd) == -1) -- return (-1); -- -- /* close on exec */ -- if (fcntl(retfd, F_SETFD, 1) == -1) { -- close(retfd); -- return (-1); -- } -- return (retfd); -+ int fd, retfd; -+ -+ if ((fd = open_dev_crypto()) == -1) -+ return (-1); -+ if (ioctl(fd, CRIOGET, &retfd) == -1) -+ return (-1); -+ -+ /* close on exec */ -+ if (fcntl(retfd, F_SETFD, 1) == -1) { -+ close(retfd); -+ return (-1); -+ } -+ return (retfd); - } - - /* Caching version for asym operations */ --static int --get_asym_dev_crypto(void) -+static int get_asym_dev_crypto(void) - { -- static int fd = -1; -+ static int fd = -1; - -- if (fd == -1) -- fd = get_dev_crypto(); -- return fd; -+ if (fd == -1) -+ fd = get_dev_crypto(); -+ return fd; - } - - /* - * XXXX this needs to be set for each alg - and determined from - * a running card. - */ --static int --cryptodev_max_iv(int cipher) -+static int cryptodev_max_iv(int cipher) - { -- int i; -+ int i; - -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].id == cipher) -- return (ciphers[i].ivmax); -- return (0); -+ for (i = 0; ciphers[i].id; i++) -+ if (ciphers[i].id == cipher) -+ return (ciphers[i].ivmax); -+ return (0); - } - - /* -@@ -229,27 +257,25 @@ cryptodev_max_iv(int cipher) - * for real devices should return 1 for the supported key - * sizes the device can handle. - */ --static int --cryptodev_key_length_valid(int cipher, int len) -+static int cryptodev_key_length_valid(int cipher, int len) - { -- int i; -+ int i; - -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].id == cipher) -- return (ciphers[i].keylen == len); -- return (0); -+ for (i = 0; ciphers[i].id; i++) -+ if (ciphers[i].id == cipher) -+ return (ciphers[i].keylen == len); -+ return (0); - } - - /* convert libcrypto nids to cryptodev */ --static int --cipher_nid_to_cryptodev(int nid) -+static int cipher_nid_to_cryptodev(int nid) - { -- int i; -+ int i; - -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].nid == nid) -- return (ciphers[i].id); -- return (0); -+ for (i = 0; ciphers[i].id; i++) -+ if (ciphers[i].nid == nid) -+ return (ciphers[i].id); -+ return (0); - } - - /* -@@ -258,77 +284,75 @@ cipher_nid_to_cryptodev(int nid) - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_ciphers routine - */ --static int --get_cryptodev_ciphers(const int **cnids) -+static int get_cryptodev_ciphers(const int **cnids) - { -- static int nids[CRYPTO_ALGORITHM_MAX]; -- struct session_op sess; -- int fd, i, count = 0; -- -- if ((fd = get_dev_crypto()) < 0) { -- *cnids = NULL; -- return (0); -- } -- memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t)"123456781234567812345678"; -- -- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -- if (ciphers[i].nid == NID_undef) -- continue; -- sess.cipher = ciphers[i].id; -- sess.keylen = ciphers[i].keylen; -- sess.mac = 0; -- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && -- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -- nids[count++] = ciphers[i].nid; -- } -- close(fd); -- -- if (count > 0) -- *cnids = nids; -- else -- *cnids = NULL; -- return (count); -+ static int nids[CRYPTO_ALGORITHM_MAX]; -+ struct session_op sess; -+ int fd, i, count = 0; -+ -+ if ((fd = get_dev_crypto()) < 0) { -+ *cnids = NULL; -+ return (0); -+ } -+ memset(&sess, 0, sizeof(sess)); -+ sess.key = (caddr_t) "123456781234567812345678"; -+ -+ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -+ if (ciphers[i].nid == NID_undef) -+ continue; -+ sess.cipher = ciphers[i].id; -+ sess.keylen = ciphers[i].keylen; -+ sess.mac = 0; -+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && -+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -+ nids[count++] = ciphers[i].nid; -+ } -+ close(fd); -+ -+ if (count > 0) -+ *cnids = nids; -+ else -+ *cnids = NULL; -+ return (count); - } - --#if 0 /* unused */ -+# if 0 /* unused */ - /* - * Find out what digests /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_digests routine - */ --static int --get_cryptodev_digests(const int **cnids) -+static int get_cryptodev_digests(const int **cnids) - { -- static int nids[CRYPTO_ALGORITHM_MAX]; -- struct session_op sess; -- int fd, i, count = 0; -- -- if ((fd = get_dev_crypto()) < 0) { -- *cnids = NULL; -- return (0); -- } -- memset(&sess, 0, sizeof(sess)); -- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -- if (digests[i].nid == NID_undef) -- continue; -- sess.mac = digests[i].id; -- sess.cipher = 0; -- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && -- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -- nids[count++] = digests[i].nid; -- } -- close(fd); -- -- if (count > 0) -- *cnids = nids; -- else -- *cnids = NULL; -- return (count); -+ static int nids[CRYPTO_ALGORITHM_MAX]; -+ struct session_op sess; -+ int fd, i, count = 0; -+ -+ if ((fd = get_dev_crypto()) < 0) { -+ *cnids = NULL; -+ return (0); -+ } -+ memset(&sess, 0, sizeof(sess)); -+ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { -+ if (digests[i].nid == NID_undef) -+ continue; -+ sess.mac = digests[i].id; -+ sess.cipher = 0; -+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && -+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -+ nids[count++] = digests[i].nid; -+ } -+ close(fd); -+ -+ if (count > 0) -+ *cnids = nids; -+ else -+ *cnids = NULL; -+ return (count); - } - --#endif -+# endif - - /* - * Find the useable ciphers|digests from dev/crypto - this is the first -@@ -351,153 +375,150 @@ get_cryptodev_digests(const int **cnids) - * want most of the decisions made about what we actually want - * to use from /dev/crypto. - */ --static int --cryptodev_usable_ciphers(const int **nids) -+static int cryptodev_usable_ciphers(const int **nids) - { -- return (get_cryptodev_ciphers(nids)); -+ return (get_cryptodev_ciphers(nids)); - } - --static int --cryptodev_usable_digests(const int **nids) -+static int cryptodev_usable_digests(const int **nids) - { -- /* -- * XXXX just disable all digests for now, because it sucks. -- * we need a better way to decide this - i.e. I may not -- * want digests on slow cards like hifn on fast machines, -- * but might want them on slow or loaded machines, etc. -- * will also want them when using crypto cards that don't -- * suck moose gonads - would be nice to be able to decide something -- * as reasonable default without having hackery that's card dependent. -- * of course, the default should probably be just do everything, -- * with perhaps a sysctl to turn algoritms off (or have them off -- * by default) on cards that generally suck like the hifn. -- */ -- *nids = NULL; -- return (0); -+ /* -+ * XXXX just disable all digests for now, because it sucks. -+ * we need a better way to decide this - i.e. I may not -+ * want digests on slow cards like hifn on fast machines, -+ * but might want them on slow or loaded machines, etc. -+ * will also want them when using crypto cards that don't -+ * suck moose gonads - would be nice to be able to decide something -+ * as reasonable default without having hackery that's card dependent. -+ * of course, the default should probably be just do everything, -+ * with perhaps a sysctl to turn algoritms off (or have them off -+ * by default) on cards that generally suck like the hifn. -+ */ -+ *nids = NULL; -+ return (0); - } - - static int - cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- struct crypt_op cryp; -- struct dev_crypto_state *state = ctx->cipher_data; -- struct session_op *sess = &state->d_sess; -- const void *iiv; -- unsigned char save_iv[EVP_MAX_IV_LENGTH]; -- -- if (state->d_fd < 0) -- return (0); -- if (!inl) -- return (1); -- if ((inl % ctx->cipher->block_size) != 0) -- return (0); -- -- memset(&cryp, 0, sizeof(cryp)); -- -- cryp.ses = sess->ses; -- cryp.flags = 0; -- cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -- cryp.mac = 0; -- -- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -- -- if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -- if (!ctx->encrypt) { -- iiv = in + inl - ctx->cipher->iv_len; -- memcpy(save_iv, iiv, ctx->cipher->iv_len); -- } -- } else -- cryp.iv = NULL; -- -- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { -- /* XXX need better errror handling -- * this can fail for a number of different reasons. -- */ -- return (0); -- } -- -- if (ctx->cipher->iv_len) { -- if (ctx->encrypt) -- iiv = out + inl - ctx->cipher->iv_len; -- else -- iiv = save_iv; -- memcpy(ctx->iv, iiv, ctx->cipher->iv_len); -- } -- return (1); -+ struct crypt_op cryp; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ const void *iiv; -+ unsigned char save_iv[EVP_MAX_IV_LENGTH]; -+ -+ if (state->d_fd < 0) -+ return (0); -+ if (!inl) -+ return (1); -+ if ((inl % ctx->cipher->block_size) != 0) -+ return (0); -+ -+ memset(&cryp, 0, sizeof(cryp)); -+ -+ cryp.ses = sess->ses; -+ cryp.flags = 0; -+ cryp.len = inl; -+ cryp.src = (caddr_t) in; -+ cryp.dst = (caddr_t) out; -+ cryp.mac = 0; -+ -+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; -+ -+ if (ctx->cipher->iv_len) { -+ cryp.iv = (caddr_t) ctx->iv; -+ if (!ctx->encrypt) { -+ iiv = in + inl - ctx->cipher->iv_len; -+ memcpy(save_iv, iiv, ctx->cipher->iv_len); -+ } -+ } else -+ cryp.iv = NULL; -+ -+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { -+ /* -+ * XXX need better errror handling this can fail for a number of -+ * different reasons. -+ */ -+ return (0); -+ } -+ -+ if (ctx->cipher->iv_len) { -+ if (ctx->encrypt) -+ iiv = out + inl - ctx->cipher->iv_len; -+ else -+ iiv = save_iv; -+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); -+ } -+ return (1); - } - - static int - cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -+ const unsigned char *iv, int enc) - { -- struct dev_crypto_state *state = ctx->cipher_data; -- struct session_op *sess = &state->d_sess; -- int cipher; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ int cipher; - -- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) -- return (0); -+ if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) -+ return (0); - -- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) -- return (0); -+ if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) -+ return (0); - -- if (!cryptodev_key_length_valid(cipher, ctx->key_len)) -- return (0); -+ if (!cryptodev_key_length_valid(cipher, ctx->key_len)) -+ return (0); - -- memset(sess, 0, sizeof(struct session_op)); -+ memset(sess, 0, sizeof(struct session_op)); - -- if ((state->d_fd = get_dev_crypto()) < 0) -- return (0); -+ if ((state->d_fd = get_dev_crypto()) < 0) -+ return (0); - -- sess->key = (char *)key; -- sess->keylen = ctx->key_len; -- sess->cipher = cipher; -+ sess->key = (char *)key; -+ sess->keylen = ctx->key_len; -+ sess->cipher = cipher; - -- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -- close(state->d_fd); -- state->d_fd = -1; -- return (0); -- } -- return (1); -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -+ close(state->d_fd); -+ state->d_fd = -1; -+ return (0); -+ } -+ return (1); - } - - /* - * free anything we allocated earlier when initting a - * session, and close the session. - */ --static int --cryptodev_cleanup(EVP_CIPHER_CTX *ctx) -+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) - { -- int ret = 0; -- struct dev_crypto_state *state = ctx->cipher_data; -- struct session_op *sess = &state->d_sess; -- -- if (state->d_fd < 0) -- return (0); -- -- /* XXX if this ioctl fails, someting's wrong. the invoker -- * may have called us with a bogus ctx, or we could -- * have a device that for whatever reason just doesn't -- * want to play ball - it's not clear what's right -- * here - should this be an error? should it just -- * increase a counter, hmm. For right now, we return -- * 0 - I don't believe that to be "right". we could -- * call the gorpy openssl lib error handlers that -- * print messages to users of the library. hmm.. -- */ -- -- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { -- ret = 0; -- } else { -- ret = 1; -- } -- close(state->d_fd); -- state->d_fd = -1; -- -- return (ret); -+ int ret = 0; -+ struct dev_crypto_state *state = ctx->cipher_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if (state->d_fd < 0) -+ return (0); -+ -+ /* -+ * XXX if this ioctl fails, someting's wrong. the invoker may have called -+ * us with a bogus ctx, or we could have a device that for whatever -+ * reason just doesn't want to play ball - it's not clear what's right -+ * here - should this be an error? should it just increase a counter, -+ * hmm. For right now, we return 0 - I don't believe that to be "right". -+ * we could call the gorpy openssl lib error handlers that print messages -+ * to users of the library. hmm.. -+ */ -+ -+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { -+ ret = 0; -+ } else { -+ ret = 1; -+ } -+ close(state->d_fd); -+ state->d_fd = -1; -+ -+ return (ret); - } - - /* -@@ -507,69 +528,69 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) - - /* DES CBC EVP */ - const EVP_CIPHER cryptodev_des_cbc = { -- NID_des_cbc, -- 8, 8, 8, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_des_cbc, -+ 8, 8, 8, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - /* 3DES CBC EVP */ - const EVP_CIPHER cryptodev_3des_cbc = { -- NID_des_ede3_cbc, -- 8, 24, 8, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_des_ede3_cbc, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - const EVP_CIPHER cryptodev_bf_cbc = { -- NID_bf_cbc, -- 8, 16, 8, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_bf_cbc, -+ 8, 16, 8, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - const EVP_CIPHER cryptodev_cast_cbc = { -- NID_cast5_cbc, -- 8, 16, 8, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_cast5_cbc, -+ 8, 16, 8, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - const EVP_CIPHER cryptodev_aes_cbc = { -- NID_aes_128_cbc, -- 16, 16, 16, -- EVP_CIPH_CBC_MODE, -- cryptodev_init_key, -- cryptodev_cipher, -- cryptodev_cleanup, -- sizeof(struct dev_crypto_state), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL -+ NID_aes_128_cbc, -+ 16, 16, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL - }; - - /* -@@ -579,50 +600,50 @@ const EVP_CIPHER cryptodev_aes_cbc = { - */ - static int - cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -- const int **nids, int nid) -+ const int **nids, int nid) - { -- if (!cipher) -- return (cryptodev_usable_ciphers(nids)); -- -- switch (nid) { -- case NID_des_ede3_cbc: -- *cipher = &cryptodev_3des_cbc; -- break; -- case NID_des_cbc: -- *cipher = &cryptodev_des_cbc; -- break; -- case NID_bf_cbc: -- *cipher = &cryptodev_bf_cbc; -- break; -- case NID_cast5_cbc: -- *cipher = &cryptodev_cast_cbc; -- break; -- case NID_aes_128_cbc: -- *cipher = &cryptodev_aes_cbc; -- break; -- default: -- *cipher = NULL; -- break; -- } -- return (*cipher != NULL); -+ if (!cipher) -+ return (cryptodev_usable_ciphers(nids)); -+ -+ switch (nid) { -+ case NID_des_ede3_cbc: -+ *cipher = &cryptodev_3des_cbc; -+ break; -+ case NID_des_cbc: -+ *cipher = &cryptodev_des_cbc; -+ break; -+ case NID_bf_cbc: -+ *cipher = &cryptodev_bf_cbc; -+ break; -+ case NID_cast5_cbc: -+ *cipher = &cryptodev_cast_cbc; -+ break; -+ case NID_aes_128_cbc: -+ *cipher = &cryptodev_aes_cbc; -+ break; -+ default: -+ *cipher = NULL; -+ break; -+ } -+ return (*cipher != NULL); - } - - static int - cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, -- const int **nids, int nid) -+ const int **nids, int nid) - { -- if (!digest) -- return (cryptodev_usable_digests(nids)); -- -- switch (nid) { -- case NID_md5: -- *digest = NULL; /* need to make a clean md5 critter */ -- break; -- default: -- *digest = NULL; -- break; -- } -- return (*digest != NULL); -+ if (!digest) -+ return (cryptodev_usable_digests(nids)); -+ -+ switch (nid) { -+ case NID_md5: -+ *digest = NULL; /* need to make a clean md5 critter */ -+ break; -+ default: -+ *digest = NULL; -+ break; -+ } -+ return (*digest != NULL); - } - - /* -@@ -630,527 +651,525 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - * Upon completion of use, the caller is responsible for freeing - * crp->crp_p. - */ --static int --bn2crparam(const BIGNUM *a, struct crparam *crp) -+static int bn2crparam(const BIGNUM *a, struct crparam *crp) - { -- int i, j, k; -- ssize_t bytes, bits; -- u_char *b; -- -- crp->crp_p = NULL; -- crp->crp_nbits = 0; -- -- bits = BN_num_bits(a); -- bytes = (bits + 7) / 8; -- -- b = malloc(bytes); -- if (b == NULL) -- return (1); -- -- crp->crp_p = (char *)b; -- crp->crp_nbits = bits; -- -- for (i = 0, j = 0; i < a->top; i++) { -- for (k = 0; k < BN_BITS2 / 8; k++) { -- if ((j + k) >= bytes) -- return (0); -- b[j + k] = a->d[i] >> (k * 8); -- } -- j += BN_BITS2 / 8; -- } -- return (0); -+ int i, j, k; -+ ssize_t bytes, bits; -+ u_char *b; -+ -+ crp->crp_p = NULL; -+ crp->crp_nbits = 0; -+ -+ bits = BN_num_bits(a); -+ bytes = (bits + 7) / 8; -+ -+ b = malloc(bytes); -+ if (b == NULL) -+ return (1); -+ -+ crp->crp_p = (char *)b; -+ crp->crp_nbits = bits; -+ -+ for (i = 0, j = 0; i < a->top; i++) { -+ for (k = 0; k < BN_BITS2 / 8; k++) { -+ if ((j + k) >= bytes) -+ return (0); -+ b[j + k] = a->d[i] >> (k * 8); -+ } -+ j += BN_BITS2 / 8; -+ } -+ return (0); - } - - /* Convert a /dev/crypto parameter to a BIGNUM */ --static int --crparam2bn(struct crparam *crp, BIGNUM *a) -+static int crparam2bn(struct crparam *crp, BIGNUM *a) - { -- u_int8_t *pd; -- int i, bytes; -+ u_int8_t *pd; -+ int i, bytes; - -- bytes = (crp->crp_nbits + 7) / 8; -+ bytes = (crp->crp_nbits + 7) / 8; - -- if (bytes == 0) -- return (-1); -+ if (bytes == 0) -+ return (-1); - -- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) -- return (-1); -+ if ((pd = (u_int8_t *) malloc(bytes)) == NULL) -+ return (-1); - -- for (i = 0; i < bytes; i++) -- pd[i] = crp->crp_p[bytes - i - 1]; -+ for (i = 0; i < bytes; i++) -+ pd[i] = crp->crp_p[bytes - i - 1]; - -- BN_bin2bn(pd, bytes, a); -- free(pd); -+ BN_bin2bn(pd, bytes, a); -+ free(pd); - -- return (0); -+ return (0); - } - --static void --zapparams(struct crypt_kop *kop) -+static void zapparams(struct crypt_kop *kop) - { -- int i; -- -- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { -- if (kop->crk_param[i].crp_p) -- free(kop->crk_param[i].crp_p); -- kop->crk_param[i].crp_p = NULL; -- kop->crk_param[i].crp_nbits = 0; -- } -+ int i; -+ -+ for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { -+ if (kop->crk_param[i].crp_p) -+ free(kop->crk_param[i].crp_p); -+ kop->crk_param[i].crp_p = NULL; -+ kop->crk_param[i].crp_nbits = 0; -+ } - } - - static int --cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) -+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, -+ BIGNUM *s) - { -- int fd, ret = -1; -- -- if ((fd = get_asym_dev_crypto()) < 0) -- return (ret); -- -- if (r) { -- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); -- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; -- kop->crk_oparams++; -- } -- if (s) { -- kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); -- kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; -- kop->crk_oparams++; -- } -- -- if (ioctl(fd, CIOCKEY, kop) == 0) { -- if (r) -- crparam2bn(&kop->crk_param[kop->crk_iparams], r); -- if (s) -- crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); -- ret = 0; -- } -- -- return (ret); -+ int fd, ret = -1; -+ -+ if ((fd = get_asym_dev_crypto()) < 0) -+ return (ret); -+ -+ if (r) { -+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); -+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; -+ kop->crk_oparams++; -+ } -+ if (s) { -+ kop->crk_param[kop->crk_iparams + 1].crp_p = -+ calloc(slen, sizeof(char)); -+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; -+ kop->crk_oparams++; -+ } -+ -+ if (ioctl(fd, CIOCKEY, kop) == 0) { -+ if (r) -+ crparam2bn(&kop->crk_param[kop->crk_iparams], r); -+ if (s) -+ crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s); -+ ret = 0; -+ } -+ -+ return (ret); - } - - static int - cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) - { -- struct crypt_kop kop; -- int ret = 1; -- -- /* Currently, we know we can do mod exp iff we can do any -- * asymmetric operations at all. -- */ -- if (cryptodev_asymfeat == 0) { -- ret = BN_mod_exp(r, a, p, m, ctx); -- return (ret); -- } -- -- memset(&kop, 0, sizeof kop); -- kop.crk_op = CRK_MOD_EXP; -- -- /* inputs: a^p % m */ -- if (bn2crparam(a, &kop.crk_param[0])) -- goto err; -- if (bn2crparam(p, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(m, &kop.crk_param[2])) -- goto err; -- kop.crk_iparams = 3; -- -- if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { -- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -- printf("OCF asym process failed, Running in software\n"); -- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); -- -- } else if (ECANCELED == kop.crk_status) { -- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -- printf("OCF hardware operation cancelled. Running in Software\n"); -- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); -- } -- /* else cryptodev operation worked ok ==> ret = 1*/ -- --err: -- zapparams(&kop); -- return (ret); -+ struct crypt_kop kop; -+ int ret = 1; -+ -+ /* -+ * Currently, we know we can do mod exp iff we can do any asymmetric -+ * operations at all. -+ */ -+ if (cryptodev_asymfeat == 0) { -+ ret = BN_mod_exp(r, a, p, m, ctx); -+ return (ret); -+ } -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_MOD_EXP; -+ -+ /* inputs: a^p % m */ -+ if (bn2crparam(a, &kop.crk_param[0])) -+ goto err; -+ if (bn2crparam(p, &kop.crk_param[1])) -+ goto err; -+ if (bn2crparam(m, &kop.crk_param[2])) -+ goto err; -+ kop.crk_iparams = 3; -+ -+ if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ printf("OCF asym process failed, Running in software\n"); -+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); -+ -+ } else if (ECANCELED == kop.crk_status) { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ printf("OCF hardware operation cancelled. Running in Software\n"); -+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); -+ } -+ /* else cryptodev operation worked ok ==> ret = 1 */ -+ -+ err: -+ zapparams(&kop); -+ return (ret); - } - - static int --cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, -+ BN_CTX *ctx) - { -- int r; -+ int r; - -- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); -- return (r); -+ r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); -+ return (r); - } - - static int - cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { -- struct crypt_kop kop; -- int ret = 1; -- -- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { -- /* XXX 0 means failure?? */ -- return (0); -- } -- -- memset(&kop, 0, sizeof kop); -- kop.crk_op = CRK_MOD_EXP_CRT; -- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ -- if (bn2crparam(rsa->p, &kop.crk_param[0])) -- goto err; -- if (bn2crparam(rsa->q, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(I, &kop.crk_param[2])) -- goto err; -- if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) -- goto err; -- if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) -- goto err; -- if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) -- goto err; -- kop.crk_iparams = 6; -- -- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { -- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -- printf("OCF asym process failed, running in Software\n"); -- ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); -- -- } else if (ECANCELED == kop.crk_status) { -- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -- printf("OCF hardware operation cancelled. Running in Software\n"); -- ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); -- } -- /* else cryptodev operation worked ok ==> ret = 1*/ -- --err: -- zapparams(&kop); -- return (ret); -+ struct crypt_kop kop; -+ int ret = 1; -+ -+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { -+ /* XXX 0 means failure?? */ -+ return (0); -+ } -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_MOD_EXP_CRT; -+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ -+ if (bn2crparam(rsa->p, &kop.crk_param[0])) -+ goto err; -+ if (bn2crparam(rsa->q, &kop.crk_param[1])) -+ goto err; -+ if (bn2crparam(I, &kop.crk_param[2])) -+ goto err; -+ if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) -+ goto err; -+ if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) -+ goto err; -+ if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) -+ goto err; -+ kop.crk_iparams = 6; -+ -+ if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ printf("OCF asym process failed, running in Software\n"); -+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); -+ -+ } else if (ECANCELED == kop.crk_status) { -+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ printf("OCF hardware operation cancelled. Running in Software\n"); -+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); -+ } -+ /* else cryptodev operation worked ok ==> ret = 1 */ -+ -+ err: -+ zapparams(&kop); -+ return (ret); - } - - static RSA_METHOD cryptodev_rsa = { -- "cryptodev RSA method", -- NULL, /* rsa_pub_enc */ -- NULL, /* rsa_pub_dec */ -- NULL, /* rsa_priv_enc */ -- NULL, /* rsa_priv_dec */ -- NULL, -- NULL, -- NULL, /* init */ -- NULL, /* finish */ -- 0, /* flags */ -- NULL, /* app_data */ -- NULL, /* rsa_sign */ -- NULL /* rsa_verify */ -+ "cryptodev RSA method", -+ NULL, /* rsa_pub_enc */ -+ NULL, /* rsa_pub_dec */ -+ NULL, /* rsa_priv_enc */ -+ NULL, /* rsa_priv_dec */ -+ NULL, -+ NULL, -+ NULL, /* init */ -+ NULL, /* finish */ -+ 0, /* flags */ -+ NULL, /* app_data */ -+ NULL, /* rsa_sign */ -+ NULL /* rsa_verify */ - }; - - static int - cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { -- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -+ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); - } - - static int - cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, -- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, -- BN_CTX *ctx, BN_MONT_CTX *mont) -+ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, -+ BN_CTX *ctx, BN_MONT_CTX *mont) - { -- BIGNUM t2; -- int ret = 0; -+ BIGNUM t2; -+ int ret = 0; - -- BN_init(&t2); -+ BN_init(&t2); - -- /* v = ( g^u1 * y^u2 mod p ) mod q */ -- /* let t1 = g ^ u1 mod p */ -- ret = 0; -+ /* v = ( g^u1 * y^u2 mod p ) mod q */ -+ /* let t1 = g ^ u1 mod p */ -+ ret = 0; - -- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) -- goto err; -+ if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont)) -+ goto err; - -- /* let t2 = y ^ u2 mod p */ -- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) -- goto err; -- /* let u1 = t1 * t2 mod p */ -- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) -- goto err; -+ /* let t2 = y ^ u2 mod p */ -+ if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont)) -+ goto err; -+ /* let u1 = t1 * t2 mod p */ -+ if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx)) -+ goto err; - -- BN_copy(t1,u1); -+ BN_copy(t1, u1); - -- ret = 1; --err: -- BN_free(&t2); -- return(ret); -+ ret = 1; -+ err: -+ BN_free(&t2); -+ return (ret); - } - --static DSA_SIG * --cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, -+ DSA *dsa) - { -- struct crypt_kop kop; -- BIGNUM *r = NULL, *s = NULL; -- DSA_SIG *dsaret = NULL; -- -- if ((r = BN_new()) == NULL) -- goto err; -- if ((s = BN_new()) == NULL) { -- BN_free(r); -- goto err; -- } -- -- memset(&kop, 0, sizeof kop); -- kop.crk_op = CRK_DSA_SIGN; -- -- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -- kop.crk_param[0].crp_nbits = dlen * 8; -- if (bn2crparam(dsa->p, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(dsa->q, &kop.crk_param[2])) -- goto err; -- if (bn2crparam(dsa->g, &kop.crk_param[3])) -- goto err; -- if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) -- goto err; -- kop.crk_iparams = 5; -- -- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, -- BN_num_bytes(dsa->q), s) == 0) { -- dsaret = DSA_SIG_new(); -- dsaret->r = r; -- dsaret->s = s; -- } else { -- const DSA_METHOD *meth = DSA_OpenSSL(); -- BN_free(r); -- BN_free(s); -- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); -- } --err: -- kop.crk_param[0].crp_p = NULL; -- zapparams(&kop); -- return (dsaret); -+ struct crypt_kop kop; -+ BIGNUM *r = NULL, *s = NULL; -+ DSA_SIG *dsaret = NULL; -+ -+ if ((r = BN_new()) == NULL) -+ goto err; -+ if ((s = BN_new()) == NULL) { -+ BN_free(r); -+ goto err; -+ } -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_DSA_SIGN; -+ -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -+ kop.crk_param[0].crp_p = (caddr_t) dgst; -+ kop.crk_param[0].crp_nbits = dlen * 8; -+ if (bn2crparam(dsa->p, &kop.crk_param[1])) -+ goto err; -+ if (bn2crparam(dsa->q, &kop.crk_param[2])) -+ goto err; -+ if (bn2crparam(dsa->g, &kop.crk_param[3])) -+ goto err; -+ if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) -+ goto err; -+ kop.crk_iparams = 5; -+ -+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, -+ BN_num_bytes(dsa->q), s) == 0) { -+ dsaret = DSA_SIG_new(); -+ dsaret->r = r; -+ dsaret->s = s; -+ } else { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ BN_free(r); -+ BN_free(s); -+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); -+ } -+ err: -+ kop.crk_param[0].crp_p = NULL; -+ zapparams(&kop); -+ return (dsaret); - } - - static int - cryptodev_dsa_verify(const unsigned char *dgst, int dlen, -- DSA_SIG *sig, DSA *dsa) -+ DSA_SIG *sig, DSA *dsa) - { -- struct crypt_kop kop; -- int dsaret = 1; -- -- memset(&kop, 0, sizeof kop); -- kop.crk_op = CRK_DSA_VERIFY; -- -- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -- kop.crk_param[0].crp_nbits = dlen * 8; -- if (bn2crparam(dsa->p, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(dsa->q, &kop.crk_param[2])) -- goto err; -- if (bn2crparam(dsa->g, &kop.crk_param[3])) -- goto err; -- if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) -- goto err; -- if (bn2crparam(sig->r, &kop.crk_param[5])) -- goto err; -- if (bn2crparam(sig->s, &kop.crk_param[6])) -- goto err; -- kop.crk_iparams = 7; -- -- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { --/*OCF success value is 0, if not zero, change dsaret to fail*/ -- if(0 != kop.crk_status) dsaret = 0; -- } else { -- const DSA_METHOD *meth = DSA_OpenSSL(); -- -- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); -- } --err: -- kop.crk_param[0].crp_p = NULL; -- zapparams(&kop); -- return (dsaret); -+ struct crypt_kop kop; -+ int dsaret = 1; -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_DSA_VERIFY; -+ -+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -+ kop.crk_param[0].crp_p = (caddr_t) dgst; -+ kop.crk_param[0].crp_nbits = dlen * 8; -+ if (bn2crparam(dsa->p, &kop.crk_param[1])) -+ goto err; -+ if (bn2crparam(dsa->q, &kop.crk_param[2])) -+ goto err; -+ if (bn2crparam(dsa->g, &kop.crk_param[3])) -+ goto err; -+ if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) -+ goto err; -+ if (bn2crparam(sig->r, &kop.crk_param[5])) -+ goto err; -+ if (bn2crparam(sig->s, &kop.crk_param[6])) -+ goto err; -+ kop.crk_iparams = 7; -+ -+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -+ /* -+ * OCF success value is 0, if not zero, change dsaret to fail -+ */ -+ if (0 != kop.crk_status) -+ dsaret = 0; -+ } else { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); -+ } -+ err: -+ kop.crk_param[0].crp_p = NULL; -+ zapparams(&kop); -+ return (dsaret); - } - - static DSA_METHOD cryptodev_dsa = { -- "cryptodev DSA method", -- NULL, -- NULL, /* dsa_sign_setup */ -- NULL, -- NULL, /* dsa_mod_exp */ -- NULL, -- NULL, /* init */ -- NULL, /* finish */ -- 0, /* flags */ -- NULL /* app_data */ -+ "cryptodev DSA method", -+ NULL, -+ NULL, /* dsa_sign_setup */ -+ NULL, -+ NULL, /* dsa_mod_exp */ -+ NULL, -+ NULL, /* init */ -+ NULL, /* finish */ -+ 0, /* flags */ -+ NULL /* app_data */ - }; - - static int - cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, -- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -- BN_MONT_CTX *m_ctx) -+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -+ BN_MONT_CTX *m_ctx) - { -- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -+ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); - } - - static int - cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { -- struct crypt_kop kop; -- int dhret = 1; -- int fd, keylen; -- -- if ((fd = get_asym_dev_crypto()) < 0) { -- const DH_METHOD *meth = DH_OpenSSL(); -- -- return ((meth->compute_key)(key, pub_key, dh)); -- } -- -- keylen = BN_num_bits(dh->p); -- -- memset(&kop, 0, sizeof kop); -- kop.crk_op = CRK_DH_COMPUTE_KEY; -- -- /* inputs: dh->priv_key pub_key dh->p key */ -- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) -- goto err; -- if (bn2crparam(pub_key, &kop.crk_param[1])) -- goto err; -- if (bn2crparam(dh->p, &kop.crk_param[2])) -- goto err; -- kop.crk_iparams = 3; -- -- kop.crk_param[3].crp_p = (char *)key; -- kop.crk_param[3].crp_nbits = keylen * 8; -- kop.crk_oparams = 1; -- -- if (ioctl(fd, CIOCKEY, &kop) == -1) { -- const DH_METHOD *meth = DH_OpenSSL(); -- -- dhret = (meth->compute_key)(key, pub_key, dh); -- } --err: -- kop.crk_param[3].crp_p = NULL; -- zapparams(&kop); -- return (dhret); -+ struct crypt_kop kop; -+ int dhret = 1; -+ int fd, keylen; -+ -+ if ((fd = get_asym_dev_crypto()) < 0) { -+ const DH_METHOD *meth = DH_OpenSSL(); -+ -+ return ((meth->compute_key) (key, pub_key, dh)); -+ } -+ -+ keylen = BN_num_bits(dh->p); -+ -+ memset(&kop, 0, sizeof kop); -+ kop.crk_op = CRK_DH_COMPUTE_KEY; -+ -+ /* inputs: dh->priv_key pub_key dh->p key */ -+ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) -+ goto err; -+ if (bn2crparam(pub_key, &kop.crk_param[1])) -+ goto err; -+ if (bn2crparam(dh->p, &kop.crk_param[2])) -+ goto err; -+ kop.crk_iparams = 3; -+ -+ kop.crk_param[3].crp_p = (char *)key; -+ kop.crk_param[3].crp_nbits = keylen * 8; -+ kop.crk_oparams = 1; -+ -+ if (ioctl(fd, CIOCKEY, &kop) == -1) { -+ const DH_METHOD *meth = DH_OpenSSL(); -+ -+ dhret = (meth->compute_key) (key, pub_key, dh); -+ } -+ err: -+ kop.crk_param[3].crp_p = NULL; -+ zapparams(&kop); -+ return (dhret); - } - - static DH_METHOD cryptodev_dh = { -- "cryptodev DH method", -- NULL, /* cryptodev_dh_generate_key */ -- NULL, -- NULL, -- NULL, -- NULL, -- 0, /* flags */ -- NULL /* app_data */ -+ "cryptodev DH method", -+ NULL, /* cryptodev_dh_generate_key */ -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ 0, /* flags */ -+ NULL /* app_data */ - }; - - /* - * ctrl right now is just a wrapper that doesn't do much - * but I expect we'll want some options soon. - */ --static int --cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) -+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ()) - { --#ifdef HAVE_SYSLOG_R -- struct syslog_data sd = SYSLOG_DATA_INIT; --#endif -+# ifdef HAVE_SYSLOG_R -+ struct syslog_data sd = SYSLOG_DATA_INIT; -+# endif - -- switch (cmd) { -- default: --#ifdef HAVE_SYSLOG_R -- syslog_r(LOG_ERR, &sd, -- "cryptodev_ctrl: unknown command %d", cmd); --#else -- syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); --#endif -- break; -- } -- return (1); -+ switch (cmd) { -+ default: -+# ifdef HAVE_SYSLOG_R -+ syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); -+# else -+ syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); -+# endif -+ break; -+ } -+ return (1); - } - --void --ENGINE_load_cryptodev(void) -+void ENGINE_load_cryptodev(void) - { -- ENGINE *engine = ENGINE_new(); -- int fd; -- -- if (engine == NULL) -- return; -- if ((fd = get_dev_crypto()) < 0) { -- ENGINE_free(engine); -- return; -- } -- -- /* -- * find out what asymmetric crypto algorithms we support -- */ -- if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { -- close(fd); -- ENGINE_free(engine); -- return; -- } -- close(fd); -- -- if (!ENGINE_set_id(engine, "cryptodev") || -- !ENGINE_set_name(engine, "BSD cryptodev engine") || -- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || -- !ENGINE_set_digests(engine, cryptodev_engine_digests) || -- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || -- !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { -- ENGINE_free(engine); -- return; -- } -- -- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { -- const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); -- -- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; -- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; -- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; -- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; -- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; -- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; -- if (cryptodev_asymfeat & CRF_MOD_EXP) { -- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; -- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) -- cryptodev_rsa.rsa_mod_exp = -- cryptodev_rsa_mod_exp; -- else -- cryptodev_rsa.rsa_mod_exp = -- cryptodev_rsa_nocrt_mod_exp; -- } -- } -- -- if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { -- const DSA_METHOD *meth = DSA_OpenSSL(); -- -- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); -- if (cryptodev_asymfeat & CRF_DSA_SIGN) -- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; -- if (cryptodev_asymfeat & CRF_MOD_EXP) { -- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; -- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; -- } -- if (cryptodev_asymfeat & CRF_DSA_VERIFY) -- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; -- } -- -- if (ENGINE_set_DH(engine, &cryptodev_dh)){ -- const DH_METHOD *dh_meth = DH_OpenSSL(); -- -- cryptodev_dh.generate_key = dh_meth->generate_key; -- cryptodev_dh.compute_key = dh_meth->compute_key; -- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; -- if (cryptodev_asymfeat & CRF_MOD_EXP) { -- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; -- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) -- cryptodev_dh.compute_key = -- cryptodev_dh_compute_key; -- } -- } -- -- ENGINE_add(engine); -- ENGINE_free(engine); -- ERR_clear_error(); -+ ENGINE *engine = ENGINE_new(); -+ int fd; -+ -+ if (engine == NULL) -+ return; -+ if ((fd = get_dev_crypto()) < 0) { -+ ENGINE_free(engine); -+ return; -+ } -+ -+ /* -+ * find out what asymmetric crypto algorithms we support -+ */ -+ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { -+ close(fd); -+ ENGINE_free(engine); -+ return; -+ } -+ close(fd); -+ -+ if (!ENGINE_set_id(engine, "cryptodev") || -+ !ENGINE_set_name(engine, "BSD cryptodev engine") || -+ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || -+ !ENGINE_set_digests(engine, cryptodev_engine_digests) || -+ !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || -+ !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { -+ ENGINE_free(engine); -+ return; -+ } -+ -+ if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { -+ const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); -+ -+ cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; -+ cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; -+ cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; -+ cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; -+ cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; -+ cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; -+ if (cryptodev_asymfeat & CRF_MOD_EXP) { -+ cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; -+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) -+ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; -+ else -+ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; -+ } -+ } -+ -+ if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { -+ const DSA_METHOD *meth = DSA_OpenSSL(); -+ -+ memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); -+ if (cryptodev_asymfeat & CRF_DSA_SIGN) -+ cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; -+ if (cryptodev_asymfeat & CRF_MOD_EXP) { -+ cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; -+ cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; -+ } -+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) -+ cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; -+ } -+ -+ if (ENGINE_set_DH(engine, &cryptodev_dh)) { -+ const DH_METHOD *dh_meth = DH_OpenSSL(); -+ -+ cryptodev_dh.generate_key = dh_meth->generate_key; -+ cryptodev_dh.compute_key = dh_meth->compute_key; -+ cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; -+ if (cryptodev_asymfeat & CRF_MOD_EXP) { -+ cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; -+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) -+ cryptodev_dh.compute_key = cryptodev_dh_compute_key; -+ } -+ } -+ -+ ENGINE_add(engine); -+ ENGINE_free(engine); -+ ERR_clear_error(); - } - --#endif /* HAVE_CRYPTODEV */ -+#endif /* HAVE_CRYPTODEV */ -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c -index 5ce25d9..e6c0dfb 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -55,335 +55,331 @@ - - #include "eng_int.h" - --/* When querying a ENGINE-specific control command's 'description', this string -- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ -+/* -+ * When querying a ENGINE-specific control command's 'description', this -+ * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. -+ */ - static const char *int_no_description = ""; - --/* These internal functions handle 'CMD'-related control commands when the -+/* -+ * These internal functions handle 'CMD'-related control commands when the - * ENGINE in question has asked us to take care of it (ie. the ENGINE did not -- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */ -+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. -+ */ - - static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) -- { -- if((defn->cmd_num == 0) || (defn->cmd_name == NULL)) -- return 1; -- return 0; -- } -+{ -+ if ((defn->cmd_num == 0) || (defn->cmd_name == NULL)) -+ return 1; -+ return 0; -+} - - static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) -- { -- int idx = 0; -- while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) -- { -- idx++; -- defn++; -- } -- if(int_ctrl_cmd_is_null(defn)) -- /* The given name wasn't found */ -- return -1; -- return idx; -- } -+{ -+ int idx = 0; -+ while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) { -+ idx++; -+ defn++; -+ } -+ if (int_ctrl_cmd_is_null(defn)) -+ /* The given name wasn't found */ -+ return -1; -+ return idx; -+} - - static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) -- { -- int idx = 0; -- /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So -- * our searches don't need to take any longer than necessary. */ -- while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) -- { -- idx++; -- defn++; -- } -- if(defn->cmd_num == num) -- return idx; -- /* The given cmd_num wasn't found */ -- return -1; -- } -+{ -+ int idx = 0; -+ /* -+ * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So -+ * our searches don't need to take any longer than necessary. -+ */ -+ while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) { -+ idx++; -+ defn++; -+ } -+ if (defn->cmd_num == num) -+ return idx; -+ /* The given cmd_num wasn't found */ -+ return -1; -+} - - static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, -- void (*f)(void)) -- { -- int idx; -- char *s = (char *)p; -- /* Take care of the easy one first (eg. it requires no searches) */ -- if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) -- { -- if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) -- return 0; -- return e->cmd_defns->cmd_num; -- } -- /* One or two commands require that "p" be a valid string buffer */ -- if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || -- (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || -- (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) -- { -- if(s == NULL) -- { -- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, -- ERR_R_PASSED_NULL_PARAMETER); -- return -1; -- } -- } -- /* Now handle cmd_name -> cmd_num conversion */ -- if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) -- { -- if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name( -- e->cmd_defns, s)) < 0)) -- { -- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, -- ENGINE_R_INVALID_CMD_NAME); -- return -1; -- } -- return e->cmd_defns[idx].cmd_num; -- } -- /* For the rest of the commands, the 'long' argument must specify a -- * valie command number - so we need to conduct a search. */ -- if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, -- (unsigned int)i)) < 0)) -- { -- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, -- ENGINE_R_INVALID_CMD_NUMBER); -- return -1; -- } -- /* Now the logic splits depending on command type */ -- switch(cmd) -- { -- case ENGINE_CTRL_GET_NEXT_CMD_TYPE: -- idx++; -- if(int_ctrl_cmd_is_null(e->cmd_defns + idx)) -- /* end-of-list */ -- return 0; -- else -- return e->cmd_defns[idx].cmd_num; -- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: -- return strlen(e->cmd_defns[idx].cmd_name); -- case ENGINE_CTRL_GET_NAME_FROM_CMD: -- return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1, -- "%s", e->cmd_defns[idx].cmd_name); -- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: -- if(e->cmd_defns[idx].cmd_desc) -- return strlen(e->cmd_defns[idx].cmd_desc); -- return strlen(int_no_description); -- case ENGINE_CTRL_GET_DESC_FROM_CMD: -- if(e->cmd_defns[idx].cmd_desc) -- return BIO_snprintf(s, -- strlen(e->cmd_defns[idx].cmd_desc) + 1, -- "%s", e->cmd_defns[idx].cmd_desc); -- return BIO_snprintf(s, strlen(int_no_description) + 1,"%s", -- int_no_description); -- case ENGINE_CTRL_GET_CMD_FLAGS: -- return e->cmd_defns[idx].cmd_flags; -- } -- /* Shouldn't really be here ... */ -- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR); -- return -1; -- } -+ void (*f) (void)) -+{ -+ int idx; -+ char *s = (char *)p; -+ /* Take care of the easy one first (eg. it requires no searches) */ -+ if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) { -+ if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) -+ return 0; -+ return e->cmd_defns->cmd_num; -+ } -+ /* One or two commands require that "p" be a valid string buffer */ -+ if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || -+ (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || -+ (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) { -+ if (s == NULL) { -+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER); -+ return -1; -+ } -+ } -+ /* Now handle cmd_name -> cmd_num conversion */ -+ if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) { -+ if ((e->cmd_defns == NULL) -+ || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) { -+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME); -+ return -1; -+ } -+ return e->cmd_defns[idx].cmd_num; -+ } -+ /* -+ * For the rest of the commands, the 'long' argument must specify a valie -+ * command number - so we need to conduct a search. -+ */ -+ if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, -+ (unsigned int) -+ i)) < 0)) { -+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER); -+ return -1; -+ } -+ /* Now the logic splits depending on command type */ -+ switch (cmd) { -+ case ENGINE_CTRL_GET_NEXT_CMD_TYPE: -+ idx++; -+ if (int_ctrl_cmd_is_null(e->cmd_defns + idx)) -+ /* end-of-list */ -+ return 0; -+ else -+ return e->cmd_defns[idx].cmd_num; -+ case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: -+ return strlen(e->cmd_defns[idx].cmd_name); -+ case ENGINE_CTRL_GET_NAME_FROM_CMD: -+ return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1, -+ "%s", e->cmd_defns[idx].cmd_name); -+ case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: -+ if (e->cmd_defns[idx].cmd_desc) -+ return strlen(e->cmd_defns[idx].cmd_desc); -+ return strlen(int_no_description); -+ case ENGINE_CTRL_GET_DESC_FROM_CMD: -+ if (e->cmd_defns[idx].cmd_desc) -+ return BIO_snprintf(s, -+ strlen(e->cmd_defns[idx].cmd_desc) + 1, -+ "%s", e->cmd_defns[idx].cmd_desc); -+ return BIO_snprintf(s, strlen(int_no_description) + 1, "%s", -+ int_no_description); -+ case ENGINE_CTRL_GET_CMD_FLAGS: -+ return e->cmd_defns[idx].cmd_flags; -+ } -+ /* Shouldn't really be here ... */ -+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR); -+ return -1; -+} - --int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) -- { -- int ctrl_exists, ref_exists; -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- ref_exists = ((e->struct_ref > 0) ? 1 : 0); -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); -- if(!ref_exists) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); -- return 0; -- } -- /* Intercept any "root-level" commands before trying to hand them on to -- * ctrl() handlers. */ -- switch(cmd) -- { -- case ENGINE_CTRL_HAS_CTRL_FUNCTION: -- return ctrl_exists; -- case ENGINE_CTRL_GET_FIRST_CMD_TYPE: -- case ENGINE_CTRL_GET_NEXT_CMD_TYPE: -- case ENGINE_CTRL_GET_CMD_FROM_NAME: -- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: -- case ENGINE_CTRL_GET_NAME_FROM_CMD: -- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: -- case ENGINE_CTRL_GET_DESC_FROM_CMD: -- case ENGINE_CTRL_GET_CMD_FLAGS: -- if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) -- return int_ctrl_helper(e,cmd,i,p,f); -- if(!ctrl_exists) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); -- /* For these cmd-related functions, failure is indicated -- * by a -1 return value (because 0 is used as a valid -- * return in some places). */ -- return -1; -- } -- default: -- break; -- } -- /* Anything else requires a ctrl() handler to exist. */ -- if(!ctrl_exists) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); -- return 0; -- } -- return e->ctrl(e, cmd, i, p, f); -- } -+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -+{ -+ int ctrl_exists, ref_exists; -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ ref_exists = ((e->struct_ref > 0) ? 1 : 0); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); -+ if (!ref_exists) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE); -+ return 0; -+ } -+ /* -+ * Intercept any "root-level" commands before trying to hand them on to -+ * ctrl() handlers. -+ */ -+ switch (cmd) { -+ case ENGINE_CTRL_HAS_CTRL_FUNCTION: -+ return ctrl_exists; -+ case ENGINE_CTRL_GET_FIRST_CMD_TYPE: -+ case ENGINE_CTRL_GET_NEXT_CMD_TYPE: -+ case ENGINE_CTRL_GET_CMD_FROM_NAME: -+ case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: -+ case ENGINE_CTRL_GET_NAME_FROM_CMD: -+ case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: -+ case ENGINE_CTRL_GET_DESC_FROM_CMD: -+ case ENGINE_CTRL_GET_CMD_FLAGS: -+ if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) -+ return int_ctrl_helper(e, cmd, i, p, f); -+ if (!ctrl_exists) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); -+ /* -+ * For these cmd-related functions, failure is indicated by a -1 -+ * return value (because 0 is used as a valid return in some -+ * places). -+ */ -+ return -1; -+ } -+ default: -+ break; -+ } -+ /* Anything else requires a ctrl() handler to exist. */ -+ if (!ctrl_exists) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); -+ return 0; -+ } -+ return e->ctrl(e, cmd, i, p, f); -+} - - int ENGINE_cmd_is_executable(ENGINE *e, int cmd) -- { -- int flags; -- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) -- { -- ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, -- ENGINE_R_INVALID_CMD_NUMBER); -- return 0; -- } -- if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) && -- !(flags & ENGINE_CMD_FLAG_NUMERIC) && -- !(flags & ENGINE_CMD_FLAG_STRING)) -- return 0; -- return 1; -- } -+{ -+ int flags; -+ if ((flags = -+ ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) { -+ ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, -+ ENGINE_R_INVALID_CMD_NUMBER); -+ return 0; -+ } -+ if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) && -+ !(flags & ENGINE_CMD_FLAG_NUMERIC) && -+ !(flags & ENGINE_CMD_FLAG_STRING)) -+ return 0; -+ return 1; -+} - - int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, -- long i, void *p, void (*f)(void), int cmd_optional) -- { -- int num; -+ long i, void *p, void (*f) (void), int cmd_optional) -+{ -+ int num; - -- if((e == NULL) || (cmd_name == NULL)) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, -- ENGINE_CTRL_GET_CMD_FROM_NAME, -- 0, (void *)cmd_name, NULL)) <= 0)) -- { -- /* If the command didn't *have* to be supported, we fake -- * success. This allows certain settings to be specified for -- * multiple ENGINEs and only require a change of ENGINE id -- * (without having to selectively apply settings). Eg. changing -- * from a hardware device back to the regular software ENGINE -- * without editing the config file, etc. */ -- if(cmd_optional) -- { -- ERR_clear_error(); -- return 1; -- } -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, -- ENGINE_R_INVALID_CMD_NAME); -- return 0; -- } -- /* Force the result of the control command to 0 or 1, for the reasons -- * mentioned before. */ -- if (ENGINE_ctrl(e, num, i, p, f) > 0) -- return 1; -+ if ((e == NULL) || (cmd_name == NULL)) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER); - return 0; -+ } -+ if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, -+ ENGINE_CTRL_GET_CMD_FROM_NAME, -+ 0, (void *)cmd_name, -+ NULL)) <= 0)) { -+ /* -+ * If the command didn't *have* to be supported, we fake success. -+ * This allows certain settings to be specified for multiple ENGINEs -+ * and only require a change of ENGINE id (without having to -+ * selectively apply settings). Eg. changing from a hardware device -+ * back to the regular software ENGINE without editing the config -+ * file, etc. -+ */ -+ if (cmd_optional) { -+ ERR_clear_error(); -+ return 1; - } -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME); -+ return 0; -+ } -+ /* -+ * Force the result of the control command to 0 or 1, for the reasons -+ * mentioned before. -+ */ -+ if (ENGINE_ctrl(e, num, i, p, f) > 0) -+ return 1; -+ return 0; -+} - - int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, -- int cmd_optional) -- { -- int num, flags; -- long l; -- char *ptr; -- if((e == NULL) || (cmd_name == NULL)) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, -- ENGINE_CTRL_GET_CMD_FROM_NAME, -- 0, (void *)cmd_name, NULL)) <= 0)) -- { -- /* If the command didn't *have* to be supported, we fake -- * success. This allows certain settings to be specified for -- * multiple ENGINEs and only require a change of ENGINE id -- * (without having to selectively apply settings). Eg. changing -- * from a hardware device back to the regular software ENGINE -- * without editing the config file, etc. */ -- if(cmd_optional) -- { -- ERR_clear_error(); -- return 1; -- } -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -- ENGINE_R_INVALID_CMD_NAME); -- return 0; -- } -- if(!ENGINE_cmd_is_executable(e, num)) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -- ENGINE_R_CMD_NOT_EXECUTABLE); -- return 0; -- } -- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) -- { -- /* Shouldn't happen, given that ENGINE_cmd_is_executable() -- * returned success. */ -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -- ENGINE_R_INTERNAL_LIST_ERROR); -- return 0; -- } -- /* If the command takes no input, there must be no input. And vice -- * versa. */ -- if(flags & ENGINE_CMD_FLAG_NO_INPUT) -- { -- if(arg != NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -- ENGINE_R_COMMAND_TAKES_NO_INPUT); -- return 0; -- } -- /* We deliberately force the result of ENGINE_ctrl() to 0 or 1 -- * rather than returning it as "return data". This is to ensure -- * usage of these commands is consistent across applications and -- * that certain applications don't understand it one way, and -- * others another. */ -- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) -- return 1; -- return 0; -- } -- /* So, we require input */ -- if(arg == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -- ENGINE_R_COMMAND_TAKES_INPUT); -- return 0; -- } -- /* If it takes string input, that's easy */ -- if(flags & ENGINE_CMD_FLAG_STRING) -- { -- /* Same explanation as above */ -- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) -- return 1; -- return 0; -- } -- /* If it doesn't take numeric either, then it is unsupported for use in -- * a config-setting situation, which is what this function is for. This -- * should never happen though, because ENGINE_cmd_is_executable() was -- * used. */ -- if(!(flags & ENGINE_CMD_FLAG_NUMERIC)) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -- ENGINE_R_INTERNAL_LIST_ERROR); -- return 0; -- } -- l = strtol(arg, &ptr, 10); -- if((arg == ptr) || (*ptr != '\0')) -- { -- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -- ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); -- return 0; -- } -- /* Force the result of the control command to 0 or 1, for the reasons -- * mentioned before. */ -- if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0) -- return 1; -- return 0; -- } -+ int cmd_optional) -+{ -+ int num, flags; -+ long l; -+ char *ptr; -+ if ((e == NULL) || (cmd_name == NULL)) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, -+ ENGINE_CTRL_GET_CMD_FROM_NAME, -+ 0, (void *)cmd_name, -+ NULL)) <= 0)) { -+ /* -+ * If the command didn't *have* to be supported, we fake success. -+ * This allows certain settings to be specified for multiple ENGINEs -+ * and only require a change of ENGINE id (without having to -+ * selectively apply settings). Eg. changing from a hardware device -+ * back to the regular software ENGINE without editing the config -+ * file, etc. -+ */ -+ if (cmd_optional) { -+ ERR_clear_error(); -+ return 1; -+ } -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME); -+ return 0; -+ } -+ if (!ENGINE_cmd_is_executable(e, num)) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -+ ENGINE_R_CMD_NOT_EXECUTABLE); -+ return 0; -+ } -+ if ((flags = -+ ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) { -+ /* -+ * Shouldn't happen, given that ENGINE_cmd_is_executable() returned -+ * success. -+ */ -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -+ ENGINE_R_INTERNAL_LIST_ERROR); -+ return 0; -+ } -+ /* -+ * If the command takes no input, there must be no input. And vice versa. -+ */ -+ if (flags & ENGINE_CMD_FLAG_NO_INPUT) { -+ if (arg != NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -+ ENGINE_R_COMMAND_TAKES_NO_INPUT); -+ return 0; -+ } -+ /* -+ * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather -+ * than returning it as "return data". This is to ensure usage of -+ * these commands is consistent across applications and that certain -+ * applications don't understand it one way, and others another. -+ */ -+ if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) -+ return 1; -+ return 0; -+ } -+ /* So, we require input */ -+ if (arg == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -+ ENGINE_R_COMMAND_TAKES_INPUT); -+ return 0; -+ } -+ /* If it takes string input, that's easy */ -+ if (flags & ENGINE_CMD_FLAG_STRING) { -+ /* Same explanation as above */ -+ if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) -+ return 1; -+ return 0; -+ } -+ /* -+ * If it doesn't take numeric either, then it is unsupported for use in a -+ * config-setting situation, which is what this function is for. This -+ * should never happen though, because ENGINE_cmd_is_executable() was -+ * used. -+ */ -+ if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -+ ENGINE_R_INTERNAL_LIST_ERROR); -+ return 0; -+ } -+ l = strtol(arg, &ptr, 10); -+ if ((arg == ptr) || (*ptr != '\0')) { -+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, -+ ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); -+ return 0; -+ } -+ /* -+ * Force the result of the control command to 0 or 1, for the reasons -+ * mentioned before. -+ */ -+ if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0) -+ return 1; -+ return 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c -index acb30c3..ac9d7eb 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c -@@ -1,6 +1,7 @@ - /* crypto/engine/eng_dyn.c */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2001. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,493 +57,516 @@ - * - */ - -- - #include "eng_int.h" - #include - --/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader -- * should implement the hook-up functions with the following prototypes. */ -+/* -+ * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE -+ * loader should implement the hook-up functions with the following -+ * prototypes. -+ */ - - /* Our ENGINE handlers */ - static int dynamic_init(ENGINE *e); - static int dynamic_finish(ENGINE *e); --static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); -+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, -+ void (*f) (void)); - /* Predeclare our context type */ - typedef struct st_dynamic_data_ctx dynamic_data_ctx; - /* The implementation for the important control command */ - static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); - --#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE --#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) --#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) --#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) --#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) --#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) --#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) -+#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE -+#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) -+#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) -+#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) -+#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) -+#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) -+#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) - - /* The constants used when creating the ENGINE */ - static const char *engine_dynamic_id = "dynamic"; - static const char *engine_dynamic_name = "Dynamic engine loading support"; - static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { -- {DYNAMIC_CMD_SO_PATH, -- "SO_PATH", -- "Specifies the path to the new ENGINE shared library", -- ENGINE_CMD_FLAG_STRING}, -- {DYNAMIC_CMD_NO_VCHECK, -- "NO_VCHECK", -- "Specifies to continue even if version checking fails (boolean)", -- ENGINE_CMD_FLAG_NUMERIC}, -- {DYNAMIC_CMD_ID, -- "ID", -- "Specifies an ENGINE id name for loading", -- ENGINE_CMD_FLAG_STRING}, -- {DYNAMIC_CMD_LIST_ADD, -- "LIST_ADD", -- "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", -- ENGINE_CMD_FLAG_NUMERIC}, -- {DYNAMIC_CMD_DIR_LOAD, -- "DIR_LOAD", -- "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", -- ENGINE_CMD_FLAG_NUMERIC}, -- {DYNAMIC_CMD_DIR_ADD, -- "DIR_ADD", -- "Adds a directory from which ENGINEs can be loaded", -- ENGINE_CMD_FLAG_STRING}, -- {DYNAMIC_CMD_LOAD, -- "LOAD", -- "Load up the ENGINE specified by other settings", -- ENGINE_CMD_FLAG_NO_INPUT}, -- {0, NULL, NULL, 0} -- }; -+ {DYNAMIC_CMD_SO_PATH, -+ "SO_PATH", -+ "Specifies the path to the new ENGINE shared library", -+ ENGINE_CMD_FLAG_STRING}, -+ {DYNAMIC_CMD_NO_VCHECK, -+ "NO_VCHECK", -+ "Specifies to continue even if version checking fails (boolean)", -+ ENGINE_CMD_FLAG_NUMERIC}, -+ {DYNAMIC_CMD_ID, -+ "ID", -+ "Specifies an ENGINE id name for loading", -+ ENGINE_CMD_FLAG_STRING}, -+ {DYNAMIC_CMD_LIST_ADD, -+ "LIST_ADD", -+ "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", -+ ENGINE_CMD_FLAG_NUMERIC}, -+ {DYNAMIC_CMD_DIR_LOAD, -+ "DIR_LOAD", -+ "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", -+ ENGINE_CMD_FLAG_NUMERIC}, -+ {DYNAMIC_CMD_DIR_ADD, -+ "DIR_ADD", -+ "Adds a directory from which ENGINEs can be loaded", -+ ENGINE_CMD_FLAG_STRING}, -+ {DYNAMIC_CMD_LOAD, -+ "LOAD", -+ "Load up the ENGINE specified by other settings", -+ ENGINE_CMD_FLAG_NO_INPUT}, -+ {0, NULL, NULL, 0} -+}; -+ - static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = { -- {0, NULL, NULL, 0} -- }; -+ {0, NULL, NULL, 0} -+}; - --/* Loading code stores state inside the ENGINE structure via the "ex_data" -+/* -+ * Loading code stores state inside the ENGINE structure via the "ex_data" - * element. We load all our state into a single structure and use that as a -- * single context in the "ex_data" stack. */ --struct st_dynamic_data_ctx -- { -- /* The DSO object we load that supplies the ENGINE code */ -- DSO *dynamic_dso; -- /* The function pointer to the version checking shared library function */ -- dynamic_v_check_fn v_check; -- /* The function pointer to the engine-binding shared library function */ -- dynamic_bind_engine bind_engine; -- /* The default name/path for loading the shared library */ -- const char *DYNAMIC_LIBNAME; -- /* Whether to continue loading on a version check failure */ -- int no_vcheck; -- /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ -- const char *engine_id; -- /* If non-zero, a successfully loaded ENGINE should be added to the internal -- * ENGINE list. If 2, the add must succeed or the entire load should fail. */ -- int list_add_value; -- /* The symbol name for the version checking function */ -- const char *DYNAMIC_F1; -- /* The symbol name for the "initialise ENGINE structure" function */ -- const char *DYNAMIC_F2; -- /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use -- * 'dirs' for loading. Default is to use 'dirs' as a fallback. */ -- int dir_load; -- /* A stack of directories from which ENGINEs could be loaded */ -- STACK *dirs; -- }; -+ * single context in the "ex_data" stack. -+ */ -+struct st_dynamic_data_ctx { -+ /* The DSO object we load that supplies the ENGINE code */ -+ DSO *dynamic_dso; -+ /* -+ * The function pointer to the version checking shared library function -+ */ -+ dynamic_v_check_fn v_check; -+ /* -+ * The function pointer to the engine-binding shared library function -+ */ -+ dynamic_bind_engine bind_engine; -+ /* The default name/path for loading the shared library */ -+ const char *DYNAMIC_LIBNAME; -+ /* Whether to continue loading on a version check failure */ -+ int no_vcheck; -+ /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ -+ const char *engine_id; -+ /* -+ * If non-zero, a successfully loaded ENGINE should be added to the -+ * internal ENGINE list. If 2, the add must succeed or the entire load -+ * should fail. -+ */ -+ int list_add_value; -+ /* The symbol name for the version checking function */ -+ const char *DYNAMIC_F1; -+ /* The symbol name for the "initialise ENGINE structure" function */ -+ const char *DYNAMIC_F2; -+ /* -+ * Whether to never use 'dirs', use 'dirs' as a fallback, or only use -+ * 'dirs' for loading. Default is to use 'dirs' as a fallback. -+ */ -+ int dir_load; -+ /* A stack of directories from which ENGINEs could be loaded */ -+ STACK *dirs; -+}; - --/* This is the "ex_data" index we obtain and reserve for use with our context -- * structure. */ -+/* -+ * This is the "ex_data" index we obtain and reserve for use with our context -+ * structure. -+ */ - static int dynamic_ex_data_idx = -1; - --static void int_free_str(void *s) { OPENSSL_free(s); } --/* Because our ex_data element may or may not get allocated depending on whether -- * a "first-use" occurs before the ENGINE is freed, we have a memory leak -- * problem to solve. We can't declare a "new" handler for the ex_data as we -- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this -- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free" -- * handler and that will get called if an ENGINE is being destroyed and there -- * was an ex_data element corresponding to our context type. */ -+static void int_free_str(void *s) -+{ -+ OPENSSL_free(s); -+} -+ -+/* -+ * Because our ex_data element may or may not get allocated depending on -+ * whether a "first-use" occurs before the ENGINE is freed, we have a memory -+ * leak problem to solve. We can't declare a "new" handler for the ex_data as -+ * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types -+ * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare -+ * a "free" handler and that will get called if an ENGINE is being destroyed -+ * and there was an ex_data element corresponding to our context type. -+ */ - static void dynamic_data_ctx_free_func(void *parent, void *ptr, -- CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) -- { -- if(ptr) -- { -- dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; -- if(ctx->dynamic_dso) -- DSO_free(ctx->dynamic_dso); -- if(ctx->DYNAMIC_LIBNAME) -- OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); -- if(ctx->engine_id) -- OPENSSL_free((void*)ctx->engine_id); -- if(ctx->dirs) -- sk_pop_free(ctx->dirs, int_free_str); -- OPENSSL_free(ctx); -- } -- } -+ CRYPTO_EX_DATA *ad, int idx, long argl, -+ void *argp) -+{ -+ if (ptr) { -+ dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; -+ if (ctx->dynamic_dso) -+ DSO_free(ctx->dynamic_dso); -+ if (ctx->DYNAMIC_LIBNAME) -+ OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME); -+ if (ctx->engine_id) -+ OPENSSL_free((void *)ctx->engine_id); -+ if (ctx->dirs) -+ sk_pop_free(ctx->dirs, int_free_str); -+ OPENSSL_free(ctx); -+ } -+} - --/* Construct the per-ENGINE context. We create it blindly and then use a lock to -- * check for a race - if so, all but one of the threads "racing" will have -+/* -+ * Construct the per-ENGINE context. We create it blindly and then use a lock -+ * to check for a race - if so, all but one of the threads "racing" will have - * wasted their time. The alternative involves creating everything inside the -- * lock which is far worse. */ -+ * lock which is far worse. -+ */ - static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) -- { -- dynamic_data_ctx *c; -- c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); -- if(!c) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- memset(c, 0, sizeof(dynamic_data_ctx)); -- c->dynamic_dso = NULL; -- c->v_check = NULL; -- c->bind_engine = NULL; -- c->DYNAMIC_LIBNAME = NULL; -- c->no_vcheck = 0; -- c->engine_id = NULL; -- c->list_add_value = 0; -- c->DYNAMIC_F1 = "v_check"; -- c->DYNAMIC_F2 = "bind_engine"; -- c->dir_load = 1; -- c->dirs = sk_new_null(); -- if(!c->dirs) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); -- OPENSSL_free(c); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, -- dynamic_ex_data_idx)) == NULL) -- { -- /* Good, we're the first */ -- ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); -- *ctx = c; -- c = NULL; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- /* If we lost the race to set the context, c is non-NULL and *ctx is the -- * context of the thread that won. */ -- if(c) -- OPENSSL_free(c); -- return 1; -- } -+{ -+ dynamic_data_ctx *c; -+ c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); -+ if (!c) { -+ ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ memset(c, 0, sizeof(dynamic_data_ctx)); -+ c->dynamic_dso = NULL; -+ c->v_check = NULL; -+ c->bind_engine = NULL; -+ c->DYNAMIC_LIBNAME = NULL; -+ c->no_vcheck = 0; -+ c->engine_id = NULL; -+ c->list_add_value = 0; -+ c->DYNAMIC_F1 = "v_check"; -+ c->DYNAMIC_F2 = "bind_engine"; -+ c->dir_load = 1; -+ c->dirs = sk_new_null(); -+ if (!c->dirs) { -+ ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); -+ OPENSSL_free(c); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, -+ dynamic_ex_data_idx)) -+ == NULL) { -+ /* Good, we're the first */ -+ ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); -+ *ctx = c; -+ c = NULL; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ /* -+ * If we lost the race to set the context, c is non-NULL and *ctx is the -+ * context of the thread that won. -+ */ -+ if (c) -+ OPENSSL_free(c); -+ return 1; -+} - --/* This function retrieves the context structure from an ENGINE's "ex_data", or -- * if it doesn't exist yet, sets it up. */ -+/* -+ * This function retrieves the context structure from an ENGINE's "ex_data", -+ * or if it doesn't exist yet, sets it up. -+ */ - static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) -- { -- dynamic_data_ctx *ctx; -- if(dynamic_ex_data_idx < 0) -- { -- /* Create and register the ENGINE ex_data, and associate our -- * "free" function with it to ensure any allocated contexts get -- * freed when an ENGINE goes underground. */ -- int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, -- dynamic_data_ctx_free_func); -- if(new_idx == -1) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX); -- return NULL; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- /* Avoid a race by checking again inside this lock */ -- if(dynamic_ex_data_idx < 0) -- { -- /* Good, someone didn't beat us to it */ -- dynamic_ex_data_idx = new_idx; -- new_idx = -1; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- /* In theory we could "give back" the index here if -- * (new_idx>-1), but it's not possible and wouldn't gain us much -- * if it were. */ -- } -- ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); -- /* Check if the context needs to be created */ -- if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) -- /* "set_data" will set errors if necessary */ -- return NULL; -- return ctx; -- } -+{ -+ dynamic_data_ctx *ctx; -+ if (dynamic_ex_data_idx < 0) { -+ /* -+ * Create and register the ENGINE ex_data, and associate our "free" -+ * function with it to ensure any allocated contexts get freed when -+ * an ENGINE goes underground. -+ */ -+ int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, -+ dynamic_data_ctx_free_func); -+ if (new_idx == -1) { -+ ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX); -+ return NULL; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ /* Avoid a race by checking again inside this lock */ -+ if (dynamic_ex_data_idx < 0) { -+ /* Good, someone didn't beat us to it */ -+ dynamic_ex_data_idx = new_idx; -+ new_idx = -1; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ /* -+ * In theory we could "give back" the index here if (new_idx>-1), but -+ * it's not possible and wouldn't gain us much if it were. -+ */ -+ } -+ ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); -+ /* Check if the context needs to be created */ -+ if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) -+ /* "set_data" will set errors if necessary */ -+ return NULL; -+ return ctx; -+} - - static ENGINE *engine_dynamic(void) -- { -- ENGINE *ret = ENGINE_new(); -- if(!ret) -- return NULL; -- if(!ENGINE_set_id(ret, engine_dynamic_id) || -- !ENGINE_set_name(ret, engine_dynamic_name) || -- !ENGINE_set_init_function(ret, dynamic_init) || -- !ENGINE_set_finish_function(ret, dynamic_finish) || -- !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || -- !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || -- !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) -- { -- ENGINE_free(ret); -- return NULL; -- } -- return ret; -- } -+{ -+ ENGINE *ret = ENGINE_new(); -+ if (!ret) -+ return NULL; -+ if (!ENGINE_set_id(ret, engine_dynamic_id) || -+ !ENGINE_set_name(ret, engine_dynamic_name) || -+ !ENGINE_set_init_function(ret, dynamic_init) || -+ !ENGINE_set_finish_function(ret, dynamic_finish) || -+ !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || -+ !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || -+ !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) { -+ ENGINE_free(ret); -+ return NULL; -+ } -+ return ret; -+} - - void ENGINE_load_dynamic(void) -- { -- ENGINE *toadd = engine_dynamic(); -- if(!toadd) return; -- ENGINE_add(toadd); -- /* If the "add" worked, it gets a structural reference. So either way, -- * we release our just-created reference. */ -- ENGINE_free(toadd); -- /* If the "add" didn't work, it was probably a conflict because it was -- * already added (eg. someone calling ENGINE_load_blah then calling -- * ENGINE_load_builtin_engines() perhaps). */ -- ERR_clear_error(); -- } -+{ -+ ENGINE *toadd = engine_dynamic(); -+ if (!toadd) -+ return; -+ ENGINE_add(toadd); -+ /* -+ * If the "add" worked, it gets a structural reference. So either way, we -+ * release our just-created reference. -+ */ -+ ENGINE_free(toadd); -+ /* -+ * If the "add" didn't work, it was probably a conflict because it was -+ * already added (eg. someone calling ENGINE_load_blah then calling -+ * ENGINE_load_builtin_engines() perhaps). -+ */ -+ ERR_clear_error(); -+} - - static int dynamic_init(ENGINE *e) -- { -- /* We always return failure - the "dyanamic" engine itself can't be used -- * for anything. */ -- return 0; -- } -+{ -+ /* -+ * We always return failure - the "dyanamic" engine itself can't be used -+ * for anything. -+ */ -+ return 0; -+} - - static int dynamic_finish(ENGINE *e) -- { -- /* This should never be called on account of "dynamic_init" always -- * failing. */ -- return 0; -- } -+{ -+ /* -+ * This should never be called on account of "dynamic_init" always -+ * failing. -+ */ -+ return 0; -+} -+ -+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -+{ -+ dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); -+ int initialised; - --static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) -- { -- dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); -- int initialised; -- -- if(!ctx) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED); -- return 0; -- } -- initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); -- /* All our control commands require the ENGINE to be uninitialised */ -- if(initialised) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, -- ENGINE_R_ALREADY_LOADED); -- return 0; -- } -- switch(cmd) -- { -- case DYNAMIC_CMD_SO_PATH: -- /* a NULL 'p' or a string of zero-length is the same thing */ -- if(p && (strlen((const char *)p) < 1)) -- p = NULL; -- if(ctx->DYNAMIC_LIBNAME) -- OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); -- if(p) -- ctx->DYNAMIC_LIBNAME = BUF_strdup(p); -- else -- ctx->DYNAMIC_LIBNAME = NULL; -- return (ctx->DYNAMIC_LIBNAME ? 1 : 0); -- case DYNAMIC_CMD_NO_VCHECK: -- ctx->no_vcheck = ((i == 0) ? 0 : 1); -- return 1; -- case DYNAMIC_CMD_ID: -- /* a NULL 'p' or a string of zero-length is the same thing */ -- if(p && (strlen((const char *)p) < 1)) -- p = NULL; -- if(ctx->engine_id) -- OPENSSL_free((void*)ctx->engine_id); -- if(p) -- ctx->engine_id = BUF_strdup(p); -- else -- ctx->engine_id = NULL; -- return (ctx->engine_id ? 1 : 0); -- case DYNAMIC_CMD_LIST_ADD: -- if((i < 0) || (i > 2)) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, -- ENGINE_R_INVALID_ARGUMENT); -- return 0; -- } -- ctx->list_add_value = (int)i; -- return 1; -- case DYNAMIC_CMD_LOAD: -- return dynamic_load(e, ctx); -- case DYNAMIC_CMD_DIR_LOAD: -- if((i < 0) || (i > 2)) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, -- ENGINE_R_INVALID_ARGUMENT); -- return 0; -- } -- ctx->dir_load = (int)i; -- return 1; -- case DYNAMIC_CMD_DIR_ADD: -- /* a NULL 'p' or a string of zero-length is the same thing */ -- if(!p || (strlen((const char *)p) < 1)) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, -- ENGINE_R_INVALID_ARGUMENT); -- return 0; -- } -- { -- char *tmp_str = BUF_strdup(p); -- if(!tmp_str) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- sk_insert(ctx->dirs, tmp_str, -1); -- } -- return 1; -- default: -- break; -- } -- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); -- return 0; -- } -+ if (!ctx) { -+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED); -+ return 0; -+ } -+ initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); -+ /* All our control commands require the ENGINE to be uninitialised */ -+ if (initialised) { -+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED); -+ return 0; -+ } -+ switch (cmd) { -+ case DYNAMIC_CMD_SO_PATH: -+ /* a NULL 'p' or a string of zero-length is the same thing */ -+ if (p && (strlen((const char *)p) < 1)) -+ p = NULL; -+ if (ctx->DYNAMIC_LIBNAME) -+ OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME); -+ if (p) -+ ctx->DYNAMIC_LIBNAME = BUF_strdup(p); -+ else -+ ctx->DYNAMIC_LIBNAME = NULL; -+ return (ctx->DYNAMIC_LIBNAME ? 1 : 0); -+ case DYNAMIC_CMD_NO_VCHECK: -+ ctx->no_vcheck = ((i == 0) ? 0 : 1); -+ return 1; -+ case DYNAMIC_CMD_ID: -+ /* a NULL 'p' or a string of zero-length is the same thing */ -+ if (p && (strlen((const char *)p) < 1)) -+ p = NULL; -+ if (ctx->engine_id) -+ OPENSSL_free((void *)ctx->engine_id); -+ if (p) -+ ctx->engine_id = BUF_strdup(p); -+ else -+ ctx->engine_id = NULL; -+ return (ctx->engine_id ? 1 : 0); -+ case DYNAMIC_CMD_LIST_ADD: -+ if ((i < 0) || (i > 2)) { -+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); -+ return 0; -+ } -+ ctx->list_add_value = (int)i; -+ return 1; -+ case DYNAMIC_CMD_LOAD: -+ return dynamic_load(e, ctx); -+ case DYNAMIC_CMD_DIR_LOAD: -+ if ((i < 0) || (i > 2)) { -+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); -+ return 0; -+ } -+ ctx->dir_load = (int)i; -+ return 1; -+ case DYNAMIC_CMD_DIR_ADD: -+ /* a NULL 'p' or a string of zero-length is the same thing */ -+ if (!p || (strlen((const char *)p) < 1)) { -+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); -+ return 0; -+ } -+ { -+ char *tmp_str = BUF_strdup(p); -+ if (!tmp_str) { -+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ sk_insert(ctx->dirs, tmp_str, -1); -+ } -+ return 1; -+ default: -+ break; -+ } -+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); -+ return 0; -+} - - static int int_load(dynamic_data_ctx *ctx) -- { -- int num, loop; -- /* Unless told not to, try a direct load */ -- if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, -- ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL) -- return 1; -- /* If we're not allowed to use 'dirs' or we have none, fail */ -- if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) -- return 0; -- for(loop = 0; loop < num; loop++) -- { -- const char *s = sk_value(ctx->dirs, loop); -- char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); -- if(!merge) -- return 0; -- if(DSO_load(ctx->dynamic_dso, merge, NULL, 0)) -- { -- /* Found what we're looking for */ -- OPENSSL_free(merge); -- return 1; -- } -- OPENSSL_free(merge); -- } -- return 0; -- } -+{ -+ int num, loop; -+ /* Unless told not to, try a direct load */ -+ if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, -+ ctx->DYNAMIC_LIBNAME, NULL, -+ 0)) != NULL) -+ return 1; -+ /* If we're not allowed to use 'dirs' or we have none, fail */ -+ if (!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) -+ return 0; -+ for (loop = 0; loop < num; loop++) { -+ const char *s = sk_value(ctx->dirs, loop); -+ char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); -+ if (!merge) -+ return 0; -+ if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) { -+ /* Found what we're looking for */ -+ OPENSSL_free(merge); -+ return 1; -+ } -+ OPENSSL_free(merge); -+ } -+ return 0; -+} - - static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) -- { -- ENGINE cpy; -- dynamic_fns fns; -+{ -+ ENGINE cpy; -+ dynamic_fns fns; - -- if(!ctx->dynamic_dso) -- ctx->dynamic_dso = DSO_new(); -- if(!ctx->DYNAMIC_LIBNAME) -- { -- if(!ctx->engine_id) -- return 0; -- ctx->DYNAMIC_LIBNAME = -- DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); -- } -- if(!int_load(ctx)) -- { -- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, -- ENGINE_R_DSO_NOT_FOUND); -- DSO_free(ctx->dynamic_dso); -- ctx->dynamic_dso = NULL; -- return 0; -- } -- /* We have to find a bind function otherwise it'll always end badly */ -- if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func( -- ctx->dynamic_dso, ctx->DYNAMIC_F2))) -- { -- ctx->bind_engine = NULL; -- DSO_free(ctx->dynamic_dso); -- ctx->dynamic_dso = NULL; -- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, -- ENGINE_R_DSO_FAILURE); -- return 0; -- } -- /* Do we perform version checking? */ -- if(!ctx->no_vcheck) -- { -- unsigned long vcheck_res = 0; -- /* Now we try to find a version checking function and decide how -- * to cope with failure if/when it fails. */ -- ctx->v_check = (dynamic_v_check_fn)DSO_bind_func( -- ctx->dynamic_dso, ctx->DYNAMIC_F1); -- if(ctx->v_check) -- vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); -- /* We fail if the version checker veto'd the load *or* if it is -- * deferring to us (by returning its version) and we think it is -- * too old. */ -- if(vcheck_res < OSSL_DYNAMIC_OLDEST) -- { -- /* Fail */ -- ctx->bind_engine = NULL; -- ctx->v_check = NULL; -- DSO_free(ctx->dynamic_dso); -- ctx->dynamic_dso = NULL; -- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, -- ENGINE_R_VERSION_INCOMPATIBILITY); -- return 0; -- } -- } -- /* First binary copy the ENGINE structure so that we can roll back if -- * the hand-over fails */ -- memcpy(&cpy, e, sizeof(ENGINE)); -- /* Provide the ERR, "ex_data", memory, and locking callbacks so the -- * loaded library uses our state rather than its own. FIXME: As noted in -- * engine.h, much of this would be simplified if each area of code -- * provided its own "summary" structure of all related callbacks. It -- * would also increase opaqueness. */ -- fns.static_state = ENGINE_get_static_state(); -- fns.err_fns = ERR_get_implementation(); -- fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); -- CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, -- &fns.mem_fns.realloc_cb, -- &fns.mem_fns.free_cb); -- fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); -- fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); -- fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); -- fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); -- fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); -- /* Now that we've loaded the dynamic engine, make sure no "dynamic" -- * ENGINE elements will show through. */ -- engine_set_all_null(e); -+ if (!ctx->dynamic_dso) -+ ctx->dynamic_dso = DSO_new(); -+ if (!ctx->DYNAMIC_LIBNAME) { -+ if (!ctx->engine_id) -+ return 0; -+ ctx->DYNAMIC_LIBNAME = -+ DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); -+ } -+ if (!int_load(ctx)) { -+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND); -+ DSO_free(ctx->dynamic_dso); -+ ctx->dynamic_dso = NULL; -+ return 0; -+ } -+ /* We have to find a bind function otherwise it'll always end badly */ -+ if (! -+ (ctx->bind_engine = -+ (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso, -+ ctx->DYNAMIC_F2))) { -+ ctx->bind_engine = NULL; -+ DSO_free(ctx->dynamic_dso); -+ ctx->dynamic_dso = NULL; -+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE); -+ return 0; -+ } -+ /* Do we perform version checking? */ -+ if (!ctx->no_vcheck) { -+ unsigned long vcheck_res = 0; -+ /* -+ * Now we try to find a version checking function and decide how to -+ * cope with failure if/when it fails. -+ */ -+ ctx->v_check = -+ (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso, -+ ctx->DYNAMIC_F1); -+ if (ctx->v_check) -+ vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); -+ /* -+ * We fail if the version checker veto'd the load *or* if it is -+ * deferring to us (by returning its version) and we think it is too -+ * old. -+ */ -+ if (vcheck_res < OSSL_DYNAMIC_OLDEST) { -+ /* Fail */ -+ ctx->bind_engine = NULL; -+ ctx->v_check = NULL; -+ DSO_free(ctx->dynamic_dso); -+ ctx->dynamic_dso = NULL; -+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, -+ ENGINE_R_VERSION_INCOMPATIBILITY); -+ return 0; -+ } -+ } -+ /* -+ * First binary copy the ENGINE structure so that we can roll back if the -+ * hand-over fails -+ */ -+ memcpy(&cpy, e, sizeof(ENGINE)); -+ /* -+ * Provide the ERR, "ex_data", memory, and locking callbacks so the -+ * loaded library uses our state rather than its own. FIXME: As noted in -+ * engine.h, much of this would be simplified if each area of code -+ * provided its own "summary" structure of all related callbacks. It -+ * would also increase opaqueness. -+ */ -+ fns.static_state = ENGINE_get_static_state(); -+ fns.err_fns = ERR_get_implementation(); -+ fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); -+ CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, -+ &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb); -+ fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); -+ fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); -+ fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); -+ fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); -+ fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); -+ /* -+ * Now that we've loaded the dynamic engine, make sure no "dynamic" -+ * ENGINE elements will show through. -+ */ -+ engine_set_all_null(e); - -- /* Try to bind the ENGINE onto our own ENGINE structure */ -- if(!ctx->bind_engine(e, ctx->engine_id, &fns)) -- { -- ctx->bind_engine = NULL; -- ctx->v_check = NULL; -- DSO_free(ctx->dynamic_dso); -- ctx->dynamic_dso = NULL; -- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED); -- /* Copy the original ENGINE structure back */ -- memcpy(e, &cpy, sizeof(ENGINE)); -- return 0; -- } -- /* Do we try to add this ENGINE to the internal list too? */ -- if(ctx->list_add_value > 0) -- { -- if(!ENGINE_add(e)) -- { -- /* Do we tolerate this or fail? */ -- if(ctx->list_add_value > 1) -- { -- /* Fail - NB: By this time, it's too late to -- * rollback, and trying to do so allows the -- * bind_engine() code to have created leaks. We -- * just have to fail where we are, after the -- * ENGINE has changed. */ -- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, -- ENGINE_R_CONFLICTING_ENGINE_ID); -- return 0; -- } -- /* Tolerate */ -- ERR_clear_error(); -- } -- } -- return 1; -- } -+ /* Try to bind the ENGINE onto our own ENGINE structure */ -+ if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { -+ ctx->bind_engine = NULL; -+ ctx->v_check = NULL; -+ DSO_free(ctx->dynamic_dso); -+ ctx->dynamic_dso = NULL; -+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED); -+ /* Copy the original ENGINE structure back */ -+ memcpy(e, &cpy, sizeof(ENGINE)); -+ return 0; -+ } -+ /* Do we try to add this ENGINE to the internal list too? */ -+ if (ctx->list_add_value > 0) { -+ if (!ENGINE_add(e)) { -+ /* Do we tolerate this or fail? */ -+ if (ctx->list_add_value > 1) { -+ /* -+ * Fail - NB: By this time, it's too late to rollback, and -+ * trying to do so allows the bind_engine() code to have -+ * created leaks. We just have to fail where we are, after -+ * the ENGINE has changed. -+ */ -+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, -+ ENGINE_R_CONFLICTING_ENGINE_ID); -+ return 0; -+ } -+ /* Tolerate */ -+ ERR_clear_error(); -+ } -+ } -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c -index ac74dd1..20f1ad2 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_err.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,106 +66,111 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) - --static ERR_STRING_DATA ENGINE_str_functs[]= -- { --{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, --{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, --{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, --{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"}, --{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, --{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, --{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, --{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"}, --{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, --{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, --{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, --{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"}, --{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, --{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, --{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, --{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, --{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, --{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, --{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, --{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, --{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, --{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, --{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"}, --{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, --{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, --{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, --{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"}, --{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"}, --{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, --{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, --{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, --{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"}, --{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, --{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, --{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, --{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"}, --{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, --{0,NULL} -- }; -+static ERR_STRING_DATA ENGINE_str_functs[] = { -+ {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, -+ {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, -+ {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, -+ {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), -+ "ENGINE_load_ssl_client_cert"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), -+ "ENGINE_set_default_string"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"}, -+ {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, -+ {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, -+ {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, -+ {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"}, -+ {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA ENGINE_str_reasons[]= -- { --{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"}, --{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"}, --{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"}, --{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"}, --{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"}, --{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"}, --{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"}, --{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"}, --{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"}, --{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"}, --{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"}, --{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"}, --{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"}, --{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"}, --{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"}, --{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"}, --{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"}, --{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"}, --{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"}, --{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"}, --{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"}, --{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"}, --{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"}, --{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"}, --{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"}, --{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"}, --{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"}, --{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"}, --{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"}, --{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"}, --{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"}, --{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"}, --{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"}, --{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"}, --{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"}, --{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"}, --{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"}, --{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"}, --{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"}, --{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"}, --{0,NULL} -- }; -+static ERR_STRING_DATA ENGINE_str_reasons[] = { -+ {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"}, -+ {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), -+ "argument is not a number"}, -+ {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"}, -+ {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"}, -+ {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"}, -+ {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"}, -+ {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), -+ "ctrl command not implemented"}, -+ {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED), "dh not implemented"}, -+ {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"}, -+ {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"}, -+ {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"}, -+ {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"}, -+ {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR), -+ "engine configuration error"}, -+ {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"}, -+ {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"}, -+ {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY), -+ "failed loading private key"}, -+ {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY), -+ "failed loading public key"}, -+ {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"}, -+ {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED), -+ "could not obtain hardware handle"}, -+ {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"}, -+ {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"}, -+ {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"}, -+ {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"}, -+ {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"}, -+ {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"}, -+ {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"}, -+ {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"}, -+ {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"}, -+ {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"}, -+ {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"}, -+ {ERR_REASON(ENGINE_R_NO_INDEX), "no index"}, -+ {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"}, -+ {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"}, -+ {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"}, -+ {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION), "no unload function"}, -+ {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS), "provide parameters"}, -+ {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"}, -+ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"}, -+ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"}, -+ {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_ENGINE_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,ENGINE_str_functs); -- ERR_load_strings(0,ENGINE_str_reasons); -- } -+ if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, ENGINE_str_functs); -+ ERR_load_strings(0, ENGINE_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c -index 27c1662..7fa0754 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,7 +54,7 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECDH support in OpenSSL originally developed by -+ * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -@@ -62,106 +62,104 @@ - #include - - int ENGINE_set_default(ENGINE *e, unsigned int flags) -- { -- if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) -- return 0; -- if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) -- return 0; -+{ -+ if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) -+ return 0; -+ if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) -+ return 0; - #ifndef OPENSSL_NO_RSA -- if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) -- return 0; -+ if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) -+ return 0; - #endif - #ifndef OPENSSL_NO_DSA -- if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) -- return 0; -+ if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) -+ return 0; - #endif - #ifndef OPENSSL_NO_DH -- if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) -- return 0; -+ if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) -+ return 0; - #endif - #ifndef OPENSSL_NO_ECDH -- if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) -- return 0; -+ if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) -+ return 0; - #endif - #ifndef OPENSSL_NO_ECDSA -- if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) -- return 0; -+ if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) -+ return 0; - #endif -- if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) -- return 0; -- return 1; -- } -+ if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) -+ return 0; -+ return 1; -+} - - /* Set default algorithms using a string */ - - static int int_def_cb(const char *alg, int len, void *arg) -- { -- unsigned int *pflags = arg; -- if (!strncmp(alg, "ALL", len)) -- *pflags |= ENGINE_METHOD_ALL; -- else if (!strncmp(alg, "RSA", len)) -- *pflags |= ENGINE_METHOD_RSA; -- else if (!strncmp(alg, "DSA", len)) -- *pflags |= ENGINE_METHOD_DSA; -- else if (!strncmp(alg, "ECDH", len)) -- *pflags |= ENGINE_METHOD_ECDH; -- else if (!strncmp(alg, "ECDSA", len)) -- *pflags |= ENGINE_METHOD_ECDSA; -- else if (!strncmp(alg, "DH", len)) -- *pflags |= ENGINE_METHOD_DH; -- else if (!strncmp(alg, "RAND", len)) -- *pflags |= ENGINE_METHOD_RAND; -- else if (!strncmp(alg, "CIPHERS", len)) -- *pflags |= ENGINE_METHOD_CIPHERS; -- else if (!strncmp(alg, "DIGESTS", len)) -- *pflags |= ENGINE_METHOD_DIGESTS; -- else -- return 0; -- return 1; -- } -- -+{ -+ unsigned int *pflags = arg; -+ if (!strncmp(alg, "ALL", len)) -+ *pflags |= ENGINE_METHOD_ALL; -+ else if (!strncmp(alg, "RSA", len)) -+ *pflags |= ENGINE_METHOD_RSA; -+ else if (!strncmp(alg, "DSA", len)) -+ *pflags |= ENGINE_METHOD_DSA; -+ else if (!strncmp(alg, "ECDH", len)) -+ *pflags |= ENGINE_METHOD_ECDH; -+ else if (!strncmp(alg, "ECDSA", len)) -+ *pflags |= ENGINE_METHOD_ECDSA; -+ else if (!strncmp(alg, "DH", len)) -+ *pflags |= ENGINE_METHOD_DH; -+ else if (!strncmp(alg, "RAND", len)) -+ *pflags |= ENGINE_METHOD_RAND; -+ else if (!strncmp(alg, "CIPHERS", len)) -+ *pflags |= ENGINE_METHOD_CIPHERS; -+ else if (!strncmp(alg, "DIGESTS", len)) -+ *pflags |= ENGINE_METHOD_DIGESTS; -+ else -+ return 0; -+ return 1; -+} - - int ENGINE_set_default_string(ENGINE *e, const char *def_list) -- { -- unsigned int flags = 0; -- if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) -- { -- ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, -- ENGINE_R_INVALID_STRING); -- ERR_add_error_data(2, "str=",def_list); -- return 0; -- } -- return ENGINE_set_default(e, flags); -- } -+{ -+ unsigned int flags = 0; -+ if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { -+ ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, -+ ENGINE_R_INVALID_STRING); -+ ERR_add_error_data(2, "str=", def_list); -+ return 0; -+ } -+ return ENGINE_set_default(e, flags); -+} - - int ENGINE_register_complete(ENGINE *e) -- { -- ENGINE_register_ciphers(e); -- ENGINE_register_digests(e); -+{ -+ ENGINE_register_ciphers(e); -+ ENGINE_register_digests(e); - #ifndef OPENSSL_NO_RSA -- ENGINE_register_RSA(e); -+ ENGINE_register_RSA(e); - #endif - #ifndef OPENSSL_NO_DSA -- ENGINE_register_DSA(e); -+ ENGINE_register_DSA(e); - #endif - #ifndef OPENSSL_NO_DH -- ENGINE_register_DH(e); -+ ENGINE_register_DH(e); - #endif - #ifndef OPENSSL_NO_ECDH -- ENGINE_register_ECDH(e); -+ ENGINE_register_ECDH(e); - #endif - #ifndef OPENSSL_NO_ECDSA -- ENGINE_register_ECDSA(e); -+ ENGINE_register_ECDSA(e); - #endif -- ENGINE_register_RAND(e); -- return 1; -- } -+ ENGINE_register_RAND(e); -+ return 1; -+} - - int ENGINE_register_all_complete(void) -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_complete(e); -- return 1; -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_complete(e); -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c -index 7633cf5..4ea7fe6 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_init.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_init.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -55,100 +55,103 @@ - - #include "eng_int.h" - --/* Initialise a engine type for use (or up its functional reference count -- * if it's already in use). This version is only used internally. */ -+/* -+ * Initialise a engine type for use (or up its functional reference count if -+ * it's already in use). This version is only used internally. -+ */ - int engine_unlocked_init(ENGINE *e) -- { -- int to_return = 1; -+{ -+ int to_return = 1; - -- if((e->funct_ref == 0) && e->init) -- /* This is the first functional reference and the engine -- * requires initialisation so we do it now. */ -- to_return = e->init(e); -- if(to_return) -- { -- /* OK, we return a functional reference which is also a -- * structural reference. */ -- e->struct_ref++; -- e->funct_ref++; -- engine_ref_debug(e, 0, 1) -- engine_ref_debug(e, 1, 1) -- } -- return to_return; -- } -+ if ((e->funct_ref == 0) && e->init) -+ /* -+ * This is the first functional reference and the engine requires -+ * initialisation so we do it now. -+ */ -+ to_return = e->init(e); -+ if (to_return) { -+ /* -+ * OK, we return a functional reference which is also a structural -+ * reference. -+ */ -+ e->struct_ref++; -+ e->funct_ref++; -+ engine_ref_debug(e, 0, 1) -+ engine_ref_debug(e, 1, 1) -+ } -+ return to_return; -+} - --/* Free a functional reference to a engine type. This version is only used -- * internally. */ -+/* -+ * Free a functional reference to a engine type. This version is only used -+ * internally. -+ */ - int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) -- { -- int to_return = 1; -+{ -+ int to_return = 1; - -- /* Reduce the functional reference count here so if it's the terminating -- * case, we can release the lock safely and call the finish() handler -- * without risk of a race. We get a race if we leave the count until -- * after and something else is calling "finish" at the same time - -- * there's a chance that both threads will together take the count from -- * 2 to 0 without either calling finish(). */ -- e->funct_ref--; -- engine_ref_debug(e, 1, -1); -- if((e->funct_ref == 0) && e->finish) -- { -- if(unlock_for_handlers) -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- to_return = e->finish(e); -- if(unlock_for_handlers) -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(!to_return) -- return 0; -- } -+ /* -+ * Reduce the functional reference count here so if it's the terminating -+ * case, we can release the lock safely and call the finish() handler -+ * without risk of a race. We get a race if we leave the count until -+ * after and something else is calling "finish" at the same time - -+ * there's a chance that both threads will together take the count from 2 -+ * to 0 without either calling finish(). -+ */ -+ e->funct_ref--; -+ engine_ref_debug(e, 1, -1); -+ if ((e->funct_ref == 0) && e->finish) { -+ if (unlock_for_handlers) -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ to_return = e->finish(e); -+ if (unlock_for_handlers) -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (!to_return) -+ return 0; -+ } - #ifdef REF_CHECK -- if(e->funct_ref < 0) -- { -- fprintf(stderr,"ENGINE_finish, bad functional reference count\n"); -- abort(); -- } -+ if (e->funct_ref < 0) { -+ fprintf(stderr, "ENGINE_finish, bad functional reference count\n"); -+ abort(); -+ } - #endif -- /* Release the structural reference too */ -- if(!engine_free_util(e, 0)) -- { -- ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED); -- return 0; -- } -- return to_return; -- } -+ /* Release the structural reference too */ -+ if (!engine_free_util(e, 0)) { -+ ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED); -+ return 0; -+ } -+ return to_return; -+} - - /* The API (locked) version of "init" */ - int ENGINE_init(ENGINE *e) -- { -- int ret; -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- ret = engine_unlocked_init(e); -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- return ret; -- } -+{ -+ int ret; -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ ret = engine_unlocked_init(e); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ return ret; -+} - - /* The API (locked) version of "finish" */ - int ENGINE_finish(ENGINE *e) -- { -- int to_return = 1; -+{ -+ int to_return = 1; - -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- to_return = engine_unlocked_finish(e, 1); -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- if(!to_return) -- { -- ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); -- return 0; -- } -- return to_return; -- } -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ to_return = engine_unlocked_finish(e, 1); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ if (!to_return) { -+ ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED); -+ return 0; -+ } -+ return to_return; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c -index 5815b86..6238f9d 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c -@@ -1,6 +1,7 @@ - /* crypto/engine/eng_lib.c */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,268 +63,282 @@ - /* The "new"/"free" stuff first */ - - ENGINE *ENGINE_new(void) -- { -- ENGINE *ret; -- -- ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); -- if(ret == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- memset(ret, 0, sizeof(ENGINE)); -- ret->struct_ref = 1; -- engine_ref_debug(ret, 0, 1) -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); -- return ret; -- } -- --/* Placed here (close proximity to ENGINE_new) so that modifications to the -+{ -+ ENGINE *ret; -+ -+ ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); -+ if (ret == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ memset(ret, 0, sizeof(ENGINE)); -+ ret->struct_ref = 1; -+ engine_ref_debug(ret, 0, 1) -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); -+ return ret; -+} -+ -+/* -+ * Placed here (close proximity to ENGINE_new) so that modifications to the - * elements of the ENGINE structure are more likely to be caught and changed -- * here. */ -+ * here. -+ */ - void engine_set_all_null(ENGINE *e) -- { -- e->id = NULL; -- e->name = NULL; -- e->rsa_meth = NULL; -- e->dsa_meth = NULL; -- e->dh_meth = NULL; -- e->rand_meth = NULL; -- e->store_meth = NULL; -- e->ciphers = NULL; -- e->digests = NULL; -- e->destroy = NULL; -- e->init = NULL; -- e->finish = NULL; -- e->ctrl = NULL; -- e->load_privkey = NULL; -- e->load_pubkey = NULL; -- e->cmd_defns = NULL; -- e->flags = 0; -- } -+{ -+ e->id = NULL; -+ e->name = NULL; -+ e->rsa_meth = NULL; -+ e->dsa_meth = NULL; -+ e->dh_meth = NULL; -+ e->rand_meth = NULL; -+ e->store_meth = NULL; -+ e->ciphers = NULL; -+ e->digests = NULL; -+ e->destroy = NULL; -+ e->init = NULL; -+ e->finish = NULL; -+ e->ctrl = NULL; -+ e->load_privkey = NULL; -+ e->load_pubkey = NULL; -+ e->cmd_defns = NULL; -+ e->flags = 0; -+} - - int engine_free_util(ENGINE *e, int locked) -- { -- int i; -- -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if(locked) -- i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); -- else -- i = --e->struct_ref; -- engine_ref_debug(e, 0, -1) -- if (i > 0) return 1; -+{ -+ int i; -+ -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (locked) -+ i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE); -+ else -+ i = --e->struct_ref; -+ engine_ref_debug(e, 0, -1) -+ if (i > 0) -+ return 1; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"ENGINE_free, bad structural reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "ENGINE_free, bad structural reference count\n"); -+ abort(); -+ } - #endif -- /* Give the ENGINE a chance to do any structural cleanup corresponding -- * to allocation it did in its constructor (eg. unload error strings) */ -- if(e->destroy) -- e->destroy(e); -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); -- OPENSSL_free(e); -- return 1; -- } -+ /* -+ * Give the ENGINE a chance to do any structural cleanup corresponding to -+ * allocation it did in its constructor (eg. unload error strings) -+ */ -+ if (e->destroy) -+ e->destroy(e); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); -+ OPENSSL_free(e); -+ return 1; -+} - - int ENGINE_free(ENGINE *e) -- { -- return engine_free_util(e, 1); -- } -+{ -+ return engine_free_util(e, 1); -+} - - /* Cleanup stuff */ - --/* ENGINE_cleanup() is coded such that anything that does work that will need -- * cleanup can register a "cleanup" callback here. That way we don't get linker -- * bloat by referring to all *possible* cleanups, but any linker bloat into code -- * "X" will cause X's cleanup function to end up here. */ -+/* -+ * ENGINE_cleanup() is coded such that anything that does work that will need -+ * cleanup can register a "cleanup" callback here. That way we don't get -+ * linker bloat by referring to all *possible* cleanups, but any linker bloat -+ * into code "X" will cause X's cleanup function to end up here. -+ */ - static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL; - static int int_cleanup_check(int create) -- { -- if(cleanup_stack) return 1; -- if(!create) return 0; -- cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null(); -- return (cleanup_stack ? 1 : 0); -- } -+{ -+ if (cleanup_stack) -+ return 1; -+ if (!create) -+ return 0; -+ cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null(); -+ return (cleanup_stack ? 1 : 0); -+} -+ - static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) -- { -- ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof( -- ENGINE_CLEANUP_ITEM)); -- if(!item) return NULL; -- item->cb = cb; -- return item; -- } -+{ -+ ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(ENGINE_CLEANUP_ITEM)); -+ if (!item) -+ return NULL; -+ item->cb = cb; -+ return item; -+} -+ - void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) -- { -- ENGINE_CLEANUP_ITEM *item; -- if(!int_cleanup_check(1)) return; -- item = int_cleanup_item(cb); -- if(item) -- sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0); -- } -+{ -+ ENGINE_CLEANUP_ITEM *item; -+ if (!int_cleanup_check(1)) -+ return; -+ item = int_cleanup_item(cb); -+ if (item) -+ sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0); -+} -+ - void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) -- { -- ENGINE_CLEANUP_ITEM *item; -- if(!int_cleanup_check(1)) return; -- item = int_cleanup_item(cb); -- if(item) -- sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); -- } -+{ -+ ENGINE_CLEANUP_ITEM *item; -+ if (!int_cleanup_check(1)) -+ return; -+ item = int_cleanup_item(cb); -+ if (item) -+ sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); -+} -+ - /* The API function that performs all cleanup */ - static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item) -- { -- (*(item->cb))(); -- OPENSSL_free(item); -- } -+{ -+ (*(item->cb)) (); -+ OPENSSL_free(item); -+} -+ - void ENGINE_cleanup(void) -- { -- if(int_cleanup_check(0)) -- { -- sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, -- engine_cleanup_cb_free); -- cleanup_stack = NULL; -- } -- /* FIXME: This should be handled (somehow) through RAND, eg. by it -- * registering a cleanup callback. */ -- RAND_set_rand_method(NULL); -- } -+{ -+ if (int_cleanup_check(0)) { -+ sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, -+ engine_cleanup_cb_free); -+ cleanup_stack = NULL; -+ } -+ /* -+ * FIXME: This should be handled (somehow) through RAND, eg. by it -+ * registering a cleanup callback. -+ */ -+ RAND_set_rand_method(NULL); -+} - - /* Now the "ex_data" support */ - - int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, -- new_func, dup_func, free_func); -- } -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, -+ new_func, dup_func, free_func); -+} - - int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) -- { -- return(CRYPTO_set_ex_data(&e->ex_data, idx, arg)); -- } -+{ -+ return (CRYPTO_set_ex_data(&e->ex_data, idx, arg)); -+} - - void *ENGINE_get_ex_data(const ENGINE *e, int idx) -- { -- return(CRYPTO_get_ex_data(&e->ex_data, idx)); -- } -+{ -+ return (CRYPTO_get_ex_data(&e->ex_data, idx)); -+} - --/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the -- * ENGINE structure itself. */ -+/* -+ * Functions to get/set an ENGINE's elements - mainly to avoid exposing the -+ * ENGINE structure itself. -+ */ - - int ENGINE_set_id(ENGINE *e, const char *id) -- { -- if(id == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_SET_ID, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- e->id = id; -- return 1; -- } -+{ -+ if (id == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ e->id = id; -+ return 1; -+} - - int ENGINE_set_name(ENGINE *e, const char *name) -- { -- if(name == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_SET_NAME, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- e->name = name; -- return 1; -- } -+{ -+ if (name == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ e->name = name; -+ return 1; -+} - - int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) -- { -- e->destroy = destroy_f; -- return 1; -- } -+{ -+ e->destroy = destroy_f; -+ return 1; -+} - - int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) -- { -- e->init = init_f; -- return 1; -- } -+{ -+ e->init = init_f; -+ return 1; -+} - - int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) -- { -- e->finish = finish_f; -- return 1; -- } -+{ -+ e->finish = finish_f; -+ return 1; -+} - - int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) -- { -- e->ctrl = ctrl_f; -- return 1; -- } -+{ -+ e->ctrl = ctrl_f; -+ return 1; -+} - - int ENGINE_set_flags(ENGINE *e, int flags) -- { -- e->flags = flags; -- return 1; -- } -+{ -+ e->flags = flags; -+ return 1; -+} - - int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) -- { -- e->cmd_defns = defns; -- return 1; -- } -+{ -+ e->cmd_defns = defns; -+ return 1; -+} - - const char *ENGINE_get_id(const ENGINE *e) -- { -- return e->id; -- } -+{ -+ return e->id; -+} - - const char *ENGINE_get_name(const ENGINE *e) -- { -- return e->name; -- } -+{ -+ return e->name; -+} - - ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) -- { -- return e->destroy; -- } -+{ -+ return e->destroy; -+} - - ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) -- { -- return e->init; -- } -+{ -+ return e->init; -+} - - ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) -- { -- return e->finish; -- } -+{ -+ return e->finish; -+} - - ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) -- { -- return e->ctrl; -- } -+{ -+ return e->ctrl; -+} - - int ENGINE_get_flags(const ENGINE *e) -- { -- return e->flags; -- } -+{ -+ return e->flags; -+} - - const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) -- { -- return e->cmd_defns; -- } -+{ -+ return e->cmd_defns; -+} - --/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so -- * put the "static_state" hack here. */ -+/* -+ * eng_lib.o is pretty much linked into anything that touches ENGINE already, -+ * so put the "static_state" hack here. -+ */ - - static int internal_static_hack = 0; - - void *ENGINE_get_static_state(void) -- { -- return &internal_static_hack; -- } -+{ -+ return &internal_static_hack; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c -index fa2ab97..45029c4 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_list.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_list.c -@@ -1,6 +1,7 @@ - /* crypto/engine/eng_list.c */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,376 +58,345 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECDH support in OpenSSL originally developed by -+ * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - - #include "eng_int.h" - --/* The linked-list of pointers to engine types. engine_list_head -- * incorporates an implicit structural reference but engine_list_tail -- * does not - the latter is a computational niceity and only points -- * to something that is already pointed to by its predecessor in the -- * list (or engine_list_head itself). In the same way, the use of the -- * "prev" pointer in each ENGINE is to save excessive list iteration, -- * it doesn't correspond to an extra structural reference. Hence, -- * engine_list_head, and each non-null "next" pointer account for -- * the list itself assuming exactly 1 structural reference on each -- * list member. */ -+/* -+ * The linked-list of pointers to engine types. engine_list_head incorporates -+ * an implicit structural reference but engine_list_tail does not - the -+ * latter is a computational niceity and only points to something that is -+ * already pointed to by its predecessor in the list (or engine_list_head -+ * itself). In the same way, the use of the "prev" pointer in each ENGINE is -+ * to save excessive list iteration, it doesn't correspond to an extra -+ * structural reference. Hence, engine_list_head, and each non-null "next" -+ * pointer account for the list itself assuming exactly 1 structural -+ * reference on each list member. -+ */ - static ENGINE *engine_list_head = NULL; - static ENGINE *engine_list_tail = NULL; - --/* This cleanup function is only needed internally. If it should be called, we -- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */ -+/* -+ * This cleanup function is only needed internally. If it should be called, -+ * we register it with the "ENGINE_cleanup()" stack to be called during -+ * cleanup. -+ */ - - static void engine_list_cleanup(void) -- { -- ENGINE *iterator = engine_list_head; -+{ -+ ENGINE *iterator = engine_list_head; - -- while(iterator != NULL) -- { -- ENGINE_remove(iterator); -- iterator = engine_list_head; -- } -- return; -- } -+ while (iterator != NULL) { -+ ENGINE_remove(iterator); -+ iterator = engine_list_head; -+ } -+ return; -+} - --/* These static functions starting with a lower case "engine_" always -- * take place when CRYPTO_LOCK_ENGINE has been locked up. */ -+/* -+ * These static functions starting with a lower case "engine_" always take -+ * place when CRYPTO_LOCK_ENGINE has been locked up. -+ */ - static int engine_list_add(ENGINE *e) -- { -- int conflict = 0; -- ENGINE *iterator = NULL; -+{ -+ int conflict = 0; -+ ENGINE *iterator = NULL; - -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- iterator = engine_list_head; -- while(iterator && !conflict) -- { -- conflict = (strcmp(iterator->id, e->id) == 0); -- iterator = iterator->next; -- } -- if(conflict) -- { -- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, -- ENGINE_R_CONFLICTING_ENGINE_ID); -- return 0; -- } -- if(engine_list_head == NULL) -- { -- /* We are adding to an empty list. */ -- if(engine_list_tail) -- { -- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, -- ENGINE_R_INTERNAL_LIST_ERROR); -- return 0; -- } -- engine_list_head = e; -- e->prev = NULL; -- /* The first time the list allocates, we should register the -- * cleanup. */ -- engine_cleanup_add_last(engine_list_cleanup); -- } -- else -- { -- /* We are adding to the tail of an existing list. */ -- if((engine_list_tail == NULL) || -- (engine_list_tail->next != NULL)) -- { -- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, -- ENGINE_R_INTERNAL_LIST_ERROR); -- return 0; -- } -- engine_list_tail->next = e; -- e->prev = engine_list_tail; -- } -- /* Having the engine in the list assumes a structural -- * reference. */ -- e->struct_ref++; -- engine_ref_debug(e, 0, 1) -- /* However it came to be, e is the last item in the list. */ -- engine_list_tail = e; -- e->next = NULL; -- return 1; -- } -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ iterator = engine_list_head; -+ while (iterator && !conflict) { -+ conflict = (strcmp(iterator->id, e->id) == 0); -+ iterator = iterator->next; -+ } -+ if (conflict) { -+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID); -+ return 0; -+ } -+ if (engine_list_head == NULL) { -+ /* We are adding to an empty list. */ -+ if (engine_list_tail) { -+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR); -+ return 0; -+ } -+ engine_list_head = e; -+ e->prev = NULL; -+ /* -+ * The first time the list allocates, we should register the cleanup. -+ */ -+ engine_cleanup_add_last(engine_list_cleanup); -+ } else { -+ /* We are adding to the tail of an existing list. */ -+ if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) { -+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR); -+ return 0; -+ } -+ engine_list_tail->next = e; -+ e->prev = engine_list_tail; -+ } -+ /* -+ * Having the engine in the list assumes a structural reference. -+ */ -+ e->struct_ref++; -+ engine_ref_debug(e, 0, 1) -+ /* However it came to be, e is the last item in the list. */ -+ engine_list_tail = e; -+ e->next = NULL; -+ return 1; -+} - - static int engine_list_remove(ENGINE *e) -- { -- ENGINE *iterator; -+{ -+ ENGINE *iterator; - -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- /* We need to check that e is in our linked list! */ -- iterator = engine_list_head; -- while(iterator && (iterator != e)) -- iterator = iterator->next; -- if(iterator == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, -- ENGINE_R_ENGINE_IS_NOT_IN_LIST); -- return 0; -- } -- /* un-link e from the chain. */ -- if(e->next) -- e->next->prev = e->prev; -- if(e->prev) -- e->prev->next = e->next; -- /* Correct our head/tail if necessary. */ -- if(engine_list_head == e) -- engine_list_head = e->next; -- if(engine_list_tail == e) -- engine_list_tail = e->prev; -- engine_free_util(e, 0); -- return 1; -- } -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ /* We need to check that e is in our linked list! */ -+ iterator = engine_list_head; -+ while (iterator && (iterator != e)) -+ iterator = iterator->next; -+ if (iterator == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, -+ ENGINE_R_ENGINE_IS_NOT_IN_LIST); -+ return 0; -+ } -+ /* un-link e from the chain. */ -+ if (e->next) -+ e->next->prev = e->prev; -+ if (e->prev) -+ e->prev->next = e->next; -+ /* Correct our head/tail if necessary. */ -+ if (engine_list_head == e) -+ engine_list_head = e->next; -+ if (engine_list_tail == e) -+ engine_list_tail = e->prev; -+ engine_free_util(e, 0); -+ return 1; -+} - - /* Get the first/last "ENGINE" type available. */ - ENGINE *ENGINE_get_first(void) -- { -- ENGINE *ret; -+{ -+ ENGINE *ret; - -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- ret = engine_list_head; -- if(ret) -- { -- ret->struct_ref++; -- engine_ref_debug(ret, 0, 1) -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- return ret; -- } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ ret = engine_list_head; -+ if (ret) { -+ ret->struct_ref++; -+ engine_ref_debug(ret, 0, 1) -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ return ret; -+} - - ENGINE *ENGINE_get_last(void) -- { -- ENGINE *ret; -+{ -+ ENGINE *ret; - -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- ret = engine_list_tail; -- if(ret) -- { -- ret->struct_ref++; -- engine_ref_debug(ret, 0, 1) -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- return ret; -- } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ ret = engine_list_tail; -+ if (ret) { -+ ret->struct_ref++; -+ engine_ref_debug(ret, 0, 1) -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ return ret; -+} - - /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ - ENGINE *ENGINE_get_next(ENGINE *e) -- { -- ENGINE *ret = NULL; -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- ret = e->next; -- if(ret) -- { -- /* Return a valid structural refernce to the next ENGINE */ -- ret->struct_ref++; -- engine_ref_debug(ret, 0, 1) -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- /* Release the structural reference to the previous ENGINE */ -- ENGINE_free(e); -- return ret; -- } -+{ -+ ENGINE *ret = NULL; -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ ret = e->next; -+ if (ret) { -+ /* Return a valid structural refernce to the next ENGINE */ -+ ret->struct_ref++; -+ engine_ref_debug(ret, 0, 1) -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ /* Release the structural reference to the previous ENGINE */ -+ ENGINE_free(e); -+ return ret; -+} - - ENGINE *ENGINE_get_prev(ENGINE *e) -- { -- ENGINE *ret = NULL; -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_GET_PREV, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- ret = e->prev; -- if(ret) -- { -- /* Return a valid structural reference to the next ENGINE */ -- ret->struct_ref++; -- engine_ref_debug(ret, 0, 1) -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- /* Release the structural reference to the previous ENGINE */ -- ENGINE_free(e); -- return ret; -- } -+{ -+ ENGINE *ret = NULL; -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ ret = e->prev; -+ if (ret) { -+ /* Return a valid structural reference to the next ENGINE */ -+ ret->struct_ref++; -+ engine_ref_debug(ret, 0, 1) -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ /* Release the structural reference to the previous ENGINE */ -+ ENGINE_free(e); -+ return ret; -+} - - /* Add another "ENGINE" type into the list. */ - int ENGINE_add(ENGINE *e) -- { -- int to_return = 1; -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_ADD, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if((e->id == NULL) || (e->name == NULL)) -- { -- ENGINEerr(ENGINE_F_ENGINE_ADD, -- ENGINE_R_ID_OR_NAME_MISSING); -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(!engine_list_add(e)) -- { -- ENGINEerr(ENGINE_F_ENGINE_ADD, -- ENGINE_R_INTERNAL_LIST_ERROR); -- to_return = 0; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- return to_return; -- } -+{ -+ int to_return = 1; -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if ((e->id == NULL) || (e->name == NULL)) { -+ ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING); -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (!engine_list_add(e)) { -+ ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR); -+ to_return = 0; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ return to_return; -+} - - /* Remove an existing "ENGINE" type from the array. */ - int ENGINE_remove(ENGINE *e) -- { -- int to_return = 1; -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_REMOVE, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(!engine_list_remove(e)) -- { -- ENGINEerr(ENGINE_F_ENGINE_REMOVE, -- ENGINE_R_INTERNAL_LIST_ERROR); -- to_return = 0; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- return to_return; -- } -+{ -+ int to_return = 1; -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (!engine_list_remove(e)) { -+ ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR); -+ to_return = 0; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ return to_return; -+} - - static void engine_cpy(ENGINE *dest, const ENGINE *src) -- { -- dest->id = src->id; -- dest->name = src->name; -+{ -+ dest->id = src->id; -+ dest->name = src->name; - #ifndef OPENSSL_NO_RSA -- dest->rsa_meth = src->rsa_meth; -+ dest->rsa_meth = src->rsa_meth; - #endif - #ifndef OPENSSL_NO_DSA -- dest->dsa_meth = src->dsa_meth; -+ dest->dsa_meth = src->dsa_meth; - #endif - #ifndef OPENSSL_NO_DH -- dest->dh_meth = src->dh_meth; -+ dest->dh_meth = src->dh_meth; - #endif - #ifndef OPENSSL_NO_ECDH -- dest->ecdh_meth = src->ecdh_meth; -+ dest->ecdh_meth = src->ecdh_meth; - #endif - #ifndef OPENSSL_NO_ECDSA -- dest->ecdsa_meth = src->ecdsa_meth; -+ dest->ecdsa_meth = src->ecdsa_meth; - #endif -- dest->rand_meth = src->rand_meth; -- dest->store_meth = src->store_meth; -- dest->ciphers = src->ciphers; -- dest->digests = src->digests; -- dest->destroy = src->destroy; -- dest->init = src->init; -- dest->finish = src->finish; -- dest->ctrl = src->ctrl; -- dest->load_privkey = src->load_privkey; -- dest->load_pubkey = src->load_pubkey; -- dest->cmd_defns = src->cmd_defns; -- dest->flags = src->flags; -- } -+ dest->rand_meth = src->rand_meth; -+ dest->store_meth = src->store_meth; -+ dest->ciphers = src->ciphers; -+ dest->digests = src->digests; -+ dest->destroy = src->destroy; -+ dest->init = src->init; -+ dest->finish = src->finish; -+ dest->ctrl = src->ctrl; -+ dest->load_privkey = src->load_privkey; -+ dest->load_pubkey = src->load_pubkey; -+ dest->cmd_defns = src->cmd_defns; -+ dest->flags = src->flags; -+} - - ENGINE *ENGINE_by_id(const char *id) -- { -- ENGINE *iterator; -- char *load_dir = NULL; -- if(id == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_BY_ID, -- ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- iterator = engine_list_head; -- while(iterator && (strcmp(id, iterator->id) != 0)) -- iterator = iterator->next; -- if(iterator) -- { -- /* We need to return a structural reference. If this is an -- * ENGINE type that returns copies, make a duplicate - otherwise -- * increment the existing ENGINE's reference count. */ -- if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY) -- { -- ENGINE *cp = ENGINE_new(); -- if(!cp) -- iterator = NULL; -- else -- { -- engine_cpy(cp, iterator); -- iterator = cp; -- } -- } -- else -- { -- iterator->struct_ref++; -- engine_ref_debug(iterator, 0, 1) -- } -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+{ -+ ENGINE *iterator; -+ char *load_dir = NULL; -+ if (id == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ iterator = engine_list_head; -+ while (iterator && (strcmp(id, iterator->id) != 0)) -+ iterator = iterator->next; -+ if (iterator) { -+ /* -+ * We need to return a structural reference. If this is an ENGINE -+ * type that returns copies, make a duplicate - otherwise increment -+ * the existing ENGINE's reference count. -+ */ -+ if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { -+ ENGINE *cp = ENGINE_new(); -+ if (!cp) -+ iterator = NULL; -+ else { -+ engine_cpy(cp, iterator); -+ iterator = cp; -+ } -+ } else { -+ iterator->struct_ref++; -+ engine_ref_debug(iterator, 0, 1) -+ } -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - #if 0 -- if(iterator == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_BY_ID, -- ENGINE_R_NO_SUCH_ENGINE); -- ERR_add_error_data(2, "id=", id); -- } -- return iterator; -+ if (iterator == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); -+ ERR_add_error_data(2, "id=", id); -+ } -+ return iterator; - #else -- /* EEK! Experimental code starts */ -- if(iterator) return iterator; -- /* Prevent infinite recusrion if we're looking for the dynamic engine. */ -- if (strcmp(id, "dynamic")) -- { --#ifdef OPENSSL_SYS_VMS -- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; --#else -- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; --#endif -- iterator = ENGINE_by_id("dynamic"); -- if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || -- !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || -- !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", -- load_dir, 0) || -- !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) -- goto notfound; -- return iterator; -- } --notfound: -- ENGINE_free(iterator); -- ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE); -- ERR_add_error_data(2, "id=", id); -- return NULL; -- /* EEK! Experimental code ends */ -+ /* EEK! Experimental code starts */ -+ if (iterator) -+ return iterator; -+ /* -+ * Prevent infinite recusrion if we're looking for the dynamic engine. -+ */ -+ if (strcmp(id, "dynamic")) { -+# ifdef OPENSSL_SYS_VMS -+ if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) -+ load_dir = "SSLROOT:[ENGINES]"; -+# else -+ if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) -+ load_dir = ENGINESDIR; -+# endif -+ iterator = ENGINE_by_id("dynamic"); -+ if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || -+ !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || -+ !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", -+ load_dir, 0) || -+ !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) -+ goto notfound; -+ return iterator; -+ } -+ notfound: -+ ENGINE_free(iterator); -+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); -+ ERR_add_error_data(2, "id=", id); -+ return NULL; -+ /* EEK! Experimental code ends */ - #endif -- } -+} - - int ENGINE_up_ref(ENGINE *e) -- { -- if (e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE); -- return 1; -- } -+{ -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE); -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c -index 7c139ae..c3aca14 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c -@@ -1,6 +1,7 @@ - /* crypto/engine/eng_openssl.c */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2000. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,11 +58,10 @@ - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -- * ECDH support in OpenSSL originally developed by -+ * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -- - #include - #include - #include "cryptlib.h" -@@ -71,18 +71,20 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DH --#include -+# include - #endif - --/* This testing gunk is implemented (and explained) lower down. It also assumes -- * the application explicitly calls "ENGINE_load_openssl()" because this is no -- * longer automatic in ENGINE_load_builtin_engines(). */ -+/* -+ * This testing gunk is implemented (and explained) lower down. It also -+ * assumes the application explicitly calls "ENGINE_load_openssl()" because -+ * this is no longer automatic in ENGINE_load_builtin_engines(). -+ */ - #define TEST_ENG_OPENSSL_RC4 - #define TEST_ENG_OPENSSL_PKEY - /* #define TEST_ENG_OPENSSL_RC4_OTHERS */ -@@ -96,118 +98,129 @@ - - /* Now check what of those algorithms are actually enabled */ - #ifdef OPENSSL_NO_RC4 --#undef TEST_ENG_OPENSSL_RC4 --#undef TEST_ENG_OPENSSL_RC4_OTHERS --#undef TEST_ENG_OPENSSL_RC4_P_INIT --#undef TEST_ENG_OPENSSL_RC4_P_CIPHER -+# undef TEST_ENG_OPENSSL_RC4 -+# undef TEST_ENG_OPENSSL_RC4_OTHERS -+# undef TEST_ENG_OPENSSL_RC4_P_INIT -+# undef TEST_ENG_OPENSSL_RC4_P_CIPHER - #endif - #if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) --#undef TEST_ENG_OPENSSL_SHA --#undef TEST_ENG_OPENSSL_SHA_OTHERS --#undef TEST_ENG_OPENSSL_SHA_P_INIT --#undef TEST_ENG_OPENSSL_SHA_P_UPDATE --#undef TEST_ENG_OPENSSL_SHA_P_FINAL -+# undef TEST_ENG_OPENSSL_SHA -+# undef TEST_ENG_OPENSSL_SHA_OTHERS -+# undef TEST_ENG_OPENSSL_SHA_P_INIT -+# undef TEST_ENG_OPENSSL_SHA_P_UPDATE -+# undef TEST_ENG_OPENSSL_SHA_P_FINAL - #endif - - #ifdef TEST_ENG_OPENSSL_RC4 - static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -- const int **nids, int nid); -+ const int **nids, int nid); - #endif - #ifdef TEST_ENG_OPENSSL_SHA - static int openssl_digests(ENGINE *e, const EVP_MD **digest, -- const int **nids, int nid); -+ const int **nids, int nid); - #endif - - #ifdef TEST_ENG_OPENSSL_PKEY - static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, -- UI_METHOD *ui_method, void *callback_data); -+ UI_METHOD *ui_method, -+ void *callback_data); - #endif - - /* The constants used when creating the ENGINE */ - static const char *engine_openssl_id = "openssl"; - static const char *engine_openssl_name = "Software engine support"; - --/* This internal function is used by ENGINE_openssl() and possibly by the -- * "dynamic" ENGINE support too */ -+/* -+ * This internal function is used by ENGINE_openssl() and possibly by the -+ * "dynamic" ENGINE support too -+ */ - static int bind_helper(ENGINE *e) -- { -- if(!ENGINE_set_id(e, engine_openssl_id) -- || !ENGINE_set_name(e, engine_openssl_name) -+{ -+ if (!ENGINE_set_id(e, engine_openssl_id) -+ || !ENGINE_set_name(e, engine_openssl_name) - #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS --#ifndef OPENSSL_NO_RSA -- || !ENGINE_set_RSA(e, RSA_get_default_method()) --#endif --#ifndef OPENSSL_NO_DSA -- || !ENGINE_set_DSA(e, DSA_get_default_method()) --#endif --#ifndef OPENSSL_NO_ECDH -- || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) --#endif --#ifndef OPENSSL_NO_ECDSA -- || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) --#endif --#ifndef OPENSSL_NO_DH -- || !ENGINE_set_DH(e, DH_get_default_method()) --#endif -- || !ENGINE_set_RAND(e, RAND_SSLeay()) --#ifdef TEST_ENG_OPENSSL_RC4 -- || !ENGINE_set_ciphers(e, openssl_ciphers) --#endif --#ifdef TEST_ENG_OPENSSL_SHA -- || !ENGINE_set_digests(e, openssl_digests) --#endif -+# ifndef OPENSSL_NO_RSA -+ || !ENGINE_set_RSA(e, RSA_get_default_method()) -+# endif -+# ifndef OPENSSL_NO_DSA -+ || !ENGINE_set_DSA(e, DSA_get_default_method()) -+# endif -+# ifndef OPENSSL_NO_ECDH -+ || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) -+# endif -+# ifndef OPENSSL_NO_ECDSA -+ || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) -+# endif -+# ifndef OPENSSL_NO_DH -+ || !ENGINE_set_DH(e, DH_get_default_method()) -+# endif -+ || !ENGINE_set_RAND(e, RAND_SSLeay()) -+# ifdef TEST_ENG_OPENSSL_RC4 -+ || !ENGINE_set_ciphers(e, openssl_ciphers) -+# endif -+# ifdef TEST_ENG_OPENSSL_SHA -+ || !ENGINE_set_digests(e, openssl_digests) -+# endif - #endif - #ifdef TEST_ENG_OPENSSL_PKEY -- || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) -+ || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) - #endif -- ) -- return 0; -- /* If we add errors to this ENGINE, ensure the error handling is setup here */ -- /* openssl_load_error_strings(); */ -- return 1; -- } -+ ) -+ return 0; -+ /* -+ * If we add errors to this ENGINE, ensure the error handling is setup -+ * here -+ */ -+ /* openssl_load_error_strings(); */ -+ return 1; -+} - - static ENGINE *engine_openssl(void) -- { -- ENGINE *ret = ENGINE_new(); -- if(!ret) -- return NULL; -- if(!bind_helper(ret)) -- { -- ENGINE_free(ret); -- return NULL; -- } -- return ret; -- } -+{ -+ ENGINE *ret = ENGINE_new(); -+ if (!ret) -+ return NULL; -+ if (!bind_helper(ret)) { -+ ENGINE_free(ret); -+ return NULL; -+ } -+ return ret; -+} - - void ENGINE_load_openssl(void) -- { -- ENGINE *toadd = engine_openssl(); -- if(!toadd) return; -- ENGINE_add(toadd); -- /* If the "add" worked, it gets a structural reference. So either way, -- * we release our just-created reference. */ -- ENGINE_free(toadd); -- ERR_clear_error(); -- } -+{ -+ ENGINE *toadd = engine_openssl(); -+ if (!toadd) -+ return; -+ ENGINE_add(toadd); -+ /* -+ * If the "add" worked, it gets a structural reference. So either way, we -+ * release our just-created reference. -+ */ -+ ENGINE_free(toadd); -+ ERR_clear_error(); -+} - --/* This stuff is needed if this ENGINE is being compiled into a self-contained -- * shared-library. */ -+/* -+ * This stuff is needed if this ENGINE is being compiled into a -+ * self-contained shared-library. -+ */ - #ifdef ENGINE_DYNAMIC_SUPPORT - static int bind_fn(ENGINE *e, const char *id) -- { -- if(id && (strcmp(id, engine_openssl_id) != 0)) -- return 0; -- if(!bind_helper(e)) -- return 0; -- return 1; -- } --IMPLEMENT_DYNAMIC_CHECK_FN() --IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) --#endif /* ENGINE_DYNAMIC_SUPPORT */ -+{ -+ if (id && (strcmp(id, engine_openssl_id) != 0)) -+ return 0; -+ if (!bind_helper(e)) -+ return 0; -+ return 1; -+} - -+IMPLEMENT_DYNAMIC_CHECK_FN() -+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -+#endif /* ENGINE_DYNAMIC_SUPPORT */ - #ifdef TEST_ENG_OPENSSL_RC4 --/* This section of code compiles an "alternative implementation" of two modes of -+/*- -+ * This section of code compiles an "alternative implementation" of two modes of - * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4" - * should under normal circumstances go via this support rather than the default - * EVP support. There are other symbols to tweak the testing; -@@ -217,168 +230,173 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) - * the "init_key" handler is called. - * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. - */ --#include --#define TEST_RC4_KEY_SIZE 16 --static int test_cipher_nids[] = {NID_rc4,NID_rc4_40}; -+# include -+# define TEST_RC4_KEY_SIZE 16 -+static int test_cipher_nids[] = { NID_rc4, NID_rc4_40 }; -+ - static int test_cipher_nids_number = 2; - typedef struct { -- unsigned char key[TEST_RC4_KEY_SIZE]; -- RC4_KEY ks; -- } TEST_RC4_KEY; --#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) -+ unsigned char key[TEST_RC4_KEY_SIZE]; -+ RC4_KEY ks; -+} TEST_RC4_KEY; -+# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) - static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { --#ifdef TEST_ENG_OPENSSL_RC4_P_INIT -- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); --#endif -- memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); -- RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), -- test(ctx)->key); -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+# ifdef TEST_ENG_OPENSSL_RC4_P_INIT -+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); -+# endif -+ memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx)); -+ RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), -+ test(ctx)->key); -+ return 1; -+} -+ - static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { --#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER -- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); --#endif -- RC4(&test(ctx)->ks,inl,in,out); -- return 1; -- } --static const EVP_CIPHER test_r4_cipher= -- { -- NID_rc4, -- 1,TEST_RC4_KEY_SIZE,0, -- EVP_CIPH_VARIABLE_LENGTH, -- test_rc4_init_key, -- test_rc4_cipher, -- NULL, -- sizeof(TEST_RC4_KEY), -- NULL, -- NULL, -- NULL, -- NULL -- }; --static const EVP_CIPHER test_r4_40_cipher= -- { -- NID_rc4_40, -- 1,5 /* 40 bit */,0, -- EVP_CIPH_VARIABLE_LENGTH, -- test_rc4_init_key, -- test_rc4_cipher, -- NULL, -- sizeof(TEST_RC4_KEY), -- NULL, -- NULL, -- NULL, -- NULL -- }; -+ const unsigned char *in, unsigned int inl) -+{ -+# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER -+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); -+# endif -+ RC4(&test(ctx)->ks, inl, in, out); -+ return 1; -+} -+ -+static const EVP_CIPHER test_r4_cipher = { -+ NID_rc4, -+ 1, TEST_RC4_KEY_SIZE, 0, -+ EVP_CIPH_VARIABLE_LENGTH, -+ test_rc4_init_key, -+ test_rc4_cipher, -+ NULL, -+ sizeof(TEST_RC4_KEY), -+ NULL, -+ NULL, -+ NULL, -+ NULL -+}; -+ -+static const EVP_CIPHER test_r4_40_cipher = { -+ NID_rc4_40, -+ 1, 5 /* 40 bit */ , 0, -+ EVP_CIPH_VARIABLE_LENGTH, -+ test_rc4_init_key, -+ test_rc4_cipher, -+ NULL, -+ sizeof(TEST_RC4_KEY), -+ NULL, -+ NULL, -+ NULL, -+ NULL -+}; -+ - static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -- const int **nids, int nid) -- { -- if(!cipher) -- { -- /* We are returning a list of supported nids */ -- *nids = test_cipher_nids; -- return test_cipher_nids_number; -- } -- /* We are being asked for a specific cipher */ -- if(nid == NID_rc4) -- *cipher = &test_r4_cipher; -- else if(nid == NID_rc4_40) -- *cipher = &test_r4_40_cipher; -- else -- { --#ifdef TEST_ENG_OPENSSL_RC4_OTHERS -- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " -- "nid %d\n", nid); --#endif -- *cipher = NULL; -- return 0; -- } -- return 1; -- } -+ const int **nids, int nid) -+{ -+ if (!cipher) { -+ /* We are returning a list of supported nids */ -+ *nids = test_cipher_nids; -+ return test_cipher_nids_number; -+ } -+ /* We are being asked for a specific cipher */ -+ if (nid == NID_rc4) -+ *cipher = &test_r4_cipher; -+ else if (nid == NID_rc4_40) -+ *cipher = &test_r4_40_cipher; -+ else { -+# ifdef TEST_ENG_OPENSSL_RC4_OTHERS -+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " -+ "nid %d\n", nid); -+# endif -+ *cipher = NULL; -+ return 0; -+ } -+ return 1; -+} - #endif - - #ifdef TEST_ENG_OPENSSL_SHA - /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ --#include --static int test_digest_nids[] = {NID_sha1}; -+# include -+static int test_digest_nids[] = { NID_sha1 }; -+ - static int test_digest_nids_number = 1; - static int test_sha1_init(EVP_MD_CTX *ctx) -- { --#ifdef TEST_ENG_OPENSSL_SHA_P_INIT -- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); --#endif -- return SHA1_Init(ctx->md_data); -- } --static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { --#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE -- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); --#endif -- return SHA1_Update(ctx->md_data,data,count); -- } --static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md) -- { --#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL -- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); --#endif -- return SHA1_Final(md,ctx->md_data); -- } --static const EVP_MD test_sha_md= -- { -- NID_sha1, -- NID_sha1WithRSAEncryption, -- SHA_DIGEST_LENGTH, -- 0, -- test_sha1_init, -- test_sha1_update, -- test_sha1_final, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- SHA_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA_CTX), -- }; -+{ -+# ifdef TEST_ENG_OPENSSL_SHA_P_INIT -+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); -+# endif -+ return SHA1_Init(ctx->md_data); -+} -+ -+static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE -+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); -+# endif -+ return SHA1_Update(ctx->md_data, data, count); -+} -+ -+static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL -+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); -+# endif -+ return SHA1_Final(md, ctx->md_data); -+} -+ -+static const EVP_MD test_sha_md = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ 0, -+ test_sha1_init, -+ test_sha1_update, -+ test_sha1_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; -+ - static int openssl_digests(ENGINE *e, const EVP_MD **digest, -- const int **nids, int nid) -- { -- if(!digest) -- { -- /* We are returning a list of supported nids */ -- *nids = test_digest_nids; -- return test_digest_nids_number; -- } -- /* We are being asked for a specific digest */ -- if(nid == NID_sha1) -- *digest = &test_sha_md; -- else -- { --#ifdef TEST_ENG_OPENSSL_SHA_OTHERS -- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " -- "nid %d\n", nid); --#endif -- *digest = NULL; -- return 0; -- } -- return 1; -- } -+ const int **nids, int nid) -+{ -+ if (!digest) { -+ /* We are returning a list of supported nids */ -+ *nids = test_digest_nids; -+ return test_digest_nids_number; -+ } -+ /* We are being asked for a specific digest */ -+ if (nid == NID_sha1) -+ *digest = &test_sha_md; -+ else { -+# ifdef TEST_ENG_OPENSSL_SHA_OTHERS -+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " -+ "nid %d\n", nid); -+# endif -+ *digest = NULL; -+ return 0; -+ } -+ return 1; -+} - #endif - - #ifdef TEST_ENG_OPENSSL_PKEY - static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, -- UI_METHOD *ui_method, void *callback_data) -- { -- BIO *in; -- EVP_PKEY *key; -- fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id); -- in = BIO_new_file(key_id, "r"); -- if (!in) -- return NULL; -- key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); -- BIO_free(in); -- return key; -- } -+ UI_METHOD *ui_method, -+ void *callback_data) -+{ -+ BIO *in; -+ EVP_PKEY *key; -+ fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", -+ key_id); -+ in = BIO_new_file(key_id, "r"); -+ if (!in) -+ return NULL; -+ key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); -+ BIO_free(in); -+ return key; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c -index 743558a..f233b16 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c -@@ -1,10 +1,10 @@ --/* -+/*- - * Support for VIA PadLock Advanced Cryptography Engine (ACE) - * Written by Michal Ludvig - * http://www.logix.cz/michal - * -- * Big thanks to Andy Polyakov for a help with optimization, -- * assembler fixes, port to MS Windows and a lot of other -+ * Big thanks to Andy Polyakov for a help with optimization, -+ * assembler fixes, port to MS Windows and a lot of other - * valuable work on this engine! - */ - -@@ -62,7 +62,6 @@ - * - */ - -- - #include - #include - -@@ -72,66 +71,70 @@ - #include - #include - #ifndef OPENSSL_NO_AES --#include -+# include - #endif - #include - #include - - #ifndef OPENSSL_NO_HW --#ifndef OPENSSL_NO_HW_PADLOCK -+# ifndef OPENSSL_NO_HW_PADLOCK - - /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ --#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) --# ifndef OPENSSL_NO_DYNAMIC_ENGINE -+# if (OPENSSL_VERSION_NUMBER >= 0x00908000L) -+# ifndef OPENSSL_NO_DYNAMIC_ENGINE - # define DYNAMIC_ENGINE --# endif --#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L) --# ifdef ENGINE_DYNAMIC_SUPPORT -+# endif -+# elif (OPENSSL_VERSION_NUMBER >= 0x00907000L) -+# ifdef ENGINE_DYNAMIC_SUPPORT - # define DYNAMIC_ENGINE -+# endif -+# else -+# error "Only OpenSSL >= 0.9.7 is supported" - # endif --#else --# error "Only OpenSSL >= 0.9.7 is supported" --#endif - --/* VIA PadLock AES is available *ONLY* on some x86 CPUs. -- Not only that it doesn't exist elsewhere, but it -- even can't be compiled on other platforms! -- -- In addition, because of the heavy use of inline assembler, -- compiler choice is limited to GCC and Microsoft C. */ --#undef COMPILE_HW_PADLOCK --#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) --# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ -+/* -+ * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it -+ * doesn't exist elsewhere, but it even can't be compiled on other platforms! -+ * -+ * In addition, because of the heavy use of inline assembler, compiler choice -+ * is limited to GCC and Microsoft C. -+ */ -+# undef COMPILE_HW_PADLOCK -+# if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) -+# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ - (defined(_MSC_VER) && defined(_M_IX86)) --# define COMPILE_HW_PADLOCK --static ENGINE *ENGINE_padlock (void); --# endif --#endif -+# define COMPILE_HW_PADLOCK -+static ENGINE *ENGINE_padlock(void); -+# endif -+# endif - --void ENGINE_load_padlock (void) -+void ENGINE_load_padlock(void) - { - /* On non-x86 CPUs it just returns. */ --#ifdef COMPILE_HW_PADLOCK -- ENGINE *toadd = ENGINE_padlock (); -- if (!toadd) return; -- ENGINE_add (toadd); -- ENGINE_free (toadd); -- ERR_clear_error (); --#endif -+# ifdef COMPILE_HW_PADLOCK -+ ENGINE *toadd = ENGINE_padlock(); -+ if (!toadd) -+ return; -+ ENGINE_add(toadd); -+ ENGINE_free(toadd); -+ ERR_clear_error(); -+# endif - } - --#ifdef COMPILE_HW_PADLOCK --/* We do these includes here to avoid header problems on platforms that -- do not have the VIA padlock anyway... */ --#ifdef _MSC_VER --# include --# define alloca _alloca --#elif defined(NETWARE_CLIB) && defined(__GNUC__) -- void *alloca(size_t); --# define alloca(s) __builtin_alloca(s) --#else --# include --#endif -+# ifdef COMPILE_HW_PADLOCK -+/* -+ * We do these includes here to avoid header problems on platforms that do -+ * not have the VIA padlock anyway... -+ */ -+# ifdef _MSC_VER -+# include -+# define alloca _alloca -+# elif defined(NETWARE_CLIB) && defined(__GNUC__) -+void *alloca(size_t); -+# define alloca(s) __builtin_alloca(s) -+# else -+# include -+# endif - - /* Function for ENGINE detection and control */ - static int padlock_available(void); -@@ -141,135 +144,131 @@ static int padlock_init(ENGINE *e); - static RAND_METHOD padlock_rand; - - /* Cipher Stuff */ --#ifndef OPENSSL_NO_AES --static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); --#endif -+# ifndef OPENSSL_NO_AES -+static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -+ const int **nids, int nid); -+# endif - - /* Engine names */ - static const char *padlock_id = "padlock"; - static char padlock_name[100]; - - /* Available features */ --static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ --static int padlock_use_rng = 0; /* Random Number Generator */ --#ifndef OPENSSL_NO_AES -+static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ -+static int padlock_use_rng = 0; /* Random Number Generator */ -+# ifndef OPENSSL_NO_AES - static int padlock_aes_align_required = 1; --#endif -+# endif - - /* ===== Engine "management" functions ===== */ - - /* Prepare the ENGINE structure for registration */ --static int --padlock_bind_helper(ENGINE *e) -+static int padlock_bind_helper(ENGINE *e) - { -- /* Check available features */ -- padlock_available(); -- --#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ -- padlock_use_rng=0; --#endif -- -- /* Generate a nice engine name with available features */ -- BIO_snprintf(padlock_name, sizeof(padlock_name), -- "VIA PadLock (%s, %s)", -- padlock_use_rng ? "RNG" : "no-RNG", -- padlock_use_ace ? "ACE" : "no-ACE"); -- -- /* Register everything or return with an error */ -- if (!ENGINE_set_id(e, padlock_id) || -- !ENGINE_set_name(e, padlock_name) || -- -- !ENGINE_set_init_function(e, padlock_init) || --#ifndef OPENSSL_NO_AES -- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || --#endif -- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { -- return 0; -- } -- -- /* Everything looks good */ -- return 1; -+ /* Check available features */ -+ padlock_available(); -+ -+# if 1 /* disable RNG for now, see commentary in -+ * vicinity of RNG code */ -+ padlock_use_rng = 0; -+# endif -+ -+ /* Generate a nice engine name with available features */ -+ BIO_snprintf(padlock_name, sizeof(padlock_name), -+ "VIA PadLock (%s, %s)", -+ padlock_use_rng ? "RNG" : "no-RNG", -+ padlock_use_ace ? "ACE" : "no-ACE"); -+ -+ /* Register everything or return with an error */ -+ if (!ENGINE_set_id(e, padlock_id) || -+ !ENGINE_set_name(e, padlock_name) || -+ !ENGINE_set_init_function(e, padlock_init) || -+# ifndef OPENSSL_NO_AES -+ (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || -+# endif -+ (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { -+ return 0; -+ } -+ -+ /* Everything looks good */ -+ return 1; - } - - /* Constructor */ --static ENGINE * --ENGINE_padlock(void) -+static ENGINE *ENGINE_padlock(void) - { -- ENGINE *eng = ENGINE_new(); -+ ENGINE *eng = ENGINE_new(); - -- if (!eng) { -- return NULL; -- } -+ if (!eng) { -+ return NULL; -+ } - -- if (!padlock_bind_helper(eng)) { -- ENGINE_free(eng); -- return NULL; -- } -+ if (!padlock_bind_helper(eng)) { -+ ENGINE_free(eng); -+ return NULL; -+ } - -- return eng; -+ return eng; - } - - /* Check availability of the engine */ --static int --padlock_init(ENGINE *e) -+static int padlock_init(ENGINE *e) - { -- return (padlock_use_rng || padlock_use_ace); -+ return (padlock_use_rng || padlock_use_ace); - } - --/* This stuff is needed if this ENGINE is being compiled into a self-contained -- * shared-library. -+/* -+ * This stuff is needed if this ENGINE is being compiled into a -+ * self-contained shared-library. - */ --#ifdef DYNAMIC_ENGINE --static int --padlock_bind_fn(ENGINE *e, const char *id) -+# ifdef DYNAMIC_ENGINE -+static int padlock_bind_fn(ENGINE *e, const char *id) - { -- if (id && (strcmp(id, padlock_id) != 0)) { -- return 0; -- } -+ if (id && (strcmp(id, padlock_id) != 0)) { -+ return 0; -+ } - -- if (!padlock_bind_helper(e)) { -- return 0; -- } -+ if (!padlock_bind_helper(e)) { -+ return 0; -+ } - -- return 1; -+ return 1; - } - --IMPLEMENT_DYNAMIC_CHECK_FN () --IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn) --#endif /* DYNAMIC_ENGINE */ -- -+IMPLEMENT_DYNAMIC_CHECK_FN() -+ IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn) -+# endif /* DYNAMIC_ENGINE */ - /* ===== Here comes the "real" engine ===== */ -- --#ifndef OPENSSL_NO_AES -+# ifndef OPENSSL_NO_AES - /* Some AES-related constants */ --#define AES_BLOCK_SIZE 16 --#define AES_KEY_SIZE_128 16 --#define AES_KEY_SIZE_192 24 --#define AES_KEY_SIZE_256 32 -- --/* Here we store the status information relevant to the -- current context. */ --/* BIG FAT WARNING: -- * Inline assembler in PADLOCK_XCRYPT_ASM() -- * depends on the order of items in this structure. -- * Don't blindly modify, reorder, etc! -- */ --struct padlock_cipher_data --{ -- unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */ -- union { unsigned int pad[4]; -- struct { -- int rounds:4; -- int dgst:1; /* n/a in C3 */ -- int align:1; /* n/a in C3 */ -- int ciphr:1; /* n/a in C3 */ -- unsigned int keygen:1; -- int interm:1; -- unsigned int encdec:1; -- int ksize:2; -- } b; -- } cword; /* Control word */ -- AES_KEY ks; /* Encryption key */ -+# define AES_BLOCK_SIZE 16 -+# define AES_KEY_SIZE_128 16 -+# define AES_KEY_SIZE_192 24 -+# define AES_KEY_SIZE_256 32 -+ /* -+ * Here we store the status information relevant to the current context. -+ */ -+ /* -+ * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on -+ * the order of items in this structure. Don't blindly modify, reorder, -+ * etc! -+ */ -+struct padlock_cipher_data { -+ unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */ -+ union { -+ unsigned int pad[4]; -+ struct { -+ int rounds:4; -+ int dgst:1; /* n/a in C3 */ -+ int align:1; /* n/a in C3 */ -+ int ciphr:1; /* n/a in C3 */ -+ unsigned int keygen:1; -+ int interm:1; -+ unsigned int encdec:1; -+ int ksize:2; -+ } b; -+ } cword; /* Control word */ -+ AES_KEY ks; /* Encryption key */ - }; - - /* -@@ -279,9 +278,9 @@ struct padlock_cipher_data - * so we accept the penatly... - */ - static volatile struct padlock_cipher_data *padlock_saved_context; --#endif -+# endif - --/* -+/*- - * ======================================================= - * Inline assembler section(s). - * ======================================================= -@@ -291,7 +290,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context; - * argument is passed in %ecx and second - in %edx. - * ======================================================= - */ --#if defined(__GNUC__) && __GNUC__>=2 -+# if defined(__GNUC__) && __GNUC__>=2 - /* - * As for excessive "push %ebx"/"pop %ebx" found all over. - * When generating position-independent code GCC won't let -@@ -299,103 +298,99 @@ static volatile struct padlock_cipher_data *padlock_saved_context; - * in "clobber description." Therefore the trouble... - */ - --/* Helper function - check if a CPUID instruction -- is available on this CPU */ --static int --padlock_insn_cpuid_available(void) -+/* -+ * Helper function - check if a CPUID instruction is available on this CPU -+ */ -+static int padlock_insn_cpuid_available(void) - { -- int result = -1; -- -- /* We're checking if the bit #21 of EFLAGS -- can be toggled. If yes = CPUID is available. */ -- asm volatile ( -- "pushf\n" -- "popl %%eax\n" -- "xorl $0x200000, %%eax\n" -- "movl %%eax, %%ecx\n" -- "andl $0x200000, %%ecx\n" -- "pushl %%eax\n" -- "popf\n" -- "pushf\n" -- "popl %%eax\n" -- "andl $0x200000, %%eax\n" -- "xorl %%eax, %%ecx\n" -- "movl %%ecx, %0\n" -- : "=r" (result) : : "eax", "ecx"); -- -- return (result == 0); -+ int result = -1; -+ -+ /* -+ * We're checking if the bit #21 of EFLAGS can be toggled. If yes = -+ * CPUID is available. -+ */ -+ asm volatile ("pushf\n" -+ "popl %%eax\n" -+ "xorl $0x200000, %%eax\n" -+ "movl %%eax, %%ecx\n" -+ "andl $0x200000, %%ecx\n" -+ "pushl %%eax\n" -+ "popf\n" -+ "pushf\n" -+ "popl %%eax\n" -+ "andl $0x200000, %%eax\n" -+ "xorl %%eax, %%ecx\n" -+ "movl %%ecx, %0\n":"=r" (result)::"eax", "ecx"); -+ -+ return (result == 0); - } - --/* Load supported features of the CPU to see if -- the PadLock is available. */ --static int --padlock_available(void) -+/* -+ * Load supported features of the CPU to see if the PadLock is available. -+ */ -+static int padlock_available(void) - { -- char vendor_string[16]; -- unsigned int eax, edx; -- -- /* First check if the CPUID instruction is available at all... */ -- if (! padlock_insn_cpuid_available()) -- return 0; -- -- /* Are we running on the Centaur (VIA) CPU? */ -- eax = 0x00000000; -- vendor_string[12] = 0; -- asm volatile ( -- "pushl %%ebx\n" -- "cpuid\n" -- "movl %%ebx,(%%edi)\n" -- "movl %%edx,4(%%edi)\n" -- "movl %%ecx,8(%%edi)\n" -- "popl %%ebx" -- : "+a"(eax) : "D"(vendor_string) : "ecx", "edx"); -- if (strcmp(vendor_string, "CentaurHauls") != 0) -- return 0; -- -- /* Check for Centaur Extended Feature Flags presence */ -- eax = 0xC0000000; -- asm volatile ("pushl %%ebx; cpuid; popl %%ebx" -- : "+a"(eax) : : "ecx", "edx"); -- if (eax < 0xC0000001) -- return 0; -- -- /* Read the Centaur Extended Feature Flags */ -- eax = 0xC0000001; -- asm volatile ("pushl %%ebx; cpuid; popl %%ebx" -- : "+a"(eax), "=d"(edx) : : "ecx"); -- -- /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -- -- return padlock_use_ace + padlock_use_rng; -+ char vendor_string[16]; -+ unsigned int eax, edx; -+ -+ /* First check if the CPUID instruction is available at all... */ -+ if (!padlock_insn_cpuid_available()) -+ return 0; -+ -+ /* Are we running on the Centaur (VIA) CPU? */ -+ eax = 0x00000000; -+ vendor_string[12] = 0; -+ asm volatile ("pushl %%ebx\n" -+ "cpuid\n" -+ "movl %%ebx,(%%edi)\n" -+ "movl %%edx,4(%%edi)\n" -+ "movl %%ecx,8(%%edi)\n" -+ "popl %%ebx":"+a" (eax):"D"(vendor_string):"ecx", "edx"); -+ if (strcmp(vendor_string, "CentaurHauls") != 0) -+ return 0; -+ -+ /* Check for Centaur Extended Feature Flags presence */ -+ eax = 0xC0000000; -+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax)::"ecx", "edx"); -+ if (eax < 0xC0000001) -+ return 0; -+ -+ /* Read the Centaur Extended Feature Flags */ -+ eax = 0xC0000001; -+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax), -+ "=d"(edx)::"ecx"); -+ -+ /* Fill up some flags */ -+ padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); -+ padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); -+ -+ return padlock_use_ace + padlock_use_rng; - } - --#ifndef OPENSSL_NO_AES -+# ifndef OPENSSL_NO_AES - /* Our own htonl()/ntohl() */ --static inline void --padlock_bswapl(AES_KEY *ks) -+static inline void padlock_bswapl(AES_KEY *ks) - { -- size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); -+ unsigned int *key = ks->rd_key; - -- while (i--) { -- asm volatile ("bswapl %0" : "+r"(*key)); -- key++; -- } -+ while (i--) { -+ asm volatile ("bswapl %0":"+r" (*key)); -+ key++; -+ } - } --#endif -+# endif - --/* Force key reload from memory to the CPU microcode. -- Loading EFLAGS from the stack clears EFLAGS[30] -- which does the trick. */ --static inline void --padlock_reload_key(void) -+/* -+ * Force key reload from memory to the CPU microcode. Loading EFLAGS from the -+ * stack clears EFLAGS[30] which does the trick. -+ */ -+static inline void padlock_reload_key(void) - { -- asm volatile ("pushfl; popfl"); -+ asm volatile ("pushfl; popfl"); - } - --#ifndef OPENSSL_NO_AES -+# ifndef OPENSSL_NO_AES - /* - * This is heuristic key context tracing. At first one - * believes that one should use atomic swap instructions, -@@ -405,90 +400,89 @@ padlock_reload_key(void) - * our key *shall* be reloaded upon thread context switch - * and we are therefore set in either case... - */ --static inline void --padlock_verify_context(struct padlock_cipher_data *cdata) -+static inline void padlock_verify_context(struct padlock_cipher_data *cdata) - { -- asm volatile ( -- "pushfl\n" --" btl $30,(%%esp)\n" --" jnc 1f\n" --" cmpl %2,%1\n" --" je 1f\n" --" popfl\n" --" subl $4,%%esp\n" --"1: addl $4,%%esp\n" --" movl %2,%0" -- :"+m"(padlock_saved_context) -- : "r"(padlock_saved_context), "r"(cdata) : "cc"); -+ asm volatile ("pushfl\n" -+ " btl $30,(%%esp)\n" -+ " jnc 1f\n" -+ " cmpl %2,%1\n" -+ " je 1f\n" -+ " popfl\n" -+ " subl $4,%%esp\n" -+ "1: addl $4,%%esp\n" -+ " movl %2,%0":"+m" (padlock_saved_context) -+ :"r"(padlock_saved_context), "r"(cdata):"cc"); - } - - /* Template for padlock_xcrypt_* modes */ --/* BIG FAT WARNING: -- * The offsets used with 'leal' instructions -- * describe items of the 'padlock_cipher_data' -- * structure. -+/* -+ * BIG FAT WARNING: The offsets used with 'leal' instructions describe items -+ * of the 'padlock_cipher_data' structure. - */ --#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ --static inline void *name(size_t cnt, \ -- struct padlock_cipher_data *cdata, \ -- void *out, const void *inp) \ --{ void *iv; \ -- asm volatile ( "pushl %%ebx\n" \ -- " leal 16(%0),%%edx\n" \ -- " leal 32(%0),%%ebx\n" \ -- rep_xcrypt "\n" \ -- " popl %%ebx" \ -- : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ -- : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -- : "edx", "cc", "memory"); \ -- return iv; \ -+# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ -+static inline void *name(size_t cnt, \ -+ struct padlock_cipher_data *cdata, \ -+ void *out, const void *inp) \ -+{ void *iv; \ -+ asm volatile ( "pushl %%ebx\n" \ -+ " leal 16(%0),%%edx\n" \ -+ " leal 32(%0),%%ebx\n" \ -+ rep_xcrypt "\n" \ -+ " popl %%ebx" \ -+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ -+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -+ : "edx", "cc", "memory"); \ -+ return iv; \ - } - - /* Generate all functions with appropriate opcodes */ --PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */ --PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */ --PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ --PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ --#endif -- -+/* rep xcryptecb */ -+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") -+/* rep xcryptcbc */ -+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") -+/* rep xcryptcfb */ -+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") -+/* rep xcryptofb */ -+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") -+# endif - /* The RNG call itself */ --static inline unsigned int --padlock_xstore(void *addr, unsigned int edx_in) -+static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in) - { -- unsigned int eax_out; -+ unsigned int eax_out; - -- asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */ -- : "=a"(eax_out),"=m"(*(unsigned *)addr) -- : "D"(addr), "d" (edx_in) -- ); -+ asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */ -+ :"=a" (eax_out), "=m"(*(unsigned *)addr) -+ :"D"(addr), "d"(edx_in) -+ ); - -- return eax_out; -+ return eax_out; - } - --/* Why not inline 'rep movsd'? I failed to find information on what -- * value in Direction Flag one can expect and consequently have to -- * apply "better-safe-than-sorry" approach and assume "undefined." -- * I could explicitly clear it and restore the original value upon -- * return from padlock_aes_cipher, but it's presumably too much -- * trouble for too little gain... -- * -- * In case you wonder 'rep xcrypt*' instructions above are *not* -- * affected by the Direction Flag and pointers advance toward -- * larger addresses unconditionally. -- */ --static inline unsigned char * --padlock_memcpy(void *dst,const void *src,size_t n) -+/* -+ * Why not inline 'rep movsd'? I failed to find information on what value in -+ * Direction Flag one can expect and consequently have to apply -+ * "better-safe-than-sorry" approach and assume "undefined." I could -+ * explicitly clear it and restore the original value upon return from -+ * padlock_aes_cipher, but it's presumably too much trouble for too little -+ * gain... In case you wonder 'rep xcrypt*' instructions above are *not* -+ * affected by the Direction Flag and pointers advance toward larger -+ * addresses unconditionally. -+ */ -+static inline unsigned char *padlock_memcpy(void *dst, const void *src, -+ size_t n) - { -- long *d=dst; -- const long *s=src; -+ long *d = dst; -+ const long *s = src; - -- n /= sizeof(*d); -- do { *d++ = *s++; } while (--n); -+ n /= sizeof(*d); -+ do { -+ *d++ = *s++; -+ } while (--n); - -- return dst; -+ return dst; - } - --#elif defined(_MSC_VER) -+# elif defined(_MSC_VER) - /* - * Unlike GCC these are real functions. In order to minimize impact - * on performance we adhere to __fastcall calling convention in -@@ -496,26 +490,25 @@ padlock_memcpy(void *dst,const void *src,size_t n) - * Which kind of suits very well, as instructions in question use - * both %ecx and %edx as input:-) - */ --#define REP_XCRYPT(code) \ -- _asm _emit 0xf3 \ -- _asm _emit 0x0f _asm _emit 0xa7 \ -- _asm _emit code -- --/* BIG FAT WARNING: -- * The offsets used with 'lea' instructions -- * describe items of the 'padlock_cipher_data' -- * structure. -+# define REP_XCRYPT(code) \ -+ _asm _emit 0xf3 \ -+ _asm _emit 0x0f _asm _emit 0xa7 \ -+ _asm _emit code -+ -+/* -+ * BIG FAT WARNING: The offsets used with 'lea' instructions describe items -+ * of the 'padlock_cipher_data' structure. - */ --#define PADLOCK_XCRYPT_ASM(name,code) \ --static void * __fastcall \ -- name (size_t cnt, void *cdata, \ -- void *outp, const void *inp) \ --{ _asm mov eax,edx \ -- _asm lea edx,[eax+16] \ -- _asm lea ebx,[eax+32] \ -- _asm mov edi,outp \ -- _asm mov esi,inp \ -- REP_XCRYPT(code) \ -+# define PADLOCK_XCRYPT_ASM(name,code) \ -+static void * __fastcall \ -+ name (size_t cnt, void *cdata, \ -+ void *outp, const void *inp) \ -+{ _asm mov eax,edx \ -+ _asm lea edx,[eax+16] \ -+ _asm lea ebx,[eax+32] \ -+ _asm mov edi,outp \ -+ _asm mov esi,inp \ -+ REP_XCRYPT(code) \ - } - - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8) -@@ -523,324 +516,330 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8) - --static int __fastcall --padlock_xstore(void *outp,unsigned int code) --{ _asm mov edi,ecx -- _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 -+static int __fastcall padlock_xstore(void *outp, unsigned int code) -+{ -+ _asm mov edi,ecx -+ _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 -+} -+ -+static void __fastcall padlock_reload_key(void) -+{ -+ _asm pushfd -+ _asm popfd - } - --static void __fastcall --padlock_reload_key(void) --{ _asm pushfd _asm popfd } -- --static void __fastcall --padlock_verify_context(void *cdata) --{ _asm { -- pushfd -- bt DWORD PTR[esp],30 -- jnc skip -- cmp ecx,padlock_saved_context -- je skip -- popfd -- sub esp,4 -- skip: add esp,4 -- mov padlock_saved_context,ecx -- } -+static void __fastcall padlock_verify_context(void *cdata) -+{ -+ _asm { -+ pushfd -+ bt DWORD PTR[esp],30 -+ jnc skip -+ cmp ecx,padlock_saved_context -+ je skip -+ popfd -+ sub esp,4 -+ skip: add esp,4 -+ mov padlock_saved_context,ecx -+ } - } - - static int - padlock_available(void) --{ _asm { -- pushfd -- pop eax -- mov ecx,eax -- xor eax,1<<21 -- push eax -- popfd -- pushfd -- pop eax -- xor eax,ecx -- bt eax,21 -- jnc noluck -- mov eax,0 -- cpuid -- xor eax,eax -- cmp ebx,'tneC' -- jne noluck -- cmp edx,'Hrua' -- jne noluck -- cmp ecx,'slua' -- jne noluck -- mov eax,0xC0000000 -- cpuid -- mov edx,eax -- xor eax,eax -- cmp edx,0xC0000001 -- jb noluck -- mov eax,0xC0000001 -- cpuid -- xor eax,eax -- bt edx,6 -- jnc skip_a -- bt edx,7 -- jnc skip_a -- mov padlock_use_ace,1 -- inc eax -- skip_a: bt edx,2 -- jnc skip_r -- bt edx,3 -- jnc skip_r -- mov padlock_use_rng,1 -- inc eax -- skip_r: -- noluck: -- } -+{ -+ _asm { -+ pushfd -+ pop eax -+ mov ecx,eax -+ xor eax,1<<21 -+ push eax -+ popfd -+ pushfd -+ pop eax -+ xor eax,ecx -+ bt eax,21 -+ jnc noluck -+ mov eax,0 -+ cpuid -+ xor eax,eax -+ cmp ebx,'tneC' -+ jne noluck -+ cmp edx,'Hrua' -+ jne noluck -+ cmp ecx,'slua' -+ jne noluck -+ mov eax,0xC0000000 -+ cpuid -+ mov edx,eax -+ xor eax,eax -+ cmp edx,0xC0000001 -+ jb noluck -+ mov eax,0xC0000001 -+ cpuid -+ xor eax,eax -+ bt edx,6 -+ jnc skip_a -+ bt edx,7 -+ jnc skip_a -+ mov padlock_use_ace,1 -+ inc eax -+ skip_a: bt edx,2 -+ jnc skip_r -+ bt edx,3 -+ jnc skip_r -+ mov padlock_use_rng,1 -+ inc eax -+ skip_r: -+ noluck: -+ } - } - --static void __fastcall --padlock_bswapl(void *key) --{ _asm { -- pushfd -- cld -- mov esi,ecx -- mov edi,ecx -- mov ecx,60 -- up: lodsd -- bswap eax -- stosd -- loop up -- popfd -- } -+static void __fastcall padlock_bswapl(void *key) -+{ -+ _asm { -+ pushfd -+ cld -+ mov esi,ecx -+ mov edi,ecx -+ mov ecx,60 -+ up: lodsd -+ bswap eax -+ stosd -+ loop up -+ popfd -+ } - } - --/* MS actually specifies status of Direction Flag and compiler even -- * manages to compile following as 'rep movsd' all by itself... -+/* -+ * MS actually specifies status of Direction Flag and compiler even manages -+ * to compile following as 'rep movsd' all by itself... - */ --#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U)) --#endif -- -+# define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U)) -+# endif - /* ===== AES encryption/decryption ===== */ --#ifndef OPENSSL_NO_AES -- --#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) --#define NID_aes_128_cfb NID_aes_128_cfb128 --#endif -- --#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) --#define NID_aes_128_ofb NID_aes_128_ofb128 --#endif -- --#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) --#define NID_aes_192_cfb NID_aes_192_cfb128 --#endif -- --#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) --#define NID_aes_192_ofb NID_aes_192_ofb128 --#endif -- --#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) --#define NID_aes_256_cfb NID_aes_256_cfb128 --#endif -- --#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) --#define NID_aes_256_ofb NID_aes_256_ofb128 --#endif -- --/* List of supported ciphers. */ --static int padlock_cipher_nids[] = { -- NID_aes_128_ecb, -- NID_aes_128_cbc, -- NID_aes_128_cfb, -- NID_aes_128_ofb, -- -- NID_aes_192_ecb, -- NID_aes_192_cbc, -- NID_aes_192_cfb, -- NID_aes_192_ofb, -- -- NID_aes_256_ecb, -- NID_aes_256_cbc, -- NID_aes_256_cfb, -- NID_aes_256_ofb, -+# ifndef OPENSSL_NO_AES -+# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) -+# define NID_aes_128_cfb NID_aes_128_cfb128 -+# endif -+# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) -+# define NID_aes_128_ofb NID_aes_128_ofb128 -+# endif -+# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) -+# define NID_aes_192_cfb NID_aes_192_cfb128 -+# endif -+# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) -+# define NID_aes_192_ofb NID_aes_192_ofb128 -+# endif -+# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) -+# define NID_aes_256_cfb NID_aes_256_cfb128 -+# endif -+# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) -+# define NID_aes_256_ofb NID_aes_256_ofb128 -+# endif -+/* -+ * List of supported ciphers. -+ */ static int padlock_cipher_nids[] = { -+ NID_aes_128_ecb, -+ NID_aes_128_cbc, -+ NID_aes_128_cfb, -+ NID_aes_128_ofb, -+ -+ NID_aes_192_ecb, -+ NID_aes_192_cbc, -+ NID_aes_192_cfb, -+ NID_aes_192_ofb, -+ -+ NID_aes_256_ecb, -+ NID_aes_256_cbc, -+ NID_aes_256_cfb, -+ NID_aes_256_ofb, - }; --static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/ -- sizeof(padlock_cipher_nids[0])); -+ -+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) / -+ sizeof(padlock_cipher_nids[0])); - - /* Function prototypes ... */ - static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc); -+ const unsigned char *iv, int enc); - static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, size_t nbytes); -- --#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ -- ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) --#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ -- NEAREST_ALIGNED(ctx->cipher_data)) -- --#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE --#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE --#define EVP_CIPHER_block_size_OFB 1 --#define EVP_CIPHER_block_size_CFB 1 -- --/* Declaring so many ciphers by hand would be a pain. -- Instead introduce a bit of preprocessor magic :-) */ --#define DECLARE_AES_EVP(ksize,lmode,umode) \ --static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ -- NID_aes_##ksize##_##lmode, \ -- EVP_CIPHER_block_size_##umode, \ -- AES_KEY_SIZE_##ksize, \ -- AES_BLOCK_SIZE, \ -- 0 | EVP_CIPH_##umode##_MODE, \ -- padlock_aes_init_key, \ -- padlock_aes_cipher, \ -- NULL, \ -- sizeof(struct padlock_cipher_data) + 16, \ -- EVP_CIPHER_set_asn1_iv, \ -- EVP_CIPHER_get_asn1_iv, \ -- NULL, \ -- NULL \ -+ const unsigned char *in, size_t nbytes); -+ -+# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ -+ ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) -+# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ -+ NEAREST_ALIGNED(ctx->cipher_data)) -+ -+# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE -+# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE -+# define EVP_CIPHER_block_size_OFB 1 -+# define EVP_CIPHER_block_size_CFB 1 -+ -+/* -+ * Declaring so many ciphers by hand would be a pain. Instead introduce a bit -+ * of preprocessor magic :-) -+ */ -+# define DECLARE_AES_EVP(ksize,lmode,umode) \ -+static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ -+ NID_aes_##ksize##_##lmode, \ -+ EVP_CIPHER_block_size_##umode, \ -+ AES_KEY_SIZE_##ksize, \ -+ AES_BLOCK_SIZE, \ -+ 0 | EVP_CIPH_##umode##_MODE, \ -+ padlock_aes_init_key, \ -+ padlock_aes_cipher, \ -+ NULL, \ -+ sizeof(struct padlock_cipher_data) + 16, \ -+ EVP_CIPHER_set_asn1_iv, \ -+ EVP_CIPHER_get_asn1_iv, \ -+ NULL, \ -+ NULL \ - } - --DECLARE_AES_EVP(128,ecb,ECB); --DECLARE_AES_EVP(128,cbc,CBC); --DECLARE_AES_EVP(128,cfb,CFB); --DECLARE_AES_EVP(128,ofb,OFB); -+DECLARE_AES_EVP(128, ecb, ECB); -+DECLARE_AES_EVP(128, cbc, CBC); -+DECLARE_AES_EVP(128, cfb, CFB); -+DECLARE_AES_EVP(128, ofb, OFB); - --DECLARE_AES_EVP(192,ecb,ECB); --DECLARE_AES_EVP(192,cbc,CBC); --DECLARE_AES_EVP(192,cfb,CFB); --DECLARE_AES_EVP(192,ofb,OFB); -+DECLARE_AES_EVP(192, ecb, ECB); -+DECLARE_AES_EVP(192, cbc, CBC); -+DECLARE_AES_EVP(192, cfb, CFB); -+DECLARE_AES_EVP(192, ofb, OFB); - --DECLARE_AES_EVP(256,ecb,ECB); --DECLARE_AES_EVP(256,cbc,CBC); --DECLARE_AES_EVP(256,cfb,CFB); --DECLARE_AES_EVP(256,ofb,OFB); -+DECLARE_AES_EVP(256, ecb, ECB); -+DECLARE_AES_EVP(256, cbc, CBC); -+DECLARE_AES_EVP(256, cfb, CFB); -+DECLARE_AES_EVP(256, ofb, OFB); - - static int --padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) -+padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, -+ int nid) - { -- /* No specific cipher => return a list of supported nids ... */ -- if (!cipher) { -- *nids = padlock_cipher_nids; -- return padlock_cipher_nids_num; -- } -- -- /* ... or the requested "cipher" otherwise */ -- switch (nid) { -- case NID_aes_128_ecb: -- *cipher = &padlock_aes_128_ecb; -- break; -- case NID_aes_128_cbc: -- *cipher = &padlock_aes_128_cbc; -- break; -- case NID_aes_128_cfb: -- *cipher = &padlock_aes_128_cfb; -- break; -- case NID_aes_128_ofb: -- *cipher = &padlock_aes_128_ofb; -- break; -- -- case NID_aes_192_ecb: -- *cipher = &padlock_aes_192_ecb; -- break; -- case NID_aes_192_cbc: -- *cipher = &padlock_aes_192_cbc; -- break; -- case NID_aes_192_cfb: -- *cipher = &padlock_aes_192_cfb; -- break; -- case NID_aes_192_ofb: -- *cipher = &padlock_aes_192_ofb; -- break; -- -- case NID_aes_256_ecb: -- *cipher = &padlock_aes_256_ecb; -- break; -- case NID_aes_256_cbc: -- *cipher = &padlock_aes_256_cbc; -- break; -- case NID_aes_256_cfb: -- *cipher = &padlock_aes_256_cfb; -- break; -- case NID_aes_256_ofb: -- *cipher = &padlock_aes_256_ofb; -- break; -- -- default: -- /* Sorry, we don't support this NID */ -- *cipher = NULL; -- return 0; -- } -- -- return 1; -+ /* No specific cipher => return a list of supported nids ... */ -+ if (!cipher) { -+ *nids = padlock_cipher_nids; -+ return padlock_cipher_nids_num; -+ } -+ -+ /* ... or the requested "cipher" otherwise */ -+ switch (nid) { -+ case NID_aes_128_ecb: -+ *cipher = &padlock_aes_128_ecb; -+ break; -+ case NID_aes_128_cbc: -+ *cipher = &padlock_aes_128_cbc; -+ break; -+ case NID_aes_128_cfb: -+ *cipher = &padlock_aes_128_cfb; -+ break; -+ case NID_aes_128_ofb: -+ *cipher = &padlock_aes_128_ofb; -+ break; -+ -+ case NID_aes_192_ecb: -+ *cipher = &padlock_aes_192_ecb; -+ break; -+ case NID_aes_192_cbc: -+ *cipher = &padlock_aes_192_cbc; -+ break; -+ case NID_aes_192_cfb: -+ *cipher = &padlock_aes_192_cfb; -+ break; -+ case NID_aes_192_ofb: -+ *cipher = &padlock_aes_192_ofb; -+ break; -+ -+ case NID_aes_256_ecb: -+ *cipher = &padlock_aes_256_ecb; -+ break; -+ case NID_aes_256_cbc: -+ *cipher = &padlock_aes_256_cbc; -+ break; -+ case NID_aes_256_cfb: -+ *cipher = &padlock_aes_256_cfb; -+ break; -+ case NID_aes_256_ofb: -+ *cipher = &padlock_aes_256_ofb; -+ break; -+ -+ default: -+ /* Sorry, we don't support this NID */ -+ *cipher = NULL; -+ return 0; -+ } -+ -+ return 1; - } - - /* Prepare the encryption key for PadLock usage */ - static int --padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -+padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -+ const unsigned char *iv, int enc) - { -- struct padlock_cipher_data *cdata; -- int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8; -- -- if (key==NULL) return 0; /* ERROR */ -- -- cdata = ALIGNED_CIPHER_DATA(ctx); -- memset(cdata, 0, sizeof(struct padlock_cipher_data)); -- -- /* Prepare Control word. */ -- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) -- cdata->cword.b.encdec = 0; -- else -- cdata->cword.b.encdec = (ctx->encrypt == 0); -- cdata->cword.b.rounds = 10 + (key_len - 128) / 32; -- cdata->cword.b.ksize = (key_len - 128) / 64; -- -- switch(key_len) { -- case 128: -- /* PadLock can generate an extended key for -- AES128 in hardware */ -- memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128); -- cdata->cword.b.keygen = 0; -- break; -- -- case 192: -- case 256: -- /* Generate an extended AES key in software. -- Needed for AES192/AES256 */ -- /* Well, the above applies to Stepping 8 CPUs -- and is listed as hardware errata. They most -- likely will fix it at some point and then -- a check for stepping would be due here. */ -- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || -- EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || -- enc) -- AES_set_encrypt_key(key, key_len, &cdata->ks); -- else -- AES_set_decrypt_key(key, key_len, &cdata->ks); --#ifndef AES_ASM -- /* OpenSSL C functions use byte-swapped extended key. */ -- padlock_bswapl(&cdata->ks); --#endif -- cdata->cword.b.keygen = 1; -- break; -- -- default: -- /* ERROR */ -- return 0; -- } -- -- /* -- * This is done to cover for cases when user reuses the -- * context for new key. The catch is that if we don't do -- * this, padlock_eas_cipher might proceed with old key... -- */ -- padlock_reload_key (); -- -- return 1; -+ struct padlock_cipher_data *cdata; -+ int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8; -+ -+ if (key == NULL) -+ return 0; /* ERROR */ -+ -+ cdata = ALIGNED_CIPHER_DATA(ctx); -+ memset(cdata, 0, sizeof(struct padlock_cipher_data)); -+ -+ /* Prepare Control word. */ -+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) -+ cdata->cword.b.encdec = 0; -+ else -+ cdata->cword.b.encdec = (ctx->encrypt == 0); -+ cdata->cword.b.rounds = 10 + (key_len - 128) / 32; -+ cdata->cword.b.ksize = (key_len - 128) / 64; -+ -+ switch (key_len) { -+ case 128: -+ /* -+ * PadLock can generate an extended key for AES128 in hardware -+ */ -+ memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128); -+ cdata->cword.b.keygen = 0; -+ break; -+ -+ case 192: -+ case 256: -+ /* -+ * Generate an extended AES key in software. Needed for AES192/AES256 -+ */ -+ /* -+ * Well, the above applies to Stepping 8 CPUs and is listed as -+ * hardware errata. They most likely will fix it at some point and -+ * then a check for stepping would be due here. -+ */ -+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || -+ EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || enc) -+ AES_set_encrypt_key(key, key_len, &cdata->ks); -+ else -+ AES_set_decrypt_key(key, key_len, &cdata->ks); -+# ifndef AES_ASM -+ /* -+ * OpenSSL C functions use byte-swapped extended key. -+ */ -+ padlock_bswapl(&cdata->ks); -+# endif -+ cdata->cword.b.keygen = 1; -+ break; -+ -+ default: -+ /* ERROR */ -+ return 0; -+ } -+ -+ /* -+ * This is done to cover for cases when user reuses the -+ * context for new key. The catch is that if we don't do -+ * this, padlock_eas_cipher might proceed with old key... -+ */ -+ padlock_reload_key(); -+ -+ return 1; - } - --/* -+/*- - * Simplified version of padlock_aes_cipher() used when - * 1) both input and output buffers are at aligned addresses. - * or when -@@ -848,314 +847,329 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, - */ - static int - padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, -- const unsigned char *in_arg, size_t nbytes) -+ const unsigned char *in_arg, size_t nbytes) - { -- struct padlock_cipher_data *cdata; -- void *iv; -- -- cdata = ALIGNED_CIPHER_DATA(ctx); -- padlock_verify_context(cdata); -- -- switch (EVP_CIPHER_CTX_mode(ctx)) { -- case EVP_CIPH_ECB_MODE: -- padlock_xcrypt_ecb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); -- break; -- -- case EVP_CIPH_CBC_MODE: -- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -- iv = padlock_xcrypt_cbc(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); -- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); -- break; -- -- case EVP_CIPH_CFB_MODE: -- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -- iv = padlock_xcrypt_cfb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); -- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); -- break; -- -- case EVP_CIPH_OFB_MODE: -- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -- padlock_xcrypt_ofb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); -- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); -- break; -- -- default: -- return 0; -- } -- -- memset(cdata->iv, 0, AES_BLOCK_SIZE); -- -- return 1; -+ struct padlock_cipher_data *cdata; -+ void *iv; -+ -+ cdata = ALIGNED_CIPHER_DATA(ctx); -+ padlock_verify_context(cdata); -+ -+ switch (EVP_CIPHER_CTX_mode(ctx)) { -+ case EVP_CIPH_ECB_MODE: -+ padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg); -+ break; -+ -+ case EVP_CIPH_CBC_MODE: -+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -+ iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata, out_arg, -+ in_arg); -+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE); -+ break; -+ -+ case EVP_CIPH_CFB_MODE: -+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -+ iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, -+ in_arg); -+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE); -+ break; -+ -+ case EVP_CIPH_OFB_MODE: -+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -+ padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg); -+ memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); -+ break; -+ -+ default: -+ return 0; -+ } -+ -+ memset(cdata->iv, 0, AES_BLOCK_SIZE); -+ -+ return 1; - } - --#ifndef PADLOCK_CHUNK --# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ --#endif --#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) --# error "insane PADLOCK_CHUNK..." --#endif -+# ifndef PADLOCK_CHUNK -+# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ -+# endif -+# if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) -+# error "insane PADLOCK_CHUNK..." -+# endif - --/* Re-align the arguments to 16-Bytes boundaries and run the -- encryption function itself. This function is not AES-specific. */ -+/* -+ * Re-align the arguments to 16-Bytes boundaries and run the encryption -+ * function itself. This function is not AES-specific. -+ */ - static int - padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, -- const unsigned char *in_arg, size_t nbytes) -+ const unsigned char *in_arg, size_t nbytes) - { -- struct padlock_cipher_data *cdata; -- const void *inp; -- unsigned char *out; -- void *iv; -- int inp_misaligned, out_misaligned, realign_in_loop; -- size_t chunk, allocated=0; -- -- /* ctx->num is maintained in byte-oriented modes, -- such as CFB and OFB... */ -- if ((chunk = ctx->num)) { /* borrow chunk variable */ -- unsigned char *ivp=ctx->iv; -- -- switch (EVP_CIPHER_CTX_mode(ctx)) { -- case EVP_CIPH_CFB_MODE: -- if (chunk >= AES_BLOCK_SIZE) -- return 0; /* bogus value */ -- -- if (ctx->encrypt) -- while (chunknum = chunk%AES_BLOCK_SIZE; -- break; -- case EVP_CIPH_OFB_MODE: -- if (chunk >= AES_BLOCK_SIZE) -- return 0; /* bogus value */ -- -- while (chunknum = chunk%AES_BLOCK_SIZE; -- break; -- } -- } -- -- if (nbytes == 0) -- return 1; --#if 0 -- if (nbytes % AES_BLOCK_SIZE) -- return 0; /* are we expected to do tail processing? */ --#else -- /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC -- modes and arbitrary value in byte-oriented modes, such as -- CFB and OFB... */ --#endif -- -- /* VIA promises CPUs that won't require alignment in the future. -- For now padlock_aes_align_required is initialized to 1 and -- the condition is never met... */ -- /* C7 core is capable to manage unaligned input in non-ECB[!] -- mode, but performance penalties appear to be approximately -- same as for software alignment below or ~3x. They promise to -- improve it in the future, but for now we can just as well -- pretend that it can only handle aligned input... */ -- if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0) -- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); -- -- inp_misaligned = (((size_t)in_arg) & 0x0F); -- out_misaligned = (((size_t)out_arg) & 0x0F); -- -- /* Note that even if output is aligned and input not, -- * I still prefer to loop instead of copy the whole -- * input and then encrypt in one stroke. This is done -- * in order to improve L1 cache utilization... */ -- realign_in_loop = out_misaligned|inp_misaligned; -- -- if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0) -- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); -- -- /* this takes one "if" out of the loops */ -- chunk = nbytes; -- chunk %= PADLOCK_CHUNK; -- if (chunk==0) chunk = PADLOCK_CHUNK; -- -- if (out_misaligned) { -- /* optmize for small input */ -- allocated = (chunkiv, ctx->iv, AES_BLOCK_SIZE); -- goto cbc_shortcut; -- do { -- if (iv != cdata->iv) -- memcpy(cdata->iv, iv, AES_BLOCK_SIZE); -- chunk = PADLOCK_CHUNK; -- cbc_shortcut: /* optimize for small input */ -- if (inp_misaligned) -- inp = padlock_memcpy(out, in_arg, chunk); -- else -- inp = in_arg; -- in_arg += chunk; -- -- iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp); -- -- if (out_misaligned) -- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; -- else -- out = out_arg+=chunk; -- -- } while (nbytes -= chunk); -- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); -- break; -- -- case EVP_CIPH_CFB_MODE: -- memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); -- chunk &= ~(AES_BLOCK_SIZE-1); -- if (chunk) goto cfb_shortcut; -- else goto cfb_skiploop; -- do { -- if (iv != cdata->iv) -- memcpy(cdata->iv, iv, AES_BLOCK_SIZE); -- chunk = PADLOCK_CHUNK; -- cfb_shortcut: /* optimize for small input */ -- if (inp_misaligned) -- inp = padlock_memcpy(out, in_arg, chunk); -- else -- inp = in_arg; -- in_arg += chunk; -- -- iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp); -- -- if (out_misaligned) -- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; -- else -- out = out_arg+=chunk; -- -- nbytes -= chunk; -- } while (nbytes >= AES_BLOCK_SIZE); -- -- cfb_skiploop: -- if (nbytes) { -- unsigned char *ivp = cdata->iv; -- -- if (iv != ivp) { -- memcpy(ivp, iv, AES_BLOCK_SIZE); -- iv = ivp; -- } -- ctx->num = nbytes; -- if (cdata->cword.b.encdec) { -- cdata->cword.b.encdec=0; -- padlock_reload_key(); -- padlock_xcrypt_ecb(1,cdata,ivp,ivp); -- cdata->cword.b.encdec=1; -- padlock_reload_key(); -- while(nbytes) { -- unsigned char c = *(in_arg++); -- *(out_arg++) = c ^ *ivp; -- *(ivp++) = c, nbytes--; -- } -- } -- else { padlock_reload_key(); -- padlock_xcrypt_ecb(1,cdata,ivp,ivp); -- padlock_reload_key(); -- while (nbytes) { -- *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; -- ivp++, nbytes--; -- } -- } -- } -- -- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); -- break; -- -- case EVP_CIPH_OFB_MODE: -- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -- chunk &= ~(AES_BLOCK_SIZE-1); -- if (chunk) do { -- if (inp_misaligned) -- inp = padlock_memcpy(out, in_arg, chunk); -- else -- inp = in_arg; -- in_arg += chunk; -- -- padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp); -- -- if (out_misaligned) -- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; -- else -- out = out_arg+=chunk; -- -- nbytes -= chunk; -- chunk = PADLOCK_CHUNK; -- } while (nbytes >= AES_BLOCK_SIZE); -- -- if (nbytes) { -- unsigned char *ivp = cdata->iv; -- -- ctx->num = nbytes; -- padlock_reload_key(); /* empirically found */ -- padlock_xcrypt_ecb(1,cdata,ivp,ivp); -- padlock_reload_key(); /* empirically found */ -- while (nbytes) { -- *(out_arg++) = *(in_arg++) ^ *ivp; -- ivp++, nbytes--; -- } -- } -- -- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); -- break; -- -- default: -- return 0; -- } -- -- /* Clean the realign buffer if it was used */ -- if (out_misaligned) { -- volatile unsigned long *p=(void *)out; -- size_t n = allocated/sizeof(*p); -- while (n--) *p++=0; -- } -- -- memset(cdata->iv, 0, AES_BLOCK_SIZE); -- -- return 1; -+ struct padlock_cipher_data *cdata; -+ const void *inp; -+ unsigned char *out; -+ void *iv; -+ int inp_misaligned, out_misaligned, realign_in_loop; -+ size_t chunk, allocated = 0; -+ -+ /* -+ * ctx->num is maintained in byte-oriented modes, such as CFB and OFB... -+ */ -+ if ((chunk = ctx->num)) { /* borrow chunk variable */ -+ unsigned char *ivp = ctx->iv; -+ -+ switch (EVP_CIPHER_CTX_mode(ctx)) { -+ case EVP_CIPH_CFB_MODE: -+ if (chunk >= AES_BLOCK_SIZE) -+ return 0; /* bogus value */ -+ -+ if (ctx->encrypt) -+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) { -+ ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk]; -+ chunk++, nbytes--; -+ } else -+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) { -+ unsigned char c = *(in_arg++); -+ *(out_arg++) = c ^ ivp[chunk]; -+ ivp[chunk++] = c, nbytes--; -+ } -+ -+ ctx->num = chunk % AES_BLOCK_SIZE; -+ break; -+ case EVP_CIPH_OFB_MODE: -+ if (chunk >= AES_BLOCK_SIZE) -+ return 0; /* bogus value */ -+ -+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) { -+ *(out_arg++) = *(in_arg++) ^ ivp[chunk]; -+ chunk++, nbytes--; -+ } -+ -+ ctx->num = chunk % AES_BLOCK_SIZE; -+ break; -+ } -+ } -+ -+ if (nbytes == 0) -+ return 1; -+# if 0 -+ if (nbytes % AES_BLOCK_SIZE) -+ return 0; /* are we expected to do tail processing? */ -+# else -+ /* -+ * nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC modes and -+ * arbitrary value in byte-oriented modes, such as CFB and OFB... -+ */ -+# endif -+ -+ /* -+ * VIA promises CPUs that won't require alignment in the future. For now -+ * padlock_aes_align_required is initialized to 1 and the condition is -+ * never met... -+ */ -+ /* -+ * C7 core is capable to manage unaligned input in non-ECB[!] mode, but -+ * performance penalties appear to be approximately same as for software -+ * alignment below or ~3x. They promise to improve it in the future, but -+ * for now we can just as well pretend that it can only handle aligned -+ * input... -+ */ -+ if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0) -+ return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); -+ -+ inp_misaligned = (((size_t)in_arg) & 0x0F); -+ out_misaligned = (((size_t)out_arg) & 0x0F); -+ -+ /* -+ * Note that even if output is aligned and input not, I still prefer to -+ * loop instead of copy the whole input and then encrypt in one stroke. -+ * This is done in order to improve L1 cache utilization... -+ */ -+ realign_in_loop = out_misaligned | inp_misaligned; -+ -+ if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0) -+ return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); -+ -+ /* this takes one "if" out of the loops */ -+ chunk = nbytes; -+ chunk %= PADLOCK_CHUNK; -+ if (chunk == 0) -+ chunk = PADLOCK_CHUNK; -+ -+ if (out_misaligned) { -+ /* optmize for small input */ -+ allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes); -+ out = alloca(0x10 + allocated); -+ out = NEAREST_ALIGNED(out); -+ } else -+ out = out_arg; -+ -+ cdata = ALIGNED_CIPHER_DATA(ctx); -+ padlock_verify_context(cdata); -+ -+ switch (EVP_CIPHER_CTX_mode(ctx)) { -+ case EVP_CIPH_ECB_MODE: -+ do { -+ if (inp_misaligned) -+ inp = padlock_memcpy(out, in_arg, chunk); -+ else -+ inp = in_arg; -+ in_arg += chunk; -+ -+ padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata, out, inp); -+ -+ if (out_misaligned) -+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; -+ else -+ out = out_arg += chunk; -+ -+ nbytes -= chunk; -+ chunk = PADLOCK_CHUNK; -+ } while (nbytes); -+ break; -+ -+ case EVP_CIPH_CBC_MODE: -+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -+ goto cbc_shortcut; -+ do { -+ if (iv != cdata->iv) -+ memcpy(cdata->iv, iv, AES_BLOCK_SIZE); -+ chunk = PADLOCK_CHUNK; -+ cbc_shortcut: /* optimize for small input */ -+ if (inp_misaligned) -+ inp = padlock_memcpy(out, in_arg, chunk); -+ else -+ inp = in_arg; -+ in_arg += chunk; -+ -+ iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata, out, inp); -+ -+ if (out_misaligned) -+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; -+ else -+ out = out_arg += chunk; -+ -+ } while (nbytes -= chunk); -+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE); -+ break; -+ -+ case EVP_CIPH_CFB_MODE: -+ memcpy(iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); -+ chunk &= ~(AES_BLOCK_SIZE - 1); -+ if (chunk) -+ goto cfb_shortcut; -+ else -+ goto cfb_skiploop; -+ do { -+ if (iv != cdata->iv) -+ memcpy(cdata->iv, iv, AES_BLOCK_SIZE); -+ chunk = PADLOCK_CHUNK; -+ cfb_shortcut: /* optimize for small input */ -+ if (inp_misaligned) -+ inp = padlock_memcpy(out, in_arg, chunk); -+ else -+ inp = in_arg; -+ in_arg += chunk; -+ -+ iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata, out, inp); -+ -+ if (out_misaligned) -+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; -+ else -+ out = out_arg += chunk; -+ -+ nbytes -= chunk; -+ } while (nbytes >= AES_BLOCK_SIZE); -+ -+ cfb_skiploop: -+ if (nbytes) { -+ unsigned char *ivp = cdata->iv; -+ -+ if (iv != ivp) { -+ memcpy(ivp, iv, AES_BLOCK_SIZE); -+ iv = ivp; -+ } -+ ctx->num = nbytes; -+ if (cdata->cword.b.encdec) { -+ cdata->cword.b.encdec = 0; -+ padlock_reload_key(); -+ padlock_xcrypt_ecb(1, cdata, ivp, ivp); -+ cdata->cword.b.encdec = 1; -+ padlock_reload_key(); -+ while (nbytes) { -+ unsigned char c = *(in_arg++); -+ *(out_arg++) = c ^ *ivp; -+ *(ivp++) = c, nbytes--; -+ } -+ } else { -+ padlock_reload_key(); -+ padlock_xcrypt_ecb(1, cdata, ivp, ivp); -+ padlock_reload_key(); -+ while (nbytes) { -+ *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; -+ ivp++, nbytes--; -+ } -+ } -+ } -+ -+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE); -+ break; -+ -+ case EVP_CIPH_OFB_MODE: -+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); -+ chunk &= ~(AES_BLOCK_SIZE - 1); -+ if (chunk) -+ do { -+ if (inp_misaligned) -+ inp = padlock_memcpy(out, in_arg, chunk); -+ else -+ inp = in_arg; -+ in_arg += chunk; -+ -+ padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata, out, inp); -+ -+ if (out_misaligned) -+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; -+ else -+ out = out_arg += chunk; -+ -+ nbytes -= chunk; -+ chunk = PADLOCK_CHUNK; -+ } while (nbytes >= AES_BLOCK_SIZE); -+ -+ if (nbytes) { -+ unsigned char *ivp = cdata->iv; -+ -+ ctx->num = nbytes; -+ padlock_reload_key(); /* empirically found */ -+ padlock_xcrypt_ecb(1, cdata, ivp, ivp); -+ padlock_reload_key(); /* empirically found */ -+ while (nbytes) { -+ *(out_arg++) = *(in_arg++) ^ *ivp; -+ ivp++, nbytes--; -+ } -+ } -+ -+ memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); -+ break; -+ -+ default: -+ return 0; -+ } -+ -+ /* Clean the realign buffer if it was used */ -+ if (out_misaligned) { -+ volatile unsigned long *p = (void *)out; -+ size_t n = allocated / sizeof(*p); -+ while (n--) -+ *p++ = 0; -+ } -+ -+ memset(cdata->iv, 0, AES_BLOCK_SIZE); -+ -+ return 1; - } - --#endif /* OPENSSL_NO_AES */ -+# endif /* OPENSSL_NO_AES */ - - /* ===== Random Number Generator ===== */ - /* -@@ -1164,56 +1178,64 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it - * provide meaningful error control... - */ --/* Wrapper that provides an interface between the API and -- the raw PadLock RNG */ --static int --padlock_rand_bytes(unsigned char *output, int count) -+/* -+ * Wrapper that provides an interface between the API and the raw PadLock -+ * RNG -+ */ -+static int padlock_rand_bytes(unsigned char *output, int count) - { -- unsigned int eax, buf; -- -- while (count >= 8) { -- eax = padlock_xstore(output, 0); -- if (!(eax&(1<<6))) return 0; /* RNG disabled */ -- /* this ---vv--- covers DC bias, Raw Bits and String Filter */ -- if (eax&(0x1F<<10)) return 0; -- if ((eax&0x1F)==0) continue; /* no data, retry... */ -- if ((eax&0x1F)!=8) return 0; /* fatal failure... */ -- output += 8; -- count -= 8; -- } -- while (count > 0) { -- eax = padlock_xstore(&buf, 3); -- if (!(eax&(1<<6))) return 0; /* RNG disabled */ -- /* this ---vv--- covers DC bias, Raw Bits and String Filter */ -- if (eax&(0x1F<<10)) return 0; -- if ((eax&0x1F)==0) continue; /* no data, retry... */ -- if ((eax&0x1F)!=1) return 0; /* fatal failure... */ -- *output++ = (unsigned char)buf; -- count--; -- } -- *(volatile unsigned int *)&buf=0; -- -- return 1; -+ unsigned int eax, buf; -+ -+ while (count >= 8) { -+ eax = padlock_xstore(output, 0); -+ if (!(eax & (1 << 6))) -+ return 0; /* RNG disabled */ -+ /* this ---vv--- covers DC bias, Raw Bits and String Filter */ -+ if (eax & (0x1F << 10)) -+ return 0; -+ if ((eax & 0x1F) == 0) -+ continue; /* no data, retry... */ -+ if ((eax & 0x1F) != 8) -+ return 0; /* fatal failure... */ -+ output += 8; -+ count -= 8; -+ } -+ while (count > 0) { -+ eax = padlock_xstore(&buf, 3); -+ if (!(eax & (1 << 6))) -+ return 0; /* RNG disabled */ -+ /* this ---vv--- covers DC bias, Raw Bits and String Filter */ -+ if (eax & (0x1F << 10)) -+ return 0; -+ if ((eax & 0x1F) == 0) -+ continue; /* no data, retry... */ -+ if ((eax & 0x1F) != 1) -+ return 0; /* fatal failure... */ -+ *output++ = (unsigned char)buf; -+ count--; -+ } -+ *(volatile unsigned int *)&buf = 0; -+ -+ return 1; - } - - /* Dummy but necessary function */ --static int --padlock_rand_status(void) -+static int padlock_rand_status(void) - { -- return 1; -+ return 1; - } - - /* Prepare structure for registration */ - static RAND_METHOD padlock_rand = { -- NULL, /* seed */ -- padlock_rand_bytes, /* bytes */ -- NULL, /* cleanup */ -- NULL, /* add */ -- padlock_rand_bytes, /* pseudorand */ -- padlock_rand_status, /* rand status */ -+ NULL, /* seed */ -+ padlock_rand_bytes, /* bytes */ -+ NULL, /* cleanup */ -+ NULL, /* add */ -+ padlock_rand_bytes, /* pseudorand */ -+ padlock_rand_status, /* rand status */ - }; - --#endif /* COMPILE_HW_PADLOCK */ -+# endif /* COMPILE_HW_PADLOCK */ - --#endif /* !OPENSSL_NO_HW_PADLOCK */ --#endif /* !OPENSSL_NO_HW */ -+# endif /* !OPENSSL_NO_HW_PADLOCK */ -+#endif /* !OPENSSL_NO_HW */ -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c -index 1dfa2e3..23580d9 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,140 +57,130 @@ - - /* Basic get/set stuff */ - --int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f) -- { -- e->load_privkey = loadpriv_f; -- return 1; -- } -+int ENGINE_set_load_privkey_function(ENGINE *e, -+ ENGINE_LOAD_KEY_PTR loadpriv_f) -+{ -+ e->load_privkey = loadpriv_f; -+ return 1; -+} - - int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) -- { -- e->load_pubkey = loadpub_f; -- return 1; -- } -+{ -+ e->load_pubkey = loadpub_f; -+ return 1; -+} - - int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, -- ENGINE_SSL_CLIENT_CERT_PTR loadssl_f) -- { -- e->load_ssl_client_cert = loadssl_f; -- return 1; -- } -+ ENGINE_SSL_CLIENT_CERT_PTR -+ loadssl_f) -+{ -+ e->load_ssl_client_cert = loadssl_f; -+ return 1; -+} - - ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) -- { -- return e->load_privkey; -- } -+{ -+ return e->load_privkey; -+} - - ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) -- { -- return e->load_pubkey; -- } -+{ -+ return e->load_pubkey; -+} - --ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e) -- { -- return e->load_ssl_client_cert; -- } -+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE -+ *e) -+{ -+ return e->load_ssl_client_cert; -+} - - /* API functions to load public/private keys */ - - EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, -- UI_METHOD *ui_method, void *callback_data) -- { -- EVP_PKEY *pkey; -+ UI_METHOD *ui_method, void *callback_data) -+{ -+ EVP_PKEY *pkey; - -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(e->funct_ref == 0) -- { -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, -- ENGINE_R_NOT_INITIALISED); -- return 0; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- if (!e->load_privkey) -- { -- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, -- ENGINE_R_NO_LOAD_FUNCTION); -- return 0; -- } -- pkey = e->load_privkey(e, key_id, ui_method, callback_data); -- if (!pkey) -- { -- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, -- ENGINE_R_FAILED_LOADING_PRIVATE_KEY); -- return 0; -- } -- return pkey; -- } -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (e->funct_ref == 0) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED); -+ return 0; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ if (!e->load_privkey) { -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, -+ ENGINE_R_NO_LOAD_FUNCTION); -+ return 0; -+ } -+ pkey = e->load_privkey(e, key_id, ui_method, callback_data); -+ if (!pkey) { -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, -+ ENGINE_R_FAILED_LOADING_PRIVATE_KEY); -+ return 0; -+ } -+ return pkey; -+} - - EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, -- UI_METHOD *ui_method, void *callback_data) -- { -- EVP_PKEY *pkey; -+ UI_METHOD *ui_method, void *callback_data) -+{ -+ EVP_PKEY *pkey; - -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(e->funct_ref == 0) -- { -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, -- ENGINE_R_NOT_INITIALISED); -- return 0; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- if (!e->load_pubkey) -- { -- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, -- ENGINE_R_NO_LOAD_FUNCTION); -- return 0; -- } -- pkey = e->load_pubkey(e, key_id, ui_method, callback_data); -- if (!pkey) -- { -- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, -- ENGINE_R_FAILED_LOADING_PUBLIC_KEY); -- return 0; -- } -- return pkey; -- } -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (e->funct_ref == 0) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED); -+ return 0; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ if (!e->load_pubkey) { -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION); -+ return 0; -+ } -+ pkey = e->load_pubkey(e, key_id, ui_method, callback_data); -+ if (!pkey) { -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, -+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY); -+ return 0; -+ } -+ return pkey; -+} - - int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, -- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, -- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data) -- { -+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, -+ EVP_PKEY **ppkey, STACK_OF(X509) **pother, -+ UI_METHOD *ui_method, void *callback_data) -+{ - -- if(e == NULL) -- { -- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(e->funct_ref == 0) -- { -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, -- ENGINE_R_NOT_INITIALISED); -- return 0; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- if (!e->load_ssl_client_cert) -- { -- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, -- ENGINE_R_NO_LOAD_FUNCTION); -- return 0; -- } -- return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, -- ui_method, callback_data); -- } -+ if (e == NULL) { -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (e->funct_ref == 0) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, -+ ENGINE_R_NOT_INITIALISED); -+ return 0; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ if (!e->load_ssl_client_cert) { -+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, -+ ENGINE_R_NO_LOAD_FUNCTION); -+ return 0; -+ } -+ return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, -+ ui_method, callback_data); -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c -index 8fc47b3..7dd8b1b 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/eng_table.c -+++ b/Cryptlib/OpenSSL/crypto/engine/eng_table.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,259 +58,269 @@ - #include "eng_int.h" - - /* The type of the items in the table */ --typedef struct st_engine_pile -- { -- /* The 'nid' of this algorithm/mode */ -- int nid; -- /* ENGINEs that implement this algorithm/mode. */ -- STACK_OF(ENGINE) *sk; -- /* The default ENGINE to perform this algorithm/mode. */ -- ENGINE *funct; -- /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */ -- int uptodate; -- } ENGINE_PILE; -+typedef struct st_engine_pile { -+ /* The 'nid' of this algorithm/mode */ -+ int nid; -+ /* ENGINEs that implement this algorithm/mode. */ -+ STACK_OF(ENGINE) *sk; -+ /* The default ENGINE to perform this algorithm/mode. */ -+ ENGINE *funct; -+ /* -+ * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise -+ */ -+ int uptodate; -+} ENGINE_PILE; - - /* The type exposed in eng_int.h */ --struct st_engine_table -- { -- LHASH piles; -- }; /* ENGINE_TABLE */ -+struct st_engine_table { -+ LHASH piles; -+}; /* ENGINE_TABLE */ - - /* Global flags (ENGINE_TABLE_FLAG_***). */ - static unsigned int table_flags = 0; - - /* API function manipulating 'table_flags' */ - unsigned int ENGINE_get_table_flags(void) -- { -- return table_flags; -- } -+{ -+ return table_flags; -+} -+ - void ENGINE_set_table_flags(unsigned int flags) -- { -- table_flags = flags; -- } -+{ -+ table_flags = flags; -+} - - /* Internal functions for the "piles" hash table */ - static unsigned long engine_pile_hash(const ENGINE_PILE *c) -- { -- return c->nid; -- } -+{ -+ return c->nid; -+} -+ - static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) -- { -- return a->nid - b->nid; -- } -+{ -+ return a->nid - b->nid; -+} -+ - static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *) - static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) - static int int_table_check(ENGINE_TABLE **t, int create) -- { -- LHASH *lh; -- if(*t) return 1; -- if(!create) return 0; -- if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), -- LHASH_COMP_FN(engine_pile_cmp))) == NULL) -- return 0; -- *t = (ENGINE_TABLE *)lh; -- return 1; -- } -+{ -+ LHASH *lh; -+ if (*t) -+ return 1; -+ if (!create) -+ return 0; -+ if ((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), -+ LHASH_COMP_FN(engine_pile_cmp))) == NULL) -+ return 0; -+ *t = (ENGINE_TABLE *)lh; -+ return 1; -+} - --/* Privately exposed (via eng_int.h) functions for adding and/or removing -- * ENGINEs from the implementation table */ -+/* -+ * Privately exposed (via eng_int.h) functions for adding and/or removing -+ * ENGINEs from the implementation table -+ */ - int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, -- ENGINE *e, const int *nids, int num_nids, int setdefault) -- { -- int ret = 0, added = 0; -- ENGINE_PILE tmplate, *fnd; -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(!(*table)) -- added = 1; -- if(!int_table_check(table, 1)) -- goto end; -- if(added) -- /* The cleanup callback needs to be added */ -- engine_cleanup_add_first(cleanup); -- while(num_nids--) -- { -- tmplate.nid = *nids; -- fnd = lh_retrieve(&(*table)->piles, &tmplate); -- if(!fnd) -- { -- fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); -- if(!fnd) goto end; -- fnd->uptodate = 1; -- fnd->nid = *nids; -- fnd->sk = sk_ENGINE_new_null(); -- if(!fnd->sk) -- { -- OPENSSL_free(fnd); -- goto end; -- } -- fnd->funct = NULL; -- lh_insert(&(*table)->piles, fnd); -- } -- /* A registration shouldn't add duplciate entries */ -- (void)sk_ENGINE_delete_ptr(fnd->sk, e); -- /* if 'setdefault', this ENGINE goes to the head of the list */ -- if(!sk_ENGINE_push(fnd->sk, e)) -- goto end; -- /* "touch" this ENGINE_PILE */ -- fnd->uptodate = 0; -- if(setdefault) -- { -- if(!engine_unlocked_init(e)) -- { -- ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER, -- ENGINE_R_INIT_FAILED); -- goto end; -- } -- if(fnd->funct) -- engine_unlocked_finish(fnd->funct, 0); -- fnd->funct = e; -- fnd->uptodate = 1; -- } -- nids++; -- } -- ret = 1; --end: -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- return ret; -- } -+ ENGINE *e, const int *nids, int num_nids, -+ int setdefault) -+{ -+ int ret = 0, added = 0; -+ ENGINE_PILE tmplate, *fnd; -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (!(*table)) -+ added = 1; -+ if (!int_table_check(table, 1)) -+ goto end; -+ if (added) -+ /* The cleanup callback needs to be added */ -+ engine_cleanup_add_first(cleanup); -+ while (num_nids--) { -+ tmplate.nid = *nids; -+ fnd = lh_retrieve(&(*table)->piles, &tmplate); -+ if (!fnd) { -+ fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); -+ if (!fnd) -+ goto end; -+ fnd->uptodate = 1; -+ fnd->nid = *nids; -+ fnd->sk = sk_ENGINE_new_null(); -+ if (!fnd->sk) { -+ OPENSSL_free(fnd); -+ goto end; -+ } -+ fnd->funct = NULL; -+ lh_insert(&(*table)->piles, fnd); -+ } -+ /* A registration shouldn't add duplciate entries */ -+ (void)sk_ENGINE_delete_ptr(fnd->sk, e); -+ /* -+ * if 'setdefault', this ENGINE goes to the head of the list -+ */ -+ if (!sk_ENGINE_push(fnd->sk, e)) -+ goto end; -+ /* "touch" this ENGINE_PILE */ -+ fnd->uptodate = 0; -+ if (setdefault) { -+ if (!engine_unlocked_init(e)) { -+ ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER, -+ ENGINE_R_INIT_FAILED); -+ goto end; -+ } -+ if (fnd->funct) -+ engine_unlocked_finish(fnd->funct, 0); -+ fnd->funct = e; -+ fnd->uptodate = 1; -+ } -+ nids++; -+ } -+ ret = 1; -+ end: -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ return ret; -+} -+ - static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) -- { -- int n; -- /* Iterate the 'c->sk' stack removing any occurance of 'e' */ -- while((n = sk_ENGINE_find(pile->sk, e)) >= 0) -- { -- (void)sk_ENGINE_delete(pile->sk, n); -- pile->uptodate = 0; -- } -- if(pile->funct == e) -- { -- engine_unlocked_finish(e, 0); -- pile->funct = NULL; -- } -- } --static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *) -+{ -+ int n; -+ /* Iterate the 'c->sk' stack removing any occurance of 'e' */ -+ while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) { -+ (void)sk_ENGINE_delete(pile->sk, n); -+ pile->uptodate = 0; -+ } -+ if (pile->funct == e) { -+ engine_unlocked_finish(e, 0); -+ pile->funct = NULL; -+ } -+} -+ -+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE *, -+ ENGINE *) - void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(int_table_check(table, 0)) -- lh_doall_arg(&(*table)->piles, -- LHASH_DOALL_ARG_FN(int_unregister_cb), e); -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- } -+{ -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (int_table_check(table, 0)) -+ lh_doall_arg(&(*table)->piles, -+ LHASH_DOALL_ARG_FN(int_unregister_cb), e); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+} - - static void int_cleanup_cb(ENGINE_PILE *p) -- { -- sk_ENGINE_free(p->sk); -- if(p->funct) -- engine_unlocked_finish(p->funct, 0); -- OPENSSL_free(p); -- } --static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *) -+{ -+ sk_ENGINE_free(p->sk); -+ if (p->funct) -+ engine_unlocked_finish(p->funct, 0); -+ OPENSSL_free(p); -+} -+ -+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE *) - void engine_table_cleanup(ENGINE_TABLE **table) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- if(*table) -- { -- lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); -- lh_free(&(*table)->piles); -- *table = NULL; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- } -+{ -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ if (*table) { -+ lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); -+ lh_free(&(*table)->piles); -+ *table = NULL; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+} - - /* return a functional reference for a given 'nid' */ - #ifndef ENGINE_TABLE_DEBUG - ENGINE *engine_table_select(ENGINE_TABLE **table, int nid) - #else --ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l) -+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, -+ int l) - #endif -- { -- ENGINE *ret = NULL; -- ENGINE_PILE tmplate, *fnd=NULL; -- int initres, loop = 0; -+{ -+ ENGINE *ret = NULL; -+ ENGINE_PILE tmplate, *fnd = NULL; -+ int initres, loop = 0; - -- if(!(*table)) -- { -+ if (!(*table)) { - #ifdef ENGINE_TABLE_DEBUG -- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " -- "registered!\n", f, l, nid); -+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " -+ "registered!\n", f, l, nid); - #endif -- return NULL; -- } -- ERR_set_mark(); -- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -- /* Check again inside the lock otherwise we could race against cleanup -- * operations. But don't worry about a fprintf(stderr). */ -- if(!int_table_check(table, 0)) goto end; -- tmplate.nid = nid; -- fnd = lh_retrieve(&(*table)->piles, &tmplate); -- if(!fnd) goto end; -- if(fnd->funct && engine_unlocked_init(fnd->funct)) -- { -+ return NULL; -+ } -+ ERR_set_mark(); -+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -+ /* -+ * Check again inside the lock otherwise we could race against cleanup -+ * operations. But don't worry about a fprintf(stderr). -+ */ -+ if (!int_table_check(table, 0)) -+ goto end; -+ tmplate.nid = nid; -+ fnd = lh_retrieve(&(*table)->piles, &tmplate); -+ if (!fnd) -+ goto end; -+ if (fnd->funct && engine_unlocked_init(fnd->funct)) { - #ifdef ENGINE_TABLE_DEBUG -- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " -- "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); -+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " -+ "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); - #endif -- ret = fnd->funct; -- goto end; -- } -- if(fnd->uptodate) -- { -- ret = fnd->funct; -- goto end; -- } --trynext: -- ret = sk_ENGINE_value(fnd->sk, loop++); -- if(!ret) -- { -+ ret = fnd->funct; -+ goto end; -+ } -+ if (fnd->uptodate) { -+ ret = fnd->funct; -+ goto end; -+ } -+ trynext: -+ ret = sk_ENGINE_value(fnd->sk, loop++); -+ if (!ret) { - #ifdef ENGINE_TABLE_DEBUG -- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " -- "registered implementations would initialise\n", -- f, l, nid); -+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " -+ "registered implementations would initialise\n", f, l, nid); - #endif -- goto end; -- } -- /* Try to initialise the ENGINE? */ -- if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) -- initres = engine_unlocked_init(ret); -- else -- initres = 0; -- if(initres) -- { -- /* Update 'funct' */ -- if((fnd->funct != ret) && engine_unlocked_init(ret)) -- { -- /* If there was a previous default we release it. */ -- if(fnd->funct) -- engine_unlocked_finish(fnd->funct, 0); -- fnd->funct = ret; -+ goto end; -+ } -+ /* Try to initialise the ENGINE? */ -+ if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) -+ initres = engine_unlocked_init(ret); -+ else -+ initres = 0; -+ if (initres) { -+ /* Update 'funct' */ -+ if ((fnd->funct != ret) && engine_unlocked_init(ret)) { -+ /* If there was a previous default we release it. */ -+ if (fnd->funct) -+ engine_unlocked_finish(fnd->funct, 0); -+ fnd->funct = ret; - #ifdef ENGINE_TABLE_DEBUG -- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " -- "setting default to '%s'\n", f, l, nid, ret->id); -+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " -+ "setting default to '%s'\n", f, l, nid, ret->id); - #endif -- } -+ } - #ifdef ENGINE_TABLE_DEBUG -- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " -- "newly initialised '%s'\n", f, l, nid, ret->id); -+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " -+ "newly initialised '%s'\n", f, l, nid, ret->id); - #endif -- goto end; -- } -- goto trynext; --end: -- /* If it failed, it is unlikely to succeed again until some future -- * registrations have taken place. In all cases, we cache. */ -- if(fnd) fnd->uptodate = 1; -+ goto end; -+ } -+ goto trynext; -+ end: -+ /* -+ * If it failed, it is unlikely to succeed again until some future -+ * registrations have taken place. In all cases, we cache. -+ */ -+ if (fnd) -+ fnd->uptodate = 1; - #ifdef ENGINE_TABLE_DEBUG -- if(ret) -- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " -- "ENGINE '%s'\n", f, l, nid, ret->id); -- else -- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " -- "'no matching ENGINE'\n", f, l, nid); -+ if (ret) -+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " -+ "ENGINE '%s'\n", f, l, nid, ret->id); -+ else -+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " -+ "'no matching ENGINE'\n", f, l, nid); - #endif -- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -- /* Whatever happened, any failed init()s are not failures in this -- * context, so clear our error state. */ -- ERR_pop_to_mark(); -- return ret; -- } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -+ /* -+ * Whatever happened, any failed init()s are not failures in this -+ * context, so clear our error state. -+ */ -+ ERR_pop_to_mark(); -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c -index 177fc1f..fcfb2ef 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,90 +54,90 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that -- * is used by EVP to hook in cipher code and cache defaults (etc), will display -- * brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_cipher_engine(), the function -+ * that is used by EVP to hook in cipher code and cache defaults (etc), will -+ * display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_CIPHER_DEBUG */ - - static ENGINE_TABLE *cipher_table = NULL; - - void ENGINE_unregister_ciphers(ENGINE *e) -- { -- engine_table_unregister(&cipher_table, e); -- } -+{ -+ engine_table_unregister(&cipher_table, e); -+} - - static void engine_unregister_all_ciphers(void) -- { -- engine_table_cleanup(&cipher_table); -- } -+{ -+ engine_table_cleanup(&cipher_table); -+} - - int ENGINE_register_ciphers(ENGINE *e) -- { -- if(e->ciphers) -- { -- const int *nids; -- int num_nids = e->ciphers(e, NULL, &nids, 0); -- if(num_nids > 0) -- return engine_table_register(&cipher_table, -- engine_unregister_all_ciphers, e, nids, -- num_nids, 0); -- } -- return 1; -- } -+{ -+ if (e->ciphers) { -+ const int *nids; -+ int num_nids = e->ciphers(e, NULL, &nids, 0); -+ if (num_nids > 0) -+ return engine_table_register(&cipher_table, -+ engine_unregister_all_ciphers, e, -+ nids, num_nids, 0); -+ } -+ return 1; -+} - - void ENGINE_register_all_ciphers() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_ciphers(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_ciphers(e); -+} - - int ENGINE_set_default_ciphers(ENGINE *e) -- { -- if(e->ciphers) -- { -- const int *nids; -- int num_nids = e->ciphers(e, NULL, &nids, 0); -- if(num_nids > 0) -- return engine_table_register(&cipher_table, -- engine_unregister_all_ciphers, e, nids, -- num_nids, 1); -- } -- return 1; -- } -+{ -+ if (e->ciphers) { -+ const int *nids; -+ int num_nids = e->ciphers(e, NULL, &nids, 0); -+ if (num_nids > 0) -+ return engine_table_register(&cipher_table, -+ engine_unregister_all_ciphers, e, -+ nids, num_nids, 1); -+ } -+ return 1; -+} - --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references) for a given cipher 'nid' */ -+ * references) for a given cipher 'nid' -+ */ - ENGINE *ENGINE_get_cipher_engine(int nid) -- { -- return engine_table_select(&cipher_table, nid); -- } -+{ -+ return engine_table_select(&cipher_table, nid); -+} - - /* Obtains a cipher implementation from an ENGINE functional reference */ - const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid) -- { -- const EVP_CIPHER *ret; -- ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e); -- if(!fn || !fn(e, &ret, NULL, nid)) -- { -- ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, -- ENGINE_R_UNIMPLEMENTED_CIPHER); -- return NULL; -- } -- return ret; -- } -+{ -+ const EVP_CIPHER *ret; -+ ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e); -+ if (!fn || !fn(e, &ret, NULL, nid)) { -+ ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER); -+ return NULL; -+ } -+ return ret; -+} - - /* Gets the cipher callback from an ENGINE structure */ - ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e) -- { -- return e->ciphers; -- } -+{ -+ return e->ciphers; -+} - - /* Sets the cipher callback in an ENGINE structure */ - int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f) -- { -- e->ciphers = f; -- return 1; -- } -+{ -+ e->ciphers = f; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c -index 6e9d428..8114afa 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,65 +54,71 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_default_DH(), the function that is -- * used by DH to hook in implementation code and cache defaults (etc), will -- * display brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_default_DH(), the function that -+ * is used by DH to hook in implementation code and cache defaults (etc), -+ * will display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_DH_DEBUG */ - - static ENGINE_TABLE *dh_table = NULL; - static const int dummy_nid = 1; - - void ENGINE_unregister_DH(ENGINE *e) -- { -- engine_table_unregister(&dh_table, e); -- } -+{ -+ engine_table_unregister(&dh_table, e); -+} - - static void engine_unregister_all_DH(void) -- { -- engine_table_cleanup(&dh_table); -- } -+{ -+ engine_table_cleanup(&dh_table); -+} - - int ENGINE_register_DH(ENGINE *e) -- { -- if(e->dh_meth) -- return engine_table_register(&dh_table, -- engine_unregister_all_DH, e, &dummy_nid, 1, 0); -- return 1; -- } -+{ -+ if (e->dh_meth) -+ return engine_table_register(&dh_table, -+ engine_unregister_all_DH, e, &dummy_nid, -+ 1, 0); -+ return 1; -+} - - void ENGINE_register_all_DH() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_DH(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_DH(e); -+} - - int ENGINE_set_default_DH(ENGINE *e) -- { -- if(e->dh_meth) -- return engine_table_register(&dh_table, -- engine_unregister_all_DH, e, &dummy_nid, 1, 1); -- return 1; -- } -+{ -+ if (e->dh_meth) -+ return engine_table_register(&dh_table, -+ engine_unregister_all_DH, e, &dummy_nid, -+ 1, 1); -+ return 1; -+} - --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references). */ -+ * references). -+ */ - ENGINE *ENGINE_get_default_DH(void) -- { -- return engine_table_select(&dh_table, dummy_nid); -- } -+{ -+ return engine_table_select(&dh_table, dummy_nid); -+} - - /* Obtains an DH implementation from an ENGINE functional reference */ - const DH_METHOD *ENGINE_get_DH(const ENGINE *e) -- { -- return e->dh_meth; -- } -+{ -+ return e->dh_meth; -+} - - /* Sets an DH implementation in an ENGINE structure */ - int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) -- { -- e->dh_meth = dh_meth; -- return 1; -- } -+{ -+ e->dh_meth = dh_meth; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c -index d3f4bb2..de1ad9c 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,90 +54,90 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_digest_engine(), the function that -- * is used by EVP to hook in digest code and cache defaults (etc), will display -- * brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_digest_engine(), the function -+ * that is used by EVP to hook in digest code and cache defaults (etc), will -+ * display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_DIGEST_DEBUG */ - - static ENGINE_TABLE *digest_table = NULL; - - void ENGINE_unregister_digests(ENGINE *e) -- { -- engine_table_unregister(&digest_table, e); -- } -+{ -+ engine_table_unregister(&digest_table, e); -+} - - static void engine_unregister_all_digests(void) -- { -- engine_table_cleanup(&digest_table); -- } -+{ -+ engine_table_cleanup(&digest_table); -+} - - int ENGINE_register_digests(ENGINE *e) -- { -- if(e->digests) -- { -- const int *nids; -- int num_nids = e->digests(e, NULL, &nids, 0); -- if(num_nids > 0) -- return engine_table_register(&digest_table, -- engine_unregister_all_digests, e, nids, -- num_nids, 0); -- } -- return 1; -- } -+{ -+ if (e->digests) { -+ const int *nids; -+ int num_nids = e->digests(e, NULL, &nids, 0); -+ if (num_nids > 0) -+ return engine_table_register(&digest_table, -+ engine_unregister_all_digests, e, -+ nids, num_nids, 0); -+ } -+ return 1; -+} - - void ENGINE_register_all_digests() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_digests(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_digests(e); -+} - - int ENGINE_set_default_digests(ENGINE *e) -- { -- if(e->digests) -- { -- const int *nids; -- int num_nids = e->digests(e, NULL, &nids, 0); -- if(num_nids > 0) -- return engine_table_register(&digest_table, -- engine_unregister_all_digests, e, nids, -- num_nids, 1); -- } -- return 1; -- } -+{ -+ if (e->digests) { -+ const int *nids; -+ int num_nids = e->digests(e, NULL, &nids, 0); -+ if (num_nids > 0) -+ return engine_table_register(&digest_table, -+ engine_unregister_all_digests, e, -+ nids, num_nids, 1); -+ } -+ return 1; -+} - --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references) for a given digest 'nid' */ -+ * references) for a given digest 'nid' -+ */ - ENGINE *ENGINE_get_digest_engine(int nid) -- { -- return engine_table_select(&digest_table, nid); -- } -+{ -+ return engine_table_select(&digest_table, nid); -+} - - /* Obtains a digest implementation from an ENGINE functional reference */ - const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid) -- { -- const EVP_MD *ret; -- ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e); -- if(!fn || !fn(e, &ret, NULL, nid)) -- { -- ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, -- ENGINE_R_UNIMPLEMENTED_DIGEST); -- return NULL; -- } -- return ret; -- } -+{ -+ const EVP_MD *ret; -+ ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e); -+ if (!fn || !fn(e, &ret, NULL, nid)) { -+ ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST); -+ return NULL; -+ } -+ return ret; -+} - - /* Gets the digest callback from an ENGINE structure */ - ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e) -- { -- return e->digests; -- } -+{ -+ return e->digests; -+} - - /* Sets the digest callback in an ENGINE structure */ - int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f) -- { -- e->digests = f; -- return 1; -- } -+{ -+ e->digests = f; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c -index e4674f5..c1f57f1 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,65 +54,71 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is -- * used by DSA to hook in implementation code and cache defaults (etc), will -- * display brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_default_DSA(), the function that -+ * is used by DSA to hook in implementation code and cache defaults (etc), -+ * will display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_DSA_DEBUG */ - - static ENGINE_TABLE *dsa_table = NULL; - static const int dummy_nid = 1; - - void ENGINE_unregister_DSA(ENGINE *e) -- { -- engine_table_unregister(&dsa_table, e); -- } -+{ -+ engine_table_unregister(&dsa_table, e); -+} - - static void engine_unregister_all_DSA(void) -- { -- engine_table_cleanup(&dsa_table); -- } -+{ -+ engine_table_cleanup(&dsa_table); -+} - - int ENGINE_register_DSA(ENGINE *e) -- { -- if(e->dsa_meth) -- return engine_table_register(&dsa_table, -- engine_unregister_all_DSA, e, &dummy_nid, 1, 0); -- return 1; -- } -+{ -+ if (e->dsa_meth) -+ return engine_table_register(&dsa_table, -+ engine_unregister_all_DSA, e, &dummy_nid, -+ 1, 0); -+ return 1; -+} - - void ENGINE_register_all_DSA() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_DSA(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_DSA(e); -+} - - int ENGINE_set_default_DSA(ENGINE *e) -- { -- if(e->dsa_meth) -- return engine_table_register(&dsa_table, -- engine_unregister_all_DSA, e, &dummy_nid, 1, 1); -- return 1; -- } -+{ -+ if (e->dsa_meth) -+ return engine_table_register(&dsa_table, -+ engine_unregister_all_DSA, e, &dummy_nid, -+ 1, 1); -+ return 1; -+} - --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references). */ -+ * references). -+ */ - ENGINE *ENGINE_get_default_DSA(void) -- { -- return engine_table_select(&dsa_table, dummy_nid); -- } -+{ -+ return engine_table_select(&dsa_table, dummy_nid); -+} - - /* Obtains an DSA implementation from an ENGINE functional reference */ - const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) -- { -- return e->dsa_meth; -- } -+{ -+ return e->dsa_meth; -+} - - /* Sets an DSA implementation in an ENGINE structure */ - int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) -- { -- e->dsa_meth = dsa_meth; -- return 1; -- } -+{ -+ e->dsa_meth = dsa_meth; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c -index c8ec781..c51441b 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c -@@ -21,7 +21,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -69,65 +69,71 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is -- * used by ECDH to hook in implementation code and cache defaults (etc), will -- * display brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_default_ECDH(), the function -+ * that is used by ECDH to hook in implementation code and cache defaults -+ * (etc), will display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_ECDH_DEBUG */ - - static ENGINE_TABLE *ecdh_table = NULL; - static const int dummy_nid = 1; - - void ENGINE_unregister_ECDH(ENGINE *e) -- { -- engine_table_unregister(&ecdh_table, e); -- } -+{ -+ engine_table_unregister(&ecdh_table, e); -+} - - static void engine_unregister_all_ECDH(void) -- { -- engine_table_cleanup(&ecdh_table); -- } -+{ -+ engine_table_cleanup(&ecdh_table); -+} - - int ENGINE_register_ECDH(ENGINE *e) -- { -- if(e->ecdh_meth) -- return engine_table_register(&ecdh_table, -- engine_unregister_all_ECDH, e, &dummy_nid, 1, 0); -- return 1; -- } -+{ -+ if (e->ecdh_meth) -+ return engine_table_register(&ecdh_table, -+ engine_unregister_all_ECDH, e, -+ &dummy_nid, 1, 0); -+ return 1; -+} - - void ENGINE_register_all_ECDH() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_ECDH(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_ECDH(e); -+} - - int ENGINE_set_default_ECDH(ENGINE *e) -- { -- if(e->ecdh_meth) -- return engine_table_register(&ecdh_table, -- engine_unregister_all_ECDH, e, &dummy_nid, 1, 1); -- return 1; -- } -+{ -+ if (e->ecdh_meth) -+ return engine_table_register(&ecdh_table, -+ engine_unregister_all_ECDH, e, -+ &dummy_nid, 1, 1); -+ return 1; -+} - --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references). */ -+ * references). -+ */ - ENGINE *ENGINE_get_default_ECDH(void) -- { -- return engine_table_select(&ecdh_table, dummy_nid); -- } -+{ -+ return engine_table_select(&ecdh_table, dummy_nid); -+} - - /* Obtains an ECDH implementation from an ENGINE functional reference */ - const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e) -- { -- return e->ecdh_meth; -- } -+{ -+ return e->ecdh_meth; -+} - - /* Sets an ECDH implementation in an ENGINE structure */ - int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth) -- { -- e->ecdh_meth = ecdh_meth; -- return 1; -- } -+{ -+ e->ecdh_meth = ecdh_meth; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c -index 005ecb6..a8b9be6 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,65 +54,71 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is -- * used by ECDSA to hook in implementation code and cache defaults (etc), will -- * display brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_default_ECDSA(), the function -+ * that is used by ECDSA to hook in implementation code and cache defaults -+ * (etc), will display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_ECDSA_DEBUG */ - - static ENGINE_TABLE *ecdsa_table = NULL; - static const int dummy_nid = 1; - - void ENGINE_unregister_ECDSA(ENGINE *e) -- { -- engine_table_unregister(&ecdsa_table, e); -- } -+{ -+ engine_table_unregister(&ecdsa_table, e); -+} - - static void engine_unregister_all_ECDSA(void) -- { -- engine_table_cleanup(&ecdsa_table); -- } -+{ -+ engine_table_cleanup(&ecdsa_table); -+} - - int ENGINE_register_ECDSA(ENGINE *e) -- { -- if(e->ecdsa_meth) -- return engine_table_register(&ecdsa_table, -- engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0); -- return 1; -- } -+{ -+ if (e->ecdsa_meth) -+ return engine_table_register(&ecdsa_table, -+ engine_unregister_all_ECDSA, e, -+ &dummy_nid, 1, 0); -+ return 1; -+} - - void ENGINE_register_all_ECDSA() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_ECDSA(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_ECDSA(e); -+} - - int ENGINE_set_default_ECDSA(ENGINE *e) -- { -- if(e->ecdsa_meth) -- return engine_table_register(&ecdsa_table, -- engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1); -- return 1; -- } -+{ -+ if (e->ecdsa_meth) -+ return engine_table_register(&ecdsa_table, -+ engine_unregister_all_ECDSA, e, -+ &dummy_nid, 1, 1); -+ return 1; -+} - --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references). */ -+ * references). -+ */ - ENGINE *ENGINE_get_default_ECDSA(void) -- { -- return engine_table_select(&ecdsa_table, dummy_nid); -- } -+{ -+ return engine_table_select(&ecdsa_table, dummy_nid); -+} - - /* Obtains an ECDSA implementation from an ENGINE functional reference */ - const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e) -- { -- return e->ecdsa_meth; -- } -+{ -+ return e->ecdsa_meth; -+} - - /* Sets an ECDSA implementation in an ENGINE structure */ - int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth) -- { -- e->ecdsa_meth = ecdsa_meth; -- return 1; -- } -+{ -+ e->ecdsa_meth = ecdsa_meth; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c -index f36f67c..a522264 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,65 +54,71 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is -- * used by RAND to hook in implementation code and cache defaults (etc), will -- * display brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_default_RAND(), the function -+ * that is used by RAND to hook in implementation code and cache defaults -+ * (etc), will display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_RAND_DEBUG */ - - static ENGINE_TABLE *rand_table = NULL; - static const int dummy_nid = 1; - - void ENGINE_unregister_RAND(ENGINE *e) -- { -- engine_table_unregister(&rand_table, e); -- } -+{ -+ engine_table_unregister(&rand_table, e); -+} - - static void engine_unregister_all_RAND(void) -- { -- engine_table_cleanup(&rand_table); -- } -+{ -+ engine_table_cleanup(&rand_table); -+} - - int ENGINE_register_RAND(ENGINE *e) -- { -- if(e->rand_meth) -- return engine_table_register(&rand_table, -- engine_unregister_all_RAND, e, &dummy_nid, 1, 0); -- return 1; -- } -+{ -+ if (e->rand_meth) -+ return engine_table_register(&rand_table, -+ engine_unregister_all_RAND, e, -+ &dummy_nid, 1, 0); -+ return 1; -+} - - void ENGINE_register_all_RAND() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_RAND(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_RAND(e); -+} - - int ENGINE_set_default_RAND(ENGINE *e) -- { -- if(e->rand_meth) -- return engine_table_register(&rand_table, -- engine_unregister_all_RAND, e, &dummy_nid, 1, 1); -- return 1; -- } -+{ -+ if (e->rand_meth) -+ return engine_table_register(&rand_table, -+ engine_unregister_all_RAND, e, -+ &dummy_nid, 1, 1); -+ return 1; -+} - --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references). */ -+ * references). -+ */ - ENGINE *ENGINE_get_default_RAND(void) -- { -- return engine_table_select(&rand_table, dummy_nid); -- } -+{ -+ return engine_table_select(&rand_table, dummy_nid); -+} - - /* Obtains an RAND implementation from an ENGINE functional reference */ - const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) -- { -- return e->rand_meth; -- } -+{ -+ return e->rand_meth; -+} - - /* Sets an RAND implementation in an ENGINE structure */ - int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) -- { -- e->rand_meth = rand_meth; -- return 1; -- } -+{ -+ e->rand_meth = rand_meth; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c -index fbc707f..2790a82 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,65 +54,71 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is -- * used by RSA to hook in implementation code and cache defaults (etc), will -- * display brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_default_RSA(), the function that -+ * is used by RSA to hook in implementation code and cache defaults (etc), -+ * will display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_RSA_DEBUG */ - - static ENGINE_TABLE *rsa_table = NULL; - static const int dummy_nid = 1; - - void ENGINE_unregister_RSA(ENGINE *e) -- { -- engine_table_unregister(&rsa_table, e); -- } -+{ -+ engine_table_unregister(&rsa_table, e); -+} - - static void engine_unregister_all_RSA(void) -- { -- engine_table_cleanup(&rsa_table); -- } -+{ -+ engine_table_cleanup(&rsa_table); -+} - - int ENGINE_register_RSA(ENGINE *e) -- { -- if(e->rsa_meth) -- return engine_table_register(&rsa_table, -- engine_unregister_all_RSA, e, &dummy_nid, 1, 0); -- return 1; -- } -+{ -+ if (e->rsa_meth) -+ return engine_table_register(&rsa_table, -+ engine_unregister_all_RSA, e, &dummy_nid, -+ 1, 0); -+ return 1; -+} - - void ENGINE_register_all_RSA() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_RSA(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_RSA(e); -+} - - int ENGINE_set_default_RSA(ENGINE *e) -- { -- if(e->rsa_meth) -- return engine_table_register(&rsa_table, -- engine_unregister_all_RSA, e, &dummy_nid, 1, 1); -- return 1; -- } -+{ -+ if (e->rsa_meth) -+ return engine_table_register(&rsa_table, -+ engine_unregister_all_RSA, e, &dummy_nid, -+ 1, 1); -+ return 1; -+} - --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references). */ -+ * references). -+ */ - ENGINE *ENGINE_get_default_RSA(void) -- { -- return engine_table_select(&rsa_table, dummy_nid); -- } -+{ -+ return engine_table_select(&rsa_table, dummy_nid); -+} - - /* Obtains an RSA implementation from an ENGINE functional reference */ - const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) -- { -- return e->rsa_meth; -- } -+{ -+ return e->rsa_meth; -+} - - /* Sets an RSA implementation in an ENGINE structure */ - int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) -- { -- e->rsa_meth = rsa_meth; -- return 1; -- } -+{ -+ e->rsa_meth = rsa_meth; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c -index 8cc435c..1eab49d 100644 ---- a/Cryptlib/OpenSSL/crypto/engine/tb_store.c -+++ b/Cryptlib/OpenSSL/crypto/engine/tb_store.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -54,70 +54,76 @@ - - #include "eng_int.h" - --/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is -- * used by STORE to hook in implementation code and cache defaults (etc), will -- * display brief debugging summaries to stderr with the 'nid'. */ -+/* -+ * If this symbol is defined then ENGINE_get_default_STORE(), the function -+ * that is used by STORE to hook in implementation code and cache defaults -+ * (etc), will display brief debugging summaries to stderr with the 'nid'. -+ */ - /* #define ENGINE_STORE_DEBUG */ - - static ENGINE_TABLE *store_table = NULL; - static const int dummy_nid = 1; - - void ENGINE_unregister_STORE(ENGINE *e) -- { -- engine_table_unregister(&store_table, e); -- } -+{ -+ engine_table_unregister(&store_table, e); -+} - - static void engine_unregister_all_STORE(void) -- { -- engine_table_cleanup(&store_table); -- } -+{ -+ engine_table_cleanup(&store_table); -+} - - int ENGINE_register_STORE(ENGINE *e) -- { -- if(e->store_meth) -- return engine_table_register(&store_table, -- engine_unregister_all_STORE, e, &dummy_nid, 1, 0); -- return 1; -- } -+{ -+ if (e->store_meth) -+ return engine_table_register(&store_table, -+ engine_unregister_all_STORE, e, -+ &dummy_nid, 1, 0); -+ return 1; -+} - - void ENGINE_register_all_STORE() -- { -- ENGINE *e; -+{ -+ ENGINE *e; - -- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) -- ENGINE_register_STORE(e); -- } -+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) -+ ENGINE_register_STORE(e); -+} - - /* The following two functions are removed because they're useless. */ - #if 0 - int ENGINE_set_default_STORE(ENGINE *e) -- { -- if(e->store_meth) -- return engine_table_register(&store_table, -- engine_unregister_all_STORE, e, &dummy_nid, 1, 1); -- return 1; -- } -+{ -+ if (e->store_meth) -+ return engine_table_register(&store_table, -+ engine_unregister_all_STORE, e, -+ &dummy_nid, 1, 1); -+ return 1; -+} - #endif - - #if 0 --/* Exposed API function to get a functional reference from the implementation -+/* -+ * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural -- * references). */ -+ * references). -+ */ - ENGINE *ENGINE_get_default_STORE(void) -- { -- return engine_table_select(&store_table, dummy_nid); -- } -+{ -+ return engine_table_select(&store_table, dummy_nid); -+} - #endif - - /* Obtains an STORE implementation from an ENGINE functional reference */ - const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) -- { -- return e->store_meth; -- } -+{ -+ return e->store_meth; -+} - - /* Sets an STORE implementation in an ENGINE structure */ - int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth) -- { -- e->store_meth = store_meth; -- return 1; -- } -+{ -+ e->store_meth = store_meth; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c -index a25e5b3..424eed9 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err.c -+++ b/Cryptlib/OpenSSL/crypto/err/err.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -119,199 +119,207 @@ - #include - #include - --static unsigned long get_error_values(int inc,int top, -- const char **file,int *line, -- const char **data,int *flags); -+static unsigned long get_error_values(int inc, int top, -+ const char **file, int *line, -+ const char **data, int *flags); - - #define err_clear_data(p,i) \ -- do { \ -- if (((p)->err_data[i] != NULL) && \ -- (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ -- { \ -- OPENSSL_free((p)->err_data[i]); \ -- (p)->err_data[i]=NULL; \ -- } \ -- (p)->err_data_flags[i]=0; \ -- } while(0) -+ do { \ -+ if (((p)->err_data[i] != NULL) && \ -+ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ -+ { \ -+ OPENSSL_free((p)->err_data[i]); \ -+ (p)->err_data[i]=NULL; \ -+ } \ -+ (p)->err_data_flags[i]=0; \ -+ } while(0) - - #define err_clear(p,i) \ -- do { \ -- (p)->err_flags[i]=0; \ -- (p)->err_buffer[i]=0; \ -- err_clear_data(p,i); \ -- (p)->err_file[i]=NULL; \ -- (p)->err_line[i]= -1; \ -- } while(0) -- --void ERR_put_error(int lib, int func, int reason, const char *file, -- int line) -- { -- ERR_STATE *es; -+ do { \ -+ (p)->err_flags[i]=0; \ -+ (p)->err_buffer[i]=0; \ -+ err_clear_data(p,i); \ -+ (p)->err_file[i]=NULL; \ -+ (p)->err_line[i]= -1; \ -+ } while(0) -+ -+void ERR_put_error(int lib, int func, int reason, const char *file, int line) -+{ -+ ERR_STATE *es; - - #ifdef _OSD_POSIX -- /* In the BS2000-OSD POSIX subsystem, the compiler generates -- * path names in the form "*POSIX(/etc/passwd)". -- * This dirty hack strips them to something sensible. -- * @@@ We shouldn't modify a const string, though. -- */ -- if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) { -- char *end; -- -- /* Skip the "*POSIX(" prefix */ -- file += sizeof("*POSIX(")-1; -- end = &file[strlen(file)-1]; -- if (*end == ')') -- *end = '\0'; -- /* Optional: use the basename of the path only. */ -- if ((end = strrchr(file, '/')) != NULL) -- file = &end[1]; -- } -+ /* -+ * In the BS2000-OSD POSIX subsystem, the compiler generates path names -+ * in the form "*POSIX(/etc/passwd)". This dirty hack strips them to -+ * something sensible. @@@ We shouldn't modify a const string, though. -+ */ -+ if (strncmp(file, "*POSIX(", sizeof("*POSIX(") - 1) == 0) { -+ char *end; -+ -+ /* Skip the "*POSIX(" prefix */ -+ file += sizeof("*POSIX(") - 1; -+ end = &file[strlen(file) - 1]; -+ if (*end == ')') -+ *end = '\0'; -+ /* Optional: use the basename of the path only. */ -+ if ((end = strrchr(file, '/')) != NULL) -+ file = &end[1]; -+ } - #endif -- es=ERR_get_state(); -- -- es->top=(es->top+1)%ERR_NUM_ERRORS; -- if (es->top == es->bottom) -- es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; -- es->err_flags[es->top]=0; -- es->err_buffer[es->top]=ERR_PACK(lib,func,reason); -- es->err_file[es->top]=file; -- es->err_line[es->top]=line; -- err_clear_data(es,es->top); -- } -+ es = ERR_get_state(); -+ -+ es->top = (es->top + 1) % ERR_NUM_ERRORS; -+ if (es->top == es->bottom) -+ es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS; -+ es->err_flags[es->top] = 0; -+ es->err_buffer[es->top] = ERR_PACK(lib, func, reason); -+ es->err_file[es->top] = file; -+ es->err_line[es->top] = line; -+ err_clear_data(es, es->top); -+} - - void ERR_clear_error(void) -- { -- int i; -- ERR_STATE *es; -+{ -+ int i; -+ ERR_STATE *es; - -- es=ERR_get_state(); -- -- for (i=0; itop=es->bottom=0; -- } -+ es = ERR_get_state(); - -+ for (i = 0; i < ERR_NUM_ERRORS; i++) { -+ err_clear(es, i); -+ } -+ es->top = es->bottom = 0; -+} - - unsigned long ERR_get_error(void) -- { return(get_error_values(1,0,NULL,NULL,NULL,NULL)); } -+{ -+ return (get_error_values(1, 0, NULL, NULL, NULL, NULL)); -+} - --unsigned long ERR_get_error_line(const char **file, -- int *line) -- { return(get_error_values(1,0,file,line,NULL,NULL)); } -+unsigned long ERR_get_error_line(const char **file, int *line) -+{ -+ return (get_error_values(1, 0, file, line, NULL, NULL)); -+} - - unsigned long ERR_get_error_line_data(const char **file, int *line, -- const char **data, int *flags) -- { return(get_error_values(1,0,file,line,data,flags)); } -- -+ const char **data, int *flags) -+{ -+ return (get_error_values(1, 0, file, line, data, flags)); -+} - - unsigned long ERR_peek_error(void) -- { return(get_error_values(0,0,NULL,NULL,NULL,NULL)); } -+{ -+ return (get_error_values(0, 0, NULL, NULL, NULL, NULL)); -+} - - unsigned long ERR_peek_error_line(const char **file, int *line) -- { return(get_error_values(0,0,file,line,NULL,NULL)); } -+{ -+ return (get_error_values(0, 0, file, line, NULL, NULL)); -+} - - unsigned long ERR_peek_error_line_data(const char **file, int *line, -- const char **data, int *flags) -- { return(get_error_values(0,0,file,line,data,flags)); } -- -+ const char **data, int *flags) -+{ -+ return (get_error_values(0, 0, file, line, data, flags)); -+} - - unsigned long ERR_peek_last_error(void) -- { return(get_error_values(0,1,NULL,NULL,NULL,NULL)); } -+{ -+ return (get_error_values(0, 1, NULL, NULL, NULL, NULL)); -+} - - unsigned long ERR_peek_last_error_line(const char **file, int *line) -- { return(get_error_values(0,1,file,line,NULL,NULL)); } -+{ -+ return (get_error_values(0, 1, file, line, NULL, NULL)); -+} - - unsigned long ERR_peek_last_error_line_data(const char **file, int *line, -- const char **data, int *flags) -- { return(get_error_values(0,1,file,line,data,flags)); } -- -- --static unsigned long get_error_values(int inc, int top, const char **file, int *line, -- const char **data, int *flags) -- { -- int i=0; -- ERR_STATE *es; -- unsigned long ret; -- -- es=ERR_get_state(); -- -- if (inc && top) -- { -- if (file) *file = ""; -- if (line) *line = 0; -- if (data) *data = ""; -- if (flags) *flags = 0; -- -- return ERR_R_INTERNAL_ERROR; -- } -- -- if (es->bottom == es->top) return 0; -- if (top) -- i=es->top; /* last error */ -- else -- i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */ -- -- ret=es->err_buffer[i]; -- if (inc) -- { -- es->bottom=i; -- es->err_buffer[i]=0; -- } -- -- if ((file != NULL) && (line != NULL)) -- { -- if (es->err_file[i] == NULL) -- { -- *file="NA"; -- if (line != NULL) *line=0; -- } -- else -- { -- *file=es->err_file[i]; -- if (line != NULL) *line=es->err_line[i]; -- } -- } -- -- if (data == NULL) -- { -- if (inc) -- { -- err_clear_data(es, i); -- } -- } -- else -- { -- if (es->err_data[i] == NULL) -- { -- *data=""; -- if (flags != NULL) *flags=0; -- } -- else -- { -- *data=es->err_data[i]; -- if (flags != NULL) *flags=es->err_data_flags[i]; -- } -- } -- return ret; -- } -+ const char **data, int *flags) -+{ -+ return (get_error_values(0, 1, file, line, data, flags)); -+} -+ -+static unsigned long get_error_values(int inc, int top, const char **file, -+ int *line, const char **data, -+ int *flags) -+{ -+ int i = 0; -+ ERR_STATE *es; -+ unsigned long ret; -+ -+ es = ERR_get_state(); -+ -+ if (inc && top) { -+ if (file) -+ *file = ""; -+ if (line) -+ *line = 0; -+ if (data) -+ *data = ""; -+ if (flags) -+ *flags = 0; -+ -+ return ERR_R_INTERNAL_ERROR; -+ } -+ -+ if (es->bottom == es->top) -+ return 0; -+ if (top) -+ i = es->top; /* last error */ -+ else -+ i = (es->bottom + 1) % ERR_NUM_ERRORS; /* first error */ -+ -+ ret = es->err_buffer[i]; -+ if (inc) { -+ es->bottom = i; -+ es->err_buffer[i] = 0; -+ } -+ -+ if ((file != NULL) && (line != NULL)) { -+ if (es->err_file[i] == NULL) { -+ *file = "NA"; -+ if (line != NULL) -+ *line = 0; -+ } else { -+ *file = es->err_file[i]; -+ if (line != NULL) -+ *line = es->err_line[i]; -+ } -+ } -+ -+ if (data == NULL) { -+ if (inc) { -+ err_clear_data(es, i); -+ } -+ } else { -+ if (es->err_data[i] == NULL) { -+ *data = ""; -+ if (flags != NULL) -+ *flags = 0; -+ } else { -+ *data = es->err_data[i]; -+ if (flags != NULL) -+ *flags = es->err_data_flags[i]; -+ } -+ } -+ return ret; -+} - - void ERR_set_error_data(char *data, int flags) -- { -- ERR_STATE *es; -- int i; -+{ -+ ERR_STATE *es; -+ int i; - -- es=ERR_get_state(); -+ es = ERR_get_state(); - -- i=es->top; -- if (i == 0) -- i=ERR_NUM_ERRORS-1; -+ i = es->top; -+ if (i == 0) -+ i = ERR_NUM_ERRORS - 1; - -- err_clear_data(es,i); -- es->err_data[i]=data; -- es->err_data_flags[i]=flags; -- } -+ err_clear_data(es, i); -+ es->err_data[i] = data; -+ es->err_data_flags[i] = flags; -+} - - /* Add EFIAPI for UEFI version. */ - #if defined(OPENSSL_SYS_UEFI) -@@ -319,103 +327,101 @@ void EFIAPI ERR_add_error_data(int num, ...) - #else - void ERR_add_error_data(int num, ...) - #endif -- { -- va_list args; -- int i,n,s; -- char *str,*p,*a; -- -- s=80; -- str=OPENSSL_malloc(s+1); -- if (str == NULL) return; -- str[0]='\0'; -- -- va_start(args, num); -- n=0; -- for (i=0; i */ -- if (a != NULL) -- { -- n+=strlen(a); -- if (n > s) -- { -- s=n+20; -- p=OPENSSL_realloc(str,s+1); -- if (p == NULL) -- { -- OPENSSL_free(str); -- goto err; -- } -- else -- str=p; -- } -- BUF_strlcat(str,a,(size_t)s+1); -- } -- } -- ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); -- --err: -- va_end(args); -- } -+{ -+ va_list args; -+ int i, n, s; -+ char *str, *p, *a; -+ -+ s = 80; -+ str = OPENSSL_malloc(s + 1); -+ if (str == NULL) -+ return; -+ str[0] = '\0'; -+ -+ va_start(args, num); -+ n = 0; -+ for (i = 0; i < num; i++) { -+ a = va_arg(args, char *); -+ /* ignore NULLs, thanks to Bob Beck */ -+ if (a != NULL) { -+ n += strlen(a); -+ if (n > s) { -+ s = n + 20; -+ p = OPENSSL_realloc(str, s + 1); -+ if (p == NULL) { -+ OPENSSL_free(str); -+ goto err; -+ } else -+ str = p; -+ } -+ BUF_strlcat(str, a, (size_t)s + 1); -+ } -+ } -+ ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING); -+ -+ err: -+ va_end(args); -+} - - int ERR_set_mark(void) -- { -- ERR_STATE *es; -+{ -+ ERR_STATE *es; - -- es=ERR_get_state(); -+ es = ERR_get_state(); - -- if (es->bottom == es->top) return 0; -- es->err_flags[es->top]|=ERR_FLAG_MARK; -- return 1; -- } -+ if (es->bottom == es->top) -+ return 0; -+ es->err_flags[es->top] |= ERR_FLAG_MARK; -+ return 1; -+} - - int ERR_pop_to_mark(void) -- { -- ERR_STATE *es; -- -- es=ERR_get_state(); -- -- while(es->bottom != es->top -- && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) -- { -- err_clear(es,es->top); -- es->top-=1; -- if (es->top == -1) es->top=ERR_NUM_ERRORS-1; -- } -- -- if (es->bottom == es->top) return 0; -- es->err_flags[es->top]&=~ERR_FLAG_MARK; -- return 1; -- } -+{ -+ ERR_STATE *es; -+ -+ es = ERR_get_state(); -+ -+ while (es->bottom != es->top -+ && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { -+ err_clear(es, es->top); -+ es->top -= 1; -+ if (es->top == -1) -+ es->top = ERR_NUM_ERRORS - 1; -+ } -+ -+ if (es->bottom == es->top) -+ return 0; -+ es->err_flags[es->top] &= ~ERR_FLAG_MARK; -+ return 1; -+} - - #ifdef OPENSSL_FIPS - - static ERR_STATE *fget_state(void) -- { -- static ERR_STATE fstate; -- return &fstate; -- } -+{ -+ static ERR_STATE fstate; -+ return &fstate; -+} - --ERR_STATE *(*get_state_func)(void) = fget_state; --void (*remove_state_func)(unsigned long pid); -+ERR_STATE *(*get_state_func) (void) = fget_state; -+void (*remove_state_func) (unsigned long pid); - - ERR_STATE *ERR_get_state(void) -- { -- return get_state_func(); -- } -+{ -+ return get_state_func(); -+} - --void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), -- void (*remove_func)(unsigned long pid)) -- { -- get_state_func = get_func; -- remove_state_func = remove_func; -- } -+void int_ERR_set_state_func(ERR_STATE *(*get_func) (void), -+ void (*remove_func) (unsigned long pid)) -+{ -+ get_state_func = get_func; -+ remove_state_func = remove_func; -+} - - void ERR_remove_state(unsigned long pid) -- { -- if (remove_state_func) -- remove_state_func(pid); -- } -+{ -+ if (remove_state_func) -+ remove_state_func(pid); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c -index 0429389..6e12a7e 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err_all.c -+++ b/Cryptlib/OpenSSL/crypto/err/err_all.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,24 +60,24 @@ - #include - #include - #ifndef OPENSSL_NO_EC --#include -+# include - #endif - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DH --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_ECDSA --#include -+# include - #endif - #ifndef OPENSSL_NO_ECDH --#include -+# include - #endif - #include - #include -@@ -89,77 +89,77 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #ifndef OPENSSL_NO_CMS --#include -+# include - #endif - #ifndef OPENSSL_NO_JPAKE --#include -+# include - #endif - #ifndef OPENSSL_NO_COMP --#include -+# include - #endif - - void ERR_load_crypto_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR -- ERR_load_ERR_strings(); /* include error strings for SYSerr */ -- ERR_load_BN_strings(); --#ifndef OPENSSL_NO_RSA -- ERR_load_RSA_strings(); --#endif --#ifndef OPENSSL_NO_DH -- ERR_load_DH_strings(); --#endif -- ERR_load_EVP_strings(); -- ERR_load_BUF_strings(); -- ERR_load_OBJ_strings(); -- ERR_load_PEM_strings(); --#ifndef OPENSSL_NO_DSA -- ERR_load_DSA_strings(); --#endif -- ERR_load_X509_strings(); -- ERR_load_ASN1_strings(); -- ERR_load_CONF_strings(); -- ERR_load_CRYPTO_strings(); --#ifndef OPENSSL_NO_EC -- ERR_load_EC_strings(); --#endif --#ifndef OPENSSL_NO_ECDSA -- ERR_load_ECDSA_strings(); --#endif --#ifndef OPENSSL_NO_ECDH -- ERR_load_ECDH_strings(); --#endif -- /* skip ERR_load_SSL_strings() because it is not in this library */ -- ERR_load_BIO_strings(); -- ERR_load_PKCS7_strings(); -- ERR_load_X509V3_strings(); -- ERR_load_PKCS12_strings(); -- ERR_load_RAND_strings(); -- ERR_load_DSO_strings(); --#ifndef OPENSSL_NO_ENGINE -- ERR_load_ENGINE_strings(); --#endif -- ERR_load_OCSP_strings(); -- ERR_load_UI_strings(); --#ifdef OPENSSL_FIPS -- ERR_load_FIPS_strings(); --#endif --#ifndef OPENSSL_NO_CMS -- ERR_load_CMS_strings(); --#endif --#ifndef OPENSSL_NO_JPAKE -- ERR_load_JPAKE_strings(); --#endif -- ERR_load_COMP_strings(); --#endif -- } -+ ERR_load_ERR_strings(); /* include error strings for SYSerr */ -+ ERR_load_BN_strings(); -+# ifndef OPENSSL_NO_RSA -+ ERR_load_RSA_strings(); -+# endif -+# ifndef OPENSSL_NO_DH -+ ERR_load_DH_strings(); -+# endif -+ ERR_load_EVP_strings(); -+ ERR_load_BUF_strings(); -+ ERR_load_OBJ_strings(); -+ ERR_load_PEM_strings(); -+# ifndef OPENSSL_NO_DSA -+ ERR_load_DSA_strings(); -+# endif -+ ERR_load_X509_strings(); -+ ERR_load_ASN1_strings(); -+ ERR_load_CONF_strings(); -+ ERR_load_CRYPTO_strings(); -+# ifndef OPENSSL_NO_EC -+ ERR_load_EC_strings(); -+# endif -+# ifndef OPENSSL_NO_ECDSA -+ ERR_load_ECDSA_strings(); -+# endif -+# ifndef OPENSSL_NO_ECDH -+ ERR_load_ECDH_strings(); -+# endif -+ /* skip ERR_load_SSL_strings() because it is not in this library */ -+ ERR_load_BIO_strings(); -+ ERR_load_PKCS7_strings(); -+ ERR_load_X509V3_strings(); -+ ERR_load_PKCS12_strings(); -+ ERR_load_RAND_strings(); -+ ERR_load_DSO_strings(); -+# ifndef OPENSSL_NO_ENGINE -+ ERR_load_ENGINE_strings(); -+# endif -+ ERR_load_OCSP_strings(); -+ ERR_load_UI_strings(); -+# ifdef OPENSSL_FIPS -+ ERR_load_FIPS_strings(); -+# endif -+# ifndef OPENSSL_NO_CMS -+ ERR_load_CMS_strings(); -+# endif -+# ifndef OPENSSL_NO_JPAKE -+ ERR_load_JPAKE_strings(); -+# endif -+ ERR_load_COMP_strings(); -+#endif -+} -diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c -index a42f804..b8b22fa 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err_bio.c -+++ b/Cryptlib/OpenSSL/crypto/err/err_bio.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,12 +64,11 @@ - #include - - static int print_bio(const char *str, size_t len, void *bp) -- { -- return BIO_write((BIO *)bp, str, len); -- } --void ERR_print_errors(BIO *bp) -- { -- ERR_print_errors_cb(print_bio, bp); -- } -+{ -+ return BIO_write((BIO *)bp, str, len); -+} - -- -+void ERR_print_errors(BIO *bp) -+{ -+ ERR_print_errors_cb(print_bio, bp); -+} -diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c -index 7ed3d84..8144652 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err_def.c -+++ b/Cryptlib/OpenSSL/crypto/err/err_def.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -120,47 +120,46 @@ - #include - - #define err_clear_data(p,i) \ -- do { \ -- if (((p)->err_data[i] != NULL) && \ -- (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ -- { \ -- OPENSSL_free((p)->err_data[i]); \ -- (p)->err_data[i]=NULL; \ -- } \ -- (p)->err_data_flags[i]=0; \ -- } while(0) -+ do { \ -+ if (((p)->err_data[i] != NULL) && \ -+ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ -+ { \ -+ OPENSSL_free((p)->err_data[i]); \ -+ (p)->err_data[i]=NULL; \ -+ } \ -+ (p)->err_data_flags[i]=0; \ -+ } while(0) - - #define err_clear(p,i) \ -- do { \ -- (p)->err_flags[i]=0; \ -- (p)->err_buffer[i]=0; \ -- err_clear_data(p,i); \ -- (p)->err_file[i]=NULL; \ -- (p)->err_line[i]= -1; \ -- } while(0) -+ do { \ -+ (p)->err_flags[i]=0; \ -+ (p)->err_buffer[i]=0; \ -+ err_clear_data(p,i); \ -+ (p)->err_file[i]=NULL; \ -+ (p)->err_line[i]= -1; \ -+ } while(0) - - static void err_load_strings(int lib, ERR_STRING_DATA *str); - - static void ERR_STATE_free(ERR_STATE *s); - - /* Define the predeclared (but externally opaque) "ERR_FNS" type */ --struct st_ERR_FNS -- { -- /* Works on the "error_hash" string table */ -- LHASH *(*cb_err_get)(int create); -- void (*cb_err_del)(void); -- ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *); -- ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *); -- ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); -- /* Works on the "thread_hash" error-state table */ -- LHASH *(*cb_thread_get)(int create); -- void (*cb_thread_release)(LHASH **hash); -- ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); -- ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); -- void (*cb_thread_del_item)(const ERR_STATE *); -- /* Returns the next available error "library" numbers */ -- int (*cb_get_next_lib)(void); -- }; -+struct st_ERR_FNS { -+ /* Works on the "error_hash" string table */ -+ LHASH *(*cb_err_get) (int create); -+ void (*cb_err_del) (void); -+ ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *); -+ ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *); -+ ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *); -+ /* Works on the "thread_hash" error-state table */ -+ LHASH *(*cb_thread_get) (int create); -+ void (*cb_thread_release) (LHASH **hash); -+ ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *); -+ ERR_STATE *(*cb_thread_set_item) (ERR_STATE *); -+ void (*cb_thread_del_item) (const ERR_STATE *); -+ /* Returns the next available error "library" numbers */ -+ int (*cb_get_next_lib) (void); -+}; - - /* Predeclarations of the "err_defaults" functions */ - static LHASH *int_err_get(int create); -@@ -175,20 +174,19 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *); - static void int_thread_del_item(const ERR_STATE *); - static int int_err_get_next_lib(void); - /* The static ERR_FNS table using these defaults functions */ --static const ERR_FNS err_defaults = -- { -- int_err_get, -- int_err_del, -- int_err_get_item, -- int_err_set_item, -- int_err_del_item, -- int_thread_get, -- int_thread_release, -- int_thread_get_item, -- int_thread_set_item, -- int_thread_del_item, -- int_err_get_next_lib -- }; -+static const ERR_FNS err_defaults = { -+ int_err_get, -+ int_err_del, -+ int_err_get_item, -+ int_err_set_item, -+ int_err_del_item, -+ int_thread_get, -+ int_thread_release, -+ int_thread_get_item, -+ int_thread_set_item, -+ int_thread_del_item, -+ int_err_get_next_lib -+}; - - /* The replacable table of ERR_FNS functions we use at run-time */ - static const ERR_FNS *err_fns = NULL; -@@ -196,54 +194,62 @@ static const ERR_FNS *err_fns = NULL; - /* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ - #define ERRFN(a) err_fns->cb_##a - --/* The internal state used by "err_defaults" - as such, the setting, reading, -+/* -+ * The internal state used by "err_defaults" - as such, the setting, reading, - * creating, and deleting of this data should only be permitted via the -- * "err_defaults" functions. This way, a linked module can completely defer all -- * ERR state operation (together with requisite locking) to the implementations -- * and state in the loading application. */ -+ * "err_defaults" functions. This way, a linked module can completely defer -+ * all ERR state operation (together with requisite locking) to the -+ * implementations and state in the loading application. -+ */ - static LHASH *int_error_hash = NULL; - static LHASH *int_thread_hash = NULL; - static int int_thread_hash_references = 0; --static int int_err_library_number= ERR_LIB_USER; -+static int int_err_library_number = ERR_LIB_USER; - --/* Internal function that checks whether "err_fns" is set and if not, sets it to -- * the defaults. */ -+/* -+ * Internal function that checks whether "err_fns" is set and if not, sets it -+ * to the defaults. -+ */ - static void err_fns_check(void) -- { -- if (err_fns) return; -- -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- if (!err_fns) -- err_fns = &err_defaults; -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -- } -+{ -+ if (err_fns) -+ return; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!err_fns) -+ err_fns = &err_defaults; -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+} - - /* API functions to get or set the underlying ERR functions. */ - - const ERR_FNS *ERR_get_implementation(void) -- { -- err_fns_check(); -- return err_fns; -- } -+{ -+ err_fns_check(); -+ return err_fns; -+} - - int ERR_set_implementation(const ERR_FNS *fns) -- { -- int ret = 0; -- -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting -- * an error is there?! */ -- if (!err_fns) -- { -- err_fns = fns; -- ret = 1; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -- return ret; -- } -- --/* These are the callbacks provided to "lh_new()" when creating the LHASH tables -- * internal to the "err_defaults" implementation. */ -+{ -+ int ret = 0; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ /* -+ * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an -+ * error is there?! -+ */ -+ if (!err_fns) { -+ err_fns = fns; -+ ret = 1; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ return ret; -+} -+ -+/* -+ * These are the callbacks provided to "lh_new()" when creating the LHASH -+ * tables internal to the "err_defaults" implementation. -+ */ - - /* static unsigned long err_hash(ERR_STRING_DATA *a); */ - static unsigned long err_hash(const void *a_void); -@@ -252,414 +258,408 @@ static int err_cmp(const void *a_void, const void *b_void); - /* static unsigned long pid_hash(ERR_STATE *pid); */ - static unsigned long pid_hash(const void *pid_void); - /* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */ --static int pid_cmp(const void *a_void,const void *pid_void); -+static int pid_cmp(const void *a_void, const void *pid_void); - - /* The internal functions used in the "err_defaults" implementation */ - - static LHASH *int_err_get(int create) -- { -- LHASH *ret = NULL; -- -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- if (!int_error_hash && create) -- { -- CRYPTO_push_info("int_err_get (err.c)"); -- int_error_hash = lh_new(err_hash, err_cmp); -- CRYPTO_pop_info(); -- } -- if (int_error_hash) -- ret = int_error_hash; -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -- -- return ret; -- } -+{ -+ LHASH *ret = NULL; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!int_error_hash && create) { -+ CRYPTO_push_info("int_err_get (err.c)"); -+ int_error_hash = lh_new(err_hash, err_cmp); -+ CRYPTO_pop_info(); -+ } -+ if (int_error_hash) -+ ret = int_error_hash; -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ -+ return ret; -+} - - static void int_err_del(void) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- if (int_error_hash) -- { -- lh_free(int_error_hash); -- int_error_hash = NULL; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -- } -+{ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (int_error_hash) { -+ lh_free(int_error_hash); -+ int_error_hash = NULL; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+} - - static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) -- { -- ERR_STRING_DATA *p; -- LHASH *hash; -+{ -+ ERR_STRING_DATA *p; -+ LHASH *hash; - -- err_fns_check(); -- hash = ERRFN(err_get)(0); -- if (!hash) -- return NULL; -+ err_fns_check(); -+ hash = ERRFN(err_get) (0); -+ if (!hash) -+ return NULL; - -- CRYPTO_r_lock(CRYPTO_LOCK_ERR); -- p = (ERR_STRING_DATA *)lh_retrieve(hash, d); -- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -+ CRYPTO_r_lock(CRYPTO_LOCK_ERR); -+ p = (ERR_STRING_DATA *)lh_retrieve(hash, d); -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - -- return p; -- } -+ return p; -+} - - static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) -- { -- ERR_STRING_DATA *p; -- LHASH *hash; -+{ -+ ERR_STRING_DATA *p; -+ LHASH *hash; - -- err_fns_check(); -- hash = ERRFN(err_get)(1); -- if (!hash) -- return NULL; -+ err_fns_check(); -+ hash = ERRFN(err_get) (1); -+ if (!hash) -+ return NULL; - -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- p = (ERR_STRING_DATA *)lh_insert(hash, d); -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ p = (ERR_STRING_DATA *)lh_insert(hash, d); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - -- return p; -- } -+ return p; -+} - - static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) -- { -- ERR_STRING_DATA *p; -- LHASH *hash; -+{ -+ ERR_STRING_DATA *p; -+ LHASH *hash; - -- err_fns_check(); -- hash = ERRFN(err_get)(0); -- if (!hash) -- return NULL; -+ err_fns_check(); -+ hash = ERRFN(err_get) (0); -+ if (!hash) -+ return NULL; - -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- p = (ERR_STRING_DATA *)lh_delete(hash, d); -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ p = (ERR_STRING_DATA *)lh_delete(hash, d); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - -- return p; -- } -+ return p; -+} - - static LHASH *int_thread_get(int create) -- { -- LHASH *ret = NULL; -- -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- if (!int_thread_hash && create) -- { -- CRYPTO_push_info("int_thread_get (err.c)"); -- int_thread_hash = lh_new(pid_hash, pid_cmp); -- CRYPTO_pop_info(); -- } -- if (int_thread_hash) -- { -- int_thread_hash_references++; -- ret = int_thread_hash; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -- return ret; -- } -+{ -+ LHASH *ret = NULL; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!int_thread_hash && create) { -+ CRYPTO_push_info("int_thread_get (err.c)"); -+ int_thread_hash = lh_new(pid_hash, pid_cmp); -+ CRYPTO_pop_info(); -+ } -+ if (int_thread_hash) { -+ int_thread_hash_references++; -+ ret = int_thread_hash; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ return ret; -+} - - static void int_thread_release(LHASH **hash) -- { -- int i; -+{ -+ int i; - -- if (hash == NULL || *hash == NULL) -- return; -+ if (hash == NULL || *hash == NULL) -+ return; - -- i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); -+ i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); - - #ifdef REF_PRINT -- fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); -+ fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR"); - #endif -- if (i > 0) return; -+ if (i > 0) -+ return; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"int_thread_release, bad reference count\n"); -- abort(); /* ok */ -- } -+ if (i < 0) { -+ fprintf(stderr, "int_thread_release, bad reference count\n"); -+ abort(); /* ok */ -+ } - #endif -- *hash = NULL; -- } -+ *hash = NULL; -+} - - static ERR_STATE *int_thread_get_item(const ERR_STATE *d) -- { -- ERR_STATE *p; -- LHASH *hash; -+{ -+ ERR_STATE *p; -+ LHASH *hash; - -- err_fns_check(); -- hash = ERRFN(thread_get)(0); -- if (!hash) -- return NULL; -+ err_fns_check(); -+ hash = ERRFN(thread_get) (0); -+ if (!hash) -+ return NULL; - -- CRYPTO_r_lock(CRYPTO_LOCK_ERR); -- p = (ERR_STATE *)lh_retrieve(hash, d); -- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -+ CRYPTO_r_lock(CRYPTO_LOCK_ERR); -+ p = (ERR_STATE *)lh_retrieve(hash, d); -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - -- ERRFN(thread_release)(&hash); -- return p; -- } -+ ERRFN(thread_release) (&hash); -+ return p; -+} - - static ERR_STATE *int_thread_set_item(ERR_STATE *d) -- { -- ERR_STATE *p; -- LHASH *hash; -+{ -+ ERR_STATE *p; -+ LHASH *hash; - -- err_fns_check(); -- hash = ERRFN(thread_get)(1); -- if (!hash) -- return NULL; -+ err_fns_check(); -+ hash = ERRFN(thread_get) (1); -+ if (!hash) -+ return NULL; - -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- p = (ERR_STATE *)lh_insert(hash, d); -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ p = (ERR_STATE *)lh_insert(hash, d); -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - -- ERRFN(thread_release)(&hash); -- return p; -- } -+ ERRFN(thread_release) (&hash); -+ return p; -+} - - static void int_thread_del_item(const ERR_STATE *d) -- { -- ERR_STATE *p; -- LHASH *hash; -- -- err_fns_check(); -- hash = ERRFN(thread_get)(0); -- if (!hash) -- return; -- -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- p = (ERR_STATE *)lh_delete(hash, d); -- /* make sure we don't leak memory */ -- if (int_thread_hash_references == 1 -- && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) -- { -- lh_free(int_thread_hash); -- int_thread_hash = NULL; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -- -- ERRFN(thread_release)(&hash); -- if (p) -- ERR_STATE_free(p); -- } -+{ -+ ERR_STATE *p; -+ LHASH *hash; -+ -+ err_fns_check(); -+ hash = ERRFN(thread_get) (0); -+ if (!hash) -+ return; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ p = (ERR_STATE *)lh_delete(hash, d); -+ /* make sure we don't leak memory */ -+ if (int_thread_hash_references == 1 -+ && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) { -+ lh_free(int_thread_hash); -+ int_thread_hash = NULL; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ -+ ERRFN(thread_release) (&hash); -+ if (p) -+ ERR_STATE_free(p); -+} - - static int int_err_get_next_lib(void) -- { -- int ret; -+{ -+ int ret; - -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- ret = int_err_library_number++; -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ ret = int_err_library_number++; -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - -- return ret; -- } -+ return ret; -+} - - static void ERR_STATE_free(ERR_STATE *s) -- { -- int i; -+{ -+ int i; - -- if (s == NULL) -- return; -+ if (s == NULL) -+ return; - -- for (i=0; ierror) -- { -- if (lib) -- str->error|=ERR_PACK(lib,0,0); -- ERRFN(err_set_item)(str); -- str++; -- } -- } -+{ -+ while (str->error) { -+ if (lib) -+ str->error |= ERR_PACK(lib, 0, 0); -+ ERRFN(err_set_item) (str); -+ str++; -+ } -+} - - void ERR_load_strings(int lib, ERR_STRING_DATA *str) -- { -- err_fns_check(); -- err_load_strings(lib, str); -- } -+{ -+ err_fns_check(); -+ err_load_strings(lib, str); -+} - - void ERR_unload_strings(int lib, ERR_STRING_DATA *str) -- { -- while (str->error) -- { -- if (lib) -- str->error|=ERR_PACK(lib,0,0); -- ERRFN(err_del_item)(str); -- str++; -- } -- } -+{ -+ while (str->error) { -+ if (lib) -+ str->error |= ERR_PACK(lib, 0, 0); -+ ERRFN(err_del_item) (str); -+ str++; -+ } -+} - - void ERR_free_strings(void) -- { -- err_fns_check(); -- ERRFN(err_del)(); -- } -+{ -+ err_fns_check(); -+ ERRFN(err_del) (); -+} - - LHASH *ERR_get_string_table(void) -- { -- err_fns_check(); -- return ERRFN(err_get)(0); -- } -+{ -+ err_fns_check(); -+ return ERRFN(err_get) (0); -+} - - LHASH *ERR_get_err_state_table(void) -- { -- err_fns_check(); -- return ERRFN(thread_get)(0); -- } -+{ -+ err_fns_check(); -+ return ERRFN(thread_get) (0); -+} - - void ERR_release_err_state_table(LHASH **hash) -- { -- err_fns_check(); -- ERRFN(thread_release)(hash); -- } -+{ -+ err_fns_check(); -+ ERRFN(thread_release) (hash); -+} - - const char *ERR_lib_error_string(unsigned long e) -- { -- ERR_STRING_DATA d,*p; -- unsigned long l; -+{ -+ ERR_STRING_DATA d, *p; -+ unsigned long l; - -- err_fns_check(); -- l=ERR_GET_LIB(e); -- d.error=ERR_PACK(l,0,0); -- p=ERRFN(err_get_item)(&d); -- return((p == NULL)?NULL:p->string); -- } -+ err_fns_check(); -+ l = ERR_GET_LIB(e); -+ d.error = ERR_PACK(l, 0, 0); -+ p = ERRFN(err_get_item) (&d); -+ return ((p == NULL) ? NULL : p->string); -+} - - const char *ERR_func_error_string(unsigned long e) -- { -- ERR_STRING_DATA d,*p; -- unsigned long l,f; -- -- err_fns_check(); -- l=ERR_GET_LIB(e); -- f=ERR_GET_FUNC(e); -- d.error=ERR_PACK(l,f,0); -- p=ERRFN(err_get_item)(&d); -- return((p == NULL)?NULL:p->string); -- } -+{ -+ ERR_STRING_DATA d, *p; -+ unsigned long l, f; -+ -+ err_fns_check(); -+ l = ERR_GET_LIB(e); -+ f = ERR_GET_FUNC(e); -+ d.error = ERR_PACK(l, f, 0); -+ p = ERRFN(err_get_item) (&d); -+ return ((p == NULL) ? NULL : p->string); -+} - - const char *ERR_reason_error_string(unsigned long e) -- { -- ERR_STRING_DATA d,*p=NULL; -- unsigned long l,r; -- -- err_fns_check(); -- l=ERR_GET_LIB(e); -- r=ERR_GET_REASON(e); -- d.error=ERR_PACK(l,0,r); -- p=ERRFN(err_get_item)(&d); -- if (!p) -- { -- d.error=ERR_PACK(0,0,r); -- p=ERRFN(err_get_item)(&d); -- } -- return((p == NULL)?NULL:p->string); -- } -+{ -+ ERR_STRING_DATA d, *p = NULL; -+ unsigned long l, r; -+ -+ err_fns_check(); -+ l = ERR_GET_LIB(e); -+ r = ERR_GET_REASON(e); -+ d.error = ERR_PACK(l, 0, r); -+ p = ERRFN(err_get_item) (&d); -+ if (!p) { -+ d.error = ERR_PACK(0, 0, r); -+ p = ERRFN(err_get_item) (&d); -+ } -+ return ((p == NULL) ? NULL : p->string); -+} - - /* static unsigned long err_hash(ERR_STRING_DATA *a) */ - static unsigned long err_hash(const void *a_void) -- { -- unsigned long ret,l; -+{ -+ unsigned long ret, l; - -- l=((const ERR_STRING_DATA *)a_void)->error; -- ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); -- return(ret^ret%19*13); -- } -+ l = ((const ERR_STRING_DATA *)a_void)->error; -+ ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l); -+ return (ret ^ ret % 19 * 13); -+} - - /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ - static int err_cmp(const void *a_void, const void *b_void) -- { -- return((int)(((const ERR_STRING_DATA *)a_void)->error - -- ((const ERR_STRING_DATA *)b_void)->error)); -- } -+{ -+ return ((int)(((const ERR_STRING_DATA *)a_void)->error - -+ ((const ERR_STRING_DATA *)b_void)->error)); -+} - - /* static unsigned long pid_hash(ERR_STATE *a) */ - static unsigned long pid_hash(const void *a_void) -- { -- return(((const ERR_STATE *)a_void)->pid*13); -- } -+{ -+ return (((const ERR_STATE *)a_void)->pid * 13); -+} - - /* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ - static int pid_cmp(const void *a_void, const void *b_void) -- { -- return((int)((long)((const ERR_STATE *)a_void)->pid - -- (long)((const ERR_STATE *)b_void)->pid)); -- } -+{ -+ return ((int)((long)((const ERR_STATE *)a_void)->pid - -+ (long)((const ERR_STATE *)b_void)->pid)); -+} -+ - #ifdef OPENSSL_FIPS - static void int_err_remove_state(unsigned long pid) - #else - void ERR_remove_state(unsigned long pid) - #endif -- { -- ERR_STATE tmp; -- -- err_fns_check(); -- if (pid == 0) -- pid=(unsigned long)CRYPTO_thread_id(); -- tmp.pid=pid; -- /* thread_del_item automatically destroys the LHASH if the number of -- * items reaches zero. */ -- ERRFN(thread_del_item)(&tmp); -- } -+{ -+ ERR_STATE tmp; -+ -+ err_fns_check(); -+ if (pid == 0) -+ pid = (unsigned long)CRYPTO_thread_id(); -+ tmp.pid = pid; -+ /* -+ * thread_del_item automatically destroys the LHASH if the number of -+ * items reaches zero. -+ */ -+ ERRFN(thread_del_item) (&tmp); -+} - - #ifdef OPENSSL_FIPS -- static ERR_STATE *int_err_get_state(void) -+static ERR_STATE *int_err_get_state(void) - #else - ERR_STATE *ERR_get_state(void) - #endif -- { -- static ERR_STATE fallback; -- ERR_STATE *ret,tmp,*tmpp=NULL; -- int i; -- unsigned long pid; -- -- err_fns_check(); -- pid=(unsigned long)CRYPTO_thread_id(); -- tmp.pid=pid; -- ret=ERRFN(thread_get_item)(&tmp); -- -- /* ret == the error state, if NULL, make a new one */ -- if (ret == NULL) -- { -- ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); -- if (ret == NULL) return(&fallback); -- ret->pid=pid; -- ret->top=0; -- ret->bottom=0; -- for (i=0; ierr_data[i]=NULL; -- ret->err_data_flags[i]=0; -- } -- tmpp = ERRFN(thread_set_item)(ret); -- /* To check if insertion failed, do a get. */ -- if (ERRFN(thread_get_item)(ret) != ret) -- { -- ERR_STATE_free(ret); /* could not insert it */ -- return(&fallback); -- } -- /* If a race occured in this function and we came second, tmpp -- * is the first one that we just replaced. */ -- if (tmpp) -- ERR_STATE_free(tmpp); -- } -- return ret; -- } -+{ -+ static ERR_STATE fallback; -+ ERR_STATE *ret, tmp, *tmpp = NULL; -+ int i; -+ unsigned long pid; -+ -+ err_fns_check(); -+ pid = (unsigned long)CRYPTO_thread_id(); -+ tmp.pid = pid; -+ ret = ERRFN(thread_get_item) (&tmp); -+ -+ /* ret == the error state, if NULL, make a new one */ -+ if (ret == NULL) { -+ ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); -+ if (ret == NULL) -+ return (&fallback); -+ ret->pid = pid; -+ ret->top = 0; -+ ret->bottom = 0; -+ for (i = 0; i < ERR_NUM_ERRORS; i++) { -+ ret->err_data[i] = NULL; -+ ret->err_data_flags[i] = 0; -+ } -+ tmpp = ERRFN(thread_set_item) (ret); -+ /* To check if insertion failed, do a get. */ -+ if (ERRFN(thread_get_item) (ret) != ret) { -+ ERR_STATE_free(ret); /* could not insert it */ -+ return (&fallback); -+ } -+ /* -+ * If a race occured in this function and we came second, tmpp is the -+ * first one that we just replaced. -+ */ -+ if (tmpp) -+ ERR_STATE_free(tmpp); -+ } -+ return ret; -+} - - #ifdef OPENSSL_FIPS - void int_ERR_lib_init(void) -- { -- int_ERR_set_state_func(int_err_get_state, int_err_remove_state); -- } -+{ -+ int_ERR_set_state_func(int_err_get_state, int_err_remove_state); -+} - #endif - - int ERR_get_next_error_library(void) -- { -- err_fns_check(); -- return ERRFN(get_next_lib)(); -- } -+{ -+ err_fns_check(); -+ return ERRFN(get_next_lib) (); -+} -diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c -index 1e46f93..060853a 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err_prn.c -+++ b/Cryptlib/OpenSSL/crypto/err/err_prn.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,101 +63,104 @@ - #include - #include - --void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), -- void *u) -- { -- unsigned long l; -- char buf[256]; -- char buf2[4096]; -- const char *file,*data; -- int line,flags; -- unsigned long es; -- -- es=CRYPTO_thread_id(); -- while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) -- { -- ERR_error_string_n(l, buf, sizeof buf); -- BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, -- file, line, (flags & ERR_TXT_STRING) ? data : ""); -- if (cb(buf2, strlen(buf2), u) <= 0) -- break; /* abort outputting the error report */ -- } -- } -+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), -+ void *u) -+{ -+ unsigned long l; -+ char buf[256]; -+ char buf2[4096]; -+ const char *file, *data; -+ int line, flags; -+ unsigned long es; -+ -+ es = CRYPTO_thread_id(); -+ while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { -+ ERR_error_string_n(l, buf, sizeof buf); -+ BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, -+ file, line, (flags & ERR_TXT_STRING) ? data : ""); -+ if (cb(buf2, strlen(buf2), u) <= 0) -+ break; /* abort outputting the error report */ -+ } -+} - - #ifndef OPENSSL_NO_FP_API - static int print_fp(const char *str, size_t len, void *fp) -- { -- BIO bio; -+{ -+ BIO bio; -+ -+ BIO_set(&bio, BIO_s_file()); -+ BIO_set_fp(&bio, fp, BIO_NOCLOSE); - -- BIO_set(&bio,BIO_s_file()); -- BIO_set_fp(&bio,fp,BIO_NOCLOSE); -+ return BIO_printf(&bio, "%s", str); -+} - -- return BIO_printf(&bio, "%s", str); -- } - void ERR_print_errors_fp(FILE *fp) -- { -- ERR_print_errors_cb(print_fp, fp); -- } -+{ -+ ERR_print_errors_cb(print_fp, fp); -+} - #endif - - void ERR_error_string_n(unsigned long e, char *buf, size_t len) -- { -- char lsbuf[64], fsbuf[64], rsbuf[64]; -- const char *ls,*fs,*rs; -- unsigned long l,f,r; -- -- l=ERR_GET_LIB(e); -- f=ERR_GET_FUNC(e); -- r=ERR_GET_REASON(e); -- -- ls=ERR_lib_error_string(e); -- fs=ERR_func_error_string(e); -- rs=ERR_reason_error_string(e); -- -- if (ls == NULL) -- BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); -- if (fs == NULL) -- BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); -- if (rs == NULL) -- BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); -- -- BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, -- fs?fs:fsbuf, rs?rs:rsbuf); -- if (strlen(buf) == len-1) -- { -- /* output may be truncated; make sure we always have 5 -- * colon-separated fields, i.e. 4 colons ... */ -+{ -+ char lsbuf[64], fsbuf[64], rsbuf[64]; -+ const char *ls, *fs, *rs; -+ unsigned long l, f, r; -+ -+ l = ERR_GET_LIB(e); -+ f = ERR_GET_FUNC(e); -+ r = ERR_GET_REASON(e); -+ -+ ls = ERR_lib_error_string(e); -+ fs = ERR_func_error_string(e); -+ rs = ERR_reason_error_string(e); -+ -+ if (ls == NULL) -+ BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); -+ if (fs == NULL) -+ BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); -+ if (rs == NULL) -+ BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); -+ -+ BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf, -+ fs ? fs : fsbuf, rs ? rs : rsbuf); -+ if (strlen(buf) == len - 1) { -+ /* -+ * output may be truncated; make sure we always have 5 -+ * colon-separated fields, i.e. 4 colons ... -+ */ - #define NUM_COLONS 4 -- if (len > NUM_COLONS) /* ... if possible */ -- { -- int i; -- char *s = buf; -- -- for (i = 0; i < NUM_COLONS; i++) -- { -- char *colon = strchr(s, ':'); -- if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) -- { -- /* set colon no. i at last possible position -- * (buf[len-1] is the terminating 0)*/ -- colon = &buf[len-1] - NUM_COLONS + i; -- *colon = ':'; -- } -- s = colon + 1; -- } -- } -- } -- } -+ if (len > NUM_COLONS) { /* ... if possible */ -+ int i; -+ char *s = buf; -+ -+ for (i = 0; i < NUM_COLONS; i++) { -+ char *colon = strchr(s, ':'); -+ if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) { -+ /* -+ * set colon no. i at last possible position (buf[len-1] -+ * is the terminating 0) -+ */ -+ colon = &buf[len - 1] - NUM_COLONS + i; -+ *colon = ':'; -+ } -+ s = colon + 1; -+ } -+ } -+ } -+} - - /* BAD for multi-threading: uses a local buffer if ret == NULL */ --/* ERR_error_string_n should be used instead for ret != NULL -- * as ERR_error_string cannot know how large the buffer is */ -+/* -+ * ERR_error_string_n should be used instead for ret != NULL as -+ * ERR_error_string cannot know how large the buffer is -+ */ - char *ERR_error_string(unsigned long e, char *ret) -- { -- static char buf[256]; -+{ -+ static char buf[256]; - -- if (ret == NULL) ret=buf; -- ERR_error_string_n(e, ret, 256); -+ if (ret == NULL) -+ ret = buf; -+ ERR_error_string_n(e, ret, 256); - -- return ret; -- } -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c -index d390408..5a642fb 100644 ---- a/Cryptlib/OpenSSL/crypto/err/err_str.c -+++ b/Cryptlib/OpenSSL/crypto/err/err_str.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -120,176 +120,170 @@ - #include - - #ifndef OPENSSL_NO_ERR --static ERR_STRING_DATA ERR_str_libraries[]= -- { --{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, --{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"}, --{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"}, --{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"}, --{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, --{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, --{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, --{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, --{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, --{ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"}, --{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, --{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, --{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"}, --{ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"}, --{ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"}, --{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, --{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, --{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, --{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, --{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, --{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"}, --{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, --{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, --{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, --{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, --{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, --{ERR_PACK(ERR_LIB_JPAKE,0,0) ,"JPAKE routines"}, --{0,NULL}, -- }; -+static ERR_STRING_DATA ERR_str_libraries[] = { -+ {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"}, -+ {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"}, -+ {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"}, -+ {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"}, -+ {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"}, -+ {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"}, -+ {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"}, -+ {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"}, -+ {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"}, -+ {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"}, -+ {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"}, -+ {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"}, -+ {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"}, -+ {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"}, -+ {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"}, -+ {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"}, -+ {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"}, -+ {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"}, -+ {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"}, -+ {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"}, -+ {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"}, -+ {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"}, -+ {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"}, -+ {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, -+ {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, -+ {ERR_PACK(ERR_LIB_JPAKE, 0, 0), "JPAKE routines"}, -+ {0, NULL}, -+}; - --static ERR_STRING_DATA ERR_str_functs[]= -- { -- {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"}, -- {ERR_PACK(0,SYS_F_CONNECT,0), "connect"}, -- {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"}, -- {ERR_PACK(0,SYS_F_SOCKET,0), "socket"}, -- {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"}, -- {ERR_PACK(0,SYS_F_BIND,0), "bind"}, -- {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, -- {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, --#ifdef OPENSSL_SYS_WINDOWS -- {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, --#endif -- {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, -- {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, -- {0,NULL}, -- }; -+static ERR_STRING_DATA ERR_str_functs[] = { -+ {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"}, -+ {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"}, -+ {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"}, -+ {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"}, -+ {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"}, -+ {ERR_PACK(0, SYS_F_BIND, 0), "bind"}, -+ {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"}, -+ {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"}, -+# ifdef OPENSSL_SYS_WINDOWS -+ {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"}, -+# endif -+ {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, -+ {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, -+ {0, NULL}, -+}; - --static ERR_STRING_DATA ERR_str_reasons[]= -- { --{ERR_R_SYS_LIB ,"system lib"}, --{ERR_R_BN_LIB ,"BN lib"}, --{ERR_R_RSA_LIB ,"RSA lib"}, --{ERR_R_DH_LIB ,"DH lib"}, --{ERR_R_EVP_LIB ,"EVP lib"}, --{ERR_R_BUF_LIB ,"BUF lib"}, --{ERR_R_OBJ_LIB ,"OBJ lib"}, --{ERR_R_PEM_LIB ,"PEM lib"}, --{ERR_R_DSA_LIB ,"DSA lib"}, --{ERR_R_X509_LIB ,"X509 lib"}, --{ERR_R_ASN1_LIB ,"ASN1 lib"}, --{ERR_R_CONF_LIB ,"CONF lib"}, --{ERR_R_CRYPTO_LIB ,"CRYPTO lib"}, --{ERR_R_EC_LIB ,"EC lib"}, --{ERR_R_SSL_LIB ,"SSL lib"}, --{ERR_R_BIO_LIB ,"BIO lib"}, --{ERR_R_PKCS7_LIB ,"PKCS7 lib"}, --{ERR_R_X509V3_LIB ,"X509V3 lib"}, --{ERR_R_PKCS12_LIB ,"PKCS12 lib"}, --{ERR_R_RAND_LIB ,"RAND lib"}, --{ERR_R_DSO_LIB ,"DSO lib"}, --{ERR_R_ENGINE_LIB ,"ENGINE lib"}, --{ERR_R_OCSP_LIB ,"OCSP lib"}, -+static ERR_STRING_DATA ERR_str_reasons[] = { -+ {ERR_R_SYS_LIB, "system lib"}, -+ {ERR_R_BN_LIB, "BN lib"}, -+ {ERR_R_RSA_LIB, "RSA lib"}, -+ {ERR_R_DH_LIB, "DH lib"}, -+ {ERR_R_EVP_LIB, "EVP lib"}, -+ {ERR_R_BUF_LIB, "BUF lib"}, -+ {ERR_R_OBJ_LIB, "OBJ lib"}, -+ {ERR_R_PEM_LIB, "PEM lib"}, -+ {ERR_R_DSA_LIB, "DSA lib"}, -+ {ERR_R_X509_LIB, "X509 lib"}, -+ {ERR_R_ASN1_LIB, "ASN1 lib"}, -+ {ERR_R_CONF_LIB, "CONF lib"}, -+ {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, -+ {ERR_R_EC_LIB, "EC lib"}, -+ {ERR_R_SSL_LIB, "SSL lib"}, -+ {ERR_R_BIO_LIB, "BIO lib"}, -+ {ERR_R_PKCS7_LIB, "PKCS7 lib"}, -+ {ERR_R_X509V3_LIB, "X509V3 lib"}, -+ {ERR_R_PKCS12_LIB, "PKCS12 lib"}, -+ {ERR_R_RAND_LIB, "RAND lib"}, -+ {ERR_R_DSO_LIB, "DSO lib"}, -+ {ERR_R_ENGINE_LIB, "ENGINE lib"}, -+ {ERR_R_OCSP_LIB, "OCSP lib"}, - --{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, --{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, --{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"}, --{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"}, --{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"}, --{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"}, -+ {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, -+ {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"}, -+ {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"}, -+ {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"}, -+ {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"}, -+ {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, - --{ERR_R_FATAL ,"fatal"}, --{ERR_R_MALLOC_FAILURE ,"malloc failure"}, --{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, --{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, --{ERR_R_INTERNAL_ERROR ,"internal error"}, --{ERR_R_DISABLED ,"called a function that was disabled at compile-time"}, -+ {ERR_R_FATAL, "fatal"}, -+ {ERR_R_MALLOC_FAILURE, "malloc failure"}, -+ {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, -+ "called a function you should not call"}, -+ {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, -+ {ERR_R_INTERNAL_ERROR, "internal error"}, -+ {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, - --{0,NULL}, -- }; -+ {0, NULL}, -+}; - #endif - - #ifndef OPENSSL_NO_ERR --#define NUM_SYS_STR_REASONS 127 --#define LEN_SYS_STR_REASON 32 -+# define NUM_SYS_STR_REASONS 127 -+# define LEN_SYS_STR_REASON 32 - - static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; --/* SYS_str_reasons is filled with copies of strerror() results at -- * initialization. -- * 'errno' values up to 127 should cover all usual errors, -- * others will be displayed numerically by ERR_error_string. -- * It is crucial that we have something for each reason code -- * that occurs in ERR_str_reasons, or bogus reason strings -- * will be returned for SYSerr, which always gets an errno -- * value and never one of those 'standard' reason codes. */ -+/* -+ * SYS_str_reasons is filled with copies of strerror() results at -+ * initialization. 'errno' values up to 127 should cover all usual errors, -+ * others will be displayed numerically by ERR_error_string. It is crucial -+ * that we have something for each reason code that occurs in -+ * ERR_str_reasons, or bogus reason strings will be returned for SYSerr, -+ * which always gets an errno value and never one of those 'standard' reason -+ * codes. -+ */ - - static void build_SYS_str_reasons(void) -- { -- /* OPENSSL_malloc cannot be used here, use static storage instead */ -- static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; -- int i; -- static int init = 1; -+{ -+ /* OPENSSL_malloc cannot be used here, use static storage instead */ -+ static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; -+ int i; -+ static int init = 1; -+ -+ CRYPTO_r_lock(CRYPTO_LOCK_ERR); -+ if (!init) { -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -+ return; -+ } - -- CRYPTO_r_lock(CRYPTO_LOCK_ERR); -- if (!init) -- { -- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -- return; -- } -- -- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -- CRYPTO_w_lock(CRYPTO_LOCK_ERR); -- if (!init) -- { -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -- return; -- } -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -+ CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!init) { -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ return; -+ } - -- for (i = 1; i <= NUM_SYS_STR_REASONS; i++) -- { -- ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; -+ for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { -+ ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; - -- str->error = (unsigned long)i; -- if (str->string == NULL) -- { -- char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); -- char *src = strerror(i); -- if (src != NULL) -- { -- strncpy(*dest, src, sizeof *dest); -- (*dest)[sizeof *dest - 1] = '\0'; -- str->string = *dest; -- } -- } -- if (str->string == NULL) -- str->string = "unknown"; -- } -+ str->error = (unsigned long)i; -+ if (str->string == NULL) { -+ char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); -+ char *src = strerror(i); -+ if (src != NULL) { -+ strncpy(*dest, src, sizeof *dest); -+ (*dest)[sizeof *dest - 1] = '\0'; -+ str->string = *dest; -+ } -+ } -+ if (str->string == NULL) -+ str->string = "unknown"; -+ } - -- /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, -- * as required by ERR_load_strings. */ -+ /* -+ * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as -+ * required by ERR_load_strings. -+ */ - -- init = 0; -- -- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -- } -+ init = 0; -+ -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+} - #endif - - void ERR_load_ERR_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR -- if (ERR_func_error_string(ERR_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,ERR_str_libraries); -- ERR_load_strings(0,ERR_str_reasons); -- ERR_load_strings(ERR_LIB_SYS,ERR_str_functs); -- build_SYS_str_reasons(); -- ERR_load_strings(ERR_LIB_SYS,SYS_str_reasons); -- } -+ if (ERR_func_error_string(ERR_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, ERR_str_libraries); -+ ERR_load_strings(0, ERR_str_reasons); -+ ERR_load_strings(ERR_LIB_SYS, ERR_str_functs); -+ build_SYS_str_reasons(); -+ ERR_load_strings(ERR_LIB_SYS, SYS_str_reasons); -+ } - #endif -- } -- -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -index 16863fe..538b520 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,535 +65,509 @@ - static int b64_write(BIO *h, const char *buf, int num); - static int b64_read(BIO *h, char *buf, int size); - static int b64_puts(BIO *h, const char *str); --/*static int b64_gets(BIO *h, char *str, int size); */ -+/* -+ * static int b64_gets(BIO *h, char *str, int size); -+ */ - static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int b64_new(BIO *h); - static int b64_free(BIO *data); --static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); --#define B64_BLOCK_SIZE 1024 --#define B64_BLOCK_SIZE2 768 --#define B64_NONE 0 --#define B64_ENCODE 1 --#define B64_DECODE 2 -- --typedef struct b64_struct -- { -- /*BIO *bio; moved to the BIO structure */ -- int buf_len; -- int buf_off; -- int tmp_len; /* used to find the start when decoding */ -- int tmp_nl; /* If true, scan until '\n' */ -- int encode; -- int start; /* have we started decoding yet? */ -- int cont; /* <= 0 when finished */ -- EVP_ENCODE_CTX base64; -- char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10]; -- char tmp[B64_BLOCK_SIZE]; -- } BIO_B64_CTX; -- --static BIO_METHOD methods_b64= -- { -- BIO_TYPE_BASE64,"base64 encoding", -- b64_write, -- b64_read, -- b64_puts, -- NULL, /* b64_gets, */ -- b64_ctrl, -- b64_new, -- b64_free, -- b64_callback_ctrl, -- }; -+static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -+#define B64_BLOCK_SIZE 1024 -+#define B64_BLOCK_SIZE2 768 -+#define B64_NONE 0 -+#define B64_ENCODE 1 -+#define B64_DECODE 2 -+ -+typedef struct b64_struct { -+ /* -+ * BIO *bio; moved to the BIO structure -+ */ -+ int buf_len; -+ int buf_off; -+ int tmp_len; /* used to find the start when decoding */ -+ int tmp_nl; /* If true, scan until '\n' */ -+ int encode; -+ int start; /* have we started decoding yet? */ -+ int cont; /* <= 0 when finished */ -+ EVP_ENCODE_CTX base64; -+ char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; -+ char tmp[B64_BLOCK_SIZE]; -+} BIO_B64_CTX; -+ -+static BIO_METHOD methods_b64 = { -+ BIO_TYPE_BASE64, "base64 encoding", -+ b64_write, -+ b64_read, -+ b64_puts, -+ NULL, /* b64_gets, */ -+ b64_ctrl, -+ b64_new, -+ b64_free, -+ b64_callback_ctrl, -+}; - - BIO_METHOD *BIO_f_base64(void) -- { -- return(&methods_b64); -- } -+{ -+ return (&methods_b64); -+} - - static int b64_new(BIO *bi) -- { -- BIO_B64_CTX *ctx; -- -- ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); -- if (ctx == NULL) return(0); -- -- ctx->buf_len=0; -- ctx->tmp_len=0; -- ctx->tmp_nl=0; -- ctx->buf_off=0; -- ctx->cont=1; -- ctx->start=1; -- ctx->encode=0; -- -- bi->init=1; -- bi->ptr=(char *)ctx; -- bi->flags=0; -- bi->num = 0; -- return(1); -- } -+{ -+ BIO_B64_CTX *ctx; -+ -+ ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); -+ if (ctx == NULL) -+ return (0); -+ -+ ctx->buf_len = 0; -+ ctx->tmp_len = 0; -+ ctx->tmp_nl = 0; -+ ctx->buf_off = 0; -+ ctx->cont = 1; -+ ctx->start = 1; -+ ctx->encode = 0; -+ -+ bi->init = 1; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ bi->num = 0; -+ return (1); -+} - - static int b64_free(BIO *a) -- { -- if (a == NULL) return(0); -- OPENSSL_free(a->ptr); -- a->ptr=NULL; -- a->init=0; -- a->flags=0; -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ OPENSSL_free(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); -+} -+ - static int b64_read(BIO *b, char *out, int outl) -- { -- int ret=0,i,ii,j,k,x,n,num,ret_code=0; -- BIO_B64_CTX *ctx; -- unsigned char *p,*q; -- -- if (out == NULL) return(0); -- ctx=(BIO_B64_CTX *)b->ptr; -- -- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); -- -- BIO_clear_retry_flags(b); -- -- if (ctx->encode != B64_DECODE) -- { -- ctx->encode=B64_DECODE; -- ctx->buf_len=0; -- ctx->buf_off=0; -- ctx->tmp_len=0; -- EVP_DecodeInit(&(ctx->base64)); -- } -- -- /* First check if there are bytes decoded/encoded */ -- if (ctx->buf_len > 0) -- { -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- i=ctx->buf_len-ctx->buf_off; -- if (i > outl) i=outl; -- OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); -- memcpy(out,&(ctx->buf[ctx->buf_off]),i); -- ret=i; -- out+=i; -- outl-=i; -- ctx->buf_off+=i; -- if (ctx->buf_len == ctx->buf_off) -- { -- ctx->buf_len=0; -- ctx->buf_off=0; -- } -- } -- -- /* At this point, we have room of outl bytes and an empty -- * buffer, so we should read in some more. */ -- -- ret_code=0; -- while (outl > 0) -- { -- if (ctx->cont <= 0) -- break; -- -- i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), -- B64_BLOCK_SIZE-ctx->tmp_len); -- -- if (i <= 0) -- { -- ret_code=i; -- -- /* Should we continue next time we are called? */ -- if (!BIO_should_retry(b->next_bio)) -- { -- ctx->cont=i; -- /* If buffer empty break */ -- if(ctx->tmp_len == 0) -- break; -- /* Fall through and process what we have */ -- else -- i = 0; -- } -- /* else we retry and add more data to buffer */ -- else -- break; -- } -- i+=ctx->tmp_len; -- ctx->tmp_len = i; -- -- /* We need to scan, a line at a time until we -- * have a valid line if we are starting. */ -- if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) -- { -- /* ctx->start=1; */ -- ctx->tmp_len=0; -- } -- else if (ctx->start) -- { -- q=p=(unsigned char *)ctx->tmp; -- num = 0; -- for (j=0; jtmp_nl) -- { -- p=q; -- ctx->tmp_nl=0; -- continue; -- } -- -- k=EVP_DecodeUpdate(&(ctx->base64), -- (unsigned char *)ctx->buf, -- &num,p,q-p); -- if ((k <= 0) && (num == 0) && (ctx->start)) -- EVP_DecodeInit(&ctx->base64); -- else -- { -- if (p != (unsigned char *) -- &(ctx->tmp[0])) -- { -- i-=(p- (unsigned char *) -- &(ctx->tmp[0])); -- for (x=0; x < i; x++) -- ctx->tmp[x]=p[x]; -- } -- EVP_DecodeInit(&ctx->base64); -- ctx->start=0; -- break; -- } -- p=q; -- } -- -- /* we fell off the end without starting */ -- if ((j == i) && (num == 0)) -- { -- /* Is this is one long chunk?, if so, keep on -- * reading until a new line. */ -- if (p == (unsigned char *)&(ctx->tmp[0])) -- { -- /* Check buffer full */ -- if (i == B64_BLOCK_SIZE) -- { -- ctx->tmp_nl=1; -- ctx->tmp_len=0; -- } -- } -- else if (p != q) /* finished on a '\n' */ -- { -- n=q-p; -- for (ii=0; iitmp[ii]=p[ii]; -- ctx->tmp_len=n; -- } -- /* else finished on a '\n' */ -- continue; -- } -- else -- { -- ctx->tmp_len=0; -- } -- } -- else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) -- { -- /* If buffer isn't full and we can retry then -- * restart to read in more data. -- */ -- continue; -- } -- -- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) -- { -- int z,jj; -+{ -+ int ret = 0, i, ii, j, k, x, n, num, ret_code = 0; -+ BIO_B64_CTX *ctx; -+ unsigned char *p, *q; -+ -+ if (out == NULL) -+ return (0); -+ ctx = (BIO_B64_CTX *)b->ptr; -+ -+ if ((ctx == NULL) || (b->next_bio == NULL)) -+ return (0); -+ -+ BIO_clear_retry_flags(b); -+ -+ if (ctx->encode != B64_DECODE) { -+ ctx->encode = B64_DECODE; -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ ctx->tmp_len = 0; -+ EVP_DecodeInit(&(ctx->base64)); -+ } -+ -+ /* First check if there are bytes decoded/encoded */ -+ if (ctx->buf_len > 0) { -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ i = ctx->buf_len - ctx->buf_off; -+ if (i > outl) -+ i = outl; -+ OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf)); -+ memcpy(out, &(ctx->buf[ctx->buf_off]), i); -+ ret = i; -+ out += i; -+ outl -= i; -+ ctx->buf_off += i; -+ if (ctx->buf_len == ctx->buf_off) { -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ } -+ } -+ -+ /* -+ * At this point, we have room of outl bytes and an empty buffer, so we -+ * should read in some more. -+ */ -+ -+ ret_code = 0; -+ while (outl > 0) { -+ if (ctx->cont <= 0) -+ break; -+ -+ i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]), -+ B64_BLOCK_SIZE - ctx->tmp_len); -+ -+ if (i <= 0) { -+ ret_code = i; -+ -+ /* Should we continue next time we are called? */ -+ if (!BIO_should_retry(b->next_bio)) { -+ ctx->cont = i; -+ /* If buffer empty break */ -+ if (ctx->tmp_len == 0) -+ break; -+ /* Fall through and process what we have */ -+ else -+ i = 0; -+ } -+ /* else we retry and add more data to buffer */ -+ else -+ break; -+ } -+ i += ctx->tmp_len; -+ ctx->tmp_len = i; -+ -+ /* -+ * We need to scan, a line at a time until we have a valid line if we -+ * are starting. -+ */ -+ if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) { -+ /* ctx->start=1; */ -+ ctx->tmp_len = 0; -+ } else if (ctx->start) { -+ q = p = (unsigned char *)ctx->tmp; -+ num = 0; -+ for (j = 0; j < i; j++) { -+ if (*(q++) != '\n') -+ continue; -+ -+ /* -+ * due to a previous very long line, we need to keep on -+ * scanning for a '\n' before we even start looking for -+ * base64 encoded stuff. -+ */ -+ if (ctx->tmp_nl) { -+ p = q; -+ ctx->tmp_nl = 0; -+ continue; -+ } -+ -+ k = EVP_DecodeUpdate(&(ctx->base64), -+ (unsigned char *)ctx->buf, -+ &num, p, q - p); -+ if ((k <= 0) && (num == 0) && (ctx->start)) -+ EVP_DecodeInit(&ctx->base64); -+ else { -+ if (p != (unsigned char *) -+ &(ctx->tmp[0])) { -+ i -= (p - (unsigned char *) -+ &(ctx->tmp[0])); -+ for (x = 0; x < i; x++) -+ ctx->tmp[x] = p[x]; -+ } -+ EVP_DecodeInit(&ctx->base64); -+ ctx->start = 0; -+ break; -+ } -+ p = q; -+ } -+ -+ /* we fell off the end without starting */ -+ if ((j == i) && (num == 0)) { -+ /* -+ * Is this is one long chunk?, if so, keep on reading until a -+ * new line. -+ */ -+ if (p == (unsigned char *)&(ctx->tmp[0])) { -+ /* Check buffer full */ -+ if (i == B64_BLOCK_SIZE) { -+ ctx->tmp_nl = 1; -+ ctx->tmp_len = 0; -+ } -+ } else if (p != q) { /* finished on a '\n' */ -+ n = q - p; -+ for (ii = 0; ii < n; ii++) -+ ctx->tmp[ii] = p[ii]; -+ ctx->tmp_len = n; -+ } -+ /* else finished on a '\n' */ -+ continue; -+ } else { -+ ctx->tmp_len = 0; -+ } -+ } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) { -+ /* -+ * If buffer isn't full and we can retry then restart to read in -+ * more data. -+ */ -+ continue; -+ } -+ -+ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { -+ int z, jj; - - #if 0 -- jj=(i>>2)<<2; -+ jj = (i >> 2) << 2; - #else -- jj = i & ~3; /* process per 4 */ -+ jj = i & ~3; /* process per 4 */ - #endif -- z=EVP_DecodeBlock((unsigned char *)ctx->buf, -- (unsigned char *)ctx->tmp,jj); -- if (jj > 2) -- { -- if (ctx->tmp[jj-1] == '=') -- { -- z--; -- if (ctx->tmp[jj-2] == '=') -- z--; -- } -- } -- /* z is now number of output bytes and jj is the -- * number consumed */ -- if (jj != i) -- { -- memmove(ctx->tmp, &ctx->tmp[jj], i-jj); -- ctx->tmp_len=i-jj; -- } -- ctx->buf_len=0; -- if (z > 0) -- { -- ctx->buf_len=z; -- } -- i=z; -- } -- else -- { -- i=EVP_DecodeUpdate(&(ctx->base64), -- (unsigned char *)ctx->buf,&ctx->buf_len, -- (unsigned char *)ctx->tmp,i); -- ctx->tmp_len = 0; -- } -- ctx->buf_off=0; -- if (i < 0) -- { -- ret_code=0; -- ctx->buf_len=0; -- break; -- } -- -- if (ctx->buf_len <= outl) -- i=ctx->buf_len; -- else -- i=outl; -- -- memcpy(out,ctx->buf,i); -- ret+=i; -- ctx->buf_off=i; -- if (ctx->buf_off == ctx->buf_len) -- { -- ctx->buf_len=0; -- ctx->buf_off=0; -- } -- outl-=i; -- out+=i; -- } -- /* BIO_clear_retry_flags(b); */ -- BIO_copy_next_retry(b); -- return((ret == 0)?ret_code:ret); -- } -+ z = EVP_DecodeBlock((unsigned char *)ctx->buf, -+ (unsigned char *)ctx->tmp, jj); -+ if (jj > 2) { -+ if (ctx->tmp[jj - 1] == '=') { -+ z--; -+ if (ctx->tmp[jj - 2] == '=') -+ z--; -+ } -+ } -+ /* -+ * z is now number of output bytes and jj is the number consumed -+ */ -+ if (jj != i) { -+ memmove(ctx->tmp, &ctx->tmp[jj], i - jj); -+ ctx->tmp_len = i - jj; -+ } -+ ctx->buf_len = 0; -+ if (z > 0) { -+ ctx->buf_len = z; -+ } -+ i = z; -+ } else { -+ i = EVP_DecodeUpdate(&(ctx->base64), -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)ctx->tmp, i); -+ ctx->tmp_len = 0; -+ } -+ ctx->buf_off = 0; -+ if (i < 0) { -+ ret_code = 0; -+ ctx->buf_len = 0; -+ break; -+ } -+ -+ if (ctx->buf_len <= outl) -+ i = ctx->buf_len; -+ else -+ i = outl; -+ -+ memcpy(out, ctx->buf, i); -+ ret += i; -+ ctx->buf_off = i; -+ if (ctx->buf_off == ctx->buf_len) { -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ } -+ outl -= i; -+ out += i; -+ } -+ /* BIO_clear_retry_flags(b); */ -+ BIO_copy_next_retry(b); -+ return ((ret == 0) ? ret_code : ret); -+} - - static int b64_write(BIO *b, const char *in, int inl) -- { -- int ret=0; -- int n; -- int i; -- BIO_B64_CTX *ctx; -- -- ctx=(BIO_B64_CTX *)b->ptr; -- BIO_clear_retry_flags(b); -- -- if (ctx->encode != B64_ENCODE) -- { -- ctx->encode=B64_ENCODE; -- ctx->buf_len=0; -- ctx->buf_off=0; -- ctx->tmp_len=0; -- EVP_EncodeInit(&(ctx->base64)); -- } -- -- OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); -- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- n=ctx->buf_len-ctx->buf_off; -- while (n > 0) -- { -- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- return(i); -- } -- OPENSSL_assert(i <= n); -- ctx->buf_off+=i; -- OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- n-=i; -- } -- /* at this point all pending data has been written */ -- ctx->buf_off=0; -- ctx->buf_len=0; -- -- if ((in == NULL) || (inl <= 0)) return(0); -- -- while (inl > 0) -- { -- n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; -- -- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) -- { -- if (ctx->tmp_len > 0) -- { -- OPENSSL_assert(ctx->tmp_len <= 3); -- n=3-ctx->tmp_len; -- /* There's a theoretical possibility for this */ -- if (n > inl) -- n=inl; -- memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); -- ctx->tmp_len+=n; -- ret += n; -- if (ctx->tmp_len < 3) -- break; -- ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len); -- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- /* Since we're now done using the temporary -- buffer, the length should be 0'd */ -- ctx->tmp_len=0; -- } -- else -- { -- if (n < 3) -- { -- memcpy(ctx->tmp,in,n); -- ctx->tmp_len=n; -- ret += n; -- break; -- } -- n-=n%3; -- ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n); -- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- ret += n; -- } -- } -- else -- { -- EVP_EncodeUpdate(&(ctx->base64), -- (unsigned char *)ctx->buf,&ctx->buf_len, -- (unsigned char *)in,n); -- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- ret += n; -- } -- inl-=n; -- in+=n; -- -- ctx->buf_off=0; -- n=ctx->buf_len; -- while (n > 0) -- { -- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- return((ret == 0)?i:ret); -- } -- OPENSSL_assert(i <= n); -- n-=i; -- ctx->buf_off+=i; -- OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- } -- ctx->buf_len=0; -- ctx->buf_off=0; -- } -- return(ret); -- } -+{ -+ int ret = 0; -+ int n; -+ int i; -+ BIO_B64_CTX *ctx; -+ -+ ctx = (BIO_B64_CTX *)b->ptr; -+ BIO_clear_retry_flags(b); -+ -+ if (ctx->encode != B64_ENCODE) { -+ ctx->encode = B64_ENCODE; -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ ctx->tmp_len = 0; -+ EVP_EncodeInit(&(ctx->base64)); -+ } -+ -+ OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); -+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ n = ctx->buf_len - ctx->buf_off; -+ while (n > 0) { -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ return (i); -+ } -+ OPENSSL_assert(i <= n); -+ ctx->buf_off += i; -+ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ n -= i; -+ } -+ /* at this point all pending data has been written */ -+ ctx->buf_off = 0; -+ ctx->buf_len = 0; -+ -+ if ((in == NULL) || (inl <= 0)) -+ return (0); -+ -+ while (inl > 0) { -+ n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl; -+ -+ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { -+ if (ctx->tmp_len > 0) { -+ OPENSSL_assert(ctx->tmp_len <= 3); -+ n = 3 - ctx->tmp_len; -+ /* -+ * There's a theoretical possibility for this -+ */ -+ if (n > inl) -+ n = inl; -+ memcpy(&(ctx->tmp[ctx->tmp_len]), in, n); -+ ctx->tmp_len += n; -+ ret += n; -+ if (ctx->tmp_len < 3) -+ break; -+ ctx->buf_len = -+ EVP_EncodeBlock((unsigned char *)ctx->buf, -+ (unsigned char *)ctx->tmp, ctx->tmp_len); -+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ /* -+ * Since we're now done using the temporary buffer, the -+ * length should be 0'd -+ */ -+ ctx->tmp_len = 0; -+ } else { -+ if (n < 3) { -+ memcpy(ctx->tmp, in, n); -+ ctx->tmp_len = n; -+ ret += n; -+ break; -+ } -+ n -= n % 3; -+ ctx->buf_len = -+ EVP_EncodeBlock((unsigned char *)ctx->buf, -+ (const unsigned char *)in, n); -+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ ret += n; -+ } -+ } else { -+ EVP_EncodeUpdate(&(ctx->base64), -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)in, n); -+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ ret += n; -+ } -+ inl -= n; -+ in += n; -+ -+ ctx->buf_off = 0; -+ n = ctx->buf_len; -+ while (n > 0) { -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ return ((ret == 0) ? i : ret); -+ } -+ OPENSSL_assert(i <= n); -+ n -= i; -+ ctx->buf_off += i; -+ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ } -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ } -+ return (ret); -+} - - static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- BIO_B64_CTX *ctx; -- long ret=1; -- int i; -- -- ctx=(BIO_B64_CTX *)b->ptr; -- -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- ctx->cont=1; -- ctx->start=1; -- ctx->encode=B64_NONE; -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_EOF: /* More to read */ -- if (ctx->cont <= 0) -- ret=1; -- else -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_WPENDING: /* More to write in buffer */ -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- ret=ctx->buf_len-ctx->buf_off; -- if ((ret == 0) && (ctx->encode != B64_NONE) -- && (ctx->base64.num != 0)) -- ret=1; -- else if (ret <= 0) -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_PENDING: /* More to read in buffer */ -- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -- ret=ctx->buf_len-ctx->buf_off; -- if (ret <= 0) -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_FLUSH: -- /* do a final write */ --again: -- while (ctx->buf_len != ctx->buf_off) -- { -- i=b64_write(b,NULL,0); -- if (i < 0) -- return i; -- } -- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) -- { -- if (ctx->tmp_len != 0) -- { -- ctx->buf_len=EVP_EncodeBlock( -- (unsigned char *)ctx->buf, -- (unsigned char *)ctx->tmp, -- ctx->tmp_len); -- ctx->buf_off=0; -- ctx->tmp_len=0; -- goto again; -- } -- } -- else if (ctx->encode != B64_NONE && ctx->base64.num != 0) -- { -- ctx->buf_off=0; -- EVP_EncodeFinal(&(ctx->base64), -- (unsigned char *)ctx->buf, -- &(ctx->buf_len)); -- /* push out the bytes */ -- goto again; -- } -- /* Finally flush the underlying BIO */ -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- -- case BIO_C_DO_STATE_MACHINE: -- BIO_clear_retry_flags(b); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- BIO_copy_next_retry(b); -- break; -- -- case BIO_CTRL_DUP: -- break; -- case BIO_CTRL_INFO: -- case BIO_CTRL_GET: -- case BIO_CTRL_SET: -- default: -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- } -- return(ret); -- } -+{ -+ BIO_B64_CTX *ctx; -+ long ret = 1; -+ int i; -+ -+ ctx = (BIO_B64_CTX *)b->ptr; -+ -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ ctx->cont = 1; -+ ctx->start = 1; -+ ctx->encode = B64_NONE; -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_EOF: /* More to read */ -+ if (ctx->cont <= 0) -+ ret = 1; -+ else -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_WPENDING: /* More to write in buffer */ -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ ret = ctx->buf_len - ctx->buf_off; -+ if ((ret == 0) && (ctx->encode != B64_NONE) -+ && (ctx->base64.num != 0)) -+ ret = 1; -+ else if (ret <= 0) -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_PENDING: /* More to read in buffer */ -+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); -+ ret = ctx->buf_len - ctx->buf_off; -+ if (ret <= 0) -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_FLUSH: -+ /* do a final write */ -+ again: -+ while (ctx->buf_len != ctx->buf_off) { -+ i = b64_write(b, NULL, 0); -+ if (i < 0) -+ return i; -+ } -+ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { -+ if (ctx->tmp_len != 0) { -+ ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf, -+ (unsigned char *)ctx->tmp, -+ ctx->tmp_len); -+ ctx->buf_off = 0; -+ ctx->tmp_len = 0; -+ goto again; -+ } -+ } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { -+ ctx->buf_off = 0; -+ EVP_EncodeFinal(&(ctx->base64), -+ (unsigned char *)ctx->buf, &(ctx->buf_len)); -+ /* push out the bytes */ -+ goto again; -+ } -+ /* Finally flush the underlying BIO */ -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ -+ case BIO_C_DO_STATE_MACHINE: -+ BIO_clear_retry_flags(b); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ BIO_copy_next_retry(b); -+ break; -+ -+ case BIO_CTRL_DUP: -+ break; -+ case BIO_CTRL_INFO: -+ case BIO_CTRL_GET: -+ case BIO_CTRL_SET: -+ default: -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ } -+ return (ret); -+} - - static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -- { -- long ret=1; -- -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- default: -- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); -- break; -- } -- return(ret); -- } -+{ -+ long ret = 1; -+ -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ default: -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); -+ break; -+ } -+ return (ret); -+} - - static int b64_puts(BIO *b, const char *str) -- { -- return b64_write(b,str,strlen(str)); -- } -+{ -+ return b64_write(b, str, strlen(str)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c -index f6ac94c..4397fb1 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,363 +64,363 @@ - - static int enc_write(BIO *h, const char *buf, int num); - static int enc_read(BIO *h, char *buf, int size); --/*static int enc_puts(BIO *h, const char *str); */ --/*static int enc_gets(BIO *h, char *str, int size); */ -+/* -+ * static int enc_puts(BIO *h, const char *str); -+ */ -+/* -+ * static int enc_gets(BIO *h, char *str, int size); -+ */ - static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int enc_new(BIO *h); - static int enc_free(BIO *data); - static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); --#define ENC_BLOCK_SIZE (1024*4) --#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) -- --typedef struct enc_struct -- { -- int buf_len; -- int buf_off; -- int cont; /* <= 0 when finished */ -- int finished; -- int ok; /* bad decrypt */ -- EVP_CIPHER_CTX cipher; -- /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate -- * can return up to a block more data than is presented to it -- */ -- char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2]; -- } BIO_ENC_CTX; -- --static BIO_METHOD methods_enc= -- { -- BIO_TYPE_CIPHER,"cipher", -- enc_write, -- enc_read, -- NULL, /* enc_puts, */ -- NULL, /* enc_gets, */ -- enc_ctrl, -- enc_new, -- enc_free, -- enc_callback_ctrl, -- }; -+#define ENC_BLOCK_SIZE (1024*4) -+#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) -+ -+typedef struct enc_struct { -+ int buf_len; -+ int buf_off; -+ int cont; /* <= 0 when finished */ -+ int finished; -+ int ok; /* bad decrypt */ -+ EVP_CIPHER_CTX cipher; -+ /* -+ * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return -+ * up to a block more data than is presented to it -+ */ -+ char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2]; -+} BIO_ENC_CTX; -+ -+static BIO_METHOD methods_enc = { -+ BIO_TYPE_CIPHER, "cipher", -+ enc_write, -+ enc_read, -+ NULL, /* enc_puts, */ -+ NULL, /* enc_gets, */ -+ enc_ctrl, -+ enc_new, -+ enc_free, -+ enc_callback_ctrl, -+}; - - BIO_METHOD *BIO_f_cipher(void) -- { -- return(&methods_enc); -- } -+{ -+ return (&methods_enc); -+} - - static int enc_new(BIO *bi) -- { -- BIO_ENC_CTX *ctx; -- -- ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); -- if (ctx == NULL) return(0); -- EVP_CIPHER_CTX_init(&ctx->cipher); -- -- ctx->buf_len=0; -- ctx->buf_off=0; -- ctx->cont=1; -- ctx->finished=0; -- ctx->ok=1; -- -- bi->init=0; -- bi->ptr=(char *)ctx; -- bi->flags=0; -- return(1); -- } -+{ -+ BIO_ENC_CTX *ctx; -+ -+ ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); -+ if (ctx == NULL) -+ return (0); -+ EVP_CIPHER_CTX_init(&ctx->cipher); -+ -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ ctx->cont = 1; -+ ctx->finished = 0; -+ ctx->ok = 1; -+ -+ bi->init = 0; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ return (1); -+} - - static int enc_free(BIO *a) -- { -- BIO_ENC_CTX *b; -- -- if (a == NULL) return(0); -- b=(BIO_ENC_CTX *)a->ptr; -- EVP_CIPHER_CTX_cleanup(&(b->cipher)); -- OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX)); -- OPENSSL_free(a->ptr); -- a->ptr=NULL; -- a->init=0; -- a->flags=0; -- return(1); -- } -- -+{ -+ BIO_ENC_CTX *b; -+ -+ if (a == NULL) -+ return (0); -+ b = (BIO_ENC_CTX *)a->ptr; -+ EVP_CIPHER_CTX_cleanup(&(b->cipher)); -+ OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX)); -+ OPENSSL_free(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); -+} -+ - static int enc_read(BIO *b, char *out, int outl) -- { -- int ret=0,i; -- BIO_ENC_CTX *ctx; -- -- if (out == NULL) return(0); -- ctx=(BIO_ENC_CTX *)b->ptr; -- -- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); -- -- /* First check if there are bytes decoded/encoded */ -- if (ctx->buf_len > 0) -- { -- i=ctx->buf_len-ctx->buf_off; -- if (i > outl) i=outl; -- memcpy(out,&(ctx->buf[ctx->buf_off]),i); -- ret=i; -- out+=i; -- outl-=i; -- ctx->buf_off+=i; -- if (ctx->buf_len == ctx->buf_off) -- { -- ctx->buf_len=0; -- ctx->buf_off=0; -- } -- } -- -- /* At this point, we have room of outl bytes and an empty -- * buffer, so we should read in some more. */ -- -- while (outl > 0) -- { -- if (ctx->cont <= 0) break; -- -- /* read in at IV offset, read the EVP_Cipher -- * documentation about why */ -- i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE); -- -- if (i <= 0) -- { -- /* Should be continue next time we are called? */ -- if (!BIO_should_retry(b->next_bio)) -- { -- ctx->cont=i; -- i=EVP_CipherFinal_ex(&(ctx->cipher), -- (unsigned char *)ctx->buf, -- &(ctx->buf_len)); -- ctx->ok=i; -- ctx->buf_off=0; -- } -- else -- { -- ret=(ret == 0)?i:ret; -- break; -- } -- } -- else -- { -- EVP_CipherUpdate(&(ctx->cipher), -- (unsigned char *)ctx->buf,&ctx->buf_len, -- (unsigned char *)&(ctx->buf[BUF_OFFSET]),i); -- ctx->cont=1; -- /* Note: it is possible for EVP_CipherUpdate to -- * decrypt zero bytes because this is or looks like -- * the final block: if this happens we should retry -- * and either read more data or decrypt the final -- * block -- */ -- if(ctx->buf_len == 0) continue; -- } -- -- if (ctx->buf_len <= outl) -- i=ctx->buf_len; -- else -- i=outl; -- if (i <= 0) break; -- memcpy(out,ctx->buf,i); -- ret+=i; -- ctx->buf_off=i; -- outl-=i; -- out+=i; -- } -- -- BIO_clear_retry_flags(b); -- BIO_copy_next_retry(b); -- return((ret == 0)?ctx->cont:ret); -- } -+{ -+ int ret = 0, i; -+ BIO_ENC_CTX *ctx; -+ -+ if (out == NULL) -+ return (0); -+ ctx = (BIO_ENC_CTX *)b->ptr; -+ -+ if ((ctx == NULL) || (b->next_bio == NULL)) -+ return (0); -+ -+ /* First check if there are bytes decoded/encoded */ -+ if (ctx->buf_len > 0) { -+ i = ctx->buf_len - ctx->buf_off; -+ if (i > outl) -+ i = outl; -+ memcpy(out, &(ctx->buf[ctx->buf_off]), i); -+ ret = i; -+ out += i; -+ outl -= i; -+ ctx->buf_off += i; -+ if (ctx->buf_len == ctx->buf_off) { -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ } -+ } -+ -+ /* -+ * At this point, we have room of outl bytes and an empty buffer, so we -+ * should read in some more. -+ */ -+ -+ while (outl > 0) { -+ if (ctx->cont <= 0) -+ break; -+ -+ /* -+ * read in at IV offset, read the EVP_Cipher documentation about why -+ */ -+ i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE); -+ -+ if (i <= 0) { -+ /* Should be continue next time we are called? */ -+ if (!BIO_should_retry(b->next_bio)) { -+ ctx->cont = i; -+ i = EVP_CipherFinal_ex(&(ctx->cipher), -+ (unsigned char *)ctx->buf, -+ &(ctx->buf_len)); -+ ctx->ok = i; -+ ctx->buf_off = 0; -+ } else { -+ ret = (ret == 0) ? i : ret; -+ break; -+ } -+ } else { -+ EVP_CipherUpdate(&(ctx->cipher), -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)&(ctx->buf[BUF_OFFSET]), i); -+ ctx->cont = 1; -+ /* -+ * Note: it is possible for EVP_CipherUpdate to decrypt zero -+ * bytes because this is or looks like the final block: if this -+ * happens we should retry and either read more data or decrypt -+ * the final block -+ */ -+ if (ctx->buf_len == 0) -+ continue; -+ } -+ -+ if (ctx->buf_len <= outl) -+ i = ctx->buf_len; -+ else -+ i = outl; -+ if (i <= 0) -+ break; -+ memcpy(out, ctx->buf, i); -+ ret += i; -+ ctx->buf_off = i; -+ outl -= i; -+ out += i; -+ } -+ -+ BIO_clear_retry_flags(b); -+ BIO_copy_next_retry(b); -+ return ((ret == 0) ? ctx->cont : ret); -+} - - static int enc_write(BIO *b, const char *in, int inl) -- { -- int ret=0,n,i; -- BIO_ENC_CTX *ctx; -- -- ctx=(BIO_ENC_CTX *)b->ptr; -- ret=inl; -- -- BIO_clear_retry_flags(b); -- n=ctx->buf_len-ctx->buf_off; -- while (n > 0) -- { -- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- return(i); -- } -- ctx->buf_off+=i; -- n-=i; -- } -- /* at this point all pending data has been written */ -- -- if ((in == NULL) || (inl <= 0)) return(0); -- -- ctx->buf_off=0; -- while (inl > 0) -- { -- n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl; -- EVP_CipherUpdate(&(ctx->cipher), -- (unsigned char *)ctx->buf,&ctx->buf_len, -- (unsigned char *)in,n); -- inl-=n; -- in+=n; -- -- ctx->buf_off=0; -- n=ctx->buf_len; -- while (n > 0) -- { -- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- return (ret == inl) ? i : ret - inl; -- } -- n-=i; -- ctx->buf_off+=i; -- } -- ctx->buf_len=0; -- ctx->buf_off=0; -- } -- BIO_copy_next_retry(b); -- return(ret); -- } -+{ -+ int ret = 0, n, i; -+ BIO_ENC_CTX *ctx; -+ -+ ctx = (BIO_ENC_CTX *)b->ptr; -+ ret = inl; -+ -+ BIO_clear_retry_flags(b); -+ n = ctx->buf_len - ctx->buf_off; -+ while (n > 0) { -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ return (i); -+ } -+ ctx->buf_off += i; -+ n -= i; -+ } -+ /* at this point all pending data has been written */ -+ -+ if ((in == NULL) || (inl <= 0)) -+ return (0); -+ -+ ctx->buf_off = 0; -+ while (inl > 0) { -+ n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; -+ EVP_CipherUpdate(&(ctx->cipher), -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)in, n); -+ inl -= n; -+ in += n; -+ -+ ctx->buf_off = 0; -+ n = ctx->buf_len; -+ while (n > 0) { -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ return (ret == inl) ? i : ret - inl; -+ } -+ n -= i; -+ ctx->buf_off += i; -+ } -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ } -+ BIO_copy_next_retry(b); -+ return (ret); -+} - - static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- BIO *dbio; -- BIO_ENC_CTX *ctx,*dctx; -- long ret=1; -- int i; -- EVP_CIPHER_CTX **c_ctx; -- -- ctx=(BIO_ENC_CTX *)b->ptr; -- -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- ctx->ok=1; -- ctx->finished=0; -- EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, -- ctx->cipher.encrypt); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_EOF: /* More to read */ -- if (ctx->cont <= 0) -- ret=1; -- else -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_WPENDING: -- ret=ctx->buf_len-ctx->buf_off; -- if (ret <= 0) -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_PENDING: /* More to read in buffer */ -- ret=ctx->buf_len-ctx->buf_off; -- if (ret <= 0) -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_FLUSH: -- /* do a final write */ --again: -- while (ctx->buf_len != ctx->buf_off) -- { -- i=enc_write(b,NULL,0); -- if (i < 0) -- return i; -- } -- -- if (!ctx->finished) -- { -- ctx->finished=1; -- ctx->buf_off=0; -- ret=EVP_CipherFinal_ex(&(ctx->cipher), -- (unsigned char *)ctx->buf, -- &(ctx->buf_len)); -- ctx->ok=(int)ret; -- if (ret <= 0) break; -- -- /* push out the bytes */ -- goto again; -- } -- -- /* Finally flush the underlying BIO */ -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_C_GET_CIPHER_STATUS: -- ret=(long)ctx->ok; -- break; -- case BIO_C_DO_STATE_MACHINE: -- BIO_clear_retry_flags(b); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- BIO_copy_next_retry(b); -- break; -- case BIO_C_GET_CIPHER_CTX: -- c_ctx=(EVP_CIPHER_CTX **)ptr; -- (*c_ctx)= &(ctx->cipher); -- b->init=1; -- break; -- case BIO_CTRL_DUP: -- dbio=(BIO *)ptr; -- dctx=(BIO_ENC_CTX *)dbio->ptr; -- memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); -- dbio->init=1; -- break; -- default: -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- } -- return(ret); -- } -+{ -+ BIO *dbio; -+ BIO_ENC_CTX *ctx, *dctx; -+ long ret = 1; -+ int i; -+ EVP_CIPHER_CTX **c_ctx; -+ -+ ctx = (BIO_ENC_CTX *)b->ptr; -+ -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ ctx->ok = 1; -+ ctx->finished = 0; -+ EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, -+ ctx->cipher.encrypt); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_EOF: /* More to read */ -+ if (ctx->cont <= 0) -+ ret = 1; -+ else -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_WPENDING: -+ ret = ctx->buf_len - ctx->buf_off; -+ if (ret <= 0) -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_PENDING: /* More to read in buffer */ -+ ret = ctx->buf_len - ctx->buf_off; -+ if (ret <= 0) -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_FLUSH: -+ /* do a final write */ -+ again: -+ while (ctx->buf_len != ctx->buf_off) { -+ i = enc_write(b, NULL, 0); -+ if (i < 0) -+ return i; -+ } -+ -+ if (!ctx->finished) { -+ ctx->finished = 1; -+ ctx->buf_off = 0; -+ ret = EVP_CipherFinal_ex(&(ctx->cipher), -+ (unsigned char *)ctx->buf, -+ &(ctx->buf_len)); -+ ctx->ok = (int)ret; -+ if (ret <= 0) -+ break; -+ -+ /* push out the bytes */ -+ goto again; -+ } -+ -+ /* Finally flush the underlying BIO */ -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_C_GET_CIPHER_STATUS: -+ ret = (long)ctx->ok; -+ break; -+ case BIO_C_DO_STATE_MACHINE: -+ BIO_clear_retry_flags(b); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ BIO_copy_next_retry(b); -+ break; -+ case BIO_C_GET_CIPHER_CTX: -+ c_ctx = (EVP_CIPHER_CTX **)ptr; -+ (*c_ctx) = &(ctx->cipher); -+ b->init = 1; -+ break; -+ case BIO_CTRL_DUP: -+ dbio = (BIO *)ptr; -+ dctx = (BIO_ENC_CTX *)dbio->ptr; -+ memcpy(&(dctx->cipher), &(ctx->cipher), sizeof(ctx->cipher)); -+ dbio->init = 1; -+ break; -+ default: -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ } -+ return (ret); -+} - - static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -- { -- long ret=1; -- -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- default: -- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); -- break; -- } -- return(ret); -- } -- --/* -+{ -+ long ret = 1; -+ -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ default: -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); -+ break; -+ } -+ return (ret); -+} -+ -+/*- - void BIO_set_cipher_ctx(b,c) - BIO *b; - EVP_CIPHER_ctx *c; -- { -- if (b == NULL) return; -- -- if ((b->callback != NULL) && -- (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) -- return; -- -- b->init=1; -- ctx=(BIO_ENC_CTX *)b->ptr; -- memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); -- -- if (b->callback != NULL) -- b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); -- } -+ { -+ if (b == NULL) return; -+ -+ if ((b->callback != NULL) && -+ (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) -+ return; -+ -+ b->init=1; -+ ctx=(BIO_ENC_CTX *)b->ptr; -+ memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); -+ -+ if (b->callback != NULL) -+ b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); -+ } - */ - - void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, -- const unsigned char *i, int e) -- { -- BIO_ENC_CTX *ctx; -+ const unsigned char *i, int e) -+{ -+ BIO_ENC_CTX *ctx; - -- if (b == NULL) return; -+ if (b == NULL) -+ return; - -- if ((b->callback != NULL) && -- (b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0)) -- return; -+ if ((b->callback != NULL) && -+ (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= -+ 0)) -+ return; - -- b->init=1; -- ctx=(BIO_ENC_CTX *)b->ptr; -- EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e); -- -- if (b->callback != NULL) -- b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L); -- } -+ b->init = 1; -+ ctx = (BIO_ENC_CTX *)b->ptr; -+ EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e); - -+ if (b->callback != NULL) -+ b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c -index ed5c113..9f0024b 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_md.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_md.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,203 +62,200 @@ - #include - #include - --/* BIO_put and BIO_get both add to the digest, -- * BIO_gets returns the digest */ -+/* -+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest -+ */ - - static int md_write(BIO *h, char const *buf, int num); - static int md_read(BIO *h, char *buf, int size); --/*static int md_puts(BIO *h, const char *str); */ -+/* -+ * static int md_puts(BIO *h, const char *str); -+ */ - static int md_gets(BIO *h, char *str, int size); - static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); - static int md_new(BIO *h); - static int md_free(BIO *data); --static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); -+static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); - --static BIO_METHOD methods_md= -- { -- BIO_TYPE_MD,"message digest", -- md_write, -- md_read, -- NULL, /* md_puts, */ -- md_gets, -- md_ctrl, -- md_new, -- md_free, -- md_callback_ctrl, -- }; -+static BIO_METHOD methods_md = { -+ BIO_TYPE_MD, "message digest", -+ md_write, -+ md_read, -+ NULL, /* md_puts, */ -+ md_gets, -+ md_ctrl, -+ md_new, -+ md_free, -+ md_callback_ctrl, -+}; - - BIO_METHOD *BIO_f_md(void) -- { -- return(&methods_md); -- } -+{ -+ return (&methods_md); -+} - - static int md_new(BIO *bi) -- { -- EVP_MD_CTX *ctx; -+{ -+ EVP_MD_CTX *ctx; - -- ctx=EVP_MD_CTX_create(); -- if (ctx == NULL) return(0); -+ ctx = EVP_MD_CTX_create(); -+ if (ctx == NULL) -+ return (0); - -- bi->init=0; -- bi->ptr=(char *)ctx; -- bi->flags=0; -- return(1); -- } -+ bi->init = 0; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ return (1); -+} - - static int md_free(BIO *a) -- { -- if (a == NULL) return(0); -- EVP_MD_CTX_destroy(a->ptr); -- a->ptr=NULL; -- a->init=0; -- a->flags=0; -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ EVP_MD_CTX_destroy(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); -+} -+ - static int md_read(BIO *b, char *out, int outl) -- { -- int ret=0; -- EVP_MD_CTX *ctx; -+{ -+ int ret = 0; -+ EVP_MD_CTX *ctx; - -- if (out == NULL) return(0); -- ctx=b->ptr; -+ if (out == NULL) -+ return (0); -+ ctx = b->ptr; - -- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); -+ if ((ctx == NULL) || (b->next_bio == NULL)) -+ return (0); - -- ret=BIO_read(b->next_bio,out,outl); -- if (b->init) -- { -- if (ret > 0) -- { -- EVP_DigestUpdate(ctx,(unsigned char *)out, -- (unsigned int)ret); -- } -- } -- BIO_clear_retry_flags(b); -- BIO_copy_next_retry(b); -- return(ret); -- } -+ ret = BIO_read(b->next_bio, out, outl); -+ if (b->init) { -+ if (ret > 0) { -+ EVP_DigestUpdate(ctx, (unsigned char *)out, (unsigned int)ret); -+ } -+ } -+ BIO_clear_retry_flags(b); -+ BIO_copy_next_retry(b); -+ return (ret); -+} - - static int md_write(BIO *b, const char *in, int inl) -- { -- int ret=0; -- EVP_MD_CTX *ctx; -+{ -+ int ret = 0; -+ EVP_MD_CTX *ctx; - -- if ((in == NULL) || (inl <= 0)) return(0); -- ctx=b->ptr; -+ if ((in == NULL) || (inl <= 0)) -+ return (0); -+ ctx = b->ptr; - -- if ((ctx != NULL) && (b->next_bio != NULL)) -- ret=BIO_write(b->next_bio,in,inl); -- if (b->init) -- { -- if (ret > 0) -- { -- EVP_DigestUpdate(ctx,(const unsigned char *)in, -- (unsigned int)ret); -- } -- } -- BIO_clear_retry_flags(b); -- BIO_copy_next_retry(b); -- return(ret); -- } -+ if ((ctx != NULL) && (b->next_bio != NULL)) -+ ret = BIO_write(b->next_bio, in, inl); -+ if (b->init) { -+ if (ret > 0) { -+ EVP_DigestUpdate(ctx, (const unsigned char *)in, -+ (unsigned int)ret); -+ } -+ } -+ BIO_clear_retry_flags(b); -+ BIO_copy_next_retry(b); -+ return (ret); -+} - - static long md_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- EVP_MD_CTX *ctx,*dctx,**pctx; -- const EVP_MD **ppmd; -- EVP_MD *md; -- long ret=1; -- BIO *dbio; -+{ -+ EVP_MD_CTX *ctx, *dctx, **pctx; -+ const EVP_MD **ppmd; -+ EVP_MD *md; -+ long ret = 1; -+ BIO *dbio; - -- ctx=b->ptr; -+ ctx = b->ptr; - -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- if (b->init) -- ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL); -- else -- ret=0; -- if (ret > 0) -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_C_GET_MD: -- if (b->init) -- { -- ppmd=ptr; -- *ppmd=ctx->digest; -- } -- else -- ret=0; -- break; -- case BIO_C_GET_MD_CTX: -- pctx=ptr; -- *pctx=ctx; -- break; -- case BIO_C_SET_MD_CTX: -- if (b->init) -- b->ptr=ptr; -- else -- ret=0; -- break; -- case BIO_C_DO_STATE_MACHINE: -- BIO_clear_retry_flags(b); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- BIO_copy_next_retry(b); -- break; -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ if (b->init) -+ ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL); -+ else -+ ret = 0; -+ if (ret > 0) -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_C_GET_MD: -+ if (b->init) { -+ ppmd = ptr; -+ *ppmd = ctx->digest; -+ } else -+ ret = 0; -+ break; -+ case BIO_C_GET_MD_CTX: -+ pctx = ptr; -+ *pctx = ctx; -+ break; -+ case BIO_C_SET_MD_CTX: -+ if (b->init) -+ b->ptr = ptr; -+ else -+ ret = 0; -+ break; -+ case BIO_C_DO_STATE_MACHINE: -+ BIO_clear_retry_flags(b); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ BIO_copy_next_retry(b); -+ break; - -- case BIO_C_SET_MD: -- md=ptr; -- ret = EVP_DigestInit_ex(ctx,md, NULL); -- if (ret > 0) -- b->init=1; -- break; -- case BIO_CTRL_DUP: -- dbio=ptr; -- dctx=dbio->ptr; -- EVP_MD_CTX_copy_ex(dctx,ctx); -- b->init=1; -- break; -- default: -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- } -- return(ret); -- } -+ case BIO_C_SET_MD: -+ md = ptr; -+ ret = EVP_DigestInit_ex(ctx, md, NULL); -+ if (ret > 0) -+ b->init = 1; -+ break; -+ case BIO_CTRL_DUP: -+ dbio = ptr; -+ dctx = dbio->ptr; -+ EVP_MD_CTX_copy_ex(dctx, ctx); -+ b->init = 1; -+ break; -+ default: -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ } -+ return (ret); -+} - - static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -- { -- long ret=1; -+{ -+ long ret = 1; - -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- default: -- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); -- break; -- } -- return(ret); -- } -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ default: -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); -+ break; -+ } -+ return (ret); -+} - - static int md_gets(BIO *bp, char *buf, int size) -- { -- EVP_MD_CTX *ctx; -- unsigned int ret; -+{ -+ EVP_MD_CTX *ctx; -+ unsigned int ret; - -+ ctx = bp->ptr; -+ if (size < ctx->digest->md_size) -+ return (0); -+ EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret); -+ return ((int)ret); -+} - -- ctx=bp->ptr; -- if (size < ctx->digest->md_size) -- return(0); -- EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret); -- return((int)ret); -- } -- --/* -+/*- - static int md_puts(bp,str) - BIO *bp; - char *str; -- { -- return(-1); -- } -+ { -+ return(-1); -+ } - */ -- -diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c -index 98bc1ab..e66854c 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c -+++ b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,71 +49,71 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* -- From: Arne Ansper -- -- Why BIO_f_reliable? -- -- I wrote function which took BIO* as argument, read data from it -- and processed it. Then I wanted to store the input file in -- encrypted form. OK I pushed BIO_f_cipher to the BIO stack -- and everything was OK. BUT if user types wrong password -- BIO_f_cipher outputs only garbage and my function crashes. Yes -- I can and I should fix my function, but BIO_f_cipher is -- easy way to add encryption support to many existing applications -- and it's hard to debug and fix them all. -- -- So I wanted another BIO which would catch the incorrect passwords and -- file damages which cause garbage on BIO_f_cipher's output. -- -- The easy way is to push the BIO_f_md and save the checksum at -- the end of the file. However there are several problems with this -- approach: -- -- 1) you must somehow separate checksum from actual data. -- 2) you need lot's of memory when reading the file, because you -- must read to the end of the file and verify the checksum before -- letting the application to read the data. -- -- BIO_f_reliable tries to solve both problems, so that you can -- read and write arbitrary long streams using only fixed amount -- of memory. -- -- BIO_f_reliable splits data stream into blocks. Each block is prefixed -- with it's length and suffixed with it's digest. So you need only -- several Kbytes of memory to buffer single block before verifying -- it's digest. -- -- BIO_f_reliable goes further and adds several important capabilities: -- -- 1) the digest of the block is computed over the whole stream -- -- so nobody can rearrange the blocks or remove or replace them. -- -- 2) to detect invalid passwords right at the start BIO_f_reliable -- adds special prefix to the stream. In order to avoid known plain-text -- attacks this prefix is generated as follows: -- -- *) digest is initialized with random seed instead of -- standardized one. -- *) same seed is written to output -- *) well-known text is then hashed and the output -- of the digest is also written to output. -- -- reader can now read the seed from stream, hash the same string -- and then compare the digest output. -- -- Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I -- initially wrote and tested this code on x86 machine and wrote the -- digests out in machine-dependent order :( There are people using -- this code and I cannot change this easily without making existing -- data files unreadable. -+/*- -+ From: Arne Ansper -+ -+ Why BIO_f_reliable? -+ -+ I wrote function which took BIO* as argument, read data from it -+ and processed it. Then I wanted to store the input file in -+ encrypted form. OK I pushed BIO_f_cipher to the BIO stack -+ and everything was OK. BUT if user types wrong password -+ BIO_f_cipher outputs only garbage and my function crashes. Yes -+ I can and I should fix my function, but BIO_f_cipher is -+ easy way to add encryption support to many existing applications -+ and it's hard to debug and fix them all. -+ -+ So I wanted another BIO which would catch the incorrect passwords and -+ file damages which cause garbage on BIO_f_cipher's output. -+ -+ The easy way is to push the BIO_f_md and save the checksum at -+ the end of the file. However there are several problems with this -+ approach: -+ -+ 1) you must somehow separate checksum from actual data. -+ 2) you need lot's of memory when reading the file, because you -+ must read to the end of the file and verify the checksum before -+ letting the application to read the data. -+ -+ BIO_f_reliable tries to solve both problems, so that you can -+ read and write arbitrary long streams using only fixed amount -+ of memory. -+ -+ BIO_f_reliable splits data stream into blocks. Each block is prefixed -+ with it's length and suffixed with it's digest. So you need only -+ several Kbytes of memory to buffer single block before verifying -+ it's digest. -+ -+ BIO_f_reliable goes further and adds several important capabilities: -+ -+ 1) the digest of the block is computed over the whole stream -+ -- so nobody can rearrange the blocks or remove or replace them. -+ -+ 2) to detect invalid passwords right at the start BIO_f_reliable -+ adds special prefix to the stream. In order to avoid known plain-text -+ attacks this prefix is generated as follows: -+ -+ *) digest is initialized with random seed instead of -+ standardized one. -+ *) same seed is written to output -+ *) well-known text is then hashed and the output -+ of the digest is also written to output. -+ -+ reader can now read the seed from stream, hash the same string -+ and then compare the digest output. -+ -+ Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I -+ initially wrote and tested this code on x86 machine and wrote the -+ digests out in machine-dependent order :( There are people using -+ this code and I cannot change this easily without making existing -+ data files unreadable. - - */ - -@@ -133,443 +133,450 @@ static int ok_new(BIO *h); - static int ok_free(BIO *data); - static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); - --static void sig_out(BIO* b); --static void sig_in(BIO* b); --static void block_out(BIO* b); --static void block_in(BIO* b); --#define OK_BLOCK_SIZE (1024*4) --#define OK_BLOCK_BLOCK 4 --#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) -+static void sig_out(BIO *b); -+static void sig_in(BIO *b); -+static void block_out(BIO *b); -+static void block_in(BIO *b); -+#define OK_BLOCK_SIZE (1024*4) -+#define OK_BLOCK_BLOCK 4 -+#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) - #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." - --typedef struct ok_struct -- { -- size_t buf_len; -- size_t buf_off; -- size_t buf_len_save; -- size_t buf_off_save; -- int cont; /* <= 0 when finished */ -- int finished; -- EVP_MD_CTX md; -- int blockout; /* output block is ready */ -- int sigio; /* must process signature */ -- unsigned char buf[IOBS]; -- } BIO_OK_CTX; -- --static BIO_METHOD methods_ok= -- { -- BIO_TYPE_CIPHER,"reliable", -- ok_write, -- ok_read, -- NULL, /* ok_puts, */ -- NULL, /* ok_gets, */ -- ok_ctrl, -- ok_new, -- ok_free, -- ok_callback_ctrl, -- }; -+typedef struct ok_struct { -+ size_t buf_len; -+ size_t buf_off; -+ size_t buf_len_save; -+ size_t buf_off_save; -+ int cont; /* <= 0 when finished */ -+ int finished; -+ EVP_MD_CTX md; -+ int blockout; /* output block is ready */ -+ int sigio; /* must process signature */ -+ unsigned char buf[IOBS]; -+} BIO_OK_CTX; -+ -+static BIO_METHOD methods_ok = { -+ BIO_TYPE_CIPHER, "reliable", -+ ok_write, -+ ok_read, -+ NULL, /* ok_puts, */ -+ NULL, /* ok_gets, */ -+ ok_ctrl, -+ ok_new, -+ ok_free, -+ ok_callback_ctrl, -+}; - - BIO_METHOD *BIO_f_reliable(void) -- { -- return(&methods_ok); -- } -+{ -+ return (&methods_ok); -+} - - static int ok_new(BIO *bi) -- { -- BIO_OK_CTX *ctx; -- -- ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX)); -- if (ctx == NULL) return(0); -- -- ctx->buf_len=0; -- ctx->buf_off=0; -- ctx->buf_len_save=0; -- ctx->buf_off_save=0; -- ctx->cont=1; -- ctx->finished=0; -- ctx->blockout= 0; -- ctx->sigio=1; -- -- EVP_MD_CTX_init(&ctx->md); -- -- bi->init=0; -- bi->ptr=(char *)ctx; -- bi->flags=0; -- return(1); -- } -+{ -+ BIO_OK_CTX *ctx; -+ -+ ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX)); -+ if (ctx == NULL) -+ return (0); -+ -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ ctx->buf_len_save = 0; -+ ctx->buf_off_save = 0; -+ ctx->cont = 1; -+ ctx->finished = 0; -+ ctx->blockout = 0; -+ ctx->sigio = 1; -+ -+ EVP_MD_CTX_init(&ctx->md); -+ -+ bi->init = 0; -+ bi->ptr = (char *)ctx; -+ bi->flags = 0; -+ return (1); -+} - - static int ok_free(BIO *a) -- { -- if (a == NULL) return(0); -- EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); -- OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX)); -- OPENSSL_free(a->ptr); -- a->ptr=NULL; -- a->init=0; -- a->flags=0; -- return(1); -- } -- -+{ -+ if (a == NULL) -+ return (0); -+ EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); -+ OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX)); -+ OPENSSL_free(a->ptr); -+ a->ptr = NULL; -+ a->init = 0; -+ a->flags = 0; -+ return (1); -+} -+ - static int ok_read(BIO *b, char *out, int outl) -- { -- int ret=0,i,n; -- BIO_OK_CTX *ctx; -- -- if (out == NULL) return(0); -- ctx=(BIO_OK_CTX *)b->ptr; -- -- if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0); -- -- while(outl > 0) -- { -- -- /* copy clean bytes to output buffer */ -- if (ctx->blockout) -- { -- i=ctx->buf_len-ctx->buf_off; -- if (i > outl) i=outl; -- memcpy(out,&(ctx->buf[ctx->buf_off]),i); -- ret+=i; -- out+=i; -- outl-=i; -- ctx->buf_off+=i; -- -- /* all clean bytes are out */ -- if (ctx->buf_len == ctx->buf_off) -- { -- ctx->buf_off=0; -- -- /* copy start of the next block into proper place */ -- if(ctx->buf_len_save- ctx->buf_off_save > 0) -- { -- ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save; -- memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), -- ctx->buf_len); -- } -- else -- { -- ctx->buf_len=0; -- } -- ctx->blockout= 0; -- } -- } -- -- /* output buffer full -- cancel */ -- if (outl == 0) break; -- -- /* no clean bytes in buffer -- fill it */ -- n=IOBS- ctx->buf_len; -- i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n); -- -- if (i <= 0) break; /* nothing new */ -- -- ctx->buf_len+= i; -- -- /* no signature yet -- check if we got one */ -- if (ctx->sigio == 1) sig_in(b); -- -- /* signature ok -- check if we got block */ -- if (ctx->sigio == 0) block_in(b); -- -- /* invalid block -- cancel */ -- if (ctx->cont <= 0) break; -- -- } -- -- BIO_clear_retry_flags(b); -- BIO_copy_next_retry(b); -- return(ret); -- } -+{ -+ int ret = 0, i, n; -+ BIO_OK_CTX *ctx; -+ -+ if (out == NULL) -+ return (0); -+ ctx = (BIO_OK_CTX *)b->ptr; -+ -+ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) -+ return (0); -+ -+ while (outl > 0) { -+ -+ /* copy clean bytes to output buffer */ -+ if (ctx->blockout) { -+ i = ctx->buf_len - ctx->buf_off; -+ if (i > outl) -+ i = outl; -+ memcpy(out, &(ctx->buf[ctx->buf_off]), i); -+ ret += i; -+ out += i; -+ outl -= i; -+ ctx->buf_off += i; -+ -+ /* all clean bytes are out */ -+ if (ctx->buf_len == ctx->buf_off) { -+ ctx->buf_off = 0; -+ -+ /* -+ * copy start of the next block into proper place -+ */ -+ if (ctx->buf_len_save - ctx->buf_off_save > 0) { -+ ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save; -+ memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), -+ ctx->buf_len); -+ } else { -+ ctx->buf_len = 0; -+ } -+ ctx->blockout = 0; -+ } -+ } -+ -+ /* output buffer full -- cancel */ -+ if (outl == 0) -+ break; -+ -+ /* no clean bytes in buffer -- fill it */ -+ n = IOBS - ctx->buf_len; -+ i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n); -+ -+ if (i <= 0) -+ break; /* nothing new */ -+ -+ ctx->buf_len += i; -+ -+ /* no signature yet -- check if we got one */ -+ if (ctx->sigio == 1) -+ sig_in(b); -+ -+ /* signature ok -- check if we got block */ -+ if (ctx->sigio == 0) -+ block_in(b); -+ -+ /* invalid block -- cancel */ -+ if (ctx->cont <= 0) -+ break; -+ -+ } -+ -+ BIO_clear_retry_flags(b); -+ BIO_copy_next_retry(b); -+ return (ret); -+} - - static int ok_write(BIO *b, const char *in, int inl) -- { -- int ret=0,n,i; -- BIO_OK_CTX *ctx; -- -- if (inl <= 0) return inl; -- -- ctx=(BIO_OK_CTX *)b->ptr; -- ret=inl; -- -- if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0); -- -- if(ctx->sigio) sig_out(b); -- -- do{ -- BIO_clear_retry_flags(b); -- n=ctx->buf_len-ctx->buf_off; -- while (ctx->blockout && n > 0) -- { -- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- if(!BIO_should_retry(b)) -- ctx->cont= 0; -- return(i); -- } -- ctx->buf_off+=i; -- n-=i; -- } -- -- /* at this point all pending data has been written */ -- ctx->blockout= 0; -- if (ctx->buf_len == ctx->buf_off) -- { -- ctx->buf_len=OK_BLOCK_BLOCK; -- ctx->buf_off=0; -- } -- -- if ((in == NULL) || (inl <= 0)) return(0); -- -- n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? -- (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl; -- -- memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); -- ctx->buf_len+= n; -- inl-=n; -- in+=n; -- -- if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) -- { -- block_out(b); -- } -- }while(inl > 0); -- -- BIO_clear_retry_flags(b); -- BIO_copy_next_retry(b); -- return(ret); -- } -+{ -+ int ret = 0, n, i; -+ BIO_OK_CTX *ctx; -+ -+ if (inl <= 0) -+ return inl; -+ -+ ctx = (BIO_OK_CTX *)b->ptr; -+ ret = inl; -+ -+ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) -+ return (0); -+ -+ if (ctx->sigio) -+ sig_out(b); -+ -+ do { -+ BIO_clear_retry_flags(b); -+ n = ctx->buf_len - ctx->buf_off; -+ while (ctx->blockout && n > 0) { -+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ if (!BIO_should_retry(b)) -+ ctx->cont = 0; -+ return (i); -+ } -+ ctx->buf_off += i; -+ n -= i; -+ } -+ -+ /* at this point all pending data has been written */ -+ ctx->blockout = 0; -+ if (ctx->buf_len == ctx->buf_off) { -+ ctx->buf_len = OK_BLOCK_BLOCK; -+ ctx->buf_off = 0; -+ } -+ -+ if ((in == NULL) || (inl <= 0)) -+ return (0); -+ -+ n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? -+ (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; -+ -+ memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])), -+ (unsigned char *)in, n); -+ ctx->buf_len += n; -+ inl -= n; -+ in += n; -+ -+ if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) { -+ block_out(b); -+ } -+ } while (inl > 0); -+ -+ BIO_clear_retry_flags(b); -+ BIO_copy_next_retry(b); -+ return (ret); -+} - - static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) -- { -- BIO_OK_CTX *ctx; -- EVP_MD *md; -- const EVP_MD **ppmd; -- long ret=1; -- int i; -- -- ctx=b->ptr; -- -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- ctx->buf_len=0; -- ctx->buf_off=0; -- ctx->buf_len_save=0; -- ctx->buf_off_save=0; -- ctx->cont=1; -- ctx->finished=0; -- ctx->blockout= 0; -- ctx->sigio=1; -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_EOF: /* More to read */ -- if (ctx->cont <= 0) -- ret=1; -- else -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_PENDING: /* More to read in buffer */ -- case BIO_CTRL_WPENDING: /* More to read in buffer */ -- ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0; -- if (ret <= 0) -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_FLUSH: -- /* do a final write */ -- if(ctx->blockout == 0) -- block_out(b); -- -- while (ctx->blockout) -- { -- i=ok_write(b,NULL,0); -- if (i < 0) -- { -- ret=i; -- break; -- } -- } -- -- ctx->finished=1; -- ctx->buf_off=ctx->buf_len=0; -- ctx->cont=(int)ret; -- -- /* Finally flush the underlying BIO */ -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_C_DO_STATE_MACHINE: -- BIO_clear_retry_flags(b); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- BIO_copy_next_retry(b); -- break; -- case BIO_CTRL_INFO: -- ret=(long)ctx->cont; -- break; -- case BIO_C_SET_MD: -- md=ptr; -- EVP_DigestInit_ex(&ctx->md, md, NULL); -- b->init=1; -- break; -- case BIO_C_GET_MD: -- if (b->init) -- { -- ppmd=ptr; -- *ppmd=ctx->md.digest; -- } -- else -- ret=0; -- break; -- default: -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- } -- return(ret); -- } -+{ -+ BIO_OK_CTX *ctx; -+ EVP_MD *md; -+ const EVP_MD **ppmd; -+ long ret = 1; -+ int i; -+ -+ ctx = b->ptr; -+ -+ switch (cmd) { -+ case BIO_CTRL_RESET: -+ ctx->buf_len = 0; -+ ctx->buf_off = 0; -+ ctx->buf_len_save = 0; -+ ctx->buf_off_save = 0; -+ ctx->cont = 1; -+ ctx->finished = 0; -+ ctx->blockout = 0; -+ ctx->sigio = 1; -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_EOF: /* More to read */ -+ if (ctx->cont <= 0) -+ ret = 1; -+ else -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_PENDING: /* More to read in buffer */ -+ case BIO_CTRL_WPENDING: /* More to read in buffer */ -+ ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0; -+ if (ret <= 0) -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_CTRL_FLUSH: -+ /* do a final write */ -+ if (ctx->blockout == 0) -+ block_out(b); -+ -+ while (ctx->blockout) { -+ i = ok_write(b, NULL, 0); -+ if (i < 0) { -+ ret = i; -+ break; -+ } -+ } -+ -+ ctx->finished = 1; -+ ctx->buf_off = ctx->buf_len = 0; -+ ctx->cont = (int)ret; -+ -+ /* Finally flush the underlying BIO */ -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ case BIO_C_DO_STATE_MACHINE: -+ BIO_clear_retry_flags(b); -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ BIO_copy_next_retry(b); -+ break; -+ case BIO_CTRL_INFO: -+ ret = (long)ctx->cont; -+ break; -+ case BIO_C_SET_MD: -+ md = ptr; -+ EVP_DigestInit_ex(&ctx->md, md, NULL); -+ b->init = 1; -+ break; -+ case BIO_C_GET_MD: -+ if (b->init) { -+ ppmd = ptr; -+ *ppmd = ctx->md.digest; -+ } else -+ ret = 0; -+ break; -+ default: -+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); -+ break; -+ } -+ return (ret); -+} - - static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) -- { -- long ret=1; -- -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- default: -- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); -- break; -- } -- return(ret); -- } -+{ -+ long ret = 1; -+ -+ if (b->next_bio == NULL) -+ return (0); -+ switch (cmd) { -+ default: -+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); -+ break; -+ } -+ return (ret); -+} - - static void longswap(void *_ptr, size_t len) --{ const union { long one; char little; } is_endian = {1}; -+{ -+ const union { -+ long one; -+ char little; -+ } is_endian = { -+ 1 -+ }; -+ -+ if (is_endian.little) { -+ size_t i; -+ unsigned char *p = _ptr, c; -+ -+ for (i = 0; i < len; i += 4) { -+ c = p[0], p[0] = p[3], p[3] = c; -+ c = p[1], p[1] = p[2], p[2] = c; -+ } -+ } -+} - -- if (is_endian.little) { -- size_t i; -- unsigned char *p=_ptr,c; -+static void sig_out(BIO *b) -+{ -+ BIO_OK_CTX *ctx; -+ EVP_MD_CTX *md; -+ -+ ctx = b->ptr; -+ md = &ctx->md; -+ -+ if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) -+ return; -+ -+ EVP_DigestInit_ex(md, md->digest, NULL); -+ /* -+ * FIXME: there's absolutely no guarantee this makes any sense at all, -+ * particularly now EVP_MD_CTX has been restructured. -+ */ -+ RAND_pseudo_bytes(md->md_data, md->digest->md_size); -+ memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); -+ longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); -+ ctx->buf_len += md->digest->md_size; -+ -+ EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); -+ EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); -+ ctx->buf_len += md->digest->md_size; -+ ctx->blockout = 1; -+ ctx->sigio = 0; -+} - -- for(i= 0;i < len;i+= 4) { -- c=p[0],p[0]=p[3],p[3]=c; -- c=p[1],p[1]=p[2],p[2]=c; -- } -- } -+static void sig_in(BIO *b) -+{ -+ BIO_OK_CTX *ctx; -+ EVP_MD_CTX *md; -+ unsigned char tmp[EVP_MAX_MD_SIZE]; -+ int ret = 0; -+ -+ ctx = b->ptr; -+ md = &ctx->md; -+ -+ if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) -+ return; -+ -+ EVP_DigestInit_ex(md, md->digest, NULL); -+ memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); -+ longswap(md->md_data, md->digest->md_size); -+ ctx->buf_off += md->digest->md_size; -+ -+ EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); -+ EVP_DigestFinal_ex(md, tmp, NULL); -+ ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; -+ ctx->buf_off += md->digest->md_size; -+ if (ret == 1) { -+ ctx->sigio = 0; -+ if (ctx->buf_len != ctx->buf_off) { -+ memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), -+ ctx->buf_len - ctx->buf_off); -+ } -+ ctx->buf_len -= ctx->buf_off; -+ ctx->buf_off = 0; -+ } else { -+ ctx->cont = 0; -+ } - } - --static void sig_out(BIO* b) -- { -- BIO_OK_CTX *ctx; -- EVP_MD_CTX *md; -- -- ctx=b->ptr; -- md=&ctx->md; -- -- if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return; -- -- EVP_DigestInit_ex(md, md->digest, NULL); -- /* FIXME: there's absolutely no guarantee this makes any sense at all, -- * particularly now EVP_MD_CTX has been restructured. -- */ -- RAND_pseudo_bytes(md->md_data, md->digest->md_size); -- memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); -- longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); -- ctx->buf_len+= md->digest->md_size; -- -- EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); -- EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); -- ctx->buf_len+= md->digest->md_size; -- ctx->blockout= 1; -- ctx->sigio= 0; -- } -- --static void sig_in(BIO* b) -- { -- BIO_OK_CTX *ctx; -- EVP_MD_CTX *md; -- unsigned char tmp[EVP_MAX_MD_SIZE]; -- int ret= 0; -- -- ctx=b->ptr; -- md=&ctx->md; -- -- if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return; -- -- EVP_DigestInit_ex(md, md->digest, NULL); -- memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); -- longswap(md->md_data, md->digest->md_size); -- ctx->buf_off+= md->digest->md_size; -- -- EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); -- EVP_DigestFinal_ex(md, tmp, NULL); -- ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; -- ctx->buf_off+= md->digest->md_size; -- if(ret == 1) -- { -- ctx->sigio= 0; -- if(ctx->buf_len != ctx->buf_off) -- { -- memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off); -- } -- ctx->buf_len-= ctx->buf_off; -- ctx->buf_off= 0; -- } -- else -- { -- ctx->cont= 0; -- } -- } -- --static void block_out(BIO* b) -- { -- BIO_OK_CTX *ctx; -- EVP_MD_CTX *md; -- unsigned long tl; -- -- ctx=b->ptr; -- md=&ctx->md; -- -- tl= ctx->buf_len- OK_BLOCK_BLOCK; -- ctx->buf[0]=(unsigned char)(tl>>24); -- ctx->buf[1]=(unsigned char)(tl>>16); -- ctx->buf[2]=(unsigned char)(tl>>8); -- ctx->buf[3]=(unsigned char)(tl); -- EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); -- EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); -- ctx->buf_len+= md->digest->md_size; -- ctx->blockout= 1; -- } -- --static void block_in(BIO* b) -- { -- BIO_OK_CTX *ctx; -- EVP_MD_CTX *md; -- unsigned long tl= 0; -- unsigned char tmp[EVP_MAX_MD_SIZE]; -- -- ctx=b->ptr; -- md=&ctx->md; -- -- assert(sizeof(tl)>=OK_BLOCK_BLOCK); /* always true */ -- tl =ctx->buf[0]; tl<<=8; -- tl|=ctx->buf[1]; tl<<=8; -- tl|=ctx->buf[2]; tl<<=8; -- tl|=ctx->buf[3]; -- -- if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; -- -- EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); -- EVP_DigestFinal_ex(md, tmp, NULL); -- if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0) -- { -- /* there might be parts from next block lurking around ! */ -- ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size; -- ctx->buf_len_save= ctx->buf_len; -- ctx->buf_off= OK_BLOCK_BLOCK; -- ctx->buf_len= tl+ OK_BLOCK_BLOCK; -- ctx->blockout= 1; -- } -- else -- { -- ctx->cont= 0; -- } -- } -+static void block_out(BIO *b) -+{ -+ BIO_OK_CTX *ctx; -+ EVP_MD_CTX *md; -+ unsigned long tl; -+ -+ ctx = b->ptr; -+ md = &ctx->md; -+ -+ tl = ctx->buf_len - OK_BLOCK_BLOCK; -+ ctx->buf[0] = (unsigned char)(tl >> 24); -+ ctx->buf[1] = (unsigned char)(tl >> 16); -+ ctx->buf[2] = (unsigned char)(tl >> 8); -+ ctx->buf[3] = (unsigned char)(tl); -+ EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl); -+ EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); -+ ctx->buf_len += md->digest->md_size; -+ ctx->blockout = 1; -+} - -+static void block_in(BIO *b) -+{ -+ BIO_OK_CTX *ctx; -+ EVP_MD_CTX *md; -+ unsigned long tl = 0; -+ unsigned char tmp[EVP_MAX_MD_SIZE]; -+ -+ ctx = b->ptr; -+ md = &ctx->md; -+ -+ assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ -+ tl = ctx->buf[0]; -+ tl <<= 8; -+ tl |= ctx->buf[1]; -+ tl <<= 8; -+ tl |= ctx->buf[2]; -+ tl <<= 8; -+ tl |= ctx->buf[3]; -+ -+ if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size) -+ return; -+ -+ EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl); -+ EVP_DigestFinal_ex(md, tmp, NULL); -+ if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == -+ 0) { -+ /* there might be parts from next block lurking around ! */ -+ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size; -+ ctx->buf_len_save = ctx->buf_len; -+ ctx->buf_off = OK_BLOCK_BLOCK; -+ ctx->buf_len = tl + OK_BLOCK_BLOCK; -+ ctx->blockout = 1; -+ } else { -+ ctx->cont = 0; -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c -index a5da52e..83f5003 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/c_all.c -+++ b/Cryptlib/OpenSSL/crypto/evp/c_all.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,31 +60,31 @@ - #include "cryptlib.h" - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - - #if 0 --#undef OpenSSL_add_all_algorithms -+# undef OpenSSL_add_all_algorithms - - void OpenSSL_add_all_algorithms(void) -- { -- OPENSSL_add_all_algorithms_noconf(); -- } -+{ -+ OPENSSL_add_all_algorithms_noconf(); -+} - #endif - - void OPENSSL_add_all_algorithms_noconf(void) -- { -- /* -- * For the moment OPENSSL_cpuid_setup does something -- * only on IA-32, but we reserve the option for all -- * platforms... -- */ -- OPENSSL_cpuid_setup(); -- OpenSSL_add_all_ciphers(); -- OpenSSL_add_all_digests(); -+{ -+ /* -+ * For the moment OPENSSL_cpuid_setup does something -+ * only on IA-32, but we reserve the option for all -+ * platforms... -+ */ -+ OPENSSL_cpuid_setup(); -+ OpenSSL_add_all_ciphers(); -+ OpenSSL_add_all_digests(); - #ifndef OPENSSL_NO_ENGINE - # if defined(__OpenBSD__) || defined(__FreeBSD__) -- ENGINE_setup_bsd_cryptodev(); -+ ENGINE_setup_bsd_cryptodev(); - # endif - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c -index e45cee8..7a2b524 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/c_allc.c -+++ b/Cryptlib/OpenSSL/crypto/evp/c_allc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,165 +63,165 @@ - #include - - void OpenSSL_add_all_ciphers(void) -- { -+{ - - #ifndef OPENSSL_NO_DES -- EVP_add_cipher(EVP_des_cfb()); -- EVP_add_cipher(EVP_des_cfb1()); -- EVP_add_cipher(EVP_des_cfb8()); -- EVP_add_cipher(EVP_des_ede_cfb()); -- EVP_add_cipher(EVP_des_ede3_cfb()); -- EVP_add_cipher(EVP_des_ede3_cfb1()); -- EVP_add_cipher(EVP_des_ede3_cfb8()); -- -- EVP_add_cipher(EVP_des_ofb()); -- EVP_add_cipher(EVP_des_ede_ofb()); -- EVP_add_cipher(EVP_des_ede3_ofb()); -- -- EVP_add_cipher(EVP_desx_cbc()); -- EVP_add_cipher_alias(SN_desx_cbc,"DESX"); -- EVP_add_cipher_alias(SN_desx_cbc,"desx"); -- -- EVP_add_cipher(EVP_des_cbc()); -- EVP_add_cipher_alias(SN_des_cbc,"DES"); -- EVP_add_cipher_alias(SN_des_cbc,"des"); -- EVP_add_cipher(EVP_des_ede_cbc()); -- EVP_add_cipher(EVP_des_ede3_cbc()); -- EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3"); -- EVP_add_cipher_alias(SN_des_ede3_cbc,"des3"); -- -- EVP_add_cipher(EVP_des_ecb()); -- EVP_add_cipher(EVP_des_ede()); -- EVP_add_cipher(EVP_des_ede3()); -+ EVP_add_cipher(EVP_des_cfb()); -+ EVP_add_cipher(EVP_des_cfb1()); -+ EVP_add_cipher(EVP_des_cfb8()); -+ EVP_add_cipher(EVP_des_ede_cfb()); -+ EVP_add_cipher(EVP_des_ede3_cfb()); -+ EVP_add_cipher(EVP_des_ede3_cfb1()); -+ EVP_add_cipher(EVP_des_ede3_cfb8()); -+ -+ EVP_add_cipher(EVP_des_ofb()); -+ EVP_add_cipher(EVP_des_ede_ofb()); -+ EVP_add_cipher(EVP_des_ede3_ofb()); -+ -+ EVP_add_cipher(EVP_desx_cbc()); -+ EVP_add_cipher_alias(SN_desx_cbc, "DESX"); -+ EVP_add_cipher_alias(SN_desx_cbc, "desx"); -+ -+ EVP_add_cipher(EVP_des_cbc()); -+ EVP_add_cipher_alias(SN_des_cbc, "DES"); -+ EVP_add_cipher_alias(SN_des_cbc, "des"); -+ EVP_add_cipher(EVP_des_ede_cbc()); -+ EVP_add_cipher(EVP_des_ede3_cbc()); -+ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); -+ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); -+ -+ EVP_add_cipher(EVP_des_ecb()); -+ EVP_add_cipher(EVP_des_ede()); -+ EVP_add_cipher(EVP_des_ede3()); - #endif - - #ifndef OPENSSL_NO_RC4 -- EVP_add_cipher(EVP_rc4()); -- EVP_add_cipher(EVP_rc4_40()); -+ EVP_add_cipher(EVP_rc4()); -+ EVP_add_cipher(EVP_rc4_40()); - #endif - - #ifndef OPENSSL_NO_IDEA -- EVP_add_cipher(EVP_idea_ecb()); -- EVP_add_cipher(EVP_idea_cfb()); -- EVP_add_cipher(EVP_idea_ofb()); -- EVP_add_cipher(EVP_idea_cbc()); -- EVP_add_cipher_alias(SN_idea_cbc,"IDEA"); -- EVP_add_cipher_alias(SN_idea_cbc,"idea"); -+ EVP_add_cipher(EVP_idea_ecb()); -+ EVP_add_cipher(EVP_idea_cfb()); -+ EVP_add_cipher(EVP_idea_ofb()); -+ EVP_add_cipher(EVP_idea_cbc()); -+ EVP_add_cipher_alias(SN_idea_cbc, "IDEA"); -+ EVP_add_cipher_alias(SN_idea_cbc, "idea"); - #endif - - #ifndef OPENSSL_NO_SEED -- EVP_add_cipher(EVP_seed_ecb()); -- EVP_add_cipher(EVP_seed_cfb()); -- EVP_add_cipher(EVP_seed_ofb()); -- EVP_add_cipher(EVP_seed_cbc()); -- EVP_add_cipher_alias(SN_seed_cbc,"SEED"); -- EVP_add_cipher_alias(SN_seed_cbc,"seed"); -+ EVP_add_cipher(EVP_seed_ecb()); -+ EVP_add_cipher(EVP_seed_cfb()); -+ EVP_add_cipher(EVP_seed_ofb()); -+ EVP_add_cipher(EVP_seed_cbc()); -+ EVP_add_cipher_alias(SN_seed_cbc, "SEED"); -+ EVP_add_cipher_alias(SN_seed_cbc, "seed"); - #endif - - #ifndef OPENSSL_NO_RC2 -- EVP_add_cipher(EVP_rc2_ecb()); -- EVP_add_cipher(EVP_rc2_cfb()); -- EVP_add_cipher(EVP_rc2_ofb()); -- EVP_add_cipher(EVP_rc2_cbc()); -- EVP_add_cipher(EVP_rc2_40_cbc()); -- EVP_add_cipher(EVP_rc2_64_cbc()); -- EVP_add_cipher_alias(SN_rc2_cbc,"RC2"); -- EVP_add_cipher_alias(SN_rc2_cbc,"rc2"); -+ EVP_add_cipher(EVP_rc2_ecb()); -+ EVP_add_cipher(EVP_rc2_cfb()); -+ EVP_add_cipher(EVP_rc2_ofb()); -+ EVP_add_cipher(EVP_rc2_cbc()); -+ EVP_add_cipher(EVP_rc2_40_cbc()); -+ EVP_add_cipher(EVP_rc2_64_cbc()); -+ EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); -+ EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); - #endif - - #ifndef OPENSSL_NO_BF -- EVP_add_cipher(EVP_bf_ecb()); -- EVP_add_cipher(EVP_bf_cfb()); -- EVP_add_cipher(EVP_bf_ofb()); -- EVP_add_cipher(EVP_bf_cbc()); -- EVP_add_cipher_alias(SN_bf_cbc,"BF"); -- EVP_add_cipher_alias(SN_bf_cbc,"bf"); -- EVP_add_cipher_alias(SN_bf_cbc,"blowfish"); -+ EVP_add_cipher(EVP_bf_ecb()); -+ EVP_add_cipher(EVP_bf_cfb()); -+ EVP_add_cipher(EVP_bf_ofb()); -+ EVP_add_cipher(EVP_bf_cbc()); -+ EVP_add_cipher_alias(SN_bf_cbc, "BF"); -+ EVP_add_cipher_alias(SN_bf_cbc, "bf"); -+ EVP_add_cipher_alias(SN_bf_cbc, "blowfish"); - #endif - - #ifndef OPENSSL_NO_CAST -- EVP_add_cipher(EVP_cast5_ecb()); -- EVP_add_cipher(EVP_cast5_cfb()); -- EVP_add_cipher(EVP_cast5_ofb()); -- EVP_add_cipher(EVP_cast5_cbc()); -- EVP_add_cipher_alias(SN_cast5_cbc,"CAST"); -- EVP_add_cipher_alias(SN_cast5_cbc,"cast"); -- EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc"); -- EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc"); -+ EVP_add_cipher(EVP_cast5_ecb()); -+ EVP_add_cipher(EVP_cast5_cfb()); -+ EVP_add_cipher(EVP_cast5_ofb()); -+ EVP_add_cipher(EVP_cast5_cbc()); -+ EVP_add_cipher_alias(SN_cast5_cbc, "CAST"); -+ EVP_add_cipher_alias(SN_cast5_cbc, "cast"); -+ EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc"); -+ EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc"); - #endif - - #ifndef OPENSSL_NO_RC5 -- EVP_add_cipher(EVP_rc5_32_12_16_ecb()); -- EVP_add_cipher(EVP_rc5_32_12_16_cfb()); -- EVP_add_cipher(EVP_rc5_32_12_16_ofb()); -- EVP_add_cipher(EVP_rc5_32_12_16_cbc()); -- EVP_add_cipher_alias(SN_rc5_cbc,"rc5"); -- EVP_add_cipher_alias(SN_rc5_cbc,"RC5"); -+ EVP_add_cipher(EVP_rc5_32_12_16_ecb()); -+ EVP_add_cipher(EVP_rc5_32_12_16_cfb()); -+ EVP_add_cipher(EVP_rc5_32_12_16_ofb()); -+ EVP_add_cipher(EVP_rc5_32_12_16_cbc()); -+ EVP_add_cipher_alias(SN_rc5_cbc, "rc5"); -+ EVP_add_cipher_alias(SN_rc5_cbc, "RC5"); - #endif - - #ifndef OPENSSL_NO_AES -- EVP_add_cipher(EVP_aes_128_ecb()); -- EVP_add_cipher(EVP_aes_128_cbc()); -- EVP_add_cipher(EVP_aes_128_cfb()); -- EVP_add_cipher(EVP_aes_128_cfb1()); -- EVP_add_cipher(EVP_aes_128_cfb8()); -- EVP_add_cipher(EVP_aes_128_ofb()); --#if 0 -- EVP_add_cipher(EVP_aes_128_ctr()); --#endif -- EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); -- EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); -- EVP_add_cipher(EVP_aes_192_ecb()); -- EVP_add_cipher(EVP_aes_192_cbc()); -- EVP_add_cipher(EVP_aes_192_cfb()); -- EVP_add_cipher(EVP_aes_192_cfb1()); -- EVP_add_cipher(EVP_aes_192_cfb8()); -- EVP_add_cipher(EVP_aes_192_ofb()); --#if 0 -- EVP_add_cipher(EVP_aes_192_ctr()); --#endif -- EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); -- EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); -- EVP_add_cipher(EVP_aes_256_ecb()); -- EVP_add_cipher(EVP_aes_256_cbc()); -- EVP_add_cipher(EVP_aes_256_cfb()); -- EVP_add_cipher(EVP_aes_256_cfb1()); -- EVP_add_cipher(EVP_aes_256_cfb8()); -- EVP_add_cipher(EVP_aes_256_ofb()); --#if 0 -- EVP_add_cipher(EVP_aes_256_ctr()); --#endif -- EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); -- EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); -+ EVP_add_cipher(EVP_aes_128_ecb()); -+ EVP_add_cipher(EVP_aes_128_cbc()); -+ EVP_add_cipher(EVP_aes_128_cfb()); -+ EVP_add_cipher(EVP_aes_128_cfb1()); -+ EVP_add_cipher(EVP_aes_128_cfb8()); -+ EVP_add_cipher(EVP_aes_128_ofb()); -+# if 0 -+ EVP_add_cipher(EVP_aes_128_ctr()); -+# endif -+ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); -+ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); -+ EVP_add_cipher(EVP_aes_192_ecb()); -+ EVP_add_cipher(EVP_aes_192_cbc()); -+ EVP_add_cipher(EVP_aes_192_cfb()); -+ EVP_add_cipher(EVP_aes_192_cfb1()); -+ EVP_add_cipher(EVP_aes_192_cfb8()); -+ EVP_add_cipher(EVP_aes_192_ofb()); -+# if 0 -+ EVP_add_cipher(EVP_aes_192_ctr()); -+# endif -+ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); -+ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); -+ EVP_add_cipher(EVP_aes_256_ecb()); -+ EVP_add_cipher(EVP_aes_256_cbc()); -+ EVP_add_cipher(EVP_aes_256_cfb()); -+ EVP_add_cipher(EVP_aes_256_cfb1()); -+ EVP_add_cipher(EVP_aes_256_cfb8()); -+ EVP_add_cipher(EVP_aes_256_ofb()); -+# if 0 -+ EVP_add_cipher(EVP_aes_256_ctr()); -+# endif -+ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); -+ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); - #endif - - #ifndef OPENSSL_NO_CAMELLIA -- EVP_add_cipher(EVP_camellia_128_ecb()); -- EVP_add_cipher(EVP_camellia_128_cbc()); -- EVP_add_cipher(EVP_camellia_128_cfb()); -- EVP_add_cipher(EVP_camellia_128_cfb1()); -- EVP_add_cipher(EVP_camellia_128_cfb8()); -- EVP_add_cipher(EVP_camellia_128_ofb()); -- EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128"); -- EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128"); -- EVP_add_cipher(EVP_camellia_192_ecb()); -- EVP_add_cipher(EVP_camellia_192_cbc()); -- EVP_add_cipher(EVP_camellia_192_cfb()); -- EVP_add_cipher(EVP_camellia_192_cfb1()); -- EVP_add_cipher(EVP_camellia_192_cfb8()); -- EVP_add_cipher(EVP_camellia_192_ofb()); -- EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192"); -- EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192"); -- EVP_add_cipher(EVP_camellia_256_ecb()); -- EVP_add_cipher(EVP_camellia_256_cbc()); -- EVP_add_cipher(EVP_camellia_256_cfb()); -- EVP_add_cipher(EVP_camellia_256_cfb1()); -- EVP_add_cipher(EVP_camellia_256_cfb8()); -- EVP_add_cipher(EVP_camellia_256_ofb()); -- EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); -- EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); -+ EVP_add_cipher(EVP_camellia_128_ecb()); -+ EVP_add_cipher(EVP_camellia_128_cbc()); -+ EVP_add_cipher(EVP_camellia_128_cfb()); -+ EVP_add_cipher(EVP_camellia_128_cfb1()); -+ EVP_add_cipher(EVP_camellia_128_cfb8()); -+ EVP_add_cipher(EVP_camellia_128_ofb()); -+ EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128"); -+ EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128"); -+ EVP_add_cipher(EVP_camellia_192_ecb()); -+ EVP_add_cipher(EVP_camellia_192_cbc()); -+ EVP_add_cipher(EVP_camellia_192_cfb()); -+ EVP_add_cipher(EVP_camellia_192_cfb1()); -+ EVP_add_cipher(EVP_camellia_192_cfb8()); -+ EVP_add_cipher(EVP_camellia_192_ofb()); -+ EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192"); -+ EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192"); -+ EVP_add_cipher(EVP_camellia_256_ecb()); -+ EVP_add_cipher(EVP_camellia_256_cbc()); -+ EVP_add_cipher(EVP_camellia_256_cfb()); -+ EVP_add_cipher(EVP_camellia_256_cfb1()); -+ EVP_add_cipher(EVP_camellia_256_cfb8()); -+ EVP_add_cipher(EVP_camellia_256_ofb()); -+ EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); -+ EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); - #endif - -- PKCS12_PBE_add(); -- PKCS5_PBE_add(); -- } -+ PKCS12_PBE_add(); -+ PKCS5_PBE_add(); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c -index e0841d1..ab17f7c 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/c_alld.c -+++ b/Cryptlib/OpenSSL/crypto/evp/c_alld.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,49 +63,49 @@ - #include - - void OpenSSL_add_all_digests(void) -- { -+{ - #ifndef OPENSSL_NO_MD4 -- EVP_add_digest(EVP_md4()); -+ EVP_add_digest(EVP_md4()); - #endif - #ifndef OPENSSL_NO_MD5 -- EVP_add_digest(EVP_md5()); -- EVP_add_digest_alias(SN_md5,"ssl2-md5"); -- EVP_add_digest_alias(SN_md5,"ssl3-md5"); -+ EVP_add_digest(EVP_md5()); -+ EVP_add_digest_alias(SN_md5, "ssl2-md5"); -+ EVP_add_digest_alias(SN_md5, "ssl3-md5"); - #endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) -- EVP_add_digest(EVP_sha()); --#ifndef OPENSSL_NO_DSA -- EVP_add_digest(EVP_dss()); --#endif -+ EVP_add_digest(EVP_sha()); -+# ifndef OPENSSL_NO_DSA -+ EVP_add_digest(EVP_dss()); -+# endif - #endif - #ifndef OPENSSL_NO_SHA -- EVP_add_digest(EVP_sha1()); -- EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); -- EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); --#ifndef OPENSSL_NO_DSA -- EVP_add_digest(EVP_dss1()); -- EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); -- EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); -- EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); --#endif --#ifndef OPENSSL_NO_ECDSA -- EVP_add_digest(EVP_ecdsa()); --#endif -+ EVP_add_digest(EVP_sha1()); -+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); -+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -+# ifndef OPENSSL_NO_DSA -+ EVP_add_digest(EVP_dss1()); -+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -+# endif -+# ifndef OPENSSL_NO_ECDSA -+ EVP_add_digest(EVP_ecdsa()); -+# endif - #endif - #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) -- EVP_add_digest(EVP_mdc2()); -+ EVP_add_digest(EVP_mdc2()); - #endif - #ifndef OPENSSL_NO_RIPEMD -- EVP_add_digest(EVP_ripemd160()); -- EVP_add_digest_alias(SN_ripemd160,"ripemd"); -- EVP_add_digest_alias(SN_ripemd160,"rmd160"); -+ EVP_add_digest(EVP_ripemd160()); -+ EVP_add_digest_alias(SN_ripemd160, "ripemd"); -+ EVP_add_digest_alias(SN_ripemd160, "rmd160"); - #endif - #ifndef OPENSSL_NO_SHA256 -- EVP_add_digest(EVP_sha224()); -- EVP_add_digest(EVP_sha256()); -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); - #endif - #ifndef OPENSSL_NO_SHA512 -- EVP_add_digest(EVP_sha384()); -- EVP_add_digest(EVP_sha512()); -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c -index 64cdf93..a0a6bc0 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c -+++ b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -114,67 +114,63 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include "evp_locl.h" - - #ifndef OPENSSL_NO_ENGINE - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - --static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) -- { -- if (*ptype) -- { -- /* Ensure an ENGINE left lying around from last time is cleared -- * (the previous check attempted to avoid this if the same -- * ENGINE and EVP_MD could be used). */ -- if(ctx->engine) -- ENGINE_finish(ctx->engine); -- if(impl) -- { -- if (!ENGINE_init(impl)) -- { -- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- } -- else -- /* Ask if an ENGINE is reserved for this job */ -- impl = ENGINE_get_digest_engine((*ptype)->type); -- if(impl) -- { -- /* There's an ENGINE for this job ... (apparently) */ -- const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); -- if(!d) -- { -- /* Same comment from evp_enc.c */ -- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- /* We'll use the ENGINE's private digest definition */ -- *ptype = d; -- /* Store the ENGINE functional reference so we know -- * 'type' came from an ENGINE and we need to release -- * it when done. */ -- ctx->engine = impl; -- } -- else -- ctx->engine = NULL; -- } -- else -- if(!ctx->digest) -- { -- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_NO_DIGEST_SET); -- return 0; -- } -- return 1; -- } -+static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, -+ ENGINE *impl) -+{ -+ if (*ptype) { -+ /* -+ * Ensure an ENGINE left lying around from last time is cleared (the -+ * previous check attempted to avoid this if the same ENGINE and -+ * EVP_MD could be used). -+ */ -+ if (ctx->engine) -+ ENGINE_finish(ctx->engine); -+ if (impl) { -+ if (!ENGINE_init(impl)) { -+ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, -+ EVP_R_INITIALIZATION_ERROR); -+ return 0; -+ } -+ } else -+ /* Ask if an ENGINE is reserved for this job */ -+ impl = ENGINE_get_digest_engine((*ptype)->type); -+ if (impl) { -+ /* There's an ENGINE for this job ... (apparently) */ -+ const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); -+ if (!d) { -+ /* Same comment from evp_enc.c */ -+ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, -+ EVP_R_INITIALIZATION_ERROR); -+ return 0; -+ } -+ /* We'll use the ENGINE's private digest definition */ -+ *ptype = d; -+ /* -+ * Store the ENGINE functional reference so we know 'type' came -+ * from an ENGINE and we need to release it when done. -+ */ -+ ctx->engine = impl; -+ } else -+ ctx->engine = NULL; -+ } else if (!ctx->digest) { -+ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, EVP_R_NO_DIGEST_SET); -+ return 0; -+ } -+ return 1; -+} - - void int_EVP_MD_init_engine_callbacks(void) -- { -- int_EVP_MD_set_engine_callbacks( -- ENGINE_init, ENGINE_finish, do_evp_md_engine_full); -- } --#endif -+{ -+ int_EVP_MD_set_engine_callbacks(ENGINE_init, ENGINE_finish, -+ do_evp_md_engine_full); -+} -+# endif - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c -index 10a3607..9f5ee7b 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/digest.c -+++ b/Cryptlib/OpenSSL/crypto/evp/digest.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -114,345 +114,347 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include "evp_locl.h" - - void EVP_MD_CTX_init(EVP_MD_CTX *ctx) -- { -- memset(ctx,'\0',sizeof *ctx); -- } -+{ -+ memset(ctx, '\0', sizeof *ctx); -+} - - EVP_MD_CTX *EVP_MD_CTX_create(void) -- { -- EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); -+{ -+ EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); - -- if (ctx) -- EVP_MD_CTX_init(ctx); -+ if (ctx) -+ EVP_MD_CTX_init(ctx); - -- return ctx; -- } -+ return ctx; -+} - - int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) -- { -- EVP_MD_CTX_init(ctx); -- return EVP_DigestInit_ex(ctx, type, NULL); -- } -+{ -+ EVP_MD_CTX_init(ctx); -+ return EVP_DigestInit_ex(ctx, type, NULL); -+} - - #ifdef OPENSSL_FIPS - --/* The purpose of these is to trap programs that attempt to use non FIPS -+/* -+ * The purpose of these is to trap programs that attempt to use non FIPS - * algorithms in FIPS mode and ignore the errors. - */ - - static int bad_init(EVP_MD_CTX *ctx) -- { FIPS_ERROR_IGNORED("Digest init"); return 0;} -- --static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { FIPS_ERROR_IGNORED("Digest update"); return 0;} -- --static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) -- { FIPS_ERROR_IGNORED("Digest Final"); return 0;} -- --static const EVP_MD bad_md = -- { -- 0, -- 0, -- 0, -- 0, -- bad_init, -- bad_update, -- bad_final, -- NULL, -- NULL, -- NULL, -- 0, -- {0,0,0,0}, -- }; -+{ -+ FIPS_ERROR_IGNORED("Digest init"); -+ return 0; -+} -+ -+static int bad_update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ FIPS_ERROR_IGNORED("Digest update"); -+ return 0; -+} -+ -+static int bad_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ FIPS_ERROR_IGNORED("Digest Final"); -+ return 0; -+} -+ -+static const EVP_MD bad_md = { -+ 0, -+ 0, -+ 0, -+ 0, -+ bad_init, -+ bad_update, -+ bad_final, -+ NULL, -+ NULL, -+ NULL, -+ 0, -+ {0, 0, 0, 0}, -+}; - - #endif - - #ifndef OPENSSL_NO_ENGINE - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS -+ -+static int do_engine_null(ENGINE *impl) -+{ -+ return 0; -+} - --static int do_engine_null(ENGINE *impl) { return 0;} - static int do_evp_md_engine_null(EVP_MD_CTX *ctx, -- const EVP_MD **ptype, ENGINE *impl) -- { return 1; } -+ const EVP_MD **ptype, ENGINE *impl) -+{ -+ return 1; -+} - --static int (*do_engine_init)(ENGINE *impl) -- = do_engine_null; -+static int (*do_engine_init) (ENGINE *impl) -+ = do_engine_null; - --static int (*do_engine_finish)(ENGINE *impl) -- = do_engine_null; -+static int (*do_engine_finish) (ENGINE *impl) -+ = do_engine_null; - - static int (*do_evp_md_engine) -- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) -- = do_evp_md_engine_null; -- --void int_EVP_MD_set_engine_callbacks( -- int (*eng_md_init)(ENGINE *impl), -- int (*eng_md_fin)(ENGINE *impl), -- int (*eng_md_evp) -- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)) -- { -- do_engine_init = eng_md_init; -- do_engine_finish = eng_md_fin; -- do_evp_md_engine = eng_md_evp; -- } -- --#else -- --#define do_engine_init ENGINE_init --#define do_engine_finish ENGINE_finish -- --static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) -- { -- if (*ptype) -- { -- /* Ensure an ENGINE left lying around from last time is cleared -- * (the previous check attempted to avoid this if the same -- * ENGINE and EVP_MD could be used). */ -- if(ctx->engine) -- ENGINE_finish(ctx->engine); -- if(impl) -- { -- if (!ENGINE_init(impl)) -- { -- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- } -- else -- /* Ask if an ENGINE is reserved for this job */ -- impl = ENGINE_get_digest_engine((*ptype)->type); -- if(impl) -- { -- /* There's an ENGINE for this job ... (apparently) */ -- const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); -- if(!d) -- { -- /* Same comment from evp_enc.c */ -- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); -- ENGINE_finish(impl); -- return 0; -- } -- /* We'll use the ENGINE's private digest definition */ -- *ptype = d; -- /* Store the ENGINE functional reference so we know -- * 'type' came from an ENGINE and we need to release -- * it when done. */ -- ctx->engine = impl; -- } -- else -- ctx->engine = NULL; -- } -- else -- if(!ctx->digest) -- { -- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET); -- return 0; -- } -- return 1; -- } -- --#endif -+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) -+ = do_evp_md_engine_null; -+ -+void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl), -+ int (*eng_md_fin) (ENGINE *impl), -+ int (*eng_md_evp) -+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, -+ ENGINE *impl)) -+{ -+ do_engine_init = eng_md_init; -+ do_engine_finish = eng_md_fin; -+ do_evp_md_engine = eng_md_evp; -+} -+ -+# else -+ -+# define do_engine_init ENGINE_init -+# define do_engine_finish ENGINE_finish -+ -+static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, -+ ENGINE *impl) -+{ -+ if (*ptype) { -+ /* -+ * Ensure an ENGINE left lying around from last time is cleared (the -+ * previous check attempted to avoid this if the same ENGINE and -+ * EVP_MD could be used). -+ */ -+ if (ctx->engine) -+ ENGINE_finish(ctx->engine); -+ if (impl) { -+ if (!ENGINE_init(impl)) { -+ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR); -+ return 0; -+ } -+ } else -+ /* Ask if an ENGINE is reserved for this job */ -+ impl = ENGINE_get_digest_engine((*ptype)->type); -+ if (impl) { -+ /* There's an ENGINE for this job ... (apparently) */ -+ const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); -+ if (!d) { -+ /* Same comment from evp_enc.c */ -+ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR); -+ ENGINE_finish(impl); -+ return 0; -+ } -+ /* We'll use the ENGINE's private digest definition */ -+ *ptype = d; -+ /* -+ * Store the ENGINE functional reference so we know 'type' came -+ * from an ENGINE and we need to release it when done. -+ */ -+ ctx->engine = impl; -+ } else -+ ctx->engine = NULL; -+ } else if (!ctx->digest) { -+ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_NO_DIGEST_SET); -+ return 0; -+ } -+ return 1; -+} -+ -+# endif - - #endif - - int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) -- { -- M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); -+{ -+ M_EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); - #ifdef OPENSSL_FIPS -- if(FIPS_selftest_failed()) -- { -- FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); -- ctx->digest = &bad_md; -- return 0; -- } -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); -+ ctx->digest = &bad_md; -+ return 0; -+ } - #endif - #ifndef OPENSSL_NO_ENGINE -- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts -- * so this context may already have an ENGINE! Try to avoid releasing -- * the previous handle, re-querying for an ENGINE, and having a -- * reinitialisation, when it may all be unecessary. */ -- if (ctx->engine && ctx->digest && (!type || -- (type && (type->type == ctx->digest->type)))) -- goto skip_to_init; -- if (!do_evp_md_engine(ctx, &type, impl)) -- return 0; -+ /* -+ * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -+ * this context may already have an ENGINE! Try to avoid releasing the -+ * previous handle, re-querying for an ENGINE, and having a -+ * reinitialisation, when it may all be unecessary. -+ */ -+ if (ctx->engine && ctx->digest && (!type || -+ (type -+ && (type->type == -+ ctx->digest->type)))) -+ goto skip_to_init; -+ if (!do_evp_md_engine(ctx, &type, impl)) -+ return 0; - #endif -- if (ctx->digest != type) -- { -+ if (ctx->digest != type) { - #ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- { -- if (!(type->flags & EVP_MD_FLAG_FIPS) -- && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) -- { -- EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); -- ctx->digest = &bad_md; -- return 0; -- } -- } -+ if (FIPS_mode()) { -+ if (!(type->flags & EVP_MD_FLAG_FIPS) -+ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { -+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); -+ ctx->digest = &bad_md; -+ return 0; -+ } -+ } - #endif -- if (ctx->digest && ctx->digest->ctx_size) -- OPENSSL_free(ctx->md_data); -- ctx->digest=type; -- if (type->ctx_size) -- { -- ctx->md_data=OPENSSL_malloc(type->ctx_size); -- if (!ctx->md_data) -- { -- EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- } -+ if (ctx->digest && ctx->digest->ctx_size) -+ OPENSSL_free(ctx->md_data); -+ ctx->digest = type; -+ if (type->ctx_size) { -+ ctx->md_data = OPENSSL_malloc(type->ctx_size); -+ if (!ctx->md_data) { -+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ } - #ifndef OPENSSL_NO_ENGINE -- skip_to_init: -+ skip_to_init: - #endif -- return ctx->digest->init(ctx); -- } -+ return ctx->digest->init(ctx); -+} - --int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, -- size_t count) -- { -+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ - #ifdef OPENSSL_FIPS -- FIPS_selftest_check(); -+ FIPS_selftest_check(); - #endif -- return ctx->digest->update(ctx,data,count); -- } -+ return ctx->digest->update(ctx, data, count); -+} - - /* The caller can assume that this removes any secret data from the context */ - int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) -- { -- int ret; -- ret = EVP_DigestFinal_ex(ctx, md, size); -- EVP_MD_CTX_cleanup(ctx); -- return ret; -- } -+{ -+ int ret; -+ ret = EVP_DigestFinal_ex(ctx, md, size); -+ EVP_MD_CTX_cleanup(ctx); -+ return ret; -+} - - /* The caller can assume that this removes any secret data from the context */ - int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) -- { -- int ret; -+{ -+ int ret; - #ifdef OPENSSL_FIPS -- FIPS_selftest_check(); -+ FIPS_selftest_check(); - #endif - -- OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); -- ret=ctx->digest->final(ctx,md); -- if (size != NULL) -- *size=ctx->digest->md_size; -- if (ctx->digest->cleanup) -- { -- ctx->digest->cleanup(ctx); -- M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); -- } -- memset(ctx->md_data,0,ctx->digest->ctx_size); -- return ret; -- } -+ OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); -+ ret = ctx->digest->final(ctx, md); -+ if (size != NULL) -+ *size = ctx->digest->md_size; -+ if (ctx->digest->cleanup) { -+ ctx->digest->cleanup(ctx); -+ M_EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); -+ } -+ memset(ctx->md_data, 0, ctx->digest->ctx_size); -+ return ret; -+} - - int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) -- { -- EVP_MD_CTX_init(out); -- return EVP_MD_CTX_copy_ex(out, in); -- } -+{ -+ EVP_MD_CTX_init(out); -+ return EVP_MD_CTX_copy_ex(out, in); -+} - - int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) -- { -- unsigned char *tmp_buf; -- if ((in == NULL) || (in->digest == NULL)) -- { -- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); -- return 0; -- } -+{ -+ unsigned char *tmp_buf; -+ if ((in == NULL) || (in->digest == NULL)) { -+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED); -+ return 0; -+ } - #ifndef OPENSSL_NO_ENGINE -- /* Make sure it's safe to copy a digest context using an ENGINE */ -- if (in->engine && !do_engine_init(in->engine)) -- { -- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); -- return 0; -- } -+ /* Make sure it's safe to copy a digest context using an ENGINE */ -+ if (in->engine && !do_engine_init(in->engine)) { -+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB); -+ return 0; -+ } - #endif - -- if (out->digest == in->digest) -- { -- tmp_buf = out->md_data; -- M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); -- } -- else tmp_buf = NULL; -- EVP_MD_CTX_cleanup(out); -- memcpy(out,in,sizeof *out); -- -- if (out->digest->ctx_size) -- { -- if (tmp_buf) -- out->md_data = tmp_buf; -- else -- { -- out->md_data=OPENSSL_malloc(out->digest->ctx_size); -- if (!out->md_data) -- { -- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- memcpy(out->md_data,in->md_data,out->digest->ctx_size); -- } -- -- if (out->digest->copy) -- return out->digest->copy(out,in); -- -- return 1; -- } -+ if (out->digest == in->digest) { -+ tmp_buf = out->md_data; -+ M_EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); -+ } else -+ tmp_buf = NULL; -+ EVP_MD_CTX_cleanup(out); -+ memcpy(out, in, sizeof *out); -+ -+ if (out->digest->ctx_size) { -+ if (tmp_buf) -+ out->md_data = tmp_buf; -+ else { -+ out->md_data = OPENSSL_malloc(out->digest->ctx_size); -+ if (!out->md_data) { -+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ memcpy(out->md_data, in->md_data, out->digest->ctx_size); -+ } -+ -+ if (out->digest->copy) -+ return out->digest->copy(out, in); -+ -+ return 1; -+} - - int EVP_Digest(const void *data, size_t count, -- unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) -- { -- EVP_MD_CTX ctx; -- int ret; -- -- EVP_MD_CTX_init(&ctx); -- M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); -- ret=EVP_DigestInit_ex(&ctx, type, impl) -- && EVP_DigestUpdate(&ctx, data, count) -- && EVP_DigestFinal_ex(&ctx, md, size); -- EVP_MD_CTX_cleanup(&ctx); -- -- return ret; -- } -+ unsigned char *md, unsigned int *size, const EVP_MD *type, -+ ENGINE *impl) -+{ -+ EVP_MD_CTX ctx; -+ int ret; -+ -+ EVP_MD_CTX_init(&ctx); -+ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); -+ ret = EVP_DigestInit_ex(&ctx, type, impl) -+ && EVP_DigestUpdate(&ctx, data, count) -+ && EVP_DigestFinal_ex(&ctx, md, size); -+ EVP_MD_CTX_cleanup(&ctx); -+ -+ return ret; -+} - - void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) -- { -- EVP_MD_CTX_cleanup(ctx); -- OPENSSL_free(ctx); -- } -+{ -+ EVP_MD_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); -+} - - /* This call frees resources associated with the context */ - int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) -- { -- /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, -- * because sometimes only copies of the context are ever finalised. -- */ -- if (ctx->digest && ctx->digest->cleanup -- && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) -- ctx->digest->cleanup(ctx); -- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data -- && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) -- { -- OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); -- OPENSSL_free(ctx->md_data); -- } -+{ -+ /* -+ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because -+ * sometimes only copies of the context are ever finalised. -+ */ -+ if (ctx->digest && ctx->digest->cleanup -+ && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) -+ ctx->digest->cleanup(ctx); -+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data -+ && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { -+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); -+ OPENSSL_free(ctx->md_data); -+ } - #ifndef OPENSSL_NO_ENGINE -- if(ctx->engine) -- /* The EVP_MD we used belongs to an ENGINE, release the -- * functional reference we held for this reason. */ -- do_engine_finish(ctx->engine); -+ if (ctx->engine) -+ /* -+ * The EVP_MD we used belongs to an ENGINE, release the functional -+ * reference we held for this reason. -+ */ -+ do_engine_finish(ctx->engine); - #endif -- memset(ctx,'\0',sizeof *ctx); -+ memset(ctx, '\0', sizeof *ctx); - -- return 1; -- } -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c -index c9a5ee8..5d08405 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_aes.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_aes.c -@@ -6,7 +6,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -50,68 +50,60 @@ - - #include - #ifndef OPENSSL_NO_AES --#include --#include --#include --#include --#include --#include "evp_locl.h" -+# include -+# include -+# include -+# include -+# include -+# include "evp_locl.h" - - static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc); -+ const unsigned char *iv, int enc); - --typedef struct -- { -- AES_KEY ks; -- } EVP_AES_KEY; -+typedef struct { -+ AES_KEY ks; -+} EVP_AES_KEY; - --#define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) -+# define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) - - IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, -- NID_aes_128, 16, 16, 16, 128, -- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -- aes_init_key, -- NULL, NULL, NULL, NULL) --IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, -- NID_aes_192, 16, 24, 16, 128, -- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -- aes_init_key, -- NULL, NULL, NULL, NULL) --IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, -- NID_aes_256, 16, 32, 16, 128, -- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -- aes_init_key, -- NULL, NULL, NULL, NULL) -+ NID_aes_128, 16, 16, 16, 128, -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, -+ aes_init_key, NULL, NULL, NULL, NULL) -+ IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, -+ NID_aes_192, 16, 24, 16, 128, -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, -+ aes_init_key, NULL, NULL, NULL, NULL) -+ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, -+ NID_aes_256, 16, 32, 16, 128, -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, -+ aes_init_key, NULL, NULL, NULL, NULL) -+# define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) -+ IMPLEMENT_AES_CFBR(128, 1, EVP_CIPH_FLAG_FIPS) -+ IMPLEMENT_AES_CFBR(192, 1, EVP_CIPH_FLAG_FIPS) -+ IMPLEMENT_AES_CFBR(256, 1, EVP_CIPH_FLAG_FIPS) - --#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) -- --IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) --IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) --IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) -- --IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) --IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) --IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) -+ IMPLEMENT_AES_CFBR(128, 8, EVP_CIPH_FLAG_FIPS) -+ IMPLEMENT_AES_CFBR(192, 8, EVP_CIPH_FLAG_FIPS) -+ IMPLEMENT_AES_CFBR(256, 8, EVP_CIPH_FLAG_FIPS) - - static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- int ret; -+ const unsigned char *iv, int enc) -+{ -+ int ret; - -- if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE -- || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE -- || enc) -- ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); -- else -- ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); -+ if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE -+ || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || enc) -+ ret = AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); -+ else -+ ret = AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); - -- if(ret < 0) -- { -- EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); -- return 0; -- } -+ if (ret < 0) { -+ EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); -+ return 0; -+ } - -- return 1; -- } -+ return 1; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c -index cc224e5..d6a0178 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_bf.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_bf.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,30 +59,29 @@ - #include - #include "cryptlib.h" - #ifndef OPENSSL_NO_BF --#include --#include "evp_locl.h" --#include --#include -+# include -+# include "evp_locl.h" -+# include -+# include - - static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc); -+ const unsigned char *iv, int enc); - --typedef struct -- { -- BF_KEY ks; -- } EVP_BF_KEY; -+typedef struct { -+ BF_KEY ks; -+} EVP_BF_KEY; - --#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) -+# define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) - - IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, -- EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, -- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -- -+ EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, -+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -+ - static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+ BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); -+ return 1; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c -index d77bcd9..3f74548 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_cast.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_cast.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,31 +60,30 @@ - #include "cryptlib.h" - - #ifndef OPENSSL_NO_CAST --#include --#include --#include "evp_locl.h" --#include -+# include -+# include -+# include "evp_locl.h" -+# include - - static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); -+ -+typedef struct { -+ CAST_KEY ks; -+} EVP_CAST_KEY; - --typedef struct -- { -- CAST_KEY ks; -- } EVP_CAST_KEY; -+# define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) - --#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) -+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, -+ NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, -+ EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, -+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - --IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, -- NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, -- EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, -- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -- - static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+ CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); -+ return 1; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c -index 04376df..e5b99ec 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_des.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,121 +59,124 @@ - #include - #include "cryptlib.h" - #ifndef OPENSSL_NO_DES --#include --#include --#include "evp_locl.h" --#include --#include -+# include -+# include -+# include "evp_locl.h" -+# include -+# include - - static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc); -+ const unsigned char *iv, int enc); - static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - --/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ -+/* -+ * Because of various casts and different names can't use -+ * IMPLEMENT_BLOCK_CIPHER -+ */ - - static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- BLOCK_CIPHER_ecb_loop() -- DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); -- return 1; -+ BLOCK_CIPHER_ecb_loop() -+ DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), -+ ctx->cipher_data, ctx->encrypt); -+ return 1; - } - - static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); -- return 1; -+ DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, &ctx->num); -+ return 1; - } - - static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, -- (DES_cblock *)ctx->iv, ctx->encrypt); -- return 1; -+ DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, ctx->encrypt); -+ return 1; - } - - static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, -- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); -- return 1; -+ DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, -+ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); -+ return 1; - } - --/* Although we have a CFB-r implementation for DES, it doesn't pack the right -- way, so wrap it here */ -+/* -+ * Although we have a CFB-r implementation for DES, it doesn't pack the right -+ * way, so wrap it here -+ */ - static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { -+ const unsigned char *in, unsigned int inl) -+{ - unsigned int n; -- unsigned char c[1],d[1]; -- -- for(n=0 ; n < inl ; ++n) -- { -- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; -- DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, -- ctx->encrypt); -- out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); -- } -- return 1; -+ unsigned char c[1], d[1]; -+ -+ for (n = 0; n < inl; ++n) { -+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; -+ DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, (DES_cblock *)ctx->iv, -+ ctx->encrypt); -+ out[n / 8] = -+ (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8)); - } -+ return 1; -+} - - static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { -- DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv, -- ctx->encrypt); -+ const unsigned char *in, unsigned int inl) -+{ -+ DES_cfb_encrypt(in, out, 8, inl, ctx->cipher_data, (DES_cblock *)ctx->iv, -+ ctx->encrypt); - return 1; -- } -+} - - BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, -- EVP_CIPH_RAND_KEY, -- des_init_key, NULL, -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- des_ctrl) -- --BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, -- EVP_CIPH_RAND_KEY, -- des_init_key, NULL, -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv,des_ctrl) -- --BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, -- EVP_CIPH_RAND_KEY, -- des_init_key,NULL, -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv,des_ctrl) -+ EVP_CIPH_RAND_KEY, -+ des_init_key, NULL, -+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) -+ -+ -+BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1, -+ EVP_CIPH_RAND_KEY, -+ des_init_key, NULL, -+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) -+ -+BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8, -+ EVP_CIPH_RAND_KEY, -+ des_init_key, NULL, -+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - - static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- DES_cblock *deskey = (DES_cblock *)key; --#ifdef EVP_CHECK_DES_KEY -- if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) -- return 0; --#else -- DES_set_key_unchecked(deskey,ctx->cipher_data); --#endif -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+ DES_cblock *deskey = (DES_cblock *)key; -+# ifdef EVP_CHECK_DES_KEY -+ if (DES_set_key_checked(deskey, ctx->cipher_data) != 0) -+ return 0; -+# else -+ DES_set_key_unchecked(deskey, ctx->cipher_data); -+# endif -+ return 1; -+} - - static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -- { -- -- switch(type) -- { -- case EVP_CTRL_RAND_KEY: -- if (RAND_bytes(ptr, 8) <= 0) -- return 0; -- DES_set_odd_parity((DES_cblock *)ptr); -- return 1; -- -- default: -- return -1; -- } -- } -+{ -+ -+ switch (type) { -+ case EVP_CTRL_RAND_KEY: -+ if (RAND_bytes(ptr, 8) <= 0) -+ return 0; -+ DES_set_odd_parity((DES_cblock *)ptr); -+ return 1; -+ -+ default: -+ return -1; -+ } -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c -index f910af1..b80348b 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,212 +59,213 @@ - #include - #include "cryptlib.h" - #ifndef OPENSSL_NO_DES --#include --#include --#include "evp_locl.h" --#include --#include -+# include -+# include -+# include "evp_locl.h" -+# include -+# include - - static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); - - static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); - - static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - --typedef struct -- { -- DES_key_schedule ks1;/* key schedule */ -- DES_key_schedule ks2;/* key schedule (for ede) */ -- DES_key_schedule ks3;/* key schedule (for ede3) */ -- } DES_EDE_KEY; -+typedef struct { -+ DES_key_schedule ks1; /* key schedule */ -+ DES_key_schedule ks2; /* key schedule (for ede) */ -+ DES_key_schedule ks3; /* key schedule (for ede3) */ -+} DES_EDE_KEY; - --#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) -+# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) - --/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ -+/* -+ * Because of various casts and different args can't use -+ * IMPLEMENT_BLOCK_CIPHER -+ */ - - static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- BLOCK_CIPHER_ecb_loop() -- DES_ecb3_encrypt((const_DES_cblock *)(in + i), -- (DES_cblock *)(out + i), -- &data(ctx)->ks1, &data(ctx)->ks2, -- &data(ctx)->ks3, -- ctx->encrypt); -- return 1; -+ BLOCK_CIPHER_ecb_loop() -+ DES_ecb3_encrypt((const_DES_cblock *)(in + i), -+ (DES_cblock *)(out + i), -+ &data(ctx)->ks1, &data(ctx)->ks2, -+ &data(ctx)->ks3, ctx->encrypt); -+ return 1; - } - - static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- DES_ede3_ofb64_encrypt(in, out, (long)inl, -- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -- (DES_cblock *)ctx->iv, &ctx->num); -- return 1; -+ DES_ede3_ofb64_encrypt(in, out, (long)inl, -+ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -+ (DES_cblock *)ctx->iv, &ctx->num); -+ return 1; - } - - static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { --#ifdef KSSL_DEBUG -- { -+# ifdef KSSL_DEBUG -+ { - int i; -- printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len); -- printf("\t iv= "); -- for(i=0;i<8;i++) -- printf("%02X",ctx->iv[i]); -- printf("\n"); -- } --#endif /* KSSL_DEBUG */ -- DES_ede3_cbc_encrypt(in, out, (long)inl, -- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -- (DES_cblock *)ctx->iv, ctx->encrypt); -- return 1; -+ printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, -+ ctx->buf_len); -+ printf("\t iv= "); -+ for (i = 0; i < 8; i++) -+ printf("%02X", ctx->iv[i]); -+ printf("\n"); -+ } -+# endif /* KSSL_DEBUG */ -+ DES_ede3_cbc_encrypt(in, out, (long)inl, -+ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -+ (DES_cblock *)ctx->iv, ctx->encrypt); -+ return 1; - } - - static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- DES_ede3_cfb64_encrypt(in, out, (long)inl, -- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); -- return 1; -+ DES_ede3_cfb64_encrypt(in, out, (long)inl, -+ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -+ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); -+ return 1; - } - --/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right -- way, so wrap it here */ -+/* -+ * Although we have a CFB-r implementation for 3-DES, it doesn't pack the -+ * right way, so wrap it here -+ */ - static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { -+ const unsigned char *in, unsigned int inl) -+{ - unsigned int n; -- unsigned char c[1],d[1]; -+ unsigned char c[1], d[1]; - -- for(n=0 ; n < inl ; ++n) -- { -- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; -- DES_ede3_cfb_encrypt(c,d,1,1, -- &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, -- (DES_cblock *)ctx->iv,ctx->encrypt); -- out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); -- } -+ for (n = 0; n < inl; ++n) { -+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; -+ DES_ede3_cfb_encrypt(c, d, 1, 1, -+ &data(ctx)->ks1, &data(ctx)->ks2, -+ &data(ctx)->ks3, (DES_cblock *)ctx->iv, -+ ctx->encrypt); -+ out[n / 8] = -+ (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8)); -+ } - - return 1; -- } -+} - - static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { -- DES_ede3_cfb_encrypt(in,out,8,inl, -- &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, -- (DES_cblock *)ctx->iv,ctx->encrypt); -+ const unsigned char *in, unsigned int inl) -+{ -+ DES_ede3_cfb_encrypt(in, out, 8, inl, -+ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -+ (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; -- } -+} - - BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, -- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede_init_key, -- NULL, NULL, NULL, -- des3_ctrl) -- --#define des_ede3_cfb64_cipher des_ede_cfb64_cipher --#define des_ede3_ofb_cipher des_ede_ofb_cipher --#define des_ede3_cbc_cipher des_ede_cbc_cipher --#define des_ede3_ecb_cipher des_ede_ecb_cipher -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede_init_key, NULL, NULL, -+ NULL, des3_ctrl) -+# define des_ede3_cfb64_cipher des_ede_cfb64_cipher -+# define des_ede3_ofb_cipher des_ede_ofb_cipher -+# define des_ede3_cbc_cipher des_ede_cbc_cipher -+# define des_ede3_ecb_cipher des_ede_ecb_cipher -+ BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, -+ des3_ctrl) - --BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, -- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, -- NULL, NULL, NULL, -- des3_ctrl) -+ BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, -+ NULL, des3_ctrl) - --BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, -- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, -- NULL, NULL, NULL, -- des3_ctrl) -- --BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, -- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, -- NULL, NULL, NULL, -- des3_ctrl) -+ BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, -+ NULL, des3_ctrl) - - static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- DES_cblock *deskey = (DES_cblock *)key; --#ifdef EVP_CHECK_DES_KEY -- if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) -- !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) -- return 0; --#else -- DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); -- DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); --#endif -- memcpy(&data(ctx)->ks3,&data(ctx)->ks1, -- sizeof(data(ctx)->ks1)); -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+ DES_cblock *deskey = (DES_cblock *)key; -+# ifdef EVP_CHECK_DES_KEY -+ if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) -+ ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2)) -+ return 0; -+# else -+ DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); -+ DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); -+# endif -+ memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1)); -+ return 1; -+} - - static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- DES_cblock *deskey = (DES_cblock *)key; --#ifdef KSSL_DEBUG -- { -+ const unsigned char *iv, int enc) -+{ -+ DES_cblock *deskey = (DES_cblock *)key; -+# ifdef KSSL_DEBUG -+ { - int i; - printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx); -- printf("\tKEY= "); -- for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); -- printf("\t IV= "); -- for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); -- } --#endif /* KSSL_DEBUG */ -+ printf("\tKEY= "); -+ for (i = 0; i < 24; i++) -+ printf("%02X", key[i]); -+ printf("\n"); -+ printf("\t IV= "); -+ for (i = 0; i < 8; i++) -+ printf("%02X", iv[i]); -+ printf("\n"); -+ } -+# endif /* KSSL_DEBUG */ - --#ifdef EVP_CHECK_DES_KEY -- if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) -- || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) -- || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) -- return 0; --#else -- DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); -- DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); -- DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); --#endif -- return 1; -- } -+# ifdef EVP_CHECK_DES_KEY -+ if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) -+ || DES_set_key_checked(&deskey[1], &data(ctx)->ks2) -+ || DES_set_key_checked(&deskey[2], &data(ctx)->ks3)) -+ return 0; -+# else -+ DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); -+ DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); -+ DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); -+# endif -+ return 1; -+} - - static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -- { -+{ - -- DES_cblock *deskey = ptr; -+ DES_cblock *deskey = ptr; - -- switch(type) -- { -- case EVP_CTRL_RAND_KEY: -- if (RAND_bytes(ptr, c->key_len) <= 0) -- return 0; -- DES_set_odd_parity(deskey); -- if (c->key_len >= 16) -- DES_set_odd_parity(deskey + 1); -- if (c->key_len >= 24) -- DES_set_odd_parity(deskey + 2); -- return 1; -+ switch (type) { -+ case EVP_CTRL_RAND_KEY: -+ if (RAND_bytes(ptr, c->key_len) <= 0) -+ return 0; -+ DES_set_odd_parity(deskey); -+ if (c->key_len >= 16) -+ DES_set_odd_parity(deskey + 1); -+ if (c->key_len >= 24) -+ DES_set_odd_parity(deskey + 2); -+ return 1; - -- default: -- return -1; -- } -- } -+ default: -+ return -1; -+ } -+} - - const EVP_CIPHER *EVP_des_ede(void) - { -- return &des_ede_ecb; -+ return &des_ede_ecb; - } - - const EVP_CIPHER *EVP_des_ede3(void) - { -- return &des_ede3_ecb; -+ return &des_ede3_ecb; - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c -index 48c33a7..035034b 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_idea.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_idea.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,59 +60,60 @@ - #include "cryptlib.h" - - #ifndef OPENSSL_NO_IDEA --#include --#include --#include "evp_locl.h" --#include -+# include -+# include -+# include "evp_locl.h" -+# include - - static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); - --/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special -- * case -+/* -+ * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a -+ * special case - */ - - static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, unsigned int inl) - { -- BLOCK_CIPHER_ecb_loop() -- idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); -- return 1; -+ BLOCK_CIPHER_ecb_loop() -+ idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); -+ return 1; - } - - /* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ - --typedef struct -- { -- IDEA_KEY_SCHEDULE ks; -- } EVP_IDEA_KEY; -+typedef struct { -+ IDEA_KEY_SCHEDULE ks; -+} EVP_IDEA_KEY; - - BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) --BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) --BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) -+ BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) -+ BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) - --BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, -- 0, idea_init_key, NULL, -- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -+ BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, -+ 0, idea_init_key, NULL, -+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - - static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- if(!enc) { -- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; -- else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; -- } -- if (enc) idea_set_encrypt_key(key,ctx->cipher_data); -- else -- { -- IDEA_KEY_SCHEDULE tmp; -+ const unsigned char *iv, int enc) -+{ -+ if (!enc) { -+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) -+ enc = 1; -+ else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) -+ enc = 1; -+ } -+ if (enc) -+ idea_set_encrypt_key(key, ctx->cipher_data); -+ else { -+ IDEA_KEY_SCHEDULE tmp; - -- idea_set_encrypt_key(key,&tmp); -- idea_set_decrypt_key(&tmp,ctx->cipher_data); -- OPENSSL_cleanse((unsigned char *)&tmp, -- sizeof(IDEA_KEY_SCHEDULE)); -- } -- return 1; -- } -+ idea_set_encrypt_key(key, &tmp); -+ idea_set_decrypt_key(&tmp, ctx->cipher_data); -+ OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); -+ } -+ return 1; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c -index 0872d73..13e359c 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_null.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_null.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,41 +62,39 @@ - #include - - static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); - static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl); --static const EVP_CIPHER n_cipher= -- { -- NID_undef, -- 1,0,0, -- EVP_CIPH_FLAG_FIPS, -- null_init_key, -- null_cipher, -- NULL, -- 0, -- NULL, -- NULL, -- NULL, -- NULL -- }; -+ const unsigned char *in, unsigned int inl); -+static const EVP_CIPHER n_cipher = { -+ NID_undef, -+ 1, 0, 0, -+ EVP_CIPH_FLAG_FIPS, -+ null_init_key, -+ null_cipher, -+ NULL, -+ 0, -+ NULL, -+ NULL, -+ NULL, -+ NULL -+}; - - const EVP_CIPHER *EVP_enc_null(void) -- { -- return(&n_cipher); -- } -+{ -+ return (&n_cipher); -+} - - static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- /* memset(&(ctx->c),0,sizeof(ctx->c));*/ -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+ /* memset(&(ctx->c),0,sizeof(ctx->c)); */ -+ return 1; -+} - - static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { -- if (in != out) -- memcpy((char *)out,(const char *)in,(size_t)inl); -- return 1; -- } -- -+ const unsigned char *in, unsigned int inl) -+{ -+ if (in != out) -+ memcpy((char *)out, (const char *)in, (size_t)inl); -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c -index 1642af4..c93f5a5 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_old.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_old.c -@@ -1,6 +1,7 @@ - /* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,66 +61,104 @@ - static void *dummy = &dummy; - #else - --#include -+# include - --/* Define some deprecated functions, so older programs -- don't crash and burn too quickly. On Windows and VMS, -- these will never be used, since functions and variables -- in shared libraries are selected by entry point location, -- not by name. */ -+/* -+ * Define some deprecated functions, so older programs don't crash and burn -+ * too quickly. On Windows and VMS, these will never be used, since -+ * functions and variables in shared libraries are selected by entry point -+ * location, not by name. -+ */ - --#ifndef OPENSSL_NO_BF --#undef EVP_bf_cfb -+# ifndef OPENSSL_NO_BF -+# undef EVP_bf_cfb - const EVP_CIPHER *EVP_bf_cfb(void); --const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } --#endif -+const EVP_CIPHER *EVP_bf_cfb(void) -+{ -+ return EVP_bf_cfb64(); -+} -+# endif - --#ifndef OPENSSL_NO_DES --#undef EVP_des_cfb -+# ifndef OPENSSL_NO_DES -+# undef EVP_des_cfb - const EVP_CIPHER *EVP_des_cfb(void); --const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } --#undef EVP_des_ede3_cfb -+const EVP_CIPHER *EVP_des_cfb(void) -+{ -+ return EVP_des_cfb64(); -+} -+ -+# undef EVP_des_ede3_cfb - const EVP_CIPHER *EVP_des_ede3_cfb(void); --const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } --#undef EVP_des_ede_cfb -+const EVP_CIPHER *EVP_des_ede3_cfb(void) -+{ -+ return EVP_des_ede3_cfb64(); -+} -+ -+# undef EVP_des_ede_cfb - const EVP_CIPHER *EVP_des_ede_cfb(void); --const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } --#endif -+const EVP_CIPHER *EVP_des_ede_cfb(void) -+{ -+ return EVP_des_ede_cfb64(); -+} -+# endif - --#ifndef OPENSSL_NO_IDEA --#undef EVP_idea_cfb -+# ifndef OPENSSL_NO_IDEA -+# undef EVP_idea_cfb - const EVP_CIPHER *EVP_idea_cfb(void); --const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } --#endif -+const EVP_CIPHER *EVP_idea_cfb(void) -+{ -+ return EVP_idea_cfb64(); -+} -+# endif - --#ifndef OPENSSL_NO_RC2 --#undef EVP_rc2_cfb -+# ifndef OPENSSL_NO_RC2 -+# undef EVP_rc2_cfb - const EVP_CIPHER *EVP_rc2_cfb(void); --const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } --#endif -+const EVP_CIPHER *EVP_rc2_cfb(void) -+{ -+ return EVP_rc2_cfb64(); -+} -+# endif - --#ifndef OPENSSL_NO_CAST --#undef EVP_cast5_cfb -+# ifndef OPENSSL_NO_CAST -+# undef EVP_cast5_cfb - const EVP_CIPHER *EVP_cast5_cfb(void); --const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } --#endif -+const EVP_CIPHER *EVP_cast5_cfb(void) -+{ -+ return EVP_cast5_cfb64(); -+} -+# endif - --#ifndef OPENSSL_NO_RC5 --#undef EVP_rc5_32_12_16_cfb -+# ifndef OPENSSL_NO_RC5 -+# undef EVP_rc5_32_12_16_cfb - const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); --const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } --#endif -+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) -+{ -+ return EVP_rc5_32_12_16_cfb64(); -+} -+# endif - --#ifndef OPENSSL_NO_AES --#undef EVP_aes_128_cfb -+# ifndef OPENSSL_NO_AES -+# undef EVP_aes_128_cfb - const EVP_CIPHER *EVP_aes_128_cfb(void); --const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } --#undef EVP_aes_192_cfb -+const EVP_CIPHER *EVP_aes_128_cfb(void) -+{ -+ return EVP_aes_128_cfb128(); -+} -+ -+# undef EVP_aes_192_cfb - const EVP_CIPHER *EVP_aes_192_cfb(void); --const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } --#undef EVP_aes_256_cfb -+const EVP_CIPHER *EVP_aes_192_cfb(void) -+{ -+ return EVP_aes_192_cfb128(); -+} -+ -+# undef EVP_aes_256_cfb - const EVP_CIPHER *EVP_aes_256_cfb(void); --const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } --#endif -+const EVP_CIPHER *EVP_aes_256_cfb(void) -+{ -+ return EVP_aes_256_cfb128(); -+} -+# endif - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c -index d37726f..2990f91 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,172 +61,170 @@ - - #ifndef OPENSSL_NO_RC2 - --#include --#include --#include "evp_locl.h" --#include -+# include -+# include -+# include "evp_locl.h" -+# include - - static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); - static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); - static int rc2_magic_to_meth(int i); - static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - --typedef struct -- { -- int key_bits; /* effective key bits */ -- RC2_KEY ks; /* key schedule */ -- } EVP_RC2_KEY; -+typedef struct { -+ int key_bits; /* effective key bits */ -+ RC2_KEY ks; /* key schedule */ -+} EVP_RC2_KEY; - --#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) -+# define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) - - IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, -- 8, -- RC2_KEY_LENGTH, 8, 64, -- EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, -- rc2_init_key, NULL, -- rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, -- rc2_ctrl) -- --#define RC2_40_MAGIC 0xa0 --#define RC2_64_MAGIC 0x78 --#define RC2_128_MAGIC 0x3a -- --static const EVP_CIPHER r2_64_cbc_cipher= -- { -- NID_rc2_64_cbc, -- 8,8 /* 64 bit */,8, -- EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, -- rc2_init_key, -- rc2_cbc_cipher, -- NULL, -- sizeof(EVP_RC2_KEY), -- rc2_set_asn1_type_and_iv, -- rc2_get_asn1_type_and_iv, -- rc2_ctrl, -- NULL -- }; -- --static const EVP_CIPHER r2_40_cbc_cipher= -- { -- NID_rc2_40_cbc, -- 8,5 /* 40 bit */,8, -- EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, -- rc2_init_key, -- rc2_cbc_cipher, -- NULL, -- sizeof(EVP_RC2_KEY), -- rc2_set_asn1_type_and_iv, -- rc2_get_asn1_type_and_iv, -- rc2_ctrl, -- NULL -- }; -+ 8, -+ RC2_KEY_LENGTH, 8, 64, -+ EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, -+ rc2_init_key, NULL, -+ rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, -+ rc2_ctrl) -+# define RC2_40_MAGIC 0xa0 -+# define RC2_64_MAGIC 0x78 -+# define RC2_128_MAGIC 0x3a -+static const EVP_CIPHER r2_64_cbc_cipher = { -+ NID_rc2_64_cbc, -+ 8, 8 /* 64 bit */ , 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, -+ rc2_init_key, -+ rc2_cbc_cipher, -+ NULL, -+ sizeof(EVP_RC2_KEY), -+ rc2_set_asn1_type_and_iv, -+ rc2_get_asn1_type_and_iv, -+ rc2_ctrl, -+ NULL -+}; -+ -+static const EVP_CIPHER r2_40_cbc_cipher = { -+ NID_rc2_40_cbc, -+ 8, 5 /* 40 bit */ , 8, -+ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, -+ rc2_init_key, -+ rc2_cbc_cipher, -+ NULL, -+ sizeof(EVP_RC2_KEY), -+ rc2_set_asn1_type_and_iv, -+ rc2_get_asn1_type_and_iv, -+ rc2_ctrl, -+ NULL -+}; - - const EVP_CIPHER *EVP_rc2_64_cbc(void) -- { -- return(&r2_64_cbc_cipher); -- } -+{ -+ return (&r2_64_cbc_cipher); -+} - - const EVP_CIPHER *EVP_rc2_40_cbc(void) -- { -- return(&r2_40_cbc_cipher); -- } -- -+{ -+ return (&r2_40_cbc_cipher); -+} -+ - static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), -- key,data(ctx)->key_bits); -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+ RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), -+ key, data(ctx)->key_bits); -+ return 1; -+} - - static int rc2_meth_to_magic(EVP_CIPHER_CTX *e) -- { -- int i; -- -- EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); -- if (i == 128) return(RC2_128_MAGIC); -- else if (i == 64) return(RC2_64_MAGIC); -- else if (i == 40) return(RC2_40_MAGIC); -- else return(0); -- } -+{ -+ int i; -+ -+ EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); -+ if (i == 128) -+ return (RC2_128_MAGIC); -+ else if (i == 64) -+ return (RC2_64_MAGIC); -+ else if (i == 40) -+ return (RC2_40_MAGIC); -+ else -+ return (0); -+} - - static int rc2_magic_to_meth(int i) -- { -- if (i == RC2_128_MAGIC) return 128; -- else if (i == RC2_64_MAGIC) return 64; -- else if (i == RC2_40_MAGIC) return 40; -- else -- { -- EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE); -- return(0); -- } -- } -+{ -+ if (i == RC2_128_MAGIC) -+ return 128; -+ else if (i == RC2_64_MAGIC) -+ return 64; -+ else if (i == RC2_40_MAGIC) -+ return 40; -+ else { -+ EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE); -+ return (0); -+ } -+} - - static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -- { -- long num=0; -- int i=0; -- int key_bits; -- unsigned int l; -- unsigned char iv[EVP_MAX_IV_LENGTH]; -- -- if (type != NULL) -- { -- l=EVP_CIPHER_CTX_iv_length(c); -- OPENSSL_assert(l <= sizeof(iv)); -- i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); -- if (i != (int)l) -- return(-1); -- key_bits =rc2_magic_to_meth((int)num); -- if (!key_bits) -- return(-1); -- if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); -- EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); -- EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); -- } -- return(i); -- } -+{ -+ long num = 0; -+ int i = 0; -+ int key_bits; -+ unsigned int l; -+ unsigned char iv[EVP_MAX_IV_LENGTH]; -+ -+ if (type != NULL) { -+ l = EVP_CIPHER_CTX_iv_length(c); -+ OPENSSL_assert(l <= sizeof(iv)); -+ i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); -+ if (i != (int)l) -+ return (-1); -+ key_bits = rc2_magic_to_meth((int)num); -+ if (!key_bits) -+ return (-1); -+ if (i > 0) -+ EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); -+ EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); -+ EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); -+ } -+ return (i); -+} - - static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -- { -- long num; -- int i=0,j; -- -- if (type != NULL) -- { -- num=rc2_meth_to_magic(c); -- j=EVP_CIPHER_CTX_iv_length(c); -- i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j); -- } -- return(i); -- } -+{ -+ long num; -+ int i = 0, j; -+ -+ if (type != NULL) { -+ num = rc2_meth_to_magic(c); -+ j = EVP_CIPHER_CTX_iv_length(c); -+ i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); -+ } -+ return (i); -+} - - static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -- { -- switch(type) -- { -- case EVP_CTRL_INIT: -- data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; -- return 1; -- -- case EVP_CTRL_GET_RC2_KEY_BITS: -- *(int *)ptr = data(c)->key_bits; -- return 1; -- -- case EVP_CTRL_SET_RC2_KEY_BITS: -- if(arg > 0) -- { -- data(c)->key_bits = arg; -- return 1; -- } -- return 0; -- -- default: -- return -1; -- } -- } -+{ -+ switch (type) { -+ case EVP_CTRL_INIT: -+ data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; -+ return 1; -+ -+ case EVP_CTRL_GET_RC2_KEY_BITS: -+ *(int *)ptr = data(c)->key_bits; -+ return 1; -+ -+ case EVP_CTRL_SET_RC2_KEY_BITS: -+ if (arg > 0) { -+ data(c)->key_bits = arg; -+ return 1; -+ } -+ return 0; -+ -+ default: -+ return -1; -+ } -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c -index 55baad7..544cc25 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,77 +61,73 @@ - - #ifndef OPENSSL_NO_RC4 - --#include --#include --#include --#include "evp_locl.h" -+# include -+# include -+# include -+# include "evp_locl.h" - - /* FIXME: surely this is available elsewhere? */ --#define EVP_RC4_KEY_SIZE 16 -+# define EVP_RC4_KEY_SIZE 16 - --typedef struct -- { -- RC4_KEY ks; /* working key */ -- } EVP_RC4_KEY; -+typedef struct { -+ RC4_KEY ks; /* working key */ -+} EVP_RC4_KEY; - --#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) -+# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) - - static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); - static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl); --static const EVP_CIPHER r4_cipher= -- { -- NID_rc4, -- 1,EVP_RC4_KEY_SIZE,0, -- EVP_CIPH_VARIABLE_LENGTH, -- rc4_init_key, -- rc4_cipher, -- NULL, -- sizeof(EVP_RC4_KEY), -- NULL, -- NULL, -- NULL, -- NULL -- }; -+ const unsigned char *in, unsigned int inl); -+static const EVP_CIPHER r4_cipher = { -+ NID_rc4, -+ 1, EVP_RC4_KEY_SIZE, 0, -+ EVP_CIPH_VARIABLE_LENGTH, -+ rc4_init_key, -+ rc4_cipher, -+ NULL, -+ sizeof(EVP_RC4_KEY), -+ NULL, -+ NULL, -+ NULL, -+ NULL -+}; - --static const EVP_CIPHER r4_40_cipher= -- { -- NID_rc4_40, -- 1,5 /* 40 bit */,0, -- EVP_CIPH_VARIABLE_LENGTH, -- rc4_init_key, -- rc4_cipher, -- NULL, -- sizeof(EVP_RC4_KEY), -- NULL, -- NULL, -- NULL, -- NULL -- }; -+static const EVP_CIPHER r4_40_cipher = { -+ NID_rc4_40, -+ 1, 5 /* 40 bit */ , 0, -+ EVP_CIPH_VARIABLE_LENGTH, -+ rc4_init_key, -+ rc4_cipher, -+ NULL, -+ sizeof(EVP_RC4_KEY), -+ NULL, -+ NULL, -+ NULL, -+ NULL -+}; - - const EVP_CIPHER *EVP_rc4(void) -- { -- return(&r4_cipher); -- } -+{ -+ return (&r4_cipher); -+} - - const EVP_CIPHER *EVP_rc4_40(void) -- { -- return(&r4_40_cipher); -- } -+{ -+ return (&r4_40_cipher); -+} - - static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), -- key); -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+ RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); -+ return 1; -+} - - static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { -- RC4(&data(ctx)->ks,inl,in,out); -- return 1; -- } -+ const unsigned char *in, unsigned int inl) -+{ -+ RC4(&data(ctx)->ks, inl, in, out); -+ return 1; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c -index 19a10c6..f17e99d 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,66 +61,62 @@ - - #ifndef OPENSSL_NO_RC5 - --#include --#include --#include "evp_locl.h" --#include -+# include -+# include -+# include "evp_locl.h" -+# include - - static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); - static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - --typedef struct -- { -- int rounds; /* number of rounds */ -- RC5_32_KEY ks; /* key schedule */ -- } EVP_RC5_KEY; -+typedef struct { -+ int rounds; /* number of rounds */ -+ RC5_32_KEY ks; /* key schedule */ -+} EVP_RC5_KEY; - --#define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) -+# define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) - - IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, -- 8, RC5_32_KEY_LENGTH, 8, 64, -- EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, -- r_32_12_16_init_key, NULL, -- NULL, NULL, rc5_ctrl) -+ 8, RC5_32_KEY_LENGTH, 8, 64, -+ EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, -+ r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl) - - static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -- { -- switch(type) -- { -- case EVP_CTRL_INIT: -- data(c)->rounds = RC5_12_ROUNDS; -- return 1; -+{ -+ switch (type) { -+ case EVP_CTRL_INIT: -+ data(c)->rounds = RC5_12_ROUNDS; -+ return 1; -+ -+ case EVP_CTRL_GET_RC5_ROUNDS: -+ *(int *)ptr = data(c)->rounds; -+ return 1; - -- case EVP_CTRL_GET_RC5_ROUNDS: -- *(int *)ptr = data(c)->rounds; -- return 1; -- -- case EVP_CTRL_SET_RC5_ROUNDS: -- switch(arg) -- { -- case RC5_8_ROUNDS: -- case RC5_12_ROUNDS: -- case RC5_16_ROUNDS: -- data(c)->rounds = arg; -- return 1; -+ case EVP_CTRL_SET_RC5_ROUNDS: -+ switch (arg) { -+ case RC5_8_ROUNDS: -+ case RC5_12_ROUNDS: -+ case RC5_16_ROUNDS: -+ data(c)->rounds = arg; -+ return 1; - -- default: -- EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); -- return 0; -- } -+ default: -+ EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); -+ return 0; -+ } - -- default: -- return -1; -- } -- } -+ default: -+ return -1; -+ } -+} - - static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), -- key,data(ctx)->rounds); -- return 1; -- } -+ const unsigned char *iv, int enc) -+{ -+ RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), -+ key, data(ctx)->rounds); -+ return 1; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c -index 8832da2..105967f 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c -+++ b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,65 +61,60 @@ - - #ifndef OPENSSL_NO_DES - --#include --#include --#include -+# include -+# include -+# include - - static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv,int enc); -+ const unsigned char *iv, int enc); - static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl); -- -+ const unsigned char *in, unsigned int inl); - --typedef struct -- { -- DES_key_schedule ks;/* key schedule */ -+typedef struct { -+ DES_key_schedule ks; /* key schedule */ - DES_cblock inw; - DES_cblock outw; -- } DESX_CBC_KEY; -+} DESX_CBC_KEY; - --#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) -+# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) - --static const EVP_CIPHER d_xcbc_cipher= -- { -- NID_desx_cbc, -- 8,24,8, -- EVP_CIPH_CBC_MODE, -- desx_cbc_init_key, -- desx_cbc_cipher, -- NULL, -- sizeof(DESX_CBC_KEY), -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- NULL, -- NULL -- }; -+static const EVP_CIPHER d_xcbc_cipher = { -+ NID_desx_cbc, -+ 8, 24, 8, -+ EVP_CIPH_CBC_MODE, -+ desx_cbc_init_key, -+ desx_cbc_cipher, -+ NULL, -+ sizeof(DESX_CBC_KEY), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL, -+ NULL -+}; - - const EVP_CIPHER *EVP_desx_cbc(void) -- { -- return(&d_xcbc_cipher); -- } -- -+{ -+ return (&d_xcbc_cipher); -+} -+ - static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { -- DES_cblock *deskey = (DES_cblock *)key; -+ const unsigned char *iv, int enc) -+{ -+ DES_cblock *deskey = (DES_cblock *)key; - -- DES_set_key_unchecked(deskey,&data(ctx)->ks); -- memcpy(&data(ctx)->inw[0],&key[8],8); -- memcpy(&data(ctx)->outw[0],&key[16],8); -+ DES_set_key_unchecked(deskey, &data(ctx)->ks); -+ memcpy(&data(ctx)->inw[0], &key[8], 8); -+ memcpy(&data(ctx)->outw[0], &key[16], 8); - -- return 1; -- } -+ return 1; -+} - - static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { -- DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks, -- (DES_cblock *)&(ctx->iv[0]), -- &data(ctx)->inw, -- &data(ctx)->outw, -- ctx->encrypt); -- return 1; -- } -+ const unsigned char *in, unsigned int inl) -+{ -+ DES_xcbc_encrypt(in, out, inl, &data(ctx)->ks, -+ (DES_cblock *)&(ctx->iv[0]), -+ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); -+ return 1; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c -index a8c176f..77e0126 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/enc_min.c -+++ b/Cryptlib/OpenSSL/crypto/evp/enc_min.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,330 +62,349 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include "evp_locl.h" - - void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) -- { -+{ - #ifdef OPENSSL_FIPS -- FIPS_selftest_check(); -+ FIPS_selftest_check(); - #endif -- memset(ctx,0,sizeof(EVP_CIPHER_CTX)); -- /* ctx->cipher=NULL; */ -- } -+ memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); -+ /* ctx->cipher=NULL; */ -+} - - #ifdef OPENSSL_FIPS - --/* The purpose of these is to trap programs that attempt to use non FIPS -+/* -+ * The purpose of these is to trap programs that attempt to use non FIPS - * algorithms in FIPS mode and ignore the errors. - */ - - static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, -- const unsigned char *iv, int enc) -- { FIPS_ERROR_IGNORED("Cipher init"); return 0;} -+ const unsigned char *iv, int enc) -+{ -+ FIPS_ERROR_IGNORED("Cipher init"); -+ return 0; -+} - - static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -- { FIPS_ERROR_IGNORED("Cipher update"); return 0;} -+ const unsigned char *in, unsigned int inl) -+{ -+ FIPS_ERROR_IGNORED("Cipher update"); -+ return 0; -+} - - /* NB: no cleanup because it is allowed after failed init */ - - static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) -- { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} -+{ -+ FIPS_ERROR_IGNORED("Cipher set_asn1"); -+ return 0; -+} -+ - static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) -- { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} -+{ -+ FIPS_ERROR_IGNORED("Cipher get_asn1"); -+ return 0; -+} -+ - static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -- { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} -- --static const EVP_CIPHER bad_cipher = -- { -- 0, -- 0, -- 0, -- 0, -- 0, -- bad_init, -- bad_do_cipher, -- NULL, -- 0, -- bad_set_asn1, -- bad_get_asn1, -- bad_ctrl, -- NULL -- }; -+{ -+ FIPS_ERROR_IGNORED("Cipher ctrl"); -+ return 0; -+} -+ -+static const EVP_CIPHER bad_cipher = { -+ 0, -+ 0, -+ 0, -+ 0, -+ 0, -+ bad_init, -+ bad_do_cipher, -+ NULL, -+ 0, -+ bad_set_asn1, -+ bad_get_asn1, -+ bad_ctrl, -+ NULL -+}; - - #endif - - #ifndef OPENSSL_NO_ENGINE - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS -+ -+static int do_engine_null(ENGINE *impl) -+{ -+ return 0; -+} - --static int do_engine_null(ENGINE *impl) { return 0;} - static int do_evp_enc_engine_null(EVP_CIPHER_CTX *ctx, -- const EVP_CIPHER **pciph, ENGINE *impl) -- { return 1; } -+ const EVP_CIPHER **pciph, ENGINE *impl) -+{ -+ return 1; -+} - --static int (*do_engine_finish)(ENGINE *impl) -- = do_engine_null; -+static int (*do_engine_finish) (ENGINE *impl) -+ = do_engine_null; - - static int (*do_evp_enc_engine) -- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl) -- = do_evp_enc_engine_null; -- --void int_EVP_CIPHER_set_engine_callbacks( -- int (*eng_ciph_fin)(ENGINE *impl), -- int (*eng_ciph_evp) -- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)) -- { -- do_engine_finish = eng_ciph_fin; -- do_evp_enc_engine = eng_ciph_evp; -- } -- --#else -- --#define do_engine_finish ENGINE_finish -- --static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) -- { -- if(impl) -- { -- if (!ENGINE_init(impl)) -- { -- EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- } -- else -- /* Ask if an ENGINE is reserved for this job */ -- impl = ENGINE_get_cipher_engine((*pcipher)->nid); -- if(impl) -- { -- /* There's an ENGINE for this job ... (apparently) */ -- const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); -- if(!c) -- { -- /* One positive side-effect of US's export -- * control history, is that we should at least -- * be able to avoid using US mispellings of -- * "initialisation"? */ -- EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- /* We'll use the ENGINE's private cipher definition */ -- *pcipher = c; -- /* Store the ENGINE functional reference so we know -- * 'cipher' came from an ENGINE and we need to release -- * it when done. */ -- ctx->engine = impl; -- } -- else -- ctx->engine = NULL; -- return 1; -- } -+ (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl) -+ = do_evp_enc_engine_null; -+ -+void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl), -+ int (*eng_ciph_evp) -+ (EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER **pciph, -+ ENGINE *impl)) -+{ -+ do_engine_finish = eng_ciph_fin; -+ do_evp_enc_engine = eng_ciph_evp; -+} - --#endif -+# else -+ -+# define do_engine_finish ENGINE_finish -+ -+static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, -+ ENGINE *impl) -+{ -+ if (impl) { -+ if (!ENGINE_init(impl)) { -+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); -+ return 0; -+ } -+ } else -+ /* Ask if an ENGINE is reserved for this job */ -+ impl = ENGINE_get_cipher_engine((*pcipher)->nid); -+ if (impl) { -+ /* There's an ENGINE for this job ... (apparently) */ -+ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); -+ if (!c) { -+ /* -+ * One positive side-effect of US's export control history, is -+ * that we should at least be able to avoid using US mispellings -+ * of "initialisation"? -+ */ -+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); -+ return 0; -+ } -+ /* We'll use the ENGINE's private cipher definition */ -+ *pcipher = c; -+ /* -+ * Store the ENGINE functional reference so we know 'cipher' came -+ * from an ENGINE and we need to release it when done. -+ */ -+ ctx->engine = impl; -+ } else -+ ctx->engine = NULL; -+ return 1; -+} -+ -+# endif - - #endif - --int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key, const unsigned char *iv, int enc) -- { -- if (enc == -1) -- enc = ctx->encrypt; -- else -- { -- if (enc) -- enc = 1; -- ctx->encrypt = enc; -- } -+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv, int enc) -+{ -+ if (enc == -1) -+ enc = ctx->encrypt; -+ else { -+ if (enc) -+ enc = 1; -+ ctx->encrypt = enc; -+ } - #ifdef OPENSSL_FIPS -- if(FIPS_selftest_failed()) -- { -- FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); -- ctx->cipher = &bad_cipher; -- return 0; -- } -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); -+ ctx->cipher = &bad_cipher; -+ return 0; -+ } - #endif - #ifndef OPENSSL_NO_ENGINE -- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts -- * so this context may already have an ENGINE! Try to avoid releasing -- * the previous handle, re-querying for an ENGINE, and having a -- * reinitialisation, when it may all be unecessary. */ -- if (ctx->engine && ctx->cipher && (!cipher || -- (cipher && (cipher->nid == ctx->cipher->nid)))) -- goto skip_to_init; -+ /* -+ * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -+ * this context may already have an ENGINE! Try to avoid releasing the -+ * previous handle, re-querying for an ENGINE, and having a -+ * reinitialisation, when it may all be unecessary. -+ */ -+ if (ctx->engine && ctx->cipher && (!cipher || -+ (cipher -+ && (cipher->nid == -+ ctx->cipher->nid)))) -+ goto skip_to_init; - #endif -- if (cipher) -- { -- /* Ensure a context left lying around from last time is cleared -- * (the previous check attempted to avoid this if the same -- * ENGINE and EVP_CIPHER could be used). */ -- EVP_CIPHER_CTX_cleanup(ctx); -- -- /* Restore encrypt field: it is zeroed by cleanup */ -- ctx->encrypt = enc; -+ if (cipher) { -+ /* -+ * Ensure a context left lying around from last time is cleared (the -+ * previous check attempted to avoid this if the same ENGINE and -+ * EVP_CIPHER could be used). -+ */ -+ EVP_CIPHER_CTX_cleanup(ctx); -+ -+ /* Restore encrypt field: it is zeroed by cleanup */ -+ ctx->encrypt = enc; - #ifndef OPENSSL_NO_ENGINE -- if (!do_evp_enc_engine(ctx, &cipher, impl)) -- return 0; -+ if (!do_evp_enc_engine(ctx, &cipher, impl)) -+ return 0; - #endif - -- ctx->cipher=cipher; -- if (ctx->cipher->ctx_size) -- { -- ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); -- if (!ctx->cipher_data) -- { -- EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- else -- { -- ctx->cipher_data = NULL; -- } -- ctx->key_len = cipher->key_len; -- ctx->flags = 0; -- if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) -- { -- if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) -- { -- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- } -- } -- else if(!ctx->cipher) -- { -- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); -- return 0; -- } -+ ctx->cipher = cipher; -+ if (ctx->cipher->ctx_size) { -+ ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); -+ if (!ctx->cipher_data) { -+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } else { -+ ctx->cipher_data = NULL; -+ } -+ ctx->key_len = cipher->key_len; -+ ctx->flags = 0; -+ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { -+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); -+ return 0; -+ } -+ } -+ } else if (!ctx->cipher) { -+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); -+ return 0; -+ } - #ifndef OPENSSL_NO_ENGINE --skip_to_init: -+ skip_to_init: - #endif -- /* we assume block size is a power of 2 in *cryptUpdate */ -- OPENSSL_assert(ctx->cipher->block_size == 1 -- || ctx->cipher->block_size == 8 -- || ctx->cipher->block_size == 16); -- -- if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { -- switch(EVP_CIPHER_CTX_mode(ctx)) { -- -- case EVP_CIPH_STREAM_CIPHER: -- case EVP_CIPH_ECB_MODE: -- break; -- -- case EVP_CIPH_CFB_MODE: -- case EVP_CIPH_OFB_MODE: -- -- ctx->num = 0; -- /* fall-through */ -- -- case EVP_CIPH_CBC_MODE: -- -- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= -- (int)sizeof(ctx->iv)); -- if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); -- memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); -- break; -- -- default: -- return 0; -- break; -- } -- } -- -+ /* we assume block size is a power of 2 in *cryptUpdate */ -+ OPENSSL_assert(ctx->cipher->block_size == 1 -+ || ctx->cipher->block_size == 8 -+ || ctx->cipher->block_size == 16); -+ -+ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { -+ switch (EVP_CIPHER_CTX_mode(ctx)) { -+ -+ case EVP_CIPH_STREAM_CIPHER: -+ case EVP_CIPH_ECB_MODE: -+ break; -+ -+ case EVP_CIPH_CFB_MODE: -+ case EVP_CIPH_OFB_MODE: -+ -+ ctx->num = 0; -+ /* fall-through */ -+ -+ case EVP_CIPH_CBC_MODE: -+ -+ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= -+ (int)sizeof(ctx->iv)); -+ if (iv) -+ memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); -+ memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); -+ break; -+ -+ default: -+ return 0; -+ break; -+ } -+ } - #ifdef OPENSSL_FIPS -- /* After 'key' is set no further parameters changes are permissible. -- * So only check for non FIPS enabling at this point. -- */ -- if (key && FIPS_mode()) -- { -- if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) -- & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) -- { -- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); --#if 0 -- ERR_add_error_data(2, "cipher=", -- EVP_CIPHER_name(ctx->cipher)); --#endif -- ctx->cipher = &bad_cipher; -- return 0; -- } -- } -+ /* -+ * After 'key' is set no further parameters changes are permissible. So -+ * only check for non FIPS enabling at this point. -+ */ -+ if (key && FIPS_mode()) { -+ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) -+ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { -+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); -+# if 0 -+ ERR_add_error_data(2, "cipher=", EVP_CIPHER_name(ctx->cipher)); -+# endif -+ ctx->cipher = &bad_cipher; -+ return 0; -+ } -+ } - #endif - -- if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { -- if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; -- } -- ctx->buf_len=0; -- ctx->final_used=0; -- ctx->block_mask=ctx->cipher->block_size-1; -- return 1; -- } -+ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { -+ if (!ctx->cipher->init(ctx, key, iv, enc)) -+ return 0; -+ } -+ ctx->buf_len = 0; -+ ctx->final_used = 0; -+ ctx->block_mask = ctx->cipher->block_size - 1; -+ return 1; -+} - - int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) -- { -- if (c->cipher != NULL) -- { -- if(c->cipher->cleanup && !c->cipher->cleanup(c)) -- return 0; -- /* Cleanse cipher context data */ -- if (c->cipher_data) -- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); -- } -- if (c->cipher_data) -- OPENSSL_free(c->cipher_data); -+{ -+ if (c->cipher != NULL) { -+ if (c->cipher->cleanup && !c->cipher->cleanup(c)) -+ return 0; -+ /* Cleanse cipher context data */ -+ if (c->cipher_data) -+ OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); -+ } -+ if (c->cipher_data) -+ OPENSSL_free(c->cipher_data); - #ifndef OPENSSL_NO_ENGINE -- if (c->engine) -- /* The EVP_CIPHER we used belongs to an ENGINE, release the -- * functional reference we held for this reason. */ -- do_engine_finish(c->engine); -+ if (c->engine) -+ /* -+ * The EVP_CIPHER we used belongs to an ENGINE, release the -+ * functional reference we held for this reason. -+ */ -+ do_engine_finish(c->engine); - #endif -- memset(c,0,sizeof(EVP_CIPHER_CTX)); -- return 1; -- } -+ memset(c, 0, sizeof(EVP_CIPHER_CTX)); -+ return 1; -+} - --int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) -- { -+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, unsigned int inl) -+{ - #ifdef OPENSSL_FIPS -- FIPS_selftest_check(); -+ FIPS_selftest_check(); - #endif -- return ctx->cipher->do_cipher(ctx,out,in,inl); -- } -+ return ctx->cipher->do_cipher(ctx, out, in, inl); -+} - - int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) - { -- int ret; -- if(!ctx->cipher) { -- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); -- return 0; -- } -- -- if(!ctx->cipher->ctrl) { -- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); -- return 0; -- } -- -- ret = ctx->cipher->ctrl(ctx, type, arg, ptr); -- if(ret == -1) { -- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); -- return 0; -- } -- return ret; -+ int ret; -+ if (!ctx->cipher) { -+ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); -+ return 0; -+ } -+ -+ if (!ctx->cipher->ctrl) { -+ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); -+ return 0; -+ } -+ -+ ret = ctx->cipher->ctrl(ctx, type, arg, ptr); -+ if (ret == -1) { -+ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, -+ EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); -+ return 0; -+ } -+ return ret; - } - - unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) -- { -- return ctx->cipher->flags; -- } -+{ -+ return ctx->cipher->flags; -+} - - int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) -- { -- return ctx->cipher->iv_len; -- } -+{ -+ return ctx->cipher->iv_len; -+} - - int EVP_CIPHER_nid(const EVP_CIPHER *cipher) -- { -- return cipher->nid; -- } -+{ -+ return cipher->nid; -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c -index 69f7cca..9bdcd57 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/encode.c -+++ b/Cryptlib/OpenSSL/crypto/evp/encode.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,20 +61,21 @@ - #include - - #ifndef CHARSET_EBCDIC --#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) --#define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) -+# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -+# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) - #else --/* We assume that PEM encoded files are EBCDIC files -- * (i.e., printable text files). Convert them here while decoding. -- * When encoding, output is EBCDIC (text) format again. -- * (No need for conversion in the conv_bin2ascii macro, as the -- * underlying textstring data_bin2ascii[] is already EBCDIC) -+/* -+ * We assume that PEM encoded files are EBCDIC files (i.e., printable text -+ * files). Convert them here while decoding. When encoding, output is EBCDIC -+ * (text) format again. (No need for conversion in the conv_bin2ascii macro, -+ * as the underlying textstring data_bin2ascii[] is already EBCDIC) - */ --#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) --#define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) -+# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -+# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) - #endif - --/* 64 char lines -+/*- -+ * 64 char lines - * pad input with 0 - * left over chars are set to = - * 1 byte => xx== -@@ -85,362 +86,367 @@ - #define CHUNKS_PER_LINE (64/4) - #define CHAR_PER_LINE (64+1) - --static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ -+static unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\ - abcdefghijklmnopqrstuvwxyz0123456789+/"; - --/* 0xF0 is a EOLN -+/*- -+ * 0xF0 is a EOLN - * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing). - * 0xF2 is EOF - * 0xE0 is ignore at start of line. - * 0xFF is error - */ - --#define B64_EOLN 0xF0 --#define B64_CR 0xF1 --#define B64_EOF 0xF2 --#define B64_WS 0xE0 --#define B64_ERROR 0xFF --#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) -- --static unsigned char data_ascii2bin[128]={ -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF, -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- 0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -- 0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F, -- 0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B, -- 0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF, -- 0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06, -- 0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E, -- 0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16, -- 0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF, -- 0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20, -- 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28, -- 0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30, -- 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, -- }; -+#define B64_EOLN 0xF0 -+#define B64_CR 0xF1 -+#define B64_EOF 0xF2 -+#define B64_WS 0xE0 -+#define B64_ERROR 0xFF -+#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) -+ -+static unsigned char data_ascii2bin[128] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F, -+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, -+ 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, -+ 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, -+ 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, -+ 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, -+ 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, -+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, -+ 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, -+ 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+}; - - void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) -- { -- ctx->length=48; -- ctx->num=0; -- ctx->line_num=0; -- } -+{ -+ ctx->length = 48; -+ ctx->num = 0; -+ ctx->line_num = 0; -+} - - void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -- const unsigned char *in, int inl) -- { -- int i,j; -- unsigned int total=0; -- -- *outl=0; -- if (inl == 0) return; -- OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); -- if ((ctx->num+inl) < ctx->length) -- { -- memcpy(&(ctx->enc_data[ctx->num]),in,inl); -- ctx->num+=inl; -- return; -- } -- if (ctx->num != 0) -- { -- i=ctx->length-ctx->num; -- memcpy(&(ctx->enc_data[ctx->num]),in,i); -- in+=i; -- inl-=i; -- j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length); -- ctx->num=0; -- out+=j; -- *(out++)='\n'; -- *out='\0'; -- total=j+1; -- } -- while (inl >= ctx->length) -- { -- j=EVP_EncodeBlock(out,in,ctx->length); -- in+=ctx->length; -- inl-=ctx->length; -- out+=j; -- *(out++)='\n'; -- *out='\0'; -- total+=j+1; -- } -- if (inl != 0) -- memcpy(&(ctx->enc_data[0]),in,inl); -- ctx->num=inl; -- *outl=total; -- } -+ const unsigned char *in, int inl) -+{ -+ int i, j; -+ unsigned int total = 0; -+ -+ *outl = 0; -+ if (inl == 0) -+ return; -+ OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); -+ if ((ctx->num + inl) < ctx->length) { -+ memcpy(&(ctx->enc_data[ctx->num]), in, inl); -+ ctx->num += inl; -+ return; -+ } -+ if (ctx->num != 0) { -+ i = ctx->length - ctx->num; -+ memcpy(&(ctx->enc_data[ctx->num]), in, i); -+ in += i; -+ inl -= i; -+ j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length); -+ ctx->num = 0; -+ out += j; -+ *(out++) = '\n'; -+ *out = '\0'; -+ total = j + 1; -+ } -+ while (inl >= ctx->length) { -+ j = EVP_EncodeBlock(out, in, ctx->length); -+ in += ctx->length; -+ inl -= ctx->length; -+ out += j; -+ *(out++) = '\n'; -+ *out = '\0'; -+ total += j + 1; -+ } -+ if (inl != 0) -+ memcpy(&(ctx->enc_data[0]), in, inl); -+ ctx->num = inl; -+ *outl = total; -+} - - void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) -- { -- unsigned int ret=0; -- -- if (ctx->num != 0) -- { -- ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num); -- out[ret++]='\n'; -- out[ret]='\0'; -- ctx->num=0; -- } -- *outl=ret; -- } -+{ -+ unsigned int ret = 0; -+ -+ if (ctx->num != 0) { -+ ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num); -+ out[ret++] = '\n'; -+ out[ret] = '\0'; -+ ctx->num = 0; -+ } -+ *outl = ret; -+} - - int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) -- { -- int i,ret=0; -- unsigned long l; -- -- for (i=dlen; i > 0; i-=3) -- { -- if (i >= 3) -- { -- l= (((unsigned long)f[0])<<16L)| -- (((unsigned long)f[1])<< 8L)|f[2]; -- *(t++)=conv_bin2ascii(l>>18L); -- *(t++)=conv_bin2ascii(l>>12L); -- *(t++)=conv_bin2ascii(l>> 6L); -- *(t++)=conv_bin2ascii(l ); -- } -- else -- { -- l=((unsigned long)f[0])<<16L; -- if (i == 2) l|=((unsigned long)f[1]<<8L); -- -- *(t++)=conv_bin2ascii(l>>18L); -- *(t++)=conv_bin2ascii(l>>12L); -- *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L); -- *(t++)='='; -- } -- ret+=4; -- f+=3; -- } -- -- *t='\0'; -- return(ret); -- } -+{ -+ int i, ret = 0; -+ unsigned long l; -+ -+ for (i = dlen; i > 0; i -= 3) { -+ if (i >= 3) { -+ l = (((unsigned long)f[0]) << 16L) | -+ (((unsigned long)f[1]) << 8L) | f[2]; -+ *(t++) = conv_bin2ascii(l >> 18L); -+ *(t++) = conv_bin2ascii(l >> 12L); -+ *(t++) = conv_bin2ascii(l >> 6L); -+ *(t++) = conv_bin2ascii(l); -+ } else { -+ l = ((unsigned long)f[0]) << 16L; -+ if (i == 2) -+ l |= ((unsigned long)f[1] << 8L); -+ -+ *(t++) = conv_bin2ascii(l >> 18L); -+ *(t++) = conv_bin2ascii(l >> 12L); -+ *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L); -+ *(t++) = '='; -+ } -+ ret += 4; -+ f += 3; -+ } -+ -+ *t = '\0'; -+ return (ret); -+} - - void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) -- { -- ctx->length=30; -- ctx->num=0; -- ctx->line_num=0; -- ctx->expect_nl=0; -- } -- --/* -1 for error -+{ -+ ctx->length = 30; -+ ctx->num = 0; -+ ctx->line_num = 0; -+ ctx->expect_nl = 0; -+} -+ -+/*- -+ * -1 for error - * 0 for last line - * 1 for full line - */ - int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -- const unsigned char *in, int inl) -- { -- int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; -- unsigned char *d; -- -- n=ctx->num; -- d=ctx->enc_data; -- ln=ctx->line_num; -- exp_nl=ctx->expect_nl; -- -- /* last line of input. */ -- if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) -- { rv=0; goto end; } -- -- /* We parse the input data */ -- for (i=0; i 80 characters, scream alot */ -- if (ln >= 80) { rv= -1; goto end; } -- -- /* Get char and put it into the buffer */ -- tmp= *(in++); -- v=conv_ascii2bin(tmp); -- /* only save the good data :-) */ -- if (!B64_NOT_BASE64(v)) -- { -- OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); -- d[n++]=tmp; -- ln++; -- } -- else if (v == B64_ERROR) -- { -- rv= -1; -- goto end; -- } -- -- /* have we seen a '=' which is 'definitly' the last -- * input line. seof will point to the character that -- * holds it. and eof will hold how many characters to -- * chop off. */ -- if (tmp == '=') -- { -- if (seof == -1) seof=n; -- eof++; -- } -- -- if (v == B64_CR) -- { -- ln = 0; -- if (exp_nl) -- continue; -- } -- -- /* eoln */ -- if (v == B64_EOLN) -- { -- ln=0; -- if (exp_nl) -- { -- exp_nl=0; -- continue; -- } -- } -- exp_nl=0; -- -- /* If we are at the end of input and it looks like a -- * line, process it. */ -- if (((i+1) == inl) && (((n&3) == 0) || eof)) -- { -- v=B64_EOF; -- /* In case things were given us in really small -- records (so two '=' were given in separate -- updates), eof may contain the incorrect number -- of ending bytes to skip, so let's redo the count */ -- eof = 0; -- if (d[n-1] == '=') eof++; -- if (d[n-2] == '=') eof++; -- /* There will never be more than two '=' */ -- } -- -- if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) -- { -- /* This is needed to work correctly on 64 byte input -- * lines. We process the line and then need to -- * accept the '\n' */ -- if ((v != B64_EOF) && (n >= 64)) exp_nl=1; -- if (n > 0) -- { -- v=EVP_DecodeBlock(out,d,n); -- n=0; -- if (v < 0) { rv=0; goto end; } -- if (eof > v) { rv=-1; goto end; } -- ret+=(v-eof); -- } -- else -- { -- eof=1; -- v=0; -- } -- -- /* This is the case where we have had a short -- * but valid input line */ -- if ((v < ctx->length) && eof) -- { -- rv=0; -- goto end; -- } -- else -- ctx->length=v; -- -- if (seof >= 0) { rv=0; goto end; } -- out+=v; -- } -- } -- rv=1; --end: -- *outl=ret; -- ctx->num=n; -- ctx->line_num=ln; -- ctx->expect_nl=exp_nl; -- return(rv); -- } -+ const unsigned char *in, int inl) -+{ -+ int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl; -+ unsigned char *d; -+ -+ n = ctx->num; -+ d = ctx->enc_data; -+ ln = ctx->line_num; -+ exp_nl = ctx->expect_nl; -+ -+ /* last line of input. */ -+ if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) { -+ rv = 0; -+ goto end; -+ } -+ -+ /* We parse the input data */ -+ for (i = 0; i < inl; i++) { -+ /* If the current line is > 80 characters, scream alot */ -+ if (ln >= 80) { -+ rv = -1; -+ goto end; -+ } -+ -+ /* Get char and put it into the buffer */ -+ tmp = *(in++); -+ v = conv_ascii2bin(tmp); -+ /* only save the good data :-) */ -+ if (!B64_NOT_BASE64(v)) { -+ OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); -+ d[n++] = tmp; -+ ln++; -+ } else if (v == B64_ERROR) { -+ rv = -1; -+ goto end; -+ } -+ -+ /* -+ * have we seen a '=' which is 'definitly' the last input line. seof -+ * will point to the character that holds it. and eof will hold how -+ * many characters to chop off. -+ */ -+ if (tmp == '=') { -+ if (seof == -1) -+ seof = n; -+ eof++; -+ } -+ -+ if (v == B64_CR) { -+ ln = 0; -+ if (exp_nl) -+ continue; -+ } -+ -+ /* eoln */ -+ if (v == B64_EOLN) { -+ ln = 0; -+ if (exp_nl) { -+ exp_nl = 0; -+ continue; -+ } -+ } -+ exp_nl = 0; -+ -+ /* -+ * If we are at the end of input and it looks like a line, process -+ * it. -+ */ -+ if (((i + 1) == inl) && (((n & 3) == 0) || eof)) { -+ v = B64_EOF; -+ /* -+ * In case things were given us in really small records (so two -+ * '=' were given in separate updates), eof may contain the -+ * incorrect number of ending bytes to skip, so let's redo the -+ * count -+ */ -+ eof = 0; -+ if (d[n - 1] == '=') -+ eof++; -+ if (d[n - 2] == '=') -+ eof++; -+ /* There will never be more than two '=' */ -+ } -+ -+ if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) { -+ /* -+ * This is needed to work correctly on 64 byte input lines. We -+ * process the line and then need to accept the '\n' -+ */ -+ if ((v != B64_EOF) && (n >= 64)) -+ exp_nl = 1; -+ if (n > 0) { -+ v = EVP_DecodeBlock(out, d, n); -+ n = 0; -+ if (v < 0) { -+ rv = 0; -+ goto end; -+ } -+ if (eof > v) { -+ rv = -1; -+ goto end; -+ } -+ ret += (v - eof); -+ } else { -+ eof = 1; -+ v = 0; -+ } -+ -+ /* -+ * This is the case where we have had a short but valid input -+ * line -+ */ -+ if ((v < ctx->length) && eof) { -+ rv = 0; -+ goto end; -+ } else -+ ctx->length = v; -+ -+ if (seof >= 0) { -+ rv = 0; -+ goto end; -+ } -+ out += v; -+ } -+ } -+ rv = 1; -+ end: -+ *outl = ret; -+ ctx->num = n; -+ ctx->line_num = ln; -+ ctx->expect_nl = exp_nl; -+ return (rv); -+} - - int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) -- { -- int i,ret=0,a,b,c,d; -- unsigned long l; -- -- /* trim white space from the start of the line. */ -- while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) -- { -- f++; -- n--; -- } -- -- /* strip off stuff at the end of the line -- * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */ -- while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1])))) -- n--; -- -- if (n%4 != 0) return(-1); -- -- for (i=0; i>16L)&0xff; -- *(t++)=(unsigned char)(l>> 8L)&0xff; -- *(t++)=(unsigned char)(l )&0xff; -- ret+=3; -- } -- return(ret); -- } -+{ -+ int i, ret = 0, a, b, c, d; -+ unsigned long l; -+ -+ /* trim white space from the start of the line. */ -+ while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) { -+ f++; -+ n--; -+ } -+ -+ /* -+ * strip off stuff at the end of the line ascii2bin values B64_WS, -+ * B64_EOLN, B64_EOLN and B64_EOF -+ */ -+ while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1])))) -+ n--; -+ -+ if (n % 4 != 0) -+ return (-1); -+ -+ for (i = 0; i < n; i += 4) { -+ a = conv_ascii2bin(*(f++)); -+ b = conv_ascii2bin(*(f++)); -+ c = conv_ascii2bin(*(f++)); -+ d = conv_ascii2bin(*(f++)); -+ if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80)) -+ return (-1); -+ l = ((((unsigned long)a) << 18L) | -+ (((unsigned long)b) << 12L) | -+ (((unsigned long)c) << 6L) | (((unsigned long)d))); -+ *(t++) = (unsigned char)(l >> 16L) & 0xff; -+ *(t++) = (unsigned char)(l >> 8L) & 0xff; -+ *(t++) = (unsigned char)(l) & 0xff; -+ ret += 3; -+ } -+ return (ret); -+} - - int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) -- { -- int i; -- -- *outl=0; -- if (ctx->num != 0) -- { -- i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num); -- if (i < 0) return(-1); -- ctx->num=0; -- *outl=i; -- return(1); -- } -- else -- return(1); -- } -+{ -+ int i; -+ -+ *outl = 0; -+ if (ctx->num != 0) { -+ i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num); -+ if (i < 0) -+ return (-1); -+ ctx->num = 0; -+ *outl = i; -+ return (1); -+ } else -+ return (1); -+} - - #ifdef undef - int EVP_DecodeValid(unsigned char *buf, int len) -- { -- int i,num=0,bad=0; -- -- if (len == 0) return(-1); -- while (conv_ascii2bin(*buf) == B64_WS) -- { -- buf++; -- len--; -- if (len == 0) return(-1); -- } -- -- for (i=len; i >= 4; i-=4) -- { -- if ( (conv_ascii2bin(buf[0]) >= 0x40) || -- (conv_ascii2bin(buf[1]) >= 0x40) || -- (conv_ascii2bin(buf[2]) >= 0x40) || -- (conv_ascii2bin(buf[3]) >= 0x40)) -- return(-1); -- buf+=4; -- num+=1+(buf[2] != '=')+(buf[3] != '='); -- } -- if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) -- return(num); -- if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && -- (conv_ascii2bin(buf[0]) == B64_EOLN)) -- return(num); -- return(1); -- } -+{ -+ int i, num = 0, bad = 0; -+ -+ if (len == 0) -+ return (-1); -+ while (conv_ascii2bin(*buf) == B64_WS) { -+ buf++; -+ len--; -+ if (len == 0) -+ return (-1); -+ } -+ -+ for (i = len; i >= 4; i -= 4) { -+ if ((conv_ascii2bin(buf[0]) >= 0x40) || -+ (conv_ascii2bin(buf[1]) >= 0x40) || -+ (conv_ascii2bin(buf[2]) >= 0x40) || -+ (conv_ascii2bin(buf[3]) >= 0x40)) -+ return (-1); -+ buf += 4; -+ num += 1 + (buf[2] != '=') + (buf[3] != '='); -+ } -+ if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) -+ return (num); -+ if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && -+ (conv_ascii2bin(buf[0]) == B64_EOLN)) -+ return (num); -+ return (1); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c -index 643a186..9703116 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c -@@ -1,6 +1,7 @@ - /* evp_acnf.c */ --/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,14 +61,13 @@ - #include - #include - -- --/* Load all algorithms and configure OpenSSL. -- * This function is called automatically when -- * OPENSSL_LOAD_CONF is set. -+/* -+ * Load all algorithms and configure OpenSSL. This function is called -+ * automatically when OPENSSL_LOAD_CONF is set. - */ - - void OPENSSL_add_all_algorithms_conf(void) -- { -- OPENSSL_add_all_algorithms_noconf(); -- OPENSSL_config(NULL); -- } -+{ -+ OPENSSL_add_all_algorithms_noconf(); -+ OPENSSL_config(NULL); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c -index 2e4db30..6fd3a6d 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c -@@ -1,6 +1,7 @@ - /* evp_cnf.c */ --/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL -- * project 2007. -+/* -+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project -+ * 2007. - */ - /* ==================================================================== - * Copyright (c) 2007 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,61 +66,53 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -- - /* Algorithm configuration module. */ - - static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) -- { -- int i; -- const char *oid_section; -- STACK_OF(CONF_VALUE) *sktmp; -- CONF_VALUE *oval; -- oid_section = CONF_imodule_get_value(md); -- if(!(sktmp = NCONF_get_section(cnf, oid_section))) -- { -- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); -- return 0; -- } -- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) -- { -- oval = sk_CONF_VALUE_value(sktmp, i); -- if (!strcmp(oval->name, "fips_mode")) -- { -- int m; -- if (!X509V3_get_value_bool(oval, &m)) -- { -- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); -- return 0; -- } -- if (m > 0) -- { -+{ -+ int i; -+ const char *oid_section; -+ STACK_OF(CONF_VALUE) *sktmp; -+ CONF_VALUE *oval; -+ oid_section = CONF_imodule_get_value(md); -+ if (!(sktmp = NCONF_get_section(cnf, oid_section))) { -+ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); -+ return 0; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { -+ oval = sk_CONF_VALUE_value(sktmp, i); -+ if (!strcmp(oval->name, "fips_mode")) { -+ int m; -+ if (!X509V3_get_value_bool(oval, &m)) { -+ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); -+ return 0; -+ } -+ if (m > 0) { - #ifdef OPENSSL_FIPS -- if (!FIPS_mode() && !FIPS_mode_set(1)) -- { -- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE); -- return 0; -- } -+ if (!FIPS_mode() && !FIPS_mode_set(1)) { -+ EVPerr(EVP_F_ALG_MODULE_INIT, -+ EVP_R_ERROR_SETTING_FIPS_MODE); -+ return 0; -+ } - #else -- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED); -- return 0; -+ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED); -+ return 0; - #endif -- } -- } -- else -- { -- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); -- ERR_add_error_data(4, "name=", oval->name, -- ", value=", oval->value); -- } -- -- } -- return 1; -- } -+ } -+ } else { -+ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); -+ ERR_add_error_data(4, "name=", oval->name, -+ ", value=", oval->value); -+ } -+ -+ } -+ return 1; -+} - - void EVP_add_alg_module(void) -- { -- CONF_module_add("alg_section", alg_module_init, 0); -- } -+{ -+ CONF_module_add("alg_section", alg_module_init, 0); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c -index 30e0ca4..8a91a67 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,379 +62,359 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include "evp_locl.h" - - #ifdef OPENSSL_FIPS -- #define M_do_cipher(ctx, out, in, inl) \ -- EVP_Cipher(ctx,out,in,inl) -+# define M_do_cipher(ctx, out, in, inl) \ -+ EVP_Cipher(ctx,out,in,inl) - #else -- #define M_do_cipher(ctx, out, in, inl) \ -- ctx->cipher->do_cipher(ctx,out,in,inl) -+# define M_do_cipher(ctx, out, in, inl) \ -+ ctx->cipher->do_cipher(ctx,out,in,inl) - #endif - --const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; -+const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; - - EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) -- { -- EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); -- if (ctx) -- EVP_CIPHER_CTX_init(ctx); -- return ctx; -- } -+{ -+ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); -+ if (ctx) -+ EVP_CIPHER_CTX_init(ctx); -+ return ctx; -+} - - int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -- const unsigned char *key, const unsigned char *iv, int enc) -- { -- if (cipher) -- EVP_CIPHER_CTX_init(ctx); -- return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); -- } -+ const unsigned char *key, const unsigned char *iv, int enc) -+{ -+ if (cipher) -+ EVP_CIPHER_CTX_init(ctx); -+ return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); -+} - - int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -- const unsigned char *in, int inl) -- { -- if (ctx->encrypt) -- return EVP_EncryptUpdate(ctx,out,outl,in,inl); -- else return EVP_DecryptUpdate(ctx,out,outl,in,inl); -- } -+ const unsigned char *in, int inl) -+{ -+ if (ctx->encrypt) -+ return EVP_EncryptUpdate(ctx, out, outl, in, inl); -+ else -+ return EVP_DecryptUpdate(ctx, out, outl, in, inl); -+} - - int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -- { -- if (ctx->encrypt) -- return EVP_EncryptFinal_ex(ctx,out,outl); -- else return EVP_DecryptFinal_ex(ctx,out,outl); -- } -+{ -+ if (ctx->encrypt) -+ return EVP_EncryptFinal_ex(ctx, out, outl); -+ else -+ return EVP_DecryptFinal_ex(ctx, out, outl); -+} - - int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -- { -- if (ctx->encrypt) -- return EVP_EncryptFinal(ctx,out,outl); -- else return EVP_DecryptFinal(ctx,out,outl); -- } -+{ -+ if (ctx->encrypt) -+ return EVP_EncryptFinal(ctx, out, outl); -+ else -+ return EVP_DecryptFinal(ctx, out, outl); -+} - - int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -- const unsigned char *key, const unsigned char *iv) -- { -- return EVP_CipherInit(ctx, cipher, key, iv, 1); -- } -- --int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key, const unsigned char *iv) -- { -- return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); -- } -+ const unsigned char *key, const unsigned char *iv) -+{ -+ return EVP_CipherInit(ctx, cipher, key, iv, 1); -+} -+ -+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv) -+{ -+ return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); -+} - - int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -- const unsigned char *key, const unsigned char *iv) -- { -- return EVP_CipherInit(ctx, cipher, key, iv, 0); -- } -- --int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, -- const unsigned char *key, const unsigned char *iv) -- { -- return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); -- } -+ const unsigned char *key, const unsigned char *iv) -+{ -+ return EVP_CipherInit(ctx, cipher, key, iv, 0); -+} -+ -+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ ENGINE *impl, const unsigned char *key, -+ const unsigned char *iv) -+{ -+ return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); -+} - - int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -- const unsigned char *in, int inl) -- { -- int i,j,bl; -- -- if (inl <= 0) -- { -- *outl = 0; -- return inl == 0; -- } -- -- if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) -- { -- if(M_do_cipher(ctx,out,in,inl)) -- { -- *outl=inl; -- return 1; -- } -- else -- { -- *outl=0; -- return 0; -- } -- } -- i=ctx->buf_len; -- bl=ctx->cipher->block_size; -- OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); -- if (i != 0) -- { -- if (i+inl < bl) -- { -- memcpy(&(ctx->buf[i]),in,inl); -- ctx->buf_len+=inl; -- *outl=0; -- return 1; -- } -- else -- { -- j=bl-i; -- memcpy(&(ctx->buf[i]),in,j); -- if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; -- inl-=j; -- in+=j; -- out+=bl; -- *outl=bl; -- } -- } -- else -- *outl = 0; -- i=inl&(bl-1); -- inl-=i; -- if (inl > 0) -- { -- if(!M_do_cipher(ctx,out,in,inl)) return 0; -- *outl+=inl; -- } -- -- if (i != 0) -- memcpy(ctx->buf,&(in[inl]),i); -- ctx->buf_len=i; -- return 1; -- } -+ const unsigned char *in, int inl) -+{ -+ int i, j, bl; -+ -+ if (inl <= 0) { -+ *outl = 0; -+ return inl == 0; -+ } -+ -+ if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) { -+ if (M_do_cipher(ctx, out, in, inl)) { -+ *outl = inl; -+ return 1; -+ } else { -+ *outl = 0; -+ return 0; -+ } -+ } -+ i = ctx->buf_len; -+ bl = ctx->cipher->block_size; -+ OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); -+ if (i != 0) { -+ if (i + inl < bl) { -+ memcpy(&(ctx->buf[i]), in, inl); -+ ctx->buf_len += inl; -+ *outl = 0; -+ return 1; -+ } else { -+ j = bl - i; -+ memcpy(&(ctx->buf[i]), in, j); -+ if (!M_do_cipher(ctx, out, ctx->buf, bl)) -+ return 0; -+ inl -= j; -+ in += j; -+ out += bl; -+ *outl = bl; -+ } -+ } else -+ *outl = 0; -+ i = inl & (bl - 1); -+ inl -= i; -+ if (inl > 0) { -+ if (!M_do_cipher(ctx, out, in, inl)) -+ return 0; -+ *outl += inl; -+ } -+ -+ if (i != 0) -+ memcpy(ctx->buf, &(in[inl]), i); -+ ctx->buf_len = i; -+ return 1; -+} - - int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -- { -- int ret; -- ret = EVP_EncryptFinal_ex(ctx, out, outl); -- return ret; -- } -+{ -+ int ret; -+ ret = EVP_EncryptFinal_ex(ctx, out, outl); -+ return ret; -+} - - int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -- { -- int n,ret; -- unsigned int i, b, bl; -- -- b=ctx->cipher->block_size; -- OPENSSL_assert(b <= sizeof ctx->buf); -- if (b == 1) -- { -- *outl=0; -- return 1; -- } -- bl=ctx->buf_len; -- if (ctx->flags & EVP_CIPH_NO_PADDING) -- { -- if(bl) -- { -- EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); -- return 0; -- } -- *outl = 0; -- return 1; -- } -- -- n=b-bl; -- for (i=bl; ibuf[i]=n; -- ret=M_do_cipher(ctx,out,ctx->buf,b); -- -- -- if(ret) -- *outl=b; -- -- return ret; -- } -+{ -+ int n, ret; -+ unsigned int i, b, bl; -+ -+ b = ctx->cipher->block_size; -+ OPENSSL_assert(b <= sizeof ctx->buf); -+ if (b == 1) { -+ *outl = 0; -+ return 1; -+ } -+ bl = ctx->buf_len; -+ if (ctx->flags & EVP_CIPH_NO_PADDING) { -+ if (bl) { -+ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, -+ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); -+ return 0; -+ } -+ *outl = 0; -+ return 1; -+ } -+ -+ n = b - bl; -+ for (i = bl; i < b; i++) -+ ctx->buf[i] = n; -+ ret = M_do_cipher(ctx, out, ctx->buf, b); -+ -+ if (ret) -+ *outl = b; -+ -+ return ret; -+} - - int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, -- const unsigned char *in, int inl) -- { -- int fix_len; -- unsigned int b; -- -- if (inl <= 0) -- { -- *outl = 0; -- return inl == 0; -- } -- -- if (ctx->flags & EVP_CIPH_NO_PADDING) -- return EVP_EncryptUpdate(ctx, out, outl, in, inl); -- -- b=ctx->cipher->block_size; -- OPENSSL_assert(b <= sizeof ctx->final); -- -- if(ctx->final_used) -- { -- memcpy(out,ctx->final,b); -- out+=b; -- fix_len = 1; -- } -- else -- fix_len = 0; -- -- -- if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) -- return 0; -- -- /* if we have 'decrypted' a multiple of block size, make sure -- * we have a copy of this last block */ -- if (b > 1 && !ctx->buf_len) -- { -- *outl-=b; -- ctx->final_used=1; -- memcpy(ctx->final,&out[*outl],b); -- } -- else -- ctx->final_used = 0; -- -- if (fix_len) -- *outl += b; -- -- return 1; -- } -+ const unsigned char *in, int inl) -+{ -+ int fix_len; -+ unsigned int b; -+ -+ if (inl <= 0) { -+ *outl = 0; -+ return inl == 0; -+ } -+ -+ if (ctx->flags & EVP_CIPH_NO_PADDING) -+ return EVP_EncryptUpdate(ctx, out, outl, in, inl); -+ -+ b = ctx->cipher->block_size; -+ OPENSSL_assert(b <= sizeof ctx->final); -+ -+ if (ctx->final_used) { -+ memcpy(out, ctx->final, b); -+ out += b; -+ fix_len = 1; -+ } else -+ fix_len = 0; -+ -+ if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) -+ return 0; -+ -+ /* -+ * if we have 'decrypted' a multiple of block size, make sure we have a -+ * copy of this last block -+ */ -+ if (b > 1 && !ctx->buf_len) { -+ *outl -= b; -+ ctx->final_used = 1; -+ memcpy(ctx->final, &out[*outl], b); -+ } else -+ ctx->final_used = 0; -+ -+ if (fix_len) -+ *outl += b; -+ -+ return 1; -+} - - int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -- { -- int ret; -- ret = EVP_DecryptFinal_ex(ctx, out, outl); -- return ret; -- } -+{ -+ int ret; -+ ret = EVP_DecryptFinal_ex(ctx, out, outl); -+ return ret; -+} - - int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -- { -- int i,n; -- unsigned int b; -- -- *outl=0; -- b=ctx->cipher->block_size; -- if (ctx->flags & EVP_CIPH_NO_PADDING) -- { -- if(ctx->buf_len) -- { -- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); -- return 0; -- } -- *outl = 0; -- return 1; -- } -- if (b > 1) -- { -- if (ctx->buf_len || !ctx->final_used) -- { -- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); -- return(0); -- } -- OPENSSL_assert(b <= sizeof ctx->final); -- n=ctx->final[b-1]; -- if (n == 0 || n > (int)b) -- { -- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); -- return(0); -- } -- for (i=0; ifinal[--b] != n) -- { -- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); -- return(0); -- } -- } -- n=ctx->cipher->block_size-n; -- for (i=0; ifinal[i]; -- *outl=n; -- } -- else -- *outl=0; -- return(1); -- } -+{ -+ int i, n; -+ unsigned int b; -+ -+ *outl = 0; -+ b = ctx->cipher->block_size; -+ if (ctx->flags & EVP_CIPH_NO_PADDING) { -+ if (ctx->buf_len) { -+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, -+ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); -+ return 0; -+ } -+ *outl = 0; -+ return 1; -+ } -+ if (b > 1) { -+ if (ctx->buf_len || !ctx->final_used) { -+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); -+ return (0); -+ } -+ OPENSSL_assert(b <= sizeof ctx->final); -+ n = ctx->final[b - 1]; -+ if (n == 0 || n > (int)b) { -+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); -+ return (0); -+ } -+ for (i = 0; i < n; i++) { -+ if (ctx->final[--b] != n) { -+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); -+ return (0); -+ } -+ } -+ n = ctx->cipher->block_size - n; -+ for (i = 0; i < n; i++) -+ out[i] = ctx->final[i]; -+ *outl = n; -+ } else -+ *outl = 0; -+ return (1); -+} - - void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) -- { -- if (ctx) -- { -- EVP_CIPHER_CTX_cleanup(ctx); -- OPENSSL_free(ctx); -- } -- } -+{ -+ if (ctx) { -+ EVP_CIPHER_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); -+ } -+} - - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) -- { -- if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) -- return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); -- if(c->key_len == keylen) return 1; -- if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) -- { -- c->key_len = keylen; -- return 1; -- } -- EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); -- return 0; -- } -+{ -+ if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) -+ return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); -+ if (c->key_len == keylen) -+ return 1; -+ if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { -+ c->key_len = keylen; -+ return 1; -+ } -+ EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH); -+ return 0; -+} - - int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) -- { -- if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; -- else ctx->flags |= EVP_CIPH_NO_PADDING; -- return 1; -- } -+{ -+ if (pad) -+ ctx->flags &= ~EVP_CIPH_NO_PADDING; -+ else -+ ctx->flags |= EVP_CIPH_NO_PADDING; -+ return 1; -+} - - int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) -- { -- if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) -- return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); -- if (RAND_bytes(key, ctx->key_len) <= 0) -- return 0; -- return 1; -- } -+{ -+ if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) -+ return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); -+ if (RAND_bytes(key, ctx->key_len) <= 0) -+ return 0; -+ return 1; -+} - - #ifndef OPENSSL_NO_ENGINE - --#ifdef OPENSSL_FIPS -- --static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) -- { -- if(impl) -- { -- if (!ENGINE_init(impl)) -- { -- EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- } -- else -- /* Ask if an ENGINE is reserved for this job */ -- impl = ENGINE_get_cipher_engine((*pcipher)->nid); -- if(impl) -- { -- /* There's an ENGINE for this job ... (apparently) */ -- const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); -- if(!c) -- { -- /* One positive side-effect of US's export -- * control history, is that we should at least -- * be able to avoid using US mispellings of -- * "initialisation"? */ -- EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); -- return 0; -- } -- /* We'll use the ENGINE's private cipher definition */ -- *pcipher = c; -- /* Store the ENGINE functional reference so we know -- * 'cipher' came from an ENGINE and we need to release -- * it when done. */ -- ctx->engine = impl; -- } -- else -- ctx->engine = NULL; -- return 1; -- } -+# ifdef OPENSSL_FIPS -+ -+static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER **pcipher, ENGINE *impl) -+{ -+ if (impl) { -+ if (!ENGINE_init(impl)) { -+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); -+ return 0; -+ } -+ } else -+ /* Ask if an ENGINE is reserved for this job */ -+ impl = ENGINE_get_cipher_engine((*pcipher)->nid); -+ if (impl) { -+ /* There's an ENGINE for this job ... (apparently) */ -+ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); -+ if (!c) { -+ /* -+ * One positive side-effect of US's export control history, is -+ * that we should at least be able to avoid using US mispellings -+ * of "initialisation"? -+ */ -+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); -+ return 0; -+ } -+ /* We'll use the ENGINE's private cipher definition */ -+ *pcipher = c; -+ /* -+ * Store the ENGINE functional reference so we know 'cipher' came -+ * from an ENGINE and we need to release it when done. -+ */ -+ ctx->engine = impl; -+ } else -+ ctx->engine = NULL; -+ return 1; -+} - - void int_EVP_CIPHER_init_engine_callbacks(void) -- { -- int_EVP_CIPHER_set_engine_callbacks( -- ENGINE_finish, do_evp_enc_engine_full); -- } -+{ -+ int_EVP_CIPHER_set_engine_callbacks(ENGINE_finish, -+ do_evp_enc_engine_full); -+} - --#endif -+# endif - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c -index b5b900d..02d24ec 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,124 +66,131 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) - --static ERR_STRING_DATA EVP_str_functs[]= -- { --{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, --{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, --{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, --{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, --{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, --{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"}, --{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"}, --{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"}, --{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, --{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, --{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, --{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, --{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, --{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, --{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, --{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, --{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, --{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, --{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, --{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, --{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, --{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, --{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, --{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, --{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, --{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, --{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, --{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, --{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, --{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, --{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, --{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, --{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, --{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, --{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, --{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, --{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, --{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, --{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, --{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, --{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, --{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, --{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, --{0,NULL} -- }; -+static ERR_STRING_DATA EVP_str_functs[] = { -+ {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, -+ {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, -+ {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, -+ {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, -+ {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, -+ {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"}, -+ {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"}, -+ {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"}, -+ {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, -+ {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, -+ {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, -+ {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, -+ {ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, -+ {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, -+ {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, -+ {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), -+ "EVP_CIPHER_CTX_set_key_length"}, -+ {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, -+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, -+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, -+ {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, -+ {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, -+ {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, -+ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, -+ {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, -+ {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, -+ {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, -+ {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, -+ {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, -+ {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, -+ {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, -+ {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, -+ {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, -+ {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, -+ {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA EVP_str_reasons[]= -- { --{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, --{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, --{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, --{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, --{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, --{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, --{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, --{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"}, --{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, --{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, --{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, --{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, --{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, --{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, --{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, --{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, --{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"}, --{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"}, --{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, --{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, --{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, --{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, --{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, --{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, --{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"}, --{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, --{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, --{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"}, --{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, --{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, --{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, --{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"}, --{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"}, --{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"}, --{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"}, --{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"}, --{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, --{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, --{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, --{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"}, --{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"}, --{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, --{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, --{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, --{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"}, --{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"}, --{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"}, --{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"}, --{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"}, --{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"}, --{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"}, --{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"}, --{0,NULL} -- }; -+static ERR_STRING_DATA EVP_str_reasons[] = { -+ {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, -+ {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"}, -+ {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"}, -+ {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"}, -+ {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"}, -+ {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, -+ {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, -+ {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), -+ "camellia key setup failed"}, -+ {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, -+ {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, -+ {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), -+ "ctrl operation not implemented"}, -+ {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), -+ "data not multiple of block length"}, -+ {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, -+ {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, -+ {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"}, -+ {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"}, -+ {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, -+ {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, -+ {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"}, -+ {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"}, -+ {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, -+ {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"}, -+ {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"}, -+ {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, -+ {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, -+ {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, -+ {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, -+ {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, -+ {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, -+ {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, -+ {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, -+ {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"}, -+ {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"}, -+ {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"}, -+ {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"}, -+ {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), -+ "no sign function configured"}, -+ {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), -+ "no verify function configured"}, -+ {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), -+ "pkcs8 unknown broken type"}, -+ {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, -+ {ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED), "seed key setup failed"}, -+ {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, -+ {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, -+ {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), -+ "unsuported number of rounds"}, -+ {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, -+ {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, -+ {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), -+ "unsupported key derivation function"}, -+ {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"}, -+ {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, -+ {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), -+ "unsupported private key algorithm"}, -+ {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"}, -+ {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, -+ {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_EVP_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,EVP_str_functs); -- ERR_load_strings(0,EVP_str_reasons); -- } -+ if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, EVP_str_functs); -+ ERR_load_strings(0, EVP_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c -index 361ea69..924e12f 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -67,109 +67,112 @@ - static char prompt_string[80]; - - void EVP_set_pw_prompt(const char *prompt) -- { -- if (prompt == NULL) -- prompt_string[0]='\0'; -- else -- { -- strncpy(prompt_string,prompt,79); -- prompt_string[79]='\0'; -- } -- } -+{ -+ if (prompt == NULL) -+ prompt_string[0] = '\0'; -+ else { -+ strncpy(prompt_string, prompt, 79); -+ prompt_string[79] = '\0'; -+ } -+} - - char *EVP_get_pw_prompt(void) -- { -- if (prompt_string[0] == '\0') -- return(NULL); -- else -- return(prompt_string); -- } -+{ -+ if (prompt_string[0] == '\0') -+ return (NULL); -+ else -+ return (prompt_string); -+} - --/* For historical reasons, the standard function for reading passwords is -- * in the DES library -- if someone ever wants to disable DES, -- * this function will fail */ -+/* -+ * For historical reasons, the standard function for reading passwords is in -+ * the DES library -- if someone ever wants to disable DES, this function -+ * will fail -+ */ - int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) -- { -- int ret; -- char buff[BUFSIZ]; -- UI *ui; -- -- if ((prompt == NULL) && (prompt_string[0] != '\0')) -- prompt=prompt_string; -- ui = UI_new(); -- UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); -- if (verify) -- UI_add_verify_string(ui,prompt,0, -- buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); -- ret = UI_process(ui); -- UI_free(ui); -- OPENSSL_cleanse(buff,BUFSIZ); -- return ret; -- } -+{ -+ int ret; -+ char buff[BUFSIZ]; -+ UI *ui; - --int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, -- const unsigned char *salt, const unsigned char *data, int datal, -- int count, unsigned char *key, unsigned char *iv) -- { -- EVP_MD_CTX c; -- unsigned char md_buf[EVP_MAX_MD_SIZE]; -- int niv,nkey,addmd=0; -- unsigned int mds=0,i; -+ if ((prompt == NULL) && (prompt_string[0] != '\0')) -+ prompt = prompt_string; -+ ui = UI_new(); -+ UI_add_input_string(ui, prompt, 0, buf, 0, -+ (len >= BUFSIZ) ? BUFSIZ - 1 : len); -+ if (verify) -+ UI_add_verify_string(ui, prompt, 0, -+ buff, 0, (len >= BUFSIZ) ? BUFSIZ - 1 : len, -+ buf); -+ ret = UI_process(ui); -+ UI_free(ui); -+ OPENSSL_cleanse(buff, BUFSIZ); -+ return ret; -+} - -- nkey=type->key_len; -- niv=type->iv_len; -- OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); -- OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); -+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, -+ const unsigned char *salt, const unsigned char *data, -+ int datal, int count, unsigned char *key, -+ unsigned char *iv) -+{ -+ EVP_MD_CTX c; -+ unsigned char md_buf[EVP_MAX_MD_SIZE]; -+ int niv, nkey, addmd = 0; -+ unsigned int mds = 0, i; - -- if (data == NULL) return(nkey); -+ nkey = type->key_len; -+ niv = type->iv_len; -+ OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); -+ OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); - -- EVP_MD_CTX_init(&c); -- for (;;) -- { -- if (!EVP_DigestInit_ex(&c,md, NULL)) -- return 0; -- if (addmd++) -- EVP_DigestUpdate(&c,&(md_buf[0]),mds); -- EVP_DigestUpdate(&c,data,datal); -- if (salt != NULL) -- EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN); -- EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); -+ if (data == NULL) -+ return (nkey); - -- for (i=1; i<(unsigned int)count; i++) -- { -- EVP_DigestInit_ex(&c,md, NULL); -- EVP_DigestUpdate(&c,&(md_buf[0]),mds); -- EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); -- } -- i=0; -- if (nkey) -- { -- for (;;) -- { -- if (nkey == 0) break; -- if (i == mds) break; -- if (key != NULL) -- *(key++)=md_buf[i]; -- nkey--; -- i++; -- } -- } -- if (niv && (i != mds)) -- { -- for (;;) -- { -- if (niv == 0) break; -- if (i == mds) break; -- if (iv != NULL) -- *(iv++)=md_buf[i]; -- niv--; -- i++; -- } -- } -- if ((nkey == 0) && (niv == 0)) break; -- } -- EVP_MD_CTX_cleanup(&c); -- OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); -- return(type->key_len); -- } -+ EVP_MD_CTX_init(&c); -+ for (;;) { -+ if (!EVP_DigestInit_ex(&c, md, NULL)) -+ return 0; -+ if (addmd++) -+ EVP_DigestUpdate(&c, &(md_buf[0]), mds); -+ EVP_DigestUpdate(&c, data, datal); -+ if (salt != NULL) -+ EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); -+ EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds); - -+ for (i = 1; i < (unsigned int)count; i++) { -+ EVP_DigestInit_ex(&c, md, NULL); -+ EVP_DigestUpdate(&c, &(md_buf[0]), mds); -+ EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds); -+ } -+ i = 0; -+ if (nkey) { -+ for (;;) { -+ if (nkey == 0) -+ break; -+ if (i == mds) -+ break; -+ if (key != NULL) -+ *(key++) = md_buf[i]; -+ nkey--; -+ i++; -+ } -+ } -+ if (niv && (i != mds)) { -+ for (;;) { -+ if (niv == 0) -+ break; -+ if (i == mds) -+ break; -+ if (iv != NULL) -+ *(iv++) = md_buf[i]; -+ niv--; -+ i++; -+ } -+ } -+ if ((nkey == 0) && (niv == 0)) -+ break; -+ } -+ EVP_MD_CTX_cleanup(&c); -+ OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE); -+ return (type->key_len); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c -index 9c20061..13dad6e 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,223 +62,222 @@ - #include - - int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -- { -- int ret; -- -- if (c->cipher->set_asn1_parameters != NULL) -- ret=c->cipher->set_asn1_parameters(c,type); -- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) -- ret=EVP_CIPHER_set_asn1_iv(c, type); -- else -- ret=-1; -- return(ret); -- } -+{ -+ int ret; -+ -+ if (c->cipher->set_asn1_parameters != NULL) -+ ret = c->cipher->set_asn1_parameters(c, type); -+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) -+ ret = EVP_CIPHER_set_asn1_iv(c, type); -+ else -+ ret = -1; -+ return (ret); -+} - - int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -- { -- int ret; -- -- if (c->cipher->get_asn1_parameters != NULL) -- ret=c->cipher->get_asn1_parameters(c,type); -- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) -- ret=EVP_CIPHER_get_asn1_iv(c, type); -- else -- ret=-1; -- return(ret); -- } -+{ -+ int ret; -+ -+ if (c->cipher->get_asn1_parameters != NULL) -+ ret = c->cipher->get_asn1_parameters(c, type); -+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) -+ ret = EVP_CIPHER_get_asn1_iv(c, type); -+ else -+ ret = -1; -+ return (ret); -+} - - int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -- { -- int i=0; -- unsigned int l; -- -- if (type != NULL) -- { -- l=EVP_CIPHER_CTX_iv_length(c); -- OPENSSL_assert(l <= sizeof(c->iv)); -- i=ASN1_TYPE_get_octetstring(type,c->oiv,l); -- if (i != (int)l) -- return(-1); -- else if (i > 0) -- memcpy(c->iv,c->oiv,l); -- } -- return(i); -- } -+{ -+ int i = 0; -+ unsigned int l; -+ -+ if (type != NULL) { -+ l = EVP_CIPHER_CTX_iv_length(c); -+ OPENSSL_assert(l <= sizeof(c->iv)); -+ i = ASN1_TYPE_get_octetstring(type, c->oiv, l); -+ if (i != (int)l) -+ return (-1); -+ else if (i > 0) -+ memcpy(c->iv, c->oiv, l); -+ } -+ return (i); -+} - - int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -- { -- int i=0; -- unsigned int j; -- -- if (type != NULL) -- { -- j=EVP_CIPHER_CTX_iv_length(c); -- OPENSSL_assert(j <= sizeof(c->iv)); -- i=ASN1_TYPE_set_octetstring(type,c->oiv,j); -- } -- return(i); -- } -+{ -+ int i = 0; -+ unsigned int j; -+ -+ if (type != NULL) { -+ j = EVP_CIPHER_CTX_iv_length(c); -+ OPENSSL_assert(j <= sizeof(c->iv)); -+ i = ASN1_TYPE_set_octetstring(type, c->oiv, j); -+ } -+ return (i); -+} - - /* Convert the various cipher NIDs and dummies to a proper OID NID */ - int EVP_CIPHER_type(const EVP_CIPHER *ctx) - { -- int nid; -- ASN1_OBJECT *otmp; -- nid = EVP_CIPHER_nid(ctx); -+ int nid; -+ ASN1_OBJECT *otmp; -+ nid = EVP_CIPHER_nid(ctx); - -- switch(nid) { -+ switch (nid) { - -- case NID_rc2_cbc: -- case NID_rc2_64_cbc: -- case NID_rc2_40_cbc: -+ case NID_rc2_cbc: -+ case NID_rc2_64_cbc: -+ case NID_rc2_40_cbc: - -- return NID_rc2_cbc; -+ return NID_rc2_cbc; - -- case NID_rc4: -- case NID_rc4_40: -+ case NID_rc4: -+ case NID_rc4_40: - -- return NID_rc4; -+ return NID_rc4; - -- case NID_aes_128_cfb128: -- case NID_aes_128_cfb8: -- case NID_aes_128_cfb1: -+ case NID_aes_128_cfb128: -+ case NID_aes_128_cfb8: -+ case NID_aes_128_cfb1: - -- return NID_aes_128_cfb128; -+ return NID_aes_128_cfb128; - -- case NID_aes_192_cfb128: -- case NID_aes_192_cfb8: -- case NID_aes_192_cfb1: -+ case NID_aes_192_cfb128: -+ case NID_aes_192_cfb8: -+ case NID_aes_192_cfb1: - -- return NID_aes_192_cfb128; -+ return NID_aes_192_cfb128; - -- case NID_aes_256_cfb128: -- case NID_aes_256_cfb8: -- case NID_aes_256_cfb1: -+ case NID_aes_256_cfb128: -+ case NID_aes_256_cfb8: -+ case NID_aes_256_cfb1: - -- return NID_aes_256_cfb128; -+ return NID_aes_256_cfb128; - -- case NID_des_cfb64: -- case NID_des_cfb8: -- case NID_des_cfb1: -+ case NID_des_cfb64: -+ case NID_des_cfb8: -+ case NID_des_cfb1: - -- return NID_des_cfb64; -+ return NID_des_cfb64; - -- case NID_des_ede3_cfb64: -- case NID_des_ede3_cfb8: -- case NID_des_ede3_cfb1: -+ case NID_des_ede3_cfb64: -+ case NID_des_ede3_cfb8: -+ case NID_des_ede3_cfb1: - -- return NID_des_cfb64; -+ return NID_des_cfb64; - -- default: -- /* Check it has an OID and it is valid */ -- otmp = OBJ_nid2obj(nid); -- if(!otmp || !otmp->data) nid = NID_undef; -- ASN1_OBJECT_free(otmp); -- return nid; -- } -+ default: -+ /* Check it has an OID and it is valid */ -+ otmp = OBJ_nid2obj(nid); -+ if (!otmp || !otmp->data) -+ nid = NID_undef; -+ ASN1_OBJECT_free(otmp); -+ return nid; -+ } - } - - int EVP_CIPHER_block_size(const EVP_CIPHER *e) -- { -- return e->block_size; -- } -+{ -+ return e->block_size; -+} - - int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) -- { -- return ctx->cipher->block_size; -- } -+{ -+ return ctx->cipher->block_size; -+} - - const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) -- { -- return ctx->cipher; -- } -+{ -+ return ctx->cipher; -+} - - unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) -- { -- return cipher->flags; -- } -+{ -+ return cipher->flags; -+} - - void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) -- { -- return ctx->app_data; -- } -+{ -+ return ctx->app_data; -+} - - void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) -- { -- ctx->app_data = data; -- } -+{ -+ ctx->app_data = data; -+} - - int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) -- { -- return cipher->iv_len; -- } -+{ -+ return cipher->iv_len; -+} - - int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) -- { -- return cipher->key_len; -- } -+{ -+ return cipher->key_len; -+} - - int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) -- { -- return ctx->key_len; -- } -+{ -+ return ctx->key_len; -+} - - int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) -- { -- return ctx->cipher->nid; -- } -+{ -+ return ctx->cipher->nid; -+} - --int EVP_MD_block_size(const EVP_MD *md) -- { -- return md->block_size; -- } -+int EVP_MD_block_size(const EVP_MD *md) -+{ -+ return md->block_size; -+} - - int EVP_MD_type(const EVP_MD *md) -- { -- return md->type; -- } -+{ -+ return md->type; -+} - - int EVP_MD_pkey_type(const EVP_MD *md) -- { -- return md->pkey_type; -- } -+{ -+ return md->pkey_type; -+} - - int EVP_MD_size(const EVP_MD *md) -- { -- return md->md_size; -- } -+{ -+ return md->md_size; -+} - --const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) -- { -- return ctx->digest; -- } -+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) -+{ -+ return ctx->digest; -+} - - void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) -- { -- ctx->flags |= flags; -- } -+{ -+ ctx->flags |= flags; -+} - - void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) -- { -- ctx->flags &= ~flags; -- } -+{ -+ ctx->flags &= ~flags; -+} - - int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) -- { -- return (ctx->flags & flags); -- } -+{ -+ return (ctx->flags & flags); -+} - - void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) -- { -- ctx->flags |= flags; -- } -+{ -+ ctx->flags |= flags; -+} - - void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) -- { -- ctx->flags &= ~flags; -- } -+{ -+ ctx->flags &= ~flags; -+} - - int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) -- { -- return (ctx->flags & flags); -- } -+{ -+ return (ctx->flags & flags); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c -index 766ea42..e83fbe7 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c -@@ -1,6 +1,7 @@ - /* evp_pbe.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -68,103 +69,101 @@ static STACK *pbe_algs; - /* Setup a cipher context from a PBE algorithm */ - - typedef struct { --int pbe_nid; --const EVP_CIPHER *cipher; --const EVP_MD *md; --EVP_PBE_KEYGEN *keygen; -+ int pbe_nid; -+ const EVP_CIPHER *cipher; -+ const EVP_MD *md; -+ EVP_PBE_KEYGEN *keygen; - } EVP_PBE_CTL; - - int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, -- ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) -+ ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) - { - -- EVP_PBE_CTL *pbetmp, pbelu; -- int i; -- pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); -- if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu); -- else i = -1; -+ EVP_PBE_CTL *pbetmp, pbelu; -+ int i; -+ pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); -+ if (pbelu.pbe_nid != NID_undef) -+ i = sk_find(pbe_algs, (char *)&pbelu); -+ else -+ i = -1; - -- if (i == -1) { -- char obj_tmp[80]; -- EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); -- if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); -- else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); -- ERR_add_error_data(2, "TYPE=", obj_tmp); -- return 0; -- } -- if(!pass) passlen = 0; -- else if (passlen == -1) passlen = strlen(pass); -- pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); -- i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, -- pbetmp->md, en_de); -- if (!i) { -- EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); -- return 0; -- } -- return 1; -+ if (i == -1) { -+ char obj_tmp[80]; -+ EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); -+ if (!pbe_obj) -+ BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); -+ else -+ i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); -+ ERR_add_error_data(2, "TYPE=", obj_tmp); -+ return 0; -+ } -+ if (!pass) -+ passlen = 0; -+ else if (passlen == -1) -+ passlen = strlen(pass); -+ pbetmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); -+ i = (*pbetmp->keygen) (ctx, pass, passlen, param, pbetmp->cipher, -+ pbetmp->md, en_de); -+ if (!i) { -+ EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE); -+ return 0; -+ } -+ return 1; - } - --static int pbe_cmp(const char * const *a, const char * const *b) -+static int pbe_cmp(const char *const *a, const char *const *b) - { -- const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, -- * const *pbe2 = (const EVP_PBE_CTL * const *)b; -- return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); -+ const EVP_PBE_CTL *const *pbe1 = (const EVP_PBE_CTL *const *)a, -+ *const *pbe2 = (const EVP_PBE_CTL *const *)b; -+ return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); - } - - /* Add a PBE algorithm */ - - int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, -- EVP_PBE_KEYGEN *keygen) -+ EVP_PBE_KEYGEN *keygen) - { -- EVP_PBE_CTL *pbe_tmp = NULL, pbelu; -- int i; -- if (!pbe_algs) -- { -- pbe_algs = sk_new(pbe_cmp); -- if (!pbe_algs) -- { -- EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- else -- { -- /* Check if already present */ -- pbelu.pbe_nid = nid; -- i = sk_find(pbe_algs, (char *)&pbelu); -- if (i >= 0) -- { -- pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); -- /* If everything identical leave alone */ -- if (pbe_tmp->cipher == cipher -- && pbe_tmp->md == md -- && pbe_tmp->keygen == keygen) -- return 1; -- } -- } -+ EVP_PBE_CTL *pbe_tmp = NULL, pbelu; -+ int i; -+ if (!pbe_algs) { -+ pbe_algs = sk_new(pbe_cmp); -+ if (!pbe_algs) { -+ EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } else { -+ /* Check if already present */ -+ pbelu.pbe_nid = nid; -+ i = sk_find(pbe_algs, (char *)&pbelu); -+ if (i >= 0) { -+ pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); -+ /* If everything identical leave alone */ -+ if (pbe_tmp->cipher == cipher -+ && pbe_tmp->md == md && pbe_tmp->keygen == keygen) -+ return 1; -+ } -+ } - -- if (!pbe_tmp) -- { -- pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL)); -- if (!pbe_tmp) -- { -- EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- /* If adding a new PBE, set nid, append and sort */ -- pbe_tmp->pbe_nid = nid; -- sk_push (pbe_algs, (char *)pbe_tmp); -- sk_sort(pbe_algs); -- } -- -- pbe_tmp->cipher = cipher; -- pbe_tmp->md = md; -- pbe_tmp->keygen = keygen; -- return 1; -+ if (!pbe_tmp) { -+ pbe_tmp = OPENSSL_malloc(sizeof(EVP_PBE_CTL)); -+ if (!pbe_tmp) { -+ EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ /* If adding a new PBE, set nid, append and sort */ -+ pbe_tmp->pbe_nid = nid; -+ sk_push(pbe_algs, (char *)pbe_tmp); -+ sk_sort(pbe_algs); -+ } -+ -+ pbe_tmp->cipher = cipher; -+ pbe_tmp->md = md; -+ pbe_tmp->keygen = keygen; -+ return 1; - } - - void EVP_PBE_cleanup(void) - { -- sk_pop_free(pbe_algs, OPENSSL_freeFunc); -- pbe_algs = NULL; -+ sk_pop_free(pbe_algs, OPENSSL_freeFunc); -+ pbe_algs = NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c -index 10d9e9e..bc4d5c2 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c -@@ -1,6 +1,7 @@ - /* evp_pkey.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,10 +63,10 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #include - -@@ -80,654 +81,641 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); - - EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) - { -- EVP_PKEY *pkey = NULL; -+ EVP_PKEY *pkey = NULL; - #ifndef OPENSSL_NO_RSA -- RSA *rsa = NULL; -+ RSA *rsa = NULL; - #endif - #ifndef OPENSSL_NO_DSA -- DSA *dsa = NULL; -- ASN1_TYPE *t1, *t2; -- ASN1_INTEGER *privkey; -- STACK_OF(ASN1_TYPE) *ndsa = NULL; -+ DSA *dsa = NULL; -+ ASN1_TYPE *t1, *t2; -+ ASN1_INTEGER *privkey; -+ STACK_OF(ASN1_TYPE) *ndsa = NULL; - #endif - #ifndef OPENSSL_NO_EC -- EC_KEY *eckey = NULL; -- const unsigned char *p_tmp; -+ EC_KEY *eckey = NULL; -+ const unsigned char *p_tmp; - #endif - #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) -- ASN1_TYPE *param = NULL; -- BN_CTX *ctx = NULL; -- int plen; -+ ASN1_TYPE *param = NULL; -+ BN_CTX *ctx = NULL; -+ int plen; - #endif -- X509_ALGOR *a; -- const unsigned char *p; -- const unsigned char *cp; -- int pkeylen; -- int nid; -- char obj_tmp[80]; -- -- if(p8->pkey->type == V_ASN1_OCTET_STRING) { -- p8->broken = PKCS8_OK; -- p = p8->pkey->value.octet_string->data; -- pkeylen = p8->pkey->value.octet_string->length; -- } else { -- p8->broken = PKCS8_NO_OCTET; -- p = p8->pkey->value.sequence->data; -- pkeylen = p8->pkey->value.sequence->length; -- } -- if (!(pkey = EVP_PKEY_new())) { -- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- a = p8->pkeyalg; -- nid = OBJ_obj2nid(a->algorithm); -- switch(nid) -- { -+ X509_ALGOR *a; -+ const unsigned char *p; -+ const unsigned char *cp; -+ int pkeylen; -+ int nid; -+ char obj_tmp[80]; -+ -+ if (p8->pkey->type == V_ASN1_OCTET_STRING) { -+ p8->broken = PKCS8_OK; -+ p = p8->pkey->value.octet_string->data; -+ pkeylen = p8->pkey->value.octet_string->length; -+ } else { -+ p8->broken = PKCS8_NO_OCTET; -+ p = p8->pkey->value.sequence->data; -+ pkeylen = p8->pkey->value.sequence->length; -+ } -+ if (!(pkey = EVP_PKEY_new())) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ a = p8->pkeyalg; -+ nid = OBJ_obj2nid(a->algorithm); -+ switch (nid) { - #ifndef OPENSSL_NO_RSA -- case NID_rsaEncryption: -- cp = p; -- if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- return NULL; -- } -- EVP_PKEY_assign_RSA (pkey, rsa); -- break; -+ case NID_rsaEncryption: -+ cp = p; -+ if (!(rsa = d2i_RSAPrivateKey(NULL, &cp, pkeylen))) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ return NULL; -+ } -+ EVP_PKEY_assign_RSA(pkey, rsa); -+ break; - #endif - #ifndef OPENSSL_NO_DSA -- case NID_dsa: -- /* PKCS#8 DSA is weird: you just get a private key integer -- * and parameters in the AlgorithmIdentifier the pubkey must -- * be recalculated. -- */ -- -- /* Check for broken DSA PKCS#8, UGH! */ -- if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { -- if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, -- d2i_ASN1_TYPE, -- ASN1_TYPE_free))) { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto dsaerr; -- } -- if(sk_ASN1_TYPE_num(ndsa) != 2 ) { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto dsaerr; -- } -- /* Handle Two broken types: -- * SEQUENCE {parameters, priv_key} -- * SEQUENCE {pub_key, priv_key} -- */ -- -- t1 = sk_ASN1_TYPE_value(ndsa, 0); -- t2 = sk_ASN1_TYPE_value(ndsa, 1); -- if(t1->type == V_ASN1_SEQUENCE) { -- p8->broken = PKCS8_EMBEDDED_PARAM; -- param = t1; -- } else if(a->parameter->type == V_ASN1_SEQUENCE) { -- p8->broken = PKCS8_NS_DB; -- param = a->parameter; -- } else { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto dsaerr; -- } -- -- if(t2->type != V_ASN1_INTEGER) { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto dsaerr; -- } -- privkey = t2->value.integer; -- } else { -- if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto dsaerr; -- } -- param = p8->pkeyalg->parameter; -- } -- if (!param || (param->type != V_ASN1_SEQUENCE)) { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto dsaerr; -- } -- cp = p = param->value.sequence->data; -- plen = param->value.sequence->length; -- if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto dsaerr; -- } -- /* We have parameters now set private key */ -- if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { -- EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); -- goto dsaerr; -- } -- /* Calculate public key (ouch!) */ -- if (!(dsa->pub_key = BN_new())) { -- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); -- goto dsaerr; -- } -- if (!(ctx = BN_CTX_new())) { -- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); -- goto dsaerr; -- } -- -- if (!BN_mod_exp(dsa->pub_key, dsa->g, -- dsa->priv_key, dsa->p, ctx)) { -- -- EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); -- goto dsaerr; -- } -- -- EVP_PKEY_assign_DSA(pkey, dsa); -- BN_CTX_free (ctx); -- if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -- else ASN1_INTEGER_free(privkey); -- break; -- dsaerr: -- BN_CTX_free (ctx); -- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -- DSA_free(dsa); -- EVP_PKEY_free(pkey); -- return NULL; -- break; -+ case NID_dsa: -+ /* -+ * PKCS#8 DSA is weird: you just get a private key integer and -+ * parameters in the AlgorithmIdentifier the pubkey must be -+ * recalculated. -+ */ -+ -+ /* Check for broken DSA PKCS#8, UGH! */ -+ if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { -+ if (!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, -+ d2i_ASN1_TYPE, -+ ASN1_TYPE_free))) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto dsaerr; -+ } -+ if (sk_ASN1_TYPE_num(ndsa) != 2) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto dsaerr; -+ } -+ /* -+ * Handle Two broken types: SEQUENCE {parameters, priv_key} -+ * SEQUENCE {pub_key, priv_key} -+ */ -+ -+ t1 = sk_ASN1_TYPE_value(ndsa, 0); -+ t2 = sk_ASN1_TYPE_value(ndsa, 1); -+ if (t1->type == V_ASN1_SEQUENCE) { -+ p8->broken = PKCS8_EMBEDDED_PARAM; -+ param = t1; -+ } else if (a->parameter->type == V_ASN1_SEQUENCE) { -+ p8->broken = PKCS8_NS_DB; -+ param = a->parameter; -+ } else { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto dsaerr; -+ } -+ -+ if (t2->type != V_ASN1_INTEGER) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto dsaerr; -+ } -+ privkey = t2->value.integer; -+ } else { -+ if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pkeylen))) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto dsaerr; -+ } -+ param = p8->pkeyalg->parameter; -+ } -+ if (!param || (param->type != V_ASN1_SEQUENCE)) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto dsaerr; -+ } -+ cp = p = param->value.sequence->data; -+ plen = param->value.sequence->length; -+ if (!(dsa = d2i_DSAparams(NULL, &cp, plen))) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto dsaerr; -+ } -+ /* We have parameters now set private key */ -+ if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR); -+ goto dsaerr; -+ } -+ /* Calculate public key (ouch!) */ -+ if (!(dsa->pub_key = BN_new())) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); -+ goto dsaerr; -+ } -+ if (!(ctx = BN_CTX_new())) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); -+ goto dsaerr; -+ } -+ -+ if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { -+ -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_PUBKEY_ERROR); -+ goto dsaerr; -+ } -+ -+ EVP_PKEY_assign_DSA(pkey, dsa); -+ BN_CTX_free(ctx); -+ if (ndsa) -+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -+ else -+ ASN1_INTEGER_free(privkey); -+ break; -+ dsaerr: -+ BN_CTX_free(ctx); -+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -+ DSA_free(dsa); -+ EVP_PKEY_free(pkey); -+ return NULL; -+ break; - #endif - #ifndef OPENSSL_NO_EC -- case NID_X9_62_id_ecPublicKey: -- p_tmp = p; -- /* extract the ec parameters */ -- param = p8->pkeyalg->parameter; -- -- if (!param || ((param->type != V_ASN1_SEQUENCE) && -- (param->type != V_ASN1_OBJECT))) -- { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto ecerr; -- } -- -- if (param->type == V_ASN1_SEQUENCE) -- { -- cp = p = param->value.sequence->data; -- plen = param->value.sequence->length; -- -- if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) -- { -- EVPerr(EVP_F_EVP_PKCS82PKEY, -- EVP_R_DECODE_ERROR); -- goto ecerr; -- } -- } -- else -- { -- EC_GROUP *group; -- cp = p = param->value.object->data; -- plen = param->value.object->length; -- -- /* type == V_ASN1_OBJECT => the parameters are given -- * by an asn1 OID -- */ -- if ((eckey = EC_KEY_new()) == NULL) -- { -- EVPerr(EVP_F_EVP_PKCS82PKEY, -- ERR_R_MALLOC_FAILURE); -- goto ecerr; -- } -- group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); -- if (group == NULL) -- goto ecerr; -- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); -- if (EC_KEY_set_group(eckey, group) == 0) -- goto ecerr; -- EC_GROUP_free(group); -- } -- -- /* We have parameters now set private key */ -- if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) -- { -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -- goto ecerr; -- } -- -- /* calculate public key (if necessary) */ -- if (EC_KEY_get0_public_key(eckey) == NULL) -- { -- const BIGNUM *priv_key; -- const EC_GROUP *group; -- EC_POINT *pub_key; -- /* the public key was not included in the SEC1 private -- * key => calculate the public key */ -- group = EC_KEY_get0_group(eckey); -- pub_key = EC_POINT_new(group); -- if (pub_key == NULL) -- { -- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); -- goto ecerr; -- } -- if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) -- { -- EC_POINT_free(pub_key); -- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); -- goto ecerr; -- } -- priv_key = EC_KEY_get0_private_key(eckey); -- if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) -- { -- EC_POINT_free(pub_key); -- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); -- goto ecerr; -- } -- if (EC_KEY_set_public_key(eckey, pub_key) == 0) -- { -- EC_POINT_free(pub_key); -- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); -- goto ecerr; -- } -- EC_POINT_free(pub_key); -- } -- -- EVP_PKEY_assign_EC_KEY(pkey, eckey); -- if (ctx) -- BN_CTX_free(ctx); -- break; --ecerr: -- if (ctx) -- BN_CTX_free(ctx); -- if (eckey) -- EC_KEY_free(eckey); -- if (pkey) -- EVP_PKEY_free(pkey); -- return NULL; -+ case NID_X9_62_id_ecPublicKey: -+ p_tmp = p; -+ /* extract the ec parameters */ -+ param = p8->pkeyalg->parameter; -+ -+ if (!param || ((param->type != V_ASN1_SEQUENCE) && -+ (param->type != V_ASN1_OBJECT))) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto ecerr; -+ } -+ -+ if (param->type == V_ASN1_SEQUENCE) { -+ cp = p = param->value.sequence->data; -+ plen = param->value.sequence->length; -+ -+ if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto ecerr; -+ } -+ } else { -+ EC_GROUP *group; -+ cp = p = param->value.object->data; -+ plen = param->value.object->length; -+ -+ /* -+ * type == V_ASN1_OBJECT => the parameters are given by an asn1 -+ * OID -+ */ -+ if ((eckey = EC_KEY_new()) == NULL) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); -+ goto ecerr; -+ } -+ group = -+ EC_GROUP_new_by_curve_name(OBJ_obj2nid -+ (a->parameter->value.object)); -+ if (group == NULL) -+ goto ecerr; -+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); -+ if (EC_KEY_set_group(eckey, group) == 0) -+ goto ecerr; -+ EC_GROUP_free(group); -+ } -+ -+ /* We have parameters now set private key */ -+ if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); -+ goto ecerr; -+ } -+ -+ /* calculate public key (if necessary) */ -+ if (EC_KEY_get0_public_key(eckey) == NULL) { -+ const BIGNUM *priv_key; -+ const EC_GROUP *group; -+ EC_POINT *pub_key; -+ /* -+ * the public key was not included in the SEC1 private key => -+ * calculate the public key -+ */ -+ group = EC_KEY_get0_group(eckey); -+ pub_key = EC_POINT_new(group); -+ if (pub_key == NULL) { -+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); -+ goto ecerr; -+ } -+ if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { -+ EC_POINT_free(pub_key); -+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); -+ goto ecerr; -+ } -+ priv_key = EC_KEY_get0_private_key(eckey); -+ if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { -+ EC_POINT_free(pub_key); -+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); -+ goto ecerr; -+ } -+ if (EC_KEY_set_public_key(eckey, pub_key) == 0) { -+ EC_POINT_free(pub_key); -+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); -+ goto ecerr; -+ } -+ EC_POINT_free(pub_key); -+ } -+ -+ EVP_PKEY_assign_EC_KEY(pkey, eckey); -+ if (ctx) -+ BN_CTX_free(ctx); -+ break; -+ ecerr: -+ if (ctx) -+ BN_CTX_free(ctx); -+ if (eckey) -+ EC_KEY_free(eckey); -+ if (pkey) -+ EVP_PKEY_free(pkey); -+ return NULL; - #endif -- default: -- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); -- if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); -- else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); -- ERR_add_error_data(2, "TYPE=", obj_tmp); -- EVP_PKEY_free (pkey); -- return NULL; -- } -- return pkey; -+ default: -+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); -+ if (!a->algorithm) -+ BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); -+ else -+ i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); -+ ERR_add_error_data(2, "TYPE=", obj_tmp); -+ EVP_PKEY_free(pkey); -+ return NULL; -+ } -+ return pkey; - } - - PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) - { -- return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); -+ return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); - } - - /* Turn a private key into a PKCS8 structure */ - - PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) - { -- PKCS8_PRIV_KEY_INFO *p8; -- -- if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { -- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- p8->broken = broken; -- if (!ASN1_INTEGER_set(p8->version, 0)) { -- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); -- PKCS8_PRIV_KEY_INFO_free (p8); -- return NULL; -- } -- if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { -- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); -- PKCS8_PRIV_KEY_INFO_free (p8); -- return NULL; -- } -- p8->pkey->type = V_ASN1_OCTET_STRING; -- switch (EVP_PKEY_type(pkey->type)) { -+ PKCS8_PRIV_KEY_INFO *p8; -+ -+ if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ p8->broken = broken; -+ if (!ASN1_INTEGER_set(p8->version, 0)) { -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); -+ PKCS8_PRIV_KEY_INFO_free(p8); -+ return NULL; -+ } -+ if (!(p8->pkeyalg->parameter = ASN1_TYPE_new())) { -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); -+ PKCS8_PRIV_KEY_INFO_free(p8); -+ return NULL; -+ } -+ p8->pkey->type = V_ASN1_OCTET_STRING; -+ switch (EVP_PKEY_type(pkey->type)) { - #ifndef OPENSSL_NO_RSA -- case EVP_PKEY_RSA: -- -- if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE; -- -- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); -- p8->pkeyalg->parameter->type = V_ASN1_NULL; -- if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, -- &p8->pkey->value.octet_string)) { -- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); -- PKCS8_PRIV_KEY_INFO_free (p8); -- return NULL; -- } -- break; -+ case EVP_PKEY_RSA: -+ -+ if (p8->broken == PKCS8_NO_OCTET) -+ p8->pkey->type = V_ASN1_SEQUENCE; -+ -+ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); -+ p8->pkeyalg->parameter->type = V_ASN1_NULL; -+ if (!ASN1_pack_string_of(EVP_PKEY, pkey, i2d_PrivateKey, -+ &p8->pkey->value.octet_string)) { -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); -+ PKCS8_PRIV_KEY_INFO_free(p8); -+ return NULL; -+ } -+ break; - #endif - #ifndef OPENSSL_NO_DSA -- case EVP_PKEY_DSA: -- if(!dsa_pkey2pkcs8(p8, pkey)) { -- PKCS8_PRIV_KEY_INFO_free (p8); -- return NULL; -- } -+ case EVP_PKEY_DSA: -+ if (!dsa_pkey2pkcs8(p8, pkey)) { -+ PKCS8_PRIV_KEY_INFO_free(p8); -+ return NULL; -+ } - -- break; -+ break; - #endif - #ifndef OPENSSL_NO_EC -- case EVP_PKEY_EC: -- if (!eckey_pkey2pkcs8(p8, pkey)) -- { -- PKCS8_PRIV_KEY_INFO_free(p8); -- return(NULL); -- } -- break; -+ case EVP_PKEY_EC: -+ if (!eckey_pkey2pkcs8(p8, pkey)) { -+ PKCS8_PRIV_KEY_INFO_free(p8); -+ return (NULL); -+ } -+ break; - #endif -- default: -- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); -- PKCS8_PRIV_KEY_INFO_free (p8); -- return NULL; -- } -- RAND_add(p8->pkey->value.octet_string->data, -- p8->pkey->value.octet_string->length, 0.0); -- return p8; -+ default: -+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, -+ EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); -+ PKCS8_PRIV_KEY_INFO_free(p8); -+ return NULL; -+ } -+ RAND_add(p8->pkey->value.octet_string->data, -+ p8->pkey->value.octet_string->length, 0.0); -+ return p8; - } - - PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) - { -- switch (broken) { -- -- case PKCS8_OK: -- p8->broken = PKCS8_OK; -- return p8; -- break; -- -- case PKCS8_NO_OCTET: -- p8->broken = PKCS8_NO_OCTET; -- p8->pkey->type = V_ASN1_SEQUENCE; -- return p8; -- break; -- -- default: -- EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); -- return NULL; -- } -+ switch (broken) { -+ -+ case PKCS8_OK: -+ p8->broken = PKCS8_OK; -+ return p8; -+ break; -+ -+ case PKCS8_NO_OCTET: -+ p8->broken = PKCS8_NO_OCTET; -+ p8->pkey->type = V_ASN1_SEQUENCE; -+ return p8; -+ break; -+ -+ default: -+ EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); -+ return NULL; -+ } - } - - #ifndef OPENSSL_NO_DSA - static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) - { -- ASN1_STRING *params = NULL; -- ASN1_INTEGER *prkey = NULL; -- ASN1_TYPE *ttmp = NULL; -- STACK_OF(ASN1_TYPE) *ndsa = NULL; -- unsigned char *p = NULL, *q; -- int len; -- -- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); -- len = i2d_DSAparams (pkey->pkey.dsa, NULL); -- if (!(p = OPENSSL_malloc(len))) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- q = p; -- i2d_DSAparams (pkey->pkey.dsa, &q); -- if (!(params = ASN1_STRING_new())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!ASN1_STRING_set(params, p, len)) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- OPENSSL_free(p); -- p = NULL; -- /* Get private key into integer */ -- if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); -- goto err; -- } -- -- switch(p8->broken) { -- -- case PKCS8_OK: -- case PKCS8_NO_OCTET: -- -- if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, -- &p8->pkey->value.octet_string)) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- M_ASN1_INTEGER_free (prkey); -- prkey = NULL; -- p8->pkeyalg->parameter->value.sequence = params; -- params = NULL; -- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; -- -- break; -- -- case PKCS8_NS_DB: -- -- p8->pkeyalg->parameter->value.sequence = params; -- params = NULL; -- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; -- if (!(ndsa = sk_ASN1_TYPE_new_null())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!(ttmp = ASN1_TYPE_new())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!(ttmp->value.integer = -- BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); -- goto err; -- } -- ttmp->type = V_ASN1_INTEGER; -- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!(ttmp = ASN1_TYPE_new())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ttmp->value.integer = prkey; -- prkey = NULL; -- ttmp->type = V_ASN1_INTEGER; -- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ttmp = NULL; -- -- if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, -- &p8->pkey->value.octet_string->data, -- &p8->pkey->value.octet_string->length)) { -- -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -- break; -- -- case PKCS8_EMBEDDED_PARAM: -- -- p8->pkeyalg->parameter->type = V_ASN1_NULL; -- if (!(ndsa = sk_ASN1_TYPE_new_null())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!(ttmp = ASN1_TYPE_new())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ttmp->value.sequence = params; -- params = NULL; -- ttmp->type = V_ASN1_SEQUENCE; -- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!(ttmp = ASN1_TYPE_new())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ttmp->value.integer = prkey; -- prkey = NULL; -- ttmp->type = V_ASN1_INTEGER; -- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ttmp = NULL; -- -- if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, -- &p8->pkey->value.octet_string->data, -- &p8->pkey->value.octet_string->length)) { -- -- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -- break; -- } -- return 1; --err: -- if (p != NULL) OPENSSL_free(p); -- if (params != NULL) ASN1_STRING_free(params); -- if (prkey != NULL) M_ASN1_INTEGER_free(prkey); -- if (ttmp != NULL) ASN1_TYPE_free(ttmp); -- if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -- return 0; -+ ASN1_STRING *params = NULL; -+ ASN1_INTEGER *prkey = NULL; -+ ASN1_TYPE *ttmp = NULL; -+ STACK_OF(ASN1_TYPE) *ndsa = NULL; -+ unsigned char *p = NULL, *q; -+ int len; -+ -+ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); -+ len = i2d_DSAparams(pkey->pkey.dsa, NULL); -+ if (!(p = OPENSSL_malloc(len))) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ q = p; -+ i2d_DSAparams(pkey->pkey.dsa, &q); -+ if (!(params = ASN1_STRING_new())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!ASN1_STRING_set(params, p, len)) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ OPENSSL_free(p); -+ p = NULL; -+ /* Get private key into integer */ -+ if (!(prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL))) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR); -+ goto err; -+ } -+ -+ switch (p8->broken) { -+ -+ case PKCS8_OK: -+ case PKCS8_NO_OCTET: -+ -+ if (!ASN1_pack_string_of(ASN1_INTEGER, prkey, i2d_ASN1_INTEGER, -+ &p8->pkey->value.octet_string)) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ M_ASN1_INTEGER_free(prkey); -+ prkey = NULL; -+ p8->pkeyalg->parameter->value.sequence = params; -+ params = NULL; -+ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; -+ -+ break; -+ -+ case PKCS8_NS_DB: -+ -+ p8->pkeyalg->parameter->value.sequence = params; -+ params = NULL; -+ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; -+ if (!(ndsa = sk_ASN1_TYPE_new_null())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!(ttmp = ASN1_TYPE_new())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!(ttmp->value.integer = -+ BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR); -+ goto err; -+ } -+ ttmp->type = V_ASN1_INTEGER; -+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!(ttmp = ASN1_TYPE_new())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ttmp->value.integer = prkey; -+ prkey = NULL; -+ ttmp->type = V_ASN1_INTEGER; -+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ttmp = NULL; -+ -+ if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, -+ &p8->pkey->value.octet_string->data, -+ &p8->pkey->value.octet_string->length)) { -+ -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -+ break; -+ -+ case PKCS8_EMBEDDED_PARAM: -+ -+ p8->pkeyalg->parameter->type = V_ASN1_NULL; -+ if (!(ndsa = sk_ASN1_TYPE_new_null())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!(ttmp = ASN1_TYPE_new())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ttmp->value.sequence = params; -+ params = NULL; -+ ttmp->type = V_ASN1_SEQUENCE; -+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!(ttmp = ASN1_TYPE_new())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ttmp->value.integer = prkey; -+ prkey = NULL; -+ ttmp->type = V_ASN1_INTEGER; -+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ttmp = NULL; -+ -+ if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, -+ &p8->pkey->value.octet_string->data, -+ &p8->pkey->value.octet_string->length)) { -+ -+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -+ break; -+ } -+ return 1; -+ err: -+ if (p != NULL) -+ OPENSSL_free(p); -+ if (params != NULL) -+ ASN1_STRING_free(params); -+ if (prkey != NULL) -+ M_ASN1_INTEGER_free(prkey); -+ if (ttmp != NULL) -+ ASN1_TYPE_free(ttmp); -+ if (ndsa != NULL) -+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); -+ return 0; - } - #endif - - #ifndef OPENSSL_NO_EC - static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) - { -- EC_KEY *ec_key; -- const EC_GROUP *group; -- unsigned char *p, *pp; -- int nid, i, ret = 0; -- unsigned int tmp_flags, old_flags; -- -- ec_key = pkey->pkey.ec; -- if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) -- { -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); -- return 0; -- } -- -- /* set the ec parameters OID */ -- if (p8->pkeyalg->algorithm) -- ASN1_OBJECT_free(p8->pkeyalg->algorithm); -- -- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); -- -- /* set the ec parameters */ -- -- if (p8->pkeyalg->parameter) -- { -- ASN1_TYPE_free(p8->pkeyalg->parameter); -- p8->pkeyalg->parameter = NULL; -- } -- -- if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) -- { -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- if (EC_GROUP_get_asn1_flag(group) -- && (nid = EC_GROUP_get_curve_name(group))) -- { -- /* we have a 'named curve' => just set the OID */ -- p8->pkeyalg->parameter->type = V_ASN1_OBJECT; -- p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); -- } -- else /* explicit parameters */ -- { -- if ((i = i2d_ECParameters(ec_key, NULL)) == 0) -- { -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); -- return 0; -- } -- if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) -- { -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- pp = p; -- if (!i2d_ECParameters(ec_key, &pp)) -- { -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); -- OPENSSL_free(p); -- return 0; -- } -- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; -- if ((p8->pkeyalg->parameter->value.sequence -- = ASN1_STRING_new()) == NULL) -- { -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); -- OPENSSL_free(p); -- return 0; -- } -- ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); -- OPENSSL_free(p); -- } -- -- /* set the private key */ -- -- /* do not include the parameters in the SEC1 private key -- * see PKCS#11 12.11 */ -- old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); -- tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; -- EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); -- i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); -- if (!i) -- { -- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); -- return 0; -- } -- p = (unsigned char *) OPENSSL_malloc(i); -- if (!p) -- { -- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- pp = p; -- if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) -- { -- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); -- OPENSSL_free(p); -- return 0; -- } -- /* restore old encoding flags */ -- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); -- -- switch(p8->broken) { -- -- case PKCS8_OK: -- p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); -- if (!p8->pkey->value.octet_string || -- !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, -- (const void *)p, i)) -- -- { -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -- } -- else -- ret = 1; -- break; -- case PKCS8_NO_OCTET: /* RSA specific */ -- case PKCS8_NS_DB: /* DSA specific */ -- case PKCS8_EMBEDDED_PARAM: /* DSA specific */ -- default: -- EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); -- } -- OPENSSL_cleanse(p, (size_t)i); -- OPENSSL_free(p); -- return ret; -+ EC_KEY *ec_key; -+ const EC_GROUP *group; -+ unsigned char *p, *pp; -+ int nid, i, ret = 0; -+ unsigned int tmp_flags, old_flags; -+ -+ ec_key = pkey->pkey.ec; -+ if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); -+ return 0; -+ } -+ -+ /* set the ec parameters OID */ -+ if (p8->pkeyalg->algorithm) -+ ASN1_OBJECT_free(p8->pkeyalg->algorithm); -+ -+ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); -+ -+ /* set the ec parameters */ -+ -+ if (p8->pkeyalg->parameter) { -+ ASN1_TYPE_free(p8->pkeyalg->parameter); -+ p8->pkeyalg->parameter = NULL; -+ } -+ -+ if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) { -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ if (EC_GROUP_get_asn1_flag(group) -+ && (nid = EC_GROUP_get_curve_name(group))) { -+ /* we have a 'named curve' => just set the OID */ -+ p8->pkeyalg->parameter->type = V_ASN1_OBJECT; -+ p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); -+ } else { /* explicit parameters */ -+ -+ if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); -+ return 0; -+ } -+ if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) { -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ pp = p; -+ if (!i2d_ECParameters(ec_key, &pp)) { -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); -+ OPENSSL_free(p); -+ return 0; -+ } -+ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; -+ if ((p8->pkeyalg->parameter->value.sequence -+ = ASN1_STRING_new()) == NULL) { -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); -+ OPENSSL_free(p); -+ return 0; -+ } -+ ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); -+ OPENSSL_free(p); -+ } -+ -+ /* set the private key */ -+ -+ /* -+ * do not include the parameters in the SEC1 private key see PKCS#11 -+ * 12.11 -+ */ -+ old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); -+ tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; -+ EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); -+ i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); -+ if (!i) { -+ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); -+ return 0; -+ } -+ p = (unsigned char *)OPENSSL_malloc(i); -+ if (!p) { -+ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ pp = p; -+ if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) { -+ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); -+ OPENSSL_free(p); -+ return 0; -+ } -+ /* restore old encoding flags */ -+ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); -+ -+ switch (p8->broken) { -+ -+ case PKCS8_OK: -+ p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); -+ if (!p8->pkey->value.octet_string || -+ !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, -+ (const void *)p, i)) { -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); -+ } else -+ ret = 1; -+ break; -+ case PKCS8_NO_OCTET: /* RSA specific */ -+ case PKCS8_NS_DB: /* DSA specific */ -+ case PKCS8_EMBEDDED_PARAM: /* DSA specific */ -+ default: -+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_ENCODE_ERROR); -+ } -+ OPENSSL_cleanse(p, (size_t)i); -+ OPENSSL_free(p); -+ return ret; - } - #endif - -@@ -735,60 +723,60 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) - - int EVP_PKEY_get_attr_count(const EVP_PKEY *key) - { -- return X509at_get_attr_count(key->attributes); -+ return X509at_get_attr_count(key->attributes); - } - --int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, -- int lastpos) -+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) - { -- return X509at_get_attr_by_NID(key->attributes, nid, lastpos); -+ return X509at_get_attr_by_NID(key->attributes, nid, lastpos); - } - - int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, -- int lastpos) -+ int lastpos) - { -- return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); -+ return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); - } - - X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) - { -- return X509at_get_attr(key->attributes, loc); -+ return X509at_get_attr(key->attributes, loc); - } - - X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) - { -- return X509at_delete_attr(key->attributes, loc); -+ return X509at_delete_attr(key->attributes, loc); - } - - int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) - { -- if(X509at_add1_attr(&key->attributes, attr)) return 1; -- return 0; -+ if (X509at_add1_attr(&key->attributes, attr)) -+ return 1; -+ return 0; - } - - int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, -- const ASN1_OBJECT *obj, int type, -- const unsigned char *bytes, int len) -+ const ASN1_OBJECT *obj, int type, -+ const unsigned char *bytes, int len) - { -- if(X509at_add1_attr_by_OBJ(&key->attributes, obj, -- type, bytes, len)) return 1; -- return 0; -+ if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len)) -+ return 1; -+ return 0; - } - - int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, -- int nid, int type, -- const unsigned char *bytes, int len) -+ int nid, int type, -+ const unsigned char *bytes, int len) - { -- if(X509at_add1_attr_by_NID(&key->attributes, nid, -- type, bytes, len)) return 1; -- return 0; -+ if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len)) -+ return 1; -+ return 0; - } - - int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, -- const char *attrname, int type, -- const unsigned char *bytes, int len) -+ const char *attrname, int type, -+ const unsigned char *bytes, int len) - { -- if(X509at_add1_attr_by_txt(&key->attributes, attrname, -- type, bytes, len)) return 1; -- return 0; -+ if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len)) -+ return 1; -+ return 0; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c -index 6b0c0aa..24c852d 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_dss.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_dss.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,38 +62,43 @@ - #include - #include - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - - #ifndef OPENSSL_NO_SHA - - static int init(EVP_MD_CTX *ctx) -- { return SHA1_Init(ctx->md_data); } -+{ -+ return SHA1_Init(ctx->md_data); -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return SHA1_Update(ctx->md_data,data,count); } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA1_Update(ctx->md_data, data, count); -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return SHA1_Final(md,ctx->md_data); } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA1_Final(md, ctx->md_data); -+} - --static const EVP_MD dsa_md= -- { -- NID_dsaWithSHA, -- NID_dsaWithSHA, -- SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_FIPS, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_DSA_method, -- SHA_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA_CTX), -- }; -+static const EVP_MD dsa_md = { -+ NID_dsaWithSHA, -+ NID_dsaWithSHA, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_FIPS, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_DSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; - - const EVP_MD *EVP_dss(void) -- { -- return(&dsa_md); -- } -+{ -+ return (&dsa_md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c -index da8babc..137eb36 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,43 +61,48 @@ - - #ifndef OPENSSL_NO_SHA - --#include --#include --#include --#ifndef OPENSSL_NO_DSA --#include --#endif -+# include -+# include -+# include -+# ifndef OPENSSL_NO_DSA -+# include -+# endif - --#ifndef OPENSSL_FIPS -+# ifndef OPENSSL_FIPS - - static int init(EVP_MD_CTX *ctx) -- { return SHA1_Init(ctx->md_data); } -+{ -+ return SHA1_Init(ctx->md_data); -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return SHA1_Update(ctx->md_data,data,count); } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA1_Update(ctx->md_data, data, count); -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return SHA1_Final(md,ctx->md_data); } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA1_Final(md, ctx->md_data); -+} - --static const EVP_MD dss1_md= -- { -- NID_dsa, -- NID_dsaWithSHA1, -- SHA_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_DSA_method, -- SHA_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA_CTX), -- }; -+static const EVP_MD dss1_md = { -+ NID_dsa, -+ NID_dsaWithSHA1, -+ SHA_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_DSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; - - const EVP_MD *EVP_dss1(void) -- { -- return(&dss1_md); -- } --#endif -+{ -+ return (&dss1_md); -+} -+# endif - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c -index fad270f..aef84c2 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,21 +58,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -87,10 +87,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -102,7 +102,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -117,32 +117,37 @@ - - #ifndef OPENSSL_NO_SHA - static int init(EVP_MD_CTX *ctx) -- { return SHA1_Init(ctx->md_data); } -+{ -+ return SHA1_Init(ctx->md_data); -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return SHA1_Update(ctx->md_data,data,count); } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA1_Update(ctx->md_data, data, count); -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return SHA1_Final(md,ctx->md_data); } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA1_Final(md, ctx->md_data); -+} - --static const EVP_MD ecdsa_md= -- { -- NID_ecdsa_with_SHA1, -- NID_ecdsa_with_SHA1, -- SHA_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_ECDSA_method, -- SHA_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA_CTX), -- }; -+static const EVP_MD ecdsa_md = { -+ NID_ecdsa_with_SHA1, -+ NID_ecdsa_with_SHA1, -+ SHA_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_ECDSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; - - const EVP_MD *EVP_ecdsa(void) -- { -- return(&ecdsa_md); -- } -+{ -+ return (&ecdsa_md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c -index 8eee623..7c6efd1 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_md2.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_md2.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,41 +62,46 @@ - - #ifndef OPENSSL_NO_MD2 - --#include --#include --#include --#include --#ifndef OPENSSL_NO_RSA --#include --#endif -+# include -+# include -+# include -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif - - static int init(EVP_MD_CTX *ctx) -- { return MD2_Init(ctx->md_data); } -+{ -+ return MD2_Init(ctx->md_data); -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return MD2_Update(ctx->md_data,data,count); } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return MD2_Update(ctx->md_data, data, count); -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return MD2_Final(md,ctx->md_data); } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return MD2_Final(md, ctx->md_data); -+} - --static const EVP_MD md2_md= -- { -- NID_md2, -- NID_md2WithRSAEncryption, -- MD2_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- MD2_BLOCK, -- sizeof(EVP_MD *)+sizeof(MD2_CTX), -- }; -+static const EVP_MD md2_md = { -+ NID_md2, -+ NID_md2WithRSAEncryption, -+ MD2_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ MD2_BLOCK, -+ sizeof(EVP_MD *) + sizeof(MD2_CTX), -+}; - - const EVP_MD *EVP_md2(void) -- { -- return(&md2_md); -- } -+{ -+ return (&md2_md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c -index 5cd2ab5..01a05ad 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_md4.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_md4.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,41 +62,46 @@ - - #ifndef OPENSSL_NO_MD4 - --#include --#include --#include --#include --#ifndef OPENSSL_NO_RSA --#include --#endif -+# include -+# include -+# include -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif - - static int init(EVP_MD_CTX *ctx) -- { return MD4_Init(ctx->md_data); } -+{ -+ return MD4_Init(ctx->md_data); -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return MD4_Update(ctx->md_data,data,count); } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return MD4_Update(ctx->md_data, data, count); -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return MD4_Final(md,ctx->md_data); } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return MD4_Final(md, ctx->md_data); -+} - --static const EVP_MD md4_md= -- { -- NID_md4, -- NID_md4WithRSAEncryption, -- MD4_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- MD4_CBLOCK, -- sizeof(EVP_MD *)+sizeof(MD4_CTX), -- }; -+static const EVP_MD md4_md = { -+ NID_md4, -+ NID_md4WithRSAEncryption, -+ MD4_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ MD4_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(MD4_CTX), -+}; - - const EVP_MD *EVP_md4(void) -- { -- return(&md4_md); -- } -+{ -+ return (&md4_md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c -index 6455829..5aabcb7 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_md5.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_md5.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,42 +61,47 @@ - - #ifndef OPENSSL_NO_MD5 - --#include --#include "evp_locl.h" --#include --#include --#include --#ifndef OPENSSL_NO_RSA --#include --#endif -+# include -+# include "evp_locl.h" -+# include -+# include -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif - - static int init(EVP_MD_CTX *ctx) -- { return MD5_Init(ctx->md_data); } -+{ -+ return MD5_Init(ctx->md_data); -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return MD5_Update(ctx->md_data,data,count); } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return MD5_Update(ctx->md_data, data, count); -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return MD5_Final(md,ctx->md_data); } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return MD5_Final(md, ctx->md_data); -+} - --static const EVP_MD md5_md= -- { -- NID_md5, -- NID_md5WithRSAEncryption, -- MD5_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- MD5_CBLOCK, -- sizeof(EVP_MD *)+sizeof(MD5_CTX), -- }; -+static const EVP_MD md5_md = { -+ NID_md5, -+ NID_md5WithRSAEncryption, -+ MD5_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ MD5_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(MD5_CTX), -+}; - - const EVP_MD *EVP_md5(void) -- { -- return(&md5_md); -- } -+{ -+ return (&md5_md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c -index cb07216..017e1fe 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_null.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_null.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,33 +63,36 @@ - #include - - static int init(EVP_MD_CTX *ctx) -- { return 1; } -+{ -+ return 1; -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return 1; } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return 1; -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return 1; } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return 1; -+} - --static const EVP_MD null_md= -- { -- NID_undef, -- NID_undef, -- 0, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_NULL_method, -- 0, -- sizeof(EVP_MD *), -- }; -+static const EVP_MD null_md = { -+ NID_undef, -+ NID_undef, -+ 0, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_NULL_method, -+ 0, -+ sizeof(EVP_MD *), -+}; - - const EVP_MD *EVP_md_null(void) -- { -- return(&null_md); -- } -- -- -+{ -+ return (&null_md); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c -index a1d60ee..979f77c 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,41 +61,46 @@ - - #ifndef OPENSSL_NO_RIPEMD - --#include --#include --#include --#include --#ifndef OPENSSL_NO_RSA --#include --#endif -+# include -+# include -+# include -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif - - static int init(EVP_MD_CTX *ctx) -- { return RIPEMD160_Init(ctx->md_data); } -+{ -+ return RIPEMD160_Init(ctx->md_data); -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return RIPEMD160_Update(ctx->md_data,data,count); } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return RIPEMD160_Update(ctx->md_data, data, count); -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return RIPEMD160_Final(md,ctx->md_data); } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return RIPEMD160_Final(md, ctx->md_data); -+} - --static const EVP_MD ripemd160_md= -- { -- NID_ripemd160, -- NID_ripemd160WithRSA, -- RIPEMD160_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- RIPEMD160_CBLOCK, -- sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX), -- }; -+static const EVP_MD ripemd160_md = { -+ NID_ripemd160, -+ NID_ripemd160WithRSA, -+ RIPEMD160_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ RIPEMD160_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), -+}; - - const EVP_MD *EVP_ripemd160(void) -- { -- return(&ripemd160_md); -- } -+{ -+ return (&ripemd160_md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c -index 3f30dfc..918ca5e 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_sha.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_sha.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,40 +62,45 @@ - - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) - --#include --#include --#include --#ifndef OPENSSL_NO_RSA --#include --#endif -+# include -+# include -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif - - static int init(EVP_MD_CTX *ctx) -- { return SHA_Init(ctx->md_data); } -+{ -+ return SHA_Init(ctx->md_data); -+} - --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return SHA_Update(ctx->md_data,data,count); } -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA_Update(ctx->md_data, data, count); -+} - --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return SHA_Final(md,ctx->md_data); } -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA_Final(md, ctx->md_data); -+} - --static const EVP_MD sha_md= -- { -- NID_sha, -- NID_shaWithRSAEncryption, -- SHA_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- SHA_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA_CTX), -- }; -+static const EVP_MD sha_md = { -+ NID_sha, -+ NID_shaWithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; - - const EVP_MD *EVP_sha(void) -- { -- return(&sha_md); -- } -+{ -+ return (&sha_md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c -index 471ec30..4b10769 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c -+++ b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,149 +61,180 @@ - - #ifndef OPENSSL_NO_SHA - --#include --#include --#include --#ifndef OPENSSL_NO_RSA --#include --#endif -+# include -+# include -+# include -+# ifndef OPENSSL_NO_RSA -+# include -+# endif - --#ifndef OPENSSL_FIPS -+# ifndef OPENSSL_FIPS - - static int init(EVP_MD_CTX *ctx) -- { return SHA1_Init(ctx->md_data); } -- --static int update(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return SHA1_Update(ctx->md_data,data,count); } -- --static int final(EVP_MD_CTX *ctx,unsigned char *md) -- { return SHA1_Final(md,ctx->md_data); } -- --static const EVP_MD sha1_md= -- { -- NID_sha1, -- NID_sha1WithRSAEncryption, -- SHA_DIGEST_LENGTH, -- 0, -- init, -- update, -- final, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- SHA_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA_CTX), -- }; -+{ -+ return SHA1_Init(ctx->md_data); -+} -+ -+static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA1_Update(ctx->md_data, data, count); -+} -+ -+static int final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA1_Final(md, ctx->md_data); -+} -+ -+static const EVP_MD sha1_md = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ 0, -+ init, -+ update, -+ final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA_CTX), -+}; - - const EVP_MD *EVP_sha1(void) -- { -- return(&sha1_md); -- } -+{ -+ return (&sha1_md); -+} - --#ifndef OPENSSL_NO_SHA256 -+# ifndef OPENSSL_NO_SHA256 - static int init224(EVP_MD_CTX *ctx) -- { return SHA224_Init(ctx->md_data); } -+{ -+ return SHA224_Init(ctx->md_data); -+} -+ - static int init256(EVP_MD_CTX *ctx) -- { return SHA256_Init(ctx->md_data); } -+{ -+ return SHA256_Init(ctx->md_data); -+} -+ - /* - * Even though there're separate SHA224_[Update|Final], we call - * SHA256 functions even in SHA224 context. This is what happens - * there anyway, so we can spare few CPU cycles:-) - */ --static int update256(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return SHA256_Update(ctx->md_data,data,count); } --static int final256(EVP_MD_CTX *ctx,unsigned char *md) -- { return SHA256_Final(md,ctx->md_data); } -- --static const EVP_MD sha224_md= -- { -- NID_sha224, -- NID_sha224WithRSAEncryption, -- SHA224_DIGEST_LENGTH, -- 0, -- init224, -- update256, -- final256, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- SHA256_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA256_CTX), -- }; -+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA256_Update(ctx->md_data, data, count); -+} -+ -+static int final256(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA256_Final(md, ctx->md_data); -+} -+ -+static const EVP_MD sha224_md = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+ 0, -+ init224, -+ update256, -+ final256, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA256_CTX), -+}; - - const EVP_MD *EVP_sha224(void) -- { return(&sha224_md); } -- --static const EVP_MD sha256_md= -- { -- NID_sha256, -- NID_sha256WithRSAEncryption, -- SHA256_DIGEST_LENGTH, -- 0, -- init256, -- update256, -- final256, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- SHA256_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA256_CTX), -- }; -+{ -+ return (&sha224_md); -+} -+ -+static const EVP_MD sha256_md = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ 0, -+ init256, -+ update256, -+ final256, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA256_CTX), -+}; - - const EVP_MD *EVP_sha256(void) -- { return(&sha256_md); } --#endif /* ifndef OPENSSL_NO_SHA256 */ -+{ -+ return (&sha256_md); -+} -+# endif /* ifndef OPENSSL_NO_SHA256 */ - --#ifndef OPENSSL_NO_SHA512 -+# ifndef OPENSSL_NO_SHA512 - static int init384(EVP_MD_CTX *ctx) -- { return SHA384_Init(ctx->md_data); } -+{ -+ return SHA384_Init(ctx->md_data); -+} -+ - static int init512(EVP_MD_CTX *ctx) -- { return SHA512_Init(ctx->md_data); } -+{ -+ return SHA512_Init(ctx->md_data); -+} -+ - /* See comment in SHA224/256 section */ --static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) -- { return SHA512_Update(ctx->md_data,data,count); } --static int final512(EVP_MD_CTX *ctx,unsigned char *md) -- { return SHA512_Final(md,ctx->md_data); } -- --static const EVP_MD sha384_md= -- { -- NID_sha384, -- NID_sha384WithRSAEncryption, -- SHA384_DIGEST_LENGTH, -- 0, -- init384, -- update512, -- final512, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- SHA512_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA512_CTX), -- }; -+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ return SHA512_Update(ctx->md_data, data, count); -+} -+ -+static int final512(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ return SHA512_Final(md, ctx->md_data); -+} -+ -+static const EVP_MD sha384_md = { -+ NID_sha384, -+ NID_sha384WithRSAEncryption, -+ SHA384_DIGEST_LENGTH, -+ 0, -+ init384, -+ update512, -+ final512, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA512_CTX), -+}; - - const EVP_MD *EVP_sha384(void) -- { return(&sha384_md); } -- --static const EVP_MD sha512_md= -- { -- NID_sha512, -- NID_sha512WithRSAEncryption, -- SHA512_DIGEST_LENGTH, -- 0, -- init512, -- update512, -- final512, -- NULL, -- NULL, -- EVP_PKEY_RSA_method, -- SHA512_CBLOCK, -- sizeof(EVP_MD *)+sizeof(SHA512_CTX), -- }; -+{ -+ return (&sha384_md); -+} -+ -+static const EVP_MD sha512_md = { -+ NID_sha512, -+ NID_sha512WithRSAEncryption, -+ SHA512_DIGEST_LENGTH, -+ 0, -+ init512, -+ update512, -+ final512, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(SHA512_CTX), -+}; - - const EVP_MD *EVP_sha512(void) -- { return(&sha512_md); } --#endif /* ifndef OPENSSL_NO_SHA512 */ -+{ -+ return (&sha512_md); -+} -+# endif /* ifndef OPENSSL_NO_SHA512 */ - --#endif -+# endif - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c -index 945879d..d05c000 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/names.c -+++ b/Cryptlib/OpenSSL/crypto/evp/names.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,68 +63,76 @@ - #include - - int EVP_add_cipher(const EVP_CIPHER *c) -- { -- int r; -+{ -+ int r; - - #ifdef OPENSSL_FIPS -- OPENSSL_init(); -+ OPENSSL_init(); - #endif - -- r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); -- if (r == 0) return(0); -- r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); -- return(r); -- } -+ r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, -+ (const char *)c); -+ if (r == 0) -+ return (0); -+ r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, -+ (const char *)c); -+ return (r); -+} - - int EVP_add_digest(const EVP_MD *md) -- { -- int r; -- const char *name; -+{ -+ int r; -+ const char *name; - - #ifdef OPENSSL_FIPS -- OPENSSL_init(); -+ OPENSSL_init(); - #endif -- name=OBJ_nid2sn(md->type); -- r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); -- if (r == 0) return(0); -- r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); -- if (r == 0) return(0); -+ name = OBJ_nid2sn(md->type); -+ r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); -+ if (r == 0) -+ return (0); -+ r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, -+ (const char *)md); -+ if (r == 0) -+ return (0); - -- if (md->pkey_type && md->type != md->pkey_type) -- { -- r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), -- OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); -- if (r == 0) return(0); -- r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), -- OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); -- } -- return(r); -- } -+ if (md->pkey_type && md->type != md->pkey_type) { -+ r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), -+ OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); -+ if (r == 0) -+ return (0); -+ r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), -+ OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); -+ } -+ return (r); -+} - - const EVP_CIPHER *EVP_get_cipherbyname(const char *name) -- { -- const EVP_CIPHER *cp; -+{ -+ const EVP_CIPHER *cp; - -- cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH); -- return(cp); -- } -+ cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); -+ return (cp); -+} - - const EVP_MD *EVP_get_digestbyname(const char *name) -- { -- const EVP_MD *cp; -+{ -+ const EVP_MD *cp; - -- cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH); -- return(cp); -- } -+ cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); -+ return (cp); -+} - - void EVP_cleanup(void) -- { -- OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); -- OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); -- /* The above calls will only clean out the contents of the name -- hash table, but not the hash table itself. The following line -- does that part. -- Richard Levitte */ -- OBJ_NAME_cleanup(-1); -+{ -+ OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); -+ OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); -+ /* -+ * The above calls will only clean out the contents of the name hash -+ * table, but not the hash table itself. The following line does that -+ * part. -- Richard Levitte -+ */ -+ OBJ_NAME_cleanup(-1); - -- EVP_PBE_cleanup(); -- } -+ EVP_PBE_cleanup(); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c -index 2a265fd..0607fea 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c -@@ -1,6 +1,7 @@ - /* p5_crpt.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,98 +63,103 @@ - #include - #include - --/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. -+/* -+ * PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. - */ - - void PKCS5_PBE_add(void) - { - #ifndef OPENSSL_NO_DES --# ifndef OPENSSL_NO_MD5 --EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), -- PKCS5_PBE_keyivgen); --# endif --# ifndef OPENSSL_NO_MD2 --EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), -- PKCS5_PBE_keyivgen); --# endif --# ifndef OPENSSL_NO_SHA --EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), -- PKCS5_PBE_keyivgen); --# endif -+# ifndef OPENSSL_NO_MD5 -+ EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), -+ PKCS5_PBE_keyivgen); -+# endif -+# ifndef OPENSSL_NO_MD2 -+ EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), -+ PKCS5_PBE_keyivgen); -+# endif -+# ifndef OPENSSL_NO_SHA -+ EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), -+ PKCS5_PBE_keyivgen); -+# endif - #endif - #ifndef OPENSSL_NO_RC2 --# ifndef OPENSSL_NO_MD5 --EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), -- PKCS5_PBE_keyivgen); --# endif --# ifndef OPENSSL_NO_MD2 --EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), -- PKCS5_PBE_keyivgen); --# endif --# ifndef OPENSSL_NO_SHA --EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), -- PKCS5_PBE_keyivgen); --# endif -+# ifndef OPENSSL_NO_MD5 -+ EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), -+ PKCS5_PBE_keyivgen); -+# endif -+# ifndef OPENSSL_NO_MD2 -+ EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), -+ PKCS5_PBE_keyivgen); -+# endif -+# ifndef OPENSSL_NO_SHA -+ EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), -+ PKCS5_PBE_keyivgen); -+# endif - #endif - #ifndef OPENSSL_NO_HMAC --EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); -+ EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); - #endif - } - - int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, -- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, -- int en_de) -+ ASN1_TYPE *param, const EVP_CIPHER *cipher, -+ const EVP_MD *md, int en_de) - { -- EVP_MD_CTX ctx; -- unsigned char md_tmp[EVP_MAX_MD_SIZE]; -- unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; -- int i; -- PBEPARAM *pbe; -- int saltlen, iter; -- unsigned char *salt; -- const unsigned char *pbuf; -+ EVP_MD_CTX ctx; -+ unsigned char md_tmp[EVP_MAX_MD_SIZE]; -+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; -+ int i; -+ PBEPARAM *pbe; -+ int saltlen, iter; -+ unsigned char *salt; -+ const unsigned char *pbuf; - -- /* Extract useful info from parameter */ -- if (param == NULL || param->type != V_ASN1_SEQUENCE || -- param->value.sequence == NULL) { -- EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); -- return 0; -- } -+ /* Extract useful info from parameter */ -+ if (param == NULL || param->type != V_ASN1_SEQUENCE || -+ param->value.sequence == NULL) { -+ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); -+ return 0; -+ } - -- pbuf = param->value.sequence->data; -- if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { -- EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); -- return 0; -- } -+ pbuf = param->value.sequence->data; -+ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { -+ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); -+ return 0; -+ } - -- if (!pbe->iter) iter = 1; -- else iter = ASN1_INTEGER_get (pbe->iter); -- salt = pbe->salt->data; -- saltlen = pbe->salt->length; -+ if (!pbe->iter) -+ iter = 1; -+ else -+ iter = ASN1_INTEGER_get(pbe->iter); -+ salt = pbe->salt->data; -+ saltlen = pbe->salt->length; - -- if(!pass) passlen = 0; -- else if(passlen == -1) passlen = strlen(pass); -+ if (!pass) -+ passlen = 0; -+ else if (passlen == -1) -+ passlen = strlen(pass); - -- EVP_MD_CTX_init(&ctx); -- EVP_DigestInit_ex(&ctx, md, NULL); -- EVP_DigestUpdate(&ctx, pass, passlen); -- EVP_DigestUpdate(&ctx, salt, saltlen); -- PBEPARAM_free(pbe); -- EVP_DigestFinal_ex(&ctx, md_tmp, NULL); -- for (i = 1; i < iter; i++) { -- EVP_DigestInit_ex(&ctx, md, NULL); -- EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); -- EVP_DigestFinal_ex (&ctx, md_tmp, NULL); -- } -- EVP_MD_CTX_cleanup(&ctx); -- OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); -- memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); -- OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); -- memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), -- EVP_CIPHER_iv_length(cipher)); -- EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); -- OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); -- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); -- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); -- return 1; -+ EVP_MD_CTX_init(&ctx); -+ EVP_DigestInit_ex(&ctx, md, NULL); -+ EVP_DigestUpdate(&ctx, pass, passlen); -+ EVP_DigestUpdate(&ctx, salt, saltlen); -+ PBEPARAM_free(pbe); -+ EVP_DigestFinal_ex(&ctx, md_tmp, NULL); -+ for (i = 1; i < iter; i++) { -+ EVP_DigestInit_ex(&ctx, md, NULL); -+ EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); -+ EVP_DigestFinal_ex(&ctx, md_tmp, NULL); -+ } -+ EVP_MD_CTX_cleanup(&ctx); -+ OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); -+ memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); -+ OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); -+ memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), -+ EVP_CIPHER_iv_length(cipher)); -+ EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); -+ OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); -+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); -+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); -+ return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c -index 6bec77b..4c9496c 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c -@@ -1,6 +1,7 @@ - /* p5_crpt2.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -59,205 +60,212 @@ - #include - #include "cryptlib.h" - #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) --#include --#include --#include -+# include -+# include -+# include - - /* set this to print out info about the keygen algorithm */ - /* #define DEBUG_PKCS5V2 */ - --#ifdef DEBUG_PKCS5V2 -- static void h__dump (const unsigned char *p, int len); --#endif -+# ifdef DEBUG_PKCS5V2 -+static void h__dump(const unsigned char *p, int len); -+# endif - --/* This is an implementation of PKCS#5 v2.0 password based encryption key -+/* -+ * This is an implementation of PKCS#5 v2.0 password based encryption key - * derivation function PBKDF2 using the only currently defined function HMAC - * with SHA1. Verified against test vectors posted by Peter Gutmann -- * to the PKCS-TNG mailing list. -+ * to the PKCS-TNG mailing -+ * list. - */ - - int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, -- const unsigned char *salt, int saltlen, int iter, -- int keylen, unsigned char *out) -+ const unsigned char *salt, int saltlen, int iter, -+ int keylen, unsigned char *out) - { -- unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; -- int cplen, j, k, tkeylen; -- unsigned long i = 1; -- HMAC_CTX hctx; -+ unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; -+ int cplen, j, k, tkeylen; -+ unsigned long i = 1; -+ HMAC_CTX hctx; - -- HMAC_CTX_init(&hctx); -- p = out; -- tkeylen = keylen; -- if(!pass) passlen = 0; -- else if(passlen == -1) passlen = strlen(pass); -- while(tkeylen) { -- if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; -- else cplen = tkeylen; -- /* We are unlikely to ever use more than 256 blocks (5120 bits!) -- * but just in case... -- */ -- itmp[0] = (unsigned char)((i >> 24) & 0xff); -- itmp[1] = (unsigned char)((i >> 16) & 0xff); -- itmp[2] = (unsigned char)((i >> 8) & 0xff); -- itmp[3] = (unsigned char)(i & 0xff); -- HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); -- HMAC_Update(&hctx, salt, saltlen); -- HMAC_Update(&hctx, itmp, 4); -- HMAC_Final(&hctx, digtmp, NULL); -- memcpy(p, digtmp, cplen); -- for(j = 1; j < iter; j++) { -- HMAC(EVP_sha1(), pass, passlen, -- digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); -- for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; -- } -- tkeylen-= cplen; -- i++; -- p+= cplen; -- } -- HMAC_CTX_cleanup(&hctx); --#ifdef DEBUG_PKCS5V2 -- fprintf(stderr, "Password:\n"); -- h__dump (pass, passlen); -- fprintf(stderr, "Salt:\n"); -- h__dump (salt, saltlen); -- fprintf(stderr, "Iteration count %d\n", iter); -- fprintf(stderr, "Key:\n"); -- h__dump (out, keylen); --#endif -- return 1; -+ HMAC_CTX_init(&hctx); -+ p = out; -+ tkeylen = keylen; -+ if (!pass) -+ passlen = 0; -+ else if (passlen == -1) -+ passlen = strlen(pass); -+ while (tkeylen) { -+ if (tkeylen > SHA_DIGEST_LENGTH) -+ cplen = SHA_DIGEST_LENGTH; -+ else -+ cplen = tkeylen; -+ /* -+ * We are unlikely to ever use more than 256 blocks (5120 bits!) but -+ * just in case... -+ */ -+ itmp[0] = (unsigned char)((i >> 24) & 0xff); -+ itmp[1] = (unsigned char)((i >> 16) & 0xff); -+ itmp[2] = (unsigned char)((i >> 8) & 0xff); -+ itmp[3] = (unsigned char)(i & 0xff); -+ HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); -+ HMAC_Update(&hctx, salt, saltlen); -+ HMAC_Update(&hctx, itmp, 4); -+ HMAC_Final(&hctx, digtmp, NULL); -+ memcpy(p, digtmp, cplen); -+ for (j = 1; j < iter; j++) { -+ HMAC(EVP_sha1(), pass, passlen, -+ digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); -+ for (k = 0; k < cplen; k++) -+ p[k] ^= digtmp[k]; -+ } -+ tkeylen -= cplen; -+ i++; -+ p += cplen; -+ } -+ HMAC_CTX_cleanup(&hctx); -+# ifdef DEBUG_PKCS5V2 -+ fprintf(stderr, "Password:\n"); -+ h__dump(pass, passlen); -+ fprintf(stderr, "Salt:\n"); -+ h__dump(salt, saltlen); -+ fprintf(stderr, "Iteration count %d\n", iter); -+ fprintf(stderr, "Key:\n"); -+ h__dump(out, keylen); -+# endif -+ return 1; - } - --#ifdef DO_TEST -+# ifdef DO_TEST - main() - { -- unsigned char out[4]; -- unsigned char salt[] = {0x12, 0x34, 0x56, 0x78}; -- PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out); -- fprintf(stderr, "Out %02X %02X %02X %02X\n", -- out[0], out[1], out[2], out[3]); -+ unsigned char out[4]; -+ unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 }; -+ PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out); -+ fprintf(stderr, "Out %02X %02X %02X %02X\n", -+ out[0], out[1], out[2], out[3]); - } - --#endif -+# endif - --/* Now the key derivation function itself. This is a bit evil because -- * it has to check the ASN1 parameters are valid: and there are quite a -- * few of them... -+/* -+ * Now the key derivation function itself. This is a bit evil because it has -+ * to check the ASN1 parameters are valid: and there are quite a few of -+ * them... - */ - - int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, -- ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, -- int en_de) -+ ASN1_TYPE *param, const EVP_CIPHER *c, -+ const EVP_MD *md, int en_de) - { -- unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; -- const unsigned char *pbuf; -- int saltlen, iter, plen; -- unsigned int keylen; -- PBE2PARAM *pbe2 = NULL; -- const EVP_CIPHER *cipher; -- PBKDF2PARAM *kdf = NULL; -+ unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; -+ const unsigned char *pbuf; -+ int saltlen, iter, plen; -+ unsigned int keylen; -+ PBE2PARAM *pbe2 = NULL; -+ const EVP_CIPHER *cipher; -+ PBKDF2PARAM *kdf = NULL; - -- if (param == NULL || param->type != V_ASN1_SEQUENCE || -- param->value.sequence == NULL) { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); -- return 0; -- } -+ if (param == NULL || param->type != V_ASN1_SEQUENCE || -+ param->value.sequence == NULL) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); -+ return 0; -+ } - -- pbuf = param->value.sequence->data; -- plen = param->value.sequence->length; -- if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); -- return 0; -- } -+ pbuf = param->value.sequence->data; -+ plen = param->value.sequence->length; -+ if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); -+ return 0; -+ } - -- /* See if we recognise the key derivation function */ -+ /* See if we recognise the key derivation function */ - -- if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, -- EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); -- goto err; -- } -+ if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, -+ EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); -+ goto err; -+ } - -- /* lets see if we recognise the encryption algorithm. -- */ -+ /* -+ * lets see if we recognise the encryption algorithm. -+ */ - -- cipher = EVP_get_cipherbyname( -- OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm))); -+ cipher = -+ EVP_get_cipherbyname(OBJ_nid2sn -+ (OBJ_obj2nid(pbe2->encryption->algorithm))); - -- if(!cipher) { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, -- EVP_R_UNSUPPORTED_CIPHER); -- goto err; -- } -+ if (!cipher) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER); -+ goto err; -+ } - -- /* Fixup cipher based on AlgorithmIdentifier */ -- EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); -- if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, -- EVP_R_CIPHER_PARAMETER_ERROR); -- goto err; -- } -- keylen = EVP_CIPHER_CTX_key_length(ctx); -- OPENSSL_assert(keylen <= sizeof key); -+ /* Fixup cipher based on AlgorithmIdentifier */ -+ EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); -+ if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); -+ goto err; -+ } -+ keylen = EVP_CIPHER_CTX_key_length(ctx); -+ OPENSSL_assert(keylen <= sizeof key); - -- /* Now decode key derivation function */ -+ /* Now decode key derivation function */ - -- if(!pbe2->keyfunc->parameter || -- (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) -- { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); -- goto err; -- } -+ if (!pbe2->keyfunc->parameter || -+ (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); -+ goto err; -+ } - -- pbuf = pbe2->keyfunc->parameter->value.sequence->data; -- plen = pbe2->keyfunc->parameter->value.sequence->length; -- if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); -- goto err; -- } -+ pbuf = pbe2->keyfunc->parameter->value.sequence->data; -+ plen = pbe2->keyfunc->parameter->value.sequence->length; -+ if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); -+ goto err; -+ } - -- PBE2PARAM_free(pbe2); -- pbe2 = NULL; -+ PBE2PARAM_free(pbe2); -+ pbe2 = NULL; - -- /* Now check the parameters of the kdf */ -+ /* Now check the parameters of the kdf */ - -- if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, -- EVP_R_UNSUPPORTED_KEYLENGTH); -- goto err; -- } -+ if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); -+ goto err; -+ } - -- if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); -- goto err; -- } -+ if (kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); -+ goto err; -+ } - -- if(kdf->salt->type != V_ASN1_OCTET_STRING) { -- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, -- EVP_R_UNSUPPORTED_SALT_TYPE); -- goto err; -- } -+ if (kdf->salt->type != V_ASN1_OCTET_STRING) { -+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE); -+ goto err; -+ } - -- /* it seems that its all OK */ -- salt = kdf->salt->value.octet_string->data; -- saltlen = kdf->salt->value.octet_string->length; -- iter = ASN1_INTEGER_get(kdf->iter); -- PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); -- EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); -- OPENSSL_cleanse(key, keylen); -- PBKDF2PARAM_free(kdf); -- return 1; -+ /* it seems that its all OK */ -+ salt = kdf->salt->value.octet_string->data; -+ saltlen = kdf->salt->value.octet_string->length; -+ iter = ASN1_INTEGER_get(kdf->iter); -+ PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); -+ EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); -+ OPENSSL_cleanse(key, keylen); -+ PBKDF2PARAM_free(kdf); -+ return 1; - -- err: -- PBE2PARAM_free(pbe2); -- PBKDF2PARAM_free(kdf); -- return 0; -+ err: -+ PBE2PARAM_free(pbe2); -+ PBKDF2PARAM_free(kdf); -+ return 0; - } - --#ifdef DEBUG_PKCS5V2 --static void h__dump (const unsigned char *p, int len) -+# ifdef DEBUG_PKCS5V2 -+static void h__dump(const unsigned char *p, int len) - { -- for (; len --; p++) fprintf(stderr, "%02X ", *p); -- fprintf(stderr, "\n"); -+ for (; len--; p++) -+ fprintf(stderr, "%02X ", *p); -+ fprintf(stderr, "\n"); - } --#endif -+# endif - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c -index f64901f..65d3fef 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_dec.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_dec.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,28 +60,28 @@ - #include "cryptlib.h" - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #include - #include - #include - - int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, -- EVP_PKEY *priv) -- { -- int ret= -1; -- -+ EVP_PKEY *priv) -+{ -+ int ret = -1; -+ - #ifndef OPENSSL_NO_RSA -- if (priv->type != EVP_PKEY_RSA) -- { -+ if (priv->type != EVP_PKEY_RSA) { - #endif -- EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); -+ EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_PUBLIC_KEY_NOT_RSA); - #ifndef OPENSSL_NO_RSA -- goto err; -- } -+ goto err; -+ } - -- ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); --err: -+ ret = -+ RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, RSA_PKCS1_PADDING); -+ err: - #endif -- return(ret); -- } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c -index c2dfdc5..5342146 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_enc.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,27 +60,28 @@ - #include "cryptlib.h" - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #include - #include - #include - - int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, -- EVP_PKEY *pubk) -- { -- int ret=0; -- -+ EVP_PKEY *pubk) -+{ -+ int ret = 0; -+ - #ifndef OPENSSL_NO_RSA -- if (pubk->type != EVP_PKEY_RSA) -- { -+ if (pubk->type != EVP_PKEY_RSA) { - #endif -- EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); -+ EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_PUBLIC_KEY_NOT_RSA); - #ifndef OPENSSL_NO_RSA -- goto err; -- } -- ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING); --err: -+ goto err; -+ } -+ ret = -+ RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, -+ RSA_PKCS1_PADDING); -+ err: - #endif -- return(ret); -- } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c -index 22155ec..6430f6c 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_lib.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,317 +65,308 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DH --#include -+# include - #endif - - static void EVP_PKEY_free_it(EVP_PKEY *x); - - int EVP_PKEY_bits(EVP_PKEY *pkey) -- { -- if (0) -- return 0; -+{ -+ if (0) -+ return 0; - #ifndef OPENSSL_NO_RSA -- else if (pkey->type == EVP_PKEY_RSA) -- return(BN_num_bits(pkey->pkey.rsa->n)); -+ else if (pkey->type == EVP_PKEY_RSA) -+ return (BN_num_bits(pkey->pkey.rsa->n)); - #endif - #ifndef OPENSSL_NO_DSA -- else if (pkey->type == EVP_PKEY_DSA) -- return(BN_num_bits(pkey->pkey.dsa->p)); -+ else if (pkey->type == EVP_PKEY_DSA) -+ return (BN_num_bits(pkey->pkey.dsa->p)); - #endif - #ifndef OPENSSL_NO_EC -- else if (pkey->type == EVP_PKEY_EC) -- { -- BIGNUM *order = BN_new(); -- const EC_GROUP *group; -- int ret; -- -- if (!order) -- { -- ERR_clear_error(); -- return 0; -- } -- group = EC_KEY_get0_group(pkey->pkey.ec); -- if (!EC_GROUP_get_order(group, order, NULL)) -- { -- ERR_clear_error(); -- return 0; -- } -- -- ret = BN_num_bits(order); -- BN_free(order); -- return ret; -- } -+ else if (pkey->type == EVP_PKEY_EC) { -+ BIGNUM *order = BN_new(); -+ const EC_GROUP *group; -+ int ret; -+ -+ if (!order) { -+ ERR_clear_error(); -+ return 0; -+ } -+ group = EC_KEY_get0_group(pkey->pkey.ec); -+ if (!EC_GROUP_get_order(group, order, NULL)) { -+ ERR_clear_error(); -+ return 0; -+ } -+ -+ ret = BN_num_bits(order); -+ BN_free(order); -+ return ret; -+ } - #endif -- return(0); -- } -+ return (0); -+} - - int EVP_PKEY_size(EVP_PKEY *pkey) -- { -- if (pkey == NULL) -- return(0); -+{ -+ if (pkey == NULL) -+ return (0); - #ifndef OPENSSL_NO_RSA -- if (pkey->type == EVP_PKEY_RSA) -- return(RSA_size(pkey->pkey.rsa)); -- else -+ if (pkey->type == EVP_PKEY_RSA) -+ return (RSA_size(pkey->pkey.rsa)); -+ else - #endif - #ifndef OPENSSL_NO_DSA -- if (pkey->type == EVP_PKEY_DSA) -- return(DSA_size(pkey->pkey.dsa)); -+ if (pkey->type == EVP_PKEY_DSA) -+ return (DSA_size(pkey->pkey.dsa)); - #endif - #ifndef OPENSSL_NO_ECDSA -- if (pkey->type == EVP_PKEY_EC) -- return(ECDSA_size(pkey->pkey.ec)); -+ if (pkey->type == EVP_PKEY_EC) -+ return (ECDSA_size(pkey->pkey.ec)); - #endif - -- return(0); -- } -+ return (0); -+} - - int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) -- { -+{ - #ifndef OPENSSL_NO_DSA -- if (pkey->type == EVP_PKEY_DSA) -- { -- int ret=pkey->save_parameters; -- -- if (mode >= 0) -- pkey->save_parameters=mode; -- return(ret); -- } -+ if (pkey->type == EVP_PKEY_DSA) { -+ int ret = pkey->save_parameters; -+ -+ if (mode >= 0) -+ pkey->save_parameters = mode; -+ return (ret); -+ } - #endif - #ifndef OPENSSL_NO_EC -- if (pkey->type == EVP_PKEY_EC) -- { -- int ret = pkey->save_parameters; -- -- if (mode >= 0) -- pkey->save_parameters = mode; -- return(ret); -- } -+ if (pkey->type == EVP_PKEY_EC) { -+ int ret = pkey->save_parameters; -+ -+ if (mode >= 0) -+ pkey->save_parameters = mode; -+ return (ret); -+ } - #endif -- return(0); -- } -+ return (0); -+} - - int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) -- { -- if (to->type != from->type) -- { -- EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES); -- goto err; -- } -- -- if (EVP_PKEY_missing_parameters(from)) -- { -- EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS); -- goto err; -- } -+{ -+ if (to->type != from->type) { -+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES); -+ goto err; -+ } -+ -+ if (EVP_PKEY_missing_parameters(from)) { -+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS); -+ goto err; -+ } - #ifndef OPENSSL_NO_DSA -- if (to->type == EVP_PKEY_DSA) -- { -- BIGNUM *a; -- -- if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err; -- if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p); -- to->pkey.dsa->p=a; -- -- if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err; -- if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q); -- to->pkey.dsa->q=a; -- -- if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err; -- if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g); -- to->pkey.dsa->g=a; -- } -+ if (to->type == EVP_PKEY_DSA) { -+ BIGNUM *a; -+ -+ if ((a = BN_dup(from->pkey.dsa->p)) == NULL) -+ goto err; -+ if (to->pkey.dsa->p != NULL) -+ BN_free(to->pkey.dsa->p); -+ to->pkey.dsa->p = a; -+ -+ if ((a = BN_dup(from->pkey.dsa->q)) == NULL) -+ goto err; -+ if (to->pkey.dsa->q != NULL) -+ BN_free(to->pkey.dsa->q); -+ to->pkey.dsa->q = a; -+ -+ if ((a = BN_dup(from->pkey.dsa->g)) == NULL) -+ goto err; -+ if (to->pkey.dsa->g != NULL) -+ BN_free(to->pkey.dsa->g); -+ to->pkey.dsa->g = a; -+ } - #endif - #ifndef OPENSSL_NO_EC -- if (to->type == EVP_PKEY_EC) -- { -- EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); -- if (group == NULL) -- goto err; -- if (EC_KEY_set_group(to->pkey.ec, group) == 0) -- goto err; -- EC_GROUP_free(group); -- } -+ if (to->type == EVP_PKEY_EC) { -+ EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); -+ if (group == NULL) -+ goto err; -+ if (EC_KEY_set_group(to->pkey.ec, group) == 0) -+ goto err; -+ EC_GROUP_free(group); -+ } - #endif -- return(1); --err: -- return(0); -- } -+ return (1); -+ err: -+ return (0); -+} - - int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) -- { -+{ - #ifndef OPENSSL_NO_DSA -- if (pkey->type == EVP_PKEY_DSA) -- { -- DSA *dsa; -- -- dsa=pkey->pkey.dsa; -- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) -- return(1); -- } -+ if (pkey->type == EVP_PKEY_DSA) { -+ DSA *dsa; -+ -+ dsa = pkey->pkey.dsa; -+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) -+ return (1); -+ } - #endif - #ifndef OPENSSL_NO_EC -- if (pkey->type == EVP_PKEY_EC) -- { -- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) -- return(1); -- } -+ if (pkey->type == EVP_PKEY_EC) { -+ if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) -+ return (1); -+ } - #endif - -- return(0); -- } -+ return (0); -+} - - int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -- { -+{ - #ifndef OPENSSL_NO_DSA -- if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) -- { -- if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || -- BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || -- BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) -- return(0); -- else -- return(1); -- } -+ if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) { -+ if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || -+ BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || -+ BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) -+ return (0); -+ else -+ return (1); -+ } - #endif - #ifndef OPENSSL_NO_EC -- if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) -- { -- const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), -- *group_b = EC_KEY_get0_group(b->pkey.ec); -- if (EC_GROUP_cmp(group_a, group_b, NULL)) -- return 0; -- else -- return 1; -- } -+ if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) { -+ const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), -+ *group_b = EC_KEY_get0_group(b->pkey.ec); -+ if (EC_GROUP_cmp(group_a, group_b, NULL)) -+ return 0; -+ else -+ return 1; -+ } - #endif -- return(-1); -- } -+ return (-1); -+} - - int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -- { -- if (a->type != b->type) -- return -1; -+{ -+ if (a->type != b->type) -+ return -1; - -- if (EVP_PKEY_cmp_parameters(a, b) == 0) -- return 0; -+ if (EVP_PKEY_cmp_parameters(a, b) == 0) -+ return 0; - -- switch (a->type) -- { -+ switch (a->type) { - #ifndef OPENSSL_NO_RSA -- case EVP_PKEY_RSA: -- if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 -- || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) -- return 0; -- break; -+ case EVP_PKEY_RSA: -+ if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 -+ || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) -+ return 0; -+ break; - #endif - #ifndef OPENSSL_NO_DSA -- case EVP_PKEY_DSA: -- if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) -- return 0; -- break; -+ case EVP_PKEY_DSA: -+ if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) -+ return 0; -+ break; - #endif - #ifndef OPENSSL_NO_EC -- case EVP_PKEY_EC: -- { -- int r; -- const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); -- const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), -- *pb = EC_KEY_get0_public_key(b->pkey.ec); -- r = EC_POINT_cmp(group, pa, pb, NULL); -- if (r != 0) -- { -- if (r == 1) -- return 0; -- else -- return -2; -- } -- } -- break; -+ case EVP_PKEY_EC: -+ { -+ int r; -+ const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); -+ const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), -+ *pb = EC_KEY_get0_public_key(b->pkey.ec); -+ r = EC_POINT_cmp(group, pa, pb, NULL); -+ if (r != 0) { -+ if (r == 1) -+ return 0; -+ else -+ return -2; -+ } -+ } -+ break; - #endif - #ifndef OPENSSL_NO_DH -- case EVP_PKEY_DH: -- return -2; -+ case EVP_PKEY_DH: -+ return -2; - #endif -- default: -- return -2; -- } -+ default: -+ return -2; -+ } - -- return 1; -- } -+ return 1; -+} - - EVP_PKEY *EVP_PKEY_new(void) -- { -- EVP_PKEY *ret; -- -- ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); -- if (ret == NULL) -- { -- EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- ret->type=EVP_PKEY_NONE; -- ret->references=1; -- ret->pkey.ptr=NULL; -- ret->attributes=NULL; -- ret->save_parameters=1; -- return(ret); -- } -+{ -+ EVP_PKEY *ret; -+ -+ ret = (EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); -+ if (ret == NULL) { -+ EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ ret->type = EVP_PKEY_NONE; -+ ret->references = 1; -+ ret->pkey.ptr = NULL; -+ ret->attributes = NULL; -+ ret->save_parameters = 1; -+ return (ret); -+} - - int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) -- { -- if (pkey == NULL) return(0); -- if (pkey->pkey.ptr != NULL) -- EVP_PKEY_free_it(pkey); -- pkey->type=EVP_PKEY_type(type); -- pkey->save_type=type; -- pkey->pkey.ptr=key; -- return(key != NULL); -- } -+{ -+ if (pkey == NULL) -+ return (0); -+ if (pkey->pkey.ptr != NULL) -+ EVP_PKEY_free_it(pkey); -+ pkey->type = EVP_PKEY_type(type); -+ pkey->save_type = type; -+ pkey->pkey.ptr = key; -+ return (key != NULL); -+} - - #ifndef OPENSSL_NO_RSA - int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) - { -- int ret = EVP_PKEY_assign_RSA(pkey, key); -- if(ret) -- RSA_up_ref(key); -- return ret; -+ int ret = EVP_PKEY_assign_RSA(pkey, key); -+ if (ret) -+ RSA_up_ref(key); -+ return ret; - } - - RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) -- { -- if(pkey->type != EVP_PKEY_RSA) { -- EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); -- return NULL; -- } -- RSA_up_ref(pkey->pkey.rsa); -- return pkey->pkey.rsa; -+{ -+ if (pkey->type != EVP_PKEY_RSA) { -+ EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); -+ return NULL; -+ } -+ RSA_up_ref(pkey->pkey.rsa); -+ return pkey->pkey.rsa; - } - #endif - - #ifndef OPENSSL_NO_DSA - int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) - { -- int ret = EVP_PKEY_assign_DSA(pkey, key); -- if(ret) -- DSA_up_ref(key); -- return ret; -+ int ret = EVP_PKEY_assign_DSA(pkey, key); -+ if (ret) -+ DSA_up_ref(key); -+ return ret; - } - - DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) -- { -- if(pkey->type != EVP_PKEY_DSA) { -- EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); -- return NULL; -- } -- DSA_up_ref(pkey->pkey.dsa); -- return pkey->pkey.dsa; -+{ -+ if (pkey->type != EVP_PKEY_DSA) { -+ EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); -+ return NULL; -+ } -+ DSA_up_ref(pkey->pkey.dsa); -+ return pkey->pkey.dsa; - } - #endif - -@@ -383,120 +374,116 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) - - int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) - { -- int ret = EVP_PKEY_assign_EC_KEY(pkey,key); -- if (ret) -- EC_KEY_up_ref(key); -- return ret; -+ int ret = EVP_PKEY_assign_EC_KEY(pkey, key); -+ if (ret) -+ EC_KEY_up_ref(key); -+ return ret; - } - - EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) - { -- if (pkey->type != EVP_PKEY_EC) -- { -- EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); -- return NULL; -- } -- EC_KEY_up_ref(pkey->pkey.ec); -- return pkey->pkey.ec; -+ if (pkey->type != EVP_PKEY_EC) { -+ EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); -+ return NULL; -+ } -+ EC_KEY_up_ref(pkey->pkey.ec); -+ return pkey->pkey.ec; - } - #endif - -- - #ifndef OPENSSL_NO_DH - - int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) - { -- int ret = EVP_PKEY_assign_DH(pkey, key); -- if(ret) -- DH_up_ref(key); -- return ret; -+ int ret = EVP_PKEY_assign_DH(pkey, key); -+ if (ret) -+ DH_up_ref(key); -+ return ret; - } - - DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) -- { -- if(pkey->type != EVP_PKEY_DH) { -- EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); -- return NULL; -- } -- DH_up_ref(pkey->pkey.dh); -- return pkey->pkey.dh; -+{ -+ if (pkey->type != EVP_PKEY_DH) { -+ EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); -+ return NULL; -+ } -+ DH_up_ref(pkey->pkey.dh); -+ return pkey->pkey.dh; - } - #endif - - int EVP_PKEY_type(int type) -- { -- switch (type) -- { -- case EVP_PKEY_RSA: -- case EVP_PKEY_RSA2: -- return(EVP_PKEY_RSA); -- case EVP_PKEY_DSA: -- case EVP_PKEY_DSA1: -- case EVP_PKEY_DSA2: -- case EVP_PKEY_DSA3: -- case EVP_PKEY_DSA4: -- return(EVP_PKEY_DSA); -- case EVP_PKEY_DH: -- return(EVP_PKEY_DH); -- case EVP_PKEY_EC: -- return(EVP_PKEY_EC); -- default: -- return(NID_undef); -- } -- } -+{ -+ switch (type) { -+ case EVP_PKEY_RSA: -+ case EVP_PKEY_RSA2: -+ return (EVP_PKEY_RSA); -+ case EVP_PKEY_DSA: -+ case EVP_PKEY_DSA1: -+ case EVP_PKEY_DSA2: -+ case EVP_PKEY_DSA3: -+ case EVP_PKEY_DSA4: -+ return (EVP_PKEY_DSA); -+ case EVP_PKEY_DH: -+ return (EVP_PKEY_DH); -+ case EVP_PKEY_EC: -+ return (EVP_PKEY_EC); -+ default: -+ return (NID_undef); -+ } -+} - - void EVP_PKEY_free(EVP_PKEY *x) -- { -- int i; -+{ -+ int i; - -- if (x == NULL) return; -+ if (x == NULL) -+ return; - -- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY); -+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); - #ifdef REF_PRINT -- REF_PRINT("EVP_PKEY",x); -+ REF_PRINT("EVP_PKEY", x); - #endif -- if (i > 0) return; -+ if (i > 0) -+ return; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"EVP_PKEY_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "EVP_PKEY_free, bad reference count\n"); -+ abort(); -+ } - #endif -- EVP_PKEY_free_it(x); -- if (x->attributes) -- sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); -- OPENSSL_free(x); -- } -+ EVP_PKEY_free_it(x); -+ if (x->attributes) -+ sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); -+ OPENSSL_free(x); -+} - - static void EVP_PKEY_free_it(EVP_PKEY *x) -- { -- switch (x->type) -- { -+{ -+ switch (x->type) { - #ifndef OPENSSL_NO_RSA -- case EVP_PKEY_RSA: -- case EVP_PKEY_RSA2: -- RSA_free(x->pkey.rsa); -- break; -+ case EVP_PKEY_RSA: -+ case EVP_PKEY_RSA2: -+ RSA_free(x->pkey.rsa); -+ break; - #endif - #ifndef OPENSSL_NO_DSA -- case EVP_PKEY_DSA: -- case EVP_PKEY_DSA2: -- case EVP_PKEY_DSA3: -- case EVP_PKEY_DSA4: -- DSA_free(x->pkey.dsa); -- break; -+ case EVP_PKEY_DSA: -+ case EVP_PKEY_DSA2: -+ case EVP_PKEY_DSA3: -+ case EVP_PKEY_DSA4: -+ DSA_free(x->pkey.dsa); -+ break; - #endif - #ifndef OPENSSL_NO_EC -- case EVP_PKEY_EC: -- EC_KEY_free(x->pkey.ec); -- break; -+ case EVP_PKEY_EC: -+ EC_KEY_free(x->pkey.ec); -+ break; - #endif - #ifndef OPENSSL_NO_DH -- case EVP_PKEY_DH: -- DH_free(x->pkey.dh); -- break; -+ case EVP_PKEY_DH: -+ DH_free(x->pkey.dh); -+ break; - #endif -- } -- } -- -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c -index 9935206..6740ac8 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_open.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_open.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,67 +61,68 @@ - - #ifndef OPENSSL_NO_RSA - --#include --#include --#include --#include -+# include -+# include -+# include -+# include - - int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -- const unsigned char *ek, int ekl, const unsigned char *iv, -- EVP_PKEY *priv) -- { -- unsigned char *key=NULL; -- int i,size=0,ret=0; -+ const unsigned char *ek, int ekl, const unsigned char *iv, -+ EVP_PKEY *priv) -+{ -+ unsigned char *key = NULL; -+ int i, size = 0, ret = 0; - -- if(type) { -- EVP_CIPHER_CTX_init(ctx); -- if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0; -- } -+ if (type) { -+ EVP_CIPHER_CTX_init(ctx); -+ if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) -+ return 0; -+ } - -- if(!priv) return 1; -+ if (!priv) -+ return 1; - -- if (priv->type != EVP_PKEY_RSA) -- { -- EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA); -- goto err; -- } -+ if (priv->type != EVP_PKEY_RSA) { -+ EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA); -+ goto err; -+ } - -- size=RSA_size(priv->pkey.rsa); -- key=(unsigned char *)OPENSSL_malloc(size+2); -- if (key == NULL) -- { -- /* ERROR */ -- EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ size = RSA_size(priv->pkey.rsa); -+ key = (unsigned char *)OPENSSL_malloc(size + 2); -+ if (key == NULL) { -+ /* ERROR */ -+ EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- i=EVP_PKEY_decrypt(key,ek,ekl,priv); -- if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) -- { -- /* ERROR */ -- goto err; -- } -- if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err; -+ i = EVP_PKEY_decrypt(key, ek, ekl, priv); -+ if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) { -+ /* ERROR */ -+ goto err; -+ } -+ if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) -+ goto err; - -- ret=1; --err: -- if (key != NULL) OPENSSL_cleanse(key,size); -- OPENSSL_free(key); -- return(ret); -- } -+ ret = 1; -+ err: -+ if (key != NULL) -+ OPENSSL_cleanse(key, size); -+ OPENSSL_free(key); -+ return (ret); -+} - - int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -- { -- int i; -+{ -+ int i; - -- i=EVP_DecryptFinal_ex(ctx,out,outl); -- EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL); -- return(i); -- } --#else /* !OPENSSL_NO_RSA */ -+ i = EVP_DecryptFinal_ex(ctx, out, outl); -+ EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); -+ return (i); -+} -+#else /* !OPENSSL_NO_RSA */ - - # ifdef PEDANTIC --static void *dummy=&dummy; -+static void *dummy = &dummy; - # endif - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c -index 8cc8fcb..be297dc 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_seal.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_seal.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,56 +60,59 @@ - #include "cryptlib.h" - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #include - #include - #include - --int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, -- int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) -- { -- unsigned char key[EVP_MAX_KEY_LENGTH]; -- int i; -- -- if(type) { -- EVP_CIPHER_CTX_init(ctx); -- if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0; -- } -- if ((npubk <= 0) || !pubk) -- return 1; -- if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) -- return 0; -- if (EVP_CIPHER_CTX_iv_length(ctx)) -- RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); -+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -+ unsigned char **ek, int *ekl, unsigned char *iv, -+ EVP_PKEY **pubk, int npubk) -+{ -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ int i; -+ -+ if (type) { -+ EVP_CIPHER_CTX_init(ctx); -+ if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) -+ return 0; -+ } -+ if ((npubk <= 0) || !pubk) -+ return 1; -+ if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) -+ return 0; -+ if (EVP_CIPHER_CTX_iv_length(ctx)) -+ RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)); - -- if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0; -+ if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) -+ return 0; - -- for (i=0; idigest->required_pkey_type[i]; -- if (v == 0) break; -- if (pkey->type == v) -- { -- ok=1; -- break; -- } -- } -- if (!ok) -- { -- EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); -- return(0); -- } -- if (ctx->digest->sign == NULL) -- { -- EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); -- return(0); -- } -- EVP_MD_CTX_init(&tmp_ctx); -- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); -- if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) -- { -- EVP_MD_SVCTX sctmp; -- sctmp.mctx = &tmp_ctx; -- sctmp.key = pkey->pkey.ptr; -- i = ctx->digest->sign(ctx->digest->type, -- NULL, -1, sigret, siglen, &sctmp); -- } -- else -- { -- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); -- i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, -- pkey->pkey.ptr); -- } -- EVP_MD_CTX_cleanup(&tmp_ctx); -- return i; -- } -+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, -+ unsigned int *siglen, EVP_PKEY *pkey) -+{ -+ unsigned char m[EVP_MAX_MD_SIZE]; -+ unsigned int m_len; -+ int i, ok = 0, v; -+ EVP_MD_CTX tmp_ctx; - -+ *siglen = 0; -+ for (i = 0; i < 4; i++) { -+ v = ctx->digest->required_pkey_type[i]; -+ if (v == 0) -+ break; -+ if (pkey->type == v) { -+ ok = 1; -+ break; -+ } -+ } -+ if (!ok) { -+ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); -+ return (0); -+ } -+ if (ctx->digest->sign == NULL) { -+ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); -+ return (0); -+ } -+ EVP_MD_CTX_init(&tmp_ctx); -+ EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); -+ if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) { -+ EVP_MD_SVCTX sctmp; -+ sctmp.mctx = &tmp_ctx; -+ sctmp.key = pkey->pkey.ptr; -+ i = ctx->digest->sign(ctx->digest->type, -+ NULL, -1, sigret, siglen, &sctmp); -+ } else { -+ EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len); -+ i = ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, -+ pkey->pkey.ptr); -+ } -+ EVP_MD_CTX_cleanup(&tmp_ctx); -+ return i; -+} -diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c -index 072c127..ee2f257 100644 ---- a/Cryptlib/OpenSSL/crypto/evp/p_verify.c -+++ b/Cryptlib/OpenSSL/crypto/evp/p_verify.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,51 +63,44 @@ - #include - - int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, -- unsigned int siglen, EVP_PKEY *pkey) -- { -- unsigned char m[EVP_MAX_MD_SIZE]; -- unsigned int m_len; -- int i,ok=0,v; -- EVP_MD_CTX tmp_ctx; -- -- for (i=0; i<4; i++) -- { -- v=ctx->digest->required_pkey_type[i]; -- if (v == 0) break; -- if (pkey->type == v) -- { -- ok=1; -- break; -- } -- } -- if (!ok) -- { -- EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); -- return(-1); -- } -- if (ctx->digest->verify == NULL) -- { -- EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); -- return(0); -- } -+ unsigned int siglen, EVP_PKEY *pkey) -+{ -+ unsigned char m[EVP_MAX_MD_SIZE]; -+ unsigned int m_len; -+ int i, ok = 0, v; -+ EVP_MD_CTX tmp_ctx; - -- EVP_MD_CTX_init(&tmp_ctx); -- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); -- if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) -- { -- EVP_MD_SVCTX sctmp; -- sctmp.mctx = &tmp_ctx; -- sctmp.key = pkey->pkey.ptr; -- i = ctx->digest->verify(ctx->digest->type, -- NULL, -1, sigbuf, siglen, &sctmp); -- } -- else -- { -- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); -- i = ctx->digest->verify(ctx->digest->type,m,m_len, -- sigbuf,siglen,pkey->pkey.ptr); -- } -- EVP_MD_CTX_cleanup(&tmp_ctx); -- return i; -- } -+ for (i = 0; i < 4; i++) { -+ v = ctx->digest->required_pkey_type[i]; -+ if (v == 0) -+ break; -+ if (pkey->type == v) { -+ ok = 1; -+ break; -+ } -+ } -+ if (!ok) { -+ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); -+ return (-1); -+ } -+ if (ctx->digest->verify == NULL) { -+ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); -+ return (0); -+ } - -+ EVP_MD_CTX_init(&tmp_ctx); -+ EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); -+ if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) { -+ EVP_MD_SVCTX sctmp; -+ sctmp.mctx = &tmp_ctx; -+ sctmp.key = pkey->pkey.ptr; -+ i = ctx->digest->verify(ctx->digest->type, -+ NULL, -1, sigbuf, siglen, &sctmp); -+ } else { -+ EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len); -+ i = ctx->digest->verify(ctx->digest->type, m, m_len, -+ sigbuf, siglen, pkey->pkey.ptr); -+ } -+ EVP_MD_CTX_cleanup(&tmp_ctx); -+ return i; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c -index 3b11e7a..efd9911 100644 ---- a/Cryptlib/OpenSSL/crypto/ex_data.c -+++ b/Cryptlib/OpenSSL/crypto/ex_data.c -@@ -34,21 +34,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -63,10 +63,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -78,7 +78,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -92,7 +92,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -142,103 +142,108 @@ - #include - - /* What an "implementation of ex_data functionality" looks like */ --struct st_CRYPTO_EX_DATA_IMPL -- { -- /*********************/ -- /* GLOBAL OPERATIONS */ -- /* Return a new class index */ -- int (*cb_new_class)(void); -- /* Cleanup all state used by the implementation */ -- void (*cb_cleanup)(void); -- /************************/ -- /* PER-CLASS OPERATIONS */ -- /* Get a new method index within a class */ -- int (*cb_get_new_index)(int class_index, long argl, void *argp, -- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -- CRYPTO_EX_free *free_func); -- /* Initialise a new CRYPTO_EX_DATA of a given class */ -- int (*cb_new_ex_data)(int class_index, void *obj, -- CRYPTO_EX_DATA *ad); -- /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ -- int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to, -- CRYPTO_EX_DATA *from); -- /* Cleanup a CRYPTO_EX_DATA of a given class */ -- void (*cb_free_ex_data)(int class_index, void *obj, -- CRYPTO_EX_DATA *ad); -- }; -+struct st_CRYPTO_EX_DATA_IMPL { -+ /*********************/ -+ /* GLOBAL OPERATIONS */ -+ /* Return a new class index */ -+ int (*cb_new_class) (void); -+ /* Cleanup all state used by the implementation */ -+ void (*cb_cleanup) (void); -+ /************************/ -+ /* PER-CLASS OPERATIONS */ -+ /* Get a new method index within a class */ -+ int (*cb_get_new_index) (int class_index, long argl, void *argp, -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+ /* Initialise a new CRYPTO_EX_DATA of a given class */ -+ int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); -+ /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ -+ int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to, -+ CRYPTO_EX_DATA *from); -+ /* Cleanup a CRYPTO_EX_DATA of a given class */ -+ void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); -+}; - - /* The implementation we use at run-time */ - static const CRYPTO_EX_DATA_IMPL *impl = NULL; - --/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg. -- * EX_IMPL(get_new_index)(...); */ -+/* -+ * To call "impl" functions, use this macro rather than referring to 'impl' -+ * directly, eg. EX_IMPL(get_new_index)(...); -+ */ - #define EX_IMPL(a) impl->cb_##a - - /* Predeclare the "default" ex_data implementation */ - static int int_new_class(void); - static void int_cleanup(void); - static int int_get_new_index(int class_index, long argl, void *argp, -- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -- CRYPTO_EX_free *free_func); --static int int_new_ex_data(int class_index, void *obj, -- CRYPTO_EX_DATA *ad); -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func); -+static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); - static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -- CRYPTO_EX_DATA *from); --static void int_free_ex_data(int class_index, void *obj, -- CRYPTO_EX_DATA *ad); --static CRYPTO_EX_DATA_IMPL impl_default = -- { -- int_new_class, -- int_cleanup, -- int_get_new_index, -- int_new_ex_data, -- int_dup_ex_data, -- int_free_ex_data -- }; -- --/* Internal function that checks whether "impl" is set and if not, sets it to -- * the default. */ -+ CRYPTO_EX_DATA *from); -+static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); -+static CRYPTO_EX_DATA_IMPL impl_default = { -+ int_new_class, -+ int_cleanup, -+ int_get_new_index, -+ int_new_ex_data, -+ int_dup_ex_data, -+ int_free_ex_data -+}; -+ -+/* -+ * Internal function that checks whether "impl" is set and if not, sets it to -+ * the default. -+ */ - static void impl_check(void) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -- if(!impl) -- impl = &impl_default; -- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -- } --/* A macro wrapper for impl_check that first uses a non-locked test before -- * invoking the function (which checks again inside a lock). */ -+{ -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ if (!impl) -+ impl = &impl_default; -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+} -+ -+/* -+ * A macro wrapper for impl_check that first uses a non-locked test before -+ * invoking the function (which checks again inside a lock). -+ */ - #define IMPL_CHECK if(!impl) impl_check(); - - /* API functions to get/set the "ex_data" implementation */ - const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void) -- { -- IMPL_CHECK -- return impl; -- } -+{ -+ IMPL_CHECK return impl; -+} -+ - int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) -- { -- int toret = 0; -- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -- if(!impl) -- { -- impl = i; -- toret = 1; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -- return toret; -- } -+{ -+ int toret = 0; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ if (!impl) { -+ impl = i; -+ toret = 1; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ return toret; -+} - - /****************************************************************************/ --/* Interal (default) implementation of "ex_data" support. API functions are -- * further down. */ -+/* -+ * Interal (default) implementation of "ex_data" support. API functions are -+ * further down. -+ */ - --/* The type that represents what each "class" used to implement locally. A STACK -- * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global -- * value representing the class that is used to distinguish these items. */ -+/* -+ * The type that represents what each "class" used to implement locally. A -+ * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is -+ * the global value representing the class that is used to distinguish these -+ * items. -+ */ - typedef struct st_ex_class_item { -- int class_index; -- STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; -- int meth_num; -+ int class_index; -+ STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; -+ int meth_num; - } EX_CLASS_ITEM; - - /* When assigning new class indexes, this is our counter */ -@@ -249,384 +254,388 @@ static LHASH *ex_data = NULL; - - /* The callbacks required in the "ex_data" hash table */ - static unsigned long ex_hash_cb(const void *a_void) -- { -- return ((const EX_CLASS_ITEM *)a_void)->class_index; -- } -+{ -+ return ((const EX_CLASS_ITEM *)a_void)->class_index; -+} -+ - static int ex_cmp_cb(const void *a_void, const void *b_void) -- { -- return (((const EX_CLASS_ITEM *)a_void)->class_index - -- ((const EX_CLASS_ITEM *)b_void)->class_index); -- } -+{ -+ return (((const EX_CLASS_ITEM *)a_void)->class_index - -+ ((const EX_CLASS_ITEM *)b_void)->class_index); -+} - --/* Internal functions used by the "impl_default" implementation to access the -- * state */ -+/* -+ * Internal functions used by the "impl_default" implementation to access the -+ * state -+ */ - - static int ex_data_check(void) -- { -- int toret = 1; -- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -- if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL)) -- toret = 0; -- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -- return toret; -- } --/* This macros helps reduce the locking from repeated checks because the -- * ex_data_check() function checks ex_data again inside a lock. */ -+{ -+ int toret = 1; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ if (!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL)) -+ toret = 0; -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ return toret; -+} -+ -+/* -+ * This macros helps reduce the locking from repeated checks because the -+ * ex_data_check() function checks ex_data again inside a lock. -+ */ - #define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail} - - /* This "inner" callback is used by the callback function that follows it */ - static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) -- { -- OPENSSL_free(funcs); -- } -+{ -+ OPENSSL_free(funcs); -+} - --/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from -- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do -- * any locking. */ -+/* -+ * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from -+ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't -+ * do any locking. -+ */ - static void def_cleanup_cb(void *a_void) -- { -- EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; -- sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); -- OPENSSL_free(item); -- } -- --/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a -- * given class. Handles locking. */ -+{ -+ EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; -+ sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); -+ OPENSSL_free(item); -+} -+ -+/* -+ * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to -+ * a given class. Handles locking. -+ */ - static EX_CLASS_ITEM *def_get_class(int class_index) -- { -- EX_CLASS_ITEM d, *p, *gen; -- EX_DATA_CHECK(return NULL;) -- d.class_index = class_index; -- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -- p = lh_retrieve(ex_data, &d); -- if(!p) -- { -- gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); -- if(gen) -- { -- gen->class_index = class_index; -- gen->meth_num = 0; -- gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); -- if(!gen->meth) -- OPENSSL_free(gen); -- else -- { -- /* Because we're inside the ex_data lock, the -- * return value from the insert will be NULL */ -- lh_insert(ex_data, gen); -- p = gen; -- } -- } -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -- if(!p) -- CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE); -- return p; -- } -- --/* Add a new method to the given EX_CLASS_ITEM and return the corresponding -- * index (or -1 for error). Handles locking. */ -+{ -+ EX_CLASS_ITEM d, *p, *gen; -+ EX_DATA_CHECK(return NULL;) -+ d.class_index = class_index; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ p = lh_retrieve(ex_data, &d); -+ if (!p) { -+ gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); -+ if (gen) { -+ gen->class_index = class_index; -+ gen->meth_num = 0; -+ gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); -+ if (!gen->meth) -+ OPENSSL_free(gen); -+ else { -+ /* -+ * Because we're inside the ex_data lock, the return value -+ * from the insert will be NULL -+ */ -+ lh_insert(ex_data, gen); -+ p = gen; -+ } -+ } -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ if (!p) -+ CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); -+ return p; -+} -+ -+/* -+ * Add a new method to the given EX_CLASS_ITEM and return the corresponding -+ * index (or -1 for error). Handles locking. -+ */ - static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, -- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -- CRYPTO_EX_free *free_func) -- { -- int toret = -1; -- CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc( -- sizeof(CRYPTO_EX_DATA_FUNCS)); -- if(!a) -- { -- CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE); -- return -1; -- } -- a->argl=argl; -- a->argp=argp; -- a->new_func=new_func; -- a->dup_func=dup_func; -- a->free_func=free_func; -- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -- while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) -- { -- if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) -- { -- CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE); -- OPENSSL_free(a); -- goto err; -- } -- } -- toret = item->meth_num++; -- (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); --err: -- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -- return toret; -- } -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) -+{ -+ int toret = -1; -+ CRYPTO_EX_DATA_FUNCS *a = -+ (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); -+ if (!a) { -+ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ a->argl = argl; -+ a->argp = argp; -+ a->new_func = new_func; -+ a->dup_func = dup_func; -+ a->free_func = free_func; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) { -+ if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) { -+ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); -+ OPENSSL_free(a); -+ goto err; -+ } -+ } -+ toret = item->meth_num++; -+ (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); -+ err: -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ return toret; -+} - - /**************************************************************/ - /* The functions in the default CRYPTO_EX_DATA_IMPL structure */ - - static int int_new_class(void) -- { -- int toret; -- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -- toret = ex_class++; -- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -- return toret; -- } -+{ -+ int toret; -+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); -+ toret = ex_class++; -+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -+ return toret; -+} - - static void int_cleanup(void) -- { -- EX_DATA_CHECK(return;) -- lh_doall(ex_data, def_cleanup_cb); -- lh_free(ex_data); -- ex_data = NULL; -- impl = NULL; -- } -+{ -+ EX_DATA_CHECK(return;) -+ lh_doall(ex_data, def_cleanup_cb); -+ lh_free(ex_data); -+ ex_data = NULL; -+ impl = NULL; -+} - - static int int_get_new_index(int class_index, long argl, void *argp, -- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -- CRYPTO_EX_free *free_func) -- { -- EX_CLASS_ITEM *item = def_get_class(class_index); -- if(!item) -- return -1; -- return def_add_index(item, argl, argp, new_func, dup_func, free_func); -- } -- --/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in -- * the lock, then using them outside the lock. NB: Thread-safety only applies to -- * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad' -- * itself. */ --static int int_new_ex_data(int class_index, void *obj, -- CRYPTO_EX_DATA *ad) -- { -- int mx,i; -- void *ptr; -- CRYPTO_EX_DATA_FUNCS **storage = NULL; -- EX_CLASS_ITEM *item = def_get_class(class_index); -- if(!item) -- /* error is already set */ -- return 0; -- ad->sk = NULL; -- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); -- if(mx > 0) -- { -- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); -- if(!storage) -- goto skip; -- for(i = 0; i < mx; i++) -- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); -- } --skip: -- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -- if((mx > 0) && !storage) -- { -- CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- for(i = 0; i < mx; i++) -- { -- if(storage[i] && storage[i]->new_func) -- { -- ptr = CRYPTO_get_ex_data(ad, i); -- storage[i]->new_func(obj,ptr,ad,i, -- storage[i]->argl,storage[i]->argp); -- } -- } -- if(storage) -- OPENSSL_free(storage); -- return 1; -- } -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) -+{ -+ EX_CLASS_ITEM *item = def_get_class(class_index); -+ if (!item) -+ return -1; -+ return def_add_index(item, argl, argp, new_func, dup_func, free_func); -+} -+ -+/* -+ * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries -+ * in the lock, then using them outside the lock. NB: Thread-safety only -+ * applies to the global "ex_data" state (ie. class definitions), not -+ * thread-safe on 'ad' itself. -+ */ -+static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -+{ -+ int mx, i; -+ void *ptr; -+ CRYPTO_EX_DATA_FUNCS **storage = NULL; -+ EX_CLASS_ITEM *item = def_get_class(class_index); -+ if (!item) -+ /* error is already set */ -+ return 0; -+ ad->sk = NULL; -+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); -+ if (mx > 0) { -+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); -+ if (!storage) -+ goto skip; -+ for (i = 0; i < mx; i++) -+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); -+ } -+ skip: -+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -+ if ((mx > 0) && !storage) { -+ CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ for (i = 0; i < mx; i++) { -+ if (storage[i] && storage[i]->new_func) { -+ ptr = CRYPTO_get_ex_data(ad, i); -+ storage[i]->new_func(obj, ptr, ad, i, -+ storage[i]->argl, storage[i]->argp); -+ } -+ } -+ if (storage) -+ OPENSSL_free(storage); -+ return 1; -+} - - /* Same thread-safety notes as for "int_new_ex_data" */ - static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -- CRYPTO_EX_DATA *from) -- { -- int mx, j, i; -- char *ptr; -- CRYPTO_EX_DATA_FUNCS **storage = NULL; -- EX_CLASS_ITEM *item; -- if(!from->sk) -- /* 'to' should be "blank" which *is* just like 'from' */ -- return 1; -- if((item = def_get_class(class_index)) == NULL) -- return 0; -- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); -- j = sk_num(from->sk); -- if(j < mx) -- mx = j; -- if(mx > 0) -- { -- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); -- if(!storage) -- goto skip; -- for(i = 0; i < mx; i++) -- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); -- } --skip: -- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -- if((mx > 0) && !storage) -- { -- CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- for(i = 0; i < mx; i++) -- { -- ptr = CRYPTO_get_ex_data(from, i); -- if(storage[i] && storage[i]->dup_func) -- storage[i]->dup_func(to,from,&ptr,i, -- storage[i]->argl,storage[i]->argp); -- CRYPTO_set_ex_data(to,i,ptr); -- } -- if(storage) -- OPENSSL_free(storage); -- return 1; -- } -+ CRYPTO_EX_DATA *from) -+{ -+ int mx, j, i; -+ char *ptr; -+ CRYPTO_EX_DATA_FUNCS **storage = NULL; -+ EX_CLASS_ITEM *item; -+ if (!from->sk) -+ /* 'to' should be "blank" which *is* just like 'from' */ -+ return 1; -+ if ((item = def_get_class(class_index)) == NULL) -+ return 0; -+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); -+ j = sk_num(from->sk); -+ if (j < mx) -+ mx = j; -+ if (mx > 0) { -+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); -+ if (!storage) -+ goto skip; -+ for (i = 0; i < mx; i++) -+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); -+ } -+ skip: -+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -+ if ((mx > 0) && !storage) { -+ CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ for (i = 0; i < mx; i++) { -+ ptr = CRYPTO_get_ex_data(from, i); -+ if (storage[i] && storage[i]->dup_func) -+ storage[i]->dup_func(to, from, &ptr, i, -+ storage[i]->argl, storage[i]->argp); -+ CRYPTO_set_ex_data(to, i, ptr); -+ } -+ if (storage) -+ OPENSSL_free(storage); -+ return 1; -+} - - /* Same thread-safety notes as for "int_new_ex_data" */ --static void int_free_ex_data(int class_index, void *obj, -- CRYPTO_EX_DATA *ad) -- { -- int mx,i; -- EX_CLASS_ITEM *item; -- void *ptr; -- CRYPTO_EX_DATA_FUNCS **storage = NULL; -- if((item = def_get_class(class_index)) == NULL) -- return; -- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); -- if(mx > 0) -- { -- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); -- if(!storage) -- goto skip; -- for(i = 0; i < mx; i++) -- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); -- } --skip: -- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -- if((mx > 0) && !storage) -- { -- CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE); -- return; -- } -- for(i = 0; i < mx; i++) -- { -- if(storage[i] && storage[i]->free_func) -- { -- ptr = CRYPTO_get_ex_data(ad,i); -- storage[i]->free_func(obj,ptr,ad,i, -- storage[i]->argl,storage[i]->argp); -- } -- } -- if(storage) -- OPENSSL_free(storage); -- if(ad->sk) -- { -- sk_free(ad->sk); -- ad->sk=NULL; -- } -- } -+static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -+{ -+ int mx, i; -+ EX_CLASS_ITEM *item; -+ void *ptr; -+ CRYPTO_EX_DATA_FUNCS **storage = NULL; -+ if ((item = def_get_class(class_index)) == NULL) -+ return; -+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); -+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); -+ if (mx > 0) { -+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); -+ if (!storage) -+ goto skip; -+ for (i = 0; i < mx; i++) -+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); -+ } -+ skip: -+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); -+ if ((mx > 0) && !storage) { -+ CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE); -+ return; -+ } -+ for (i = 0; i < mx; i++) { -+ if (storage[i] && storage[i]->free_func) { -+ ptr = CRYPTO_get_ex_data(ad, i); -+ storage[i]->free_func(obj, ptr, ad, i, -+ storage[i]->argl, storage[i]->argp); -+ } -+ } -+ if (storage) -+ OPENSSL_free(storage); -+ if (ad->sk) { -+ sk_free(ad->sk); -+ ad->sk = NULL; -+ } -+} - - /********************************************************************/ --/* API functions that defer all "state" operations to the "ex_data" -- * implementation we have set. */ -+/* -+ * API functions that defer all "state" operations to the "ex_data" -+ * implementation we have set. -+ */ - --/* Obtain an index for a new class (not the same as getting a new index within -- * an existing class - this is actually getting a new *class*) */ -+/* -+ * Obtain an index for a new class (not the same as getting a new index -+ * within an existing class - this is actually getting a new *class*) -+ */ - int CRYPTO_ex_data_new_class(void) -- { -- IMPL_CHECK -- return EX_IMPL(new_class)(); -- } -+{ -+ IMPL_CHECK return EX_IMPL(new_class) (); -+} - --/* Release all "ex_data" state to prevent memory leaks. This can't be made -+/* -+ * Release all "ex_data" state to prevent memory leaks. This can't be made - * thread-safe without overhauling a lot of stuff, and shouldn't really be - * called under potential race-conditions anyway (it's for program shutdown -- * after all). */ -+ * after all). -+ */ - void CRYPTO_cleanup_all_ex_data(void) -- { -- IMPL_CHECK -- EX_IMPL(cleanup)(); -- } -+{ -+ IMPL_CHECK EX_IMPL(cleanup) (); -+} - - /* Inside an existing class, get/register a new index. */ - int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, -- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -- CRYPTO_EX_free *free_func) -- { -- int ret = -1; -- -- IMPL_CHECK -- ret = EX_IMPL(get_new_index)(class_index, -- argl, argp, new_func, dup_func, free_func); -- return ret; -- } -- --/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including -- * calling new() callbacks for each index in the class used by this variable */ -+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) -+{ -+ int ret = -1; -+ -+ IMPL_CHECK -+ ret = EX_IMPL(get_new_index) (class_index, -+ argl, argp, new_func, dup_func, -+ free_func); -+ return ret; -+} -+ -+/* -+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including -+ * calling new() callbacks for each index in the class used by this variable -+ */ - int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -- { -- IMPL_CHECK -- return EX_IMPL(new_ex_data)(class_index, obj, ad); -- } -+{ -+ IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad); -+} - --/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for -- * each index in the class used by this variable */ -+/* -+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks -+ * for each index in the class used by this variable -+ */ - int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, -- CRYPTO_EX_DATA *from) -- { -- IMPL_CHECK -- return EX_IMPL(dup_ex_data)(class_index, to, from); -- } -- --/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for -- * each index in the class used by this variable */ -+ CRYPTO_EX_DATA *from) -+{ -+ IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from); -+} -+ -+/* -+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for -+ * each index in the class used by this variable -+ */ - void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -- { -- IMPL_CHECK -- EX_IMPL(free_ex_data)(class_index, obj, ad); -- } -+{ -+ IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad); -+} - --/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a -- * particular index in the class used by this variable */ -+/* -+ * For a given CRYPTO_EX_DATA variable, set the value corresponding to a -+ * particular index in the class used by this variable -+ */ - int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) -- { -- int i; -- -- if (ad->sk == NULL) -- { -- if ((ad->sk=sk_new_null()) == NULL) -- { -- CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- } -- i=sk_num(ad->sk); -- -- while (i <= idx) -- { -- if (!sk_push(ad->sk,NULL)) -- { -- CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- i++; -- } -- sk_set(ad->sk,idx,val); -- return(1); -- } -- --/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a -- * particular index in the class used by this variable */ -+{ -+ int i; -+ -+ if (ad->sk == NULL) { -+ if ((ad->sk = sk_new_null()) == NULL) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ } -+ i = sk_num(ad->sk); -+ -+ while (i <= idx) { -+ if (!sk_push(ad->sk, NULL)) { -+ CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ i++; -+ } -+ sk_set(ad->sk, idx, val); -+ return (1); -+} -+ -+/* -+ * For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a -+ * particular index in the class used by this variable -+ */ - void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) -- { -- if (ad->sk == NULL) -- return(0); -- else if (idx >= sk_num(ad->sk)) -- return(0); -- else -- return(sk_value(ad->sk,idx)); -- } -+{ -+ if (ad->sk == NULL) -+ return (0); -+ else if (idx >= sk_num(ad->sk)) -+ return (0); -+ else -+ return (sk_value(ad->sk, idx)); -+} - - IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) -diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c -index 09f1174..1788ed2 100644 ---- a/Cryptlib/OpenSSL/crypto/fips_err.c -+++ b/Cryptlib/OpenSSL/crypto/fips_err.c -@@ -3,5 +3,5 @@ - #ifdef OPENSSL_FIPS - # include "fips_err.h" - #else --static void *dummy=&dummy; -+static void *dummy = &dummy; - #endif -diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c -index 6899be6..639fd8c 100644 ---- a/Cryptlib/OpenSSL/crypto/hmac/hmac.c -+++ b/Cryptlib/OpenSSL/crypto/hmac/hmac.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,117 +64,109 @@ - #ifndef OPENSSL_FIPS - - void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, -- const EVP_MD *md, ENGINE *impl) -- { -- int i,j,reset=0; -- unsigned char pad[HMAC_MAX_MD_CBLOCK]; -- -- if (md != NULL) -- { -- reset=1; -- ctx->md=md; -- } -- else -- md=ctx->md; -- -- if (key != NULL) -- { -- reset=1; -- j=EVP_MD_block_size(md); -- OPENSSL_assert(j <= (int)sizeof(ctx->key)); -- if (j < len) -- { -- EVP_DigestInit_ex(&ctx->md_ctx,md, impl); -- EVP_DigestUpdate(&ctx->md_ctx,key,len); -- EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, -- &ctx->key_length); -- } -- else -- { -- OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key)); -- memcpy(ctx->key,key,len); -- ctx->key_length=len; -- } -- if(ctx->key_length != HMAC_MAX_MD_CBLOCK) -- memset(&ctx->key[ctx->key_length], 0, -- HMAC_MAX_MD_CBLOCK - ctx->key_length); -- } -- -- if (reset) -- { -- for (i=0; ikey[i]; -- EVP_DigestInit_ex(&ctx->i_ctx,md, impl); -- EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); -- -- for (i=0; ikey[i]; -- EVP_DigestInit_ex(&ctx->o_ctx,md, impl); -- EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); -- } -- EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); -- } -- --void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, -- const EVP_MD *md) -- { -- if(key && md) -- HMAC_CTX_init(ctx); -- HMAC_Init_ex(ctx,key,len,md, NULL); -- } -+ const EVP_MD *md, ENGINE *impl) -+{ -+ int i, j, reset = 0; -+ unsigned char pad[HMAC_MAX_MD_CBLOCK]; -+ -+ if (md != NULL) { -+ reset = 1; -+ ctx->md = md; -+ } else -+ md = ctx->md; -+ -+ if (key != NULL) { -+ reset = 1; -+ j = EVP_MD_block_size(md); -+ OPENSSL_assert(j <= (int)sizeof(ctx->key)); -+ if (j < len) { -+ EVP_DigestInit_ex(&ctx->md_ctx, md, impl); -+ EVP_DigestUpdate(&ctx->md_ctx, key, len); -+ EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, &ctx->key_length); -+ } else { -+ OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key)); -+ memcpy(ctx->key, key, len); -+ ctx->key_length = len; -+ } -+ if (ctx->key_length != HMAC_MAX_MD_CBLOCK) -+ memset(&ctx->key[ctx->key_length], 0, -+ HMAC_MAX_MD_CBLOCK - ctx->key_length); -+ } -+ -+ if (reset) { -+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) -+ pad[i] = 0x36 ^ ctx->key[i]; -+ EVP_DigestInit_ex(&ctx->i_ctx, md, impl); -+ EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md)); -+ -+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) -+ pad[i] = 0x5c ^ ctx->key[i]; -+ EVP_DigestInit_ex(&ctx->o_ctx, md, impl); -+ EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md)); -+ } -+ EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx); -+} -+ -+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) -+{ -+ if (key && md) -+ HMAC_CTX_init(ctx); -+ HMAC_Init_ex(ctx, key, len, md, NULL); -+} - - void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) -- { -- EVP_DigestUpdate(&ctx->md_ctx,data,len); -- } -+{ -+ EVP_DigestUpdate(&ctx->md_ctx, data, len); -+} - - void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) -- { -- unsigned int i; -- unsigned char buf[EVP_MAX_MD_SIZE]; -+{ -+ unsigned int i; -+ unsigned char buf[EVP_MAX_MD_SIZE]; - -- EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i); -- EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx); -- EVP_DigestUpdate(&ctx->md_ctx,buf,i); -- EVP_DigestFinal_ex(&ctx->md_ctx,md,len); -- } -+ EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i); -+ EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx); -+ EVP_DigestUpdate(&ctx->md_ctx, buf, i); -+ EVP_DigestFinal_ex(&ctx->md_ctx, md, len); -+} - - void HMAC_CTX_init(HMAC_CTX *ctx) -- { -- EVP_MD_CTX_init(&ctx->i_ctx); -- EVP_MD_CTX_init(&ctx->o_ctx); -- EVP_MD_CTX_init(&ctx->md_ctx); -- } -+{ -+ EVP_MD_CTX_init(&ctx->i_ctx); -+ EVP_MD_CTX_init(&ctx->o_ctx); -+ EVP_MD_CTX_init(&ctx->md_ctx); -+} - - void HMAC_CTX_cleanup(HMAC_CTX *ctx) -- { -- EVP_MD_CTX_cleanup(&ctx->i_ctx); -- EVP_MD_CTX_cleanup(&ctx->o_ctx); -- EVP_MD_CTX_cleanup(&ctx->md_ctx); -- memset(ctx,0,sizeof *ctx); -- } -+{ -+ EVP_MD_CTX_cleanup(&ctx->i_ctx); -+ EVP_MD_CTX_cleanup(&ctx->o_ctx); -+ EVP_MD_CTX_cleanup(&ctx->md_ctx); -+ memset(ctx, 0, sizeof *ctx); -+} - - unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, -- const unsigned char *d, size_t n, unsigned char *md, -- unsigned int *md_len) -- { -- HMAC_CTX c; -- static unsigned char m[EVP_MAX_MD_SIZE]; -- -- if (md == NULL) md=m; -- HMAC_CTX_init(&c); -- HMAC_Init(&c,key,key_len,evp_md); -- HMAC_Update(&c,d,n); -- HMAC_Final(&c,md,md_len); -- HMAC_CTX_cleanup(&c); -- return(md); -- } -+ const unsigned char *d, size_t n, unsigned char *md, -+ unsigned int *md_len) -+{ -+ HMAC_CTX c; -+ static unsigned char m[EVP_MAX_MD_SIZE]; -+ -+ if (md == NULL) -+ md = m; -+ HMAC_CTX_init(&c); -+ HMAC_Init(&c, key, key_len, evp_md); -+ HMAC_Update(&c, d, n); -+ HMAC_Final(&c, md, md_len); -+ HMAC_CTX_cleanup(&c); -+ return (md); -+} - - void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) -- { -- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -- EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); -- } -+{ -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c -index ecb9cb8..950df98 100644 ---- a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c -+++ b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,110 +59,113 @@ - #include - #include "idea_lcl.h" - --void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, -- IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt) -- { -- register unsigned long tin0,tin1; -- register unsigned long tout0,tout1,xor0,xor1; -- register long l=length; -- unsigned long tin[2]; -+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, -+ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, -+ int encrypt) -+{ -+ register unsigned long tin0, tin1; -+ register unsigned long tout0, tout1, xor0, xor1; -+ register long l = length; -+ unsigned long tin[2]; - -- if (encrypt) -- { -- n2l(iv,tout0); -- n2l(iv,tout1); -- iv-=8; -- for (l-=8; l>=0; l-=8) -- { -- n2l(in,tin0); -- n2l(in,tin1); -- tin0^=tout0; -- tin1^=tout1; -- tin[0]=tin0; -- tin[1]=tin1; -- idea_encrypt(tin,ks); -- tout0=tin[0]; l2n(tout0,out); -- tout1=tin[1]; l2n(tout1,out); -- } -- if (l != -8) -- { -- n2ln(in,tin0,tin1,l+8); -- tin0^=tout0; -- tin1^=tout1; -- tin[0]=tin0; -- tin[1]=tin1; -- idea_encrypt(tin,ks); -- tout0=tin[0]; l2n(tout0,out); -- tout1=tin[1]; l2n(tout1,out); -- } -- l2n(tout0,iv); -- l2n(tout1,iv); -- } -- else -- { -- n2l(iv,xor0); -- n2l(iv,xor1); -- iv-=8; -- for (l-=8; l>=0; l-=8) -- { -- n2l(in,tin0); tin[0]=tin0; -- n2l(in,tin1); tin[1]=tin1; -- idea_encrypt(tin,ks); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- l2n(tout0,out); -- l2n(tout1,out); -- xor0=tin0; -- xor1=tin1; -- } -- if (l != -8) -- { -- n2l(in,tin0); tin[0]=tin0; -- n2l(in,tin1); tin[1]=tin1; -- idea_encrypt(tin,ks); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- l2nn(tout0,tout1,out,l+8); -- xor0=tin0; -- xor1=tin1; -- } -- l2n(xor0,iv); -- l2n(xor1,iv); -- } -- tin0=tin1=tout0=tout1=xor0=xor1=0; -- tin[0]=tin[1]=0; -- } -+ if (encrypt) { -+ n2l(iv, tout0); -+ n2l(iv, tout1); -+ iv -= 8; -+ for (l -= 8; l >= 0; l -= 8) { -+ n2l(in, tin0); -+ n2l(in, tin1); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ tin[0] = tin0; -+ tin[1] = tin1; -+ idea_encrypt(tin, ks); -+ tout0 = tin[0]; -+ l2n(tout0, out); -+ tout1 = tin[1]; -+ l2n(tout1, out); -+ } -+ if (l != -8) { -+ n2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ tin[0] = tin0; -+ tin[1] = tin1; -+ idea_encrypt(tin, ks); -+ tout0 = tin[0]; -+ l2n(tout0, out); -+ tout1 = tin[1]; -+ l2n(tout1, out); -+ } -+ l2n(tout0, iv); -+ l2n(tout1, iv); -+ } else { -+ n2l(iv, xor0); -+ n2l(iv, xor1); -+ iv -= 8; -+ for (l -= 8; l >= 0; l -= 8) { -+ n2l(in, tin0); -+ tin[0] = tin0; -+ n2l(in, tin1); -+ tin[1] = tin1; -+ idea_encrypt(tin, ks); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2n(tout0, out); -+ l2n(tout1, out); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ if (l != -8) { -+ n2l(in, tin0); -+ tin[0] = tin0; -+ n2l(in, tin1); -+ tin[1] = tin1; -+ idea_encrypt(tin, ks); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2nn(tout0, tout1, out, l + 8); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ l2n(xor0, iv); -+ l2n(xor1, iv); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} - - void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key) -- { -- register IDEA_INT *p; -- register unsigned long x1,x2,x3,x4,t0,t1,ul; -+{ -+ register IDEA_INT *p; -+ register unsigned long x1, x2, x3, x4, t0, t1, ul; - -- x2=d[0]; -- x1=(x2>>16); -- x4=d[1]; -- x3=(x4>>16); -+ x2 = d[0]; -+ x1 = (x2 >> 16); -+ x4 = d[1]; -+ x3 = (x4 >> 16); - -- p= &(key->data[0][0]); -+ p = &(key->data[0][0]); - -- E_IDEA(0); -- E_IDEA(1); -- E_IDEA(2); -- E_IDEA(3); -- E_IDEA(4); -- E_IDEA(5); -- E_IDEA(6); -- E_IDEA(7); -+ E_IDEA(0); -+ E_IDEA(1); -+ E_IDEA(2); -+ E_IDEA(3); -+ E_IDEA(4); -+ E_IDEA(5); -+ E_IDEA(6); -+ E_IDEA(7); - -- x1&=0xffff; -- idea_mul(x1,x1,*p,ul); p++; -+ x1 &= 0xffff; -+ idea_mul(x1, x1, *p, ul); -+ p++; - -- t0= x3+ *(p++); -- t1= x2+ *(p++); -+ t0 = x3 + *(p++); -+ t1 = x2 + *(p++); - -- x4&=0xffff; -- idea_mul(x4,x4,*p,ul); -+ x4 &= 0xffff; -+ idea_mul(x4, x4, *p, ul); - -- d[0]=(t0&0xffff)|((x1&0xffff)<<16); -- d[1]=(x4&0xffff)|((t1&0xffff)<<16); -- } -+ d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16); -+ d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16); -+} -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c -index 66d49d5..a1547ed 100644 ---- a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c -+++ b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,64 +59,65 @@ - #include - #include "idea_lcl.h" - --/* The input and output encrypted as though 64bit cfb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit cfb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - - void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, IDEA_KEY_SCHEDULE *schedule, -- unsigned char *ivec, int *num, int encrypt) -- { -- register unsigned long v0,v1,t; -- register int n= *num; -- register long l=length; -- unsigned long ti[2]; -- unsigned char *iv,c,cc; -- -- iv=(unsigned char *)ivec; -- if (encrypt) -- { -- while (l--) -- { -- if (n == 0) -- { -- n2l(iv,v0); ti[0]=v0; -- n2l(iv,v1); ti[1]=v1; -- idea_encrypt((unsigned long *)ti,schedule); -- iv=(unsigned char *)ivec; -- t=ti[0]; l2n(t,iv); -- t=ti[1]; l2n(t,iv); -- iv=(unsigned char *)ivec; -- } -- c= *(in++)^iv[n]; -- *(out++)=c; -- iv[n]=c; -- n=(n+1)&0x07; -- } -- } -- else -- { -- while (l--) -- { -- if (n == 0) -- { -- n2l(iv,v0); ti[0]=v0; -- n2l(iv,v1); ti[1]=v1; -- idea_encrypt((unsigned long *)ti,schedule); -- iv=(unsigned char *)ivec; -- t=ti[0]; l2n(t,iv); -- t=ti[1]; l2n(t,iv); -- iv=(unsigned char *)ivec; -- } -- cc= *(in++); -- c=iv[n]; -- iv[n]=cc; -- *(out++)=c^cc; -- n=(n+1)&0x07; -- } -- } -- v0=v1=ti[0]=ti[1]=t=c=cc=0; -- *num=n; -- } -+ long length, IDEA_KEY_SCHEDULE *schedule, -+ unsigned char *ivec, int *num, int encrypt) -+{ -+ register unsigned long v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ unsigned long ti[2]; -+ unsigned char *iv, c, cc; - -+ iv = (unsigned char *)ivec; -+ if (encrypt) { -+ while (l--) { -+ if (n == 0) { -+ n2l(iv, v0); -+ ti[0] = v0; -+ n2l(iv, v1); -+ ti[1] = v1; -+ idea_encrypt((unsigned long *)ti, schedule); -+ iv = (unsigned char *)ivec; -+ t = ti[0]; -+ l2n(t, iv); -+ t = ti[1]; -+ l2n(t, iv); -+ iv = (unsigned char *)ivec; -+ } -+ c = *(in++) ^ iv[n]; -+ *(out++) = c; -+ iv[n] = c; -+ n = (n + 1) & 0x07; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ n2l(iv, v0); -+ ti[0] = v0; -+ n2l(iv, v1); -+ ti[1] = v1; -+ idea_encrypt((unsigned long *)ti, schedule); -+ iv = (unsigned char *)ivec; -+ t = ti[0]; -+ l2n(t, iv); -+ t = ti[1]; -+ l2n(t, iv); -+ iv = (unsigned char *)ivec; -+ } -+ cc = *(in++); -+ c = iv[n]; -+ iv[n] = cc; -+ *(out++) = c ^ cc; -+ n = (n + 1) & 0x07; -+ } -+ } -+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c -index fef3823..a6b879a 100644 ---- a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c -+++ b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,26 +60,29 @@ - #include "idea_lcl.h" - #include - --const char IDEA_version[]="IDEA" OPENSSL_VERSION_PTEXT; -+const char IDEA_version[] = "IDEA" OPENSSL_VERSION_PTEXT; - - const char *idea_options(void) -- { -- if (sizeof(short) != sizeof(IDEA_INT)) -- return("idea(int)"); -- else -- return("idea(short)"); -- } -+{ -+ if (sizeof(short) != sizeof(IDEA_INT)) -+ return ("idea(int)"); -+ else -+ return ("idea(short)"); -+} - - void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, -- IDEA_KEY_SCHEDULE *ks) -- { -- unsigned long l0,l1,d[2]; -- -- n2l(in,l0); d[0]=l0; -- n2l(in,l1); d[1]=l1; -- idea_encrypt(d,ks); -- l0=d[0]; l2n(l0,out); -- l1=d[1]; l2n(l1,out); -- l0=l1=d[0]=d[1]=0; -- } -+ IDEA_KEY_SCHEDULE *ks) -+{ -+ unsigned long l0, l1, d[2]; - -+ n2l(in, l0); -+ d[0] = l0; -+ n2l(in, l1); -+ d[1] = l1; -+ idea_encrypt(d, ks); -+ l0 = d[0]; -+ l2n(l0, out); -+ l1 = d[1]; -+ l2n(l1, out); -+ l0 = l1 = d[0] = d[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c -index e749e88..aa59488 100644 ---- a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c -+++ b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,53 +59,52 @@ - #include - #include "idea_lcl.h" - --/* The input and output encrypted as though 64bit ofb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit ofb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, IDEA_KEY_SCHEDULE *schedule, -- unsigned char *ivec, int *num) -- { -- register unsigned long v0,v1,t; -- register int n= *num; -- register long l=length; -- unsigned char d[8]; -- register char *dp; -- unsigned long ti[2]; -- unsigned char *iv; -- int save=0; -- -- iv=(unsigned char *)ivec; -- n2l(iv,v0); -- n2l(iv,v1); -- ti[0]=v0; -- ti[1]=v1; -- dp=(char *)d; -- l2n(v0,dp); -- l2n(v1,dp); -- while (l--) -- { -- if (n == 0) -- { -- idea_encrypt((unsigned long *)ti,schedule); -- dp=(char *)d; -- t=ti[0]; l2n(t,dp); -- t=ti[1]; l2n(t,dp); -- save++; -- } -- *(out++)= *(in++)^d[n]; -- n=(n+1)&0x07; -- } -- if (save) -- { -- v0=ti[0]; -- v1=ti[1]; -- iv=(unsigned char *)ivec; -- l2n(v0,iv); -- l2n(v1,iv); -- } -- t=v0=v1=ti[0]=ti[1]=0; -- *num=n; -- } -+ long length, IDEA_KEY_SCHEDULE *schedule, -+ unsigned char *ivec, int *num) -+{ -+ register unsigned long v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ unsigned char d[8]; -+ register char *dp; -+ unsigned long ti[2]; -+ unsigned char *iv; -+ int save = 0; - -+ iv = (unsigned char *)ivec; -+ n2l(iv, v0); -+ n2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ dp = (char *)d; -+ l2n(v0, dp); -+ l2n(v1, dp); -+ while (l--) { -+ if (n == 0) { -+ idea_encrypt((unsigned long *)ti, schedule); -+ dp = (char *)d; -+ t = ti[0]; -+ l2n(t, dp); -+ t = ti[1]; -+ l2n(t, dp); -+ save++; -+ } -+ *(out++) = *(in++) ^ d[n]; -+ n = (n + 1) & 0x07; -+ } -+ if (save) { -+ v0 = ti[0]; -+ v1 = ti[1]; -+ iv = (unsigned char *)ivec; -+ l2n(v0, iv); -+ l2n(v1, iv); -+ } -+ t = v0 = v1 = ti[0] = ti[1] = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c -index fa75b14..195e2ef 100644 ---- a/Cryptlib/OpenSSL/crypto/idea/i_skey.c -+++ b/Cryptlib/OpenSSL/crypto/idea/i_skey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,7 +59,7 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #include "idea_lcl.h" -@@ -68,107 +68,113 @@ static IDEA_INT inverse(unsigned int xin); - - #ifdef OPENSSL_FIPS - void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) -- { -- if (FIPS_mode()) -- FIPS_BAD_ABORT(IDEA) -- private_idea_set_encrypt_key(key, ks); -- } -+{ -+ if (FIPS_mode()) -+ FIPS_BAD_ABORT(IDEA) -+ private_idea_set_encrypt_key(key, ks); -+} -+ - void private_idea_set_encrypt_key(const unsigned char *key, -- IDEA_KEY_SCHEDULE *ks) -+ IDEA_KEY_SCHEDULE *ks) - #else - void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) - #endif -- { -- int i; -- register IDEA_INT *kt,*kf,r0,r1,r2; -+{ -+ int i; -+ register IDEA_INT *kt, *kf, r0, r1, r2; - -- kt= &(ks->data[0][0]); -- n2s(key,kt[0]); n2s(key,kt[1]); n2s(key,kt[2]); n2s(key,kt[3]); -- n2s(key,kt[4]); n2s(key,kt[5]); n2s(key,kt[6]); n2s(key,kt[7]); -+ kt = &(ks->data[0][0]); -+ n2s(key, kt[0]); -+ n2s(key, kt[1]); -+ n2s(key, kt[2]); -+ n2s(key, kt[3]); -+ n2s(key, kt[4]); -+ n2s(key, kt[5]); -+ n2s(key, kt[6]); -+ n2s(key, kt[7]); - -- kf=kt; -- kt+=8; -- for (i=0; i<6; i++) -- { -- r2= kf[1]; -- r1= kf[2]; -- *(kt++)= ((r2<<9) | (r1>>7))&0xffff; -- r0= kf[3]; -- *(kt++)= ((r1<<9) | (r0>>7))&0xffff; -- r1= kf[4]; -- *(kt++)= ((r0<<9) | (r1>>7))&0xffff; -- r0= kf[5]; -- *(kt++)= ((r1<<9) | (r0>>7))&0xffff; -- r1= kf[6]; -- *(kt++)= ((r0<<9) | (r1>>7))&0xffff; -- r0= kf[7]; -- *(kt++)= ((r1<<9) | (r0>>7))&0xffff; -- r1= kf[0]; -- if (i >= 5) break; -- *(kt++)= ((r0<<9) | (r1>>7))&0xffff; -- *(kt++)= ((r1<<9) | (r2>>7))&0xffff; -- kf+=8; -- } -- } -+ kf = kt; -+ kt += 8; -+ for (i = 0; i < 6; i++) { -+ r2 = kf[1]; -+ r1 = kf[2]; -+ *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff; -+ r0 = kf[3]; -+ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; -+ r1 = kf[4]; -+ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; -+ r0 = kf[5]; -+ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; -+ r1 = kf[6]; -+ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; -+ r0 = kf[7]; -+ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; -+ r1 = kf[0]; -+ if (i >= 5) -+ break; -+ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; -+ *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff; -+ kf += 8; -+ } -+} - - void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) -- { -- int r; -- register IDEA_INT *tp,t; -- const IDEA_INT *fp; -+{ -+ int r; -+ register IDEA_INT *tp, t; -+ const IDEA_INT *fp; - -- tp= &(dk->data[0][0]); -- fp= &(ek->data[8][0]); -- for (r=0; r<9; r++) -- { -- *(tp++)=inverse(fp[0]); -- *(tp++)=((int)(0x10000L-fp[2])&0xffff); -- *(tp++)=((int)(0x10000L-fp[1])&0xffff); -- *(tp++)=inverse(fp[3]); -- if (r == 8) break; -- fp-=6; -- *(tp++)=fp[4]; -- *(tp++)=fp[5]; -- } -+ tp = &(dk->data[0][0]); -+ fp = &(ek->data[8][0]); -+ for (r = 0; r < 9; r++) { -+ *(tp++) = inverse(fp[0]); -+ *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff); -+ *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff); -+ *(tp++) = inverse(fp[3]); -+ if (r == 8) -+ break; -+ fp -= 6; -+ *(tp++) = fp[4]; -+ *(tp++) = fp[5]; -+ } - -- tp= &(dk->data[0][0]); -- t=tp[1]; -- tp[1]=tp[2]; -- tp[2]=t; -+ tp = &(dk->data[0][0]); -+ t = tp[1]; -+ tp[1] = tp[2]; -+ tp[2] = t; - -- t=tp[49]; -- tp[49]=tp[50]; -- tp[50]=t; -- } -+ t = tp[49]; -+ tp[49] = tp[50]; -+ tp[50] = t; -+} - - /* taken directly from the 'paper' I'll have a look at it later */ - static IDEA_INT inverse(unsigned int xin) -- { -- long n1,n2,q,r,b1,b2,t; -+{ -+ long n1, n2, q, r, b1, b2, t; - -- if (xin == 0) -- b2=0; -- else -- { -- n1=0x10001; -- n2=xin; -- b2=1; -- b1=0; -+ if (xin == 0) -+ b2 = 0; -+ else { -+ n1 = 0x10001; -+ n2 = xin; -+ b2 = 1; -+ b1 = 0; - -- do { -- r=(n1%n2); -- q=(n1-r)/n2; -- if (r == 0) -- { if (b2 < 0) b2=0x10001+b2; } -- else -- { -- n1=n2; -- n2=r; -- t=b2; -- b2=b1-q*b2; -- b1=t; -- } -- } while (r != 0); -- } -- return((IDEA_INT)b2); -- } -+ do { -+ r = (n1 % n2); -+ q = (n1 - r) / n2; -+ if (r == 0) { -+ if (b2 < 0) -+ b2 = 0x10001 + b2; -+ } else { -+ n1 = n2; -+ n2 = r; -+ t = b2; -+ b2 = b1 - q * b2; -+ b1 = t; -+ } -+ } while (r != 0); -+ } -+ return ((IDEA_INT) b2); -+} -diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c -index 1fb741d..d9851e9 100644 ---- a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c -+++ b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c -@@ -1,7 +1,8 @@ - /* krb5_asn.c */ --/* Written by Vern Staats for the OpenSSL project, --** using ocsp/{*.h,*asn*.c} as a starting point --*/ -+/* -+ * Written by Vern Staats for the OpenSSL project, ** -+ * using ocsp/{*.h,*asn*.c} as a starting point -+ */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,107 +62,101 @@ - - - ASN1_SEQUENCE(KRB5_ENCDATA) = { -- ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0), -- ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1), -- ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2) -+ ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0), -+ ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1), -+ ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2) - } ASN1_SEQUENCE_END(KRB5_ENCDATA) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA) - - - ASN1_SEQUENCE(KRB5_PRINCNAME) = { -- ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0), -- ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1) -+ ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0), -+ ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1) - } ASN1_SEQUENCE_END(KRB5_PRINCNAME) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME) - -- - /* [APPLICATION 1] = 0x61 */ - ASN1_SEQUENCE(KRB5_TKTBODY) = { -- ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0), -- ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1), -- ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2), -- ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3) -+ ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1), -+ ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2), -+ ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3) - } ASN1_SEQUENCE_END(KRB5_TKTBODY) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY) - - --ASN1_ITEM_TEMPLATE(KRB5_TICKET) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, -- KRB5_TICKET, KRB5_TKTBODY) -+ASN1_ITEM_TEMPLATE(KRB5_TICKET) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, -+ KRB5_TICKET, KRB5_TKTBODY) - ASN1_ITEM_TEMPLATE_END(KRB5_TICKET) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET) - -- - /* [APPLICATION 14] = 0x6e */ - ASN1_SEQUENCE(KRB5_APREQBODY) = { -- ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0), -- ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1), -- ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2), -- ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3), -- ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4), -+ ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1), -+ ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2), -+ ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3), -+ ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4), - } ASN1_SEQUENCE_END(KRB5_APREQBODY) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY) - --ASN1_ITEM_TEMPLATE(KRB5_APREQ) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14, -- KRB5_APREQ, KRB5_APREQBODY) -+ASN1_ITEM_TEMPLATE(KRB5_APREQ) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14, -+ KRB5_APREQ, KRB5_APREQBODY) - ASN1_ITEM_TEMPLATE_END(KRB5_APREQ) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ) - -- --/* Authenticator stuff */ -+/* Authenticator stuff */ - - ASN1_SEQUENCE(KRB5_CHECKSUM) = { -- ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0), -- ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1) -+ ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1) - } ASN1_SEQUENCE_END(KRB5_CHECKSUM) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM) - - - ASN1_SEQUENCE(KRB5_ENCKEY) = { -- ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0), -- ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1) -+ ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1) - } ASN1_SEQUENCE_END(KRB5_ENCKEY) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY) - -- - /* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */ - ASN1_SEQUENCE(KRB5_AUTHDATA) = { -- ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0), -- ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1) -+ ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1) - } ASN1_SEQUENCE_END(KRB5_AUTHDATA) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA) - -- - /* [APPLICATION 2] = 0x62 */ - ASN1_SEQUENCE(KRB5_AUTHENTBODY) = { -- ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0), -- ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1), -- ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2), -- ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3), -- ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4), -- ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5), -- ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6), -- ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7), -- ASN1_EXP_SEQUENCE_OF_OPT -- (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8), -+ ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0), -+ ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1), -+ ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2), -+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3), -+ ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4), -+ ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5), -+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6), -+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7), -+ ASN1_EXP_SEQUENCE_OF_OPT -+ (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8), - } ASN1_SEQUENCE_END(KRB5_AUTHENTBODY) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) - --ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2, -- KRB5_AUTHENT, KRB5_AUTHENTBODY) -+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2, -+ KRB5_AUTHENT, KRB5_AUTHENTBODY) - ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT) - - IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT) -- -diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c -index 5aa7766..2e87a46 100644 ---- a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c -+++ b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,190 +59,188 @@ - #include - #include - #include --/* If you wish to build this outside of SSLeay, remove the following lines -- * and things should work as expected */ -+/* -+ * If you wish to build this outside of SSLeay, remove the following lines -+ * and things should work as expected -+ */ - #include "cryptlib.h" - - #ifndef OPENSSL_NO_BIO --#include -+# include - #endif - #include - - #ifdef OPENSSL_NO_BIO - - void lh_stats(LHASH *lh, FILE *out) -- { -- fprintf(out,"num_items = %lu\n",lh->num_items); -- fprintf(out,"num_nodes = %u\n",lh->num_nodes); -- fprintf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); -- fprintf(out,"num_expands = %lu\n",lh->num_expands); -- fprintf(out,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs); -- fprintf(out,"num_contracts = %lu\n",lh->num_contracts); -- fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs); -- fprintf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); -- fprintf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); -- fprintf(out,"num_insert = %lu\n",lh->num_insert); -- fprintf(out,"num_replace = %lu\n",lh->num_replace); -- fprintf(out,"num_delete = %lu\n",lh->num_delete); -- fprintf(out,"num_no_delete = %lu\n",lh->num_no_delete); -- fprintf(out,"num_retrieve = %lu\n",lh->num_retrieve); -- fprintf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); -- fprintf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); --#if 0 -- fprintf(out,"p = %u\n",lh->p); -- fprintf(out,"pmax = %u\n",lh->pmax); -- fprintf(out,"up_load = %lu\n",lh->up_load); -- fprintf(out,"down_load = %lu\n",lh->down_load); --#endif -- } -+{ -+ fprintf(out, "num_items = %lu\n", lh->num_items); -+ fprintf(out, "num_nodes = %u\n", lh->num_nodes); -+ fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); -+ fprintf(out, "num_expands = %lu\n", lh->num_expands); -+ fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); -+ fprintf(out, "num_contracts = %lu\n", lh->num_contracts); -+ fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); -+ fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); -+ fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); -+ fprintf(out, "num_insert = %lu\n", lh->num_insert); -+ fprintf(out, "num_replace = %lu\n", lh->num_replace); -+ fprintf(out, "num_delete = %lu\n", lh->num_delete); -+ fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete); -+ fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve); -+ fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); -+ fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); -+# if 0 -+ fprintf(out, "p = %u\n", lh->p); -+ fprintf(out, "pmax = %u\n", lh->pmax); -+ fprintf(out, "up_load = %lu\n", lh->up_load); -+ fprintf(out, "down_load = %lu\n", lh->down_load); -+# endif -+} - - void lh_node_stats(LHASH *lh, FILE *out) -- { -- LHASH_NODE *n; -- unsigned int i,num; -- -- for (i=0; inum_nodes; i++) -- { -- for (n=lh->b[i],num=0; n != NULL; n=n->next) -- num++; -- fprintf(out,"node %6u -> %3u\n",i,num); -- } -- } -+{ -+ LHASH_NODE *n; -+ unsigned int i, num; -+ -+ for (i = 0; i < lh->num_nodes; i++) { -+ for (n = lh->b[i], num = 0; n != NULL; n = n->next) -+ num++; -+ fprintf(out, "node %6u -> %3u\n", i, num); -+ } -+} - - void lh_node_usage_stats(LHASH *lh, FILE *out) -- { -- LHASH_NODE *n; -- unsigned long num; -- unsigned int i; -- unsigned long total=0,n_used=0; -- -- for (i=0; inum_nodes; i++) -- { -- for (n=lh->b[i],num=0; n != NULL; n=n->next) -- num++; -- if (num != 0) -- { -- n_used++; -- total+=num; -- } -- } -- fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); -- fprintf(out,"%lu items\n",total); -- if (n_used == 0) return; -- fprintf(out,"load %d.%02d actual load %d.%02d\n", -- (int)(total/lh->num_nodes), -- (int)((total%lh->num_nodes)*100/lh->num_nodes), -- (int)(total/n_used), -- (int)((total%n_used)*100/n_used)); -- } -+{ -+ LHASH_NODE *n; -+ unsigned long num; -+ unsigned int i; -+ unsigned long total = 0, n_used = 0; -+ -+ for (i = 0; i < lh->num_nodes; i++) { -+ for (n = lh->b[i], num = 0; n != NULL; n = n->next) -+ num++; -+ if (num != 0) { -+ n_used++; -+ total += num; -+ } -+ } -+ fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); -+ fprintf(out, "%lu items\n", total); -+ if (n_used == 0) -+ return; -+ fprintf(out, "load %d.%02d actual load %d.%02d\n", -+ (int)(total / lh->num_nodes), -+ (int)((total % lh->num_nodes) * 100 / lh->num_nodes), -+ (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); -+} - - #else - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - void lh_stats(const LHASH *lh, FILE *fp) -- { -- BIO *bp; -- -- bp=BIO_new(BIO_s_file()); -- if (bp == NULL) goto end; -- BIO_set_fp(bp,fp,BIO_NOCLOSE); -- lh_stats_bio(lh,bp); -- BIO_free(bp); --end:; -- } -+{ -+ BIO *bp; -+ -+ bp = BIO_new(BIO_s_file()); -+ if (bp == NULL) -+ goto end; -+ BIO_set_fp(bp, fp, BIO_NOCLOSE); -+ lh_stats_bio(lh, bp); -+ BIO_free(bp); -+ end:; -+} - - void lh_node_stats(const LHASH *lh, FILE *fp) -- { -- BIO *bp; -- -- bp=BIO_new(BIO_s_file()); -- if (bp == NULL) goto end; -- BIO_set_fp(bp,fp,BIO_NOCLOSE); -- lh_node_stats_bio(lh,bp); -- BIO_free(bp); --end:; -- } -+{ -+ BIO *bp; -+ -+ bp = BIO_new(BIO_s_file()); -+ if (bp == NULL) -+ goto end; -+ BIO_set_fp(bp, fp, BIO_NOCLOSE); -+ lh_node_stats_bio(lh, bp); -+ BIO_free(bp); -+ end:; -+} - - void lh_node_usage_stats(const LHASH *lh, FILE *fp) -- { -- BIO *bp; -+{ -+ BIO *bp; - -- bp=BIO_new(BIO_s_file()); -- if (bp == NULL) goto end; -- BIO_set_fp(bp,fp,BIO_NOCLOSE); -- lh_node_usage_stats_bio(lh,bp); -- BIO_free(bp); --end:; -- } -+ bp = BIO_new(BIO_s_file()); -+ if (bp == NULL) -+ goto end; -+ BIO_set_fp(bp, fp, BIO_NOCLOSE); -+ lh_node_usage_stats_bio(lh, bp); -+ BIO_free(bp); -+ end:; -+} - --#endif -+# endif - - void lh_stats_bio(const LHASH *lh, BIO *out) -- { -- BIO_printf(out,"num_items = %lu\n",lh->num_items); -- BIO_printf(out,"num_nodes = %u\n",lh->num_nodes); -- BIO_printf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); -- BIO_printf(out,"num_expands = %lu\n",lh->num_expands); -- BIO_printf(out,"num_expand_reallocs = %lu\n", -- lh->num_expand_reallocs); -- BIO_printf(out,"num_contracts = %lu\n",lh->num_contracts); -- BIO_printf(out,"num_contract_reallocs = %lu\n", -- lh->num_contract_reallocs); -- BIO_printf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); -- BIO_printf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); -- BIO_printf(out,"num_insert = %lu\n",lh->num_insert); -- BIO_printf(out,"num_replace = %lu\n",lh->num_replace); -- BIO_printf(out,"num_delete = %lu\n",lh->num_delete); -- BIO_printf(out,"num_no_delete = %lu\n",lh->num_no_delete); -- BIO_printf(out,"num_retrieve = %lu\n",lh->num_retrieve); -- BIO_printf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); -- BIO_printf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); --#if 0 -- BIO_printf(out,"p = %u\n",lh->p); -- BIO_printf(out,"pmax = %u\n",lh->pmax); -- BIO_printf(out,"up_load = %lu\n",lh->up_load); -- BIO_printf(out,"down_load = %lu\n",lh->down_load); --#endif -- } -+{ -+ BIO_printf(out, "num_items = %lu\n", lh->num_items); -+ BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); -+ BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); -+ BIO_printf(out, "num_expands = %lu\n", lh->num_expands); -+ BIO_printf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); -+ BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts); -+ BIO_printf(out, "num_contract_reallocs = %lu\n", -+ lh->num_contract_reallocs); -+ BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); -+ BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); -+ BIO_printf(out, "num_insert = %lu\n", lh->num_insert); -+ BIO_printf(out, "num_replace = %lu\n", lh->num_replace); -+ BIO_printf(out, "num_delete = %lu\n", lh->num_delete); -+ BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete); -+ BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); -+ BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); -+ BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); -+# if 0 -+ BIO_printf(out, "p = %u\n", lh->p); -+ BIO_printf(out, "pmax = %u\n", lh->pmax); -+ BIO_printf(out, "up_load = %lu\n", lh->up_load); -+ BIO_printf(out, "down_load = %lu\n", lh->down_load); -+# endif -+} - - void lh_node_stats_bio(const LHASH *lh, BIO *out) -- { -- LHASH_NODE *n; -- unsigned int i,num; -- -- for (i=0; inum_nodes; i++) -- { -- for (n=lh->b[i],num=0; n != NULL; n=n->next) -- num++; -- BIO_printf(out,"node %6u -> %3u\n",i,num); -- } -- } -+{ -+ LHASH_NODE *n; -+ unsigned int i, num; -+ -+ for (i = 0; i < lh->num_nodes; i++) { -+ for (n = lh->b[i], num = 0; n != NULL; n = n->next) -+ num++; -+ BIO_printf(out, "node %6u -> %3u\n", i, num); -+ } -+} - - void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) -- { -- LHASH_NODE *n; -- unsigned long num; -- unsigned int i; -- unsigned long total=0,n_used=0; -- -- for (i=0; inum_nodes; i++) -- { -- for (n=lh->b[i],num=0; n != NULL; n=n->next) -- num++; -- if (num != 0) -- { -- n_used++; -- total+=num; -- } -- } -- BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); -- BIO_printf(out,"%lu items\n",total); -- if (n_used == 0) return; -- BIO_printf(out,"load %d.%02d actual load %d.%02d\n", -- (int)(total/lh->num_nodes), -- (int)((total%lh->num_nodes)*100/lh->num_nodes), -- (int)(total/n_used), -- (int)((total%n_used)*100/n_used)); -- } -+{ -+ LHASH_NODE *n; -+ unsigned long num; -+ unsigned int i; -+ unsigned long total = 0, n_used = 0; -+ -+ for (i = 0; i < lh->num_nodes; i++) { -+ for (n = lh->b[i], num = 0; n != NULL; n = n->next) -+ num++; -+ if (num != 0) { -+ n_used++; -+ total += num; -+ } -+ } -+ BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); -+ BIO_printf(out, "%lu items\n", total); -+ if (n_used == 0) -+ return; -+ BIO_printf(out, "load %d.%02d actual load %d.%02d\n", -+ (int)(total / lh->num_nodes), -+ (int)((total % lh->num_nodes) * 100 / lh->num_nodes), -+ (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c -index 0b41f87..d48fe56 100644 ---- a/Cryptlib/OpenSSL/crypto/lhash/lhash.c -+++ b/Cryptlib/OpenSSL/crypto/lhash/lhash.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,32 +49,33 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* Code for dynamic hash table routines -+/*- -+ * Code for dynamic hash table routines - * Author - Eric Young v 2.0 - * - * 2.2 eay - added #include "crypto.h" so the memory leak checking code is -- * present. eay 18-Jun-98 -+ * present. eay 18-Jun-98 - * - * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98 - * - * 2.0 eay - Fixed a bug that occurred when using lh_delete -- * from inside lh_doall(). As entries were deleted, -- * the 'table' was 'contract()ed', making some entries -- * jump from the end of the table to the start, there by -- * skipping the lh_doall() processing. eay - 4/12/95 -+ * from inside lh_doall(). As entries were deleted, -+ * the 'table' was 'contract()ed', making some entries -+ * jump from the end of the table to the start, there by -+ * skipping the lh_doall() processing. eay - 4/12/95 - * - * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs -- * were not being free()ed. 21/11/95 -+ * were not being free()ed. 21/11/95 - * - * 1.8 eay - Put the stats routines into a separate file, lh_stats.c -- * 19/09/95 -+ * 19/09/95 - * - * 1.7 eay - Removed the fputs() for realloc failures - the code - * should silently tolerate them. I have also fixed things -@@ -100,375 +101,357 @@ - #include - #include - --const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT; -+const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; - --#undef MIN_NODES --#define MIN_NODES 16 --#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ --#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ -+#undef MIN_NODES -+#define MIN_NODES 16 -+#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ -+#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ - - static void expand(LHASH *lh); - static void contract(LHASH *lh); - static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash); - - LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) -- { -- LHASH *ret; -- int i; -- -- if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL) -- goto err0; -- if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) -- goto err1; -- for (i=0; ib[i]=NULL; -- ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c); -- ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h); -- ret->num_nodes=MIN_NODES/2; -- ret->num_alloc_nodes=MIN_NODES; -- ret->p=0; -- ret->pmax=MIN_NODES/2; -- ret->up_load=UP_LOAD; -- ret->down_load=DOWN_LOAD; -- ret->num_items=0; -- -- ret->num_expands=0; -- ret->num_expand_reallocs=0; -- ret->num_contracts=0; -- ret->num_contract_reallocs=0; -- ret->num_hash_calls=0; -- ret->num_comp_calls=0; -- ret->num_insert=0; -- ret->num_replace=0; -- ret->num_delete=0; -- ret->num_no_delete=0; -- ret->num_retrieve=0; -- ret->num_retrieve_miss=0; -- ret->num_hash_comps=0; -- -- ret->error=0; -- return(ret); --err1: -- OPENSSL_free(ret); --err0: -- return(NULL); -- } -+{ -+ LHASH *ret; -+ int i; -+ -+ if ((ret = (LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL) -+ goto err0; -+ if ((ret->b = -+ (LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == -+ NULL) -+ goto err1; -+ for (i = 0; i < MIN_NODES; i++) -+ ret->b[i] = NULL; -+ ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c); -+ ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h); -+ ret->num_nodes = MIN_NODES / 2; -+ ret->num_alloc_nodes = MIN_NODES; -+ ret->p = 0; -+ ret->pmax = MIN_NODES / 2; -+ ret->up_load = UP_LOAD; -+ ret->down_load = DOWN_LOAD; -+ ret->num_items = 0; -+ -+ ret->num_expands = 0; -+ ret->num_expand_reallocs = 0; -+ ret->num_contracts = 0; -+ ret->num_contract_reallocs = 0; -+ ret->num_hash_calls = 0; -+ ret->num_comp_calls = 0; -+ ret->num_insert = 0; -+ ret->num_replace = 0; -+ ret->num_delete = 0; -+ ret->num_no_delete = 0; -+ ret->num_retrieve = 0; -+ ret->num_retrieve_miss = 0; -+ ret->num_hash_comps = 0; -+ -+ ret->error = 0; -+ return (ret); -+ err1: -+ OPENSSL_free(ret); -+ err0: -+ return (NULL); -+} - - void lh_free(LHASH *lh) -- { -- unsigned int i; -- LHASH_NODE *n,*nn; -- -- if (lh == NULL) -- return; -- -- for (i=0; inum_nodes; i++) -- { -- n=lh->b[i]; -- while (n != NULL) -- { -- nn=n->next; -- OPENSSL_free(n); -- n=nn; -- } -- } -- OPENSSL_free(lh->b); -- OPENSSL_free(lh); -- } -+{ -+ unsigned int i; -+ LHASH_NODE *n, *nn; -+ -+ if (lh == NULL) -+ return; -+ -+ for (i = 0; i < lh->num_nodes; i++) { -+ n = lh->b[i]; -+ while (n != NULL) { -+ nn = n->next; -+ OPENSSL_free(n); -+ n = nn; -+ } -+ } -+ OPENSSL_free(lh->b); -+ OPENSSL_free(lh); -+} - - void *lh_insert(LHASH *lh, void *data) -- { -- unsigned long hash; -- LHASH_NODE *nn,**rn; -- void *ret; -- -- lh->error=0; -- if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) -- expand(lh); -- -- rn=getrn(lh,data,&hash); -- -- if (*rn == NULL) -- { -- if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) -- { -- lh->error++; -- return(NULL); -- } -- nn->data=data; -- nn->next=NULL; -+{ -+ unsigned long hash; -+ LHASH_NODE *nn, **rn; -+ void *ret; -+ -+ lh->error = 0; -+ if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) -+ expand(lh); -+ -+ rn = getrn(lh, data, &hash); -+ -+ if (*rn == NULL) { -+ if ((nn = (LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) { -+ lh->error++; -+ return (NULL); -+ } -+ nn->data = data; -+ nn->next = NULL; - #ifndef OPENSSL_NO_HASH_COMP -- nn->hash=hash; -+ nn->hash = hash; - #endif -- *rn=nn; -- ret=NULL; -- lh->num_insert++; -- lh->num_items++; -- } -- else /* replace same key */ -- { -- ret= (*rn)->data; -- (*rn)->data=data; -- lh->num_replace++; -- } -- return(ret); -- } -+ *rn = nn; -+ ret = NULL; -+ lh->num_insert++; -+ lh->num_items++; -+ } else { /* replace same key */ -+ -+ ret = (*rn)->data; -+ (*rn)->data = data; -+ lh->num_replace++; -+ } -+ return (ret); -+} - - void *lh_delete(LHASH *lh, const void *data) -- { -- unsigned long hash; -- LHASH_NODE *nn,**rn; -- void *ret; -- -- lh->error=0; -- rn=getrn(lh,data,&hash); -- -- if (*rn == NULL) -- { -- lh->num_no_delete++; -- return(NULL); -- } -- else -- { -- nn= *rn; -- *rn=nn->next; -- ret=nn->data; -- OPENSSL_free(nn); -- lh->num_delete++; -- } -- -- lh->num_items--; -- if ((lh->num_nodes > MIN_NODES) && -- (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) -- contract(lh); -- -- return(ret); -- } -+{ -+ unsigned long hash; -+ LHASH_NODE *nn, **rn; -+ void *ret; -+ -+ lh->error = 0; -+ rn = getrn(lh, data, &hash); -+ -+ if (*rn == NULL) { -+ lh->num_no_delete++; -+ return (NULL); -+ } else { -+ nn = *rn; -+ *rn = nn->next; -+ ret = nn->data; -+ OPENSSL_free(nn); -+ lh->num_delete++; -+ } -+ -+ lh->num_items--; -+ if ((lh->num_nodes > MIN_NODES) && -+ (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))) -+ contract(lh); -+ -+ return (ret); -+} - - void *lh_retrieve(LHASH *lh, const void *data) -- { -- unsigned long hash; -- LHASH_NODE **rn; -- void *ret; -- -- lh->error=0; -- rn=getrn(lh,data,&hash); -- -- if (*rn == NULL) -- { -- lh->num_retrieve_miss++; -- return(NULL); -- } -- else -- { -- ret= (*rn)->data; -- lh->num_retrieve++; -- } -- return(ret); -- } -+{ -+ unsigned long hash; -+ LHASH_NODE **rn; -+ void *ret; -+ -+ lh->error = 0; -+ rn = getrn(lh, data, &hash); -+ -+ if (*rn == NULL) { -+ lh->num_retrieve_miss++; -+ return (NULL); -+ } else { -+ ret = (*rn)->data; -+ lh->num_retrieve++; -+ } -+ return (ret); -+} - - static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, -- LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) -- { -- int i; -- LHASH_NODE *a,*n; -- -- /* reverse the order so we search from 'top to bottom' -- * We were having memory leaks otherwise */ -- for (i=lh->num_nodes-1; i>=0; i--) -- { -- a=lh->b[i]; -- while (a != NULL) -- { -- /* 28/05/91 - eay - n added so items can be deleted -- * via lh_doall */ -- n=a->next; -- if(use_arg) -- func_arg(a->data,arg); -- else -- func(a->data); -- a=n; -- } -- } -- } -+ LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) -+{ -+ int i; -+ LHASH_NODE *a, *n; -+ -+ /* -+ * reverse the order so we search from 'top to bottom' We were having -+ * memory leaks otherwise -+ */ -+ for (i = lh->num_nodes - 1; i >= 0; i--) { -+ a = lh->b[i]; -+ while (a != NULL) { -+ /* -+ * 28/05/91 - eay - n added so items can be deleted via lh_doall -+ */ -+ n = a->next; -+ if (use_arg) -+ func_arg(a->data, arg); -+ else -+ func(a->data); -+ a = n; -+ } -+ } -+} - - void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func) -- { -- doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); -- } -+{ -+ doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); -+} - - void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) -- { -- doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); -- } -+{ -+ doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); -+} - - static void expand(LHASH *lh) -- { -- LHASH_NODE **n,**n1,**n2,*np; -- unsigned int p,i,j,pmax; -- unsigned long hash,nni; -- -- p=(int)lh->p++; -- nni=lh->num_alloc_nodes; -- pmax=lh->pmax; -- -- if ((lh->p) >= lh->pmax) -- { -- j=(int)lh->num_alloc_nodes*2; -- n=(LHASH_NODE **)OPENSSL_realloc(lh->b, -- (int)sizeof(LHASH_NODE *)*j); -- if (n == NULL) -- { --/* fputs("realloc error in lhash",stderr); */ -- lh->error++; -- lh->p=0; -- return; -- } -- /* else */ -- for (i=(int)lh->num_alloc_nodes; ipmax=lh->num_alloc_nodes; -- lh->num_alloc_nodes=j; -- lh->num_expand_reallocs++; -- lh->p=0; -- lh->b=n; -- } -- -- lh->num_nodes++; -- lh->num_expands++; -- n1= &(lh->b[p]); -- n2= &(lh->b[p+pmax]); -- *n2=NULL; /* 27/07/92 - eay - undefined pointer bug */ -- -- for (np= *n1; np != NULL; ) -- { -+{ -+ LHASH_NODE **n, **n1, **n2, *np; -+ unsigned int p, i, j, pmax; -+ unsigned long hash, nni; -+ -+ p = (int)lh->p++; -+ nni = lh->num_alloc_nodes; -+ pmax = lh->pmax; -+ -+ if ((lh->p) >= lh->pmax) { -+ j = (int)lh->num_alloc_nodes * 2; -+ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, -+ (int)sizeof(LHASH_NODE *) * j); -+ if (n == NULL) { -+/* fputs("realloc error in lhash",stderr); */ -+ lh->error++; -+ lh->p = 0; -+ return; -+ } -+ /* else */ -+ for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ -+ n[i] = NULL; /* 02/03/92 eay */ -+ lh->pmax = lh->num_alloc_nodes; -+ lh->num_alloc_nodes = j; -+ lh->num_expand_reallocs++; -+ lh->p = 0; -+ lh->b = n; -+ } -+ -+ lh->num_nodes++; -+ lh->num_expands++; -+ n1 = &(lh->b[p]); -+ n2 = &(lh->b[p + pmax]); -+ *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ -+ -+ for (np = *n1; np != NULL;) { - #ifndef OPENSSL_NO_HASH_COMP -- hash=np->hash; -+ hash = np->hash; - #else -- hash=lh->hash(np->data); -- lh->num_hash_calls++; -+ hash = lh->hash(np->data); -+ lh->num_hash_calls++; - #endif -- if ((hash%nni) != p) -- { /* move it */ -- *n1= (*n1)->next; -- np->next= *n2; -- *n2=np; -- } -- else -- n1= &((*n1)->next); -- np= *n1; -- } -- -- } -+ if ((hash % nni) != p) { /* move it */ -+ *n1 = (*n1)->next; -+ np->next = *n2; -+ *n2 = np; -+ } else -+ n1 = &((*n1)->next); -+ np = *n1; -+ } -+ -+} - - static void contract(LHASH *lh) -- { -- LHASH_NODE **n,*n1,*np; -- int idx = lh->p+lh->pmax-1; -- -- np=lh->b[idx]; -- if (lh->p == 0) -- { -- n=(LHASH_NODE **)OPENSSL_realloc(lh->b, -- (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax)); -- if (n == NULL) -- { --/* fputs("realloc error in lhash",stderr); */ -- lh->error++; -- return; -- } -- lh->num_contract_reallocs++; -- lh->num_alloc_nodes/=2; -- lh->pmax/=2; -- lh->p=lh->pmax-1; -- lh->b=n; -- } -- else -- lh->p--; -- -- lh->b[idx] = NULL; -- lh->num_nodes--; -- lh->num_contracts++; -- -- n1=lh->b[(int)lh->p]; -- if (n1 == NULL) -- lh->b[(int)lh->p]=np; -- else -- { -- while (n1->next != NULL) -- n1=n1->next; -- n1->next=np; -- } -- } -+{ -+ LHASH_NODE **n, *n1, *np; -+ int idx = lh->p + lh->pmax - 1; -+ -+ np = lh->b[idx]; -+ if (lh->p == 0) { -+ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, -+ (unsigned int)(sizeof(LHASH_NODE *) -+ * lh->pmax)); -+ if (n == NULL) { -+/* fputs("realloc error in lhash",stderr); */ -+ lh->error++; -+ return; -+ } -+ lh->num_contract_reallocs++; -+ lh->num_alloc_nodes /= 2; -+ lh->pmax /= 2; -+ lh->p = lh->pmax - 1; -+ lh->b = n; -+ } else -+ lh->p--; -+ -+ lh->b[idx] = NULL; -+ lh->num_nodes--; -+ lh->num_contracts++; -+ -+ n1 = lh->b[(int)lh->p]; -+ if (n1 == NULL) -+ lh->b[(int)lh->p] = np; -+ else { -+ while (n1->next != NULL) -+ n1 = n1->next; -+ n1->next = np; -+ } -+} - - static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash) -- { -- LHASH_NODE **ret,*n1; -- unsigned long hash,nn; -- LHASH_COMP_FN_TYPE cf; -- -- hash=(*(lh->hash))(data); -- lh->num_hash_calls++; -- *rhash=hash; -- -- nn=hash%lh->pmax; -- if (nn < lh->p) -- nn=hash%lh->num_alloc_nodes; -- -- cf=lh->comp; -- ret= &(lh->b[(int)nn]); -- for (n1= *ret; n1 != NULL; n1=n1->next) -- { -+{ -+ LHASH_NODE **ret, *n1; -+ unsigned long hash, nn; -+ LHASH_COMP_FN_TYPE cf; -+ -+ hash = (*(lh->hash)) (data); -+ lh->num_hash_calls++; -+ *rhash = hash; -+ -+ nn = hash % lh->pmax; -+ if (nn < lh->p) -+ nn = hash % lh->num_alloc_nodes; -+ -+ cf = lh->comp; -+ ret = &(lh->b[(int)nn]); -+ for (n1 = *ret; n1 != NULL; n1 = n1->next) { - #ifndef OPENSSL_NO_HASH_COMP -- lh->num_hash_comps++; -- if (n1->hash != hash) -- { -- ret= &(n1->next); -- continue; -- } -+ lh->num_hash_comps++; -+ if (n1->hash != hash) { -+ ret = &(n1->next); -+ continue; -+ } - #endif -- lh->num_comp_calls++; -- if(cf(n1->data,data) == 0) -- break; -- ret= &(n1->next); -- } -- return(ret); -- } -- --/* The following hash seems to work very well on normal text strings -- * no collisions on /usr/dict/words and it distributes on %2^n quite -- * well, not as good as MD5, but still good. -+ lh->num_comp_calls++; -+ if (cf(n1->data, data) == 0) -+ break; -+ ret = &(n1->next); -+ } -+ return (ret); -+} -+ -+/* -+ * The following hash seems to work very well on normal text strings no -+ * collisions on /usr/dict/words and it distributes on %2^n quite well, not -+ * as good as MD5, but still good. - */ - unsigned long lh_strhash(const char *c) -- { -- unsigned long ret=0; -- long n; -- unsigned long v; -- int r; -- -- if ((c == NULL) || (*c == '\0')) -- return(ret); --/* -- unsigned char b[16]; -- MD5(c,strlen(c),b); -- return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); -+{ -+ unsigned long ret = 0; -+ long n; -+ unsigned long v; -+ int r; -+ -+ if ((c == NULL) || (*c == '\0')) -+ return (ret); -+/*- -+ unsigned char b[16]; -+ MD5(c,strlen(c),b); -+ return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); - */ - -- n=0x100; -- while (*c) -- { -- v=n|(*c); -- n+=0x100; -- r= (int)((v>>2)^v)&0x0f; -- ret=(ret<>(32-r)); -- ret&=0xFFFFFFFFL; -- ret^=v*v; -- c++; -- } -- return((ret>>16)^ret); -- } -+ n = 0x100; -+ while (*c) { -+ v = n | (*c); -+ n += 0x100; -+ r = (int)((v >> 2) ^ v) & 0x0f; -+ ret = (ret << r) | (ret >> (32 - r)); -+ ret &= 0xFFFFFFFFL; -+ ret ^= v * v; -+ c++; -+ } -+ return ((ret >> 16) ^ ret); -+} - - unsigned long lh_num_items(const LHASH *lh) -- { -- return lh ? lh->num_items : 0; -- } -+{ -+ return lh ? lh->num_items : 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c -index cc4eeaf..75e7417 100644 ---- a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c -+++ b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,170 +63,167 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #include - --const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; -+const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT; - --/* Implemented from RFC1319 The MD2 Message-Digest Algorithm -+/* -+ * Implemented from RFC1319 The MD2 Message-Digest Algorithm - */ - --#define UCHAR unsigned char -+#define UCHAR unsigned char - - static void md2_block(MD2_CTX *c, const unsigned char *d); --/* The magic S table - I have converted it to hex since it is -- * basically just a random byte string. */ --static MD2_INT S[256]={ -- 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, -- 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, -- 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, -- 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, -- 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, -- 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, -- 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, -- 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, -- 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, -- 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, -- 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, -- 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, -- 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, -- 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, -- 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, -- 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, -- 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, -- 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, -- 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, -- 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, -- 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, -- 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, -- 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, -- 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, -- 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, -- 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, -- 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, -- 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, -- 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, -- 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, -- 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, -- 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, -- }; -+/* -+ * The magic S table - I have converted it to hex since it is basically just -+ * a random byte string. -+ */ -+static MD2_INT S[256] = { -+ 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, -+ 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, -+ 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, -+ 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, -+ 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, -+ 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, -+ 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, -+ 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, -+ 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, -+ 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, -+ 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, -+ 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, -+ 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, -+ 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, -+ 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, -+ 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, -+ 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, -+ 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, -+ 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, -+ 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, -+ 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, -+ 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, -+ 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, -+ 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, -+ 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, -+ 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, -+ 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, -+ 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, -+ 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, -+ 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, -+ 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, -+ 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, -+}; - - const char *MD2_options(void) -- { -- if (sizeof(MD2_INT) == 1) -- return("md2(char)"); -- else -- return("md2(int)"); -- } -+{ -+ if (sizeof(MD2_INT) == 1) -+ return ("md2(char)"); -+ else -+ return ("md2(int)"); -+} - - FIPS_NON_FIPS_MD_Init(MD2) -- { -- c->num=0; -- memset(c->state,0,sizeof c->state); -- memset(c->cksm,0,sizeof c->cksm); -- memset(c->data,0,sizeof c->data); -- return 1; -- } -+{ -+ c->num = 0; -+ memset(c->state, 0, sizeof c->state); -+ memset(c->cksm, 0, sizeof c->cksm); -+ memset(c->data, 0, sizeof c->data); -+ return 1; -+} - - int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len) -- { -- register UCHAR *p; -- -- if (len == 0) return 1; -- -- p=c->data; -- if (c->num != 0) -- { -- if ((c->num+len) >= MD2_BLOCK) -- { -- memcpy(&(p[c->num]),data,MD2_BLOCK-c->num); -- md2_block(c,c->data); -- data+=(MD2_BLOCK - c->num); -- len-=(MD2_BLOCK - c->num); -- c->num=0; -- /* drop through and do the rest */ -- } -- else -- { -- memcpy(&(p[c->num]),data,len); -- /* data+=len; */ -- c->num+=(int)len; -- return 1; -- } -- } -- /* we now can process the input data in blocks of MD2_BLOCK -- * chars and save the leftovers to c->data. */ -- while (len >= MD2_BLOCK) -- { -- md2_block(c,data); -- data+=MD2_BLOCK; -- len-=MD2_BLOCK; -- } -- memcpy(p,data,len); -- c->num=(int)len; -- return 1; -- } -+{ -+ register UCHAR *p; -+ -+ if (len == 0) -+ return 1; -+ -+ p = c->data; -+ if (c->num != 0) { -+ if ((c->num + len) >= MD2_BLOCK) { -+ memcpy(&(p[c->num]), data, MD2_BLOCK - c->num); -+ md2_block(c, c->data); -+ data += (MD2_BLOCK - c->num); -+ len -= (MD2_BLOCK - c->num); -+ c->num = 0; -+ /* drop through and do the rest */ -+ } else { -+ memcpy(&(p[c->num]), data, len); -+ /* data+=len; */ -+ c->num += (int)len; -+ return 1; -+ } -+ } -+ /* -+ * we now can process the input data in blocks of MD2_BLOCK chars and -+ * save the leftovers to c->data. -+ */ -+ while (len >= MD2_BLOCK) { -+ md2_block(c, data); -+ data += MD2_BLOCK; -+ len -= MD2_BLOCK; -+ } -+ memcpy(p, data, len); -+ c->num = (int)len; -+ return 1; -+} - - static void md2_block(MD2_CTX *c, const unsigned char *d) -- { -- register MD2_INT t,*sp1,*sp2; -- register int i,j; -- MD2_INT state[48]; -- -- sp1=c->state; -- sp2=c->cksm; -- j=sp2[MD2_BLOCK-1]; -- for (i=0; i<16; i++) -- { -- state[i]=sp1[i]; -- state[i+16]=t=d[i]; -- state[i+32]=(t^sp1[i]); -- j=sp2[i]^=S[t^j]; -- } -- t=0; -- for (i=0; i<18; i++) -- { -- for (j=0; j<48; j+=8) -- { -- t= state[j+ 0]^=S[t]; -- t= state[j+ 1]^=S[t]; -- t= state[j+ 2]^=S[t]; -- t= state[j+ 3]^=S[t]; -- t= state[j+ 4]^=S[t]; -- t= state[j+ 5]^=S[t]; -- t= state[j+ 6]^=S[t]; -- t= state[j+ 7]^=S[t]; -- } -- t=(t+i)&0xff; -- } -- memcpy(sp1,state,16*sizeof(MD2_INT)); -- OPENSSL_cleanse(state,48*sizeof(MD2_INT)); -- } -+{ -+ register MD2_INT t, *sp1, *sp2; -+ register int i, j; -+ MD2_INT state[48]; -+ -+ sp1 = c->state; -+ sp2 = c->cksm; -+ j = sp2[MD2_BLOCK - 1]; -+ for (i = 0; i < 16; i++) { -+ state[i] = sp1[i]; -+ state[i + 16] = t = d[i]; -+ state[i + 32] = (t ^ sp1[i]); -+ j = sp2[i] ^= S[t ^ j]; -+ } -+ t = 0; -+ for (i = 0; i < 18; i++) { -+ for (j = 0; j < 48; j += 8) { -+ t = state[j + 0] ^= S[t]; -+ t = state[j + 1] ^= S[t]; -+ t = state[j + 2] ^= S[t]; -+ t = state[j + 3] ^= S[t]; -+ t = state[j + 4] ^= S[t]; -+ t = state[j + 5] ^= S[t]; -+ t = state[j + 6] ^= S[t]; -+ t = state[j + 7] ^= S[t]; -+ } -+ t = (t + i) & 0xff; -+ } -+ memcpy(sp1, state, 16 * sizeof(MD2_INT)); -+ OPENSSL_cleanse(state, 48 * sizeof(MD2_INT)); -+} - - int MD2_Final(unsigned char *md, MD2_CTX *c) -- { -- int i,v; -- register UCHAR *cp; -- register MD2_INT *p1,*p2; -- -- cp=c->data; -- p1=c->state; -- p2=c->cksm; -- v=MD2_BLOCK-c->num; -- for (i=c->num; idata; -+ p1 = c->state; -+ p2 = c->cksm; -+ v = MD2_BLOCK - c->num; -+ for (i = c->num; i < MD2_BLOCK; i++) -+ cp[i] = (UCHAR) v; -+ -+ md2_block(c, cp); -+ -+ for (i = 0; i < MD2_BLOCK; i++) -+ cp[i] = (UCHAR) p2[i]; -+ md2_block(c, cp); -+ -+ for (i = 0; i < 16; i++) -+ md[i] = (UCHAR) (p1[i] & 0xff); -+ memset((char *)&c, 0, sizeof(c)); -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c -index f7fef5c..cd2631b 100644 ---- a/Cryptlib/OpenSSL/crypto/md2/md2_one.c -+++ b/Cryptlib/OpenSSL/crypto/md2/md2_one.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,35 +60,37 @@ - #include "cryptlib.h" - #include - --/* This is a separate file so that #defines in cryptlib.h can -- * map my MD functions to different names */ -+/* -+ * This is a separate file so that #defines in cryptlib.h can map my MD -+ * functions to different names -+ */ - - unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md) -- { -- MD2_CTX c; -- static unsigned char m[MD2_DIGEST_LENGTH]; -+{ -+ MD2_CTX c; -+ static unsigned char m[MD2_DIGEST_LENGTH]; - -- if (md == NULL) md=m; -- if (!MD2_Init(&c)) -- return NULL; -+ if (md == NULL) -+ md = m; -+ if (!MD2_Init(&c)) -+ return NULL; - #ifndef CHARSET_EBCDIC -- MD2_Update(&c,d,n); -+ MD2_Update(&c, d, n); - #else -- { -- char temp[1024]; -- unsigned long chunk; -+ { -+ char temp[1024]; -+ unsigned long chunk; - -- while (n > 0) -- { -- chunk = (n > sizeof(temp)) ? sizeof(temp) : n; -- ebcdic2ascii(temp, d, chunk); -- MD2_Update(&c,temp,chunk); -- n -= chunk; -- d += chunk; -- } -- } -+ while (n > 0) { -+ chunk = (n > sizeof(temp)) ? sizeof(temp) : n; -+ ebcdic2ascii(temp, d, chunk); -+ MD2_Update(&c, temp, chunk); -+ n -= chunk; -+ d += chunk; -+ } -+ } - #endif -- MD2_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ -- return(md); -- } -+ MD2_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */ -+ return (md); -+} -diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c -index 0f54486..584d9b8 100644 ---- a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c -+++ b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,13 +61,13 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -+const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT; - --const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; -- --/* Implemented from RFC1186 The MD4 Message-Digest Algorithm -+/* -+ * Implemented from RFC1186 The MD4 Message-Digest Algorithm - */ - - #define INIT_DATA_A (unsigned long)0x67452301L -@@ -76,99 +76,129 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; - #define INIT_DATA_D (unsigned long)0x10325476L - - FIPS_NON_FIPS_MD_Init(MD4) -- { -- c->A=INIT_DATA_A; -- c->B=INIT_DATA_B; -- c->C=INIT_DATA_C; -- c->D=INIT_DATA_D; -- c->Nl=0; -- c->Nh=0; -- c->num=0; -- return 1; -- } -+{ -+ c->A = INIT_DATA_A; -+ c->B = INIT_DATA_B; -+ c->C = INIT_DATA_C; -+ c->D = INIT_DATA_D; -+ c->Nl = 0; -+ c->Nh = 0; -+ c->num = 0; -+ return 1; -+} - - #ifndef md4_block_data_order --#ifdef X --#undef X --#endif --void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num) -- { -- const unsigned char *data=data_; -- register unsigned MD32_REG_T A,B,C,D,l; --#ifndef MD32_XARRAY -- /* See comment in crypto/sha/sha_locl.h for details. */ -- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, -- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; --# define X(i) XX##i --#else -- MD4_LONG XX[MD4_LBLOCK]; --# define X(i) XX[i] --#endif -+# ifdef X -+# undef X -+# endif -+void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) -+{ -+ const unsigned char *data = data_; -+ register unsigned MD32_REG_T A, B, C, D, l; -+# ifndef MD32_XARRAY -+ /* See comment in crypto/sha/sha_locl.h for details. */ -+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, -+ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -+# define X(i) XX##i -+# else -+ MD4_LONG XX[MD4_LBLOCK]; -+# define X(i) XX[i] -+# endif - -- A=c->A; -- B=c->B; -- C=c->C; -- D=c->D; -+ A = c->A; -+ B = c->B; -+ C = c->C; -+ D = c->D; - -- for (;num--;) -- { -- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; -- /* Round 0 */ -- R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l; -- R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l; -- R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l; -- R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l; -- R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l; -- R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l; -- R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l; -- R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l; -- R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l; -- R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l; -- R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l; -- R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l; -- R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l; -- R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l; -- R0(C,D,A,B,X(14),11,0); -- R0(B,C,D,A,X(15),19,0); -- /* Round 1 */ -- R1(A,B,C,D,X( 0), 3,0x5A827999L); -- R1(D,A,B,C,X( 4), 5,0x5A827999L); -- R1(C,D,A,B,X( 8), 9,0x5A827999L); -- R1(B,C,D,A,X(12),13,0x5A827999L); -- R1(A,B,C,D,X( 1), 3,0x5A827999L); -- R1(D,A,B,C,X( 5), 5,0x5A827999L); -- R1(C,D,A,B,X( 9), 9,0x5A827999L); -- R1(B,C,D,A,X(13),13,0x5A827999L); -- R1(A,B,C,D,X( 2), 3,0x5A827999L); -- R1(D,A,B,C,X( 6), 5,0x5A827999L); -- R1(C,D,A,B,X(10), 9,0x5A827999L); -- R1(B,C,D,A,X(14),13,0x5A827999L); -- R1(A,B,C,D,X( 3), 3,0x5A827999L); -- R1(D,A,B,C,X( 7), 5,0x5A827999L); -- R1(C,D,A,B,X(11), 9,0x5A827999L); -- R1(B,C,D,A,X(15),13,0x5A827999L); -- /* Round 2 */ -- R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L); -- R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L); -- R2(C,D,A,B,X( 4),11,0x6ED9EBA1L); -- R2(B,C,D,A,X(12),15,0x6ED9EBA1L); -- R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L); -- R2(D,A,B,C,X(10), 9,0x6ED9EBA1L); -- R2(C,D,A,B,X( 6),11,0x6ED9EBA1L); -- R2(B,C,D,A,X(14),15,0x6ED9EBA1L); -- R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L); -- R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L); -- R2(C,D,A,B,X( 5),11,0x6ED9EBA1L); -- R2(B,C,D,A,X(13),15,0x6ED9EBA1L); -- R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L); -- R2(D,A,B,C,X(11), 9,0x6ED9EBA1L); -- R2(C,D,A,B,X( 7),11,0x6ED9EBA1L); -- R2(B,C,D,A,X(15),15,0x6ED9EBA1L); -+ for (; num--;) { -+ HOST_c2l(data, l); -+ X(0) = l; -+ HOST_c2l(data, l); -+ X(1) = l; -+ /* Round 0 */ -+ R0(A, B, C, D, X(0), 3, 0); -+ HOST_c2l(data, l); -+ X(2) = l; -+ R0(D, A, B, C, X(1), 7, 0); -+ HOST_c2l(data, l); -+ X(3) = l; -+ R0(C, D, A, B, X(2), 11, 0); -+ HOST_c2l(data, l); -+ X(4) = l; -+ R0(B, C, D, A, X(3), 19, 0); -+ HOST_c2l(data, l); -+ X(5) = l; -+ R0(A, B, C, D, X(4), 3, 0); -+ HOST_c2l(data, l); -+ X(6) = l; -+ R0(D, A, B, C, X(5), 7, 0); -+ HOST_c2l(data, l); -+ X(7) = l; -+ R0(C, D, A, B, X(6), 11, 0); -+ HOST_c2l(data, l); -+ X(8) = l; -+ R0(B, C, D, A, X(7), 19, 0); -+ HOST_c2l(data, l); -+ X(9) = l; -+ R0(A, B, C, D, X(8), 3, 0); -+ HOST_c2l(data, l); -+ X(10) = l; -+ R0(D, A, B, C, X(9), 7, 0); -+ HOST_c2l(data, l); -+ X(11) = l; -+ R0(C, D, A, B, X(10), 11, 0); -+ HOST_c2l(data, l); -+ X(12) = l; -+ R0(B, C, D, A, X(11), 19, 0); -+ HOST_c2l(data, l); -+ X(13) = l; -+ R0(A, B, C, D, X(12), 3, 0); -+ HOST_c2l(data, l); -+ X(14) = l; -+ R0(D, A, B, C, X(13), 7, 0); -+ HOST_c2l(data, l); -+ X(15) = l; -+ R0(C, D, A, B, X(14), 11, 0); -+ R0(B, C, D, A, X(15), 19, 0); -+ /* Round 1 */ -+ R1(A, B, C, D, X(0), 3, 0x5A827999L); -+ R1(D, A, B, C, X(4), 5, 0x5A827999L); -+ R1(C, D, A, B, X(8), 9, 0x5A827999L); -+ R1(B, C, D, A, X(12), 13, 0x5A827999L); -+ R1(A, B, C, D, X(1), 3, 0x5A827999L); -+ R1(D, A, B, C, X(5), 5, 0x5A827999L); -+ R1(C, D, A, B, X(9), 9, 0x5A827999L); -+ R1(B, C, D, A, X(13), 13, 0x5A827999L); -+ R1(A, B, C, D, X(2), 3, 0x5A827999L); -+ R1(D, A, B, C, X(6), 5, 0x5A827999L); -+ R1(C, D, A, B, X(10), 9, 0x5A827999L); -+ R1(B, C, D, A, X(14), 13, 0x5A827999L); -+ R1(A, B, C, D, X(3), 3, 0x5A827999L); -+ R1(D, A, B, C, X(7), 5, 0x5A827999L); -+ R1(C, D, A, B, X(11), 9, 0x5A827999L); -+ R1(B, C, D, A, X(15), 13, 0x5A827999L); -+ /* Round 2 */ -+ R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L); -+ R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L); -+ R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L); -+ R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L); -+ R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L); -+ R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L); -+ R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L); -+ R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L); -+ R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L); -+ R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L); -+ R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L); -+ R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L); -+ R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L); -+ R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L); -+ R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L); -+ R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L); - -- A = c->A += A; -- B = c->B += B; -- C = c->C += C; -- D = c->D += D; -- } -- } -+ A = c->A += A; -+ B = c->B += B; -+ C = c->C += C; -+ D = c->D += D; -+ } -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c -index bb64362..32ebd5f 100644 ---- a/Cryptlib/OpenSSL/crypto/md4/md4_one.c -+++ b/Cryptlib/OpenSSL/crypto/md4/md4_one.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,36 +62,35 @@ - #include - - #ifdef CHARSET_EBCDIC --#include -+# include - #endif - - unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) -- { -- MD4_CTX c; -- static unsigned char m[MD4_DIGEST_LENGTH]; -+{ -+ MD4_CTX c; -+ static unsigned char m[MD4_DIGEST_LENGTH]; - -- if (md == NULL) md=m; -- if (!MD4_Init(&c)) -- return NULL; -+ if (md == NULL) -+ md = m; -+ if (!MD4_Init(&c)) -+ return NULL; - #ifndef CHARSET_EBCDIC -- MD4_Update(&c,d,n); -+ MD4_Update(&c, d, n); - #else -- { -- char temp[1024]; -- unsigned long chunk; -+ { -+ char temp[1024]; -+ unsigned long chunk; - -- while (n > 0) -- { -- chunk = (n > sizeof(temp)) ? sizeof(temp) : n; -- ebcdic2ascii(temp, d, chunk); -- MD4_Update(&c,temp,chunk); -- n -= chunk; -- d += chunk; -- } -- } -+ while (n > 0) { -+ chunk = (n > sizeof(temp)) ? sizeof(temp) : n; -+ ebcdic2ascii(temp, d, chunk); -+ MD4_Update(&c, temp, chunk); -+ n -= chunk; -+ d += chunk; -+ } -+ } - #endif -- MD4_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ -- return(md); -- } -- -+ MD4_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ -+ return (md); -+} -diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c -index 47bb902..efebf9e 100644 ---- a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c -+++ b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,13 +61,13 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -+const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT; - --const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; -- --/* Implemented from RFC1321 The MD5 Message-Digest Algorithm -+/* -+ * Implemented from RFC1321 The MD5 Message-Digest Algorithm - */ - - #define INIT_DATA_A (unsigned long)0x67452301L -@@ -76,116 +76,146 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; - #define INIT_DATA_D (unsigned long)0x10325476L - - FIPS_NON_FIPS_MD_Init(MD5) -- { -- c->A=INIT_DATA_A; -- c->B=INIT_DATA_B; -- c->C=INIT_DATA_C; -- c->D=INIT_DATA_D; -- c->Nl=0; -- c->Nh=0; -- c->num=0; -- return 1; -- } -+{ -+ c->A = INIT_DATA_A; -+ c->B = INIT_DATA_B; -+ c->C = INIT_DATA_C; -+ c->D = INIT_DATA_D; -+ c->Nl = 0; -+ c->Nh = 0; -+ c->num = 0; -+ return 1; -+} - - #ifndef md5_block_data_order --#ifdef X --#undef X --#endif --void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num) -- { -- const unsigned char *data=data_; -- register unsigned MD32_REG_T A,B,C,D,l; --#ifndef MD32_XARRAY -- /* See comment in crypto/sha/sha_locl.h for details. */ -- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, -- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; --# define X(i) XX##i --#else -- MD5_LONG XX[MD5_LBLOCK]; --# define X(i) XX[i] --#endif -+# ifdef X -+# undef X -+# endif -+void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) -+{ -+ const unsigned char *data = data_; -+ register unsigned MD32_REG_T A, B, C, D, l; -+# ifndef MD32_XARRAY -+ /* See comment in crypto/sha/sha_locl.h for details. */ -+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, -+ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -+# define X(i) XX##i -+# else -+ MD5_LONG XX[MD5_LBLOCK]; -+# define X(i) XX[i] -+# endif - -- A=c->A; -- B=c->B; -- C=c->C; -- D=c->D; -+ A = c->A; -+ B = c->B; -+ C = c->C; -+ D = c->D; - -- for (;num--;) -- { -- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; -- /* Round 0 */ -- R0(A,B,C,D,X( 0), 7,0xd76aa478L); HOST_c2l(data,l); X( 2)=l; -- R0(D,A,B,C,X( 1),12,0xe8c7b756L); HOST_c2l(data,l); X( 3)=l; -- R0(C,D,A,B,X( 2),17,0x242070dbL); HOST_c2l(data,l); X( 4)=l; -- R0(B,C,D,A,X( 3),22,0xc1bdceeeL); HOST_c2l(data,l); X( 5)=l; -- R0(A,B,C,D,X( 4), 7,0xf57c0fafL); HOST_c2l(data,l); X( 6)=l; -- R0(D,A,B,C,X( 5),12,0x4787c62aL); HOST_c2l(data,l); X( 7)=l; -- R0(C,D,A,B,X( 6),17,0xa8304613L); HOST_c2l(data,l); X( 8)=l; -- R0(B,C,D,A,X( 7),22,0xfd469501L); HOST_c2l(data,l); X( 9)=l; -- R0(A,B,C,D,X( 8), 7,0x698098d8L); HOST_c2l(data,l); X(10)=l; -- R0(D,A,B,C,X( 9),12,0x8b44f7afL); HOST_c2l(data,l); X(11)=l; -- R0(C,D,A,B,X(10),17,0xffff5bb1L); HOST_c2l(data,l); X(12)=l; -- R0(B,C,D,A,X(11),22,0x895cd7beL); HOST_c2l(data,l); X(13)=l; -- R0(A,B,C,D,X(12), 7,0x6b901122L); HOST_c2l(data,l); X(14)=l; -- R0(D,A,B,C,X(13),12,0xfd987193L); HOST_c2l(data,l); X(15)=l; -- R0(C,D,A,B,X(14),17,0xa679438eL); -- R0(B,C,D,A,X(15),22,0x49b40821L); -- /* Round 1 */ -- R1(A,B,C,D,X( 1), 5,0xf61e2562L); -- R1(D,A,B,C,X( 6), 9,0xc040b340L); -- R1(C,D,A,B,X(11),14,0x265e5a51L); -- R1(B,C,D,A,X( 0),20,0xe9b6c7aaL); -- R1(A,B,C,D,X( 5), 5,0xd62f105dL); -- R1(D,A,B,C,X(10), 9,0x02441453L); -- R1(C,D,A,B,X(15),14,0xd8a1e681L); -- R1(B,C,D,A,X( 4),20,0xe7d3fbc8L); -- R1(A,B,C,D,X( 9), 5,0x21e1cde6L); -- R1(D,A,B,C,X(14), 9,0xc33707d6L); -- R1(C,D,A,B,X( 3),14,0xf4d50d87L); -- R1(B,C,D,A,X( 8),20,0x455a14edL); -- R1(A,B,C,D,X(13), 5,0xa9e3e905L); -- R1(D,A,B,C,X( 2), 9,0xfcefa3f8L); -- R1(C,D,A,B,X( 7),14,0x676f02d9L); -- R1(B,C,D,A,X(12),20,0x8d2a4c8aL); -- /* Round 2 */ -- R2(A,B,C,D,X( 5), 4,0xfffa3942L); -- R2(D,A,B,C,X( 8),11,0x8771f681L); -- R2(C,D,A,B,X(11),16,0x6d9d6122L); -- R2(B,C,D,A,X(14),23,0xfde5380cL); -- R2(A,B,C,D,X( 1), 4,0xa4beea44L); -- R2(D,A,B,C,X( 4),11,0x4bdecfa9L); -- R2(C,D,A,B,X( 7),16,0xf6bb4b60L); -- R2(B,C,D,A,X(10),23,0xbebfbc70L); -- R2(A,B,C,D,X(13), 4,0x289b7ec6L); -- R2(D,A,B,C,X( 0),11,0xeaa127faL); -- R2(C,D,A,B,X( 3),16,0xd4ef3085L); -- R2(B,C,D,A,X( 6),23,0x04881d05L); -- R2(A,B,C,D,X( 9), 4,0xd9d4d039L); -- R2(D,A,B,C,X(12),11,0xe6db99e5L); -- R2(C,D,A,B,X(15),16,0x1fa27cf8L); -- R2(B,C,D,A,X( 2),23,0xc4ac5665L); -- /* Round 3 */ -- R3(A,B,C,D,X( 0), 6,0xf4292244L); -- R3(D,A,B,C,X( 7),10,0x432aff97L); -- R3(C,D,A,B,X(14),15,0xab9423a7L); -- R3(B,C,D,A,X( 5),21,0xfc93a039L); -- R3(A,B,C,D,X(12), 6,0x655b59c3L); -- R3(D,A,B,C,X( 3),10,0x8f0ccc92L); -- R3(C,D,A,B,X(10),15,0xffeff47dL); -- R3(B,C,D,A,X( 1),21,0x85845dd1L); -- R3(A,B,C,D,X( 8), 6,0x6fa87e4fL); -- R3(D,A,B,C,X(15),10,0xfe2ce6e0L); -- R3(C,D,A,B,X( 6),15,0xa3014314L); -- R3(B,C,D,A,X(13),21,0x4e0811a1L); -- R3(A,B,C,D,X( 4), 6,0xf7537e82L); -- R3(D,A,B,C,X(11),10,0xbd3af235L); -- R3(C,D,A,B,X( 2),15,0x2ad7d2bbL); -- R3(B,C,D,A,X( 9),21,0xeb86d391L); -+ for (; num--;) { -+ HOST_c2l(data, l); -+ X(0) = l; -+ HOST_c2l(data, l); -+ X(1) = l; -+ /* Round 0 */ -+ R0(A, B, C, D, X(0), 7, 0xd76aa478L); -+ HOST_c2l(data, l); -+ X(2) = l; -+ R0(D, A, B, C, X(1), 12, 0xe8c7b756L); -+ HOST_c2l(data, l); -+ X(3) = l; -+ R0(C, D, A, B, X(2), 17, 0x242070dbL); -+ HOST_c2l(data, l); -+ X(4) = l; -+ R0(B, C, D, A, X(3), 22, 0xc1bdceeeL); -+ HOST_c2l(data, l); -+ X(5) = l; -+ R0(A, B, C, D, X(4), 7, 0xf57c0fafL); -+ HOST_c2l(data, l); -+ X(6) = l; -+ R0(D, A, B, C, X(5), 12, 0x4787c62aL); -+ HOST_c2l(data, l); -+ X(7) = l; -+ R0(C, D, A, B, X(6), 17, 0xa8304613L); -+ HOST_c2l(data, l); -+ X(8) = l; -+ R0(B, C, D, A, X(7), 22, 0xfd469501L); -+ HOST_c2l(data, l); -+ X(9) = l; -+ R0(A, B, C, D, X(8), 7, 0x698098d8L); -+ HOST_c2l(data, l); -+ X(10) = l; -+ R0(D, A, B, C, X(9), 12, 0x8b44f7afL); -+ HOST_c2l(data, l); -+ X(11) = l; -+ R0(C, D, A, B, X(10), 17, 0xffff5bb1L); -+ HOST_c2l(data, l); -+ X(12) = l; -+ R0(B, C, D, A, X(11), 22, 0x895cd7beL); -+ HOST_c2l(data, l); -+ X(13) = l; -+ R0(A, B, C, D, X(12), 7, 0x6b901122L); -+ HOST_c2l(data, l); -+ X(14) = l; -+ R0(D, A, B, C, X(13), 12, 0xfd987193L); -+ HOST_c2l(data, l); -+ X(15) = l; -+ R0(C, D, A, B, X(14), 17, 0xa679438eL); -+ R0(B, C, D, A, X(15), 22, 0x49b40821L); -+ /* Round 1 */ -+ R1(A, B, C, D, X(1), 5, 0xf61e2562L); -+ R1(D, A, B, C, X(6), 9, 0xc040b340L); -+ R1(C, D, A, B, X(11), 14, 0x265e5a51L); -+ R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL); -+ R1(A, B, C, D, X(5), 5, 0xd62f105dL); -+ R1(D, A, B, C, X(10), 9, 0x02441453L); -+ R1(C, D, A, B, X(15), 14, 0xd8a1e681L); -+ R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L); -+ R1(A, B, C, D, X(9), 5, 0x21e1cde6L); -+ R1(D, A, B, C, X(14), 9, 0xc33707d6L); -+ R1(C, D, A, B, X(3), 14, 0xf4d50d87L); -+ R1(B, C, D, A, X(8), 20, 0x455a14edL); -+ R1(A, B, C, D, X(13), 5, 0xa9e3e905L); -+ R1(D, A, B, C, X(2), 9, 0xfcefa3f8L); -+ R1(C, D, A, B, X(7), 14, 0x676f02d9L); -+ R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL); -+ /* Round 2 */ -+ R2(A, B, C, D, X(5), 4, 0xfffa3942L); -+ R2(D, A, B, C, X(8), 11, 0x8771f681L); -+ R2(C, D, A, B, X(11), 16, 0x6d9d6122L); -+ R2(B, C, D, A, X(14), 23, 0xfde5380cL); -+ R2(A, B, C, D, X(1), 4, 0xa4beea44L); -+ R2(D, A, B, C, X(4), 11, 0x4bdecfa9L); -+ R2(C, D, A, B, X(7), 16, 0xf6bb4b60L); -+ R2(B, C, D, A, X(10), 23, 0xbebfbc70L); -+ R2(A, B, C, D, X(13), 4, 0x289b7ec6L); -+ R2(D, A, B, C, X(0), 11, 0xeaa127faL); -+ R2(C, D, A, B, X(3), 16, 0xd4ef3085L); -+ R2(B, C, D, A, X(6), 23, 0x04881d05L); -+ R2(A, B, C, D, X(9), 4, 0xd9d4d039L); -+ R2(D, A, B, C, X(12), 11, 0xe6db99e5L); -+ R2(C, D, A, B, X(15), 16, 0x1fa27cf8L); -+ R2(B, C, D, A, X(2), 23, 0xc4ac5665L); -+ /* Round 3 */ -+ R3(A, B, C, D, X(0), 6, 0xf4292244L); -+ R3(D, A, B, C, X(7), 10, 0x432aff97L); -+ R3(C, D, A, B, X(14), 15, 0xab9423a7L); -+ R3(B, C, D, A, X(5), 21, 0xfc93a039L); -+ R3(A, B, C, D, X(12), 6, 0x655b59c3L); -+ R3(D, A, B, C, X(3), 10, 0x8f0ccc92L); -+ R3(C, D, A, B, X(10), 15, 0xffeff47dL); -+ R3(B, C, D, A, X(1), 21, 0x85845dd1L); -+ R3(A, B, C, D, X(8), 6, 0x6fa87e4fL); -+ R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L); -+ R3(C, D, A, B, X(6), 15, 0xa3014314L); -+ R3(B, C, D, A, X(13), 21, 0x4e0811a1L); -+ R3(A, B, C, D, X(4), 6, 0xf7537e82L); -+ R3(D, A, B, C, X(11), 10, 0xbd3af235L); -+ R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL); -+ R3(B, C, D, A, X(9), 21, 0xeb86d391L); - -- A = c->A += A; -- B = c->B += B; -- C = c->C += C; -- D = c->D += D; -- } -- } -+ A = c->A += A; -+ B = c->B += B; -+ C = c->C += C; -+ D = c->D += D; -+ } -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c -index 43fee89..4ac882e 100644 ---- a/Cryptlib/OpenSSL/crypto/md5/md5_one.c -+++ b/Cryptlib/OpenSSL/crypto/md5/md5_one.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,36 +62,35 @@ - #include - - #ifdef CHARSET_EBCDIC --#include -+# include - #endif - - unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) -- { -- MD5_CTX c; -- static unsigned char m[MD5_DIGEST_LENGTH]; -+{ -+ MD5_CTX c; -+ static unsigned char m[MD5_DIGEST_LENGTH]; - -- if (md == NULL) md=m; -- if (!MD5_Init(&c)) -- return NULL; -+ if (md == NULL) -+ md = m; -+ if (!MD5_Init(&c)) -+ return NULL; - #ifndef CHARSET_EBCDIC -- MD5_Update(&c,d,n); -+ MD5_Update(&c, d, n); - #else -- { -- char temp[1024]; -- unsigned long chunk; -+ { -+ char temp[1024]; -+ unsigned long chunk; - -- while (n > 0) -- { -- chunk = (n > sizeof(temp)) ? sizeof(temp) : n; -- ebcdic2ascii(temp, d, chunk); -- MD5_Update(&c,temp,chunk); -- n -= chunk; -- d += chunk; -- } -- } -+ while (n > 0) { -+ chunk = (n > sizeof(temp)) ? sizeof(temp) : n; -+ ebcdic2ascii(temp, d, chunk); -+ MD5_Update(&c, temp, chunk); -+ n -= chunk; -+ d += chunk; -+ } -+ } - #endif -- MD5_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ -- return(md); -- } -- -+ MD5_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ -+ return (md); -+} -diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c -index 05d7b9c..0620a51 100644 ---- a/Cryptlib/OpenSSL/crypto/mem.c -+++ b/Cryptlib/OpenSSL/crypto/mem.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,390 +61,427 @@ - #include - #include "cryptlib.h" - -+static int allow_customize = 1; /* we provide flexible functions for */ -+static int allow_customize_debug = 1; /* exchanging memory-related functions -+ * at run-time, but this must be done -+ * before any blocks are actually -+ * allocated; or we'll run into huge -+ * problems when malloc/free pairs -+ * don't match etc. */ - --static int allow_customize = 1; /* we provide flexible functions for */ --static int allow_customize_debug = 1;/* exchanging memory-related functions at -- * run-time, but this must be done -- * before any blocks are actually -- * allocated; or we'll run into huge -- * problems when malloc/free pairs -- * don't match etc. */ -- -- -- --/* the following pointers may be changed as long as 'allow_customize' is set */ -+/* -+ * the following pointers may be changed as long as 'allow_customize' is set -+ */ - --static void *(*malloc_func)(size_t) = malloc; -+static void *(*malloc_func) (size_t) = malloc; - static void *default_malloc_ex(size_t num, const char *file, int line) -- { return malloc_func(num); } --static void *(*malloc_ex_func)(size_t, const char *file, int line) -- = default_malloc_ex; -+{ -+ return malloc_func(num); -+} - --static void *(*realloc_func)(void *, size_t)= realloc; -+static void *(*malloc_ex_func) (size_t, const char *file, int line) -+ = default_malloc_ex; -+ -+static void *(*realloc_func) (void *, size_t) = realloc; - static void *default_realloc_ex(void *str, size_t num, -- const char *file, int line) -- { return realloc_func(str,num); } --static void *(*realloc_ex_func)(void *, size_t, const char *file, int line) -- = default_realloc_ex; -+ const char *file, int line) -+{ -+ return realloc_func(str, num); -+} - --static void (*free_func)(void *) = free; -+static void *(*realloc_ex_func) (void *, size_t, const char *file, int line) -+ = default_realloc_ex; - --static void *(*malloc_locked_func)(size_t) = malloc; --static void *default_malloc_locked_ex(size_t num, const char *file, int line) -- { return malloc_locked_func(num); } --static void *(*malloc_locked_ex_func)(size_t, const char *file, int line) -- = default_malloc_locked_ex; -+static void (*free_func) (void *) = free; - --static void (*free_locked_func)(void *) = free; -+static void *(*malloc_locked_func) (size_t) = malloc; -+static void *default_malloc_locked_ex(size_t num, const char *file, int line) -+{ -+ return malloc_locked_func(num); -+} - -+static void *(*malloc_locked_ex_func) (size_t, const char *file, int line) -+ = default_malloc_locked_ex; - -+static void (*free_locked_func) (void *) = free; - - /* may be changed as long as 'allow_customize_debug' is set */ - /* XXX use correct function pointer types */ - #if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS) - /* use default functions from mem_dbg.c */ --static void (*malloc_debug_func)(void *,int,const char *,int,int) -- = CRYPTO_dbg_malloc; --static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) -- = CRYPTO_dbg_realloc; --static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; --static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; --static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; -- --static int (*push_info_func)(const char *info, const char *file, int line) -- = CRYPTO_dbg_push_info; --static int (*pop_info_func)(void) -- = CRYPTO_dbg_pop_info; --static int (*remove_all_info_func)(void) -- = CRYPTO_dbg_remove_all_info; -+static void (*malloc_debug_func) (void *, int, const char *, int, int) -+ = CRYPTO_dbg_malloc; -+static void (*realloc_debug_func) (void *, void *, int, const char *, int, -+ int) -+ = CRYPTO_dbg_realloc; -+static void (*free_debug_func) (void *, int) = CRYPTO_dbg_free; -+static void (*set_debug_options_func) (long) = CRYPTO_dbg_set_options; -+static long (*get_debug_options_func) (void) = CRYPTO_dbg_get_options; -+ -+static int (*push_info_func) (const char *info, const char *file, int line) -+ = CRYPTO_dbg_push_info; -+static int (*pop_info_func) (void) -+ = CRYPTO_dbg_pop_info; -+static int (*remove_all_info_func) (void) -+ = CRYPTO_dbg_remove_all_info; - - #else --/* applications can use CRYPTO_malloc_debug_init() to select above case -- * at run-time */ --static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL; --static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) -- = NULL; --static void (*free_debug_func)(void *,int) = NULL; --static void (*set_debug_options_func)(long) = NULL; --static long (*get_debug_options_func)(void) = NULL; -- -- --static int (*push_info_func)(const char *info, const char *file, int line) -- = NULL; --static int (*pop_info_func)(void) = NULL; --static int (*remove_all_info_func)(void) = NULL; -+/* -+ * applications can use CRYPTO_malloc_debug_init() to select above case at -+ * run-time -+ */ -+static void (*malloc_debug_func) (void *, int, const char *, int, int) = NULL; -+static void (*realloc_debug_func) (void *, void *, int, const char *, int, -+ int) -+ = NULL; -+static void (*free_debug_func) (void *, int) = NULL; -+static void (*set_debug_options_func) (long) = NULL; -+static long (*get_debug_options_func) (void) = NULL; -+ -+static int (*push_info_func) (const char *info, const char *file, int line) -+ = NULL; -+static int (*pop_info_func) (void) = NULL; -+static int (*remove_all_info_func) (void) = NULL; - - #endif - -- --int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), -- void (*f)(void *)) -- { -- if (!allow_customize) -- return 0; -- if ((m == 0) || (r == 0) || (f == 0)) -- return 0; -- malloc_func=m; malloc_ex_func=default_malloc_ex; -- realloc_func=r; realloc_ex_func=default_realloc_ex; -- free_func=f; -- malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; -- free_locked_func=f; -- return 1; -- } -- --int CRYPTO_set_mem_ex_functions( -- void *(*m)(size_t,const char *,int), -- void *(*r)(void *, size_t,const char *,int), -- void (*f)(void *)) -- { -- if (!allow_customize) -- return 0; -- if ((m == 0) || (r == 0) || (f == 0)) -- return 0; -- malloc_func=0; malloc_ex_func=m; -- realloc_func=0; realloc_ex_func=r; -- free_func=f; -- malloc_locked_func=0; malloc_locked_ex_func=m; -- free_locked_func=f; -- return 1; -- } -- --int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *)) -- { -- if (!allow_customize) -- return 0; -- if ((m == NULL) || (f == NULL)) -- return 0; -- malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; -- free_locked_func=f; -- return 1; -- } -- --int CRYPTO_set_locked_mem_ex_functions( -- void *(*m)(size_t,const char *,int), -- void (*f)(void *)) -- { -- if (!allow_customize) -- return 0; -- if ((m == NULL) || (f == NULL)) -- return 0; -- malloc_locked_func=0; malloc_locked_ex_func=m; -- free_func=f; -- return 1; -- } -- --int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), -- void (*r)(void *,void *,int,const char *,int,int), -- void (*f)(void *,int), -- void (*so)(long), -- long (*go)(void)) -- { -- if (!allow_customize_debug) -- return 0; -- malloc_debug_func=m; -- realloc_debug_func=r; -- free_debug_func=f; -- set_debug_options_func=so; -- get_debug_options_func=go; -- return 1; -- } -- --void CRYPTO_set_mem_info_functions( -- int (*push_info_fn)(const char *info, const char *file, int line), -- int (*pop_info_fn)(void), -- int (*remove_all_info_fn)(void)) -- { -- push_info_func = push_info_fn; -- pop_info_func = pop_info_fn; -- remove_all_info_func = remove_all_info_fn; -- } -- --void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), -- void (**f)(void *)) -- { -- if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? -- malloc_func : 0; -- if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? -- realloc_func : 0; -- if (f != NULL) *f=free_func; -- } -- --void CRYPTO_get_mem_ex_functions( -- void *(**m)(size_t,const char *,int), -- void *(**r)(void *, size_t,const char *,int), -- void (**f)(void *)) -- { -- if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ? -- malloc_ex_func : 0; -- if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ? -- realloc_ex_func : 0; -- if (f != NULL) *f=free_func; -- } -- --void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)) -- { -- if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? -- malloc_locked_func : 0; -- if (f != NULL) *f=free_locked_func; -- } -- --void CRYPTO_get_locked_mem_ex_functions( -- void *(**m)(size_t,const char *,int), -- void (**f)(void *)) -- { -- if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ? -- malloc_locked_ex_func : 0; -- if (f != NULL) *f=free_locked_func; -- } -- --void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), -- void (**r)(void *,void *,int,const char *,int,int), -- void (**f)(void *,int), -- void (**so)(long), -- long (**go)(void)) -- { -- if (m != NULL) *m=malloc_debug_func; -- if (r != NULL) *r=realloc_debug_func; -- if (f != NULL) *f=free_debug_func; -- if (so != NULL) *so=set_debug_options_func; -- if (go != NULL) *go=get_debug_options_func; -- } -- -+int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), -+ void (*f) (void *)) -+{ -+ if (!allow_customize) -+ return 0; -+ if ((m == 0) || (r == 0) || (f == 0)) -+ return 0; -+ malloc_func = m; -+ malloc_ex_func = default_malloc_ex; -+ realloc_func = r; -+ realloc_ex_func = default_realloc_ex; -+ free_func = f; -+ malloc_locked_func = m; -+ malloc_locked_ex_func = default_malloc_locked_ex; -+ free_locked_func = f; -+ return 1; -+} -+ -+int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), -+ void *(*r) (void *, size_t, const char *, -+ int), void (*f) (void *)) -+{ -+ if (!allow_customize) -+ return 0; -+ if ((m == 0) || (r == 0) || (f == 0)) -+ return 0; -+ malloc_func = 0; -+ malloc_ex_func = m; -+ realloc_func = 0; -+ realloc_ex_func = r; -+ free_func = f; -+ malloc_locked_func = 0; -+ malloc_locked_ex_func = m; -+ free_locked_func = f; -+ return 1; -+} -+ -+int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), void (*f) (void *)) -+{ -+ if (!allow_customize) -+ return 0; -+ if ((m == NULL) || (f == NULL)) -+ return 0; -+ malloc_locked_func = m; -+ malloc_locked_ex_func = default_malloc_locked_ex; -+ free_locked_func = f; -+ return 1; -+} -+ -+int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), -+ void (*f) (void *)) -+{ -+ if (!allow_customize) -+ return 0; -+ if ((m == NULL) || (f == NULL)) -+ return 0; -+ malloc_locked_func = 0; -+ malloc_locked_ex_func = m; -+ free_func = f; -+ return 1; -+} -+ -+int CRYPTO_set_mem_debug_functions(void (*m) -+ (void *, int, const char *, int, int), -+ void (*r) (void *, void *, int, -+ const char *, int, int), -+ void (*f) (void *, int), void (*so) (long), -+ long (*go) (void)) -+{ -+ if (!allow_customize_debug) -+ return 0; -+ malloc_debug_func = m; -+ realloc_debug_func = r; -+ free_debug_func = f; -+ set_debug_options_func = so; -+ get_debug_options_func = go; -+ return 1; -+} -+ -+void CRYPTO_set_mem_info_functions(int (*push_info_fn) -+ (const char *info, const char *file, -+ int line), int (*pop_info_fn) (void), -+ int (*remove_all_info_fn) (void)) -+{ -+ push_info_func = push_info_fn; -+ pop_info_func = pop_info_fn; -+ remove_all_info_func = remove_all_info_fn; -+} -+ -+void CRYPTO_get_mem_functions(void *(**m) (size_t), -+ void *(**r) (void *, size_t), -+ void (**f) (void *)) -+{ -+ if (m != NULL) -+ *m = (malloc_ex_func == default_malloc_ex) ? malloc_func : 0; -+ if (r != NULL) -+ *r = (realloc_ex_func == default_realloc_ex) ? realloc_func : 0; -+ if (f != NULL) -+ *f = free_func; -+} -+ -+void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), -+ void *(**r) (void *, size_t, const char *, -+ int), void (**f) (void *)) -+{ -+ if (m != NULL) -+ *m = (malloc_ex_func != default_malloc_ex) ? malloc_ex_func : 0; -+ if (r != NULL) -+ *r = (realloc_ex_func != default_realloc_ex) ? realloc_ex_func : 0; -+ if (f != NULL) -+ *f = free_func; -+} -+ -+void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), -+ void (**f) (void *)) -+{ -+ if (m != NULL) -+ *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? -+ malloc_locked_func : 0; -+ if (f != NULL) -+ *f = free_locked_func; -+} -+ -+void CRYPTO_get_locked_mem_ex_functions(void -+ *(**m) (size_t, const char *, int), -+ void (**f) (void *)) -+{ -+ if (m != NULL) -+ *m = (malloc_locked_ex_func != default_malloc_locked_ex) ? -+ malloc_locked_ex_func : 0; -+ if (f != NULL) -+ *f = free_locked_func; -+} -+ -+void CRYPTO_get_mem_debug_functions(void (**m) -+ (void *, int, const char *, int, int), -+ void (**r) (void *, void *, int, -+ const char *, int, int), -+ void (**f) (void *, int), -+ void (**so) (long), long (**go) (void)) -+{ -+ if (m != NULL) -+ *m = malloc_debug_func; -+ if (r != NULL) -+ *r = realloc_debug_func; -+ if (f != NULL) -+ *f = free_debug_func; -+ if (so != NULL) -+ *so = set_debug_options_func; -+ if (go != NULL) -+ *go = get_debug_options_func; -+} - - void *CRYPTO_malloc_locked(int num, const char *file, int line) -- { -- void *ret = NULL; -- extern unsigned char cleanse_ctr; -- -- if (num <= 0) return NULL; -- -- allow_customize = 0; -- if (malloc_debug_func != NULL) -- { -- allow_customize_debug = 0; -- malloc_debug_func(NULL, num, file, line, 0); -- } -- ret = malloc_locked_ex_func(num,file,line); -+{ -+ void *ret = NULL; -+ extern unsigned char cleanse_ctr; -+ -+ if (num <= 0) -+ return NULL; -+ -+ allow_customize = 0; -+ if (malloc_debug_func != NULL) { -+ allow_customize_debug = 0; -+ malloc_debug_func(NULL, num, file, line, 0); -+ } -+ ret = malloc_locked_ex_func(num, file, line); - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); - #endif -- if (malloc_debug_func != NULL) -- malloc_debug_func(ret, num, file, line, 1); -+ if (malloc_debug_func != NULL) -+ malloc_debug_func(ret, num, file, line, 1); - -- /* Create a dependency on the value of 'cleanse_ctr' so our memory -- * sanitisation function can't be optimised out. NB: We only do -- * this for >2Kb so the overhead doesn't bother us. */ -- if(ret && (num > 2048)) -- ((unsigned char *)ret)[0] = cleanse_ctr; -+ /* -+ * Create a dependency on the value of 'cleanse_ctr' so our memory -+ * sanitisation function can't be optimised out. NB: We only do this for -+ * >2Kb so the overhead doesn't bother us. -+ */ -+ if (ret && (num > 2048)) -+ ((unsigned char *)ret)[0] = cleanse_ctr; - -- return ret; -- } -+ return ret; -+} - - void CRYPTO_free_locked(void *str) -- { -- if (free_debug_func != NULL) -- free_debug_func(str, 0); -+{ -+ if (free_debug_func != NULL) -+ free_debug_func(str, 0); - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); - #endif -- free_locked_func(str); -- if (free_debug_func != NULL) -- free_debug_func(NULL, 1); -- } -+ free_locked_func(str); -+ if (free_debug_func != NULL) -+ free_debug_func(NULL, 1); -+} - - void *CRYPTO_malloc(int num, const char *file, int line) -- { -- void *ret = NULL; -- extern unsigned char cleanse_ctr; -- -- if (num <= 0) return NULL; -- -- allow_customize = 0; -- if (malloc_debug_func != NULL) -- { -- allow_customize_debug = 0; -- malloc_debug_func(NULL, num, file, line, 0); -- } -- ret = malloc_ex_func(num,file,line); -+{ -+ void *ret = NULL; -+ extern unsigned char cleanse_ctr; -+ -+ if (num <= 0) -+ return NULL; -+ -+ allow_customize = 0; -+ if (malloc_debug_func != NULL) { -+ allow_customize_debug = 0; -+ malloc_debug_func(NULL, num, file, line, 0); -+ } -+ ret = malloc_ex_func(num, file, line); - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); - #endif -- if (malloc_debug_func != NULL) -- malloc_debug_func(ret, num, file, line, 1); -+ if (malloc_debug_func != NULL) -+ malloc_debug_func(ret, num, file, line, 1); - -- /* Create a dependency on the value of 'cleanse_ctr' so our memory -- * sanitisation function can't be optimised out. NB: We only do -- * this for >2Kb so the overhead doesn't bother us. */ -- if(ret && (num > 2048)) -- ((unsigned char *)ret)[0] = cleanse_ctr; -+ /* -+ * Create a dependency on the value of 'cleanse_ctr' so our memory -+ * sanitisation function can't be optimised out. NB: We only do this for -+ * >2Kb so the overhead doesn't bother us. -+ */ -+ if (ret && (num > 2048)) -+ ((unsigned char *)ret)[0] = cleanse_ctr; - -- return ret; -- } -+ return ret; -+} - - void *CRYPTO_realloc(void *str, int num, const char *file, int line) -- { -- void *ret = NULL; -+{ -+ void *ret = NULL; - -- if (str == NULL) -- return CRYPTO_malloc(num, file, line); -+ if (str == NULL) -+ return CRYPTO_malloc(num, file, line); - -- if (num <= 0) return NULL; -+ if (num <= 0) -+ return NULL; - -- if (realloc_debug_func != NULL) -- realloc_debug_func(str, NULL, num, file, line, 0); -- ret = realloc_ex_func(str,num,file,line); -+ if (realloc_debug_func != NULL) -+ realloc_debug_func(str, NULL, num, file, line, 0); -+ ret = realloc_ex_func(str, num, file, line); - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, -+ ret, num); - #endif -- if (realloc_debug_func != NULL) -- realloc_debug_func(str, ret, num, file, line, 1); -+ if (realloc_debug_func != NULL) -+ realloc_debug_func(str, ret, num, file, line, 1); - -- return ret; -- } -+ return ret; -+} - - void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, -- int line) -- { -- void *ret = NULL; -- -- if (str == NULL) -- return CRYPTO_malloc(num, file, line); -- -- if (num <= 0) return NULL; -- -- /* We don't support shrinking the buffer. Note the memcpy that copies -- * |old_len| bytes to the new buffer, below. */ -- if (num < old_len) return NULL; -- -- if (realloc_debug_func != NULL) -- realloc_debug_func(str, NULL, num, file, line, 0); -- ret=malloc_ex_func(num,file,line); -- if(ret) -- { -- memcpy(ret,str,old_len); -- OPENSSL_cleanse(str,old_len); -- free_func(str); -- } -+ int line) -+{ -+ void *ret = NULL; -+ -+ if (str == NULL) -+ return CRYPTO_malloc(num, file, line); -+ -+ if (num <= 0) -+ return NULL; -+ -+ /* -+ * We don't support shrinking the buffer. Note the memcpy that copies -+ * |old_len| bytes to the new buffer, below. -+ */ -+ if (num < old_len) -+ return NULL; -+ -+ if (realloc_debug_func != NULL) -+ realloc_debug_func(str, NULL, num, file, line, 0); -+ ret = malloc_ex_func(num, file, line); -+ if (ret) { -+ memcpy(ret, str, old_len); -+ OPENSSL_cleanse(str, old_len); -+ free_func(str); -+ } - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, -- "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", -- str, ret, num); -+ fprintf(stderr, -+ "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", -+ str, ret, num); - #endif -- if (realloc_debug_func != NULL) -- realloc_debug_func(str, ret, num, file, line, 1); -+ if (realloc_debug_func != NULL) -+ realloc_debug_func(str, ret, num, file, line, 1); - -- return ret; -- } -+ return ret; -+} - - void CRYPTO_free(void *str) -- { -- if (free_debug_func != NULL) -- free_debug_func(str, 0); -+{ -+ if (free_debug_func != NULL) -+ free_debug_func(str, 0); - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); - #endif -- free_func(str); -- if (free_debug_func != NULL) -- free_debug_func(NULL, 1); -- } -+ free_func(str); -+ if (free_debug_func != NULL) -+ free_debug_func(NULL, 1); -+} - - void *CRYPTO_remalloc(void *a, int num, const char *file, int line) -- { -- if (a != NULL) OPENSSL_free(a); -- a=(char *)OPENSSL_malloc(num); -- return(a); -- } -+{ -+ if (a != NULL) -+ OPENSSL_free(a); -+ a = (char *)OPENSSL_malloc(num); -+ return (a); -+} - - void CRYPTO_set_mem_debug_options(long bits) -- { -- if (set_debug_options_func != NULL) -- set_debug_options_func(bits); -- } -+{ -+ if (set_debug_options_func != NULL) -+ set_debug_options_func(bits); -+} - - long CRYPTO_get_mem_debug_options(void) -- { -- if (get_debug_options_func != NULL) -- return get_debug_options_func(); -- return 0; -- } -+{ -+ if (get_debug_options_func != NULL) -+ return get_debug_options_func(); -+ return 0; -+} - - int CRYPTO_push_info_(const char *info, const char *file, int line) -- { -- if (push_info_func) -- return push_info_func(info, file, line); -- return 1; -- } -+{ -+ if (push_info_func) -+ return push_info_func(info, file, line); -+ return 1; -+} - - int CRYPTO_pop_info(void) -- { -- if (pop_info_func) -- return pop_info_func(); -- return 1; -- } -+{ -+ if (pop_info_func) -+ return pop_info_func(); -+ return 1; -+} - - int CRYPTO_remove_all_info(void) -- { -- if (remove_all_info_func) -- return remove_all_info_func(); -- return 1; -- } -+{ -+ if (remove_all_info_func) -+ return remove_all_info_func(); -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c -index add1f78..3df1f39 100644 ---- a/Cryptlib/OpenSSL/crypto/mem_clr.c -+++ b/Cryptlib/OpenSSL/crypto/mem_clr.c -@@ -1,6 +1,7 @@ - /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL -- * project 2002. -+/* -+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project -+ * 2002. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,16 +63,15 @@ - unsigned char cleanse_ctr = 0; - - void OPENSSL_cleanse(void *ptr, size_t len) -- { -- unsigned char *p = ptr; -- size_t loop = len, ctr = cleanse_ctr; -- while(loop--) -- { -- *(p++) = (unsigned char)ctr; -- ctr += (17 + ((size_t)p & 0xF)); -- } -- p=memchr(ptr, (unsigned char)ctr, len); -- if(p) -- ctr += (63 + (size_t)p); -- cleanse_ctr = (unsigned char)ctr; -- } -+{ -+ unsigned char *p = ptr; -+ size_t loop = len, ctr = cleanse_ctr; -+ while (loop--) { -+ *(p++) = (unsigned char)ctr; -+ ctr += (17 + ((size_t)p & 0xF)); -+ } -+ p = memchr(ptr, (unsigned char)ctr, len); -+ if (p) -+ ctr += (63 + (size_t)p); -+ cleanse_ctr = (unsigned char)ctr; -+} -diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c -index dfeb084..e506e6b 100644 ---- a/Cryptlib/OpenSSL/crypto/mem_dbg.c -+++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -58,760 +58,712 @@ - - #include - #include --#include -+#include - #include "cryptlib.h" - #include - #include - #include - #include - --static int mh_mode=CRYPTO_MEM_CHECK_OFF; --/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE -- * when the application asks for it (usually after library initialisation -- * for which no book-keeping is desired). -- * -- * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library -- * thinks that certain allocations should not be checked (e.g. the data -- * structures used for memory checking). It is not suitable as an initial -- * state: the library will unexpectedly enable memory checking when it -- * executes one of those sections that want to disable checking -- * temporarily. -- * -- * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever. -+static int mh_mode = CRYPTO_MEM_CHECK_OFF; -+/* -+ * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when -+ * the application asks for it (usually after library initialisation for -+ * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only -+ * temporarily when the library thinks that certain allocations should not be -+ * checked (e.g. the data structures used for memory checking). It is not -+ * suitable as an initial state: the library will unexpectedly enable memory -+ * checking when it executes one of those sections that want to disable -+ * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes -+ * no sense whatsoever. - */ - - static unsigned long order = 0; /* number of memory requests */ --static LHASH *mh=NULL; /* hash-table of memory requests (address as key); -- * access requires MALLOC2 lock */ -- -+static LHASH *mh = NULL; /* hash-table of memory requests (address as -+ * key); access requires MALLOC2 lock */ - - typedef struct app_mem_info_st --/* For application-defined information (static C-string `info') -+/*- -+ * For application-defined information (static C-string `info') - * to be displayed in memory leak list. - * Each thread has its own stack. For applications, there is - * CRYPTO_push_info("...") to push an entry, - * CRYPTO_pop_info() to pop an entry, - * CRYPTO_remove_all_info() to pop all entries. - */ -- { -- unsigned long thread; -- const char *file; -- int line; -- const char *info; -- struct app_mem_info_st *next; /* tail of thread's stack */ -- int references; -- } APP_INFO; -+{ -+ unsigned long thread; -+ const char *file; -+ int line; -+ const char *info; -+ struct app_mem_info_st *next; /* tail of thread's stack */ -+ int references; -+} APP_INFO; - - static void app_info_free(APP_INFO *); - --static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's -- * that are at the top of their thread's stack -- * (with `thread' as key); -- * access requires MALLOC2 lock */ -+static LHASH *amih = NULL; /* hash-table with those app_mem_info_st's -+ * that are at the top of their thread's -+ * stack (with `thread' as key); access -+ * requires MALLOC2 lock */ - - typedef struct mem_st - /* memory-block description */ -- { -- void *addr; -- int num; -- const char *file; -- int line; -- unsigned long thread; -- unsigned long order; -- time_t time; -- APP_INFO *app_info; -- } MEM; -- --static long options = /* extra information to be recorded */ -+{ -+ void *addr; -+ int num; -+ const char *file; -+ int line; -+ unsigned long thread; -+ unsigned long order; -+ time_t time; -+ APP_INFO *app_info; -+} MEM; -+ -+static long options = /* extra information to be recorded */ - #if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL) -- V_CRYPTO_MDEBUG_TIME | -+ V_CRYPTO_MDEBUG_TIME | - #endif - #if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL) -- V_CRYPTO_MDEBUG_THREAD | -+ V_CRYPTO_MDEBUG_THREAD | - #endif -- 0; -- -+ 0; - --static unsigned int num_disable = 0; /* num_disable > 0 -- * iff -- * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) -- */ -+static unsigned int num_disable = 0; /* num_disable > 0 iff mh_mode == -+ * CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ - static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. - * CRYPTO_LOCK_MALLOC2 is locked - * exactly in this case (by the -- * thread named in disabling_thread). -- */ -+ * thread named in -+ * disabling_thread). */ - - static void app_info_free(APP_INFO *inf) -- { -- if (--(inf->references) <= 0) -- { -- if (inf->next != NULL) -- { -- app_info_free(inf->next); -- } -- OPENSSL_free(inf); -- } -- } -+{ -+ if (--(inf->references) <= 0) { -+ if (inf->next != NULL) { -+ app_info_free(inf->next); -+ } -+ OPENSSL_free(inf); -+ } -+} - - int CRYPTO_mem_ctrl(int mode) -- { -- int ret=mh_mode; -- -- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); -- switch (mode) -- { -- /* for applications (not to be called while multiple threads -- * use the library): */ -- case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ -- mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; -- num_disable = 0; -- break; -- case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ -- mh_mode = 0; -- num_disable = 0; /* should be true *before* MemCheck_stop is used, -- or there'll be a lot of confusion */ -- break; -- -- /* switch off temporarily (for library-internal use): */ -- case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ -- if (mh_mode & CRYPTO_MEM_CHECK_ON) -- { -- if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */ -- { -- /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while -- * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if -- * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release -- * it because we block entry to this function). -- * Give them a chance, first, and then claim the locks in -- * appropriate order (long-time lock first). -- */ -- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); -- /* Note that after we have waited for CRYPTO_LOCK_MALLOC2 -- * and CRYPTO_LOCK_MALLOC, we'll still be in the right -- * "case" and "if" branch because MemCheck_start and -- * MemCheck_stop may never be used while there are multiple -- * OpenSSL threads. */ -- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); -- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); -- mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; -- disabling_thread=CRYPTO_thread_id(); -- } -- num_disable++; -- } -- break; -- case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ -- if (mh_mode & CRYPTO_MEM_CHECK_ON) -- { -- if (num_disable) /* always true, or something is going wrong */ -- { -- num_disable--; -- if (num_disable == 0) -- { -- mh_mode|=CRYPTO_MEM_CHECK_ENABLE; -- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); -- } -- } -- } -- break; -- -- default: -- break; -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); -- return(ret); -- } -+{ -+ int ret = mh_mode; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); -+ switch (mode) { -+ /* -+ * for applications (not to be called while multiple threads use the -+ * library): -+ */ -+ case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ -+ mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE; -+ num_disable = 0; -+ break; -+ case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ -+ mh_mode = 0; -+ num_disable = 0; /* should be true *before* MemCheck_stop is -+ * used, or there'll be a lot of confusion */ -+ break; -+ -+ /* switch off temporarily (for library-internal use): */ -+ case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ -+ if (mh_mode & CRYPTO_MEM_CHECK_ON) { -+ /* otherwise we already have the MALLOC2 lock */ -+ if (!num_disable || (disabling_thread != CRYPTO_thread_id())) { -+ /* -+ * Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed -+ * while we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock -+ * if somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot -+ * release it because we block entry to this function). Give -+ * them a chance, first, and then claim the locks in -+ * appropriate order (long-time lock first). -+ */ -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); -+ /* -+ * Note that after we have waited for CRYPTO_LOCK_MALLOC2 and -+ * CRYPTO_LOCK_MALLOC, we'll still be in the right "case" and -+ * "if" branch because MemCheck_start and MemCheck_stop may -+ * never be used while there are multiple OpenSSL threads. -+ */ -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); -+ mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; -+ disabling_thread = CRYPTO_thread_id(); -+ } -+ num_disable++; -+ } -+ break; -+ case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ -+ if (mh_mode & CRYPTO_MEM_CHECK_ON) { -+ if (num_disable) { /* always true, or something is going wrong */ -+ num_disable--; -+ if (num_disable == 0) { -+ mh_mode |= CRYPTO_MEM_CHECK_ENABLE; -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); -+ } -+ } -+ } -+ break; -+ -+ default: -+ break; -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); -+ return (ret); -+} - - int CRYPTO_is_mem_check_on(void) -- { -- int ret = 0; -+{ -+ int ret = 0; - -- if (mh_mode & CRYPTO_MEM_CHECK_ON) -- { -- CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); -+ if (mh_mode & CRYPTO_MEM_CHECK_ON) { -+ CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); - -- ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) -- || (disabling_thread != CRYPTO_thread_id()); -- -- CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); -- } -- return(ret); -- } -+ ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) -+ || (disabling_thread != CRYPTO_thread_id()); - -+ CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); -+ } -+ return (ret); -+} - - void CRYPTO_dbg_set_options(long bits) -- { -- options = bits; -- } -+{ -+ options = bits; -+} - - long CRYPTO_dbg_get_options(void) -- { -- return options; -- } -+{ -+ return options; -+} - - /* static int mem_cmp(MEM *a, MEM *b) */ - static int mem_cmp(const void *a_void, const void *b_void) -- { -+{ - #ifdef _WIN64 -- const char *a=(const char *)((const MEM *)a_void)->addr, -- *b=(const char *)((const MEM *)b_void)->addr; -- if (a==b) return 0; -- else if (a>b) return 1; -- else return -1; -+ const char *a = (const char *)((const MEM *)a_void)->addr, -+ *b = (const char *)((const MEM *)b_void)->addr; -+ if (a == b) -+ return 0; -+ else if (a > b) -+ return 1; -+ else -+ return -1; - #else -- return((const char *)((const MEM *)a_void)->addr -- - (const char *)((const MEM *)b_void)->addr); -+ return ((const char *)((const MEM *)a_void)->addr -+ - (const char *)((const MEM *)b_void)->addr); - #endif -- } -+} - - /* static unsigned long mem_hash(MEM *a) */ - static unsigned long mem_hash(const void *a_void) -- { -- unsigned long ret; -+{ -+ unsigned long ret; - -- ret=(unsigned long)((const MEM *)a_void)->addr; -+ ret = (unsigned long)((const MEM *)a_void)->addr; - -- ret=ret*17851+(ret>>14)*7+(ret>>4)*251; -- return(ret); -- } -+ ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; -+ return (ret); -+} - - /* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */ - static int app_info_cmp(const void *a_void, const void *b_void) -- { -- return(((const APP_INFO *)a_void)->thread -- != ((const APP_INFO *)b_void)->thread); -- } -+{ -+ return (((const APP_INFO *)a_void)->thread -+ != ((const APP_INFO *)b_void)->thread); -+} - - /* static unsigned long app_info_hash(APP_INFO *a) */ - static unsigned long app_info_hash(const void *a_void) -- { -- unsigned long ret; -+{ -+ unsigned long ret; - -- ret=(unsigned long)((const APP_INFO *)a_void)->thread; -+ ret = (unsigned long)((const APP_INFO *)a_void)->thread; - -- ret=ret*17851+(ret>>14)*7+(ret>>4)*251; -- return(ret); -- } -+ ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; -+ return (ret); -+} - - static APP_INFO *pop_info(void) -- { -- APP_INFO tmp; -- APP_INFO *ret = NULL; -- -- if (amih != NULL) -- { -- tmp.thread=CRYPTO_thread_id(); -- if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL) -- { -- APP_INFO *next=ret->next; -- -- if (next != NULL) -- { -- next->references++; -- lh_insert(amih,(char *)next); -- } -+{ -+ APP_INFO tmp; -+ APP_INFO *ret = NULL; -+ -+ if (amih != NULL) { -+ tmp.thread = CRYPTO_thread_id(); -+ if ((ret = (APP_INFO *)lh_delete(amih, &tmp)) != NULL) { -+ APP_INFO *next = ret->next; -+ -+ if (next != NULL) { -+ next->references++; -+ lh_insert(amih, (char *)next); -+ } - #ifdef LEVITTE_DEBUG_MEM -- if (ret->thread != tmp.thread) -- { -- fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", -- ret->thread, tmp.thread); -- abort(); -- } -+ if (ret->thread != tmp.thread) { -+ fprintf(stderr, -+ "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", -+ ret->thread, tmp.thread); -+ abort(); -+ } - #endif -- if (--(ret->references) <= 0) -- { -- ret->next = NULL; -- if (next != NULL) -- next->references--; -- OPENSSL_free(ret); -- } -- } -- } -- return(ret); -- } -+ if (--(ret->references) <= 0) { -+ ret->next = NULL; -+ if (next != NULL) -+ next->references--; -+ OPENSSL_free(ret); -+ } -+ } -+ } -+ return (ret); -+} - - int CRYPTO_dbg_push_info(const char *info, const char *file, int line) -- { -- APP_INFO *ami, *amim; -- int ret=0; -- -- if (is_MemCheck_on()) -- { -- MemCheck_off(); /* obtain MALLOC2 lock */ -- -- if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) -- { -- ret=0; -- goto err; -- } -- if (amih == NULL) -- { -- if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL) -- { -- OPENSSL_free(ami); -- ret=0; -- goto err; -- } -- } -- -- ami->thread=CRYPTO_thread_id(); -- ami->file=file; -- ami->line=line; -- ami->info=info; -- ami->references=1; -- ami->next=NULL; -- -- if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL) -- { -+{ -+ APP_INFO *ami, *amim; -+ int ret = 0; -+ -+ if (is_MemCheck_on()) { -+ MemCheck_off(); /* obtain MALLOC2 lock */ -+ -+ if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) { -+ ret = 0; -+ goto err; -+ } -+ if (amih == NULL) { -+ if ((amih = lh_new(app_info_hash, app_info_cmp)) == NULL) { -+ OPENSSL_free(ami); -+ ret = 0; -+ goto err; -+ } -+ } -+ -+ ami->thread = CRYPTO_thread_id(); -+ ami->file = file; -+ ami->line = line; -+ ami->info = info; -+ ami->references = 1; -+ ami->next = NULL; -+ -+ if ((amim = (APP_INFO *)lh_insert(amih, (char *)ami)) != NULL) { - #ifdef LEVITTE_DEBUG_MEM -- if (ami->thread != amim->thread) -- { -- fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", -- amim->thread, ami->thread); -- abort(); -- } -+ if (ami->thread != amim->thread) { -+ fprintf(stderr, -+ "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", -+ amim->thread, ami->thread); -+ abort(); -+ } - #endif -- ami->next=amim; -- } -+ ami->next = amim; -+ } - err: -- MemCheck_on(); /* release MALLOC2 lock */ -- } -+ MemCheck_on(); /* release MALLOC2 lock */ -+ } - -- return(ret); -- } -+ return (ret); -+} - - int CRYPTO_dbg_pop_info(void) -- { -- int ret=0; -+{ -+ int ret = 0; - -- if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ -- { -- MemCheck_off(); /* obtain MALLOC2 lock */ -+ if (is_MemCheck_on()) { /* _must_ be true, or something went severely -+ * wrong */ -+ MemCheck_off(); /* obtain MALLOC2 lock */ - -- ret=(pop_info() != NULL); -+ ret = (pop_info() != NULL); - -- MemCheck_on(); /* release MALLOC2 lock */ -- } -- return(ret); -- } -+ MemCheck_on(); /* release MALLOC2 lock */ -+ } -+ return (ret); -+} - - int CRYPTO_dbg_remove_all_info(void) -- { -- int ret=0; -- -- if (is_MemCheck_on()) /* _must_ be true */ -- { -- MemCheck_off(); /* obtain MALLOC2 lock */ -+{ -+ int ret = 0; - -- while(pop_info() != NULL) -- ret++; -+ if (is_MemCheck_on()) { /* _must_ be true */ -+ MemCheck_off(); /* obtain MALLOC2 lock */ - -- MemCheck_on(); /* release MALLOC2 lock */ -- } -- return(ret); -- } -+ while (pop_info() != NULL) -+ ret++; - -+ MemCheck_on(); /* release MALLOC2 lock */ -+ } -+ return (ret); -+} - --static unsigned long break_order_num=0; -+static unsigned long break_order_num = 0; - void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, -- int before_p) -- { -- MEM *m,*mm; -- APP_INFO tmp,*amim; -- -- switch(before_p & 127) -- { -- case 0: -- break; -- case 1: -- if (addr == NULL) -- break; -- -- if (is_MemCheck_on()) -- { -- MemCheck_off(); /* make sure we hold MALLOC2 lock */ -- if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) -- { -- OPENSSL_free(addr); -- MemCheck_on(); /* release MALLOC2 lock -- * if num_disabled drops to 0 */ -- return; -- } -- if (mh == NULL) -- { -- if ((mh=lh_new(mem_hash, mem_cmp)) == NULL) -- { -- OPENSSL_free(addr); -- OPENSSL_free(m); -- addr=NULL; -- goto err; -- } -- } -- -- m->addr=addr; -- m->file=file; -- m->line=line; -- m->num=num; -- if (options & V_CRYPTO_MDEBUG_THREAD) -- m->thread=CRYPTO_thread_id(); -- else -- m->thread=0; -- -- if (order == break_order_num) -- { -- /* BREAK HERE */ -- m->order=order; -- } -- m->order=order++; -+ int before_p) -+{ -+ MEM *m, *mm; -+ APP_INFO tmp, *amim; -+ -+ switch (before_p & 127) { -+ case 0: -+ break; -+ case 1: -+ if (addr == NULL) -+ break; -+ -+ if (is_MemCheck_on()) { -+ MemCheck_off(); /* make sure we hold MALLOC2 lock */ -+ if ((m = (MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) { -+ OPENSSL_free(addr); -+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops -+ * to 0 */ -+ return; -+ } -+ if (mh == NULL) { -+ if ((mh = lh_new(mem_hash, mem_cmp)) == NULL) { -+ OPENSSL_free(addr); -+ OPENSSL_free(m); -+ addr = NULL; -+ goto err; -+ } -+ } -+ -+ m->addr = addr; -+ m->file = file; -+ m->line = line; -+ m->num = num; -+ if (options & V_CRYPTO_MDEBUG_THREAD) -+ m->thread = CRYPTO_thread_id(); -+ else -+ m->thread = 0; -+ -+ if (order == break_order_num) { -+ /* BREAK HERE */ -+ m->order = order; -+ } -+ m->order = order++; - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", -- m->order, -- (before_p & 128) ? '*' : '+', -- m->addr, m->num); -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", -+ m->order, (before_p & 128) ? '*' : '+', m->addr, m->num); - #endif -- if (options & V_CRYPTO_MDEBUG_TIME) -- m->time=time(NULL); -- else -- m->time=0; -- -- tmp.thread=CRYPTO_thread_id(); -- m->app_info=NULL; -- if (amih != NULL -- && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL) -- { -- m->app_info = amim; -- amim->references++; -- } -- -- if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL) -- { -- /* Not good, but don't sweat it */ -- if (mm->app_info != NULL) -- { -- mm->app_info->references--; -- } -- OPENSSL_free(mm); -- } -- err: -- MemCheck_on(); /* release MALLOC2 lock -- * if num_disabled drops to 0 */ -- } -- break; -- } -- return; -- } -+ if (options & V_CRYPTO_MDEBUG_TIME) -+ m->time = time(NULL); -+ else -+ m->time = 0; -+ -+ tmp.thread = CRYPTO_thread_id(); -+ m->app_info = NULL; -+ if (amih != NULL -+ && (amim = -+ (APP_INFO *)lh_retrieve(amih, (char *)&tmp)) != NULL) { -+ m->app_info = amim; -+ amim->references++; -+ } -+ -+ if ((mm = (MEM *)lh_insert(mh, (char *)m)) != NULL) { -+ /* Not good, but don't sweat it */ -+ if (mm->app_info != NULL) { -+ mm->app_info->references--; -+ } -+ OPENSSL_free(mm); -+ } -+ err: -+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops -+ * to 0 */ -+ } -+ break; -+ } -+ return; -+} - - void CRYPTO_dbg_free(void *addr, int before_p) -- { -- MEM m,*mp; -- -- switch(before_p) -- { -- case 0: -- if (addr == NULL) -- break; -- -- if (is_MemCheck_on() && (mh != NULL)) -- { -- MemCheck_off(); /* make sure we hold MALLOC2 lock */ -- -- m.addr=addr; -- mp=(MEM *)lh_delete(mh,(char *)&m); -- if (mp != NULL) -- { -+{ -+ MEM m, *mp; -+ -+ switch (before_p) { -+ case 0: -+ if (addr == NULL) -+ break; -+ -+ if (is_MemCheck_on() && (mh != NULL)) { -+ MemCheck_off(); /* make sure we hold MALLOC2 lock */ -+ -+ m.addr = addr; -+ mp = (MEM *)lh_delete(mh, (char *)&m); -+ if (mp != NULL) { - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", -- mp->order, mp->addr, mp->num); -+ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", -+ mp->order, mp->addr, mp->num); - #endif -- if (mp->app_info != NULL) -- app_info_free(mp->app_info); -- OPENSSL_free(mp); -- } -- -- MemCheck_on(); /* release MALLOC2 lock -- * if num_disabled drops to 0 */ -- } -- break; -- case 1: -- break; -- } -- } -+ if (mp->app_info != NULL) -+ app_info_free(mp->app_info); -+ OPENSSL_free(mp); -+ } -+ -+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops -+ * to 0 */ -+ } -+ break; -+ case 1: -+ break; -+ } -+} - - void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, -- const char *file, int line, int before_p) -- { -- MEM m,*mp; -+ const char *file, int line, int before_p) -+{ -+ MEM m, *mp; - - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", -- addr1, addr2, num, file, line, before_p); -+ fprintf(stderr, -+ "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", -+ addr1, addr2, num, file, line, before_p); - #endif - -- switch(before_p) -- { -- case 0: -- break; -- case 1: -- if (addr2 == NULL) -- break; -- -- if (addr1 == NULL) -- { -- CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p); -- break; -- } -- -- if (is_MemCheck_on()) -- { -- MemCheck_off(); /* make sure we hold MALLOC2 lock */ -- -- m.addr=addr1; -- mp=(MEM *)lh_delete(mh,(char *)&m); -- if (mp != NULL) -- { -+ switch (before_p) { -+ case 0: -+ break; -+ case 1: -+ if (addr2 == NULL) -+ break; -+ -+ if (addr1 == NULL) { -+ CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p); -+ break; -+ } -+ -+ if (is_MemCheck_on()) { -+ MemCheck_off(); /* make sure we hold MALLOC2 lock */ -+ -+ m.addr = addr1; -+ mp = (MEM *)lh_delete(mh, (char *)&m); -+ if (mp != NULL) { - #ifdef LEVITTE_DEBUG_MEM -- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", -- mp->order, -- mp->addr, mp->num, -- addr2, num); -+ fprintf(stderr, -+ "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", -+ mp->order, mp->addr, mp->num, addr2, num); - #endif -- mp->addr=addr2; -- mp->num=num; -- lh_insert(mh,(char *)mp); -- } -- -- MemCheck_on(); /* release MALLOC2 lock -- * if num_disabled drops to 0 */ -- } -- break; -- } -- return; -- } -- -- --typedef struct mem_leak_st -- { -- BIO *bio; -- int chunks; -- long bytes; -- } MEM_LEAK; -+ mp->addr = addr2; -+ mp->num = num; -+ lh_insert(mh, (char *)mp); -+ } -+ -+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops -+ * to 0 */ -+ } -+ break; -+ } -+ return; -+} -+ -+typedef struct mem_leak_st { -+ BIO *bio; -+ int chunks; -+ long bytes; -+} MEM_LEAK; - - static void print_leak(const MEM *m, MEM_LEAK *l) -- { -- char buf[1024]; -- char *bufp = buf; -- APP_INFO *amip; -- int ami_cnt; -- struct tm *lcl = NULL; -- unsigned long ti; -+{ -+ char buf[1024]; -+ char *bufp = buf; -+ APP_INFO *amip; -+ int ami_cnt; -+ struct tm *lcl = NULL; -+ unsigned long ti; - - #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) - -- if(m->addr == (char *)l->bio) -- return; -- -- if (options & V_CRYPTO_MDEBUG_TIME) -- { -- lcl = localtime(&m->time); -- -- BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", -- lcl->tm_hour,lcl->tm_min,lcl->tm_sec); -- bufp += strlen(bufp); -- } -- -- BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", -- m->order,m->file,m->line); -- bufp += strlen(bufp); -- -- if (options & V_CRYPTO_MDEBUG_THREAD) -- { -- BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); -- bufp += strlen(bufp); -- } -- -- BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", -- m->num,(unsigned long)m->addr); -- bufp += strlen(bufp); -- -- BIO_puts(l->bio,buf); -- -- l->chunks++; -- l->bytes+=m->num; -- -- amip=m->app_info; -- ami_cnt=0; -- if (!amip) -- return; -- ti=amip->thread; -- -- do -- { -- int buf_len; -- int info_len; -- -- ami_cnt++; -- memset(buf,'>',ami_cnt); -- BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, -- " thread=%lu, file=%s, line=%d, info=\"", -- amip->thread, amip->file, amip->line); -- buf_len=strlen(buf); -- info_len=strlen(amip->info); -- if (128 - buf_len - 3 < info_len) -- { -- memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); -- buf_len = 128 - 3; -- } -- else -- { -- BUF_strlcpy(buf + buf_len, amip->info, -- sizeof buf - buf_len); -- buf_len = strlen(buf); -- } -- BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); -- -- BIO_puts(l->bio,buf); -- -- amip = amip->next; -- } -- while(amip && amip->thread == ti); -- -+ if (m->addr == (char *)l->bio) -+ return; -+ -+ if (options & V_CRYPTO_MDEBUG_TIME) { -+ lcl = localtime(&m->time); -+ -+ BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", -+ lcl->tm_hour, lcl->tm_min, lcl->tm_sec); -+ bufp += strlen(bufp); -+ } -+ -+ BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", -+ m->order, m->file, m->line); -+ bufp += strlen(bufp); -+ -+ if (options & V_CRYPTO_MDEBUG_THREAD) { -+ BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); -+ bufp += strlen(bufp); -+ } -+ -+ BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", -+ m->num, (unsigned long)m->addr); -+ bufp += strlen(bufp); -+ -+ BIO_puts(l->bio, buf); -+ -+ l->chunks++; -+ l->bytes += m->num; -+ -+ amip = m->app_info; -+ ami_cnt = 0; -+ if (!amip) -+ return; -+ ti = amip->thread; -+ -+ do { -+ int buf_len; -+ int info_len; -+ -+ ami_cnt++; -+ memset(buf, '>', ami_cnt); -+ BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, -+ " thread=%lu, file=%s, line=%d, info=\"", -+ amip->thread, amip->file, amip->line); -+ buf_len = strlen(buf); -+ info_len = strlen(amip->info); -+ if (128 - buf_len - 3 < info_len) { -+ memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); -+ buf_len = 128 - 3; -+ } else { -+ BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); -+ buf_len = strlen(buf); -+ } -+ BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); -+ -+ BIO_puts(l->bio, buf); -+ -+ amip = amip->next; -+ } -+ while (amip && amip->thread == ti); -+ - #ifdef LEVITTE_DEBUG_MEM -- if (amip) -- { -- fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); -- abort(); -- } -+ if (amip) { -+ fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); -+ abort(); -+ } - #endif -- } -+} - - static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) - - void CRYPTO_mem_leaks(BIO *b) -- { -- MEM_LEAK ml; -- -- if (mh == NULL && amih == NULL) -- return; -- -- MemCheck_off(); /* obtain MALLOC2 lock */ -- -- ml.bio=b; -- ml.bytes=0; -- ml.chunks=0; -- if (mh != NULL) -- lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), -- (char *)&ml); -- if (ml.chunks != 0) -- { -- BIO_printf(b,"%ld bytes leaked in %d chunks\n", -- ml.bytes,ml.chunks); -- } -- else -- { -- /* Make sure that, if we found no leaks, memory-leak debugging itself -- * does not introduce memory leaks (which might irritate -- * external debugging tools). -- * (When someone enables leak checking, but does not call -- * this function, we declare it to be their fault.) -- * -- * XXX This should be in CRYPTO_mem_leaks_cb, -- * and CRYPTO_mem_leaks should be implemented by -- * using CRYPTO_mem_leaks_cb. -- * (Also their should be a variant of lh_doall_arg -- * that takes a function pointer instead of a void *; -- * this would obviate the ugly and illegal -- * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. -- * Otherwise the code police will come and get us.) -- */ -- int old_mh_mode; -- -- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); -- -- /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(), -- * which uses CRYPTO_is_mem_check_on */ -- old_mh_mode = mh_mode; -- mh_mode = CRYPTO_MEM_CHECK_OFF; -- -- if (mh != NULL) -- { -- lh_free(mh); -- mh = NULL; -- } -- if (amih != NULL) -- { -- if (lh_num_items(amih) == 0) -- { -- lh_free(amih); -- amih = NULL; -- } -- } -- -- mh_mode = old_mh_mode; -- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); -- } -- MemCheck_on(); /* release MALLOC2 lock */ -- } -+{ -+ MEM_LEAK ml; -+ -+ if (mh == NULL && amih == NULL) -+ return; -+ -+ MemCheck_off(); /* obtain MALLOC2 lock */ -+ -+ ml.bio = b; -+ ml.bytes = 0; -+ ml.chunks = 0; -+ if (mh != NULL) -+ lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), (char *)&ml); -+ if (ml.chunks != 0) { -+ BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks); -+ } else { -+ /* -+ * Make sure that, if we found no leaks, memory-leak debugging itself -+ * does not introduce memory leaks (which might irritate external -+ * debugging tools). (When someone enables leak checking, but does not -+ * call this function, we declare it to be their fault.) XXX This -+ * should be in CRYPTO_mem_leaks_cb, and CRYPTO_mem_leaks should be -+ * implemented by using CRYPTO_mem_leaks_cb. (Also their should be a -+ * variant of lh_doall_arg that takes a function pointer instead of a -+ * void *; this would obviate the ugly and illegal void_fn_to_char -+ * kludge in CRYPTO_mem_leaks_cb. Otherwise the code police will come -+ * and get us.) -+ */ -+ int old_mh_mode; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); -+ -+ /* -+ * avoid deadlock when lh_free() uses CRYPTO_dbg_free(), which uses -+ * CRYPTO_is_mem_check_on -+ */ -+ old_mh_mode = mh_mode; -+ mh_mode = CRYPTO_MEM_CHECK_OFF; -+ -+ if (mh != NULL) { -+ lh_free(mh); -+ mh = NULL; -+ } -+ if (amih != NULL) { -+ if (lh_num_items(amih) == 0) { -+ lh_free(amih); -+ amih = NULL; -+ } -+ } -+ -+ mh_mode = old_mh_mode; -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); -+ } -+ MemCheck_on(); /* release MALLOC2 lock */ -+} - - #ifndef OPENSSL_NO_FP_API - void CRYPTO_mem_leaks_fp(FILE *fp) -- { -- BIO *b; -- -- if (mh == NULL) return; -- /* Need to turn off memory checking when allocated BIOs ... especially -- * as we're creating them at a time when we're trying to check we've not -- * left anything un-free()'d!! */ -- MemCheck_off(); -- b = BIO_new(BIO_s_file()); -- MemCheck_on(); -- if(!b) return; -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- CRYPTO_mem_leaks(b); -- BIO_free(b); -- } -+{ -+ BIO *b; -+ -+ if (mh == NULL) -+ return; -+ /* -+ * Need to turn off memory checking when allocated BIOs ... especially as -+ * we're creating them at a time when we're trying to check we've not -+ * left anything un-free()'d!! -+ */ -+ MemCheck_off(); -+ b = BIO_new(BIO_s_file()); -+ MemCheck_on(); -+ if (!b) -+ return; -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ CRYPTO_mem_leaks(b); -+ BIO_free(b); -+} - #endif - -- -- --/* FIXME: We really don't allow much to the callback. For example, it has -- no chance of reaching the info stack for the item it processes. Should -- it really be this way? -- Richard Levitte */ --/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h -- * If this code is restructured, remove the callback type if it is no longer -- * needed. -- Geoff Thorpe */ -+/* -+ * FIXME: We really don't allow much to the callback. For example, it has no -+ * chance of reaching the info stack for the item it processes. Should it -+ * really be this way? -- Richard Levitte -+ */ -+/* -+ * NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside -+ * crypto.h If this code is restructured, remove the callback type if it is -+ * no longer needed. -- Geoff Thorpe -+ */ - static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb) -- { -- (**cb)(m->order,m->file,m->line,m->num,m->addr); -- } -+{ -+ (**cb) (m->order, m->file, m->line, m->num, m->addr); -+} - --static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **) -+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, -+ CRYPTO_MEM_LEAK_CB **) - - void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) -- { -- if (mh == NULL) return; -- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); -- lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); -- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); -- } -+{ -+ if (mh == NULL) -+ return; -+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); -+ lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); -+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); -+} - - void CRYPTO_malloc_debug_init(void) -- { -- CRYPTO_set_mem_debug_functions( -- CRYPTO_dbg_malloc, -- CRYPTO_dbg_realloc, -- CRYPTO_dbg_free, -- CRYPTO_dbg_set_options, -- CRYPTO_dbg_get_options); -- CRYPTO_set_mem_info_functions( -- CRYPTO_dbg_push_info, -- CRYPTO_dbg_pop_info, -- CRYPTO_dbg_remove_all_info); -- } -+{ -+ CRYPTO_set_mem_debug_functions(CRYPTO_dbg_malloc, -+ CRYPTO_dbg_realloc, -+ CRYPTO_dbg_free, -+ CRYPTO_dbg_set_options, -+ CRYPTO_dbg_get_options); -+ CRYPTO_set_mem_info_functions(CRYPTO_dbg_push_info, -+ CRYPTO_dbg_pop_info, -+ CRYPTO_dbg_remove_all_info); -+} - - char *CRYPTO_strdup(const char *str, const char *file, int line) -- { -- char *ret = CRYPTO_malloc(strlen(str)+1, file, line); -+{ -+ char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); - -- strcpy(ret, str); -- return ret; -- } -+ strcpy(ret, str); -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c -index 42891ea..2624244 100644 ---- a/Cryptlib/OpenSSL/crypto/o_dir.c -+++ b/Cryptlib/OpenSSL/crypto/o_dir.c -@@ -1,6 +1,7 @@ - /* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -59,9 +60,11 @@ - #include - #include - --/* The routines really come from the Levitte Programming, so to make -- life simple, let's just use the raw files and hack the symbols to -- fit our namespace. */ -+/* -+ * The routines really come from the Levitte Programming, so to make life -+ * simple, let's just use the raw files and hack the symbols to fit our -+ * namespace. -+ */ - #define LP_DIR_CTX OPENSSL_DIR_CTX - #define LP_dir_context_st OPENSSL_dir_context_st - #define LP_find_file OPENSSL_DIR_read -@@ -71,13 +74,13 @@ - - #define LPDIR_H - #if defined OPENSSL_SYS_UNIX || defined DJGPP --#include "LPdir_unix.c" -+# include "LPdir_unix.c" - #elif defined OPENSSL_SYS_VMS --#include "LPdir_vms.c" -+# include "LPdir_vms.c" - #elif defined OPENSSL_SYS_WIN32 --#include "LPdir_win32.c" -+# include "LPdir_win32.c" - #elif defined OPENSSL_SYS_WINCE --#include "LPdir_wince.c" -+# include "LPdir_wince.c" - #else --#include "LPdir_nyi.c" -+# include "LPdir_nyi.c" - #endif -diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c -index c89fda5..6f5103e 100644 ---- a/Cryptlib/OpenSSL/crypto/o_init.c -+++ b/Cryptlib/OpenSSL/crypto/o_init.c -@@ -1,5 +1,6 @@ - /* o_init.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,50 +62,50 @@ - - /* Internal only functions: only ever used here */ - #ifdef OPENSSL_FIPS --extern void int_ERR_lib_init(void); -+extern void int_ERR_lib_init(void); - # ifndef OPENSSL_NO_ENGINE --extern void int_EVP_MD_init_engine_callbacks(void ); --extern void int_EVP_CIPHER_init_engine_callbacks(void ); --extern void int_RAND_init_engine_callbacks(void ); -+extern void int_EVP_MD_init_engine_callbacks(void); -+extern void int_EVP_CIPHER_init_engine_callbacks(void); -+extern void int_RAND_init_engine_callbacks(void); - # endif - #endif - --/* Perform any essential OpenSSL initialization operations. -- * Currently only sets FIPS callbacks -+/* -+ * Perform any essential OpenSSL initialization operations. Currently only -+ * sets FIPS callbacks - */ - - void OPENSSL_init(void) -- { -+{ - #ifdef OPENSSL_FIPS -- static int done = 0; -- if (!done) -- { -- int_ERR_lib_init(); --#ifdef CRYPTO_MDEBUG -- CRYPTO_malloc_debug_init(); --#endif --#ifndef OPENSSL_NO_ENGINE -- int_EVP_MD_init_engine_callbacks(); -- int_EVP_CIPHER_init_engine_callbacks(); -- int_RAND_init_engine_callbacks(); --#endif -- done = 1; -- } -+ static int done = 0; -+ if (!done) { -+ int_ERR_lib_init(); -+# ifdef CRYPTO_MDEBUG -+ CRYPTO_malloc_debug_init(); -+# endif -+# ifndef OPENSSL_NO_ENGINE -+ int_EVP_MD_init_engine_callbacks(); -+ int_EVP_CIPHER_init_engine_callbacks(); -+ int_RAND_init_engine_callbacks(); -+# endif -+ done = 1; -+ } - #endif -- } -- -+} -+ - #ifdef OPENSSL_FIPS - - int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) -- { -- size_t i; -- const unsigned char *a = in_a; -- const unsigned char *b = in_b; -- unsigned char x = 0; -+{ -+ size_t i; -+ const unsigned char *a = in_a; -+ const unsigned char *b = in_b; -+ unsigned char x = 0; - -- for (i = 0; i < len; i++) -- x |= a[i] ^ b[i]; -+ for (i = 0; i < len; i++) -+ x |= a[i] ^ b[i]; - -- return x; -- } -+ return x; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c -index 56104a6..b23ef32 100644 ---- a/Cryptlib/OpenSSL/crypto/o_str.c -+++ b/Cryptlib/OpenSSL/crypto/o_str.c -@@ -1,6 +1,7 @@ - /* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2003. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2003. - */ - /* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -67,45 +68,49 @@ - #endif - - int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) -- { -+{ - #if defined(OPENSSL_IMPLEMENTS_strncasecmp) -- while (*str1 && *str2 && n) -- { -- int res = toupper(*str1) - toupper(*str2); -- if (res) return res < 0 ? -1 : 1; -- str1++; -- str2++; -- n--; -- } -- if (n == 0) -- return 0; -- if (*str1) -- return 1; -- if (*str2) -- return -1; -- return 0; -+ while (*str1 && *str2 && n) { -+ int res = toupper(*str1) - toupper(*str2); -+ if (res) -+ return res < 0 ? -1 : 1; -+ str1++; -+ str2++; -+ n--; -+ } -+ if (n == 0) -+ return 0; -+ if (*str1) -+ return 1; -+ if (*str2) -+ return -1; -+ return 0; - #else -- /* Recursion hazard warning! Whenever strncasecmp is #defined as -- * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be -- * defined as well. */ -- return strncasecmp(str1, str2, n); -+ /* -+ * Recursion hazard warning! Whenever strncasecmp is #defined as -+ * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as -+ * well. -+ */ -+ return strncasecmp(str1, str2, n); - #endif -- } -+} -+ - int OPENSSL_strcasecmp(const char *str1, const char *str2) -- { -+{ - #if defined(OPENSSL_IMPLEMENTS_strncasecmp) -- return OPENSSL_strncasecmp(str1, str2, (size_t)-1); -+ return OPENSSL_strncasecmp(str1, str2, (size_t)-1); - #else -- return strcasecmp(str1, str2); -+ return strcasecmp(str1, str2); - #endif -- } -+} - --int OPENSSL_memcmp(const void *v1,const void *v2,size_t n) -- { -- const unsigned char *c1=v1,*c2=v2; -- int ret=0; -+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n) -+{ -+ const unsigned char *c1 = v1, *c2 = v2; -+ int ret = 0; - -- while(n && (ret=*c1-*c2)==0) n--,c1++,c2++; -+ while (n && (ret = *c1 - *c2) == 0) -+ n--, c1++, c2++; - -- return ret; -- } -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c -index e29091d..504e313 100644 ---- a/Cryptlib/OpenSSL/crypto/o_time.c -+++ b/Cryptlib/OpenSSL/crypto/o_time.c -@@ -1,6 +1,7 @@ - /* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -70,148 +71,157 @@ - #endif - - struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) -- { -- struct tm *ts = NULL; -+{ -+ struct tm *ts = NULL; - - #if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) -- /* should return &data, but doesn't on some systems, -- so we don't even look at the return value */ -- gmtime_r(timer,result); -- ts = result; -+ /* -+ * should return &data, but doesn't on some systems, so we don't even -+ * look at the return value -+ */ -+ gmtime_r(timer, result); -+ ts = result; - #elif !defined(OPENSSL_SYS_VMS) -- ts = gmtime(timer); -- if (ts == NULL) -- return NULL; -+ ts = gmtime(timer); -+ if (ts == NULL) -+ return NULL; - -- memcpy(result, ts, sizeof(struct tm)); -- ts = result; -+ memcpy(result, ts, sizeof(struct tm)); -+ ts = result; - #endif - #ifdef OPENSSL_SYS_VMS -- if (ts == NULL) -- { -- static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL"); -- static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL"); -- char logvalue[256]; -- unsigned int reslen = 0; -- struct { -- short buflen; -- short code; -- void *bufaddr; -- unsigned int *reslen; -- } itemlist[] = { -- { 0, LNM$_STRING, 0, 0 }, -- { 0, 0, 0, 0 }, -- }; -- int status; -- time_t t; -- -- /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */ -- itemlist[0].buflen = sizeof(logvalue); -- itemlist[0].bufaddr = logvalue; -- itemlist[0].reslen = &reslen; -- status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist); -- if (!(status & 1)) -- return NULL; -- logvalue[reslen] = '\0'; -- -- t = *timer; -+ if (ts == NULL) { -+ static $DESCRIPTOR(tabnam, "LNM$DCL_LOGICAL"); -+ static $DESCRIPTOR(lognam, "SYS$TIMEZONE_DIFFERENTIAL"); -+ char logvalue[256]; -+ unsigned int reslen = 0; -+ struct { -+ short buflen; -+ short code; -+ void *bufaddr; -+ unsigned int *reslen; -+ } itemlist[] = { -+ { -+ 0, LNM$_STRING, 0, 0 -+ }, -+ { -+ 0, 0, 0, 0 -+ }, -+ }; -+ int status; -+ time_t t; -+ -+ /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */ -+ itemlist[0].buflen = sizeof(logvalue); -+ itemlist[0].bufaddr = logvalue; -+ itemlist[0].reslen = &reslen; -+ status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist); -+ if (!(status & 1)) -+ return NULL; -+ logvalue[reslen] = '\0'; -+ -+ t = *timer; - - /* The following is extracted from the DEC C header time.h */ --/* --** Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime --** have two implementations. One implementation is provided --** for compatibility and deals with time in terms of local time, --** the other __utc_* deals with time in terms of UTC. --*/ --/* We use the same conditions as in said time.h to check if we should -- assume that t contains local time (and should therefore be adjusted) -- or UTC (and should therefore be left untouched). */ --#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE -- /* Get the numerical value of the equivalence string */ -- status = atoi(logvalue); -- -- /* and use it to move time to GMT */ -- t -= status; --#endif -- -- /* then convert the result to the time structure */ -- -- /* Since there was no gmtime_r() to do this stuff for us, -- we have to do it the hard way. */ -- { -- /* The VMS epoch is the astronomical Smithsonian date, -- if I remember correctly, which is November 17, 1858. -- Furthermore, time is measure in thenths of microseconds -- and stored in quadwords (64 bit integers). unix_epoch -- below is January 1st 1970 expressed as a VMS time. The -- following code was used to get this number: -- -- #include -- #include -- #include -- #include -- -- main() -- { -- unsigned long systime[2]; -- unsigned short epoch_values[7] = -- { 1970, 1, 1, 0, 0, 0, 0 }; -- -- lib$cvt_vectim(epoch_values, systime); -- -- printf("%u %u", systime[0], systime[1]); -- } -- */ -- unsigned long unix_epoch[2] = { 1273708544, 8164711 }; -- unsigned long deltatime[2]; -- unsigned long systime[2]; -- struct vms_vectime -- { -- short year, month, day, hour, minute, second, -- centi_second; -- } time_values; -- long operation; -- -- /* Turn the number of seconds since January 1st 1970 to -- an internal delta time. -- Note that lib$cvt_to_internal_time() will assume -- that t is signed, and will therefore break on 32-bit -- systems some time in 2038. -- */ -- operation = LIB$K_DELTA_SECONDS; -- status = lib$cvt_to_internal_time(&operation, -- &t, deltatime); -- -- /* Add the delta time with the Unix epoch and we have -- the current UTC time in internal format */ -- status = lib$add_times(unix_epoch, deltatime, systime); -- -- /* Turn the internal time into a time vector */ -- status = sys$numtim(&time_values, systime); -- -- /* Fill in the struct tm with the result */ -- result->tm_sec = time_values.second; -- result->tm_min = time_values.minute; -- result->tm_hour = time_values.hour; -- result->tm_mday = time_values.day; -- result->tm_mon = time_values.month - 1; -- result->tm_year = time_values.year - 1900; -- -- operation = LIB$K_DAY_OF_WEEK; -- status = lib$cvt_from_internal_time(&operation, -- &result->tm_wday, systime); -- result->tm_wday %= 7; -- -- operation = LIB$K_DAY_OF_YEAR; -- status = lib$cvt_from_internal_time(&operation, -- &result->tm_yday, systime); -- result->tm_yday--; -- -- result->tm_isdst = 0; /* There's no way to know... */ -- -- ts = result; -- } -- } -+ /* -+ ** Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime -+ ** have two implementations. One implementation is provided -+ ** for compatibility and deals with time in terms of local time, -+ ** the other __utc_* deals with time in terms of UTC. -+ */ -+ /* -+ * We use the same conditions as in said time.h to check if we should -+ * assume that t contains local time (and should therefore be -+ * adjusted) or UTC (and should therefore be left untouched). -+ */ -+# if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE -+ /* Get the numerical value of the equivalence string */ -+ status = atoi(logvalue); -+ -+ /* and use it to move time to GMT */ -+ t -= status; -+# endif -+ -+ /* then convert the result to the time structure */ -+ -+ /* -+ * Since there was no gmtime_r() to do this stuff for us, we have to -+ * do it the hard way. -+ */ -+ { -+ /*- -+ * The VMS epoch is the astronomical Smithsonian date, -+ if I remember correctly, which is November 17, 1858. -+ Furthermore, time is measure in thenths of microseconds -+ and stored in quadwords (64 bit integers). unix_epoch -+ below is January 1st 1970 expressed as a VMS time. The -+ following code was used to get this number: -+ -+ #include -+ #include -+ #include -+ #include -+ -+ main() -+ { -+ unsigned long systime[2]; -+ unsigned short epoch_values[7] = -+ { 1970, 1, 1, 0, 0, 0, 0 }; -+ -+ lib$cvt_vectim(epoch_values, systime); -+ -+ printf("%u %u", systime[0], systime[1]); -+ } -+ */ -+ unsigned long unix_epoch[2] = { 1273708544, 8164711 }; -+ unsigned long deltatime[2]; -+ unsigned long systime[2]; -+ struct vms_vectime { -+ short year, month, day, hour, minute, second, centi_second; -+ } time_values; -+ long operation; -+ -+ /* -+ * Turn the number of seconds since January 1st 1970 to an -+ * internal delta time. Note that lib$cvt_to_internal_time() will -+ * assume that t is signed, and will therefore break on 32-bit -+ * systems some time in 2038. -+ */ -+ operation = LIB$K_DELTA_SECONDS; -+ status = lib$cvt_to_internal_time(&operation, &t, deltatime); -+ -+ /* -+ * Add the delta time with the Unix epoch and we have the current -+ * UTC time in internal format -+ */ -+ status = lib$add_times(unix_epoch, deltatime, systime); -+ -+ /* Turn the internal time into a time vector */ -+ status = sys$numtim(&time_values, systime); -+ -+ /* Fill in the struct tm with the result */ -+ result->tm_sec = time_values.second; -+ result->tm_min = time_values.minute; -+ result->tm_hour = time_values.hour; -+ result->tm_mday = time_values.day; -+ result->tm_mon = time_values.month - 1; -+ result->tm_year = time_values.year - 1900; -+ -+ operation = LIB$K_DAY_OF_WEEK; -+ status = lib$cvt_from_internal_time(&operation, -+ &result->tm_wday, systime); -+ result->tm_wday %= 7; -+ -+ operation = LIB$K_DAY_OF_YEAR; -+ status = lib$cvt_from_internal_time(&operation, -+ &result->tm_yday, systime); -+ result->tm_yday--; -+ -+ result->tm_isdst = 0; /* There's no way to know... */ -+ -+ ts = result; -+ } -+ } - #endif -- return ts; -- } -+ return ts; -+} -diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c -index adb5731..1c41c08 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/o_names.c -+++ b/Cryptlib/OpenSSL/crypto/objects/o_names.c -@@ -8,7 +8,8 @@ - #include - #include - --/* Later versions of DEC C has started to add lnkage information to certain -+/* -+ * Later versions of DEC C has started to add lnkage information to certain - * functions, which makes it tricky to use them as values to regular function - * pointers. One way is to define a macro that takes care of casting them - * correctly. -@@ -19,351 +20,340 @@ - # define OPENSSL_strcmp strcmp - #endif - --/* I use the ex_data stuff to manage the identifiers for the obj_name_types -+/* -+ * I use the ex_data stuff to manage the identifiers for the obj_name_types - * that applications may define. I only really use the free function field. - */ --static LHASH *names_lh=NULL; --static int names_type_num=OBJ_NAME_TYPE_NUM; -+static LHASH *names_lh = NULL; -+static int names_type_num = OBJ_NAME_TYPE_NUM; - --typedef struct name_funcs_st -- { -- unsigned long (*hash_func)(const char *name); -- int (*cmp_func)(const char *a,const char *b); -- void (*free_func)(const char *, int, const char *); -- } NAME_FUNCS; -+typedef struct name_funcs_st { -+ unsigned long (*hash_func) (const char *name); -+ int (*cmp_func) (const char *a, const char *b); -+ void (*free_func) (const char *, int, const char *); -+} NAME_FUNCS; - - DECLARE_STACK_OF(NAME_FUNCS) - IMPLEMENT_STACK_OF(NAME_FUNCS) - - static STACK_OF(NAME_FUNCS) *name_funcs_stack; - --/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable -- * casting in the functions. This prevents function pointer casting without the -- * need for macro-generated wrapper functions. */ -+/* -+ * The LHASH callbacks now use the raw "void *" prototypes and do -+ * per-variable casting in the functions. This prevents function pointer -+ * casting without the need for macro-generated wrapper functions. -+ */ - - /* static unsigned long obj_name_hash(OBJ_NAME *a); */ - static unsigned long obj_name_hash(const void *a_void); - /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ --static int obj_name_cmp(const void *a_void,const void *b_void); -+static int obj_name_cmp(const void *a_void, const void *b_void); - - int OBJ_NAME_init(void) -- { -- if (names_lh != NULL) return(1); -- MemCheck_off(); -- names_lh=lh_new(obj_name_hash, obj_name_cmp); -- MemCheck_on(); -- return(names_lh != NULL); -- } -- --int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), -- int (*cmp_func)(const char *, const char *), -- void (*free_func)(const char *, int, const char *)) -- { -- int ret; -- int i; -- NAME_FUNCS *name_funcs; -- -- if (name_funcs_stack == NULL) -- { -- MemCheck_off(); -- name_funcs_stack=sk_NAME_FUNCS_new_null(); -- MemCheck_on(); -- } -- if ((name_funcs_stack == NULL)) -- { -- /* ERROR */ -- return(0); -- } -- ret=names_type_num; -- names_type_num++; -- for (i=sk_NAME_FUNCS_num(name_funcs_stack); ihash_func = lh_strhash; -- name_funcs->cmp_func = OPENSSL_strcmp; -- name_funcs->free_func = 0; /* NULL is often declared to -- * ((void *)0), which according -- * to Compaq C is not really -- * compatible with a function -- * pointer. -- Richard Levitte*/ -- MemCheck_off(); -- sk_NAME_FUNCS_push(name_funcs_stack,name_funcs); -- MemCheck_on(); -- } -- name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); -- if (hash_func != NULL) -- name_funcs->hash_func = hash_func; -- if (cmp_func != NULL) -- name_funcs->cmp_func = cmp_func; -- if (free_func != NULL) -- name_funcs->free_func = free_func; -- return(ret); -- } -+{ -+ if (names_lh != NULL) -+ return (1); -+ MemCheck_off(); -+ names_lh = lh_new(obj_name_hash, obj_name_cmp); -+ MemCheck_on(); -+ return (names_lh != NULL); -+} -+ -+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), -+ int (*cmp_func) (const char *, const char *), -+ void (*free_func) (const char *, int, const char *)) -+{ -+ int ret; -+ int i; -+ NAME_FUNCS *name_funcs; -+ -+ if (name_funcs_stack == NULL) { -+ MemCheck_off(); -+ name_funcs_stack = sk_NAME_FUNCS_new_null(); -+ MemCheck_on(); -+ } -+ if ((name_funcs_stack == NULL)) { -+ /* ERROR */ -+ return (0); -+ } -+ ret = names_type_num; -+ names_type_num++; -+ for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) { -+ MemCheck_off(); -+ name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); -+ MemCheck_on(); -+ if (!name_funcs) { -+ OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ name_funcs->hash_func = lh_strhash; -+ name_funcs->cmp_func = OPENSSL_strcmp; -+ name_funcs->free_func = 0; /* NULL is often declared to * ((void -+ * *)0), which according * to Compaq C is -+ * not really * compatible with a function -+ * * pointer. -- Richard Levitte */ -+ MemCheck_off(); -+ sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); -+ MemCheck_on(); -+ } -+ name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); -+ if (hash_func != NULL) -+ name_funcs->hash_func = hash_func; -+ if (cmp_func != NULL) -+ name_funcs->cmp_func = cmp_func; -+ if (free_func != NULL) -+ name_funcs->free_func = free_func; -+ return (ret); -+} - - /* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */ - static int obj_name_cmp(const void *a_void, const void *b_void) -- { -- int ret; -- const OBJ_NAME *a = (const OBJ_NAME *)a_void; -- const OBJ_NAME *b = (const OBJ_NAME *)b_void; -- -- ret=a->type-b->type; -- if (ret == 0) -- { -- if ((name_funcs_stack != NULL) -- && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) -- { -- ret=sk_NAME_FUNCS_value(name_funcs_stack, -- a->type)->cmp_func(a->name,b->name); -- } -- else -- ret=strcmp(a->name,b->name); -- } -- return(ret); -- } -+{ -+ int ret; -+ const OBJ_NAME *a = (const OBJ_NAME *)a_void; -+ const OBJ_NAME *b = (const OBJ_NAME *)b_void; -+ -+ ret = a->type - b->type; -+ if (ret == 0) { -+ if ((name_funcs_stack != NULL) -+ && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { -+ ret = sk_NAME_FUNCS_value(name_funcs_stack, -+ a->type)->cmp_func(a->name, b->name); -+ } else -+ ret = strcmp(a->name, b->name); -+ } -+ return (ret); -+} - - /* static unsigned long obj_name_hash(OBJ_NAME *a) */ - static unsigned long obj_name_hash(const void *a_void) -- { -- unsigned long ret; -- const OBJ_NAME *a = (const OBJ_NAME *)a_void; -- -- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) -- { -- ret=sk_NAME_FUNCS_value(name_funcs_stack, -- a->type)->hash_func(a->name); -- } -- else -- { -- ret=lh_strhash(a->name); -- } -- ret^=a->type; -- return(ret); -- } -+{ -+ unsigned long ret; -+ const OBJ_NAME *a = (const OBJ_NAME *)a_void; -+ -+ if ((name_funcs_stack != NULL) -+ && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { -+ ret = -+ sk_NAME_FUNCS_value(name_funcs_stack, -+ a->type)->hash_func(a->name); -+ } else { -+ ret = lh_strhash(a->name); -+ } -+ ret ^= a->type; -+ return (ret); -+} - - const char *OBJ_NAME_get(const char *name, int type) -- { -- OBJ_NAME on,*ret; -- int num=0,alias; -- -- if (name == NULL) return(NULL); -- if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL); -- -- alias=type&OBJ_NAME_ALIAS; -- type&= ~OBJ_NAME_ALIAS; -- -- on.name=name; -- on.type=type; -- -- for (;;) -- { -- ret=(OBJ_NAME *)lh_retrieve(names_lh,&on); -- if (ret == NULL) return(NULL); -- if ((ret->alias) && !alias) -- { -- if (++num > 10) return(NULL); -- on.name=ret->data; -- } -- else -- { -- return(ret->data); -- } -- } -- } -+{ -+ OBJ_NAME on, *ret; -+ int num = 0, alias; -+ -+ if (name == NULL) -+ return (NULL); -+ if ((names_lh == NULL) && !OBJ_NAME_init()) -+ return (NULL); -+ -+ alias = type & OBJ_NAME_ALIAS; -+ type &= ~OBJ_NAME_ALIAS; -+ -+ on.name = name; -+ on.type = type; -+ -+ for (;;) { -+ ret = (OBJ_NAME *)lh_retrieve(names_lh, &on); -+ if (ret == NULL) -+ return (NULL); -+ if ((ret->alias) && !alias) { -+ if (++num > 10) -+ return (NULL); -+ on.name = ret->data; -+ } else { -+ return (ret->data); -+ } -+ } -+} - - int OBJ_NAME_add(const char *name, int type, const char *data) -- { -- OBJ_NAME *onp,*ret; -- int alias; -- -- if ((names_lh == NULL) && !OBJ_NAME_init()) return(0); -- -- alias=type&OBJ_NAME_ALIAS; -- type&= ~OBJ_NAME_ALIAS; -- -- onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME)); -- if (onp == NULL) -- { -- /* ERROR */ -- return(0); -- } -- -- onp->name=name; -- onp->alias=alias; -- onp->type=type; -- onp->data=data; -- -- ret=(OBJ_NAME *)lh_insert(names_lh,onp); -- if (ret != NULL) -- { -- /* free things */ -- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) -- { -- /* XXX: I'm not sure I understand why the free -- * function should get three arguments... -- * -- Richard Levitte -- */ -- sk_NAME_FUNCS_value(name_funcs_stack, -- ret->type)->free_func(ret->name,ret->type,ret->data); -- } -- OPENSSL_free(ret); -- } -- else -- { -- if (lh_error(names_lh)) -- { -- /* ERROR */ -- return(0); -- } -- } -- return(1); -- } -+{ -+ OBJ_NAME *onp, *ret; -+ int alias; -+ -+ if ((names_lh == NULL) && !OBJ_NAME_init()) -+ return (0); -+ -+ alias = type & OBJ_NAME_ALIAS; -+ type &= ~OBJ_NAME_ALIAS; -+ -+ onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME)); -+ if (onp == NULL) { -+ /* ERROR */ -+ return (0); -+ } -+ -+ onp->name = name; -+ onp->alias = alias; -+ onp->type = type; -+ onp->data = data; -+ -+ ret = (OBJ_NAME *)lh_insert(names_lh, onp); -+ if (ret != NULL) { -+ /* free things */ -+ if ((name_funcs_stack != NULL) -+ && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { -+ /* -+ * XXX: I'm not sure I understand why the free function should -+ * get three arguments... -- Richard Levitte -+ */ -+ sk_NAME_FUNCS_value(name_funcs_stack, -+ ret->type)->free_func(ret->name, ret->type, -+ ret->data); -+ } -+ OPENSSL_free(ret); -+ } else { -+ if (lh_error(names_lh)) { -+ /* ERROR */ -+ return (0); -+ } -+ } -+ return (1); -+} - - int OBJ_NAME_remove(const char *name, int type) -- { -- OBJ_NAME on,*ret; -- -- if (names_lh == NULL) return(0); -- -- type&= ~OBJ_NAME_ALIAS; -- on.name=name; -- on.type=type; -- ret=(OBJ_NAME *)lh_delete(names_lh,&on); -- if (ret != NULL) -- { -- /* free things */ -- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) -- { -- /* XXX: I'm not sure I understand why the free -- * function should get three arguments... -- * -- Richard Levitte -- */ -- sk_NAME_FUNCS_value(name_funcs_stack, -- ret->type)->free_func(ret->name,ret->type,ret->data); -- } -- OPENSSL_free(ret); -- return(1); -- } -- else -- return(0); -- } -- --struct doall -- { -- int type; -- void (*fn)(const OBJ_NAME *,void *arg); -- void *arg; -- }; -- --static void do_all_fn(const OBJ_NAME *name,struct doall *d) -- { -- if(name->type == d->type) -- d->fn(name,d->arg); -- } -- --static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *) -- --void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg) -- { -- struct doall d; -- -- d.type=type; -- d.fn=fn; -- d.arg=arg; -- -- lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d); -- } -- --struct doall_sorted -- { -- int type; -- int n; -- const OBJ_NAME **names; -- }; -- --static void do_all_sorted_fn(const OBJ_NAME *name,void *d_) -- { -- struct doall_sorted *d=d_; -- -- if(name->type != d->type) -- return; -- -- d->names[d->n++]=name; -- } -- --static int do_all_sorted_cmp(const void *n1_,const void *n2_) -- { -- const OBJ_NAME * const *n1=n1_; -- const OBJ_NAME * const *n2=n2_; -- -- return strcmp((*n1)->name,(*n2)->name); -- } -- --void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), -- void *arg) -- { -- struct doall_sorted d; -- int n; -- -- d.type=type; -- d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names); -- d.n=0; -- OBJ_NAME_do_all(type,do_all_sorted_fn,&d); -- -- qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp); -- -- for(n=0 ; n < d.n ; ++n) -- fn(d.names[n],arg); -- -- OPENSSL_free((void *)d.names); -- } -+{ -+ OBJ_NAME on, *ret; -+ -+ if (names_lh == NULL) -+ return (0); -+ -+ type &= ~OBJ_NAME_ALIAS; -+ on.name = name; -+ on.type = type; -+ ret = (OBJ_NAME *)lh_delete(names_lh, &on); -+ if (ret != NULL) { -+ /* free things */ -+ if ((name_funcs_stack != NULL) -+ && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { -+ /* -+ * XXX: I'm not sure I understand why the free function should -+ * get three arguments... -- Richard Levitte -+ */ -+ sk_NAME_FUNCS_value(name_funcs_stack, -+ ret->type)->free_func(ret->name, ret->type, -+ ret->data); -+ } -+ OPENSSL_free(ret); -+ return (1); -+ } else -+ return (0); -+} -+ -+struct doall { -+ int type; -+ void (*fn) (const OBJ_NAME *, void *arg); -+ void *arg; -+}; -+ -+static void do_all_fn(const OBJ_NAME *name, struct doall *d) -+{ -+ if (name->type == d->type) -+ d->fn(name, d->arg); -+} -+ -+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, -+ struct doall *) -+ -+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), -+ void *arg) -+{ -+ struct doall d; -+ -+ d.type = type; -+ d.fn = fn; -+ d.arg = arg; -+ -+ lh_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), &d); -+} -+ -+struct doall_sorted { -+ int type; -+ int n; -+ const OBJ_NAME **names; -+}; -+ -+static void do_all_sorted_fn(const OBJ_NAME *name, void *d_) -+{ -+ struct doall_sorted *d = d_; -+ -+ if (name->type != d->type) -+ return; -+ -+ d->names[d->n++] = name; -+} -+ -+static int do_all_sorted_cmp(const void *n1_, const void *n2_) -+{ -+ const OBJ_NAME *const *n1 = n1_; -+ const OBJ_NAME *const *n2 = n2_; -+ -+ return strcmp((*n1)->name, (*n2)->name); -+} -+ -+void OBJ_NAME_do_all_sorted(int type, -+ void (*fn) (const OBJ_NAME *, void *arg), -+ void *arg) -+{ -+ struct doall_sorted d; -+ int n; -+ -+ d.type = type; -+ d.names = OPENSSL_malloc(lh_num_items(names_lh) * sizeof *d.names); -+ d.n = 0; -+ OBJ_NAME_do_all(type, do_all_sorted_fn, &d); -+ -+ qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); -+ -+ for (n = 0; n < d.n; ++n) -+ fn(d.names[n], arg); -+ -+ OPENSSL_free((void *)d.names); -+} - - static int free_type; - - static void names_lh_free(OBJ_NAME *onp) - { -- if(onp == NULL) -- return; -+ if (onp == NULL) -+ return; - -- if ((free_type < 0) || (free_type == onp->type)) -- { -- OBJ_NAME_remove(onp->name,onp->type); -- } -- } -+ if ((free_type < 0) || (free_type == onp->type)) { -+ OBJ_NAME_remove(onp->name, onp->type); -+ } -+} - - static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *) - - static void name_funcs_free(NAME_FUNCS *ptr) -- { -- OPENSSL_free(ptr); -- } -+{ -+ OPENSSL_free(ptr); -+} - - void OBJ_NAME_cleanup(int type) -- { -- unsigned long down_load; -- -- if (names_lh == NULL) return; -- -- free_type=type; -- down_load=names_lh->down_load; -- names_lh->down_load=0; -- -- lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); -- if (type < 0) -- { -- lh_free(names_lh); -- sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free); -- names_lh=NULL; -- name_funcs_stack = NULL; -- } -- else -- names_lh->down_load=down_load; -- } -- -+{ -+ unsigned long down_load; -+ -+ if (names_lh == NULL) -+ return; -+ -+ free_type = type; -+ down_load = names_lh->down_load; -+ names_lh->down_load = 0; -+ -+ lh_doall(names_lh, LHASH_DOALL_FN(names_lh_free)); -+ if (type < 0) { -+ lh_free(names_lh); -+ sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); -+ names_lh = NULL; -+ name_funcs_stack = NULL; -+ } else -+ names_lh->down_load = down_load; -+} -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -index cf5ba2a..9654775 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -67,13 +67,13 @@ - - /* obj_dat.h is generated from objects.h by obj_dat.pl */ - #ifndef OPENSSL_NO_OBJECT --#include "obj_dat.h" -+# include "obj_dat.h" - #else - /* You will have to load all the objects needed manually in the application */ --#define NUM_NID 0 --#define NUM_SN 0 --#define NUM_LN 0 --#define NUM_OBJ 0 -+# define NUM_NID 0 -+# define NUM_SN 0 -+# define NUM_LN 0 -+# define NUM_OBJ 0 - static unsigned char lvalues[1]; - static ASN1_OBJECT nid_objs[1]; - static ASN1_OBJECT *sn_objs[1]; -@@ -84,708 +84,689 @@ static ASN1_OBJECT *obj_objs[1]; - static int sn_cmp(const void *a, const void *b); - static int ln_cmp(const void *a, const void *b); - static int obj_cmp(const void *a, const void *b); --#define ADDED_DATA 0 --#define ADDED_SNAME 1 --#define ADDED_LNAME 2 --#define ADDED_NID 3 -+#define ADDED_DATA 0 -+#define ADDED_SNAME 1 -+#define ADDED_LNAME 2 -+#define ADDED_NID 3 - --typedef struct added_obj_st -- { -- int type; -- ASN1_OBJECT *obj; -- } ADDED_OBJ; -+typedef struct added_obj_st { -+ int type; -+ ASN1_OBJECT *obj; -+} ADDED_OBJ; - --static int new_nid=NUM_NID; --static LHASH *added=NULL; -+static int new_nid = NUM_NID; -+static LHASH *added = NULL; - - static int sn_cmp(const void *a, const void *b) -- { -- const ASN1_OBJECT * const *ap = a, * const *bp = b; -- return(strcmp((*ap)->sn,(*bp)->sn)); -- } -+{ -+ const ASN1_OBJECT *const *ap = a, *const *bp = b; -+ return (strcmp((*ap)->sn, (*bp)->sn)); -+} - - static int ln_cmp(const void *a, const void *b) -- { -- const ASN1_OBJECT * const *ap = a, * const *bp = b; -- return(strcmp((*ap)->ln,(*bp)->ln)); -- } -+{ -+ const ASN1_OBJECT *const *ap = a, *const *bp = b; -+ return (strcmp((*ap)->ln, (*bp)->ln)); -+} - - /* static unsigned long add_hash(ADDED_OBJ *ca) */ - static unsigned long add_hash(const void *ca_void) -- { -- const ASN1_OBJECT *a; -- int i; -- unsigned long ret=0; -- unsigned char *p; -- const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; -- -- a=ca->obj; -- switch (ca->type) -- { -- case ADDED_DATA: -- ret=a->length<<20L; -- p=(unsigned char *)a->data; -- for (i=0; ilength; i++) -- ret^=p[i]<<((i*3)%24); -- break; -- case ADDED_SNAME: -- ret=lh_strhash(a->sn); -- break; -- case ADDED_LNAME: -- ret=lh_strhash(a->ln); -- break; -- case ADDED_NID: -- ret=a->nid; -- break; -- default: -- /* abort(); */ -- return 0; -- } -- ret&=0x3fffffffL; -- ret|=ca->type<<30L; -- return(ret); -- } -+{ -+ const ASN1_OBJECT *a; -+ int i; -+ unsigned long ret = 0; -+ unsigned char *p; -+ const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; -+ -+ a = ca->obj; -+ switch (ca->type) { -+ case ADDED_DATA: -+ ret = a->length << 20L; -+ p = (unsigned char *)a->data; -+ for (i = 0; i < a->length; i++) -+ ret ^= p[i] << ((i * 3) % 24); -+ break; -+ case ADDED_SNAME: -+ ret = lh_strhash(a->sn); -+ break; -+ case ADDED_LNAME: -+ ret = lh_strhash(a->ln); -+ break; -+ case ADDED_NID: -+ ret = a->nid; -+ break; -+ default: -+ /* abort(); */ -+ return 0; -+ } -+ ret &= 0x3fffffffL; -+ ret |= ca->type << 30L; -+ return (ret); -+} - - /* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */ - static int add_cmp(const void *ca_void, const void *cb_void) -- { -- ASN1_OBJECT *a,*b; -- int i; -- const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; -- const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void; -- -- i=ca->type-cb->type; -- if (i) return(i); -- a=ca->obj; -- b=cb->obj; -- switch (ca->type) -- { -- case ADDED_DATA: -- i=(a->length - b->length); -- if (i) return(i); -- return(memcmp(a->data,b->data,(size_t)a->length)); -- case ADDED_SNAME: -- if (a->sn == NULL) return(-1); -- else if (b->sn == NULL) return(1); -- else return(strcmp(a->sn,b->sn)); -- case ADDED_LNAME: -- if (a->ln == NULL) return(-1); -- else if (b->ln == NULL) return(1); -- else return(strcmp(a->ln,b->ln)); -- case ADDED_NID: -- return(a->nid-b->nid); -- default: -- /* abort(); */ -- return 0; -- } -- } -+{ -+ ASN1_OBJECT *a, *b; -+ int i; -+ const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; -+ const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void; -+ -+ i = ca->type - cb->type; -+ if (i) -+ return (i); -+ a = ca->obj; -+ b = cb->obj; -+ switch (ca->type) { -+ case ADDED_DATA: -+ i = (a->length - b->length); -+ if (i) -+ return (i); -+ return (memcmp(a->data, b->data, (size_t)a->length)); -+ case ADDED_SNAME: -+ if (a->sn == NULL) -+ return (-1); -+ else if (b->sn == NULL) -+ return (1); -+ else -+ return (strcmp(a->sn, b->sn)); -+ case ADDED_LNAME: -+ if (a->ln == NULL) -+ return (-1); -+ else if (b->ln == NULL) -+ return (1); -+ else -+ return (strcmp(a->ln, b->ln)); -+ case ADDED_NID: -+ return (a->nid - b->nid); -+ default: -+ /* abort(); */ -+ return 0; -+ } -+} - - static int init_added(void) -- { -- if (added != NULL) return(1); -- added=lh_new(add_hash,add_cmp); -- return(added != NULL); -- } -+{ -+ if (added != NULL) -+ return (1); -+ added = lh_new(add_hash, add_cmp); -+ return (added != NULL); -+} - - static void cleanup1(ADDED_OBJ *a) -- { -- a->obj->nid=0; -- a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC| -- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| -- ASN1_OBJECT_FLAG_DYNAMIC_DATA; -- } -+{ -+ a->obj->nid = 0; -+ a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC | -+ ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA; -+} - - static void cleanup2(ADDED_OBJ *a) -- { a->obj->nid++; } -+{ -+ a->obj->nid++; -+} - - static void cleanup3(ADDED_OBJ *a) -- { -- if (--a->obj->nid == 0) -- ASN1_OBJECT_free(a->obj); -- OPENSSL_free(a); -- } -+{ -+ if (--a->obj->nid == 0) -+ ASN1_OBJECT_free(a->obj); -+ OPENSSL_free(a); -+} - - static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *) - static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *) - static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *) - - void OBJ_cleanup(void) -- { -- if (added == NULL) return; -- added->down_load=0; -- lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ -- lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ -- lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ -- lh_free(added); -- added=NULL; -- } -+{ -+ if (added == NULL) -+ return; -+ added->down_load = 0; -+ lh_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */ -+ lh_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */ -+ lh_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */ -+ lh_free(added); -+ added = NULL; -+} - - int OBJ_new_nid(int num) -- { -- int i; -+{ -+ int i; - -- i=new_nid; -- new_nid+=num; -- return(i); -- } -+ i = new_nid; -+ new_nid += num; -+ return (i); -+} - - int OBJ_add_object(const ASN1_OBJECT *obj) -- { -- ASN1_OBJECT *o; -- ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop; -- int i; -- -- if (added == NULL) -- if (!init_added()) return(0); -- if ((o=OBJ_dup(obj)) == NULL) goto err; -- if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; -- if ((o->length != 0) && (obj->data != NULL)) -- if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; -- if (o->sn != NULL) -- if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; -- if (o->ln != NULL) -- if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; -- -- for (i=ADDED_DATA; i<=ADDED_NID; i++) -- { -- if (ao[i] != NULL) -- { -- ao[i]->type=i; -- ao[i]->obj=o; -- aop=(ADDED_OBJ *)lh_insert(added,ao[i]); -- /* memory leak, buit should not normally matter */ -- if (aop != NULL) -- OPENSSL_free(aop); -- } -- } -- o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| -- ASN1_OBJECT_FLAG_DYNAMIC_DATA); -- -- return(o->nid); --err2: -- OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE); --err: -- for (i=ADDED_DATA; i<=ADDED_NID; i++) -- if (ao[i] != NULL) OPENSSL_free(ao[i]); -- if (o != NULL) OPENSSL_free(o); -- return(NID_undef); -- } -+{ -+ ASN1_OBJECT *o; -+ ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop; -+ int i; -+ -+ if (added == NULL) -+ if (!init_added()) -+ return (0); -+ if ((o = OBJ_dup(obj)) == NULL) -+ goto err; -+ if (!(ao[ADDED_NID] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) -+ goto err2; -+ if ((o->length != 0) && (obj->data != NULL)) -+ if (! -+ (ao[ADDED_DATA] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) -+ goto err2; -+ if (o->sn != NULL) -+ if (! -+ (ao[ADDED_SNAME] = -+ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) -+ goto err2; -+ if (o->ln != NULL) -+ if (! -+ (ao[ADDED_LNAME] = -+ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) -+ goto err2; -+ -+ for (i = ADDED_DATA; i <= ADDED_NID; i++) { -+ if (ao[i] != NULL) { -+ ao[i]->type = i; -+ ao[i]->obj = o; -+ aop = (ADDED_OBJ *)lh_insert(added, ao[i]); -+ /* memory leak, buit should not normally matter */ -+ if (aop != NULL) -+ OPENSSL_free(aop); -+ } -+ } -+ o->flags &= -+ ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | -+ ASN1_OBJECT_FLAG_DYNAMIC_DATA); -+ -+ return (o->nid); -+ err2: -+ OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE); -+ err: -+ for (i = ADDED_DATA; i <= ADDED_NID; i++) -+ if (ao[i] != NULL) -+ OPENSSL_free(ao[i]); -+ if (o != NULL) -+ OPENSSL_free(o); -+ return (NID_undef); -+} - - ASN1_OBJECT *OBJ_nid2obj(int n) -- { -- ADDED_OBJ ad,*adp; -- ASN1_OBJECT ob; -- -- if ((n >= 0) && (n < NUM_NID)) -- { -- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) -- { -- OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); -- return(NULL); -- } -- return((ASN1_OBJECT *)&(nid_objs[n])); -- } -- else if (added == NULL) -- return(NULL); -- else -- { -- ad.type=ADDED_NID; -- ad.obj= &ob; -- ob.nid=n; -- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); -- if (adp != NULL) -- return(adp->obj); -- else -- { -- OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); -- return(NULL); -- } -- } -- } -+{ -+ ADDED_OBJ ad, *adp; -+ ASN1_OBJECT ob; -+ -+ if ((n >= 0) && (n < NUM_NID)) { -+ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { -+ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ return ((ASN1_OBJECT *)&(nid_objs[n])); -+ } else if (added == NULL) -+ return (NULL); -+ else { -+ ad.type = ADDED_NID; -+ ad.obj = &ob; -+ ob.nid = n; -+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); -+ if (adp != NULL) -+ return (adp->obj); -+ else { -+ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ } -+} - - const char *OBJ_nid2sn(int n) -- { -- ADDED_OBJ ad,*adp; -- ASN1_OBJECT ob; -- -- if ((n >= 0) && (n < NUM_NID)) -- { -- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) -- { -- OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); -- return(NULL); -- } -- return(nid_objs[n].sn); -- } -- else if (added == NULL) -- return(NULL); -- else -- { -- ad.type=ADDED_NID; -- ad.obj= &ob; -- ob.nid=n; -- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); -- if (adp != NULL) -- return(adp->obj->sn); -- else -- { -- OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); -- return(NULL); -- } -- } -- } -+{ -+ ADDED_OBJ ad, *adp; -+ ASN1_OBJECT ob; -+ -+ if ((n >= 0) && (n < NUM_NID)) { -+ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { -+ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ return (nid_objs[n].sn); -+ } else if (added == NULL) -+ return (NULL); -+ else { -+ ad.type = ADDED_NID; -+ ad.obj = &ob; -+ ob.nid = n; -+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); -+ if (adp != NULL) -+ return (adp->obj->sn); -+ else { -+ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ } -+} - - const char *OBJ_nid2ln(int n) -- { -- ADDED_OBJ ad,*adp; -- ASN1_OBJECT ob; -- -- if ((n >= 0) && (n < NUM_NID)) -- { -- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) -- { -- OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); -- return(NULL); -- } -- return(nid_objs[n].ln); -- } -- else if (added == NULL) -- return(NULL); -- else -- { -- ad.type=ADDED_NID; -- ad.obj= &ob; -- ob.nid=n; -- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); -- if (adp != NULL) -- return(adp->obj->ln); -- else -- { -- OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); -- return(NULL); -- } -- } -- } -+{ -+ ADDED_OBJ ad, *adp; -+ ASN1_OBJECT ob; -+ -+ if ((n >= 0) && (n < NUM_NID)) { -+ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { -+ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ return (nid_objs[n].ln); -+ } else if (added == NULL) -+ return (NULL); -+ else { -+ ad.type = ADDED_NID; -+ ad.obj = &ob; -+ ob.nid = n; -+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); -+ if (adp != NULL) -+ return (adp->obj->ln); -+ else { -+ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ } -+} - - int OBJ_obj2nid(const ASN1_OBJECT *a) -- { -- ASN1_OBJECT **op; -- ADDED_OBJ ad,*adp; -- -- if (a == NULL) -- return(NID_undef); -- if (a->nid != 0) -- return(a->nid); -- -- if (added != NULL) -- { -- ad.type=ADDED_DATA; -- ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ -- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); -- if (adp != NULL) return (adp->obj->nid); -- } -- op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs, -- NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp); -- if (op == NULL) -- return(NID_undef); -- return((*op)->nid); -- } -- --/* Convert an object name into an ASN1_OBJECT -- * if "noname" is not set then search for short and long names first. -- * This will convert the "dotted" form into an object: unlike OBJ_txt2nid -- * it can be used with any objects, not just registered ones. -+{ -+ ASN1_OBJECT **op; -+ ADDED_OBJ ad, *adp; -+ -+ if (a == NULL) -+ return (NID_undef); -+ if (a->nid != 0) -+ return (a->nid); -+ -+ if (added != NULL) { -+ ad.type = ADDED_DATA; -+ ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ -+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); -+ if (adp != NULL) -+ return (adp->obj->nid); -+ } -+ op = (ASN1_OBJECT **)OBJ_bsearch((const char *)&a, (const char *)obj_objs, -+ NUM_OBJ, sizeof(ASN1_OBJECT *), obj_cmp); -+ if (op == NULL) -+ return (NID_undef); -+ return ((*op)->nid); -+} -+ -+/* -+ * Convert an object name into an ASN1_OBJECT if "noname" is not set then -+ * search for short and long names first. This will convert the "dotted" form -+ * into an object: unlike OBJ_txt2nid it can be used with any objects, not -+ * just registered ones. - */ - - ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) -- { -- int nid = NID_undef; -- ASN1_OBJECT *op=NULL; -- unsigned char *buf; -- unsigned char *p; -- const unsigned char *cp; -- int i, j; -- -- if(!no_name) { -- if( ((nid = OBJ_sn2nid(s)) != NID_undef) || -- ((nid = OBJ_ln2nid(s)) != NID_undef) ) -- return OBJ_nid2obj(nid); -- } -- -- /* Work out size of content octets */ -- i=a2d_ASN1_OBJECT(NULL,0,s,-1); -- if (i <= 0) { -- /* Don't clear the error */ -- /*ERR_clear_error();*/ -- return NULL; -- } -- /* Work out total size */ -- j = ASN1_object_size(0,i,V_ASN1_OBJECT); -- -- if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL; -- -- p = buf; -- /* Write out tag+length */ -- ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); -- /* Write out contents */ -- a2d_ASN1_OBJECT(p,i,s,-1); -- -- cp=buf; -- op=d2i_ASN1_OBJECT(NULL,&cp,j); -- OPENSSL_free(buf); -- return op; -- } -+{ -+ int nid = NID_undef; -+ ASN1_OBJECT *op = NULL; -+ unsigned char *buf; -+ unsigned char *p; -+ const unsigned char *cp; -+ int i, j; -+ -+ if (!no_name) { -+ if (((nid = OBJ_sn2nid(s)) != NID_undef) || -+ ((nid = OBJ_ln2nid(s)) != NID_undef)) -+ return OBJ_nid2obj(nid); -+ } -+ -+ /* Work out size of content octets */ -+ i = a2d_ASN1_OBJECT(NULL, 0, s, -1); -+ if (i <= 0) { -+ /* Don't clear the error */ -+ /* -+ * ERR_clear_error(); -+ */ -+ return NULL; -+ } -+ /* Work out total size */ -+ j = ASN1_object_size(0, i, V_ASN1_OBJECT); -+ -+ if ((buf = (unsigned char *)OPENSSL_malloc(j)) == NULL) -+ return NULL; -+ -+ p = buf; -+ /* Write out tag+length */ -+ ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); -+ /* Write out contents */ -+ a2d_ASN1_OBJECT(p, i, s, -1); -+ -+ cp = buf; -+ op = d2i_ASN1_OBJECT(NULL, &cp, j); -+ OPENSSL_free(buf); -+ return op; -+} - - int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - { -- int i,n=0,len,nid, first, use_bn; -- BIGNUM *bl; -- unsigned long l; -- unsigned char *p; -- char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; -- -- /* Ensure that, at every state, |buf| is NUL-terminated. */ -- if (buf && buf_len > 0) -- buf[0] = '\0'; -- -- if ((a == NULL) || (a->data == NULL)) -- return(0); -- -- if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) -- { -- const char *s; -- s=OBJ_nid2ln(nid); -- if (s == NULL) -- s=OBJ_nid2sn(nid); -- if (s) -- { -- if (buf) -- BUF_strlcpy(buf,s,buf_len); -- n=strlen(s); -- return n; -- } -- } -- -- -- len=a->length; -- p=a->data; -- -- first = 1; -- bl = NULL; -- -- while (len > 0) -- { -- l=0; -- use_bn = 0; -- for (;;) -- { -- unsigned char c = *p++; -- len--; -- if ((len == 0) && (c & 0x80)) -- goto err; -- if (use_bn) -- { -- if (!BN_add_word(bl, c & 0x7f)) -- goto err; -- } -- else -- l |= c & 0x7f; -- if (!(c & 0x80)) -- break; -- if (!use_bn && (l > (ULONG_MAX >> 7L))) -- { -- if (!bl && !(bl = BN_new())) -- goto err; -- if (!BN_set_word(bl, l)) -- goto err; -- use_bn = 1; -- } -- if (use_bn) -- { -- if (!BN_lshift(bl, bl, 7)) -- goto err; -- } -- else -- l<<=7L; -- } -- -- if (first) -- { -- first = 0; -- if (l >= 80) -- { -- i = 2; -- if (use_bn) -- { -- if (!BN_sub_word(bl, 80)) -- goto err; -- } -- else -- l -= 80; -- } -- else -- { -- i=(int)(l/40); -- l-=(long)(i*40); -- } -- if (buf && (buf_len > 1)) -- { -- *buf++ = i + '0'; -- *buf = '\0'; -- buf_len--; -- } -- n++; -- } -- -- if (use_bn) -- { -- char *bndec; -- bndec = BN_bn2dec(bl); -- if (!bndec) -- goto err; -- i = strlen(bndec); -- if (buf) -- { -- if (buf_len > 1) -- { -- *buf++ = '.'; -- *buf = '\0'; -- buf_len--; -- } -- BUF_strlcpy(buf,bndec,buf_len); -- if (i > buf_len) -- { -- buf += buf_len; -- buf_len = 0; -- } -- else -- { -- buf+=i; -- buf_len-=i; -- } -- } -- n++; -- n += i; -- OPENSSL_free(bndec); -- } -- else -- { -- BIO_snprintf(tbuf,sizeof tbuf,".%lu",l); -- i=strlen(tbuf); -- if (buf && (buf_len > 0)) -- { -- BUF_strlcpy(buf,tbuf,buf_len); -- if (i > buf_len) -- { -- buf += buf_len; -- buf_len = 0; -- } -- else -- { -- buf+=i; -- buf_len-=i; -- } -- } -- n+=i; -- l=0; -- } -- } -- -- if (bl) -- BN_free(bl); -- return n; -- -- err: -- if (bl) -- BN_free(bl); -- return -1; -+ int i, n = 0, len, nid, first, use_bn; -+ BIGNUM *bl; -+ unsigned long l; -+ unsigned char *p; -+ char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2]; -+ -+ /* Ensure that, at every state, |buf| is NUL-terminated. */ -+ if (buf && buf_len > 0) -+ buf[0] = '\0'; -+ -+ if ((a == NULL) || (a->data == NULL)) -+ return (0); -+ -+ if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) { -+ const char *s; -+ s = OBJ_nid2ln(nid); -+ if (s == NULL) -+ s = OBJ_nid2sn(nid); -+ if (s) { -+ if (buf) -+ BUF_strlcpy(buf, s, buf_len); -+ n = strlen(s); -+ return n; -+ } -+ } -+ -+ len = a->length; -+ p = a->data; -+ -+ first = 1; -+ bl = NULL; -+ -+ while (len > 0) { -+ l = 0; -+ use_bn = 0; -+ for (;;) { -+ unsigned char c = *p++; -+ len--; -+ if ((len == 0) && (c & 0x80)) -+ goto err; -+ if (use_bn) { -+ if (!BN_add_word(bl, c & 0x7f)) -+ goto err; -+ } else -+ l |= c & 0x7f; -+ if (!(c & 0x80)) -+ break; -+ if (!use_bn && (l > (ULONG_MAX >> 7L))) { -+ if (!bl && !(bl = BN_new())) -+ goto err; -+ if (!BN_set_word(bl, l)) -+ goto err; -+ use_bn = 1; -+ } -+ if (use_bn) { -+ if (!BN_lshift(bl, bl, 7)) -+ goto err; -+ } else -+ l <<= 7L; -+ } -+ -+ if (first) { -+ first = 0; -+ if (l >= 80) { -+ i = 2; -+ if (use_bn) { -+ if (!BN_sub_word(bl, 80)) -+ goto err; -+ } else -+ l -= 80; -+ } else { -+ i = (int)(l / 40); -+ l -= (long)(i * 40); -+ } -+ if (buf && (buf_len > 1)) { -+ *buf++ = i + '0'; -+ *buf = '\0'; -+ buf_len--; -+ } -+ n++; -+ } -+ -+ if (use_bn) { -+ char *bndec; -+ bndec = BN_bn2dec(bl); -+ if (!bndec) -+ goto err; -+ i = strlen(bndec); -+ if (buf) { -+ if (buf_len > 1) { -+ *buf++ = '.'; -+ *buf = '\0'; -+ buf_len--; -+ } -+ BUF_strlcpy(buf, bndec, buf_len); -+ if (i > buf_len) { -+ buf += buf_len; -+ buf_len = 0; -+ } else { -+ buf += i; -+ buf_len -= i; -+ } -+ } -+ n++; -+ n += i; -+ OPENSSL_free(bndec); -+ } else { -+ BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); -+ i = strlen(tbuf); -+ if (buf && (buf_len > 0)) { -+ BUF_strlcpy(buf, tbuf, buf_len); -+ if (i > buf_len) { -+ buf += buf_len; -+ buf_len = 0; -+ } else { -+ buf += i; -+ buf_len -= i; -+ } -+ } -+ n += i; -+ l = 0; -+ } -+ } -+ -+ if (bl) -+ BN_free(bl); -+ return n; -+ -+ err: -+ if (bl) -+ BN_free(bl); -+ return -1; - } - - int OBJ_txt2nid(const char *s) - { -- ASN1_OBJECT *obj; -- int nid; -- obj = OBJ_txt2obj(s, 0); -- nid = OBJ_obj2nid(obj); -- ASN1_OBJECT_free(obj); -- return nid; -+ ASN1_OBJECT *obj; -+ int nid; -+ obj = OBJ_txt2obj(s, 0); -+ nid = OBJ_obj2nid(obj); -+ ASN1_OBJECT_free(obj); -+ return nid; - } - - int OBJ_ln2nid(const char *s) -- { -- ASN1_OBJECT o,*oo= &o,**op; -- ADDED_OBJ ad,*adp; -- -- o.ln=s; -- if (added != NULL) -- { -- ad.type=ADDED_LNAME; -- ad.obj= &o; -- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); -- if (adp != NULL) return (adp->obj->nid); -- } -- op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN, -- sizeof(ASN1_OBJECT *),ln_cmp); -- if (op == NULL) return(NID_undef); -- return((*op)->nid); -- } -+{ -+ ASN1_OBJECT o, *oo = &o, **op; -+ ADDED_OBJ ad, *adp; -+ -+ o.ln = s; -+ if (added != NULL) { -+ ad.type = ADDED_LNAME; -+ ad.obj = &o; -+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); -+ if (adp != NULL) -+ return (adp->obj->nid); -+ } -+ op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)ln_objs, NUM_LN, -+ sizeof(ASN1_OBJECT *), ln_cmp); -+ if (op == NULL) -+ return (NID_undef); -+ return ((*op)->nid); -+} - - int OBJ_sn2nid(const char *s) -- { -- ASN1_OBJECT o,*oo= &o,**op; -- ADDED_OBJ ad,*adp; -- -- o.sn=s; -- if (added != NULL) -- { -- ad.type=ADDED_SNAME; -- ad.obj= &o; -- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); -- if (adp != NULL) return (adp->obj->nid); -- } -- op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, -- sizeof(ASN1_OBJECT *),sn_cmp); -- if (op == NULL) return(NID_undef); -- return((*op)->nid); -- } -+{ -+ ASN1_OBJECT o, *oo = &o, **op; -+ ADDED_OBJ ad, *adp; -+ -+ o.sn = s; -+ if (added != NULL) { -+ ad.type = ADDED_SNAME; -+ ad.obj = &o; -+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); -+ if (adp != NULL) -+ return (adp->obj->nid); -+ } -+ op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)sn_objs, NUM_SN, -+ sizeof(ASN1_OBJECT *), sn_cmp); -+ if (op == NULL) -+ return (NID_undef); -+ return ((*op)->nid); -+} - - static int obj_cmp(const void *ap, const void *bp) -- { -- int j; -- const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap; -- const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp; -- -- j=(a->length - b->length); -- if (j) return(j); -- return(memcmp(a->data,b->data,a->length)); -- } -+{ -+ int j; -+ const ASN1_OBJECT *a = *(ASN1_OBJECT *const *)ap; -+ const ASN1_OBJECT *b = *(ASN1_OBJECT *const *)bp; -+ -+ j = (a->length - b->length); -+ if (j) -+ return (j); -+ return (memcmp(a->data, b->data, a->length)); -+} - - const char *OBJ_bsearch(const char *key, const char *base, int num, int size, -- int (*cmp)(const void *, const void *)) -- { -- return OBJ_bsearch_ex(key, base, num, size, cmp, 0); -- } -+ int (*cmp) (const void *, const void *)) -+{ -+ return OBJ_bsearch_ex(key, base, num, size, cmp, 0); -+} - - const char *OBJ_bsearch_ex(const char *key, const char *base, int num, -- int size, int (*cmp)(const void *, const void *), int flags) -- { -- int l,h,i=0,c=0; -- const char *p = NULL; -- -- if (num == 0) return(NULL); -- l=0; -- h=num; -- while (l < h) -- { -- i=(l+h)/2; -- p= &(base[i*size]); -- c=(*cmp)(key,p); -- if (c < 0) -- h=i; -- else if (c > 0) -- l=i+1; -- else -- break; -- } -+ int size, int (*cmp) (const void *, const void *), -+ int flags) -+{ -+ int l, h, i = 0, c = 0; -+ const char *p = NULL; -+ -+ if (num == 0) -+ return (NULL); -+ l = 0; -+ h = num; -+ while (l < h) { -+ i = (l + h) / 2; -+ p = &(base[i * size]); -+ c = (*cmp) (key, p); -+ if (c < 0) -+ h = i; -+ else if (c > 0) -+ l = i + 1; -+ else -+ break; -+ } - #ifdef CHARSET_EBCDIC --/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and -- * I don't have perl (yet), we revert to a *LINEAR* search -- * when the object wasn't found in the binary search. -- */ -- if (c != 0) -- { -- for (i=0; i 0 && (*cmp)(key,&(base[(i-1)*size])) == 0) -- i--; -- p = &(base[i*size]); -- } -- return(p); -- } -+ if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)) -+ p = NULL; -+ else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) { -+ while (i > 0 && (*cmp) (key, &(base[(i - 1) * size])) == 0) -+ i--; -+ p = &(base[i * size]); -+ } -+ return (p); -+} - - int OBJ_create_objects(BIO *in) -- { -- MS_STATIC char buf[512]; -- int i,num=0; -- char *o,*s,*l=NULL; -- -- for (;;) -- { -- s=o=NULL; -- i=BIO_gets(in,buf,512); -- if (i <= 0) return(num); -- buf[i-1]='\0'; -- if (!isalnum((unsigned char)buf[0])) return(num); -- o=s=buf; -- while (isdigit((unsigned char)*s) || (*s == '.')) -- s++; -- if (*s != '\0') -- { -- *(s++)='\0'; -- while (isspace((unsigned char)*s)) -- s++; -- if (*s == '\0') -- s=NULL; -- else -- { -- l=s; -- while ((*l != '\0') && !isspace((unsigned char)*l)) -- l++; -- if (*l != '\0') -- { -- *(l++)='\0'; -- while (isspace((unsigned char)*l)) -- l++; -- if (*l == '\0') l=NULL; -- } -- else -- l=NULL; -- } -- } -- else -- s=NULL; -- if ((o == NULL) || (*o == '\0')) return(num); -- if (!OBJ_create(o,s,l)) return(num); -- num++; -- } -- /* return(num); */ -- } -+{ -+ MS_STATIC char buf[512]; -+ int i, num = 0; -+ char *o, *s, *l = NULL; -+ -+ for (;;) { -+ s = o = NULL; -+ i = BIO_gets(in, buf, 512); -+ if (i <= 0) -+ return (num); -+ buf[i - 1] = '\0'; -+ if (!isalnum((unsigned char)buf[0])) -+ return (num); -+ o = s = buf; -+ while (isdigit((unsigned char)*s) || (*s == '.')) -+ s++; -+ if (*s != '\0') { -+ *(s++) = '\0'; -+ while (isspace((unsigned char)*s)) -+ s++; -+ if (*s == '\0') -+ s = NULL; -+ else { -+ l = s; -+ while ((*l != '\0') && !isspace((unsigned char)*l)) -+ l++; -+ if (*l != '\0') { -+ *(l++) = '\0'; -+ while (isspace((unsigned char)*l)) -+ l++; -+ if (*l == '\0') -+ l = NULL; -+ } else -+ l = NULL; -+ } -+ } else -+ s = NULL; -+ if ((o == NULL) || (*o == '\0')) -+ return (num); -+ if (!OBJ_create(o, s, l)) -+ return (num); -+ num++; -+ } -+ /* return(num); */ -+} - - int OBJ_create(const char *oid, const char *sn, const char *ln) -- { -- int ok=0; -- ASN1_OBJECT *op=NULL; -- unsigned char *buf; -- int i; -- -- i=a2d_ASN1_OBJECT(NULL,0,oid,-1); -- if (i <= 0) return(0); -- -- if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL) -- { -- OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- i=a2d_ASN1_OBJECT(buf,i,oid,-1); -- if (i == 0) -- goto err; -- op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); -- if (op == NULL) -- goto err; -- ok=OBJ_add_object(op); --err: -- ASN1_OBJECT_free(op); -- OPENSSL_free(buf); -- return(ok); -- } -+{ -+ int ok = 0; -+ ASN1_OBJECT *op = NULL; -+ unsigned char *buf; -+ int i; -+ -+ i = a2d_ASN1_OBJECT(NULL, 0, oid, -1); -+ if (i <= 0) -+ return (0); -+ -+ if ((buf = (unsigned char *)OPENSSL_malloc(i)) == NULL) { -+ OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ i = a2d_ASN1_OBJECT(buf, i, oid, -1); -+ if (i == 0) -+ goto err; -+ op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln); -+ if (op == NULL) -+ goto err; -+ ok = OBJ_add_object(op); -+ err: -+ ASN1_OBJECT_free(op); -+ OPENSSL_free(buf); -+ return (ok); -+} -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c -index 12b4885..75321ec 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_err.c -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,38 +66,35 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason) - --static ERR_STRING_DATA OBJ_str_functs[]= -- { --{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"}, --{ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"}, --{ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"}, --{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"}, --{ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"}, --{ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"}, --{ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"}, --{0,NULL} -- }; -+static ERR_STRING_DATA OBJ_str_functs[] = { -+ {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"}, -+ {ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"}, -+ {ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"}, -+ {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"}, -+ {ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"}, -+ {ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"}, -+ {ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA OBJ_str_reasons[]= -- { --{ERR_REASON(OBJ_R_MALLOC_FAILURE) ,"malloc failure"}, --{ERR_REASON(OBJ_R_UNKNOWN_NID) ,"unknown nid"}, --{0,NULL} -- }; -+static ERR_STRING_DATA OBJ_str_reasons[] = { -+ {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"}, -+ {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_OBJ_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,OBJ_str_functs); -- ERR_load_strings(0,OBJ_str_reasons); -- } -+ if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, OBJ_str_functs); -+ ERR_load_strings(0, OBJ_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c -index 706fa0b..0687602 100644 ---- a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c -+++ b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,66 +63,69 @@ - #include - - ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) -- { -- ASN1_OBJECT *r; -- int i; -- char *ln=NULL; -+{ -+ ASN1_OBJECT *r; -+ int i; -+ char *ln = NULL; - -- if (o == NULL) return(NULL); -- if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) -- return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of -- duplication is this??? */ -+ if (o == NULL) -+ return (NULL); -+ if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) -+ return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication -+ * is this??? */ - -- r=ASN1_OBJECT_new(); -- if (r == NULL) -- { -- OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB); -- return(NULL); -- } -- r->data=OPENSSL_malloc(o->length); -- if (r->data == NULL) -- goto err; -- if (o->data != NULL) -- memcpy(r->data,o->data,o->length); -- r->length=o->length; -- r->nid=o->nid; -- r->ln=r->sn=NULL; -- if (o->ln != NULL) -- { -- i=strlen(o->ln)+1; -- r->ln=ln=OPENSSL_malloc(i); -- if (r->ln == NULL) goto err; -- memcpy(ln,o->ln,i); -- } -+ r = ASN1_OBJECT_new(); -+ if (r == NULL) { -+ OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB); -+ return (NULL); -+ } -+ r->data = OPENSSL_malloc(o->length); -+ if (r->data == NULL) -+ goto err; -+ if (o->data != NULL) -+ memcpy(r->data, o->data, o->length); -+ r->length = o->length; -+ r->nid = o->nid; -+ r->ln = r->sn = NULL; -+ if (o->ln != NULL) { -+ i = strlen(o->ln) + 1; -+ r->ln = ln = OPENSSL_malloc(i); -+ if (r->ln == NULL) -+ goto err; -+ memcpy(ln, o->ln, i); -+ } - -- if (o->sn != NULL) -- { -- char *s; -+ if (o->sn != NULL) { -+ char *s; - -- i=strlen(o->sn)+1; -- r->sn=s=OPENSSL_malloc(i); -- if (r->sn == NULL) goto err; -- memcpy(s,o->sn,i); -- } -- r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC| -- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA); -- return(r); --err: -- OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); -- if (r != NULL) -- { -- if (ln != NULL) OPENSSL_free(ln); -- if (r->data != NULL) OPENSSL_free(r->data); -- OPENSSL_free(r); -- } -- return(NULL); -- } -+ i = strlen(o->sn) + 1; -+ r->sn = s = OPENSSL_malloc(i); -+ if (r->sn == NULL) -+ goto err; -+ memcpy(s, o->sn, i); -+ } -+ r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | -+ ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | -+ ASN1_OBJECT_FLAG_DYNAMIC_DATA); -+ return (r); -+ err: -+ OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE); -+ if (r != NULL) { -+ if (ln != NULL) -+ OPENSSL_free(ln); -+ if (r->data != NULL) -+ OPENSSL_free(r->data); -+ OPENSSL_free(r); -+ } -+ return (NULL); -+} - - int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) -- { -- int ret; -+{ -+ int ret; - -- ret=(a->length-b->length); -- if (ret) return(ret); -- return(memcmp(a->data,b->data,a->length)); -- } -+ ret = (a->length - b->length); -+ if (ret) -+ return (ret); -+ return (memcmp(a->data, b->data, a->length)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c -index bfe892a..e2e52e7 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c -@@ -1,6 +1,7 @@ - /* ocsp_asn.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,41 +61,41 @@ - #include - - ASN1_SEQUENCE(OCSP_SIGNATURE) = { -- ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), -- ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), -- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) -+ ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), -+ ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), -+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) - } ASN1_SEQUENCE_END(OCSP_SIGNATURE) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) - - ASN1_SEQUENCE(OCSP_CERTID) = { -- ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR), -- ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), -- ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), -- ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) -+ ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR), -+ ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), -+ ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) - } ASN1_SEQUENCE_END(OCSP_CERTID) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) - - ASN1_SEQUENCE(OCSP_ONEREQ) = { -- ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID), -- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0) -+ ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID), -+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0) - } ASN1_SEQUENCE_END(OCSP_ONEREQ) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ) - - ASN1_SEQUENCE(OCSP_REQINFO) = { -- ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0), -- ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1), -- ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ), -- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2) -+ ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0), -+ ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1), -+ ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ), -+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2) - } ASN1_SEQUENCE_END(OCSP_REQINFO) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO) - - ASN1_SEQUENCE(OCSP_REQUEST) = { -- ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), -- ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) -+ ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), -+ ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) - } ASN1_SEQUENCE_END(OCSP_REQUEST) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) -@@ -102,81 +103,81 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) - /* OCSP_RESPONSE templates */ - - ASN1_SEQUENCE(OCSP_RESPBYTES) = { -- ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), -- ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) -+ ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), -+ ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) - } ASN1_SEQUENCE_END(OCSP_RESPBYTES) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) - - ASN1_SEQUENCE(OCSP_RESPONSE) = { -- ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED), -- ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0) -+ ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED), -+ ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0) - } ASN1_SEQUENCE_END(OCSP_RESPONSE) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) - - ASN1_CHOICE(OCSP_RESPID) = { -- ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), -- ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) -+ ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), -+ ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) - } ASN1_CHOICE_END(OCSP_RESPID) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) - - ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { -- ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), -- ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) -+ ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), -+ ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) - } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) - - ASN1_CHOICE(OCSP_CERTSTATUS) = { -- ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0), -- ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1), -- ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2) -+ ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0), -+ ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1), -+ ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2) - } ASN1_CHOICE_END(OCSP_CERTSTATUS) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) - - ASN1_SEQUENCE(OCSP_SINGLERESP) = { -- ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), -- ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), -- ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), -- ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), -- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) -+ ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), -+ ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), -+ ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), -+ ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), -+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) - } ASN1_SEQUENCE_END(OCSP_SINGLERESP) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) - - ASN1_SEQUENCE(OCSP_RESPDATA) = { -- ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), -- ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), -- ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), -- ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), -- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) -+ ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), -+ ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), -+ ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), -+ ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), -+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) - } ASN1_SEQUENCE_END(OCSP_RESPDATA) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) - - ASN1_SEQUENCE(OCSP_BASICRESP) = { -- ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), -- ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), -- ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), -- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) -+ ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), -+ ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), -+ ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), -+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) - } ASN1_SEQUENCE_END(OCSP_BASICRESP) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) - - ASN1_SEQUENCE(OCSP_CRLID) = { -- ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), -- ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), -- ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) -+ ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), -+ ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), -+ ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) - } ASN1_SEQUENCE_END(OCSP_CRLID) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) - - ASN1_SEQUENCE(OCSP_SERVICELOC) = { -- ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME), -- ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION) -+ ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME), -+ ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION) - } ASN1_SEQUENCE_END(OCSP_SERVICELOC) - - IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC) -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c -index 17bab5f..bbb1830 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c -@@ -1,11 +1,14 @@ - /* ocsp_cl.c */ --/* Written by Tom Titchener for the OpenSSL -- * project. */ -+/* -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ - --/* History: -- This file was transfered to Richard Levitte from CertCo by Kathy -- Weinhold in mid-spring 2000 to be included in OpenSSL or released -- as a patch kit. */ -+/* -+ * History: This file was transfered to Richard Levitte from CertCo by Kathy -+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a -+ * patch kit. -+ */ - - /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -@@ -15,7 +18,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -71,302 +74,312 @@ - #include - #include - --/* Utility functions related to sending OCSP requests and extracting -- * relevant information from the response. -+/* -+ * Utility functions related to sending OCSP requests and extracting relevant -+ * information from the response. - */ - --/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ -- * pointer: useful if we want to add extensions. -+/* -+ * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer: -+ * useful if we want to add extensions. - */ - - OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) -- { -- OCSP_ONEREQ *one = NULL; -- -- if (!(one = OCSP_ONEREQ_new())) goto err; -- if (one->reqCert) OCSP_CERTID_free(one->reqCert); -- one->reqCert = cid; -- if (req && -- !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) -- goto err; -- return one; --err: -- OCSP_ONEREQ_free(one); -- return NULL; -- } -+{ -+ OCSP_ONEREQ *one = NULL; -+ -+ if (!(one = OCSP_ONEREQ_new())) -+ goto err; -+ if (one->reqCert) -+ OCSP_CERTID_free(one->reqCert); -+ one->reqCert = cid; -+ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) -+ goto err; -+ return one; -+ err: -+ OCSP_ONEREQ_free(one); -+ return NULL; -+} - - /* Set requestorName from an X509_NAME structure */ - - int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) -- { -- GENERAL_NAME *gen; -- gen = GENERAL_NAME_new(); -- if (gen == NULL) -- return 0; -- if (!X509_NAME_set(&gen->d.directoryName, nm)) -- { -- GENERAL_NAME_free(gen); -- return 0; -- } -- gen->type = GEN_DIRNAME; -- if (req->tbsRequest->requestorName) -- GENERAL_NAME_free(req->tbsRequest->requestorName); -- req->tbsRequest->requestorName = gen; -- return 1; -- } -- -+{ -+ GENERAL_NAME *gen; -+ gen = GENERAL_NAME_new(); -+ if (gen == NULL) -+ return 0; -+ if (!X509_NAME_set(&gen->d.directoryName, nm)) { -+ GENERAL_NAME_free(gen); -+ return 0; -+ } -+ gen->type = GEN_DIRNAME; -+ if (req->tbsRequest->requestorName) -+ GENERAL_NAME_free(req->tbsRequest->requestorName); -+ req->tbsRequest->requestorName = gen; -+ return 1; -+} - - /* Add a certificate to an OCSP request */ - - int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) -- { -- OCSP_SIGNATURE *sig; -- if (!req->optionalSignature) -- req->optionalSignature = OCSP_SIGNATURE_new(); -- sig = req->optionalSignature; -- if (!sig) return 0; -- if (!cert) return 1; -- if (!sig->certs && !(sig->certs = sk_X509_new_null())) -- return 0; -- -- if(!sk_X509_push(sig->certs, cert)) return 0; -- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); -- return 1; -- } -- --/* Sign an OCSP request set the requestorName to the subjec -- * name of an optional signers certificate and include one -- * or more optional certificates in the request. Behaves -- * like PKCS7_sign(). -+{ -+ OCSP_SIGNATURE *sig; -+ if (!req->optionalSignature) -+ req->optionalSignature = OCSP_SIGNATURE_new(); -+ sig = req->optionalSignature; -+ if (!sig) -+ return 0; -+ if (!cert) -+ return 1; -+ if (!sig->certs && !(sig->certs = sk_X509_new_null())) -+ return 0; -+ -+ if (!sk_X509_push(sig->certs, cert)) -+ return 0; -+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); -+ return 1; -+} -+ -+/* -+ * Sign an OCSP request set the requestorName to the subjec name of an -+ * optional signers certificate and include one or more optional certificates -+ * in the request. Behaves like PKCS7_sign(). - */ - --int OCSP_request_sign(OCSP_REQUEST *req, -- X509 *signer, -- EVP_PKEY *key, -- const EVP_MD *dgst, -- STACK_OF(X509) *certs, -- unsigned long flags) -- { -- int i; -- OCSP_SIGNATURE *sig; -- X509 *x; -- -- if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) -- goto err; -- -- if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err; -- if (!dgst) dgst = EVP_sha1(); -- if (key) -- { -- if (!X509_check_private_key(signer, key)) -- { -- OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); -- goto err; -- } -- if (!OCSP_REQUEST_sign(req, key, dgst)) goto err; -- } -- -- if (!(flags & OCSP_NOCERTS)) -- { -- if(!OCSP_request_add1_cert(req, signer)) goto err; -- for (i = 0; i < sk_X509_num(certs); i++) -- { -- x = sk_X509_value(certs, i); -- if (!OCSP_request_add1_cert(req, x)) goto err; -- } -- } -- -- return 1; --err: -- OCSP_SIGNATURE_free(req->optionalSignature); -- req->optionalSignature = NULL; -- return 0; -- } -+int OCSP_request_sign(OCSP_REQUEST *req, -+ X509 *signer, -+ EVP_PKEY *key, -+ const EVP_MD *dgst, -+ STACK_OF(X509) *certs, unsigned long flags) -+{ -+ int i; -+ OCSP_SIGNATURE *sig; -+ X509 *x; -+ -+ if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) -+ goto err; -+ -+ if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) -+ goto err; -+ if (!dgst) -+ dgst = EVP_sha1(); -+ if (key) { -+ if (!X509_check_private_key(signer, key)) { -+ OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, -+ OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); -+ goto err; -+ } -+ if (!OCSP_REQUEST_sign(req, key, dgst)) -+ goto err; -+ } -+ -+ if (!(flags & OCSP_NOCERTS)) { -+ if (!OCSP_request_add1_cert(req, signer)) -+ goto err; -+ for (i = 0; i < sk_X509_num(certs); i++) { -+ x = sk_X509_value(certs, i); -+ if (!OCSP_request_add1_cert(req, x)) -+ goto err; -+ } -+ } -+ -+ return 1; -+ err: -+ OCSP_SIGNATURE_free(req->optionalSignature); -+ req->optionalSignature = NULL; -+ return 0; -+} - - /* Get response status */ - - int OCSP_response_status(OCSP_RESPONSE *resp) -- { -- return ASN1_ENUMERATED_get(resp->responseStatus); -- } -+{ -+ return ASN1_ENUMERATED_get(resp->responseStatus); -+} - --/* Extract basic response from OCSP_RESPONSE or NULL if -- * no basic response present. -+/* -+ * Extract basic response from OCSP_RESPONSE or NULL if no basic response -+ * present. - */ -- - - OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) -- { -- OCSP_RESPBYTES *rb; -- rb = resp->responseBytes; -- if (!rb) -- { -- OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA); -- return NULL; -- } -- if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) -- { -- OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE); -- return NULL; -- } -- -- return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); -- } -- --/* Return number of OCSP_SINGLERESP reponses present in -- * a basic response. -+{ -+ OCSP_RESPBYTES *rb; -+ rb = resp->responseBytes; -+ if (!rb) { -+ OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA); -+ return NULL; -+ } -+ if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { -+ OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE); -+ return NULL; -+ } -+ -+ return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); -+} -+ -+/* -+ * Return number of OCSP_SINGLERESP reponses present in a basic response. - */ - - int OCSP_resp_count(OCSP_BASICRESP *bs) -- { -- if (!bs) return -1; -- return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses); -- } -+{ -+ if (!bs) -+ return -1; -+ return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses); -+} - - /* Extract an OCSP_SINGLERESP response with a given index */ - - OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) -- { -- if (!bs) return NULL; -- return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); -- } -+{ -+ if (!bs) -+ return NULL; -+ return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); -+} - - /* Look single response matching a given certificate ID */ - - int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) -- { -- int i; -- STACK_OF(OCSP_SINGLERESP) *sresp; -- OCSP_SINGLERESP *single; -- if (!bs) return -1; -- if (last < 0) last = 0; -- else last++; -- sresp = bs->tbsResponseData->responses; -- for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) -- { -- single = sk_OCSP_SINGLERESP_value(sresp, i); -- if (!OCSP_id_cmp(id, single->certId)) return i; -- } -- return -1; -- } -- --/* Extract status information from an OCSP_SINGLERESP structure. -- * Note: the revtime and reason values are only set if the -- * certificate status is revoked. Returns numerical value of -- * status. -+{ -+ int i; -+ STACK_OF(OCSP_SINGLERESP) *sresp; -+ OCSP_SINGLERESP *single; -+ if (!bs) -+ return -1; -+ if (last < 0) -+ last = 0; -+ else -+ last++; -+ sresp = bs->tbsResponseData->responses; -+ for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) { -+ single = sk_OCSP_SINGLERESP_value(sresp, i); -+ if (!OCSP_id_cmp(id, single->certId)) -+ return i; -+ } -+ return -1; -+} -+ -+/* -+ * Extract status information from an OCSP_SINGLERESP structure. Note: the -+ * revtime and reason values are only set if the certificate status is -+ * revoked. Returns numerical value of status. - */ - - int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, -- ASN1_GENERALIZEDTIME **revtime, -- ASN1_GENERALIZEDTIME **thisupd, -- ASN1_GENERALIZEDTIME **nextupd) -- { -- int ret; -- OCSP_CERTSTATUS *cst; -- if(!single) return -1; -- cst = single->certStatus; -- ret = cst->type; -- if (ret == V_OCSP_CERTSTATUS_REVOKED) -- { -- OCSP_REVOKEDINFO *rev = cst->value.revoked; -- if (revtime) *revtime = rev->revocationTime; -- if (reason) -- { -- if(rev->revocationReason) -- *reason = ASN1_ENUMERATED_get(rev->revocationReason); -- else *reason = -1; -- } -- } -- if(thisupd) *thisupd = single->thisUpdate; -- if(nextupd) *nextupd = single->nextUpdate; -- return ret; -- } -- --/* This function combines the previous ones: look up a certificate ID and -- * if found extract status information. Return 0 is successful. -+ ASN1_GENERALIZEDTIME **revtime, -+ ASN1_GENERALIZEDTIME **thisupd, -+ ASN1_GENERALIZEDTIME **nextupd) -+{ -+ int ret; -+ OCSP_CERTSTATUS *cst; -+ if (!single) -+ return -1; -+ cst = single->certStatus; -+ ret = cst->type; -+ if (ret == V_OCSP_CERTSTATUS_REVOKED) { -+ OCSP_REVOKEDINFO *rev = cst->value.revoked; -+ if (revtime) -+ *revtime = rev->revocationTime; -+ if (reason) { -+ if (rev->revocationReason) -+ *reason = ASN1_ENUMERATED_get(rev->revocationReason); -+ else -+ *reason = -1; -+ } -+ } -+ if (thisupd) -+ *thisupd = single->thisUpdate; -+ if (nextupd) -+ *nextupd = single->nextUpdate; -+ return ret; -+} -+ -+/* -+ * This function combines the previous ones: look up a certificate ID and if -+ * found extract status information. Return 0 is successful. - */ - - int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, -- int *reason, -- ASN1_GENERALIZEDTIME **revtime, -- ASN1_GENERALIZEDTIME **thisupd, -- ASN1_GENERALIZEDTIME **nextupd) -- { -- int i; -- OCSP_SINGLERESP *single; -- i = OCSP_resp_find(bs, id, -1); -- /* Maybe check for multiple responses and give an error? */ -- if(i < 0) return 0; -- single = OCSP_resp_get0(bs, i); -- i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd); -- if(status) *status = i; -- return 1; -- } -- --/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will -- * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid -- * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time. -- * Also to avoid accepting very old responses without a nextUpdate field an optional maxage -+ int *reason, -+ ASN1_GENERALIZEDTIME **revtime, -+ ASN1_GENERALIZEDTIME **thisupd, -+ ASN1_GENERALIZEDTIME **nextupd) -+{ -+ int i; -+ OCSP_SINGLERESP *single; -+ i = OCSP_resp_find(bs, id, -1); -+ /* Maybe check for multiple responses and give an error? */ -+ if (i < 0) -+ return 0; -+ single = OCSP_resp_get0(bs, i); -+ i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd); -+ if (status) -+ *status = i; -+ return 1; -+} -+ -+/* -+ * Check validity of thisUpdate and nextUpdate fields. It is possible that -+ * the request will take a few seconds to process and/or the time wont be -+ * totally accurate. Therefore to avoid rejecting otherwise valid time we -+ * allow the times to be within 'nsec' of the current time. Also to avoid -+ * accepting very old responses without a nextUpdate field an optional maxage - * parameter specifies the maximum age the thisUpdate field can be. - */ - --int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) -- { -- int ret = 1; -- time_t t_now, t_tmp; -- time(&t_now); -- /* Check thisUpdate is valid and not more than nsec in the future */ -- if (!ASN1_GENERALIZEDTIME_check(thisupd)) -- { -- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD); -- ret = 0; -- } -- else -- { -- t_tmp = t_now + nsec; -- if (X509_cmp_time(thisupd, &t_tmp) > 0) -- { -- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID); -- ret = 0; -- } -- -- /* If maxsec specified check thisUpdate is not more than maxsec in the past */ -- if (maxsec >= 0) -- { -- t_tmp = t_now - maxsec; -- if (X509_cmp_time(thisupd, &t_tmp) < 0) -- { -- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD); -- ret = 0; -- } -- } -- } -- -- -- if (!nextupd) return ret; -- -- /* Check nextUpdate is valid and not more than nsec in the past */ -- if (!ASN1_GENERALIZEDTIME_check(nextupd)) -- { -- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); -- ret = 0; -- } -- else -- { -- t_tmp = t_now - nsec; -- if (X509_cmp_time(nextupd, &t_tmp) < 0) -- { -- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED); -- ret = 0; -- } -- } -- -- /* Also don't allow nextUpdate to precede thisUpdate */ -- if (ASN1_STRING_cmp(nextupd, thisupd) < 0) -- { -- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); -- ret = 0; -- } -- -- return ret; -- } -+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, -+ ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) -+{ -+ int ret = 1; -+ time_t t_now, t_tmp; -+ time(&t_now); -+ /* Check thisUpdate is valid and not more than nsec in the future */ -+ if (!ASN1_GENERALIZEDTIME_check(thisupd)) { -+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD); -+ ret = 0; -+ } else { -+ t_tmp = t_now + nsec; -+ if (X509_cmp_time(thisupd, &t_tmp) > 0) { -+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID); -+ ret = 0; -+ } -+ -+ /* -+ * If maxsec specified check thisUpdate is not more than maxsec in -+ * the past -+ */ -+ if (maxsec >= 0) { -+ t_tmp = t_now - maxsec; -+ if (X509_cmp_time(thisupd, &t_tmp) < 0) { -+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD); -+ ret = 0; -+ } -+ } -+ } -+ -+ if (!nextupd) -+ return ret; -+ -+ /* Check nextUpdate is valid and not more than nsec in the past */ -+ if (!ASN1_GENERALIZEDTIME_check(nextupd)) { -+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); -+ ret = 0; -+ } else { -+ t_tmp = t_now - nsec; -+ if (X509_cmp_time(nextupd, &t_tmp) < 0) { -+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED); -+ ret = 0; -+ } -+ } -+ -+ /* Also don't allow nextUpdate to precede thisUpdate */ -+ if (ASN1_STRING_cmp(nextupd, thisupd) < 0) { -+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, -+ OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); -+ ret = 0; -+ } -+ -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c -index d2f2e79..0bbf71f 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,77 +66,83 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) - --static ERR_STRING_DATA OCSP_str_functs[]= -- { --{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, --{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, --{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, --{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, --{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, --{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, --{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, --{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, --{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, --{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, --{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, --{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, --{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, --{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, --{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, --{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, --{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, --{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, --{0,NULL} -- }; -+static ERR_STRING_DATA OCSP_str_functs[] = { -+ {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, -+ {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, -+ {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, -+ {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, -+ {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, -+ {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, -+ {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, -+ {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, -+ {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, -+ {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, -+ {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, -+ {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, -+ {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, -+ {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, -+ {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, -+ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, -+ {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, -+ {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA OCSP_str_reasons[]= -- { --{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"}, --{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, --{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"}, --{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"}, --{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"}, --{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"}, --{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"}, --{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"}, --{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"}, --{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"}, --{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"}, --{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"}, --{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"}, --{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"}, --{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, --{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"}, --{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"}, --{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"}, --{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"}, --{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"}, --{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, --{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"}, --{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"}, --{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, --{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"}, --{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"}, --{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"}, --{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"}, --{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"}, --{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"}, --{0,NULL} -- }; -+static ERR_STRING_DATA OCSP_str_reasons[] = { -+ {ERR_REASON(OCSP_R_BAD_DATA), "bad data"}, -+ {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, -+ {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"}, -+ {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), -+ "error in nextupdate field"}, -+ {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), -+ "error in thisupdate field"}, -+ {ERR_REASON(OCSP_R_ERROR_PARSING_URL), "error parsing url"}, -+ {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), -+ "missing ocspsigning usage"}, -+ {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), -+ "nextupdate before thisupdate"}, -+ {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"}, -+ {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, -+ {ERR_REASON(OCSP_R_NO_CONTENT), "no content"}, -+ {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"}, -+ {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"}, -+ {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"}, -+ {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), -+ "private key does not match certificate"}, -+ {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"}, -+ {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), -+ "response contains no revocation data"}, -+ {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"}, -+ {ERR_REASON(OCSP_R_SERVER_READ_ERROR), "server read error"}, -+ {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, -+ {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), -+ "server response parse error"}, -+ {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR), "server write error"}, -+ {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"}, -+ {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), -+ "signer certificate not found"}, -+ {ERR_REASON(OCSP_R_STATUS_EXPIRED), "status expired"}, -+ {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID), "status not yet valid"}, -+ {ERR_REASON(OCSP_R_STATUS_TOO_OLD), "status too old"}, -+ {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"}, -+ {ERR_REASON(OCSP_R_UNKNOWN_NID), "unknown nid"}, -+ {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), -+ "unsupported requestorname type"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_OCSP_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,OCSP_str_functs); -- ERR_load_strings(0,OCSP_str_reasons); -- } -+ if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, OCSP_str_functs); -+ ERR_load_strings(0, OCSP_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c -index 815cc29..e341cae 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c -@@ -1,11 +1,14 @@ - /* ocsp_ext.c */ --/* Written by Tom Titchener for the OpenSSL -- * project. */ -+/* -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ - --/* History: -- This file was transfered to Richard Levitte from CertCo by Kathy -- Weinhold in mid-spring 2000 to be included in OpenSSL or released -- as a patch kit. */ -+/* -+ * History: This file was transfered to Richard Levitte from CertCo by Kathy -+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a -+ * patch kit. -+ */ - - /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -@@ -15,7 +18,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -74,293 +77,318 @@ - /* OCSP request extensions */ - - int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) -- { -- return(X509v3_get_ext_count(x->tbsRequest->requestExtensions)); -- } -+{ -+ return (X509v3_get_ext_count(x->tbsRequest->requestExtensions)); -+} - - int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) -- { -- return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos)); -- } -- --int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos) -- { -- return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_NID -+ (x->tbsRequest->requestExtensions, nid, lastpos)); -+} -+ -+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, -+ int lastpos) -+{ -+ return (X509v3_get_ext_by_OBJ -+ (x->tbsRequest->requestExtensions, obj, lastpos)); -+} - - int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) -- { -- return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_critical -+ (x->tbsRequest->requestExtensions, crit, lastpos)); -+} - - X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) -- { -- return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc)); -- } -+{ -+ return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc)); -+} - - X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) -- { -- return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc)); -- } -+{ -+ return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc)); -+} - - void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) -- { -- return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); -- } -+{ -+ return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); -+} - - int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, -- unsigned long flags) -- { -- return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags); -- } -+ unsigned long flags) -+{ -+ return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, -+ crit, flags); -+} - - int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) -- { -- return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL); -- } -+{ -+ return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != -+ NULL); -+} - - /* Single extensions */ - - int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x) -- { -- return(X509v3_get_ext_count(x->singleRequestExtensions)); -- } -+{ -+ return (X509v3_get_ext_count(x->singleRequestExtensions)); -+} - - int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) -- { -- return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos)); -+} - - int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos) -- { -- return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos)); -+} - - int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) -- { -- return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_critical -+ (x->singleRequestExtensions, crit, lastpos)); -+} - - X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) -- { -- return(X509v3_get_ext(x->singleRequestExtensions,loc)); -- } -+{ -+ return (X509v3_get_ext(x->singleRequestExtensions, loc)); -+} - - X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) -- { -- return(X509v3_delete_ext(x->singleRequestExtensions,loc)); -- } -+{ -+ return (X509v3_delete_ext(x->singleRequestExtensions, loc)); -+} - - void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) -- { -- return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); -- } -+{ -+ return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); -+} - - int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, -- unsigned long flags) -- { -- return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags); -- } -+ unsigned long flags) -+{ -+ return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, -+ flags); -+} - - int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) -- { -- return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL); -- } -+{ -+ return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL); -+} - - /* OCSP Basic response */ - - int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) -- { -- return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); -- } -+{ -+ return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); -+} - - int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) -- { -- return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos)); -- } -- --int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) -- { -- return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos)); -- } -- --int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) -- { -- return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_NID -+ (x->tbsResponseData->responseExtensions, nid, lastpos)); -+} -+ -+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, -+ int lastpos) -+{ -+ return (X509v3_get_ext_by_OBJ -+ (x->tbsResponseData->responseExtensions, obj, lastpos)); -+} -+ -+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, -+ int lastpos) -+{ -+ return (X509v3_get_ext_by_critical -+ (x->tbsResponseData->responseExtensions, crit, lastpos)); -+} - - X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) -- { -- return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc)); -- } -+{ -+ return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc)); -+} - - X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) -- { -- return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc)); -- } -- --void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx) -- { -- return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx); -- } -- --int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, -- unsigned long flags) -- { -- return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags); -- } -+{ -+ return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc)); -+} -+ -+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, -+ int *idx) -+{ -+ return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, -+ idx); -+} -+ -+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, -+ int crit, unsigned long flags) -+{ -+ return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, -+ value, crit, flags); -+} - - int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) -- { -- return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL); -- } -+{ -+ return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc) -+ != NULL); -+} - - /* OCSP single response extensions */ - - int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x) -- { -- return(X509v3_get_ext_count(x->singleExtensions)); -- } -+{ -+ return (X509v3_get_ext_count(x->singleExtensions)); -+} - - int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) -- { -- return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos)); -- } -- --int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos) -- { -- return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos)); -- } -- --int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos) -- { -- return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos)); -+} -+ -+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, -+ int lastpos) -+{ -+ return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos)); -+} -+ -+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, -+ int lastpos) -+{ -+ return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos)); -+} - - X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) -- { -- return(X509v3_get_ext(x->singleExtensions,loc)); -- } -+{ -+ return (X509v3_get_ext(x->singleExtensions, loc)); -+} - - X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc) -- { -- return(X509v3_delete_ext(x->singleExtensions,loc)); -- } -- --void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx) -- { -- return X509V3_get_d2i(x->singleExtensions, nid, crit, idx); -- } -- --int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, -- unsigned long flags) -- { -- return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); -- } -+{ -+ return (X509v3_delete_ext(x->singleExtensions, loc)); -+} -+ -+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, -+ int *idx) -+{ -+ return X509V3_get_d2i(x->singleExtensions, nid, crit, idx); -+} -+ -+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, -+ int crit, unsigned long flags) -+{ -+ return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); -+} - - int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) -- { -- return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL); -- } -+{ -+ return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL); -+} - - /* also CRL Entry Extensions */ - - ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, -- void *data, STACK_OF(ASN1_OBJECT) *sk) -- { -- int i; -- unsigned char *p, *b = NULL; -- -- if (data) -- { -- if ((i=i2d(data,NULL)) <= 0) goto err; -- if (!(b=p=OPENSSL_malloc((unsigned int)i))) -- goto err; -- if (i2d(data, &p) <= 0) goto err; -- } -- else if (sk) -- { -- if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, -- (I2D_OF(ASN1_OBJECT))i2d, -- V_ASN1_SEQUENCE, -- V_ASN1_UNIVERSAL, -- IS_SEQUENCE))<=0) goto err; -- if (!(b=p=OPENSSL_malloc((unsigned int)i))) -- goto err; -- if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, -- V_ASN1_SEQUENCE, -- V_ASN1_UNIVERSAL, -- IS_SEQUENCE)<=0) goto err; -- } -- else -- { -- OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA); -- goto err; -- } -- if (!s && !(s = ASN1_STRING_new())) goto err; -- if (!(ASN1_STRING_set(s, b, i))) goto err; -- OPENSSL_free(b); -- return s; --err: -- if (b) OPENSSL_free(b); -- return NULL; -- } -+ void *data, STACK_OF(ASN1_OBJECT) *sk) -+{ -+ int i; -+ unsigned char *p, *b = NULL; -+ -+ if (data) { -+ if ((i = i2d(data, NULL)) <= 0) -+ goto err; -+ if (!(b = p = OPENSSL_malloc((unsigned int)i))) -+ goto err; -+ if (i2d(data, &p) <= 0) -+ goto err; -+ } else if (sk) { -+ if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, -+ (I2D_OF(ASN1_OBJECT)) i2d, -+ V_ASN1_SEQUENCE, -+ V_ASN1_UNIVERSAL, -+ IS_SEQUENCE)) <= 0) -+ goto err; -+ if (!(b = p = OPENSSL_malloc((unsigned int)i))) -+ goto err; -+ if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d, -+ V_ASN1_SEQUENCE, -+ V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) -+ goto err; -+ } else { -+ OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); -+ goto err; -+ } -+ if (!s && !(s = ASN1_STRING_new())) -+ goto err; -+ if (!(ASN1_STRING_set(s, b, i))) -+ goto err; -+ OPENSSL_free(b); -+ return s; -+ err: -+ if (b) -+ OPENSSL_free(b); -+ return NULL; -+} - - /* Nonce handling functions */ - --/* Add a nonce to an extension stack. A nonce can be specificed or if NULL -- * a random nonce will be generated. -- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the -- * nonce, previous versions used the raw nonce. -+/* -+ * Add a nonce to an extension stack. A nonce can be specificed or if NULL a -+ * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an -+ * OCTET STRING containing the nonce, previous versions used the raw nonce. - */ - --static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) -- { -- unsigned char *tmpval; -- ASN1_OCTET_STRING os; -- int ret = 0; -- if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; -- /* Create the OCTET STRING manually by writing out the header and -- * appending the content octets. This avoids an extra memory allocation -- * operation in some cases. Applications should *NOT* do this because -- * it relies on library internals. -- */ -- os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); -- os.data = OPENSSL_malloc(os.length); -- if (os.data == NULL) -- goto err; -- tmpval = os.data; -- ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); -- if (val) -- memcpy(tmpval, val, len); -- else -- RAND_pseudo_bytes(tmpval, len); -- if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, -- &os, 0, X509V3_ADD_REPLACE)) -- goto err; -- ret = 1; -- err: -- if (os.data) -- OPENSSL_free(os.data); -- return ret; -- } -- -+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, -+ unsigned char *val, int len) -+{ -+ unsigned char *tmpval; -+ ASN1_OCTET_STRING os; -+ int ret = 0; -+ if (len <= 0) -+ len = OCSP_DEFAULT_NONCE_LENGTH; -+ /* -+ * Create the OCTET STRING manually by writing out the header and -+ * appending the content octets. This avoids an extra memory allocation -+ * operation in some cases. Applications should *NOT* do this because it -+ * relies on library internals. -+ */ -+ os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); -+ os.data = OPENSSL_malloc(os.length); -+ if (os.data == NULL) -+ goto err; -+ tmpval = os.data; -+ ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); -+ if (val) -+ memcpy(tmpval, val, len); -+ else -+ RAND_pseudo_bytes(tmpval, len); -+ if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, -+ &os, 0, X509V3_ADD_REPLACE)) -+ goto err; -+ ret = 1; -+ err: -+ if (os.data) -+ OPENSSL_free(os.data); -+ return ret; -+} - - /* Add nonce to an OCSP request */ - - int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) -- { -- return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); -- } -+{ -+ return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); -+} - - /* Same as above but for a response */ - - int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) -- { -- return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len); -- } -+{ -+ return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, -+ len); -+} - --/* Check nonce validity in a request and response. -+/*- -+ * Check nonce validity in a request and response. - * Return value reflects result: - * 1: nonces present and equal. - * 2: nonces both absent. -@@ -374,172 +402,204 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) - */ - - int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) -- { -- /* -- * Since we are only interested in the presence or absence of -- * the nonce and comparing its value there is no need to use -- * the X509V3 routines: this way we can avoid them allocating an -- * ASN1_OCTET_STRING structure for the value which would be -- * freed immediately anyway. -- */ -- -- int req_idx, resp_idx; -- X509_EXTENSION *req_ext, *resp_ext; -- req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); -- resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); -- /* Check both absent */ -- if((req_idx < 0) && (resp_idx < 0)) -- return 2; -- /* Check in request only */ -- if((req_idx >= 0) && (resp_idx < 0)) -- return -1; -- /* Check in response but not request */ -- if((req_idx < 0) && (resp_idx >= 0)) -- return 3; -- /* Otherwise nonce in request and response so retrieve the extensions */ -- req_ext = OCSP_REQUEST_get_ext(req, req_idx); -- resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); -- if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) -- return 0; -- return 1; -- } -- --/* Copy the nonce value (if any) from an OCSP request to -- * a response. -+{ -+ /* -+ * Since we are only interested in the presence or absence of -+ * the nonce and comparing its value there is no need to use -+ * the X509V3 routines: this way we can avoid them allocating an -+ * ASN1_OCTET_STRING structure for the value which would be -+ * freed immediately anyway. -+ */ -+ -+ int req_idx, resp_idx; -+ X509_EXTENSION *req_ext, *resp_ext; -+ req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); -+ resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); -+ /* Check both absent */ -+ if ((req_idx < 0) && (resp_idx < 0)) -+ return 2; -+ /* Check in request only */ -+ if ((req_idx >= 0) && (resp_idx < 0)) -+ return -1; -+ /* Check in response but not request */ -+ if ((req_idx < 0) && (resp_idx >= 0)) -+ return 3; -+ /* -+ * Otherwise nonce in request and response so retrieve the extensions -+ */ -+ req_ext = OCSP_REQUEST_get_ext(req, req_idx); -+ resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); -+ if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) -+ return 0; -+ return 1; -+} -+ -+/* -+ * Copy the nonce value (if any) from an OCSP request to a response. - */ - - int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) -- { -- X509_EXTENSION *req_ext; -- int req_idx; -- /* Check for nonce in request */ -- req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); -- /* If no nonce that's OK */ -- if (req_idx < 0) return 2; -- req_ext = OCSP_REQUEST_get_ext(req, req_idx); -- return OCSP_BASICRESP_add_ext(resp, req_ext, -1); -- } -+{ -+ X509_EXTENSION *req_ext; -+ int req_idx; -+ /* Check for nonce in request */ -+ req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); -+ /* If no nonce that's OK */ -+ if (req_idx < 0) -+ return 2; -+ req_ext = OCSP_REQUEST_get_ext(req, req_idx); -+ return OCSP_BASICRESP_add_ext(resp, req_ext, -1); -+} - - X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) -- { -- X509_EXTENSION *x = NULL; -- OCSP_CRLID *cid = NULL; -- -- if (!(cid = OCSP_CRLID_new())) goto err; -- if (url) -- { -- if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err; -- if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err; -- } -- if (n) -- { -- if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; -- if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; -- } -- if (tim) -- { -- if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; -- if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) -- goto err; -- } -- if (!(x = X509_EXTENSION_new())) goto err; -- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; -- if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid, -- NULL))) -- goto err; -- OCSP_CRLID_free(cid); -- return x; --err: -- if (x) X509_EXTENSION_free(x); -- if (cid) OCSP_CRLID_free(cid); -- return NULL; -- } -+{ -+ X509_EXTENSION *x = NULL; -+ OCSP_CRLID *cid = NULL; -+ -+ if (!(cid = OCSP_CRLID_new())) -+ goto err; -+ if (url) { -+ if (!(cid->crlUrl = ASN1_IA5STRING_new())) -+ goto err; -+ if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) -+ goto err; -+ } -+ if (n) { -+ if (!(cid->crlNum = ASN1_INTEGER_new())) -+ goto err; -+ if (!(ASN1_INTEGER_set(cid->crlNum, *n))) -+ goto err; -+ } -+ if (tim) { -+ if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) -+ goto err; -+ if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) -+ goto err; -+ } -+ if (!(x = X509_EXTENSION_new())) -+ goto err; -+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) -+ goto err; -+ if (!(ASN1_STRING_encode_of(OCSP_CRLID, x->value, i2d_OCSP_CRLID, cid, -+ NULL))) -+ goto err; -+ OCSP_CRLID_free(cid); -+ return x; -+ err: -+ if (x) -+ X509_EXTENSION_free(x); -+ if (cid) -+ OCSP_CRLID_free(cid); -+ return NULL; -+} - - /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ - X509_EXTENSION *OCSP_accept_responses_new(char **oids) -- { -- int nid; -- STACK_OF(ASN1_OBJECT) *sk = NULL; -- ASN1_OBJECT *o = NULL; -- X509_EXTENSION *x = NULL; -- -- if (!(sk = sk_ASN1_OBJECT_new_null())) goto err; -- while (oids && *oids) -- { -- if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) -- sk_ASN1_OBJECT_push(sk, o); -- oids++; -- } -- if (!(x = X509_EXTENSION_new())) goto err; -- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) -- goto err; -- if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL, -- sk))) -- goto err; -- sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); -- return x; --err: -- if (x) X509_EXTENSION_free(x); -- if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); -- return NULL; -- } -+{ -+ int nid; -+ STACK_OF(ASN1_OBJECT) *sk = NULL; -+ ASN1_OBJECT *o = NULL; -+ X509_EXTENSION *x = NULL; -+ -+ if (!(sk = sk_ASN1_OBJECT_new_null())) -+ goto err; -+ while (oids && *oids) { -+ if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid))) -+ sk_ASN1_OBJECT_push(sk, o); -+ oids++; -+ } -+ if (!(x = X509_EXTENSION_new())) -+ goto err; -+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) -+ goto err; -+ if (!(ASN1_STRING_encode_of(ASN1_OBJECT, x->value, i2d_ASN1_OBJECT, NULL, -+ sk))) -+ goto err; -+ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); -+ return x; -+ err: -+ if (x) -+ X509_EXTENSION_free(x); -+ if (sk) -+ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); -+ return NULL; -+} - - /* ArchiveCutoff ::= GeneralizedTime */ --X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) -- { -- X509_EXTENSION *x=NULL; -- ASN1_GENERALIZEDTIME *gt = NULL; -- -- if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; -- if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; -- if (!(x = X509_EXTENSION_new())) goto err; -- if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; -- if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value, -- i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err; -- ASN1_GENERALIZEDTIME_free(gt); -- return x; --err: -- if (gt) ASN1_GENERALIZEDTIME_free(gt); -- if (x) X509_EXTENSION_free(x); -- return NULL; -- } -- --/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently -- * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This -- * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. -+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) -+{ -+ X509_EXTENSION *x = NULL; -+ ASN1_GENERALIZEDTIME *gt = NULL; -+ -+ if (!(gt = ASN1_GENERALIZEDTIME_new())) -+ goto err; -+ if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) -+ goto err; -+ if (!(x = X509_EXTENSION_new())) -+ goto err; -+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff))) -+ goto err; -+ if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME, x->value, -+ i2d_ASN1_GENERALIZEDTIME, gt, NULL))) -+ goto err; -+ ASN1_GENERALIZEDTIME_free(gt); -+ return x; -+ err: -+ if (gt) -+ ASN1_GENERALIZEDTIME_free(gt); -+ if (x) -+ X509_EXTENSION_free(x); -+ return NULL; -+} -+ -+/* -+ * per ACCESS_DESCRIPTION parameter are oids, of which there are currently -+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method -+ * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. - */ --X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) -- { -- X509_EXTENSION *x = NULL; -- ASN1_IA5STRING *ia5 = NULL; -- OCSP_SERVICELOC *sloc = NULL; -- ACCESS_DESCRIPTION *ad = NULL; -- -- if (!(sloc = OCSP_SERVICELOC_new())) goto err; -- if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err; -- if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err; -- while (urls && *urls) -- { -- if (!(ad = ACCESS_DESCRIPTION_new())) goto err; -- if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err; -- if (!(ad->location = GENERAL_NAME_new())) goto err; -- if (!(ia5 = ASN1_IA5STRING_new())) goto err; -- if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err; -- ad->location->type = GEN_URI; -- ad->location->d.ia5 = ia5; -- if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; -- urls++; -- } -- if (!(x = X509_EXTENSION_new())) goto err; -- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) -- goto err; -- if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value, -- i2d_OCSP_SERVICELOC,sloc,NULL))) goto err; -- OCSP_SERVICELOC_free(sloc); -- return x; --err: -- if (x) X509_EXTENSION_free(x); -- if (sloc) OCSP_SERVICELOC_free(sloc); -- return NULL; -- } -- -+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls) -+{ -+ X509_EXTENSION *x = NULL; -+ ASN1_IA5STRING *ia5 = NULL; -+ OCSP_SERVICELOC *sloc = NULL; -+ ACCESS_DESCRIPTION *ad = NULL; -+ -+ if (!(sloc = OCSP_SERVICELOC_new())) -+ goto err; -+ if (!(sloc->issuer = X509_NAME_dup(issuer))) -+ goto err; -+ if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) -+ goto err; -+ while (urls && *urls) { -+ if (!(ad = ACCESS_DESCRIPTION_new())) -+ goto err; -+ if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP))) -+ goto err; -+ if (!(ad->location = GENERAL_NAME_new())) -+ goto err; -+ if (!(ia5 = ASN1_IA5STRING_new())) -+ goto err; -+ if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1)) -+ goto err; -+ ad->location->type = GEN_URI; -+ ad->location->d.ia5 = ia5; -+ if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) -+ goto err; -+ urls++; -+ } -+ if (!(x = X509_EXTENSION_new())) -+ goto err; -+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) -+ goto err; -+ if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC, x->value, -+ i2d_OCSP_SERVICELOC, sloc, NULL))) -+ goto err; -+ OCSP_SERVICELOC_free(sloc); -+ return x; -+ err: -+ if (x) -+ X509_EXTENSION_free(x); -+ if (sloc) -+ OCSP_SERVICELOC_free(sloc); -+ return NULL; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -index fb87cd7..6754642 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c -@@ -1,6 +1,7 @@ - /* ocsp_ht.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2006. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2006. - */ - /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -66,416 +67,378 @@ - #include - #include - #ifdef OPENSSL_SYS_SUNOS --#define strtoul (unsigned long)strtol --#endif /* OPENSSL_SYS_SUNOS */ -+# define strtoul (unsigned long)strtol -+#endif /* OPENSSL_SYS_SUNOS */ - - /* Stateful OCSP request code, supporting non-blocking I/O */ - - /* Opaque OCSP request status structure */ - - struct ocsp_req_ctx_st { -- int state; /* Current I/O state */ -- unsigned char *iobuf; /* Line buffer */ -- int iobuflen; /* Line buffer length */ -- BIO *io; /* BIO to perform I/O with */ -- BIO *mem; /* Memory BIO response is built into */ -- unsigned long asn1_len; /* ASN1 length of response */ -- }; -+ int state; /* Current I/O state */ -+ unsigned char *iobuf; /* Line buffer */ -+ int iobuflen; /* Line buffer length */ -+ BIO *io; /* BIO to perform I/O with */ -+ BIO *mem; /* Memory BIO response is built into */ -+ unsigned long asn1_len; /* ASN1 length of response */ -+}; - --#define OCSP_MAX_REQUEST_LENGTH (100 * 1024) --#define OCSP_MAX_LINE_LEN 4096; -+#define OCSP_MAX_REQUEST_LENGTH (100 * 1024) -+#define OCSP_MAX_LINE_LEN 4096; - - /* OCSP states */ - - /* If set no reading should be performed */ --#define OHS_NOREAD 0x1000 -+#define OHS_NOREAD 0x1000 - /* Error condition */ --#define OHS_ERROR (0 | OHS_NOREAD) -+#define OHS_ERROR (0 | OHS_NOREAD) - /* First line being read */ --#define OHS_FIRSTLINE 1 -+#define OHS_FIRSTLINE 1 - /* MIME headers being read */ --#define OHS_HEADERS 2 -+#define OHS_HEADERS 2 - /* OCSP initial header (tag + length) being read */ --#define OHS_ASN1_HEADER 3 -+#define OHS_ASN1_HEADER 3 - /* OCSP content octets being read */ --#define OHS_ASN1_CONTENT 4 -+#define OHS_ASN1_CONTENT 4 - /* Request being sent */ --#define OHS_ASN1_WRITE (6 | OHS_NOREAD) -+#define OHS_ASN1_WRITE (6 | OHS_NOREAD) - /* Request being flushed */ --#define OHS_ASN1_FLUSH (7 | OHS_NOREAD) -+#define OHS_ASN1_FLUSH (7 | OHS_NOREAD) - /* Completed */ --#define OHS_DONE (8 | OHS_NOREAD) -- -+#define OHS_DONE (8 | OHS_NOREAD) - - static int parse_http_line1(char *line); - - void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) -- { -- if (rctx->mem) -- BIO_free(rctx->mem); -- if (rctx->iobuf) -- OPENSSL_free(rctx->iobuf); -- OPENSSL_free(rctx); -- } -+{ -+ if (rctx->mem) -+ BIO_free(rctx->mem); -+ if (rctx->iobuf) -+ OPENSSL_free(rctx->iobuf); -+ OPENSSL_free(rctx); -+} - - OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, -- int maxline) -- { -- static char post_hdr[] = "POST %s HTTP/1.0\r\n" -- "Content-Type: application/ocsp-request\r\n" -- "Content-Length: %d\r\n\r\n"; -- -- OCSP_REQ_CTX *rctx; -- rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); -- rctx->state = OHS_FIRSTLINE; -- rctx->mem = BIO_new(BIO_s_mem()); -- rctx->io = io; -- if (maxline > 0) -- rctx->iobuflen = maxline; -- else -- rctx->iobuflen = OCSP_MAX_LINE_LEN; -- rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); -- if (!path) -- path = "/"; -- -- if (BIO_printf(rctx->mem, post_hdr, path, -- i2d_OCSP_REQUEST(req, NULL)) <= 0) -- { -- rctx->state = OHS_ERROR; -- return 0; -- } -- if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) -- { -- rctx->state = OHS_ERROR; -- return 0; -- } -- rctx->state = OHS_ASN1_WRITE; -- rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); -- -- return rctx; -- } -- --/* Parse the HTTP response. This will look like this: -- * "HTTP/1.0 200 OK". We need to obtain the numeric code and -- * (optional) informational message. -+ int maxline) -+{ -+ static char post_hdr[] = "POST %s HTTP/1.0\r\n" -+ "Content-Type: application/ocsp-request\r\n" -+ "Content-Length: %d\r\n\r\n"; -+ -+ OCSP_REQ_CTX *rctx; -+ rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); -+ rctx->state = OHS_FIRSTLINE; -+ rctx->mem = BIO_new(BIO_s_mem()); -+ rctx->io = io; -+ if (maxline > 0) -+ rctx->iobuflen = maxline; -+ else -+ rctx->iobuflen = OCSP_MAX_LINE_LEN; -+ rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); -+ if (!path) -+ path = "/"; -+ -+ if (BIO_printf(rctx->mem, post_hdr, path, -+ i2d_OCSP_REQUEST(req, NULL)) <= 0) { -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) { -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ rctx->state = OHS_ASN1_WRITE; -+ rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); -+ -+ return rctx; -+} -+ -+/* -+ * Parse the HTTP response. This will look like this: "HTTP/1.0 200 OK". We -+ * need to obtain the numeric code and (optional) informational message. - */ - - static int parse_http_line1(char *line) -- { -- int retcode; -- char *p, *q, *r; -- /* Skip to first white space (passed protocol info) */ -- -- for(p = line; *p && !isspace((unsigned char)*p); p++) -- continue; -- if(!*p) -- { -- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, -- OCSP_R_SERVER_RESPONSE_PARSE_ERROR); -- return 0; -- } -- -- /* Skip past white space to start of response code */ -- while(*p && isspace((unsigned char)*p)) -- p++; -- -- if(!*p) -- { -- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, -- OCSP_R_SERVER_RESPONSE_PARSE_ERROR); -- return 0; -- } -- -- /* Find end of response code: first whitespace after start of code */ -- for(q = p; *q && !isspace((unsigned char)*q); q++) -- continue; -- -- if(!*q) -- { -- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, -- OCSP_R_SERVER_RESPONSE_PARSE_ERROR); -- return 0; -- } -- -- /* Set end of response code and start of message */ -- *q++ = 0; -- -- /* Attempt to parse numeric code */ -- retcode = strtoul(p, &r, 10); -- -- if(*r) -- return 0; -- -- /* Skip over any leading white space in message */ -- while(*q && isspace((unsigned char)*q)) -- q++; -- -- if(*q) -- { -- /* Finally zap any trailing white space in message (include -- * CRLF) */ -- -- /* We know q has a non white space character so this is OK */ -- for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) -- *r = 0; -- } -- if(retcode != 200) -- { -- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR); -- if(!*q) -- ERR_add_error_data(2, "Code=", p); -- else -- ERR_add_error_data(4, "Code=", p, ",Reason=", q); -- return 0; -- } -- -- -- return 1; -- -- } -+{ -+ int retcode; -+ char *p, *q, *r; -+ /* Skip to first white space (passed protocol info) */ -+ -+ for (p = line; *p && !isspace((unsigned char)*p); p++) -+ continue; -+ if (!*p) { -+ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); -+ return 0; -+ } -+ -+ /* Skip past white space to start of response code */ -+ while (*p && isspace((unsigned char)*p)) -+ p++; -+ -+ if (!*p) { -+ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); -+ return 0; -+ } -+ -+ /* Find end of response code: first whitespace after start of code */ -+ for (q = p; *q && !isspace((unsigned char)*q); q++) -+ continue; -+ -+ if (!*q) { -+ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); -+ return 0; -+ } -+ -+ /* Set end of response code and start of message */ -+ *q++ = 0; -+ -+ /* Attempt to parse numeric code */ -+ retcode = strtoul(p, &r, 10); -+ -+ if (*r) -+ return 0; -+ -+ /* Skip over any leading white space in message */ -+ while (*q && isspace((unsigned char)*q)) -+ q++; -+ -+ if (*q) { -+ /* -+ * Finally zap any trailing white space in message (include CRLF) -+ */ -+ -+ /* We know q has a non white space character so this is OK */ -+ for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) -+ *r = 0; -+ } -+ if (retcode != 200) { -+ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR); -+ if (!*q) -+ ERR_add_error_data(2, "Code=", p); -+ else -+ ERR_add_error_data(4, "Code=", p, ",Reason=", q); -+ return 0; -+ } -+ -+ return 1; -+ -+} - - int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) -- { -- int i, n; -- const unsigned char *p; -- next_io: -- if (!(rctx->state & OHS_NOREAD)) -- { -- n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); -- -- if (n <= 0) -- { -- if (BIO_should_retry(rctx->io)) -- return -1; -- return 0; -- } -- -- /* Write data to memory BIO */ -- -- if (BIO_write(rctx->mem, rctx->iobuf, n) != n) -- return 0; -- } -- -- switch(rctx->state) -- { -- -- case OHS_ASN1_WRITE: -- n = BIO_get_mem_data(rctx->mem, &p); -- -- i = BIO_write(rctx->io, -- p + (n - rctx->asn1_len), rctx->asn1_len); -- -- if (i <= 0) -- { -- if (BIO_should_retry(rctx->io)) -- return -1; -- rctx->state = OHS_ERROR; -- return 0; -- } -- -- rctx->asn1_len -= i; -- -- if (rctx->asn1_len > 0) -- goto next_io; -- -- rctx->state = OHS_ASN1_FLUSH; -- -- (void)BIO_reset(rctx->mem); -- -- case OHS_ASN1_FLUSH: -- -- i = BIO_flush(rctx->io); -- -- if (i > 0) -- { -- rctx->state = OHS_FIRSTLINE; -- goto next_io; -- } -- -- if (BIO_should_retry(rctx->io)) -- return -1; -- -- rctx->state = OHS_ERROR; -- return 0; -- -- case OHS_ERROR: -- return 0; -- -- case OHS_FIRSTLINE: -- case OHS_HEADERS: -- -- /* Attempt to read a line in */ -- -- next_line: -- /* Due to &%^*$" memory BIO behaviour with BIO_gets we -- * have to check there's a complete line in there before -- * calling BIO_gets or we'll just get a partial read. -- */ -- n = BIO_get_mem_data(rctx->mem, &p); -- if ((n <= 0) || !memchr(p, '\n', n)) -- { -- if (n >= rctx->iobuflen) -- { -- rctx->state = OHS_ERROR; -- return 0; -- } -- goto next_io; -- } -- n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); -- -- if (n <= 0) -- { -- if (BIO_should_retry(rctx->mem)) -- goto next_io; -- rctx->state = OHS_ERROR; -- return 0; -- } -- -- /* Don't allow excessive lines */ -- if (n == rctx->iobuflen) -- { -- rctx->state = OHS_ERROR; -- return 0; -- } -- -- /* First line */ -- if (rctx->state == OHS_FIRSTLINE) -- { -- if (parse_http_line1((char *)rctx->iobuf)) -- { -- rctx->state = OHS_HEADERS; -- goto next_line; -- } -- else -- { -- rctx->state = OHS_ERROR; -- return 0; -- } -- } -- else -- { -- /* Look for blank line: end of headers */ -- for (p = rctx->iobuf; *p; p++) -- { -- if ((*p != '\r') && (*p != '\n')) -- break; -- } -- if (*p) -- goto next_line; -- -- rctx->state = OHS_ASN1_HEADER; -- -- } -- -- /* Fall thru */ -- -- -- case OHS_ASN1_HEADER: -- /* Now reading ASN1 header: can read at least 2 bytes which -- * is enough for ASN1 SEQUENCE header and either length field -- * or at least the length of the length field. -- */ -- n = BIO_get_mem_data(rctx->mem, &p); -- if (n < 2) -- goto next_io; -- -- /* Check it is an ASN1 SEQUENCE */ -- if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) -- { -- rctx->state = OHS_ERROR; -- return 0; -- } -- -- /* Check out length field */ -- if (*p & 0x80) -- { -- /* If MSB set on initial length octet we can now -- * always read 6 octets: make sure we have them. -- */ -- if (n < 6) -- goto next_io; -- n = *p & 0x7F; -- /* Not NDEF or excessive length */ -- if (!n || (n > 4)) -- { -- rctx->state = OHS_ERROR; -- return 0; -- } -- p++; -- rctx->asn1_len = 0; -- for (i = 0; i < n; i++) -- { -- rctx->asn1_len <<= 8; -- rctx->asn1_len |= *p++; -- } -- -- if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) -- { -- rctx->state = OHS_ERROR; -- return 0; -- } -- -- rctx->asn1_len += n + 2; -- } -- else -- rctx->asn1_len = *p + 2; -- -- rctx->state = OHS_ASN1_CONTENT; -- -- /* Fall thru */ -- -- case OHS_ASN1_CONTENT: -- n = BIO_get_mem_data(rctx->mem, &p); -- if (n < (int)rctx->asn1_len) -- goto next_io; -- -- -- *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); -- if (*presp) -- { -- rctx->state = OHS_DONE; -- return 1; -- } -- -- rctx->state = OHS_ERROR; -- return 0; -- -- break; -- -- case OHS_DONE: -- return 1; -- -- } -- -- -- -- return 0; -- -- -- } -+{ -+ int i, n; -+ const unsigned char *p; -+ next_io: -+ if (!(rctx->state & OHS_NOREAD)) { -+ n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); -+ -+ if (n <= 0) { -+ if (BIO_should_retry(rctx->io)) -+ return -1; -+ return 0; -+ } -+ -+ /* Write data to memory BIO */ -+ -+ if (BIO_write(rctx->mem, rctx->iobuf, n) != n) -+ return 0; -+ } -+ -+ switch (rctx->state) { -+ -+ case OHS_ASN1_WRITE: -+ n = BIO_get_mem_data(rctx->mem, &p); -+ -+ i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len); -+ -+ if (i <= 0) { -+ if (BIO_should_retry(rctx->io)) -+ return -1; -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ -+ rctx->asn1_len -= i; -+ -+ if (rctx->asn1_len > 0) -+ goto next_io; -+ -+ rctx->state = OHS_ASN1_FLUSH; -+ -+ (void)BIO_reset(rctx->mem); -+ -+ case OHS_ASN1_FLUSH: -+ -+ i = BIO_flush(rctx->io); -+ -+ if (i > 0) { -+ rctx->state = OHS_FIRSTLINE; -+ goto next_io; -+ } -+ -+ if (BIO_should_retry(rctx->io)) -+ return -1; -+ -+ rctx->state = OHS_ERROR; -+ return 0; -+ -+ case OHS_ERROR: -+ return 0; -+ -+ case OHS_FIRSTLINE: -+ case OHS_HEADERS: -+ -+ /* Attempt to read a line in */ -+ -+ next_line: -+ /* -+ * Due to &%^*$" memory BIO behaviour with BIO_gets we have to check -+ * there's a complete line in there before calling BIO_gets or we'll -+ * just get a partial read. -+ */ -+ n = BIO_get_mem_data(rctx->mem, &p); -+ if ((n <= 0) || !memchr(p, '\n', n)) { -+ if (n >= rctx->iobuflen) { -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ goto next_io; -+ } -+ n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); -+ -+ if (n <= 0) { -+ if (BIO_should_retry(rctx->mem)) -+ goto next_io; -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ -+ /* Don't allow excessive lines */ -+ if (n == rctx->iobuflen) { -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ -+ /* First line */ -+ if (rctx->state == OHS_FIRSTLINE) { -+ if (parse_http_line1((char *)rctx->iobuf)) { -+ rctx->state = OHS_HEADERS; -+ goto next_line; -+ } else { -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ } else { -+ /* Look for blank line: end of headers */ -+ for (p = rctx->iobuf; *p; p++) { -+ if ((*p != '\r') && (*p != '\n')) -+ break; -+ } -+ if (*p) -+ goto next_line; -+ -+ rctx->state = OHS_ASN1_HEADER; -+ -+ } -+ -+ /* Fall thru */ -+ -+ case OHS_ASN1_HEADER: -+ /* -+ * Now reading ASN1 header: can read at least 2 bytes which is enough -+ * for ASN1 SEQUENCE header and either length field or at least the -+ * length of the length field. -+ */ -+ n = BIO_get_mem_data(rctx->mem, &p); -+ if (n < 2) -+ goto next_io; -+ -+ /* Check it is an ASN1 SEQUENCE */ -+ if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ -+ /* Check out length field */ -+ if (*p & 0x80) { -+ /* -+ * If MSB set on initial length octet we can now always read 6 -+ * octets: make sure we have them. -+ */ -+ if (n < 6) -+ goto next_io; -+ n = *p & 0x7F; -+ /* Not NDEF or excessive length */ -+ if (!n || (n > 4)) { -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ p++; -+ rctx->asn1_len = 0; -+ for (i = 0; i < n; i++) { -+ rctx->asn1_len <<= 8; -+ rctx->asn1_len |= *p++; -+ } -+ -+ if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) { -+ rctx->state = OHS_ERROR; -+ return 0; -+ } -+ -+ rctx->asn1_len += n + 2; -+ } else -+ rctx->asn1_len = *p + 2; -+ -+ rctx->state = OHS_ASN1_CONTENT; -+ -+ /* Fall thru */ -+ -+ case OHS_ASN1_CONTENT: -+ n = BIO_get_mem_data(rctx->mem, &p); -+ if (n < (int)rctx->asn1_len) -+ goto next_io; -+ -+ *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); -+ if (*presp) { -+ rctx->state = OHS_DONE; -+ return 1; -+ } -+ -+ rctx->state = OHS_ERROR; -+ return 0; -+ -+ break; -+ -+ case OHS_DONE: -+ return 1; -+ -+ } -+ -+ return 0; -+ -+} - - /* Blocking OCSP request handler: now a special case of non-blocking I/O */ - - OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) -- { -- OCSP_RESPONSE *resp = NULL; -- OCSP_REQ_CTX *ctx; -- int rv; -+{ -+ OCSP_RESPONSE *resp = NULL; -+ OCSP_REQ_CTX *ctx; -+ int rv; - -- ctx = OCSP_sendreq_new(b, path, req, -1); -+ ctx = OCSP_sendreq_new(b, path, req, -1); - -- if (!ctx) -- return NULL; -+ if (!ctx) -+ return NULL; - -- do -- { -- rv = OCSP_sendreq_nbio(&resp, ctx); -- } while ((rv == -1) && BIO_should_retry(b)); -+ do { -+ rv = OCSP_sendreq_nbio(&resp, ctx); -+ } while ((rv == -1) && BIO_should_retry(b)); - -- OCSP_REQ_CTX_free(ctx); -+ OCSP_REQ_CTX_free(ctx); - -- if (rv) -- return resp; -+ if (rv) -+ return resp; - -- return NULL; -- } -+ return NULL; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -index 5883b4e..a6686e5 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c -@@ -1,11 +1,14 @@ - /* ocsp_lib.c */ --/* Written by Tom Titchener for the OpenSSL -- * project. */ -+/* -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ - --/* History: -- This file was transfered to Richard Levitte from CertCo by Kathy -- Weinhold in mid-spring 2000 to be included in OpenSSL or released -- as a patch kit. */ -+/* -+ * History: This file was transfered to Richard Levitte from CertCo by Kathy -+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a -+ * patch kit. -+ */ - - /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -@@ -15,7 +18,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -74,200 +77,210 @@ - - OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) - { -- X509_NAME *iname; -- ASN1_INTEGER *serial; -- ASN1_BIT_STRING *ikey; -+ X509_NAME *iname; -+ ASN1_INTEGER *serial; -+ ASN1_BIT_STRING *ikey; - #ifndef OPENSSL_NO_SHA1 -- if(!dgst) dgst = EVP_sha1(); -+ if (!dgst) -+ dgst = EVP_sha1(); - #endif -- if (subject) -- { -- iname = X509_get_issuer_name(subject); -- serial = X509_get_serialNumber(subject); -- } -- else -- { -- iname = X509_get_subject_name(issuer); -- serial = NULL; -- } -- ikey = X509_get0_pubkey_bitstr(issuer); -- return OCSP_cert_id_new(dgst, iname, ikey, serial); -+ if (subject) { -+ iname = X509_get_issuer_name(subject); -+ serial = X509_get_serialNumber(subject); -+ } else { -+ iname = X509_get_subject_name(issuer); -+ serial = NULL; -+ } -+ ikey = X509_get0_pubkey_bitstr(issuer); -+ return OCSP_cert_id_new(dgst, iname, ikey, serial); - } - -- --OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, -- X509_NAME *issuerName, -- ASN1_BIT_STRING* issuerKey, -- ASN1_INTEGER *serialNumber) -- { -- int nid; -- unsigned int i; -- X509_ALGOR *alg; -- OCSP_CERTID *cid = NULL; -- unsigned char md[EVP_MAX_MD_SIZE]; -- -- if (!(cid = OCSP_CERTID_new())) goto err; -- -- alg = cid->hashAlgorithm; -- if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm); -- if ((nid = EVP_MD_type(dgst)) == NID_undef) -- { -- OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID); -- goto err; -- } -- if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err; -- if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err; -- alg->parameter->type=V_ASN1_NULL; -- -- if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr; -- if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err; -- -- /* Calculate the issuerKey hash, excluding tag and length */ -- EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL); -- -- if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err; -- -- if (serialNumber) -- { -- ASN1_INTEGER_free(cid->serialNumber); -- if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err; -- } -- return cid; --digerr: -- OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR); --err: -- if (cid) OCSP_CERTID_free(cid); -- return NULL; -- } -+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, -+ X509_NAME *issuerName, -+ ASN1_BIT_STRING *issuerKey, -+ ASN1_INTEGER *serialNumber) -+{ -+ int nid; -+ unsigned int i; -+ X509_ALGOR *alg; -+ OCSP_CERTID *cid = NULL; -+ unsigned char md[EVP_MAX_MD_SIZE]; -+ -+ if (!(cid = OCSP_CERTID_new())) -+ goto err; -+ -+ alg = cid->hashAlgorithm; -+ if (alg->algorithm != NULL) -+ ASN1_OBJECT_free(alg->algorithm); -+ if ((nid = EVP_MD_type(dgst)) == NID_undef) { -+ OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); -+ goto err; -+ } -+ if (!(alg->algorithm = OBJ_nid2obj(nid))) -+ goto err; -+ if ((alg->parameter = ASN1_TYPE_new()) == NULL) -+ goto err; -+ alg->parameter->type = V_ASN1_NULL; -+ -+ if (!X509_NAME_digest(issuerName, dgst, md, &i)) -+ goto digerr; -+ if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) -+ goto err; -+ -+ /* Calculate the issuerKey hash, excluding tag and length */ -+ EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL); -+ -+ if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) -+ goto err; -+ -+ if (serialNumber) { -+ ASN1_INTEGER_free(cid->serialNumber); -+ if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) -+ goto err; -+ } -+ return cid; -+ digerr: -+ OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); -+ err: -+ if (cid) -+ OCSP_CERTID_free(cid); -+ return NULL; -+} - - int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) -- { -- int ret; -- ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm); -- if (ret) return ret; -- ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); -- if (ret) return ret; -- return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); -- } -+{ -+ int ret; -+ ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm); -+ if (ret) -+ return ret; -+ ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); -+ if (ret) -+ return ret; -+ return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); -+} - - int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) -- { -- int ret; -- ret = OCSP_id_issuer_cmp(a, b); -- if (ret) return ret; -- return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); -- } -- -+{ -+ int ret; -+ ret = OCSP_id_issuer_cmp(a, b); -+ if (ret) -+ return ret; -+ return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); -+} - --/* Parse a URL and split it up into host, port and path components and whether -- * it is SSL. -+/* -+ * Parse a URL and split it up into host, port and path components and -+ * whether it is SSL. - */ - --int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl) -- { -- char *p, *buf; -- -- char *host, *port; -- -- *phost = NULL; -- *pport = NULL; -- *ppath = NULL; -- -- /* dup the buffer since we are going to mess with it */ -- buf = BUF_strdup(url); -- if (!buf) goto mem_err; -- -- /* Check for initial colon */ -- p = strchr(buf, ':'); -- -- if (!p) goto parse_err; -- -- *(p++) = '\0'; -- -- if (!strcmp(buf, "http")) -- { -- *pssl = 0; -- port = "80"; -- } -- else if (!strcmp(buf, "https")) -- { -- *pssl = 1; -- port = "443"; -- } -- else -- goto parse_err; -- -- /* Check for double slash */ -- if ((p[0] != '/') || (p[1] != '/')) -- goto parse_err; -- -- p += 2; -- -- host = p; -- -- /* Check for trailing part of path */ -- -- p = strchr(p, '/'); -- -- if (!p) -- *ppath = BUF_strdup("/"); -- else -- { -- *ppath = BUF_strdup(p); -- /* Set start of path to 0 so hostname is valid */ -- *p = '\0'; -- } -- -- if (!*ppath) goto mem_err; -- -- p = host; -- if(host[0] == '[') -- { -- /* ipv6 literal */ -- host++; -- p = strchr(host, ']'); -- if(!p) goto parse_err; -- *p = '\0'; -- p++; -- } -- -- /* Look for optional ':' for port number */ -- if ((p = strchr(p, ':'))) -- { -- *p = 0; -- port = p + 1; -- } -- else -- { -- /* Not found: set default port */ -- if (*pssl) port = "443"; -- else port = "80"; -- } -- -- *pport = BUF_strdup(port); -- if (!*pport) goto mem_err; -- -- *phost = BUF_strdup(host); -- -- if (!*phost) goto mem_err; -- -- OPENSSL_free(buf); -- -- return 1; -- -- mem_err: -- OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE); -- goto err; -- -- parse_err: -- OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); -- -+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, -+ int *pssl) -+{ -+ char *p, *buf; -+ -+ char *host, *port; -+ -+ *phost = NULL; -+ *pport = NULL; -+ *ppath = NULL; -+ -+ /* dup the buffer since we are going to mess with it */ -+ buf = BUF_strdup(url); -+ if (!buf) -+ goto mem_err; -+ -+ /* Check for initial colon */ -+ p = strchr(buf, ':'); -+ -+ if (!p) -+ goto parse_err; -+ -+ *(p++) = '\0'; -+ -+ if (!strcmp(buf, "http")) { -+ *pssl = 0; -+ port = "80"; -+ } else if (!strcmp(buf, "https")) { -+ *pssl = 1; -+ port = "443"; -+ } else -+ goto parse_err; -+ -+ /* Check for double slash */ -+ if ((p[0] != '/') || (p[1] != '/')) -+ goto parse_err; -+ -+ p += 2; -+ -+ host = p; -+ -+ /* Check for trailing part of path */ -+ -+ p = strchr(p, '/'); -+ -+ if (!p) -+ *ppath = BUF_strdup("/"); -+ else { -+ *ppath = BUF_strdup(p); -+ /* Set start of path to 0 so hostname is valid */ -+ *p = '\0'; -+ } -+ -+ if (!*ppath) -+ goto mem_err; -+ -+ p = host; -+ if (host[0] == '[') { -+ /* ipv6 literal */ -+ host++; -+ p = strchr(host, ']'); -+ if (!p) -+ goto parse_err; -+ *p = '\0'; -+ p++; -+ } -+ -+ /* Look for optional ':' for port number */ -+ if ((p = strchr(p, ':'))) { -+ *p = 0; -+ port = p + 1; -+ } else { -+ /* Not found: set default port */ -+ if (*pssl) -+ port = "443"; -+ else -+ port = "80"; -+ } -+ -+ *pport = BUF_strdup(port); -+ if (!*pport) -+ goto mem_err; -+ -+ *phost = BUF_strdup(host); -+ -+ if (!*phost) -+ goto mem_err; -+ -+ OPENSSL_free(buf); -+ -+ return 1; -+ -+ mem_err: -+ OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ -+ parse_err: -+ OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); -+ -+ err: -+ if (buf) -+ OPENSSL_free(buf); -+ if (*ppath) -+ OPENSSL_free(*ppath); -+ if (*pport) -+ OPENSSL_free(*pport); -+ if (*phost) -+ OPENSSL_free(*phost); -+ return 0; - -- err: -- if (buf) OPENSSL_free(buf); -- if (*ppath) OPENSSL_free(*ppath); -- if (*pport) OPENSSL_free(*pport); -- if (*phost) OPENSSL_free(*phost); -- return 0; -- -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c -index b8b7871..f618177 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c -@@ -1,11 +1,14 @@ - /* ocsp_prn.c */ --/* Written by Tom Titchener for the OpenSSL -- * project. */ -+/* -+ * Written by Tom Titchener for the OpenSSL -+ * project. -+ */ - --/* History: -- This file was originally part of ocsp.c and was transfered to Richard -- Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included -- in OpenSSL or released as a patch kit. */ -+/* -+ * History: This file was originally part of ocsp.c and was transfered to -+ * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be -+ * included in OpenSSL or released as a patch kit. -+ */ - - /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. -@@ -15,7 +18,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -66,225 +69,232 @@ - #include - #include - --static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) -- { -- BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); -- indent += 2; -- BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); -- i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); -- BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); -- i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); -- BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); -- i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); -- BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); -- i2a_ASN1_INTEGER(bp, a->serialNumber); -- BIO_printf(bp, "\n"); -- return 1; -- } -+static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) -+{ -+ BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); -+ indent += 2; -+ BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); -+ i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); -+ BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); -+ i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); -+ BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); -+ i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); -+ BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); -+ i2a_ASN1_INTEGER(bp, a->serialNumber); -+ BIO_printf(bp, "\n"); -+ return 1; -+} - --typedef struct -- { -- long t; -- char *m; -- } OCSP_TBLSTR; -+typedef struct { -+ long t; -+ char *m; -+} OCSP_TBLSTR; - - static char *table2string(long s, OCSP_TBLSTR *ts, int len) - { -- OCSP_TBLSTR *p; -- for (p=ts; p < ts + len; p++) -- if (p->t == s) -- return p->m; -- return "(UNKNOWN)"; -+ OCSP_TBLSTR *p; -+ for (p = ts; p < ts + len; p++) -+ if (p->t == s) -+ return p->m; -+ return "(UNKNOWN)"; - } - - char *OCSP_response_status_str(long s) -- { -- static OCSP_TBLSTR rstat_tbl[] = { -- { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, -- { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, -- { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, -- { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, -- { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, -- { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }; -- return table2string(s, rstat_tbl, 6); -- } -+{ -+ static OCSP_TBLSTR rstat_tbl[] = { -+ {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"}, -+ {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"}, -+ {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"}, -+ {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"}, -+ {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"}, -+ {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"} -+ }; -+ return table2string(s, rstat_tbl, 6); -+} - - char *OCSP_cert_status_str(long s) -- { -- static OCSP_TBLSTR cstat_tbl[] = { -- { V_OCSP_CERTSTATUS_GOOD, "good" }, -- { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, -- { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; -- return table2string(s, cstat_tbl, 3); -- } -+{ -+ static OCSP_TBLSTR cstat_tbl[] = { -+ {V_OCSP_CERTSTATUS_GOOD, "good"}, -+ {V_OCSP_CERTSTATUS_REVOKED, "revoked"}, -+ {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"} -+ }; -+ return table2string(s, cstat_tbl, 3); -+} - - char *OCSP_crl_reason_str(long s) -- { -- OCSP_TBLSTR reason_tbl[] = { -- { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, -- { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, -- { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, -- { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, -- { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, -- { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, -- { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, -- { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }; -- return table2string(s, reason_tbl, 8); -- } -+{ -+ OCSP_TBLSTR reason_tbl[] = { -+ {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"}, -+ {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"}, -+ {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"}, -+ {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"}, -+ {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"}, -+ {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"}, -+ {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"}, -+ {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"} -+ }; -+ return table2string(s, reason_tbl, 8); -+} - --int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) -- { -- int i; -- long l; -- OCSP_CERTID* cid = NULL; -- OCSP_ONEREQ *one = NULL; -- OCSP_REQINFO *inf = o->tbsRequest; -- OCSP_SIGNATURE *sig = o->optionalSignature; -+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) -+{ -+ int i; -+ long l; -+ OCSP_CERTID *cid = NULL; -+ OCSP_ONEREQ *one = NULL; -+ OCSP_REQINFO *inf = o->tbsRequest; -+ OCSP_SIGNATURE *sig = o->optionalSignature; - -- if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err; -- l=ASN1_INTEGER_get(inf->version); -- if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) goto err; -- if (inf->requestorName != NULL) -- { -- if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) -- goto err; -- GENERAL_NAME_print(bp, inf->requestorName); -- } -- if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err; -- for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) -- { -- one = sk_OCSP_ONEREQ_value(inf->requestList, i); -- cid = one->reqCert; -- ocsp_certid_print(bp, cid, 8); -- if (!X509V3_extensions_print(bp, -- "Request Single Extensions", -- one->singleRequestExtensions, flags, 8)) -- goto err; -- } -- if (!X509V3_extensions_print(bp, "Request Extensions", -- inf->requestExtensions, flags, 4)) -- goto err; -- if (sig) -- { -- X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); -- for (i=0; icerts); i++) -- { -- X509_print(bp, sk_X509_value(sig->certs,i)); -- PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); -- } -- } -- return 1; --err: -- return 0; -- } -+ if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) -+ goto err; -+ l = ASN1_INTEGER_get(inf->version); -+ if (BIO_printf(bp, " Version: %lu (0x%lx)", l + 1, l) <= 0) -+ goto err; -+ if (inf->requestorName != NULL) { -+ if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0) -+ goto err; -+ GENERAL_NAME_print(bp, inf->requestorName); -+ } -+ if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0) -+ goto err; -+ for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { -+ one = sk_OCSP_ONEREQ_value(inf->requestList, i); -+ cid = one->reqCert; -+ ocsp_certid_print(bp, cid, 8); -+ if (!X509V3_extensions_print(bp, -+ "Request Single Extensions", -+ one->singleRequestExtensions, flags, 8)) -+ goto err; -+ } -+ if (!X509V3_extensions_print(bp, "Request Extensions", -+ inf->requestExtensions, flags, 4)) -+ goto err; -+ if (sig) { -+ X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); -+ for (i = 0; i < sk_X509_num(sig->certs); i++) { -+ X509_print(bp, sk_X509_value(sig->certs, i)); -+ PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); -+ } -+ } -+ return 1; -+ err: -+ return 0; -+} - --int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) -- { -- int i, ret = 0; -- long l; -- OCSP_CERTID *cid = NULL; -- OCSP_BASICRESP *br = NULL; -- OCSP_RESPID *rid = NULL; -- OCSP_RESPDATA *rd = NULL; -- OCSP_CERTSTATUS *cst = NULL; -- OCSP_REVOKEDINFO *rev = NULL; -- OCSP_SINGLERESP *single = NULL; -- OCSP_RESPBYTES *rb = o->responseBytes; -+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) -+{ -+ int i, ret = 0; -+ long l; -+ OCSP_CERTID *cid = NULL; -+ OCSP_BASICRESP *br = NULL; -+ OCSP_RESPID *rid = NULL; -+ OCSP_RESPDATA *rd = NULL; -+ OCSP_CERTSTATUS *cst = NULL; -+ OCSP_REVOKEDINFO *rev = NULL; -+ OCSP_SINGLERESP *single = NULL; -+ OCSP_RESPBYTES *rb = o->responseBytes; - -- if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; -- l=ASN1_ENUMERATED_get(o->responseStatus); -- if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", -- OCSP_response_status_str(l), l) <= 0) goto err; -- if (rb == NULL) return 1; -- if (BIO_puts(bp," Response Type: ") <= 0) -- goto err; -- if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) -- goto err; -- if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) -- { -- BIO_puts(bp," (unknown response type)\n"); -- return 1; -- } -+ if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) -+ goto err; -+ l = ASN1_ENUMERATED_get(o->responseStatus); -+ if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", -+ OCSP_response_status_str(l), l) <= 0) -+ goto err; -+ if (rb == NULL) -+ return 1; -+ if (BIO_puts(bp, " Response Type: ") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) -+ goto err; -+ if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { -+ BIO_puts(bp, " (unknown response type)\n"); -+ return 1; -+ } - -- i = ASN1_STRING_length(rb->response); -- if (!(br = OCSP_response_get1_basic(o))) goto err; -- rd = br->tbsResponseData; -- l=ASN1_INTEGER_get(rd->version); -- if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", -- l+1,l) <= 0) goto err; -- if (BIO_puts(bp," Responder Id: ") <= 0) goto err; -+ i = ASN1_STRING_length(rb->response); -+ if (!(br = OCSP_response_get1_basic(o))) -+ goto err; -+ rd = br->tbsResponseData; -+ l = ASN1_INTEGER_get(rd->version); -+ if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0) -+ goto err; -+ if (BIO_puts(bp, " Responder Id: ") <= 0) -+ goto err; - -- rid = rd->responderId; -- switch (rid->type) -- { -- case V_OCSP_RESPID_NAME: -- X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); -- break; -- case V_OCSP_RESPID_KEY: -- i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); -- break; -- } -+ rid = rd->responderId; -+ switch (rid->type) { -+ case V_OCSP_RESPID_NAME: -+ X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); -+ break; -+ case V_OCSP_RESPID_KEY: -+ i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); -+ break; -+ } - -- if (BIO_printf(bp,"\n Produced At: ")<=0) goto err; -- if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err; -- if (BIO_printf(bp,"\n Responses:\n") <= 0) goto err; -- for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) -- { -- if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue; -- single = sk_OCSP_SINGLERESP_value(rd->responses, i); -- cid = single->certId; -- if(ocsp_certid_print(bp, cid, 4) <= 0) goto err; -- cst = single->certStatus; -- if (BIO_printf(bp," Cert Status: %s", -- OCSP_cert_status_str(cst->type)) <= 0) -- goto err; -- if (cst->type == V_OCSP_CERTSTATUS_REVOKED) -- { -- rev = cst->value.revoked; -- if (BIO_printf(bp, "\n Revocation Time: ") <= 0) -- goto err; -- if (!ASN1_GENERALIZEDTIME_print(bp, -- rev->revocationTime)) -- goto err; -- if (rev->revocationReason) -- { -- l=ASN1_ENUMERATED_get(rev->revocationReason); -- if (BIO_printf(bp, -- "\n Revocation Reason: %s (0x%lx)", -- OCSP_crl_reason_str(l), l) <= 0) -- goto err; -- } -- } -- if (BIO_printf(bp,"\n This Update: ") <= 0) goto err; -- if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) -- goto err; -- if (single->nextUpdate) -- { -- if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err; -- if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) -- goto err; -- } -- if (BIO_write(bp,"\n",1) <= 0) goto err; -- if (!X509V3_extensions_print(bp, -- "Response Single Extensions", -- single->singleExtensions, flags, 8)) -- goto err; -- if (BIO_write(bp,"\n",1) <= 0) goto err; -- } -- if (!X509V3_extensions_print(bp, "Response Extensions", -- rd->responseExtensions, flags, 4)) -- goto err; -- if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) -- goto err; -+ if (BIO_printf(bp, "\n Produced At: ") <= 0) -+ goto err; -+ if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) -+ goto err; -+ if (BIO_printf(bp, "\n Responses:\n") <= 0) -+ goto err; -+ for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { -+ if (!sk_OCSP_SINGLERESP_value(rd->responses, i)) -+ continue; -+ single = sk_OCSP_SINGLERESP_value(rd->responses, i); -+ cid = single->certId; -+ if (ocsp_certid_print(bp, cid, 4) <= 0) -+ goto err; -+ cst = single->certStatus; -+ if (BIO_printf(bp, " Cert Status: %s", -+ OCSP_cert_status_str(cst->type)) <= 0) -+ goto err; -+ if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { -+ rev = cst->value.revoked; -+ if (BIO_printf(bp, "\n Revocation Time: ") <= 0) -+ goto err; -+ if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime)) -+ goto err; -+ if (rev->revocationReason) { -+ l = ASN1_ENUMERATED_get(rev->revocationReason); -+ if (BIO_printf(bp, -+ "\n Revocation Reason: %s (0x%lx)", -+ OCSP_crl_reason_str(l), l) <= 0) -+ goto err; -+ } -+ } -+ if (BIO_printf(bp, "\n This Update: ") <= 0) -+ goto err; -+ if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) -+ goto err; -+ if (single->nextUpdate) { -+ if (BIO_printf(bp, "\n Next Update: ") <= 0) -+ goto err; -+ if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) -+ goto err; -+ } -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ if (!X509V3_extensions_print(bp, -+ "Response Single Extensions", -+ single->singleExtensions, flags, 8)) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (!X509V3_extensions_print(bp, "Response Extensions", -+ rd->responseExtensions, flags, 4)) -+ goto err; -+ if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) -+ goto err; - -- for (i=0; icerts); i++) -- { -- X509_print(bp, sk_X509_value(br->certs,i)); -- PEM_write_bio_X509(bp,sk_X509_value(br->certs,i)); -- } -+ for (i = 0; i < sk_X509_num(br->certs); i++) { -+ X509_print(bp, sk_X509_value(br->certs, i)); -+ PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); -+ } - -- ret = 1; --err: -- OCSP_BASICRESP_free(br); -- return ret; -- } -+ ret = 1; -+ err: -+ OCSP_BASICRESP_free(br); -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c -index 1c606dd..2ec2c63 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c -@@ -1,6 +1,7 @@ - /* ocsp_srv.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,200 +66,206 @@ - #include - #include - --/* Utility functions related to sending OCSP responses and extracting -+/* -+ * Utility functions related to sending OCSP responses and extracting - * relevant information from the request. - */ - - int OCSP_request_onereq_count(OCSP_REQUEST *req) -- { -- return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList); -- } -+{ -+ return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList); -+} - - OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i) -- { -- return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i); -- } -+{ -+ return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i); -+} - - OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one) -- { -- return one->reqCert; -- } -+{ -+ return one->reqCert; -+} - - int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, -- ASN1_OCTET_STRING **pikeyHash, -- ASN1_INTEGER **pserial, OCSP_CERTID *cid) -- { -- if (!cid) return 0; -- if (pmd) *pmd = cid->hashAlgorithm->algorithm; -- if(piNameHash) *piNameHash = cid->issuerNameHash; -- if (pikeyHash) *pikeyHash = cid->issuerKeyHash; -- if (pserial) *pserial = cid->serialNumber; -- return 1; -- } -+ ASN1_OCTET_STRING **pikeyHash, -+ ASN1_INTEGER **pserial, OCSP_CERTID *cid) -+{ -+ if (!cid) -+ return 0; -+ if (pmd) -+ *pmd = cid->hashAlgorithm->algorithm; -+ if (piNameHash) -+ *piNameHash = cid->issuerNameHash; -+ if (pikeyHash) -+ *pikeyHash = cid->issuerKeyHash; -+ if (pserial) -+ *pserial = cid->serialNumber; -+ return 1; -+} - - int OCSP_request_is_signed(OCSP_REQUEST *req) -- { -- if(req->optionalSignature) return 1; -- return 0; -- } -+{ -+ if (req->optionalSignature) -+ return 1; -+ return 0; -+} - - /* Create an OCSP response and encode an optional basic response */ - OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) -- { -- OCSP_RESPONSE *rsp = NULL; -- -- if (!(rsp = OCSP_RESPONSE_new())) goto err; -- if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err; -- if (!bs) return rsp; -- if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err; -- rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); -- if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response)) -- goto err; -- return rsp; --err: -- if (rsp) OCSP_RESPONSE_free(rsp); -- return NULL; -- } -- -+{ -+ OCSP_RESPONSE *rsp = NULL; -+ -+ if (!(rsp = OCSP_RESPONSE_new())) -+ goto err; -+ if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) -+ goto err; -+ if (!bs) -+ return rsp; -+ if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) -+ goto err; -+ rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); -+ if (!ASN1_item_pack -+ (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response)) -+ goto err; -+ return rsp; -+ err: -+ if (rsp) -+ OCSP_RESPONSE_free(rsp); -+ return NULL; -+} - - OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, -- OCSP_CERTID *cid, -- int status, int reason, -- ASN1_TIME *revtime, -- ASN1_TIME *thisupd, ASN1_TIME *nextupd) -- { -- OCSP_SINGLERESP *single = NULL; -- OCSP_CERTSTATUS *cs; -- OCSP_REVOKEDINFO *ri; -- -- if(!rsp->tbsResponseData->responses && -- !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) -- goto err; -- -- if (!(single = OCSP_SINGLERESP_new())) -- goto err; -- -- -- -- if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) -- goto err; -- if (nextupd && -- !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) -- goto err; -- -- OCSP_CERTID_free(single->certId); -- -- if(!(single->certId = OCSP_CERTID_dup(cid))) -- goto err; -- -- cs = single->certStatus; -- switch(cs->type = status) -- { -- case V_OCSP_CERTSTATUS_REVOKED: -- if (!revtime) -- { -- OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME); -- goto err; -- } -- if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err; -- if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) -- goto err; -- if (reason != OCSP_REVOKED_STATUS_NOSTATUS) -- { -- if (!(ri->revocationReason = ASN1_ENUMERATED_new())) -- goto err; -- if (!(ASN1_ENUMERATED_set(ri->revocationReason, -- reason))) -- goto err; -- } -- break; -- -- case V_OCSP_CERTSTATUS_GOOD: -- cs->value.good = ASN1_NULL_new(); -- break; -- -- case V_OCSP_CERTSTATUS_UNKNOWN: -- cs->value.unknown = ASN1_NULL_new(); -- break; -- -- default: -- goto err; -- -- } -- if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) -- goto err; -- return single; --err: -- OCSP_SINGLERESP_free(single); -- return NULL; -- } -+ OCSP_CERTID *cid, -+ int status, int reason, -+ ASN1_TIME *revtime, -+ ASN1_TIME *thisupd, -+ ASN1_TIME *nextupd) -+{ -+ OCSP_SINGLERESP *single = NULL; -+ OCSP_CERTSTATUS *cs; -+ OCSP_REVOKEDINFO *ri; -+ -+ if (!rsp->tbsResponseData->responses && -+ !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) -+ goto err; -+ -+ if (!(single = OCSP_SINGLERESP_new())) -+ goto err; -+ -+ if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) -+ goto err; -+ if (nextupd && -+ !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) -+ goto err; -+ -+ OCSP_CERTID_free(single->certId); -+ -+ if (!(single->certId = OCSP_CERTID_dup(cid))) -+ goto err; -+ -+ cs = single->certStatus; -+ switch (cs->type = status) { -+ case V_OCSP_CERTSTATUS_REVOKED: -+ if (!revtime) { -+ OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME); -+ goto err; -+ } -+ if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) -+ goto err; -+ if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) -+ goto err; -+ if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { -+ if (!(ri->revocationReason = ASN1_ENUMERATED_new())) -+ goto err; -+ if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) -+ goto err; -+ } -+ break; -+ -+ case V_OCSP_CERTSTATUS_GOOD: -+ cs->value.good = ASN1_NULL_new(); -+ break; -+ -+ case V_OCSP_CERTSTATUS_UNKNOWN: -+ cs->value.unknown = ASN1_NULL_new(); -+ break; -+ -+ default: -+ goto err; -+ -+ } -+ if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) -+ goto err; -+ return single; -+ err: -+ OCSP_SINGLERESP_free(single); -+ return NULL; -+} - - /* Add a certificate to an OCSP request */ - - int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) -- { -- if (!resp->certs && !(resp->certs = sk_X509_new_null())) -- return 0; -- -- if(!sk_X509_push(resp->certs, cert)) return 0; -- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); -- return 1; -- } -- --int OCSP_basic_sign(OCSP_BASICRESP *brsp, -- X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, -- STACK_OF(X509) *certs, unsigned long flags) -- { -- int i; -- OCSP_RESPID *rid; -- -- if (!X509_check_private_key(signer, key)) -- { -- OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); -- goto err; -- } -- -- if(!(flags & OCSP_NOCERTS)) -- { -- if(!OCSP_basic_add1_cert(brsp, signer)) -- goto err; -- for (i = 0; i < sk_X509_num(certs); i++) -- { -- X509 *tmpcert = sk_X509_value(certs, i); -- if(!OCSP_basic_add1_cert(brsp, tmpcert)) -- goto err; -- } -- } -- -- rid = brsp->tbsResponseData->responderId; -- if (flags & OCSP_RESPID_KEY) -- { -- unsigned char md[SHA_DIGEST_LENGTH]; -- X509_pubkey_digest(signer, EVP_sha1(), md, NULL); -- if (!(rid->value.byKey = ASN1_OCTET_STRING_new())) -- goto err; -- if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) -- goto err; -- rid->type = V_OCSP_RESPID_KEY; -- } -- else -- { -- if (!X509_NAME_set(&rid->value.byName, -- X509_get_subject_name(signer))) -- goto err; -- rid->type = V_OCSP_RESPID_NAME; -- } -- -- if (!(flags & OCSP_NOTIME) && -- !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) -- goto err; -- -- /* Right now, I think that not doing double hashing is the right -- thing. -- Richard Levitte */ -- -- if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err; -- -- return 1; --err: -- return 0; -- } -+{ -+ if (!resp->certs && !(resp->certs = sk_X509_new_null())) -+ return 0; -+ -+ if (!sk_X509_push(resp->certs, cert)) -+ return 0; -+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); -+ return 1; -+} -+ -+int OCSP_basic_sign(OCSP_BASICRESP *brsp, -+ X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, -+ STACK_OF(X509) *certs, unsigned long flags) -+{ -+ int i; -+ OCSP_RESPID *rid; -+ -+ if (!X509_check_private_key(signer, key)) { -+ OCSPerr(OCSP_F_OCSP_BASIC_SIGN, -+ OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); -+ goto err; -+ } -+ -+ if (!(flags & OCSP_NOCERTS)) { -+ if (!OCSP_basic_add1_cert(brsp, signer)) -+ goto err; -+ for (i = 0; i < sk_X509_num(certs); i++) { -+ X509 *tmpcert = sk_X509_value(certs, i); -+ if (!OCSP_basic_add1_cert(brsp, tmpcert)) -+ goto err; -+ } -+ } -+ -+ rid = brsp->tbsResponseData->responderId; -+ if (flags & OCSP_RESPID_KEY) { -+ unsigned char md[SHA_DIGEST_LENGTH]; -+ X509_pubkey_digest(signer, EVP_sha1(), md, NULL); -+ if (!(rid->value.byKey = ASN1_OCTET_STRING_new())) -+ goto err; -+ if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) -+ goto err; -+ rid->type = V_OCSP_RESPID_KEY; -+ } else { -+ if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer))) -+ goto err; -+ rid->type = V_OCSP_RESPID_NAME; -+ } -+ -+ if (!(flags & OCSP_NOTIME) && -+ !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) -+ goto err; -+ -+ /* -+ * Right now, I think that not doing double hashing is the right thing. -+ * -- Richard Levitte -+ */ -+ -+ if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) -+ goto err; -+ -+ return 1; -+ err: -+ return 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -index f24080f..726ea03 100644 ---- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c -@@ -1,6 +1,7 @@ - /* ocsp_vfy.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,389 +61,377 @@ - #include - #include - --static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, -- X509_STORE *st, unsigned long flags); -+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, -+ STACK_OF(X509) *certs, X509_STORE *st, -+ unsigned long flags); - static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); --static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags); --static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); --static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); -+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, -+ unsigned long flags); -+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, -+ OCSP_CERTID **ret); -+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, -+ STACK_OF(OCSP_SINGLERESP) *sresp); - static int ocsp_check_delegated(X509 *x, int flags); --static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, -- X509_STORE *st, unsigned long flags); -+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, -+ X509_NAME *nm, STACK_OF(X509) *certs, -+ X509_STORE *st, unsigned long flags); - - /* Verify a basic response message */ - - int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, -- X509_STORE *st, unsigned long flags) -- { -- X509 *signer, *x; -- STACK_OF(X509) *chain = NULL; -- X509_STORE_CTX ctx; -- int i, ret = 0; -- ret = ocsp_find_signer(&signer, bs, certs, st, flags); -- if (!ret) -- { -- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); -- goto end; -- } -- if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) -- flags |= OCSP_NOVERIFY; -- if (!(flags & OCSP_NOSIGS)) -- { -- EVP_PKEY *skey; -- skey = X509_get_pubkey(signer); -- if (skey) -- { -- ret = OCSP_BASICRESP_verify(bs, skey, 0); -- EVP_PKEY_free(skey); -- } -- if(!skey || ret <= 0) -- { -- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); -- goto end; -- } -- } -- if (!(flags & OCSP_NOVERIFY)) -- { -- int init_res; -- if(flags & OCSP_NOCHAIN) -- init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); -- else -- init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); -- if(!init_res) -- { -- ret = -1; -- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); -- goto end; -- } -- -- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); -- ret = X509_verify_cert(&ctx); -- chain = X509_STORE_CTX_get1_chain(&ctx); -- X509_STORE_CTX_cleanup(&ctx); -- if (ret <= 0) -- { -- i = X509_STORE_CTX_get_error(&ctx); -- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); -- ERR_add_error_data(2, "Verify error:", -- X509_verify_cert_error_string(i)); -- goto end; -- } -- if(flags & OCSP_NOCHECKS) -- { -- ret = 1; -- goto end; -- } -- /* At this point we have a valid certificate chain -- * need to verify it against the OCSP issuer criteria. -- */ -- ret = ocsp_check_issuer(bs, chain, flags); -- -- /* If fatal error or valid match then finish */ -- if (ret != 0) goto end; -- -- /* Easy case: explicitly trusted. Get root CA and -- * check for explicit trust -- */ -- if(flags & OCSP_NOEXPLICIT) goto end; -- -- x = sk_X509_value(chain, sk_X509_num(chain) - 1); -- if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) -- { -- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED); -- goto end; -- } -- ret = 1; -- } -- -- -- -- end: -- if(chain) sk_X509_pop_free(chain, X509_free); -- return ret; -- } -- -- --static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, -- X509_STORE *st, unsigned long flags) -- { -- X509 *signer; -- OCSP_RESPID *rid = bs->tbsResponseData->responderId; -- if ((signer = ocsp_find_signer_sk(certs, rid))) -- { -- *psigner = signer; -- return 2; -- } -- if(!(flags & OCSP_NOINTERN) && -- (signer = ocsp_find_signer_sk(bs->certs, rid))) -- { -- *psigner = signer; -- return 1; -- } -- /* Maybe lookup from store if by subject name */ -- -- *psigner = NULL; -- return 0; -- } -+ X509_STORE *st, unsigned long flags) -+{ -+ X509 *signer, *x; -+ STACK_OF(X509) *chain = NULL; -+ X509_STORE_CTX ctx; -+ int i, ret = 0; -+ ret = ocsp_find_signer(&signer, bs, certs, st, flags); -+ if (!ret) { -+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, -+ OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); -+ goto end; -+ } -+ if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) -+ flags |= OCSP_NOVERIFY; -+ if (!(flags & OCSP_NOSIGS)) { -+ EVP_PKEY *skey; -+ skey = X509_get_pubkey(signer); -+ if (skey) { -+ ret = OCSP_BASICRESP_verify(bs, skey, 0); -+ EVP_PKEY_free(skey); -+ } -+ if (!skey || ret <= 0) { -+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); -+ goto end; -+ } -+ } -+ if (!(flags & OCSP_NOVERIFY)) { -+ int init_res; -+ if (flags & OCSP_NOCHAIN) -+ init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); -+ else -+ init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); -+ if (!init_res) { -+ ret = -1; -+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); -+ goto end; -+ } - -+ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); -+ ret = X509_verify_cert(&ctx); -+ chain = X509_STORE_CTX_get1_chain(&ctx); -+ X509_STORE_CTX_cleanup(&ctx); -+ if (ret <= 0) { -+ i = X509_STORE_CTX_get_error(&ctx); -+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, -+ OCSP_R_CERTIFICATE_VERIFY_ERROR); -+ ERR_add_error_data(2, "Verify error:", -+ X509_verify_cert_error_string(i)); -+ goto end; -+ } -+ if (flags & OCSP_NOCHECKS) { -+ ret = 1; -+ goto end; -+ } -+ /* -+ * At this point we have a valid certificate chain need to verify it -+ * against the OCSP issuer criteria. -+ */ -+ ret = ocsp_check_issuer(bs, chain, flags); -+ -+ /* If fatal error or valid match then finish */ -+ if (ret != 0) -+ goto end; -+ -+ /* -+ * Easy case: explicitly trusted. Get root CA and check for explicit -+ * trust -+ */ -+ if (flags & OCSP_NOEXPLICIT) -+ goto end; -+ -+ x = sk_X509_value(chain, sk_X509_num(chain) - 1); -+ if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) { -+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED); -+ goto end; -+ } -+ ret = 1; -+ } -+ -+ end: -+ if (chain) -+ sk_X509_pop_free(chain, X509_free); -+ return ret; -+} -+ -+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, -+ STACK_OF(X509) *certs, X509_STORE *st, -+ unsigned long flags) -+{ -+ X509 *signer; -+ OCSP_RESPID *rid = bs->tbsResponseData->responderId; -+ if ((signer = ocsp_find_signer_sk(certs, rid))) { -+ *psigner = signer; -+ return 2; -+ } -+ if (!(flags & OCSP_NOINTERN) && -+ (signer = ocsp_find_signer_sk(bs->certs, rid))) { -+ *psigner = signer; -+ return 1; -+ } -+ /* Maybe lookup from store if by subject name */ -+ -+ *psigner = NULL; -+ return 0; -+} - - static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) -- { -- int i; -- unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; -- X509 *x; -- -- /* Easy if lookup by name */ -- if (id->type == V_OCSP_RESPID_NAME) -- return X509_find_by_subject(certs, id->value.byName); -- -- /* Lookup by key hash */ -- -- /* If key hash isn't SHA1 length then forget it */ -- if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL; -- keyhash = id->value.byKey->data; -- /* Calculate hash of each key and compare */ -- for (i = 0; i < sk_X509_num(certs); i++) -- { -- x = sk_X509_value(certs, i); -- X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); -- if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) -- return x; -- } -- return NULL; -- } -- -- --static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags) -- { -- STACK_OF(OCSP_SINGLERESP) *sresp; -- X509 *signer, *sca; -- OCSP_CERTID *caid = NULL; -- int i; -- sresp = bs->tbsResponseData->responses; -- -- if (sk_X509_num(chain) <= 0) -- { -- OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); -- return -1; -- } -- -- /* See if the issuer IDs match. */ -- i = ocsp_check_ids(sresp, &caid); -- -- /* If ID mismatch or other error then return */ -- if (i <= 0) return i; -- -- signer = sk_X509_value(chain, 0); -- /* Check to see if OCSP responder CA matches request CA */ -- if (sk_X509_num(chain) > 1) -- { -- sca = sk_X509_value(chain, 1); -- i = ocsp_match_issuerid(sca, caid, sresp); -- if (i < 0) return i; -- if (i) -- { -- /* We have a match, if extensions OK then success */ -- if (ocsp_check_delegated(signer, flags)) return 1; -- return 0; -- } -- } -- -- /* Otherwise check if OCSP request signed directly by request CA */ -- return ocsp_match_issuerid(signer, caid, sresp); -- } -- -- --/* Check the issuer certificate IDs for equality. If there is a mismatch with the same -- * algorithm then there's no point trying to match any certificates against the issuer. -- * If the issuer IDs all match then we just need to check equality against one of them. -+{ -+ int i; -+ unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; -+ X509 *x; -+ -+ /* Easy if lookup by name */ -+ if (id->type == V_OCSP_RESPID_NAME) -+ return X509_find_by_subject(certs, id->value.byName); -+ -+ /* Lookup by key hash */ -+ -+ /* If key hash isn't SHA1 length then forget it */ -+ if (id->value.byKey->length != SHA_DIGEST_LENGTH) -+ return NULL; -+ keyhash = id->value.byKey->data; -+ /* Calculate hash of each key and compare */ -+ for (i = 0; i < sk_X509_num(certs); i++) { -+ x = sk_X509_value(certs, i); -+ X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); -+ if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) -+ return x; -+ } -+ return NULL; -+} -+ -+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, -+ unsigned long flags) -+{ -+ STACK_OF(OCSP_SINGLERESP) *sresp; -+ X509 *signer, *sca; -+ OCSP_CERTID *caid = NULL; -+ int i; -+ sresp = bs->tbsResponseData->responses; -+ -+ if (sk_X509_num(chain) <= 0) { -+ OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); -+ return -1; -+ } -+ -+ /* See if the issuer IDs match. */ -+ i = ocsp_check_ids(sresp, &caid); -+ -+ /* If ID mismatch or other error then return */ -+ if (i <= 0) -+ return i; -+ -+ signer = sk_X509_value(chain, 0); -+ /* Check to see if OCSP responder CA matches request CA */ -+ if (sk_X509_num(chain) > 1) { -+ sca = sk_X509_value(chain, 1); -+ i = ocsp_match_issuerid(sca, caid, sresp); -+ if (i < 0) -+ return i; -+ if (i) { -+ /* We have a match, if extensions OK then success */ -+ if (ocsp_check_delegated(signer, flags)) -+ return 1; -+ return 0; -+ } -+ } -+ -+ /* Otherwise check if OCSP request signed directly by request CA */ -+ return ocsp_match_issuerid(signer, caid, sresp); -+} -+ -+/* -+ * Check the issuer certificate IDs for equality. If there is a mismatch with -+ * the same algorithm then there's no point trying to match any certificates -+ * against the issuer. If the issuer IDs all match then we just need to check -+ * equality against one of them. - */ -- -+ - static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) -- { -- OCSP_CERTID *tmpid, *cid; -- int i, idcount; -- -- idcount = sk_OCSP_SINGLERESP_num(sresp); -- if (idcount <= 0) -- { -- OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); -- return -1; -- } -- -- cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; -- -- *ret = NULL; -- -- for (i = 1; i < idcount; i++) -- { -- tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; -- /* Check to see if IDs match */ -- if (OCSP_id_issuer_cmp(cid, tmpid)) -- { -- /* If algoritm mismatch let caller deal with it */ -- if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, -- cid->hashAlgorithm->algorithm)) -- return 2; -- /* Else mismatch */ -- return 0; -- } -- } -- -- /* All IDs match: only need to check one ID */ -- *ret = cid; -- return 1; -- } -+{ -+ OCSP_CERTID *tmpid, *cid; -+ int i, idcount; -+ -+ idcount = sk_OCSP_SINGLERESP_num(sresp); -+ if (idcount <= 0) { -+ OCSPerr(OCSP_F_OCSP_CHECK_IDS, -+ OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); -+ return -1; -+ } -+ -+ cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; -+ -+ *ret = NULL; -+ -+ for (i = 1; i < idcount; i++) { -+ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; -+ /* Check to see if IDs match */ -+ if (OCSP_id_issuer_cmp(cid, tmpid)) { -+ /* If algoritm mismatch let caller deal with it */ -+ if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, -+ cid->hashAlgorithm->algorithm)) -+ return 2; -+ /* Else mismatch */ -+ return 0; -+ } -+ } - -+ /* All IDs match: only need to check one ID */ -+ *ret = cid; -+ return 1; -+} - - static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, -- STACK_OF(OCSP_SINGLERESP) *sresp) -- { -- /* If only one ID to match then do it */ -- if(cid) -- { -- const EVP_MD *dgst; -- X509_NAME *iname; -- int mdlen; -- unsigned char md[EVP_MAX_MD_SIZE]; -- if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) -- { -- OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST); -- return -1; -- } -- -- mdlen = EVP_MD_size(dgst); -- if ((cid->issuerNameHash->length != mdlen) || -- (cid->issuerKeyHash->length != mdlen)) -- return 0; -- iname = X509_get_subject_name(cert); -- if (!X509_NAME_digest(iname, dgst, md, NULL)) -- return -1; -- if (memcmp(md, cid->issuerNameHash->data, mdlen)) -- return 0; -- X509_pubkey_digest(cert, EVP_sha1(), md, NULL); -- if (memcmp(md, cid->issuerKeyHash->data, mdlen)) -- return 0; -- -- return 1; -- -- } -- else -- { -- /* We have to match the whole lot */ -- int i, ret; -- OCSP_CERTID *tmpid; -- for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) -- { -- tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; -- ret = ocsp_match_issuerid(cert, tmpid, NULL); -- if (ret <= 0) return ret; -- } -- return 1; -- } -- -- } -+ STACK_OF(OCSP_SINGLERESP) *sresp) -+{ -+ /* If only one ID to match then do it */ -+ if (cid) { -+ const EVP_MD *dgst; -+ X509_NAME *iname; -+ int mdlen; -+ unsigned char md[EVP_MAX_MD_SIZE]; -+ if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) { -+ OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, -+ OCSP_R_UNKNOWN_MESSAGE_DIGEST); -+ return -1; -+ } -+ -+ mdlen = EVP_MD_size(dgst); -+ if ((cid->issuerNameHash->length != mdlen) || -+ (cid->issuerKeyHash->length != mdlen)) -+ return 0; -+ iname = X509_get_subject_name(cert); -+ if (!X509_NAME_digest(iname, dgst, md, NULL)) -+ return -1; -+ if (memcmp(md, cid->issuerNameHash->data, mdlen)) -+ return 0; -+ X509_pubkey_digest(cert, EVP_sha1(), md, NULL); -+ if (memcmp(md, cid->issuerKeyHash->data, mdlen)) -+ return 0; -+ -+ return 1; -+ -+ } else { -+ /* We have to match the whole lot */ -+ int i, ret; -+ OCSP_CERTID *tmpid; -+ for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) { -+ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; -+ ret = ocsp_match_issuerid(cert, tmpid, NULL); -+ if (ret <= 0) -+ return ret; -+ } -+ return 1; -+ } -+ -+} - - static int ocsp_check_delegated(X509 *x, int flags) -- { -- X509_check_purpose(x, -1, 0); -- if ((x->ex_flags & EXFLAG_XKUSAGE) && -- (x->ex_xkusage & XKU_OCSP_SIGN)) -- return 1; -- OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); -- return 0; -- } -- --/* Verify an OCSP request. This is fortunately much easier than OCSP -- * response verify. Just find the signers certificate and verify it -- * against a given trust value. -+{ -+ X509_check_purpose(x, -1, 0); -+ if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN)) -+ return 1; -+ OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); -+ return 0; -+} -+ -+/* -+ * Verify an OCSP request. This is fortunately much easier than OCSP response -+ * verify. Just find the signers certificate and verify it against a given -+ * trust value. - */ - --int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags) -- { -- X509 *signer; -- X509_NAME *nm; -- GENERAL_NAME *gen; -- int ret; -- X509_STORE_CTX ctx; -- if (!req->optionalSignature) -- { -- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); -- return 0; -- } -- gen = req->tbsRequest->requestorName; -- if (!gen || gen->type != GEN_DIRNAME) -- { -- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); -- return 0; -- } -- nm = gen->d.directoryName; -- ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); -- if (ret <= 0) -- { -- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); -- return 0; -- } -- if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) -- flags |= OCSP_NOVERIFY; -- if (!(flags & OCSP_NOSIGS)) -- { -- EVP_PKEY *skey; -- skey = X509_get_pubkey(signer); -- ret = OCSP_REQUEST_verify(req, skey); -- EVP_PKEY_free(skey); -- if(ret <= 0) -- { -- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); -- return 0; -- } -- } -- if (!(flags & OCSP_NOVERIFY)) -- { -- int init_res; -- if(flags & OCSP_NOCHAIN) -- init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); -- else -- init_res = X509_STORE_CTX_init(&ctx, store, signer, -- req->optionalSignature->certs); -- if(!init_res) -- { -- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); -- return 0; -- } -- -- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); -- X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); -- ret = X509_verify_cert(&ctx); -- X509_STORE_CTX_cleanup(&ctx); -- if (ret <= 0) -- { -- ret = X509_STORE_CTX_get_error(&ctx); -- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); -- ERR_add_error_data(2, "Verify error:", -- X509_verify_cert_error_string(ret)); -- return 0; -- } -- } -- return 1; -+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, -+ X509_STORE *store, unsigned long flags) -+{ -+ X509 *signer; -+ X509_NAME *nm; -+ GENERAL_NAME *gen; -+ int ret; -+ X509_STORE_CTX ctx; -+ if (!req->optionalSignature) { -+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); -+ return 0; -+ } -+ gen = req->tbsRequest->requestorName; -+ if (!gen || gen->type != GEN_DIRNAME) { -+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, -+ OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); -+ return 0; -+ } -+ nm = gen->d.directoryName; -+ ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); -+ if (ret <= 0) { -+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, -+ OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); -+ return 0; -+ } -+ if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) -+ flags |= OCSP_NOVERIFY; -+ if (!(flags & OCSP_NOSIGS)) { -+ EVP_PKEY *skey; -+ skey = X509_get_pubkey(signer); -+ ret = OCSP_REQUEST_verify(req, skey); -+ EVP_PKEY_free(skey); -+ if (ret <= 0) { -+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); -+ return 0; -+ } -+ } -+ if (!(flags & OCSP_NOVERIFY)) { -+ int init_res; -+ if (flags & OCSP_NOCHAIN) -+ init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); -+ else -+ init_res = X509_STORE_CTX_init(&ctx, store, signer, -+ req->optionalSignature->certs); -+ if (!init_res) { -+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB); -+ return 0; - } - --static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, -- X509_STORE *st, unsigned long flags) -- { -- X509 *signer; -- if(!(flags & OCSP_NOINTERN)) -- { -- signer = X509_find_by_subject(req->optionalSignature->certs, nm); -- *psigner = signer; -- return 1; -- } -- -- signer = X509_find_by_subject(certs, nm); -- if (signer) -- { -- *psigner = signer; -- return 2; -- } -- return 0; -- } -+ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); -+ X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); -+ ret = X509_verify_cert(&ctx); -+ X509_STORE_CTX_cleanup(&ctx); -+ if (ret <= 0) { -+ ret = X509_STORE_CTX_get_error(&ctx); -+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, -+ OCSP_R_CERTIFICATE_VERIFY_ERROR); -+ ERR_add_error_data(2, "Verify error:", -+ X509_verify_cert_error_string(ret)); -+ return 0; -+ } -+ } -+ return 1; -+} -+ -+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, -+ X509_NAME *nm, STACK_OF(X509) *certs, -+ X509_STORE *st, unsigned long flags) -+{ -+ X509 *signer; -+ if (!(flags & OCSP_NOINTERN)) { -+ signer = X509_find_by_subject(req->optionalSignature->certs, nm); -+ *psigner = signer; -+ return 1; -+ } -+ -+ signer = X509_find_by_subject(certs, nm); -+ if (signer) { -+ *psigner = signer; -+ return 2; -+ } -+ return 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c -index 69dd19b..d4022aa 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_all.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_all.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -118,13 +118,13 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DH --#include -+# include - #endif - - #ifndef OPENSSL_NO_RSA -@@ -141,342 +141,319 @@ static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey); - IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) - - IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) -- - IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL) -- - IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) - - IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, -- PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) -- -- -+ PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) - #ifndef OPENSSL_NO_RSA -- --/* We treat RSA or DSA private keys as a special case. -- * -- * For private keys we read in an EVP_PKEY structure with -- * PEM_read_bio_PrivateKey() and extract the relevant private -- * key: this means can handle "traditional" and PKCS#8 formats -- * transparently. -+/* -+ * We treat RSA or DSA private keys as a special case. For private keys we -+ * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract -+ * the relevant private key: this means can handle "traditional" and PKCS#8 -+ * formats transparently. - */ -- - static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) - { -- RSA *rtmp; -- if(!key) return NULL; -- rtmp = EVP_PKEY_get1_RSA(key); -- EVP_PKEY_free(key); -- if(!rtmp) return NULL; -- if(rsa) { -- RSA_free(*rsa); -- *rsa = rtmp; -- } -- return rtmp; -+ RSA *rtmp; -+ if (!key) -+ return NULL; -+ rtmp = EVP_PKEY_get1_RSA(key); -+ EVP_PKEY_free(key); -+ if (!rtmp) -+ return NULL; -+ if (rsa) { -+ RSA_free(*rsa); -+ *rsa = rtmp; -+ } -+ return rtmp; - } - - RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, -- void *u) -+ void *u) - { -- EVP_PKEY *pktmp; -- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); -- return pkey_get_rsa(pktmp, rsa); -+ EVP_PKEY *pktmp; -+ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); -+ return pkey_get_rsa(pktmp, rsa); - } - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - --RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, -- void *u) -+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) - { -- EVP_PKEY *pktmp; -- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); -- return pkey_get_rsa(pktmp, rsa); -+ EVP_PKEY *pktmp; -+ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); -+ return pkey_get_rsa(pktmp, rsa); - } - --#endif -+# endif - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - - int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- EVP_PKEY *k; -- int ret; -- k = EVP_PKEY_new(); -- if (!k) -- return 0; -- EVP_PKEY_set1_RSA(k, x); -- -- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -- EVP_PKEY_free(k); -- return ret; -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_RSA(k, x); -+ -+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; - } - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- EVP_PKEY *k; -- int ret; -- k = EVP_PKEY_new(); -- if (!k) -- return 0; -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; - -- EVP_PKEY_set1_RSA(k, x); -+ EVP_PKEY_set1_RSA(k, x); - -- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -- EVP_PKEY_free(k); -- return ret; -+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; - } --#endif -+# endif - --#else -- --IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) -- --#endif -- --IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) --IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) -+# else - -+IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, -+ RSAPrivateKey) -+# endif -+IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, -+ RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, -+ PEM_STRING_PUBLIC, -+ RSA_PUBKEY) - #endif -- - #ifndef OPENSSL_NO_DSA -- - static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) - { -- DSA *dtmp; -- if(!key) return NULL; -- dtmp = EVP_PKEY_get1_DSA(key); -- EVP_PKEY_free(key); -- if(!dtmp) return NULL; -- if(dsa) { -- DSA_free(*dsa); -- *dsa = dtmp; -- } -- return dtmp; -+ DSA *dtmp; -+ if (!key) -+ return NULL; -+ dtmp = EVP_PKEY_get1_DSA(key); -+ EVP_PKEY_free(key); -+ if (!dtmp) -+ return NULL; -+ if (dsa) { -+ DSA_free(*dsa); -+ *dsa = dtmp; -+ } -+ return dtmp; - } - - DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, -- void *u) -+ void *u) - { -- EVP_PKEY *pktmp; -- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); -- return pkey_get_dsa(pktmp, dsa); -+ EVP_PKEY *pktmp; -+ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); -+ return pkey_get_dsa(pktmp, dsa); - } - --#ifdef OPENSSL_FIPS -+# ifdef OPENSSL_FIPS - - int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- EVP_PKEY *k; -- int ret; -- k = EVP_PKEY_new(); -- if (!k) -- return 0; -- EVP_PKEY_set1_DSA(k, x); -- -- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -- EVP_PKEY_free(k); -- return ret; -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_DSA(k, x); -+ -+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; - } - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- EVP_PKEY *k; -- int ret; -- k = EVP_PKEY_new(); -- if (!k) -- return 0; -- EVP_PKEY_set1_DSA(k, x); -- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -- EVP_PKEY_free(k); -- return ret; -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_DSA(k, x); -+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; - } --#endif -+# endif - --#else -- --IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) -- --#endif -+# else - --IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) -- --#ifndef OPENSSL_NO_FP_API -- --DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, -- void *u) -+IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, -+ DSAPrivateKey) -+# endif -+ IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) -+# ifndef OPENSSL_NO_FP_API -+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) - { -- EVP_PKEY *pktmp; -- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); -- return pkey_get_dsa(pktmp, dsa); -+ EVP_PKEY *pktmp; -+ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); -+ return pkey_get_dsa(pktmp, dsa); - } - --#endif -+# endif - - IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) -- - #endif -- -- - #ifndef OPENSSL_NO_EC - static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) - { -- EC_KEY *dtmp; -- if(!key) return NULL; -- dtmp = EVP_PKEY_get1_EC_KEY(key); -- EVP_PKEY_free(key); -- if(!dtmp) return NULL; -- if(eckey) -- { -- EC_KEY_free(*eckey); -- *eckey = dtmp; -- } -- return dtmp; -+ EC_KEY *dtmp; -+ if (!key) -+ return NULL; -+ dtmp = EVP_PKEY_get1_EC_KEY(key); -+ EVP_PKEY_free(key); -+ if (!dtmp) -+ return NULL; -+ if (eckey) { -+ EC_KEY_free(*eckey); -+ *eckey = dtmp; -+ } -+ return dtmp; - } - - EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, -- void *u) -+ void *u) - { -- EVP_PKEY *pktmp; -- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); -- return pkey_get_eckey(pktmp, key); -+ EVP_PKEY *pktmp; -+ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); -+ return pkey_get_eckey(pktmp, key); - } - --IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) -- -- -- --#ifdef OPENSSL_FIPS -- -+IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, -+ ECPKParameters) -+# ifdef OPENSSL_FIPS - int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- EVP_PKEY *k; -- int ret; -- k = EVP_PKEY_new(); -- if (!k) -- return 0; -- EVP_PKEY_set1_EC_KEY(k, x); -- -- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -- EVP_PKEY_free(k); -- return ret; -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_EC_KEY(k, x); -+ -+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; - } - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- EVP_PKEY *k; -- int ret; -- k = EVP_PKEY_new(); -- if (!k) -- return 0; -- EVP_PKEY_set1_EC_KEY(k, x); -- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -- EVP_PKEY_free(k); -- return ret; -+ EVP_PKEY *k; -+ int ret; -+ k = EVP_PKEY_new(); -+ if (!k) -+ return 0; -+ EVP_PKEY_set1_EC_KEY(k, x); -+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); -+ EVP_PKEY_free(k); -+ return ret; - } --#endif -- --#else -- --IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) -- --#endif -+# endif - -+# else -+ IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, -+ ECPrivateKey) -+# endif - IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) -- --#ifndef OPENSSL_NO_FP_API -- -+# ifndef OPENSSL_NO_FP_API - EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, -- void *u) -+ void *u) - { -- EVP_PKEY *pktmp; -- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); -- return pkey_get_eckey(pktmp, eckey); -+ EVP_PKEY *pktmp; -+ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); -+ return pkey_get_eckey(pktmp, eckey); - } - --#endif -+# endif - - #endif - - #ifndef OPENSSL_NO_DH - - IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) -- - #endif -- -- --/* The PrivateKey case is not that straightforward. -+/*- -+ * The PrivateKey case is not that straightforward. - * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey) - * does not work, RSA and DSA keys have specific strings. - * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything - * appropriate.) - */ -- - #ifdef OPENSSL_FIPS -- - static const char *pkey_str(EVP_PKEY *x) -- { -- switch (x->type) -- { -- case EVP_PKEY_RSA: -- return PEM_STRING_RSA; -- -- case EVP_PKEY_DSA: -- return PEM_STRING_DSA; -+{ -+ switch (x->type) { -+ case EVP_PKEY_RSA: -+ return PEM_STRING_RSA; - -- case EVP_PKEY_EC: -- return PEM_STRING_ECPRIVATEKEY; -+ case EVP_PKEY_DSA: -+ return PEM_STRING_DSA; - -- default: -- return NULL; -- } -- } -+ case EVP_PKEY_EC: -+ return PEM_STRING_ECPRIVATEKEY; - -+ default: -+ return NULL; -+ } -+} - - int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) -- { -- if (FIPS_mode()) -- return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, -- (char *)kstr, klen, cb, u); -- else -- return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, -- pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u); -- } -- --#ifndef OPENSSL_NO_FP_API -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ if (FIPS_mode()) -+ return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, -+ (char *)kstr, klen, cb, u); -+ else -+ return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, -+ pkey_str(x), bp, (char *)x, enc, kstr, klen, -+ cb, u); -+} -+ -+# ifndef OPENSSL_NO_FP_API - int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, -- unsigned char *kstr, int klen, -- pem_password_cb *cb, void *u) -- { -- if (FIPS_mode()) -- return PEM_write_PKCS8PrivateKey(fp, x, enc, -- (char *)kstr, klen, cb, u); -- else -- return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, -- pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u); -- } --#endif -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ if (FIPS_mode()) -+ return PEM_write_PKCS8PrivateKey(fp, x, enc, -+ (char *)kstr, klen, cb, u); -+ else -+ return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, -+ pkey_str(x), fp, (char *)x, enc, kstr, klen, cb, -+ u); -+} -+# endif - - #else --IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ -- (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) -- -+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, -+ ((x->type == -+ EVP_PKEY_DSA) ? PEM_STRING_DSA : (x->type == -+ EVP_PKEY_RSA) ? -+ PEM_STRING_RSA : PEM_STRING_ECPRIVATEKEY), PrivateKey) - #endif -- --IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) -- -+ IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c -index 3133563..7452d25 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_err.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,71 +66,71 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) - --static ERR_STRING_DATA PEM_str_functs[]= -- { --{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, --{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, --{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, --{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, --{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, --{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, --{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, --{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, --{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, --{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, --{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, --{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, --{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, --{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, --{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, --{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, --{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, --{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, --{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, --{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, --{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, --{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, --{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, --{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, --{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, --{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, --{0,NULL} -- }; -+static ERR_STRING_DATA PEM_str_functs[] = { -+ {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, -+ {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, -+ {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, -+ {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, -+ {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, -+ {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, -+ {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, -+ {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, -+ {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, -+ {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, -+ {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, -+ {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), -+ "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, -+ {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, -+ {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, -+ {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, -+ {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, -+ {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, -+ {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, -+ {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, -+ {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, -+ {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, -+ {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, -+ {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, -+ {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, -+ {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, -+ {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA PEM_str_reasons[]= -- { --{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"}, --{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, --{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, --{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, --{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, --{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, --{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, --{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, --{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, --{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, --{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, --{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, --{ERR_REASON(PEM_R_READ_KEY) ,"read key"}, --{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, --{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, --{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, --{0,NULL} -- }; -+static ERR_STRING_DATA PEM_str_reasons[] = { -+ {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"}, -+ {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"}, -+ {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"}, -+ {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"}, -+ {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"}, -+ {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY), -+ "error converting private key"}, -+ {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"}, -+ {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"}, -+ {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"}, -+ {ERR_REASON(PEM_R_NO_START_LINE), "no start line"}, -+ {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), -+ "problems getting password"}, -+ {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"}, -+ {ERR_REASON(PEM_R_READ_KEY), "read key"}, -+ {ERR_REASON(PEM_R_SHORT_HEADER), "short header"}, -+ {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, -+ {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_PEM_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,PEM_str_functs); -- ERR_load_strings(0,PEM_str_reasons); -- } -+ if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, PEM_str_functs); -+ ERR_load_strings(0, PEM_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c -index 3a273f6..91842b6 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_info.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_info.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,334 +64,320 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - - #ifndef OPENSSL_NO_FP_API --STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) -- { -- BIO *b; -- STACK_OF(X509_INFO) *ret; -+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, -+ pem_password_cb *cb, void *u) -+{ -+ BIO *b; -+ STACK_OF(X509_INFO) *ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=PEM_X509_INFO_read_bio(b,sk,cb,u); -- BIO_free(b); -- return(ret); -- } -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = PEM_X509_INFO_read_bio(b, sk, cb, u); -+ BIO_free(b); -+ return (ret); -+} - #endif - --STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) -- { -- X509_INFO *xi=NULL; -- char *name=NULL,*header=NULL; -- void *pp; -- unsigned char *data=NULL; -- const unsigned char *p; -- long len,error=0; -- int ok=0; -- STACK_OF(X509_INFO) *ret=NULL; -- unsigned int i,raw; -- d2i_of_void *d2i; -+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, -+ pem_password_cb *cb, void *u) -+{ -+ X509_INFO *xi = NULL; -+ char *name = NULL, *header = NULL; -+ void *pp; -+ unsigned char *data = NULL; -+ const unsigned char *p; -+ long len, error = 0; -+ int ok = 0; -+ STACK_OF(X509_INFO) *ret = NULL; -+ unsigned int i, raw; -+ d2i_of_void *d2i; - -- if (sk == NULL) -- { -- if ((ret=sk_X509_INFO_new_null()) == NULL) -- { -- PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- else -- ret=sk; -+ if (sk == NULL) { -+ if ((ret = sk_X509_INFO_new_null()) == NULL) { -+ PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } else -+ ret = sk; - -- if ((xi=X509_INFO_new()) == NULL) goto err; -- for (;;) -- { -- raw=0; -- i=PEM_read_bio(bp,&name,&header,&data,&len); -- if (i == 0) -- { -- error=ERR_GET_REASON(ERR_peek_last_error()); -- if (error == PEM_R_NO_START_LINE) -- { -- ERR_clear_error(); -- break; -- } -- goto err; -- } --start: -- if ( (strcmp(name,PEM_STRING_X509) == 0) || -- (strcmp(name,PEM_STRING_X509_OLD) == 0)) -- { -- d2i=(D2I_OF(void))d2i_X509; -- if (xi->x509 != NULL) -- { -- if (!sk_X509_INFO_push(ret,xi)) goto err; -- if ((xi=X509_INFO_new()) == NULL) goto err; -- goto start; -- } -- pp=&(xi->x509); -- } -- else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) -- { -- d2i=(D2I_OF(void))d2i_X509_AUX; -- if (xi->x509 != NULL) -- { -- if (!sk_X509_INFO_push(ret,xi)) goto err; -- if ((xi=X509_INFO_new()) == NULL) goto err; -- goto start; -- } -- pp=&(xi->x509); -- } -- else if (strcmp(name,PEM_STRING_X509_CRL) == 0) -- { -- d2i=(D2I_OF(void))d2i_X509_CRL; -- if (xi->crl != NULL) -- { -- if (!sk_X509_INFO_push(ret,xi)) goto err; -- if ((xi=X509_INFO_new()) == NULL) goto err; -- goto start; -- } -- pp=&(xi->crl); -- } -- else -+ if ((xi = X509_INFO_new()) == NULL) -+ goto err; -+ for (;;) { -+ raw = 0; -+ i = PEM_read_bio(bp, &name, &header, &data, &len); -+ if (i == 0) { -+ error = ERR_GET_REASON(ERR_peek_last_error()); -+ if (error == PEM_R_NO_START_LINE) { -+ ERR_clear_error(); -+ break; -+ } -+ goto err; -+ } -+ start: -+ if ((strcmp(name, PEM_STRING_X509) == 0) || -+ (strcmp(name, PEM_STRING_X509_OLD) == 0)) { -+ d2i = (D2I_OF(void)) d2i_X509; -+ if (xi->x509 != NULL) { -+ if (!sk_X509_INFO_push(ret, xi)) -+ goto err; -+ if ((xi = X509_INFO_new()) == NULL) -+ goto err; -+ goto start; -+ } -+ pp = &(xi->x509); -+ } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) { -+ d2i = (D2I_OF(void)) d2i_X509_AUX; -+ if (xi->x509 != NULL) { -+ if (!sk_X509_INFO_push(ret, xi)) -+ goto err; -+ if ((xi = X509_INFO_new()) == NULL) -+ goto err; -+ goto start; -+ } -+ pp = &(xi->x509); -+ } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) { -+ d2i = (D2I_OF(void)) d2i_X509_CRL; -+ if (xi->crl != NULL) { -+ if (!sk_X509_INFO_push(ret, xi)) -+ goto err; -+ if ((xi = X509_INFO_new()) == NULL) -+ goto err; -+ goto start; -+ } -+ pp = &(xi->crl); -+ } else - #ifndef OPENSSL_NO_RSA -- if (strcmp(name,PEM_STRING_RSA) == 0) -- { -- d2i=(D2I_OF(void))d2i_RSAPrivateKey; -- if (xi->x_pkey != NULL) -- { -- if (!sk_X509_INFO_push(ret,xi)) goto err; -- if ((xi=X509_INFO_new()) == NULL) goto err; -- goto start; -- } -+ if (strcmp(name, PEM_STRING_RSA) == 0) { -+ d2i = (D2I_OF(void)) d2i_RSAPrivateKey; -+ if (xi->x_pkey != NULL) { -+ if (!sk_X509_INFO_push(ret, xi)) -+ goto err; -+ if ((xi = X509_INFO_new()) == NULL) -+ goto err; -+ goto start; -+ } - -- xi->enc_data=NULL; -- xi->enc_len=0; -+ xi->enc_data = NULL; -+ xi->enc_len = 0; - -- xi->x_pkey=X509_PKEY_new(); -- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) -- goto err; -- xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; -- pp=&(xi->x_pkey->dec_pkey->pkey.rsa); -- if ((int)strlen(header) > 10) /* assume encrypted */ -- raw=1; -- } -- else -+ xi->x_pkey = X509_PKEY_new(); -+ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) -+ goto err; -+ xi->x_pkey->dec_pkey->type = EVP_PKEY_RSA; -+ pp = &(xi->x_pkey->dec_pkey->pkey.rsa); -+ if ((int)strlen(header) > 10) /* assume encrypted */ -+ raw = 1; -+ } else - #endif - #ifndef OPENSSL_NO_DSA -- if (strcmp(name,PEM_STRING_DSA) == 0) -- { -- d2i=(D2I_OF(void))d2i_DSAPrivateKey; -- if (xi->x_pkey != NULL) -- { -- if (!sk_X509_INFO_push(ret,xi)) goto err; -- if ((xi=X509_INFO_new()) == NULL) goto err; -- goto start; -- } -+ if (strcmp(name, PEM_STRING_DSA) == 0) { -+ d2i = (D2I_OF(void)) d2i_DSAPrivateKey; -+ if (xi->x_pkey != NULL) { -+ if (!sk_X509_INFO_push(ret, xi)) -+ goto err; -+ if ((xi = X509_INFO_new()) == NULL) -+ goto err; -+ goto start; -+ } - -- xi->enc_data=NULL; -- xi->enc_len=0; -+ xi->enc_data = NULL; -+ xi->enc_len = 0; - -- xi->x_pkey=X509_PKEY_new(); -- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) -- goto err; -- xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; -- pp=&xi->x_pkey->dec_pkey->pkey.dsa; -- if ((int)strlen(header) > 10) /* assume encrypted */ -- raw=1; -- } -- else -+ xi->x_pkey = X509_PKEY_new(); -+ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) -+ goto err; -+ xi->x_pkey->dec_pkey->type = EVP_PKEY_DSA; -+ pp = &xi->x_pkey->dec_pkey->pkey.dsa; -+ if ((int)strlen(header) > 10) /* assume encrypted */ -+ raw = 1; -+ } else - #endif - #ifndef OPENSSL_NO_EC -- if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0) -- { -- d2i=(D2I_OF(void))d2i_ECPrivateKey; -- if (xi->x_pkey != NULL) -- { -- if (!sk_X509_INFO_push(ret,xi)) goto err; -- if ((xi=X509_INFO_new()) == NULL) goto err; -- goto start; -- } -- -- xi->enc_data=NULL; -- xi->enc_len=0; -- -- xi->x_pkey=X509_PKEY_new(); -- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) -- goto err; -- xi->x_pkey->dec_pkey->type=EVP_PKEY_EC; -- pp=&(xi->x_pkey->dec_pkey->pkey.ec); -- if ((int)strlen(header) > 10) /* assume encrypted */ -- raw=1; -- } -- else -+ if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) { -+ d2i = (D2I_OF(void)) d2i_ECPrivateKey; -+ if (xi->x_pkey != NULL) { -+ if (!sk_X509_INFO_push(ret, xi)) -+ goto err; -+ if ((xi = X509_INFO_new()) == NULL) -+ goto err; -+ goto start; -+ } -+ -+ xi->enc_data = NULL; -+ xi->enc_len = 0; -+ -+ xi->x_pkey = X509_PKEY_new(); -+ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) -+ goto err; -+ xi->x_pkey->dec_pkey->type = EVP_PKEY_EC; -+ pp = &(xi->x_pkey->dec_pkey->pkey.ec); -+ if ((int)strlen(header) > 10) /* assume encrypted */ -+ raw = 1; -+ } else - #endif -- { -- d2i=NULL; -- pp=NULL; -- } -+ { -+ d2i = NULL; -+ pp = NULL; -+ } - -- if (d2i != NULL) -- { -- if (!raw) -- { -- EVP_CIPHER_INFO cipher; -+ if (d2i != NULL) { -+ if (!raw) { -+ EVP_CIPHER_INFO cipher; - -- if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) -- goto err; -- if (!PEM_do_header(&cipher,data,&len,cb,u)) -- goto err; -- p=data; -- if (d2i(pp,&p,len) == NULL) -- { -- PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); -- goto err; -- } -- } -- else -- { /* encrypted RSA data */ -- if (!PEM_get_EVP_CIPHER_INFO(header, -- &xi->enc_cipher)) goto err; -- xi->enc_data=(char *)data; -- xi->enc_len=(int)len; -- data=NULL; -- } -- } -- else { -- /* unknown */ -- } -- if (name != NULL) OPENSSL_free(name); -- if (header != NULL) OPENSSL_free(header); -- if (data != NULL) OPENSSL_free(data); -- name=NULL; -- header=NULL; -- data=NULL; -- } -+ if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) -+ goto err; -+ if (!PEM_do_header(&cipher, data, &len, cb, u)) -+ goto err; -+ p = data; -+ if (d2i(pp, &p, len) == NULL) { -+ PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ } else { /* encrypted RSA data */ -+ if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher)) -+ goto err; -+ xi->enc_data = (char *)data; -+ xi->enc_len = (int)len; -+ data = NULL; -+ } -+ } else { -+ /* unknown */ -+ } -+ if (name != NULL) -+ OPENSSL_free(name); -+ if (header != NULL) -+ OPENSSL_free(header); -+ if (data != NULL) -+ OPENSSL_free(data); -+ name = NULL; -+ header = NULL; -+ data = NULL; -+ } - -- /* if the last one hasn't been pushed yet and there is anything -- * in it then add it to the stack ... -- */ -- if ((xi->x509 != NULL) || (xi->crl != NULL) || -- (xi->x_pkey != NULL) || (xi->enc_data != NULL)) -- { -- if (!sk_X509_INFO_push(ret,xi)) goto err; -- xi=NULL; -- } -- ok=1; --err: -- if (xi != NULL) X509_INFO_free(xi); -- if (!ok) -- { -- for (i=0; ((int)i)x509 != NULL) || (xi->crl != NULL) || -+ (xi->x_pkey != NULL) || (xi->enc_data != NULL)) { -+ if (!sk_X509_INFO_push(ret, xi)) -+ goto err; -+ xi = NULL; -+ } -+ ok = 1; -+ err: -+ if (xi != NULL) -+ X509_INFO_free(xi); -+ if (!ok) { -+ for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) { -+ xi = sk_X509_INFO_value(ret, i); -+ X509_INFO_free(xi); -+ } -+ if (ret != sk) -+ sk_X509_INFO_free(ret); -+ ret = NULL; -+ } - -+ if (name != NULL) -+ OPENSSL_free(name); -+ if (header != NULL) -+ OPENSSL_free(header); -+ if (data != NULL) -+ OPENSSL_free(data); -+ return (ret); -+} - - /* A TJH addition */ - int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, -- unsigned char *kstr, int klen, pem_password_cb *cb, void *u) -- { -- EVP_CIPHER_CTX ctx; -- int i,ret=0; -- unsigned char *data=NULL; -- const char *objstr=NULL; -- char buf[PEM_BUFSIZE]; -- unsigned char *iv=NULL; -- -- if (enc != NULL) -- { -- objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); -- if (objstr == NULL) -- { -- PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); -- goto err; -- } -- } -+ unsigned char *kstr, int klen, -+ pem_password_cb *cb, void *u) -+{ -+ EVP_CIPHER_CTX ctx; -+ int i, ret = 0; -+ unsigned char *data = NULL; -+ const char *objstr = NULL; -+ char buf[PEM_BUFSIZE]; -+ unsigned char *iv = NULL; -+ -+ if (enc != NULL) { -+ objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); -+ if (objstr == NULL) { -+ PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); -+ goto err; -+ } -+ } - -- /* now for the fun part ... if we have a private key then -- * we have to be able to handle a not-yet-decrypted key -- * being written out correctly ... if it is decrypted or -- * it is non-encrypted then we use the base code -- */ -- if (xi->x_pkey!=NULL) -- { -- if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) -- { -- /* copy from weirdo names into more normal things */ -- iv=xi->enc_cipher.iv; -- data=(unsigned char *)xi->enc_data; -- i=xi->enc_len; -+ /* -+ * now for the fun part ... if we have a private key then we have to be -+ * able to handle a not-yet-decrypted key being written out correctly ... -+ * if it is decrypted or it is non-encrypted then we use the base code -+ */ -+ if (xi->x_pkey != NULL) { -+ if ((xi->enc_data != NULL) && (xi->enc_len > 0)) { -+ /* copy from weirdo names into more normal things */ -+ iv = xi->enc_cipher.iv; -+ data = (unsigned char *)xi->enc_data; -+ i = xi->enc_len; - -- /* we take the encryption data from the -- * internal stuff rather than what the -- * user has passed us ... as we have to -- * match exactly for some strange reason -- */ -- objstr=OBJ_nid2sn( -- EVP_CIPHER_nid(xi->enc_cipher.cipher)); -- if (objstr == NULL) -- { -- PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); -- goto err; -- } -+ /* -+ * we take the encryption data from the internal stuff rather -+ * than what the user has passed us ... as we have to match -+ * exactly for some strange reason -+ */ -+ objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher)); -+ if (objstr == NULL) { -+ PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, -+ PEM_R_UNSUPPORTED_CIPHER); -+ goto err; -+ } - -- /* create the right magic header stuff */ -- OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); -- buf[0]='\0'; -- PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); -- PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); -+ /* create the right magic header stuff */ -+ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= -+ sizeof buf); -+ buf[0] = '\0'; -+ PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); -+ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); - -- /* use the normal code to write things out */ -- i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); -- if (i <= 0) goto err; -- } -- else -- { -- /* Add DSA/DH */ -+ /* use the normal code to write things out */ -+ i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); -+ if (i <= 0) -+ goto err; -+ } else { -+ /* Add DSA/DH */ - #ifndef OPENSSL_NO_RSA -- /* normal optionally encrypted stuff */ -- if (PEM_write_bio_RSAPrivateKey(bp, -- xi->x_pkey->dec_pkey->pkey.rsa, -- enc,kstr,klen,cb,u)<=0) -- goto err; -+ /* normal optionally encrypted stuff */ -+ if (PEM_write_bio_RSAPrivateKey(bp, -+ xi->x_pkey->dec_pkey->pkey.rsa, -+ enc, kstr, klen, cb, u) <= 0) -+ goto err; - #endif -- } -- } -+ } -+ } - -- /* if we have a certificate then write it out now */ -- if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0)) -- goto err; -+ /* if we have a certificate then write it out now */ -+ if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) -+ goto err; - -- /* we are ignoring anything else that is loaded into the X509_INFO -- * structure for the moment ... as I don't need it so I'm not -- * coding it here and Eric can do it when this makes it into the -- * base library --tjh -- */ -+ /* -+ * we are ignoring anything else that is loaded into the X509_INFO -+ * structure for the moment ... as I don't need it so I'm not coding it -+ * here and Eric can do it when this makes it into the base library --tjh -+ */ - -- ret=1; -+ ret = 1; - --err: -- OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); -- OPENSSL_cleanse(buf,PEM_BUFSIZE); -- return(ret); -- } -+ err: -+ OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); -+ OPENSSL_cleanse(buf, PEM_BUFSIZE); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c -index 22bb791..8febf10 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -66,717 +66,725 @@ - #include - #include - #ifndef OPENSSL_NO_DES --#include -+# include - #endif - --const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; -+const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT; - --#define MIN_LENGTH 4 -+#define MIN_LENGTH 4 - --static int load_iv(char **fromp,unsigned char *to, int num); -+static int load_iv(char **fromp, unsigned char *to, int num); - static int check_pem(const char *nm, const char *name); - - int PEM_def_callback(char *buf, int num, int w, void *key) -- { -+{ - #ifdef OPENSSL_NO_FP_API -- /* We should not ever call the default callback routine from -- * windows. */ -- PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -- return(-1); -+ /* -+ * We should not ever call the default callback routine from windows. -+ */ -+ PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); -+ return (-1); - #else -- int i,j; -- const char *prompt; -- if(key) { -- i=strlen(key); -- i=(i > num)?num:i; -- memcpy(buf,key,i); -- return(i); -- } -- -- prompt=EVP_get_pw_prompt(); -- if (prompt == NULL) -- prompt="Enter PEM pass phrase:"; -- -- for (;;) -- { -- i=EVP_read_pw_string(buf,num,prompt,w); -- if (i != 0) -- { -- PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); -- memset(buf,0,(unsigned int)num); -- return(-1); -- } -- j=strlen(buf); -- if (j < MIN_LENGTH) -- { -- fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH); -- } -- else -- break; -- } -- return(j); -+ int i, j; -+ const char *prompt; -+ if (key) { -+ i = strlen(key); -+ i = (i > num) ? num : i; -+ memcpy(buf, key, i); -+ return (i); -+ } -+ -+ prompt = EVP_get_pw_prompt(); -+ if (prompt == NULL) -+ prompt = "Enter PEM pass phrase:"; -+ -+ for (;;) { -+ i = EVP_read_pw_string(buf, num, prompt, w); -+ if (i != 0) { -+ PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); -+ memset(buf, 0, (unsigned int)num); -+ return (-1); -+ } -+ j = strlen(buf); -+ if (j < MIN_LENGTH) { -+ fprintf(stderr, -+ "phrase is too short, needs to be at least %d chars\n", -+ MIN_LENGTH); -+ } else -+ break; -+ } -+ return (j); - #endif -- } -+} - - void PEM_proc_type(char *buf, int type) -- { -- const char *str; -- -- if (type == PEM_TYPE_ENCRYPTED) -- str="ENCRYPTED"; -- else if (type == PEM_TYPE_MIC_CLEAR) -- str="MIC-CLEAR"; -- else if (type == PEM_TYPE_MIC_ONLY) -- str="MIC-ONLY"; -- else -- str="BAD-TYPE"; -- -- BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); -- BUF_strlcat(buf,str,PEM_BUFSIZE); -- BUF_strlcat(buf,"\n",PEM_BUFSIZE); -- } -+{ -+ const char *str; -+ -+ if (type == PEM_TYPE_ENCRYPTED) -+ str = "ENCRYPTED"; -+ else if (type == PEM_TYPE_MIC_CLEAR) -+ str = "MIC-CLEAR"; -+ else if (type == PEM_TYPE_MIC_ONLY) -+ str = "MIC-ONLY"; -+ else -+ str = "BAD-TYPE"; -+ -+ BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE); -+ BUF_strlcat(buf, str, PEM_BUFSIZE); -+ BUF_strlcat(buf, "\n", PEM_BUFSIZE); -+} - - void PEM_dek_info(char *buf, const char *type, int len, char *str) -- { -- static const unsigned char map[17]="0123456789ABCDEF"; -- long i; -- int j; -- -- BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); -- BUF_strlcat(buf,type,PEM_BUFSIZE); -- BUF_strlcat(buf,",",PEM_BUFSIZE); -- j=strlen(buf); -- if (j + (len * 2) + 1 > PEM_BUFSIZE) -- return; -- for (i=0; i>4)&0x0f]; -- buf[j+i*2+1]=map[(str[i] )&0x0f]; -- } -- buf[j+i*2]='\n'; -- buf[j+i*2+1]='\0'; -- } -+{ -+ static const unsigned char map[17] = "0123456789ABCDEF"; -+ long i; -+ int j; -+ -+ BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE); -+ BUF_strlcat(buf, type, PEM_BUFSIZE); -+ BUF_strlcat(buf, ",", PEM_BUFSIZE); -+ j = strlen(buf); -+ if (j + (len * 2) + 1 > PEM_BUFSIZE) -+ return; -+ for (i = 0; i < len; i++) { -+ buf[j + i * 2] = map[(str[i] >> 4) & 0x0f]; -+ buf[j + i * 2 + 1] = map[(str[i]) & 0x0f]; -+ } -+ buf[j + i * 2] = '\n'; -+ buf[j + i * 2 + 1] = '\0'; -+} - - #ifndef OPENSSL_NO_FP_API - void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, -- pem_password_cb *cb, void *u) -- { -- BIO *b; -- void *ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); -- BIO_free(b); -- return(ret); -- } -+ pem_password_cb *cb, void *u) -+{ -+ BIO *b; -+ void *ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u); -+ BIO_free(b); -+ return (ret); -+} - #endif - - static int check_pem(const char *nm, const char *name) - { -- /* Normal matching nm and name */ -- if (!strcmp(nm,name)) return 1; -+ /* Normal matching nm and name */ -+ if (!strcmp(nm, name)) -+ return 1; - -- /* Make PEM_STRING_EVP_PKEY match any private key */ -+ /* Make PEM_STRING_EVP_PKEY match any private key */ - -- if(!strcmp(nm,PEM_STRING_PKCS8) && -- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; -+ if (!strcmp(nm, PEM_STRING_PKCS8) && !strcmp(name, PEM_STRING_EVP_PKEY)) -+ return 1; - -- if(!strcmp(nm,PEM_STRING_PKCS8INF) && -- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; -+ if (!strcmp(nm, PEM_STRING_PKCS8INF) && -+ !strcmp(name, PEM_STRING_EVP_PKEY)) -+ return 1; - -- if(!strcmp(nm,PEM_STRING_RSA) && -- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; -+ if (!strcmp(nm, PEM_STRING_RSA) && !strcmp(name, PEM_STRING_EVP_PKEY)) -+ return 1; - -- if(!strcmp(nm,PEM_STRING_DSA) && -- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; -+ if (!strcmp(nm, PEM_STRING_DSA) && !strcmp(name, PEM_STRING_EVP_PKEY)) -+ return 1; - -- if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) && -- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; -- /* Permit older strings */ -+ if (!strcmp(nm, PEM_STRING_ECPRIVATEKEY) && -+ !strcmp(name, PEM_STRING_EVP_PKEY)) -+ return 1; -+ /* Permit older strings */ - -- if(!strcmp(nm,PEM_STRING_X509_OLD) && -- !strcmp(name,PEM_STRING_X509)) return 1; -+ if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509)) -+ return 1; - -- if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && -- !strcmp(name,PEM_STRING_X509_REQ)) return 1; -+ if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) && -+ !strcmp(name, PEM_STRING_X509_REQ)) -+ return 1; - -- /* Allow normal certs to be read as trusted certs */ -- if(!strcmp(nm,PEM_STRING_X509) && -- !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; -+ /* Allow normal certs to be read as trusted certs */ -+ if (!strcmp(nm, PEM_STRING_X509) && -+ !strcmp(name, PEM_STRING_X509_TRUSTED)) -+ return 1; - -- if(!strcmp(nm,PEM_STRING_X509_OLD) && -- !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; -+ if (!strcmp(nm, PEM_STRING_X509_OLD) && -+ !strcmp(name, PEM_STRING_X509_TRUSTED)) -+ return 1; - -- /* Some CAs use PKCS#7 with CERTIFICATE headers */ -- if(!strcmp(nm, PEM_STRING_X509) && -- !strcmp(name, PEM_STRING_PKCS7)) return 1; -+ /* Some CAs use PKCS#7 with CERTIFICATE headers */ -+ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7)) -+ return 1; - -- if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && -- !strcmp(name, PEM_STRING_PKCS7)) return 1; -+ if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && -+ !strcmp(name, PEM_STRING_PKCS7)) -+ return 1; - -- return 0; -+ return 0; - } - --int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, -- pem_password_cb *cb, void *u) -- { -- EVP_CIPHER_INFO cipher; -- char *nm=NULL,*header=NULL; -- unsigned char *data=NULL; -- long len; -- int ret = 0; -- -- for (;;) -- { -- if (!PEM_read_bio(bp,&nm,&header,&data,&len)) { -- if(ERR_GET_REASON(ERR_peek_error()) == -- PEM_R_NO_START_LINE) -- ERR_add_error_data(2, "Expecting: ", name); -- return 0; -- } -- if(check_pem(nm, name)) break; -- OPENSSL_free(nm); -- OPENSSL_free(header); -- OPENSSL_free(data); -- } -- if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; -- if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; -- -- *pdata = data; -- *plen = len; -- -- if (pnm) -- *pnm = nm; -- -- ret = 1; -- --err: -- if (!ret || !pnm) OPENSSL_free(nm); -- OPENSSL_free(header); -- if (!ret) OPENSSL_free(data); -- return ret; -- } -+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, -+ const char *name, BIO *bp, pem_password_cb *cb, -+ void *u) -+{ -+ EVP_CIPHER_INFO cipher; -+ char *nm = NULL, *header = NULL; -+ unsigned char *data = NULL; -+ long len; -+ int ret = 0; -+ -+ for (;;) { -+ if (!PEM_read_bio(bp, &nm, &header, &data, &len)) { -+ if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) -+ ERR_add_error_data(2, "Expecting: ", name); -+ return 0; -+ } -+ if (check_pem(nm, name)) -+ break; -+ OPENSSL_free(nm); -+ OPENSSL_free(header); -+ OPENSSL_free(data); -+ } -+ if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) -+ goto err; -+ if (!PEM_do_header(&cipher, data, &len, cb, u)) -+ goto err; -+ -+ *pdata = data; -+ *plen = len; -+ -+ if (pnm) -+ *pnm = nm; -+ -+ ret = 1; -+ -+ err: -+ if (!ret || !pnm) -+ OPENSSL_free(nm); -+ OPENSSL_free(header); -+ if (!ret) -+ OPENSSL_free(data); -+ return ret; -+} - - #ifndef OPENSSL_NO_FP_API - int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, -- char *x, const EVP_CIPHER *enc, unsigned char *kstr, -- int klen, pem_password_cb *callback, void *u) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u); -- BIO_free(b); -- return(ret); -- } -+ char *x, const EVP_CIPHER *enc, unsigned char *kstr, -+ int klen, pem_password_cb *callback, void *u) -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u); -+ BIO_free(b); -+ return (ret); -+} - #endif - - int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, -- char *x, const EVP_CIPHER *enc, unsigned char *kstr, -- int klen, pem_password_cb *callback, void *u) -- { -- EVP_CIPHER_CTX ctx; -- int dsize=0,i,j,ret=0; -- unsigned char *p,*data=NULL; -- const char *objstr=NULL; -- char buf[PEM_BUFSIZE]; -- unsigned char key[EVP_MAX_KEY_LENGTH]; -- unsigned char iv[EVP_MAX_IV_LENGTH]; -- -- if (enc != NULL) -- { -- objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); -- if (objstr == NULL) -- { -- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); -- goto err; -- } -- } -- -- if ((dsize=i2d(x,NULL)) < 0) -- { -- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB); -- dsize=0; -- goto err; -- } -- /* dzise + 8 bytes are needed */ -- /* actually it needs the cipher block size extra... */ -- data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); -- if (data == NULL) -- { -- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- p=data; -- i=i2d(x,&p); -- -- if (enc != NULL) -- { -- if (kstr == NULL) -- { -- if (callback == NULL) -- klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u); -- else -- klen=(*callback)(buf,PEM_BUFSIZE,1,u); -- if (klen <= 0) -- { -- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); -- goto err; -- } -+ char *x, const EVP_CIPHER *enc, unsigned char *kstr, -+ int klen, pem_password_cb *callback, void *u) -+{ -+ EVP_CIPHER_CTX ctx; -+ int dsize = 0, i, j, ret = 0; -+ unsigned char *p, *data = NULL; -+ const char *objstr = NULL; -+ char buf[PEM_BUFSIZE]; -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ unsigned char iv[EVP_MAX_IV_LENGTH]; -+ -+ if (enc != NULL) { -+ objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); -+ if (objstr == NULL) { -+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); -+ goto err; -+ } -+ } -+ -+ if ((dsize = i2d(x, NULL)) < 0) { -+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); -+ dsize = 0; -+ goto err; -+ } -+ /* dzise + 8 bytes are needed */ -+ /* actually it needs the cipher block size extra... */ -+ data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20); -+ if (data == NULL) { -+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ p = data; -+ i = i2d(x, &p); -+ -+ if (enc != NULL) { -+ if (kstr == NULL) { -+ if (callback == NULL) -+ klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); -+ else -+ klen = (*callback) (buf, PEM_BUFSIZE, 1, u); -+ if (klen <= 0) { -+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY); -+ goto err; -+ } - #ifdef CHARSET_EBCDIC -- /* Convert the pass phrase from EBCDIC */ -- ebcdic2ascii(buf, buf, klen); -+ /* Convert the pass phrase from EBCDIC */ -+ ebcdic2ascii(buf, buf, klen); - #endif -- kstr=(unsigned char *)buf; -- } -- RAND_add(data,i,0);/* put in the RSA key. */ -- OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); -- if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ -- goto err; -- /* The 'iv' is used as the iv and as a salt. It is -- * NOT taken from the BytesToKey function */ -- EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); -- -- if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); -- -- OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); -- -- buf[0]='\0'; -- PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); -- PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); -- /* k=strlen(buf); */ -- -- EVP_CIPHER_CTX_init(&ctx); -- EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv); -- EVP_EncryptUpdate(&ctx,data,&j,data,i); -- EVP_EncryptFinal_ex(&ctx,&(data[j]),&i); -- EVP_CIPHER_CTX_cleanup(&ctx); -- i+=j; -- ret=1; -- } -- else -- { -- ret=1; -- buf[0]='\0'; -- } -- i=PEM_write_bio(bp,name,buf,data,i); -- if (i <= 0) ret=0; --err: -- OPENSSL_cleanse(key,sizeof(key)); -- OPENSSL_cleanse(iv,sizeof(iv)); -- OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); -- OPENSSL_cleanse(buf,PEM_BUFSIZE); -- if (data != NULL) -- { -- OPENSSL_cleanse(data,(unsigned int)dsize); -- OPENSSL_free(data); -- } -- return(ret); -- } -+ kstr = (unsigned char *)buf; -+ } -+ RAND_add(data, i, 0); /* put in the RSA key. */ -+ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); -+ if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */ -+ goto err; -+ /* -+ * The 'iv' is used as the iv and as a salt. It is NOT taken from -+ * the BytesToKey function -+ */ -+ EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL); -+ -+ if (kstr == (unsigned char *)buf) -+ OPENSSL_cleanse(buf, PEM_BUFSIZE); -+ -+ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= -+ sizeof buf); -+ -+ buf[0] = '\0'; -+ PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); -+ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); -+ /* k=strlen(buf); */ -+ -+ EVP_CIPHER_CTX_init(&ctx); -+ EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv); -+ EVP_EncryptUpdate(&ctx, data, &j, data, i); -+ EVP_EncryptFinal_ex(&ctx, &(data[j]), &i); -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ i += j; -+ ret = 1; -+ } else { -+ ret = 1; -+ buf[0] = '\0'; -+ } -+ i = PEM_write_bio(bp, name, buf, data, i); -+ if (i <= 0) -+ ret = 0; -+ err: -+ OPENSSL_cleanse(key, sizeof(key)); -+ OPENSSL_cleanse(iv, sizeof(iv)); -+ OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); -+ OPENSSL_cleanse(buf, PEM_BUFSIZE); -+ if (data != NULL) { -+ OPENSSL_cleanse(data, (unsigned int)dsize); -+ OPENSSL_free(data); -+ } -+ return (ret); -+} - - int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, -- pem_password_cb *callback,void *u) -- { -- int i,j,o,klen; -- long len; -- EVP_CIPHER_CTX ctx; -- unsigned char key[EVP_MAX_KEY_LENGTH]; -- char buf[PEM_BUFSIZE]; -- -- len= *plen; -- -- if (cipher->cipher == NULL) return(1); -- if (callback == NULL) -- klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u); -- else -- klen=callback(buf,PEM_BUFSIZE,0,u); -- if (klen <= 0) -- { -- PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); -- return(0); -- } -+ pem_password_cb *callback, void *u) -+{ -+ int i, j, o, klen; -+ long len; -+ EVP_CIPHER_CTX ctx; -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ char buf[PEM_BUFSIZE]; -+ -+ len = *plen; -+ -+ if (cipher->cipher == NULL) -+ return (1); -+ if (callback == NULL) -+ klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); -+ else -+ klen = callback(buf, PEM_BUFSIZE, 0, u); -+ if (klen <= 0) { -+ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); -+ return (0); -+ } - #ifdef CHARSET_EBCDIC -- /* Convert the pass phrase from EBCDIC */ -- ebcdic2ascii(buf, buf, klen); -+ /* Convert the pass phrase from EBCDIC */ -+ ebcdic2ascii(buf, buf, klen); - #endif - -- EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), -- (unsigned char *)buf,klen,1,key,NULL); -- -- j=(int)len; -- EVP_CIPHER_CTX_init(&ctx); -- EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); -- EVP_DecryptUpdate(&ctx,data,&i,data,j); -- o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); -- EVP_CIPHER_CTX_cleanup(&ctx); -- OPENSSL_cleanse((char *)buf,sizeof(buf)); -- OPENSSL_cleanse((char *)key,sizeof(key)); -- j+=i; -- if (!o) -- { -- PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); -- return(0); -- } -- *plen=j; -- return(1); -- } -+ EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), -+ (unsigned char *)buf, klen, 1, key, NULL); -+ -+ j = (int)len; -+ EVP_CIPHER_CTX_init(&ctx); -+ EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); -+ EVP_DecryptUpdate(&ctx, data, &i, data, j); -+ o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j); -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ OPENSSL_cleanse((char *)buf, sizeof(buf)); -+ OPENSSL_cleanse((char *)key, sizeof(key)); -+ j += i; -+ if (!o) { -+ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); -+ return (0); -+ } -+ *plen = j; -+ return (1); -+} - - int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) -- { -- const EVP_CIPHER *enc=NULL; -- char *p,c; -- char **header_pp = &header; -- -- cipher->cipher=NULL; -- if ((header == NULL) || (*header == '\0') || (*header == '\n')) -- return(1); -- if (strncmp(header,"Proc-Type: ",11) != 0) -- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } -- header+=11; -- if (*header != '4') return(0); header++; -- if (*header != ',') return(0); header++; -- if (strncmp(header,"ENCRYPTED",9) != 0) -- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } -- for (; (*header != '\n') && (*header != '\0'); header++) -- ; -- if (*header == '\0') -- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } -- header++; -- if (strncmp(header,"DEK-Info: ",10) != 0) -- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } -- header+=10; -- -- p=header; -- for (;;) -- { -- c= *header; -+{ -+ const EVP_CIPHER *enc = NULL; -+ char *p, c; -+ char **header_pp = &header; -+ -+ cipher->cipher = NULL; -+ if ((header == NULL) || (*header == '\0') || (*header == '\n')) -+ return (1); -+ if (strncmp(header, "Proc-Type: ", 11) != 0) { -+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE); -+ return (0); -+ } -+ header += 11; -+ if (*header != '4') -+ return (0); -+ header++; -+ if (*header != ',') -+ return (0); -+ header++; -+ if (strncmp(header, "ENCRYPTED", 9) != 0) { -+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED); -+ return (0); -+ } -+ for (; (*header != '\n') && (*header != '\0'); header++) ; -+ if (*header == '\0') { -+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER); -+ return (0); -+ } -+ header++; -+ if (strncmp(header, "DEK-Info: ", 10) != 0) { -+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO); -+ return (0); -+ } -+ header += 10; -+ -+ p = header; -+ for (;;) { -+ c = *header; - #ifndef CHARSET_EBCDIC -- if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || -- ((c >= '0') && (c <= '9')))) -- break; -+ if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') || -+ ((c >= '0') && (c <= '9')))) -+ break; - #else -- if (!( isupper(c) || (c == '-') || -- isdigit(c))) -- break; -+ if (!(isupper(c) || (c == '-') || isdigit(c))) -+ break; - #endif -- header++; -- } -- *header='\0'; -- cipher->cipher=enc=EVP_get_cipherbyname(p); -- *header=c; -- header++; -- -- if (enc == NULL) -- { -- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); -- return(0); -- } -- if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len)) -- return(0); -- -- return(1); -- } -+ header++; -+ } -+ *header = '\0'; -+ cipher->cipher = enc = EVP_get_cipherbyname(p); -+ *header = c; -+ header++; -+ -+ if (enc == NULL) { -+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION); -+ return (0); -+ } -+ if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len)) -+ return (0); -+ -+ return (1); -+} - - static int load_iv(char **fromp, unsigned char *to, int num) -- { -- int v,i; -- char *from; -- -- from= *fromp; -- for (i=0; i= '0') && (*from <= '9')) -- v= *from-'0'; -- else if ((*from >= 'A') && (*from <= 'F')) -- v= *from-'A'+10; -- else if ((*from >= 'a') && (*from <= 'f')) -- v= *from-'a'+10; -- else -- { -- PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS); -- return(0); -- } -- from++; -- to[i/2]|=v<<(long)((!(i&1))*4); -- } -- -- *fromp=from; -- return(1); -- } -+{ -+ int v, i; -+ char *from; -+ -+ from = *fromp; -+ for (i = 0; i < num; i++) -+ to[i] = 0; -+ num *= 2; -+ for (i = 0; i < num; i++) { -+ if ((*from >= '0') && (*from <= '9')) -+ v = *from - '0'; -+ else if ((*from >= 'A') && (*from <= 'F')) -+ v = *from - 'A' + 10; -+ else if ((*from >= 'a') && (*from <= 'f')) -+ v = *from - 'a' + 10; -+ else { -+ PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS); -+ return (0); -+ } -+ from++; -+ to[i / 2] |= v << (long)((!(i & 1)) * 4); -+ } -+ -+ *fromp = from; -+ return (1); -+} - - #ifndef OPENSSL_NO_FP_API - int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, -- long len) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=PEM_write_bio(b, name, header, data,len); -- BIO_free(b); -- return(ret); -- } -+ long len) -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = PEM_write_bio(b, name, header, data, len); -+ BIO_free(b); -+ return (ret); -+} - #endif - --int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, -- long len) -- { -- int nlen,n,i,j,outl; -- unsigned char *buf = NULL; -- EVP_ENCODE_CTX ctx; -- int reason=ERR_R_BUF_LIB; -- -- EVP_EncodeInit(&ctx); -- nlen=strlen(name); -- -- if ( (BIO_write(bp,"-----BEGIN ",11) != 11) || -- (BIO_write(bp,name,nlen) != nlen) || -- (BIO_write(bp,"-----\n",6) != 6)) -- goto err; -- -- i=strlen(header); -- if (i > 0) -- { -- if ( (BIO_write(bp,header,i) != i) || -- (BIO_write(bp,"\n",1) != 1)) -- goto err; -- } -- -- buf = OPENSSL_malloc(PEM_BUFSIZE*8); -- if (buf == NULL) -- { -- reason=ERR_R_MALLOC_FAILURE; -- goto err; -- } -- -- i=j=0; -- while (len > 0) -- { -- n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len); -- EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n); -- if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl)) -- goto err; -- i+=outl; -- len-=n; -- j+=n; -- } -- EVP_EncodeFinal(&ctx,buf,&outl); -- if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; -- OPENSSL_cleanse(buf, PEM_BUFSIZE*8); -- OPENSSL_free(buf); -- buf = NULL; -- if ( (BIO_write(bp,"-----END ",9) != 9) || -- (BIO_write(bp,name,nlen) != nlen) || -- (BIO_write(bp,"-----\n",6) != 6)) -- goto err; -- return(i+outl); --err: -- if (buf) { -- OPENSSL_cleanse(buf, PEM_BUFSIZE*8); -- OPENSSL_free(buf); -- } -- PEMerr(PEM_F_PEM_WRITE_BIO,reason); -- return(0); -- } -+int PEM_write_bio(BIO *bp, const char *name, char *header, -+ unsigned char *data, long len) -+{ -+ int nlen, n, i, j, outl; -+ unsigned char *buf = NULL; -+ EVP_ENCODE_CTX ctx; -+ int reason = ERR_R_BUF_LIB; -+ -+ EVP_EncodeInit(&ctx); -+ nlen = strlen(name); -+ -+ if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || -+ (BIO_write(bp, name, nlen) != nlen) || -+ (BIO_write(bp, "-----\n", 6) != 6)) -+ goto err; -+ -+ i = strlen(header); -+ if (i > 0) { -+ if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1)) -+ goto err; -+ } -+ -+ buf = OPENSSL_malloc(PEM_BUFSIZE * 8); -+ if (buf == NULL) { -+ reason = ERR_R_MALLOC_FAILURE; -+ goto err; -+ } -+ -+ i = j = 0; -+ while (len > 0) { -+ n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len); -+ EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n); -+ if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl)) -+ goto err; -+ i += outl; -+ len -= n; -+ j += n; -+ } -+ EVP_EncodeFinal(&ctx, buf, &outl); -+ if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) -+ goto err; -+ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); -+ OPENSSL_free(buf); -+ buf = NULL; -+ if ((BIO_write(bp, "-----END ", 9) != 9) || -+ (BIO_write(bp, name, nlen) != nlen) || -+ (BIO_write(bp, "-----\n", 6) != 6)) -+ goto err; -+ return (i + outl); -+ err: -+ if (buf) { -+ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); -+ OPENSSL_free(buf); -+ } -+ PEMerr(PEM_F_PEM_WRITE_BIO, reason); -+ return (0); -+} - - #ifndef OPENSSL_NO_FP_API - int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, -- long *len) -- { -- BIO *b; -- int ret; -- -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=PEM_read_bio(b, name, header, data,len); -- BIO_free(b); -- return(ret); -- } -+ long *len) -+{ -+ BIO *b; -+ int ret; -+ -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = PEM_read_bio(b, name, header, data, len); -+ BIO_free(b); -+ return (ret); -+} - #endif - - int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, -- long *len) -- { -- EVP_ENCODE_CTX ctx; -- int end=0,i,k,bl=0,hl=0,nohead=0; -- char buf[256]; -- BUF_MEM *nameB; -- BUF_MEM *headerB; -- BUF_MEM *dataB,*tmpB; -- -- nameB=BUF_MEM_new(); -- headerB=BUF_MEM_new(); -- dataB=BUF_MEM_new(); -- if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) -- { -- BUF_MEM_free(nameB); -- BUF_MEM_free(headerB); -- BUF_MEM_free(dataB); -- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- -- buf[254]='\0'; -- for (;;) -- { -- i=BIO_gets(bp,buf,254); -- -- if (i <= 0) -- { -- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE); -- goto err; -- } -- -- while ((i >= 0) && (buf[i] <= ' ')) i--; -- buf[++i]='\n'; buf[++i]='\0'; -- -- if (strncmp(buf,"-----BEGIN ",11) == 0) -- { -- i=strlen(&(buf[11])); -- -- if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0) -- continue; -- if (!BUF_MEM_grow(nameB,i+9)) -- { -- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- memcpy(nameB->data,&(buf[11]),i-6); -- nameB->data[i-6]='\0'; -- break; -- } -- } -- hl=0; -- if (!BUF_MEM_grow(headerB,256)) -- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } -- headerB->data[0]='\0'; -- for (;;) -- { -- i=BIO_gets(bp,buf,254); -- if (i <= 0) break; -- -- while ((i >= 0) && (buf[i] <= ' ')) i--; -- buf[++i]='\n'; buf[++i]='\0'; -- -- if (buf[0] == '\n') break; -- if (!BUF_MEM_grow(headerB,hl+i+9)) -- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } -- if (strncmp(buf,"-----END ",9) == 0) -- { -- nohead=1; -- break; -- } -- memcpy(&(headerB->data[hl]),buf,i); -- headerB->data[hl+i]='\0'; -- hl+=i; -- } -- -- bl=0; -- if (!BUF_MEM_grow(dataB,1024)) -- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } -- dataB->data[0]='\0'; -- if (!nohead) -- { -- for (;;) -- { -- i=BIO_gets(bp,buf,254); -- if (i <= 0) break; -- -- while ((i >= 0) && (buf[i] <= ' ')) i--; -- buf[++i]='\n'; buf[++i]='\0'; -- -- if (i != 65) end=1; -- if (strncmp(buf,"-----END ",9) == 0) -- break; -- if (i > 65) break; -- if (!BUF_MEM_grow_clean(dataB,i+bl+9)) -- { -- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- memcpy(&(dataB->data[bl]),buf,i); -- dataB->data[bl+i]='\0'; -- bl+=i; -- if (end) -- { -- buf[0]='\0'; -- i=BIO_gets(bp,buf,254); -- if (i <= 0) break; -- -- while ((i >= 0) && (buf[i] <= ' ')) i--; -- buf[++i]='\n'; buf[++i]='\0'; -- -- break; -- } -- } -- } -- else -- { -- tmpB=headerB; -- headerB=dataB; -- dataB=tmpB; -- bl=hl; -- } -- i=strlen(nameB->data); -- if ( (strncmp(buf,"-----END ",9) != 0) || -- (strncmp(nameB->data,&(buf[9]),i) != 0) || -- (strncmp(&(buf[9+i]),"-----\n",6) != 0)) -- { -- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE); -- goto err; -- } -- -- EVP_DecodeInit(&ctx); -- i=EVP_DecodeUpdate(&ctx, -- (unsigned char *)dataB->data,&bl, -- (unsigned char *)dataB->data,bl); -- if (i < 0) -- { -- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); -- goto err; -- } -- i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); -- if (i < 0) -- { -- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); -- goto err; -- } -- bl+=k; -- -- if (bl == 0) goto err; -- *name=nameB->data; -- *header=headerB->data; -- *data=(unsigned char *)dataB->data; -- *len=bl; -- OPENSSL_free(nameB); -- OPENSSL_free(headerB); -- OPENSSL_free(dataB); -- return(1); --err: -- BUF_MEM_free(nameB); -- BUF_MEM_free(headerB); -- BUF_MEM_free(dataB); -- return(0); -- } -+ long *len) -+{ -+ EVP_ENCODE_CTX ctx; -+ int end = 0, i, k, bl = 0, hl = 0, nohead = 0; -+ char buf[256]; -+ BUF_MEM *nameB; -+ BUF_MEM *headerB; -+ BUF_MEM *dataB, *tmpB; -+ -+ nameB = BUF_MEM_new(); -+ headerB = BUF_MEM_new(); -+ dataB = BUF_MEM_new(); -+ if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) { -+ BUF_MEM_free(nameB); -+ BUF_MEM_free(headerB); -+ BUF_MEM_free(dataB); -+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ -+ buf[254] = '\0'; -+ for (;;) { -+ i = BIO_gets(bp, buf, 254); -+ -+ if (i <= 0) { -+ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE); -+ goto err; -+ } -+ -+ while ((i >= 0) && (buf[i] <= ' ')) -+ i--; -+ buf[++i] = '\n'; -+ buf[++i] = '\0'; -+ -+ if (strncmp(buf, "-----BEGIN ", 11) == 0) { -+ i = strlen(&(buf[11])); -+ -+ if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0) -+ continue; -+ if (!BUF_MEM_grow(nameB, i + 9)) { -+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ memcpy(nameB->data, &(buf[11]), i - 6); -+ nameB->data[i - 6] = '\0'; -+ break; -+ } -+ } -+ hl = 0; -+ if (!BUF_MEM_grow(headerB, 256)) { -+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ headerB->data[0] = '\0'; -+ for (;;) { -+ i = BIO_gets(bp, buf, 254); -+ if (i <= 0) -+ break; -+ -+ while ((i >= 0) && (buf[i] <= ' ')) -+ i--; -+ buf[++i] = '\n'; -+ buf[++i] = '\0'; -+ -+ if (buf[0] == '\n') -+ break; -+ if (!BUF_MEM_grow(headerB, hl + i + 9)) { -+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (strncmp(buf, "-----END ", 9) == 0) { -+ nohead = 1; -+ break; -+ } -+ memcpy(&(headerB->data[hl]), buf, i); -+ headerB->data[hl + i] = '\0'; -+ hl += i; -+ } -+ -+ bl = 0; -+ if (!BUF_MEM_grow(dataB, 1024)) { -+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ dataB->data[0] = '\0'; -+ if (!nohead) { -+ for (;;) { -+ i = BIO_gets(bp, buf, 254); -+ if (i <= 0) -+ break; -+ -+ while ((i >= 0) && (buf[i] <= ' ')) -+ i--; -+ buf[++i] = '\n'; -+ buf[++i] = '\0'; -+ -+ if (i != 65) -+ end = 1; -+ if (strncmp(buf, "-----END ", 9) == 0) -+ break; -+ if (i > 65) -+ break; -+ if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) { -+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ memcpy(&(dataB->data[bl]), buf, i); -+ dataB->data[bl + i] = '\0'; -+ bl += i; -+ if (end) { -+ buf[0] = '\0'; -+ i = BIO_gets(bp, buf, 254); -+ if (i <= 0) -+ break; -+ -+ while ((i >= 0) && (buf[i] <= ' ')) -+ i--; -+ buf[++i] = '\n'; -+ buf[++i] = '\0'; -+ -+ break; -+ } -+ } -+ } else { -+ tmpB = headerB; -+ headerB = dataB; -+ dataB = tmpB; -+ bl = hl; -+ } -+ i = strlen(nameB->data); -+ if ((strncmp(buf, "-----END ", 9) != 0) || -+ (strncmp(nameB->data, &(buf[9]), i) != 0) || -+ (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) { -+ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE); -+ goto err; -+ } -+ -+ EVP_DecodeInit(&ctx); -+ i = EVP_DecodeUpdate(&ctx, -+ (unsigned char *)dataB->data, &bl, -+ (unsigned char *)dataB->data, bl); -+ if (i < 0) { -+ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); -+ goto err; -+ } -+ i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k); -+ if (i < 0) { -+ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); -+ goto err; -+ } -+ bl += k; -+ -+ if (bl == 0) -+ goto err; -+ *name = nameB->data; -+ *header = headerB->data; -+ *data = (unsigned char *)dataB->data; -+ *len = bl; -+ OPENSSL_free(nameB); -+ OPENSSL_free(headerB); -+ OPENSSL_free(dataB); -+ return (1); -+ err: -+ BUF_MEM_free(nameB); -+ BUF_MEM_free(headerB); -+ BUF_MEM_free(dataB); -+ return (0); -+} -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c -index b33868d..1dd3bd7 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -68,19 +68,19 @@ - /* Handle 'other' PEMs: not private keys */ - - void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, -- pem_password_cb *cb, void *u) -- { -- const unsigned char *p=NULL; -- unsigned char *data=NULL; -- long len; -- char *ret=NULL; -+ pem_password_cb *cb, void *u) -+{ -+ const unsigned char *p = NULL; -+ unsigned char *data = NULL; -+ long len; -+ char *ret = NULL; - -- if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) -- return NULL; -- p = data; -- ret=d2i(x,&p,len); -- if (ret == NULL) -- PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); -- OPENSSL_free(data); -- return(ret); -- } -+ if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) -+ return NULL; -+ p = data; -+ ret = d2i(x, &p, len); -+ if (ret == NULL) -+ PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB); -+ OPENSSL_free(data); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c -index 6deab8c..b98c76c 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -67,176 +67,191 @@ - #include - - static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, -- int nid, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u); -+ int nid, const EVP_CIPHER *enc, -+ char *kstr, int klen, pem_password_cb *cb, void *u); - static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, -- int nid, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u); -+ int nid, const EVP_CIPHER *enc, -+ char *kstr, int klen, pem_password_cb *cb, void *u); - --/* These functions write a private key in PKCS#8 format: it is a "drop in" -+/* -+ * These functions write a private key in PKCS#8 format: it is a "drop in" - * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' - * is NULL then it uses the unencrypted private key form. The 'nid' versions - * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0. - */ - - int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u); -+ return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u); - } - - int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u); -+ return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u); - } - - int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u); -+ return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u); - } - - int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u); -+ return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u); - } - --static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, -+ const EVP_CIPHER *enc, char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- X509_SIG *p8; -- PKCS8_PRIV_KEY_INFO *p8inf; -- char buf[PEM_BUFSIZE]; -- int ret; -- if(!(p8inf = EVP_PKEY2PKCS8(x))) { -- PEMerr(PEM_F_DO_PK8PKEY, -- PEM_R_ERROR_CONVERTING_PRIVATE_KEY); -- return 0; -- } -- if(enc || (nid != -1)) { -- if(!kstr) { -- if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); -- else klen = cb(buf, PEM_BUFSIZE, 1, u); -- if(klen <= 0) { -- PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY); -- PKCS8_PRIV_KEY_INFO_free(p8inf); -- return 0; -- } -- -- kstr = buf; -- } -- p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); -- if(kstr == buf) OPENSSL_cleanse(buf, klen); -- PKCS8_PRIV_KEY_INFO_free(p8inf); -- if(isder) ret = i2d_PKCS8_bio(bp, p8); -- else ret = PEM_write_bio_PKCS8(bp, p8); -- X509_SIG_free(p8); -- return ret; -- } else { -- if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); -- else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); -- PKCS8_PRIV_KEY_INFO_free(p8inf); -- return ret; -- } -+ X509_SIG *p8; -+ PKCS8_PRIV_KEY_INFO *p8inf; -+ char buf[PEM_BUFSIZE]; -+ int ret; -+ if (!(p8inf = EVP_PKEY2PKCS8(x))) { -+ PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); -+ return 0; -+ } -+ if (enc || (nid != -1)) { -+ if (!kstr) { -+ if (!cb) -+ klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); -+ else -+ klen = cb(buf, PEM_BUFSIZE, 1, u); -+ if (klen <= 0) { -+ PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY); -+ PKCS8_PRIV_KEY_INFO_free(p8inf); -+ return 0; -+ } -+ -+ kstr = buf; -+ } -+ p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); -+ if (kstr == buf) -+ OPENSSL_cleanse(buf, klen); -+ PKCS8_PRIV_KEY_INFO_free(p8inf); -+ if (isder) -+ ret = i2d_PKCS8_bio(bp, p8); -+ else -+ ret = PEM_write_bio_PKCS8(bp, p8); -+ X509_SIG_free(p8); -+ return ret; -+ } else { -+ if (isder) -+ ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); -+ else -+ ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); -+ PKCS8_PRIV_KEY_INFO_free(p8inf); -+ return ret; -+ } - } - --EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) -+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, -+ void *u) - { -- PKCS8_PRIV_KEY_INFO *p8inf = NULL; -- X509_SIG *p8 = NULL; -- int klen; -- EVP_PKEY *ret; -- char psbuf[PEM_BUFSIZE]; -- p8 = d2i_PKCS8_bio(bp, NULL); -- if(!p8) return NULL; -- if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); -- else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); -- if (klen <= 0) { -- PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); -- X509_SIG_free(p8); -- return NULL; -- } -- p8inf = PKCS8_decrypt(p8, psbuf, klen); -- X509_SIG_free(p8); -- if(!p8inf) return NULL; -- ret = EVP_PKCS82PKEY(p8inf); -- PKCS8_PRIV_KEY_INFO_free(p8inf); -- if(!ret) return NULL; -- if(x) { -- if(*x) EVP_PKEY_free(*x); -- *x = ret; -- } -- return ret; -+ PKCS8_PRIV_KEY_INFO *p8inf = NULL; -+ X509_SIG *p8 = NULL; -+ int klen; -+ EVP_PKEY *ret; -+ char psbuf[PEM_BUFSIZE]; -+ p8 = d2i_PKCS8_bio(bp, NULL); -+ if (!p8) -+ return NULL; -+ if (cb) -+ klen = cb(psbuf, PEM_BUFSIZE, 0, u); -+ else -+ klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); -+ if (klen <= 0) { -+ PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); -+ X509_SIG_free(p8); -+ return NULL; -+ } -+ p8inf = PKCS8_decrypt(p8, psbuf, klen); -+ X509_SIG_free(p8); -+ if (!p8inf) -+ return NULL; -+ ret = EVP_PKCS82PKEY(p8inf); -+ PKCS8_PRIV_KEY_INFO_free(p8inf); -+ if (!ret) -+ return NULL; -+ if (x) { -+ if (*x) -+ EVP_PKEY_free(*x); -+ *x = ret; -+ } -+ return ret; - } - - #ifndef OPENSSL_NO_FP_API - - int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ char *kstr, int klen, pem_password_cb *cb, void *u) - { -- return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u); -+ return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u); - } - - int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u); -+ return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u); - } - - int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+ char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u); -+ return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u); - } - - int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, -- char *kstr, int klen, pem_password_cb *cb, void *u) -+ char *kstr, int klen, pem_password_cb *cb, -+ void *u) - { -- return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); -+ return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); - } - --static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, -- char *kstr, int klen, -- pem_password_cb *cb, void *u) -+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, -+ const EVP_CIPHER *enc, char *kstr, int klen, -+ pem_password_cb *cb, void *u) - { -- BIO *bp; -- int ret; -- if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { -- PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB); -- return(0); -- } -- ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); -- BIO_free(bp); -- return ret; -+ BIO *bp; -+ int ret; -+ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { -+ PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB); -+ return (0); -+ } -+ ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); -+ BIO_free(bp); -+ return ret; - } - --EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) -+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, -+ void *u) - { -- BIO *bp; -- EVP_PKEY *ret; -- if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { -- PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB); -- return NULL; -- } -- ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); -- BIO_free(bp); -- return ret; -+ BIO *bp; -+ EVP_PKEY *ret; -+ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { -+ PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB); -+ return NULL; -+ } -+ ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); -+ BIO_free(bp); -+ return ret; - } - - #endif - - IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG) -+ -+ - IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, -- PKCS8_PRIV_KEY_INFO) -+ PKCS8_PRIV_KEY_INFO) -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c -index 4da4c31..5f5c4fe 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -66,84 +66,90 @@ - #include - #include - -+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, -+ void *u) -+{ -+ char *nm = NULL; -+ const unsigned char *p = NULL; -+ unsigned char *data = NULL; -+ long len; -+ EVP_PKEY *ret = NULL; - --EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) -- { -- char *nm=NULL; -- const unsigned char *p=NULL; -- unsigned char *data=NULL; -- long len; -- EVP_PKEY *ret=NULL; -- -- if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) -- return NULL; -- p = data; -+ if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) -+ return NULL; -+ p = data; - -- if (strcmp(nm,PEM_STRING_RSA) == 0) -- ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); -- else if (strcmp(nm,PEM_STRING_DSA) == 0) -- ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); -- else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0) -- ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); -- else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { -- PKCS8_PRIV_KEY_INFO *p8inf; -- p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); -- if(!p8inf) goto p8err; -- ret = EVP_PKCS82PKEY(p8inf); -- if(x) { -- if(*x) EVP_PKEY_free((EVP_PKEY *)*x); -- *x = ret; -- } -- PKCS8_PRIV_KEY_INFO_free(p8inf); -- } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { -- PKCS8_PRIV_KEY_INFO *p8inf; -- X509_SIG *p8; -- int klen; -- char psbuf[PEM_BUFSIZE]; -- p8 = d2i_X509_SIG(NULL, &p, len); -- if(!p8) goto p8err; -- if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); -- else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); -- if (klen <= 0) { -- PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, -- PEM_R_BAD_PASSWORD_READ); -- X509_SIG_free(p8); -- goto err; -- } -- p8inf = PKCS8_decrypt(p8, psbuf, klen); -- X509_SIG_free(p8); -- if(!p8inf) goto p8err; -- ret = EVP_PKCS82PKEY(p8inf); -- if(x) { -- if(*x) EVP_PKEY_free((EVP_PKEY *)*x); -- *x = ret; -- } -- PKCS8_PRIV_KEY_INFO_free(p8inf); -- } --p8err: -- if (ret == NULL) -- PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); --err: -- OPENSSL_free(nm); -- OPENSSL_cleanse(data, len); -- OPENSSL_free(data); -- return(ret); -- } -+ if (strcmp(nm, PEM_STRING_RSA) == 0) -+ ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len); -+ else if (strcmp(nm, PEM_STRING_DSA) == 0) -+ ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len); -+ else if (strcmp(nm, PEM_STRING_ECPRIVATEKEY) == 0) -+ ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len); -+ else if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) { -+ PKCS8_PRIV_KEY_INFO *p8inf; -+ p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); -+ if (!p8inf) -+ goto p8err; -+ ret = EVP_PKCS82PKEY(p8inf); -+ if (x) { -+ if (*x) -+ EVP_PKEY_free((EVP_PKEY *)*x); -+ *x = ret; -+ } -+ PKCS8_PRIV_KEY_INFO_free(p8inf); -+ } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) { -+ PKCS8_PRIV_KEY_INFO *p8inf; -+ X509_SIG *p8; -+ int klen; -+ char psbuf[PEM_BUFSIZE]; -+ p8 = d2i_X509_SIG(NULL, &p, len); -+ if (!p8) -+ goto p8err; -+ if (cb) -+ klen = cb(psbuf, PEM_BUFSIZE, 0, u); -+ else -+ klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); -+ if (klen <= 0) { -+ PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); -+ X509_SIG_free(p8); -+ goto err; -+ } -+ p8inf = PKCS8_decrypt(p8, psbuf, klen); -+ X509_SIG_free(p8); -+ if (!p8inf) -+ goto p8err; -+ ret = EVP_PKCS82PKEY(p8inf); -+ if (x) { -+ if (*x) -+ EVP_PKEY_free((EVP_PKEY *)*x); -+ *x = ret; -+ } -+ PKCS8_PRIV_KEY_INFO_free(p8inf); -+ } -+ p8err: -+ if (ret == NULL) -+ PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB); -+ err: -+ OPENSSL_free(nm); -+ OPENSSL_cleanse(data, len); -+ OPENSSL_free(data); -+ return (ret); -+} - - #ifndef OPENSSL_NO_FP_API --EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) -- { -- BIO *b; -- EVP_PKEY *ret; -+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, -+ void *u) -+{ -+ BIO *b; -+ EVP_PKEY *ret; - -- if ((b=BIO_new(BIO_s_file())) == NULL) -- { -- PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); -- return(0); -- } -- BIO_set_fp(b,fp,BIO_NOCLOSE); -- ret=PEM_read_bio_PrivateKey(b,x,cb,u); -- BIO_free(b); -- return(ret); -- } -+ if ((b = BIO_new(BIO_s_file())) == NULL) { -+ PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB); -+ return (0); -+ } -+ BIO_set_fp(b, fp, BIO_NOCLOSE); -+ ret = PEM_read_bio_PrivateKey(b, x, cb, u); -+ BIO_free(b); -+ return (ret); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c -index 59690b5..a4a556a 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,141 +49,141 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --#include /* for OPENSSL_NO_RSA */ -+#include /* for OPENSSL_NO_RSA */ - #ifndef OPENSSL_NO_RSA --#include --#include "cryptlib.h" --#include --#include --#include --#include --#include --#include -+# include -+# include "cryptlib.h" -+# include -+# include -+# include -+# include -+# include -+# include - - int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, -- unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, -- int npubk) -- { -- unsigned char key[EVP_MAX_KEY_LENGTH]; -- int ret= -1; -- int i,j,max=0; -- char *s=NULL; -- -- for (i=0; itype != EVP_PKEY_RSA) -- { -- PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA); -- goto err; -- } -- j=RSA_size(pubk[i]->pkey.rsa); -- if (j > max) max=j; -- } -- s=(char *)OPENSSL_malloc(max*2); -- if (s == NULL) -- { -- PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- EVP_EncodeInit(&ctx->encode); -- -- EVP_MD_CTX_init(&ctx->md); -- EVP_SignInit(&ctx->md,md_type); -- -- EVP_CIPHER_CTX_init(&ctx->cipher); -- ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); -- if (ret <= 0) goto err; -- -- /* base64 encode the keys */ -- for (i=0; ipkey.rsa)); -- ekl[i]=j; -- memcpy(ek[i],s,j+1); -- } -- -- ret=npubk; --err: -- if (s != NULL) OPENSSL_free(s); -- OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH); -- return(ret); -- } -+ unsigned char **ek, int *ekl, unsigned char *iv, -+ EVP_PKEY **pubk, int npubk) -+{ -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ int ret = -1; -+ int i, j, max = 0; -+ char *s = NULL; -+ -+ for (i = 0; i < npubk; i++) { -+ if (pubk[i]->type != EVP_PKEY_RSA) { -+ PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA); -+ goto err; -+ } -+ j = RSA_size(pubk[i]->pkey.rsa); -+ if (j > max) -+ max = j; -+ } -+ s = (char *)OPENSSL_malloc(max * 2); -+ if (s == NULL) { -+ PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ EVP_EncodeInit(&ctx->encode); -+ -+ EVP_MD_CTX_init(&ctx->md); -+ EVP_SignInit(&ctx->md, md_type); -+ -+ EVP_CIPHER_CTX_init(&ctx->cipher); -+ ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); -+ if (ret <= 0) -+ goto err; -+ -+ /* base64 encode the keys */ -+ for (i = 0; i < npubk; i++) { -+ j = EVP_EncodeBlock((unsigned char *)s, ek[i], -+ RSA_size(pubk[i]->pkey.rsa)); -+ ekl[i] = j; -+ memcpy(ek[i], s, j + 1); -+ } -+ -+ ret = npubk; -+ err: -+ if (s != NULL) -+ OPENSSL_free(s); -+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); -+ return (ret); -+} - - void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, -- unsigned char *in, int inl) -- { -- unsigned char buffer[1600]; -- int i,j; -- -- *outl=0; -- EVP_SignUpdate(&ctx->md,in,inl); -- for (;;) -- { -- if (inl <= 0) break; -- if (inl > 1200) -- i=1200; -- else -- i=inl; -- EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i); -- EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j); -- *outl+=j; -- out+=j; -- in+=i; -- inl-=i; -- } -- } -+ unsigned char *in, int inl) -+{ -+ unsigned char buffer[1600]; -+ int i, j; -+ -+ *outl = 0; -+ EVP_SignUpdate(&ctx->md, in, inl); -+ for (;;) { -+ if (inl <= 0) -+ break; -+ if (inl > 1200) -+ i = 1200; -+ else -+ i = inl; -+ EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i); -+ EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j); -+ *outl += j; -+ out += j; -+ in += i; -+ inl -= i; -+ } -+} - - int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, -- unsigned char *out, int *outl, EVP_PKEY *priv) -- { -- unsigned char *s=NULL; -- int ret=0,j; -- unsigned int i; -- -- if (priv->type != EVP_PKEY_RSA) -- { -- PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA); -- goto err; -- } -- i=RSA_size(priv->pkey.rsa); -- if (i < 100) i=100; -- s=(unsigned char *)OPENSSL_malloc(i*2); -- if (s == NULL) -- { -- PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i); -- EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); -- *outl=j; -- out+=j; -- EVP_EncodeFinal(&ctx->encode,out,&j); -- *outl+=j; -- -- if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err; -- *sigl=EVP_EncodeBlock(sig,s,i); -- -- ret=1; --err: -- EVP_MD_CTX_cleanup(&ctx->md); -- EVP_CIPHER_CTX_cleanup(&ctx->cipher); -- if (s != NULL) OPENSSL_free(s); -- return(ret); -- } --#else /* !OPENSSL_NO_RSA */ -+ unsigned char *out, int *outl, EVP_PKEY *priv) -+{ -+ unsigned char *s = NULL; -+ int ret = 0, j; -+ unsigned int i; -+ -+ if (priv->type != EVP_PKEY_RSA) { -+ PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA); -+ goto err; -+ } -+ i = RSA_size(priv->pkey.rsa); -+ if (i < 100) -+ i = 100; -+ s = (unsigned char *)OPENSSL_malloc(i * 2); -+ if (s == NULL) { -+ PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i); -+ EVP_EncodeUpdate(&ctx->encode, out, &j, s, i); -+ *outl = j; -+ out += j; -+ EVP_EncodeFinal(&ctx->encode, out, &j); -+ *outl += j; -+ -+ if (!EVP_SignFinal(&ctx->md, s, &i, priv)) -+ goto err; -+ *sigl = EVP_EncodeBlock(sig, s, i); -+ -+ ret = 1; -+ err: -+ EVP_MD_CTX_cleanup(&ctx->md); -+ EVP_CIPHER_CTX_cleanup(&ctx->cipher); -+ if (s != NULL) -+ OPENSSL_free(s); -+ return (ret); -+} -+#else /* !OPENSSL_NO_RSA */ - - # if PEDANTIC --static void *dummy=&dummy; -+static void *dummy = &dummy; - # endif - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c -index c3b9808..b5e5c29 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,38 +65,37 @@ - #include - - void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) -- { -- EVP_DigestInit_ex(ctx, type, NULL); -- } -- --void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, -- unsigned int count) -- { -- EVP_DigestUpdate(ctx,data,count); -- } -+{ -+ EVP_DigestInit_ex(ctx, type, NULL); -+} - --int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, -- EVP_PKEY *pkey) -- { -- unsigned char *m; -- int i,ret=0; -- unsigned int m_len; -+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) -+{ -+ EVP_DigestUpdate(ctx, data, count); -+} - -- m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2); -- if (m == NULL) -- { -- PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE); -- goto err; -- } -+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, -+ unsigned int *siglen, EVP_PKEY *pkey) -+{ -+ unsigned char *m; -+ int i, ret = 0; -+ unsigned int m_len; - -- if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err; -+ m = (unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); -+ if (m == NULL) { -+ PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- i=EVP_EncodeBlock(sigret,m,m_len); -- *siglen=i; -- ret=1; --err: -- /* ctx has been zeroed by EVP_SignFinal() */ -- if (m != NULL) OPENSSL_free(m); -- return(ret); -- } -+ if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0) -+ goto err; - -+ i = EVP_EncodeBlock(sigret, m, m_len); -+ *siglen = i; -+ ret = 1; -+ err: -+ /* ctx has been zeroed by EVP_SignFinal() */ -+ if (m != NULL) -+ OPENSSL_free(m); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c -index 3f709f1..9d75d20 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c -@@ -1,6 +1,7 @@ - /* pem_x509.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -66,4 +67,3 @@ - #include - - IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) -- -diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c -index 7cc7491..ebd1803 100644 ---- a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c -+++ b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c -@@ -1,6 +1,7 @@ - /* pem_xaux.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -66,4 +67,5 @@ - #include - - IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) --IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR) -+IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, -+ X509_CERT_PAIR) -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c -index 1f3e378..54e4af5 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c -@@ -1,6 +1,7 @@ - /* p12_add.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,163 +63,167 @@ - - /* Pack an object into an OCTET STRING and turn into a safebag */ - --PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, -- int nid2) -+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, -+ int nid1, int nid2) - { -- PKCS12_BAGS *bag; -- PKCS12_SAFEBAG *safebag; -- if (!(bag = PKCS12_BAGS_new())) { -- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- bag->type = OBJ_nid2obj(nid1); -- if (!ASN1_item_pack(obj, it, &bag->value.octet)) { -- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- if (!(safebag = PKCS12_SAFEBAG_new())) { -- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- safebag->value.bag = bag; -- safebag->type = OBJ_nid2obj(nid2); -- return safebag; -+ PKCS12_BAGS *bag; -+ PKCS12_SAFEBAG *safebag; -+ if (!(bag = PKCS12_BAGS_new())) { -+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ bag->type = OBJ_nid2obj(nid1); -+ if (!ASN1_item_pack(obj, it, &bag->value.octet)) { -+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ if (!(safebag = PKCS12_SAFEBAG_new())) { -+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ safebag->value.bag = bag; -+ safebag->type = OBJ_nid2obj(nid2); -+ return safebag; - } - - /* Turn PKCS8 object into a keybag */ - - PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) - { -- PKCS12_SAFEBAG *bag; -- if (!(bag = PKCS12_SAFEBAG_new())) { -- PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- bag->type = OBJ_nid2obj(NID_keyBag); -- bag->value.keybag = p8; -- return bag; -+ PKCS12_SAFEBAG *bag; -+ if (!(bag = PKCS12_SAFEBAG_new())) { -+ PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ bag->type = OBJ_nid2obj(NID_keyBag); -+ bag->value.keybag = p8; -+ return bag; - } - - /* Turn PKCS8 object into a shrouded keybag */ - - PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, -- int passlen, unsigned char *salt, int saltlen, int iter, -- PKCS8_PRIV_KEY_INFO *p8) -+ int passlen, unsigned char *salt, -+ int saltlen, int iter, -+ PKCS8_PRIV_KEY_INFO *p8) - { -- PKCS12_SAFEBAG *bag; -- -- /* Set up the safe bag */ -- if (!(bag = PKCS12_SAFEBAG_new())) { -- PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); -- if (!(bag->value.shkeybag = -- PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter, -- p8))) { -- PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- return bag; -+ PKCS12_SAFEBAG *bag; -+ -+ /* Set up the safe bag */ -+ if (!(bag = PKCS12_SAFEBAG_new())) { -+ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); -+ if (!(bag->value.shkeybag = -+ PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter, -+ p8))) { -+ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ return bag; - } - - /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ - PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) - { -- PKCS7 *p7; -- if (!(p7 = PKCS7_new())) { -- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- p7->type = OBJ_nid2obj(NID_pkcs7_data); -- if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { -- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { -- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); -- return NULL; -- } -- return p7; -+ PKCS7 *p7; -+ if (!(p7 = PKCS7_new())) { -+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ p7->type = OBJ_nid2obj(NID_pkcs7_data); -+ if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { -+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { -+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); -+ return NULL; -+ } -+ return p7; - } - - /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ - STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) - { -- if(!PKCS7_type_is_data(p7)) -- { -- PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA); -- return NULL; -- } -- return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); -+ if (!PKCS7_type_is_data(p7)) { -+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, -+ PKCS12_R_CONTENT_TYPE_NOT_DATA); -+ return NULL; -+ } -+ return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); - } - - /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ - - PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, -- unsigned char *salt, int saltlen, int iter, -- STACK_OF(PKCS12_SAFEBAG) *bags) -+ unsigned char *salt, int saltlen, int iter, -+ STACK_OF(PKCS12_SAFEBAG) *bags) - { -- PKCS7 *p7; -- X509_ALGOR *pbe; -- if (!(p7 = PKCS7_new())) { -- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { -- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, -- PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); -- return NULL; -- } -- if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) { -- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); -- p7->d.encrypted->enc_data->algorithm = pbe; -- M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); -- if (!(p7->d.encrypted->enc_data->enc_data = -- PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, -- bags, 1))) { -- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); -- return NULL; -- } -- -- return p7; -+ PKCS7 *p7; -+ X509_ALGOR *pbe; -+ if (!(p7 = PKCS7_new())) { -+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { -+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, -+ PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); -+ return NULL; -+ } -+ if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) { -+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); -+ p7->d.encrypted->enc_data->algorithm = pbe; -+ M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); -+ if (!(p7->d.encrypted->enc_data->enc_data = -+ PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, -+ passlen, bags, 1))) { -+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); -+ return NULL; -+ } -+ -+ return p7; - } - --STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) -+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, -+ int passlen) - { -- if(!PKCS7_type_is_encrypted(p7)) return NULL; -- return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, -- ASN1_ITEM_rptr(PKCS12_SAFEBAGS), -- pass, passlen, -- p7->d.encrypted->enc_data->enc_data, 1); -+ if (!PKCS7_type_is_encrypted(p7)) -+ return NULL; -+ return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, -+ ASN1_ITEM_rptr(PKCS12_SAFEBAGS), -+ pass, passlen, -+ p7->d.encrypted->enc_data->enc_data, 1); - } - --PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, -- int passlen) -+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, -+ const char *pass, int passlen) - { -- return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); -+ return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); - } - --int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) -+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) - { -- if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), -- &p12->authsafes->d.data)) -- return 1; -- return 0; -+ if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), -+ &p12->authsafes->d.data)) -+ return 1; -+ return 0; - } - - STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) - { -- if (!PKCS7_type_is_data(p12->authsafes)) -- { -- PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA); -- return NULL; -- } -- return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); -+ if (!PKCS7_type_is_data(p12->authsafes)) { -+ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, -+ PKCS12_R_CONTENT_TYPE_NOT_DATA); -+ return NULL; -+ } -+ return ASN1_item_unpack(p12->authsafes->d.data, -+ ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c -index 6e27633..370ddbd 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c -@@ -1,6 +1,7 @@ - /* p12_asn.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,17 +65,17 @@ - /* PKCS#12 ASN1 module */ - - ASN1_SEQUENCE(PKCS12) = { -- ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), -- ASN1_SIMPLE(PKCS12, authsafes, PKCS7), -- ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) -+ ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), -+ ASN1_SIMPLE(PKCS12, authsafes, PKCS7), -+ ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) - } ASN1_SEQUENCE_END(PKCS12) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS12) - - ASN1_SEQUENCE(PKCS12_MAC_DATA) = { -- ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), -- ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), -- ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) -+ ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), -+ ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), -+ ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) - } ASN1_SEQUENCE_END(PKCS12_MAC_DATA) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) -@@ -82,14 +83,14 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) - ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0); - - ASN1_ADB(PKCS12_BAGS) = { -- ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), -- ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), -- ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), -+ ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), -+ ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), -+ ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), - } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); - - ASN1_SEQUENCE(PKCS12_BAGS) = { -- ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), -- ASN1_ADB_OBJECT(PKCS12_BAGS), -+ ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), -+ ASN1_ADB_OBJECT(PKCS12_BAGS), - } ASN1_SEQUENCE_END(PKCS12_BAGS) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) -@@ -97,29 +98,28 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) - ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0); - - ASN1_ADB(PKCS12_SAFEBAG) = { -- ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), -- ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), -- ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), -- ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), -- ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), -- ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) -+ ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), -+ ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), -+ ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), -+ ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), -+ ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), -+ ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) - } ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL); - - ASN1_SEQUENCE(PKCS12_SAFEBAG) = { -- ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), -- ASN1_ADB_OBJECT(PKCS12_SAFEBAG), -- ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) -+ ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), -+ ASN1_ADB_OBJECT(PKCS12_SAFEBAG), -+ ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) - } ASN1_SEQUENCE_END(PKCS12_SAFEBAG) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG) - - /* SEQUENCE OF SafeBag */ --ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) -+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) - ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS) - - /* Authsafes: SEQUENCE OF PKCS7 */ --ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) -+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) - ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES) -- -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c -index 856933d..1b57ac8 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c -@@ -1,6 +1,7 @@ - /* p12_attr.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,90 +63,91 @@ - - #ifdef OPENSSL_SYS_NETWARE - /* Rename these functions to avoid name clashes on NetWare OS */ --#define uni2asc OPENSSL_uni2asc --#define asc2uni OPENSSL_asc2uni -+# define uni2asc OPENSSL_uni2asc -+# define asc2uni OPENSSL_asc2uni - #endif - - /* Add a local keyid to a safebag */ - - int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, -- int namelen) -+ int namelen) - { -- if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, -- V_ASN1_OCTET_STRING, name, namelen)) -- return 1; -- else -- return 0; -+ if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, -+ V_ASN1_OCTET_STRING, name, namelen)) -+ return 1; -+ else -+ return 0; - } - - /* Add key usage to PKCS#8 structure */ - - int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) - { -- unsigned char us_val; -- us_val = (unsigned char) usage; -- if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, -- V_ASN1_BIT_STRING, &us_val, 1)) -- return 1; -- else -- return 0; -+ unsigned char us_val; -+ us_val = (unsigned char)usage; -+ if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, -+ V_ASN1_BIT_STRING, &us_val, 1)) -+ return 1; -+ else -+ return 0; - } - - /* Add a friendlyname to a safebag */ - - int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, -- int namelen) -+ int namelen) - { -- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, -- MBSTRING_ASC, (unsigned char *)name, namelen)) -- return 1; -- else -- return 0; -+ if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, -+ MBSTRING_ASC, (unsigned char *)name, namelen)) -+ return 1; -+ else -+ return 0; - } - -- - int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, -- const unsigned char *name, int namelen) -+ const unsigned char *name, int namelen) - { -- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, -- MBSTRING_BMP, name, namelen)) -- return 1; -- else -- return 0; -+ if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, -+ MBSTRING_BMP, name, namelen)) -+ return 1; -+ else -+ return 0; - } - --int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, -- int namelen) -+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) - { -- if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, -- MBSTRING_ASC, (unsigned char *)name, namelen)) -- return 1; -- else -- return 0; -+ if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, -+ MBSTRING_ASC, (unsigned char *)name, namelen)) -+ return 1; -+ else -+ return 0; - } - - ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) - { -- X509_ATTRIBUTE *attrib; -- int i; -- if (!attrs) return NULL; -- for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) { -- attrib = sk_X509_ATTRIBUTE_value (attrs, i); -- if (OBJ_obj2nid (attrib->object) == attr_nid) { -- if (sk_ASN1_TYPE_num (attrib->value.set)) -- return sk_ASN1_TYPE_value(attrib->value.set, 0); -- else return NULL; -- } -- } -- return NULL; -+ X509_ATTRIBUTE *attrib; -+ int i; -+ if (!attrs) -+ return NULL; -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { -+ attrib = sk_X509_ATTRIBUTE_value(attrs, i); -+ if (OBJ_obj2nid(attrib->object) == attr_nid) { -+ if (sk_ASN1_TYPE_num(attrib->value.set)) -+ return sk_ASN1_TYPE_value(attrib->value.set, 0); -+ else -+ return NULL; -+ } -+ } -+ return NULL; - } - - char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) - { -- ASN1_TYPE *atype; -- if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL; -- if (atype->type != V_ASN1_BMPSTRING) return NULL; -- return uni2asc(atype->value.bmpstring->data, -- atype->value.bmpstring->length); -+ ASN1_TYPE *atype; -+ if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) -+ return NULL; -+ if (atype->type != V_ASN1_BMPSTRING) -+ return NULL; -+ return uni2asc(atype->value.bmpstring->data, -+ atype->value.bmpstring->length); - } -- -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c -index f8b952e..d75adf5 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c -@@ -1,6 +1,7 @@ - /* p12_crpt.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,66 +66,69 @@ - void PKCS12_PBE_add(void) - { - #ifndef OPENSSL_NO_RC4 --EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), -- PKCS12_PBE_keyivgen); --EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), -- PKCS12_PBE_keyivgen); -+ EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), -+ PKCS12_PBE_keyivgen); -+ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), -+ PKCS12_PBE_keyivgen); - #endif - #ifndef OPENSSL_NO_DES --EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, -- EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); --EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, -- EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); -+ EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, -+ EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); -+ EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, -+ EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); - #endif - #ifndef OPENSSL_NO_RC2 --EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), -- EVP_sha1(), PKCS12_PBE_keyivgen); --EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), -- EVP_sha1(), PKCS12_PBE_keyivgen); -+ EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), -+ EVP_sha1(), PKCS12_PBE_keyivgen); -+ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), -+ EVP_sha1(), PKCS12_PBE_keyivgen); - #endif - } - - int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, -- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) -+ ASN1_TYPE *param, const EVP_CIPHER *cipher, -+ const EVP_MD *md, int en_de) - { -- PBEPARAM *pbe; -- int saltlen, iter, ret; -- unsigned char *salt; -- const unsigned char *pbuf; -- unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; -+ PBEPARAM *pbe; -+ int saltlen, iter, ret; -+ unsigned char *salt; -+ const unsigned char *pbuf; -+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - -- /* Extract useful info from parameter */ -- if (param == NULL || param->type != V_ASN1_SEQUENCE || -- param->value.sequence == NULL) { -- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); -- return 0; -- } -+ /* Extract useful info from parameter */ -+ if (param == NULL || param->type != V_ASN1_SEQUENCE || -+ param->value.sequence == NULL) { -+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); -+ return 0; -+ } - -- pbuf = param->value.sequence->data; -- if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { -- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); -- return 0; -- } -+ pbuf = param->value.sequence->data; -+ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { -+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); -+ return 0; -+ } - -- if (!pbe->iter) iter = 1; -- else iter = ASN1_INTEGER_get (pbe->iter); -- salt = pbe->salt->data; -- saltlen = pbe->salt->length; -- if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, -- iter, EVP_CIPHER_key_length(cipher), key, md)) { -- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR); -- PBEPARAM_free(pbe); -- return 0; -- } -- if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID, -- iter, EVP_CIPHER_iv_length(cipher), iv, md)) { -- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR); -- PBEPARAM_free(pbe); -- return 0; -- } -- PBEPARAM_free(pbe); -- ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); -- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); -- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); -- return ret; -+ if (!pbe->iter) -+ iter = 1; -+ else -+ iter = ASN1_INTEGER_get(pbe->iter); -+ salt = pbe->salt->data; -+ saltlen = pbe->salt->length; -+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, -+ iter, EVP_CIPHER_key_length(cipher), key, md)) { -+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR); -+ PBEPARAM_free(pbe); -+ return 0; -+ } -+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, -+ iter, EVP_CIPHER_iv_length(cipher), iv, md)) { -+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR); -+ PBEPARAM_free(pbe); -+ return 0; -+ } -+ PBEPARAM_free(pbe); -+ ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); -+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); -+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); -+ return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -index 3ef3be1..e9b150c 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c -@@ -1,5 +1,6 @@ - /* p12_crt.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,319 +61,301 @@ - #include "cryptlib.h" - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -- -- --static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); -+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, -+ PKCS12_SAFEBAG *bag); - - static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) -- { -- int idx; -- X509_ATTRIBUTE *attr; -- idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); -- if (idx < 0) -- return 1; -- attr = EVP_PKEY_get_attr(pkey, idx); -- if (!X509at_add1_attr(&bag->attrib, attr)) -- return 0; -- return 1; -- } -+{ -+ int idx; -+ X509_ATTRIBUTE *attr; -+ idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); -+ if (idx < 0) -+ return 1; -+ attr = EVP_PKEY_get_attr(pkey, idx); -+ if (!X509at_add1_attr(&bag->attrib, attr)) -+ return 0; -+ return 1; -+} - - PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, -- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, -- int keytype) -+ STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, -+ int mac_iter, int keytype) - { -- PKCS12 *p12 = NULL; -- STACK_OF(PKCS7) *safes = NULL; -- STACK_OF(PKCS12_SAFEBAG) *bags = NULL; -- PKCS12_SAFEBAG *bag = NULL; -- int i; -- unsigned char keyid[EVP_MAX_MD_SIZE]; -- unsigned int keyidlen = 0; -- -- /* Set defaults */ -- if (!nid_cert) -- { -+ PKCS12 *p12 = NULL; -+ STACK_OF(PKCS7) *safes = NULL; -+ STACK_OF(PKCS12_SAFEBAG) *bags = NULL; -+ PKCS12_SAFEBAG *bag = NULL; -+ int i; -+ unsigned char keyid[EVP_MAX_MD_SIZE]; -+ unsigned int keyidlen = 0; -+ -+ /* Set defaults */ -+ if (!nid_cert) { - #ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -- else -+ if (FIPS_mode()) -+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+ else - #endif - #ifdef OPENSSL_NO_RC2 -- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - #else -- nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; -+ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; - #endif -- } -- if (!nid_key) -- nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -- if (!iter) -- iter = PKCS12_DEFAULT_ITER; -- if (!mac_iter) -- mac_iter = 1; -- -- if(!pkey && !cert && !ca) -- { -- PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); -- return NULL; -- } -- -- if (pkey && cert) -- { -- if(!X509_check_private_key(cert, pkey)) -- return NULL; -- X509_digest(cert, EVP_sha1(), keyid, &keyidlen); -- } -- -- if (cert) -- { -- bag = PKCS12_add_cert(&bags, cert); -- if(name && !PKCS12_add_friendlyname(bag, name, -1)) -- goto err; -- if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) -- goto err; -- } -- -- /* Add all other certificates */ -- for(i = 0; i < sk_X509_num(ca); i++) -- { -- if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) -- goto err; -- } -- -- if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) -- goto err; -- -- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -- bags = NULL; -- -- if (pkey) -- { -- bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); -- -- if (!bag) -- goto err; -- -- if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) -- goto err; -- if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) -- goto err; -- -- if(name && !PKCS12_add_friendlyname(bag, name, -1)) -- goto err; -- if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) -- goto err; -- } -- -- if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) -- goto err; -- -- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -- bags = NULL; -- -- p12 = PKCS12_add_safes(safes, 0); -- -- if (!p12) -- goto err; -- -- sk_PKCS7_pop_free(safes, PKCS7_free); -- -- safes = NULL; -- -- if ((mac_iter != -1) && -- !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) -- goto err; -- -- return p12; -- -- err: -- -- if (p12) -- PKCS12_free(p12); -- if (safes) -- sk_PKCS7_pop_free(safes, PKCS7_free); -- if (bags) -- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -- return NULL; -+ } -+ if (!nid_key) -+ nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+ if (!iter) -+ iter = PKCS12_DEFAULT_ITER; -+ if (!mac_iter) -+ mac_iter = 1; -+ -+ if (!pkey && !cert && !ca) { -+ PKCS12err(PKCS12_F_PKCS12_CREATE, PKCS12_R_INVALID_NULL_ARGUMENT); -+ return NULL; -+ } -+ -+ if (pkey && cert) { -+ if (!X509_check_private_key(cert, pkey)) -+ return NULL; -+ X509_digest(cert, EVP_sha1(), keyid, &keyidlen); -+ } -+ -+ if (cert) { -+ bag = PKCS12_add_cert(&bags, cert); -+ if (name && !PKCS12_add_friendlyname(bag, name, -1)) -+ goto err; -+ if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) -+ goto err; -+ } -+ -+ /* Add all other certificates */ -+ for (i = 0; i < sk_X509_num(ca); i++) { -+ if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) -+ goto err; -+ } -+ -+ if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) -+ goto err; -+ -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ bags = NULL; -+ -+ if (pkey) { -+ bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); -+ -+ if (!bag) -+ goto err; -+ -+ if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) -+ goto err; -+ if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) -+ goto err; -+ -+ if (name && !PKCS12_add_friendlyname(bag, name, -1)) -+ goto err; -+ if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) -+ goto err; -+ } -+ -+ if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) -+ goto err; -+ -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ bags = NULL; -+ -+ p12 = PKCS12_add_safes(safes, 0); -+ -+ if (!p12) -+ goto err; -+ -+ sk_PKCS7_pop_free(safes, PKCS7_free); -+ -+ safes = NULL; -+ -+ if ((mac_iter != -1) && -+ !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) -+ goto err; -+ -+ return p12; -+ -+ err: -+ -+ if (p12) -+ PKCS12_free(p12); -+ if (safes) -+ sk_PKCS7_pop_free(safes, PKCS7_free); -+ if (bags) -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ return NULL; - - } - - PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) -- { -- PKCS12_SAFEBAG *bag = NULL; -- char *name; -- int namelen = -1; -- unsigned char *keyid; -- int keyidlen = -1; -+{ -+ PKCS12_SAFEBAG *bag = NULL; -+ char *name; -+ int namelen = -1; -+ unsigned char *keyid; -+ int keyidlen = -1; - -- /* Add user certificate */ -- if(!(bag = PKCS12_x5092certbag(cert))) -- goto err; -+ /* Add user certificate */ -+ if (!(bag = PKCS12_x5092certbag(cert))) -+ goto err; - -- /* Use friendlyName and localKeyID in certificate. -- * (if present) -- */ -+ /* -+ * Use friendlyName and localKeyID in certificate. (if present) -+ */ - -- name = (char *)X509_alias_get0(cert, &namelen); -+ name = (char *)X509_alias_get0(cert, &namelen); - -- if(name && !PKCS12_add_friendlyname(bag, name, namelen)) -- goto err; -+ if (name && !PKCS12_add_friendlyname(bag, name, namelen)) -+ goto err; - -- keyid = X509_keyid_get0(cert, &keyidlen); -+ keyid = X509_keyid_get0(cert, &keyidlen); - -- if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) -- goto err; -+ if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) -+ goto err; - -- if (!pkcs12_add_bag(pbags, bag)) -- goto err; -+ if (!pkcs12_add_bag(pbags, bag)) -+ goto err; - -- return bag; -+ return bag; - -- err: -+ err: - -- if (bag) -- PKCS12_SAFEBAG_free(bag); -+ if (bag) -+ PKCS12_SAFEBAG_free(bag); - -- return NULL; -+ return NULL; - -- } -+} - --PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, -- int key_usage, int iter, -- int nid_key, char *pass) -- { -+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, -+ EVP_PKEY *key, int key_usage, int iter, -+ int nid_key, char *pass) -+{ - -- PKCS12_SAFEBAG *bag = NULL; -- PKCS8_PRIV_KEY_INFO *p8 = NULL; -+ PKCS12_SAFEBAG *bag = NULL; -+ PKCS8_PRIV_KEY_INFO *p8 = NULL; - -- /* Make a PKCS#8 structure */ -- if(!(p8 = EVP_PKEY2PKCS8(key))) -- goto err; -- if(key_usage && !PKCS8_add_keyusage(p8, key_usage)) -- goto err; -- if (nid_key != -1) -- { -- bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); -- PKCS8_PRIV_KEY_INFO_free(p8); -- } -- else -- bag = PKCS12_MAKE_KEYBAG(p8); -+ /* Make a PKCS#8 structure */ -+ if (!(p8 = EVP_PKEY2PKCS8(key))) -+ goto err; -+ if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) -+ goto err; -+ if (nid_key != -1) { -+ bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); -+ PKCS8_PRIV_KEY_INFO_free(p8); -+ } else -+ bag = PKCS12_MAKE_KEYBAG(p8); - -- if(!bag) -- goto err; -+ if (!bag) -+ goto err; - -- if (!pkcs12_add_bag(pbags, bag)) -- goto err; -+ if (!pkcs12_add_bag(pbags, bag)) -+ goto err; - -- return bag; -+ return bag; - -- err: -+ err: - -- if (bag) -- PKCS12_SAFEBAG_free(bag); -+ if (bag) -+ PKCS12_SAFEBAG_free(bag); - -- return NULL; -+ return NULL; - -- } -+} - - int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, -- int nid_safe, int iter, char *pass) -- { -- PKCS7 *p7 = NULL; -- int free_safes = 0; -- -- if (!*psafes) -- { -- *psafes = sk_PKCS7_new_null(); -- if (!*psafes) -- return 0; -- free_safes = 1; -- } -- else -- free_safes = 0; -- -- if (nid_safe == 0) -+ int nid_safe, int iter, char *pass) -+{ -+ PKCS7 *p7 = NULL; -+ int free_safes = 0; -+ -+ if (!*psafes) { -+ *psafes = sk_PKCS7_new_null(); -+ if (!*psafes) -+ return 0; -+ free_safes = 1; -+ } else -+ free_safes = 0; -+ -+ if (nid_safe == 0) - #ifdef OPENSSL_NO_RC2 -- nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+ nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - #else -- nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; -+ nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; - #endif - -- if (nid_safe == -1) -- p7 = PKCS12_pack_p7data(bags); -- else -- p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, -- iter, bags); -- if (!p7) -- goto err; -- -- if (!sk_PKCS7_push(*psafes, p7)) -- goto err; -- -- return 1; -- -- err: -- if (free_safes) -- { -- sk_PKCS7_free(*psafes); -- *psafes = NULL; -- } -- -- if (p7) -- PKCS7_free(p7); -- -- return 0; -- -- } -- --static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) -- { -- int free_bags; -- if (!pbags) -- return 1; -- if (!*pbags) -- { -- *pbags = sk_PKCS12_SAFEBAG_new_null(); -- if (!*pbags) -- return 0; -- free_bags = 1; -- } -- else -- free_bags = 0; -- -- if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) -- { -- if (free_bags) -- { -- sk_PKCS12_SAFEBAG_free(*pbags); -- *pbags = NULL; -- } -- return 0; -- } -- -- return 1; -- -- } -- -+ if (nid_safe == -1) -+ p7 = PKCS12_pack_p7data(bags); -+ else -+ p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, iter, bags); -+ if (!p7) -+ goto err; -+ -+ if (!sk_PKCS7_push(*psafes, p7)) -+ goto err; -+ -+ return 1; -+ -+ err: -+ if (free_safes) { -+ sk_PKCS7_free(*psafes); -+ *psafes = NULL; -+ } -+ -+ if (p7) -+ PKCS7_free(p7); -+ -+ return 0; -+ -+} -+ -+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, -+ PKCS12_SAFEBAG *bag) -+{ -+ int free_bags; -+ if (!pbags) -+ return 1; -+ if (!*pbags) { -+ *pbags = sk_PKCS12_SAFEBAG_new_null(); -+ if (!*pbags) -+ return 0; -+ free_bags = 1; -+ } else -+ free_bags = 0; -+ -+ if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) { -+ if (free_bags) { -+ sk_PKCS12_SAFEBAG_free(*pbags); -+ *pbags = NULL; -+ } -+ return 0; -+ } -+ -+ return 1; -+ -+} - - PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) -- { -- PKCS12 *p12; -- if (nid_p7 <= 0) -- nid_p7 = NID_pkcs7_data; -- p12 = PKCS12_init(nid_p7); -+{ -+ PKCS12 *p12; -+ if (nid_p7 <= 0) -+ nid_p7 = NID_pkcs7_data; -+ p12 = PKCS12_init(nid_p7); - -- if (!p12) -- return NULL; -+ if (!p12) -+ return NULL; - -- if(!PKCS12_pack_authsafes(p12, safes)) -- { -- PKCS12_free(p12); -- return NULL; -- } -+ if (!PKCS12_pack_authsafes(p12, safes)) { -+ PKCS12_free(p12); -+ return NULL; -+ } - -- return p12; -+ return p12; - -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c -index ba77dbb..af0b7f8 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c -@@ -1,6 +1,7 @@ - /* p12_decr.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,117 +62,131 @@ - #include - - /* Define this to dump decrypted output to files called DERnnn */ --/*#define DEBUG_DECRYPT*/ -- -+/* -+ * #define DEBUG_DECRYPT -+ */ - --/* Encrypt/Decrypt a buffer based on password and algor, result in a -+/* -+ * Encrypt/Decrypt a buffer based on password and algor, result in a - * OPENSSL_malloc'ed buffer - */ - --unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, -- int passlen, unsigned char *in, int inlen, unsigned char **data, -- int *datalen, int en_de) -+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, -+ int passlen, unsigned char *in, int inlen, -+ unsigned char **data, int *datalen, int en_de) - { -- unsigned char *out; -- int outlen, i; -- EVP_CIPHER_CTX ctx; -- -- EVP_CIPHER_CTX_init(&ctx); -- /* Decrypt data */ -- if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, -- algor->parameter, &ctx, en_de)) { -- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); -- return NULL; -- } -- -- if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { -- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- EVP_CipherUpdate(&ctx, out, &i, in, inlen); -- outlen = i; -- if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) { -- OPENSSL_free(out); -- out = NULL; -- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR); -- goto err; -- } -- outlen += i; -- if (datalen) *datalen = outlen; -- if (data) *data = out; -- err: -- EVP_CIPHER_CTX_cleanup(&ctx); -- return out; -+ unsigned char *out; -+ int outlen, i; -+ EVP_CIPHER_CTX ctx; -+ -+ EVP_CIPHER_CTX_init(&ctx); -+ /* Decrypt data */ -+ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, -+ algor->parameter, &ctx, en_de)) { -+ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, -+ PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); -+ return NULL; -+ } -+ -+ if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { -+ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ EVP_CipherUpdate(&ctx, out, &i, in, inlen); -+ outlen = i; -+ if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { -+ OPENSSL_free(out); -+ out = NULL; -+ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, -+ PKCS12_R_PKCS12_CIPHERFINAL_ERROR); -+ goto err; -+ } -+ outlen += i; -+ if (datalen) -+ *datalen = outlen; -+ if (data) -+ *data = out; -+ err: -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ return out; - - } - --/* Decrypt an OCTET STRING and decode ASN1 structure -- * if zbuf set zero buffer after use. -+/* -+ * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer -+ * after use. - */ - --void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, -- const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) -+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, -+ const char *pass, int passlen, -+ ASN1_OCTET_STRING *oct, int zbuf) - { -- unsigned char *out; -- const unsigned char *p; -- void *ret; -- int outlen; -- -- if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, -- &out, &outlen, 0)) { -- PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); -- return NULL; -- } -- p = out; -+ unsigned char *out; -+ const unsigned char *p; -+ void *ret; -+ int outlen; -+ -+ if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, -+ &out, &outlen, 0)) { -+ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, -+ PKCS12_R_PKCS12_PBE_CRYPT_ERROR); -+ return NULL; -+ } -+ p = out; - #ifdef DEBUG_DECRYPT -- { -- FILE *op; -- -- char fname[30]; -- static int fnm = 1; -- sprintf(fname, "DER%d", fnm++); -- op = fopen(fname, "wb"); -- fwrite (p, 1, outlen, op); -- fclose(op); -- } -+ { -+ FILE *op; -+ -+ char fname[30]; -+ static int fnm = 1; -+ sprintf(fname, "DER%d", fnm++); -+ op = fopen(fname, "wb"); -+ fwrite(p, 1, outlen, op); -+ fclose(op); -+ } - #endif -- ret = ASN1_item_d2i(NULL, &p, outlen, it); -- if (zbuf) OPENSSL_cleanse(out, outlen); -- if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); -- OPENSSL_free(out); -- return ret; -+ ret = ASN1_item_d2i(NULL, &p, outlen, it); -+ if (zbuf) -+ OPENSSL_cleanse(out, outlen); -+ if (!ret) -+ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR); -+ OPENSSL_free(out); -+ return ret; - } - --/* Encode ASN1 structure and encrypt, return OCTET STRING -- * if zbuf set zero encoding. -+/* -+ * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero -+ * encoding. - */ - --ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, -- const char *pass, int passlen, -- void *obj, int zbuf) -+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, -+ const ASN1_ITEM *it, -+ const char *pass, int passlen, -+ void *obj, int zbuf) - { -- ASN1_OCTET_STRING *oct; -- unsigned char *in = NULL; -- int inlen; -- if (!(oct = M_ASN1_OCTET_STRING_new ())) { -- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- inlen = ASN1_item_i2d(obj, &in, it); -- if (!in) { -- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); -- return NULL; -- } -- if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, -- &oct->length, 1)) { -- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); -- OPENSSL_free(in); -- return NULL; -- } -- if (zbuf) OPENSSL_cleanse(in, inlen); -- OPENSSL_free(in); -- return oct; -+ ASN1_OCTET_STRING *oct; -+ unsigned char *in = NULL; -+ int inlen; -+ if (!(oct = M_ASN1_OCTET_STRING_new())) { -+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ inlen = ASN1_item_i2d(obj, &in, it); -+ if (!in) { -+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR); -+ return NULL; -+ } -+ if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, -+ &oct->length, 1)) { -+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); -+ OPENSSL_free(in); -+ return NULL; -+ } -+ if (zbuf) -+ OPENSSL_cleanse(in, inlen); -+ OPENSSL_free(in); -+ return oct; - } - - IMPLEMENT_PKCS12_STACK_OF(PKCS7) -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c -index d4d84b0..0322df9 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c -@@ -1,6 +1,7 @@ - /* p12_init.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,29 +65,28 @@ - - PKCS12 *PKCS12_init(int mode) - { -- PKCS12 *pkcs12; -- if (!(pkcs12 = PKCS12_new())) { -- PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- ASN1_INTEGER_set(pkcs12->version, 3); -- pkcs12->authsafes->type = OBJ_nid2obj(mode); -- switch (mode) { -- case NID_pkcs7_data: -- if (!(pkcs12->authsafes->d.data = -- M_ASN1_OCTET_STRING_new())) { -- PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- break; -- default: -- PKCS12err(PKCS12_F_PKCS12_INIT, -- PKCS12_R_UNSUPPORTED_PKCS12_MODE); -- goto err; -- } -- -- return pkcs12; --err: -- if (pkcs12 != NULL) PKCS12_free(pkcs12); -- return NULL; -+ PKCS12 *pkcs12; -+ if (!(pkcs12 = PKCS12_new())) { -+ PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ ASN1_INTEGER_set(pkcs12->version, 3); -+ pkcs12->authsafes->type = OBJ_nid2obj(mode); -+ switch (mode) { -+ case NID_pkcs7_data: -+ if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) { -+ PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ break; -+ default: -+ PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE); -+ goto err; -+ } -+ -+ return pkcs12; -+ err: -+ if (pkcs12 != NULL) -+ PKCS12_free(pkcs12); -+ return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c -index 03cbcd8..dcccc10 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c -@@ -1,6 +1,7 @@ - /* p12_key.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,157 +63,172 @@ - #include - - /* Uncomment out this line to get debugging info about key generation */ --/*#define DEBUG_KEYGEN*/ -+/* -+ * #define DEBUG_KEYGEN -+ */ - #ifdef DEBUG_KEYGEN --#include -+# include - extern BIO *bio_err; --void h__dump (unsigned char *p, int len); -+void h__dump(unsigned char *p, int len); - #endif - - #ifdef OPENSSL_SYS_NETWARE - /* Rename these functions to avoid name clashes on NetWare OS */ --#define uni2asc OPENSSL_uni2asc --#define asc2uni OPENSSL_asc2uni -+# define uni2asc OPENSSL_uni2asc -+# define asc2uni OPENSSL_asc2uni - #endif - - /* PKCS12 compatible key/IV generation */ - #ifndef min --#define min(a,b) ((a) < (b) ? (a) : (b)) -+# define min(a,b) ((a) < (b) ? (a) : (b)) - #endif - - int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, -- int saltlen, int id, int iter, int n, unsigned char *out, -- const EVP_MD *md_type) -+ int saltlen, int id, int iter, int n, -+ unsigned char *out, const EVP_MD *md_type) - { -- int ret; -- unsigned char *unipass; -- int uniplen; -- if(!pass) { -- unipass = NULL; -- uniplen = 0; -- } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { -- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, -- id, iter, n, out, md_type); -- if(unipass) { -- OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ -- OPENSSL_free(unipass); -- } -- return ret; -+ int ret; -+ unsigned char *unipass; -+ int uniplen; -+ if (!pass) { -+ unipass = NULL; -+ uniplen = 0; -+ } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { -+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, -+ id, iter, n, out, md_type); -+ if (unipass) { -+ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ -+ OPENSSL_free(unipass); -+ } -+ return ret; - } - - int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, -- int saltlen, int id, int iter, int n, unsigned char *out, -- const EVP_MD *md_type) -+ int saltlen, int id, int iter, int n, -+ unsigned char *out, const EVP_MD *md_type) - { -- unsigned char *B, *D, *I, *p, *Ai; -- int Slen, Plen, Ilen, Ijlen; -- int i, j, u, v; -- int ret = 0; -- BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ -- EVP_MD_CTX ctx; -+ unsigned char *B, *D, *I, *p, *Ai; -+ int Slen, Plen, Ilen, Ijlen; -+ int i, j, u, v; -+ int ret = 0; -+ BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ -+ EVP_MD_CTX ctx; - #ifdef DEBUG_KEYGEN -- unsigned char *tmpout = out; -- int tmpn = n; -+ unsigned char *tmpout = out; -+ int tmpn = n; - #endif - - #if 0 -- if (!pass) { -- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -+ if (!pass) { -+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } - #endif - -- EVP_MD_CTX_init(&ctx); -+ EVP_MD_CTX_init(&ctx); - #ifdef DEBUG_KEYGEN -- fprintf(stderr, "KEYGEN DEBUG\n"); -- fprintf(stderr, "ID %d, ITER %d\n", id, iter); -- fprintf(stderr, "Password (length %d):\n", passlen); -- h__dump(pass, passlen); -- fprintf(stderr, "Salt (length %d):\n", saltlen); -- h__dump(salt, saltlen); -+ fprintf(stderr, "KEYGEN DEBUG\n"); -+ fprintf(stderr, "ID %d, ITER %d\n", id, iter); -+ fprintf(stderr, "Password (length %d):\n", passlen); -+ h__dump(pass, passlen); -+ fprintf(stderr, "Salt (length %d):\n", saltlen); -+ h__dump(salt, saltlen); - #endif -- v = EVP_MD_block_size (md_type); -- u = EVP_MD_size (md_type); -- D = OPENSSL_malloc (v); -- Ai = OPENSSL_malloc (u); -- B = OPENSSL_malloc (v + 1); -- Slen = v * ((saltlen+v-1)/v); -- if(passlen) Plen = v * ((passlen+v-1)/v); -- else Plen = 0; -- Ilen = Slen + Plen; -- I = OPENSSL_malloc (Ilen); -- Ij = BN_new(); -- Bpl1 = BN_new(); -- if (!D || !Ai || !B || !I || !Ij || !Bpl1) -- goto err; -- for (i = 0; i < v; i++) D[i] = id; -- p = I; -- for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; -- for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; -- for (;;) { -- EVP_DigestInit_ex(&ctx, md_type, NULL); -- EVP_DigestUpdate(&ctx, D, v); -- EVP_DigestUpdate(&ctx, I, Ilen); -- EVP_DigestFinal_ex(&ctx, Ai, NULL); -- for (j = 1; j < iter; j++) { -- EVP_DigestInit_ex(&ctx, md_type, NULL); -- EVP_DigestUpdate(&ctx, Ai, u); -- EVP_DigestFinal_ex(&ctx, Ai, NULL); -- } -- memcpy (out, Ai, min (n, u)); -- if (u >= n) { -+ v = EVP_MD_block_size(md_type); -+ u = EVP_MD_size(md_type); -+ D = OPENSSL_malloc(v); -+ Ai = OPENSSL_malloc(u); -+ B = OPENSSL_malloc(v + 1); -+ Slen = v * ((saltlen + v - 1) / v); -+ if (passlen) -+ Plen = v * ((passlen + v - 1) / v); -+ else -+ Plen = 0; -+ Ilen = Slen + Plen; -+ I = OPENSSL_malloc(Ilen); -+ Ij = BN_new(); -+ Bpl1 = BN_new(); -+ if (!D || !Ai || !B || !I || !Ij || !Bpl1) -+ goto err; -+ for (i = 0; i < v; i++) -+ D[i] = id; -+ p = I; -+ for (i = 0; i < Slen; i++) -+ *p++ = salt[i % saltlen]; -+ for (i = 0; i < Plen; i++) -+ *p++ = pass[i % passlen]; -+ for (;;) { -+ EVP_DigestInit_ex(&ctx, md_type, NULL); -+ EVP_DigestUpdate(&ctx, D, v); -+ EVP_DigestUpdate(&ctx, I, Ilen); -+ EVP_DigestFinal_ex(&ctx, Ai, NULL); -+ for (j = 1; j < iter; j++) { -+ EVP_DigestInit_ex(&ctx, md_type, NULL); -+ EVP_DigestUpdate(&ctx, Ai, u); -+ EVP_DigestFinal_ex(&ctx, Ai, NULL); -+ } -+ memcpy(out, Ai, min(n, u)); -+ if (u >= n) { - #ifdef DEBUG_KEYGEN -- fprintf(stderr, "Output KEY (length %d)\n", tmpn); -- h__dump(tmpout, tmpn); -+ fprintf(stderr, "Output KEY (length %d)\n", tmpn); -+ h__dump(tmpout, tmpn); - #endif -- ret = 1; -- goto end; -- } -- n -= u; -- out += u; -- for (j = 0; j < v; j++) B[j] = Ai[j % u]; -- /* Work out B + 1 first then can use B as tmp space */ -- if (!BN_bin2bn (B, v, Bpl1)) goto err; -- if (!BN_add_word (Bpl1, 1)) goto err; -- for (j = 0; j < Ilen ; j+=v) { -- if (!BN_bin2bn (I + j, v, Ij)) goto err; -- if (!BN_add (Ij, Ij, Bpl1)) goto err; -- BN_bn2bin (Ij, B); -- Ijlen = BN_num_bytes (Ij); -- /* If more than 2^(v*8) - 1 cut off MSB */ -- if (Ijlen > v) { -- BN_bn2bin (Ij, B); -- memcpy (I + j, B + 1, v); -+ ret = 1; -+ goto end; -+ } -+ n -= u; -+ out += u; -+ for (j = 0; j < v; j++) -+ B[j] = Ai[j % u]; -+ /* Work out B + 1 first then can use B as tmp space */ -+ if (!BN_bin2bn(B, v, Bpl1)) -+ goto err; -+ if (!BN_add_word(Bpl1, 1)) -+ goto err; -+ for (j = 0; j < Ilen; j += v) { -+ if (!BN_bin2bn(I + j, v, Ij)) -+ goto err; -+ if (!BN_add(Ij, Ij, Bpl1)) -+ goto err; -+ BN_bn2bin(Ij, B); -+ Ijlen = BN_num_bytes(Ij); -+ /* If more than 2^(v*8) - 1 cut off MSB */ -+ if (Ijlen > v) { -+ BN_bn2bin(Ij, B); -+ memcpy(I + j, B + 1, v); - #ifndef PKCS12_BROKEN_KEYGEN -- /* If less than v bytes pad with zeroes */ -- } else if (Ijlen < v) { -- memset(I + j, 0, v - Ijlen); -- BN_bn2bin(Ij, I + j + v - Ijlen); -+ /* If less than v bytes pad with zeroes */ -+ } else if (Ijlen < v) { -+ memset(I + j, 0, v - Ijlen); -+ BN_bn2bin(Ij, I + j + v - Ijlen); - #endif -- } else BN_bn2bin (Ij, I + j); -- } -- } -+ } else -+ BN_bn2bin(Ij, I + j); -+ } -+ } - --err: -- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); -+ err: -+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE); - --end: -- OPENSSL_free (Ai); -- OPENSSL_free (B); -- OPENSSL_free (D); -- OPENSSL_free (I); -- BN_free (Ij); -- BN_free (Bpl1); -- EVP_MD_CTX_cleanup(&ctx); -- return ret; -+ end: -+ OPENSSL_free(Ai); -+ OPENSSL_free(B); -+ OPENSSL_free(D); -+ OPENSSL_free(I); -+ BN_free(Ij); -+ BN_free(Bpl1); -+ EVP_MD_CTX_cleanup(&ctx); -+ return ret; - } -+ - #ifdef DEBUG_KEYGEN --void h__dump (unsigned char *p, int len) -+void h__dump(unsigned char *p, int len) - { -- for (; len --; p++) fprintf(stderr, "%02X", *p); -- fprintf(stderr, "\n"); -+ for (; len--; p++) -+ fprintf(stderr, "%02X", *p); -+ fprintf(stderr, "\n"); - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -index bdbbbec..819251c 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c -@@ -1,6 +1,7 @@ - /* p12_kiss.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,134 +63,145 @@ - - /* Simplified PKCS#12 routines */ - --static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, -- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); -- --static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, -- int passlen, EVP_PKEY **pkey, X509 **cert, -- STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, -- char *keymatch); -+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, -+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); - --static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, -- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, -- ASN1_OCTET_STRING **keyid, char *keymatch); -+static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, -+ int passlen, EVP_PKEY **pkey, X509 **cert, -+ STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, -+ char *keymatch); - --/* Parse and decrypt a PKCS#12 structure returning user key, user cert -- * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, -- * or it should point to a valid STACK structure. pkey and cert can be -- * passed unitialised. -+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, -+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, -+ ASN1_OCTET_STRING **keyid, char *keymatch); -+ -+/* -+ * Parse and decrypt a PKCS#12 structure returning user key, user cert and -+ * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it -+ * should point to a valid STACK structure. pkey and cert can be passed -+ * unitialised. - */ - - int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, -- STACK_OF(X509) **ca) -+ STACK_OF(X509) **ca) - { - -- /* Check for NULL PKCS12 structure */ -- -- if(!p12) { -- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); -- return 0; -- } -- -- /* Allocate stack for ca certificates if needed */ -- if ((ca != NULL) && (*ca == NULL)) { -- if (!(*ca = sk_X509_new_null())) { -- PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- -- if(pkey) *pkey = NULL; -- if(cert) *cert = NULL; -- -- /* Check the mac */ -- -- /* If password is zero length or NULL then try verifying both cases -- * to determine which password is correct. The reason for this is that -- * under PKCS#12 password based encryption no password and a zero length -- * password are two different things... -- */ -- -- if(!pass || !*pass) { -- if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL; -- else if(PKCS12_verify_mac(p12, "", 0)) pass = ""; -- else { -- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); -- goto err; -- } -- } else if (!PKCS12_verify_mac(p12, pass, -1)) { -- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); -- goto err; -- } -- -- if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) -- { -- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); -- goto err; -- } -- -- return 1; -+ /* Check for NULL PKCS12 structure */ -+ -+ if (!p12) { -+ PKCS12err(PKCS12_F_PKCS12_PARSE, -+ PKCS12_R_INVALID_NULL_PKCS12_POINTER); -+ return 0; -+ } -+ -+ /* Allocate stack for ca certificates if needed */ -+ if ((ca != NULL) && (*ca == NULL)) { -+ if (!(*ca = sk_X509_new_null())) { -+ PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ -+ if (pkey) -+ *pkey = NULL; -+ if (cert) -+ *cert = NULL; -+ -+ /* Check the mac */ -+ -+ /* -+ * If password is zero length or NULL then try verifying both cases to -+ * determine which password is correct. The reason for this is that under -+ * PKCS#12 password based encryption no password and a zero length -+ * password are two different things... -+ */ -+ -+ if (!pass || !*pass) { -+ if (PKCS12_verify_mac(p12, NULL, 0)) -+ pass = NULL; -+ else if (PKCS12_verify_mac(p12, "", 0)) -+ pass = ""; -+ else { -+ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE); -+ goto err; -+ } -+ } else if (!PKCS12_verify_mac(p12, pass, -1)) { -+ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE); -+ goto err; -+ } -+ -+ if (!parse_pk12(p12, pass, -1, pkey, cert, ca)) { -+ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR); -+ goto err; -+ } -+ -+ return 1; - - err: - -- if (pkey && *pkey) EVP_PKEY_free(*pkey); -- if (cert && *cert) X509_free(*cert); -- if (ca) sk_X509_pop_free(*ca, X509_free); -- return 0; -+ if (pkey && *pkey) -+ EVP_PKEY_free(*pkey); -+ if (cert && *cert) -+ X509_free(*cert); -+ if (ca) -+ sk_X509_pop_free(*ca, X509_free); -+ return 0; - - } - - /* Parse the outer PKCS#12 structure */ - - static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, -- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) -+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) - { -- STACK_OF(PKCS7) *asafes; -- STACK_OF(PKCS12_SAFEBAG) *bags; -- int i, bagnid; -- PKCS7 *p7; -- ASN1_OCTET_STRING *keyid = NULL; -- -- char keymatch = 0; -- if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; -- for (i = 0; i < sk_PKCS7_num (asafes); i++) { -- p7 = sk_PKCS7_value (asafes, i); -- bagnid = OBJ_obj2nid (p7->type); -- if (bagnid == NID_pkcs7_data) { -- bags = PKCS12_unpack_p7data(p7); -- } else if (bagnid == NID_pkcs7_encrypted) { -- bags = PKCS12_unpack_p7encdata(p7, pass, passlen); -- } else continue; -- if (!bags) { -- sk_PKCS7_pop_free(asafes, PKCS7_free); -- return 0; -- } -- if (!parse_bags(bags, pass, passlen, pkey, cert, ca, -- &keyid, &keymatch)) { -- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -- sk_PKCS7_pop_free(asafes, PKCS7_free); -- return 0; -- } -- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -- } -- sk_PKCS7_pop_free(asafes, PKCS7_free); -- if (keyid) M_ASN1_OCTET_STRING_free(keyid); -- return 1; -+ STACK_OF(PKCS7) *asafes; -+ STACK_OF(PKCS12_SAFEBAG) *bags; -+ int i, bagnid; -+ PKCS7 *p7; -+ ASN1_OCTET_STRING *keyid = NULL; -+ -+ char keymatch = 0; -+ if (!(asafes = PKCS12_unpack_authsafes(p12))) -+ return 0; -+ for (i = 0; i < sk_PKCS7_num(asafes); i++) { -+ p7 = sk_PKCS7_value(asafes, i); -+ bagnid = OBJ_obj2nid(p7->type); -+ if (bagnid == NID_pkcs7_data) { -+ bags = PKCS12_unpack_p7data(p7); -+ } else if (bagnid == NID_pkcs7_encrypted) { -+ bags = PKCS12_unpack_p7encdata(p7, pass, passlen); -+ } else -+ continue; -+ if (!bags) { -+ sk_PKCS7_pop_free(asafes, PKCS7_free); -+ return 0; -+ } -+ if (!parse_bags(bags, pass, passlen, pkey, cert, ca, -+ &keyid, &keymatch)) { -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ sk_PKCS7_pop_free(asafes, PKCS7_free); -+ return 0; -+ } -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ } -+ sk_PKCS7_pop_free(asafes, PKCS7_free); -+ if (keyid) -+ M_ASN1_OCTET_STRING_free(keyid); -+ return 1; - } - -- - static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, -- int passlen, EVP_PKEY **pkey, X509 **cert, -- STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, -- char *keymatch) -+ int passlen, EVP_PKEY **pkey, X509 **cert, -+ STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, -+ char *keymatch) - { -- int i; -- for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { -- if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), -- pass, passlen, pkey, cert, ca, keyid, -- keymatch)) return 0; -- } -- return 1; -+ int i; -+ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { -+ if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), -+ pass, passlen, pkey, cert, ca, keyid, keymatch)) -+ return 0; -+ } -+ return 1; - } - - #define MATCH_KEY 0x1 -@@ -197,101 +209,104 @@ static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - #define MATCH_ALL 0x3 - - static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, -- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, -- ASN1_OCTET_STRING **keyid, -- char *keymatch) -+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, -+ ASN1_OCTET_STRING **keyid, char *keymatch) - { -- PKCS8_PRIV_KEY_INFO *p8; -- X509 *x509; -- ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; -- ASN1_TYPE *attrib; -- ASN1_BMPSTRING *fname = NULL; -- -- if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) -- fname = attrib->value.bmpstring; -- -- if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { -- lkey = attrib->value.octet_string; -- ckid = lkey; -- } -- -- /* Check for any local key id matching (if needed) */ -- if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { -- if (*keyid) { -- if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; -- } else { -- if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { -- PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- } -- -- switch (M_PKCS12_bag_type(bag)) -- { -- case NID_keyBag: -- if (!lkey || !pkey) return 1; -- if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; -- *keymatch |= MATCH_KEY; -- break; -- -- case NID_pkcs8ShroudedKeyBag: -- if (!lkey || !pkey) return 1; -- if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) -- return 0; -- *pkey = EVP_PKCS82PKEY(p8); -- PKCS8_PRIV_KEY_INFO_free(p8); -- if (!(*pkey)) return 0; -- *keymatch |= MATCH_KEY; -- break; -- -- case NID_certBag: -- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) -- return 1; -- if (!(x509 = PKCS12_certbag2x509(bag))) return 0; -- if(ckid) -- { -- if (!X509_keyid_set1(x509, ckid->data, ckid->length)) -- { -- X509_free(x509); -- return 0; -- } -- } -- if(fname) { -- int len, r; -- unsigned char *data; -- len = ASN1_STRING_to_UTF8(&data, fname); -- if(len >= 0) { -- r = X509_alias_set1(x509, data, len); -- OPENSSL_free(data); -- if (!r) -- { -- X509_free(x509); -- return 0; -- } -- } -- } -- -- -- if (lkey) { -- *keymatch |= MATCH_CERT; -- if (cert) *cert = x509; -- else X509_free(x509); -- } else { -- if(ca) sk_X509_push (*ca, x509); -- else X509_free(x509); -- } -- break; -- -- case NID_safeContentsBag: -- return parse_bags(bag->value.safes, pass, passlen, -- pkey, cert, ca, keyid, keymatch); -- break; -- -- default: -- return 1; -- break; -- } -- return 1; -+ PKCS8_PRIV_KEY_INFO *p8; -+ X509 *x509; -+ ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; -+ ASN1_TYPE *attrib; -+ ASN1_BMPSTRING *fname = NULL; -+ -+ if ((attrib = PKCS12_get_attr(bag, NID_friendlyName))) -+ fname = attrib->value.bmpstring; -+ -+ if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) { -+ lkey = attrib->value.octet_string; -+ ckid = lkey; -+ } -+ -+ /* Check for any local key id matching (if needed) */ -+ if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { -+ if (*keyid) { -+ if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) -+ lkey = NULL; -+ } else { -+ if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { -+ PKCS12err(PKCS12_F_PARSE_BAG, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ } -+ -+ switch (M_PKCS12_bag_type(bag)) { -+ case NID_keyBag: -+ if (!lkey || !pkey) -+ return 1; -+ if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) -+ return 0; -+ *keymatch |= MATCH_KEY; -+ break; -+ -+ case NID_pkcs8ShroudedKeyBag: -+ if (!lkey || !pkey) -+ return 1; -+ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) -+ return 0; -+ *pkey = EVP_PKCS82PKEY(p8); -+ PKCS8_PRIV_KEY_INFO_free(p8); -+ if (!(*pkey)) -+ return 0; -+ *keymatch |= MATCH_KEY; -+ break; -+ -+ case NID_certBag: -+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) -+ return 1; -+ if (!(x509 = PKCS12_certbag2x509(bag))) -+ return 0; -+ if (ckid) { -+ if (!X509_keyid_set1(x509, ckid->data, ckid->length)) { -+ X509_free(x509); -+ return 0; -+ } -+ } -+ if (fname) { -+ int len, r; -+ unsigned char *data; -+ len = ASN1_STRING_to_UTF8(&data, fname); -+ if (len >= 0) { -+ r = X509_alias_set1(x509, data, len); -+ OPENSSL_free(data); -+ if (!r) { -+ X509_free(x509); -+ return 0; -+ } -+ } -+ } -+ -+ if (lkey) { -+ *keymatch |= MATCH_CERT; -+ if (cert) -+ *cert = x509; -+ else -+ X509_free(x509); -+ } else { -+ if (ca) -+ sk_X509_push(*ca, x509); -+ else -+ X509_free(x509); -+ } -+ break; -+ -+ case NID_safeContentsBag: -+ return parse_bags(bag->value.safes, pass, passlen, -+ pkey, cert, ca, keyid, keymatch); -+ break; -+ -+ default: -+ return 1; -+ break; -+ } -+ return 1; - } -- -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c -index 70bfef6..b50f1b6 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c -@@ -1,6 +1,7 @@ - /* p12_mutl.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,126 +58,130 @@ - */ - - #ifndef OPENSSL_NO_HMAC --#include --#include "cryptlib.h" --#include --#include --#include -+# include -+# include "cryptlib.h" -+# include -+# include -+# include - - /* Generate a MAC */ - int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, -- unsigned char *mac, unsigned int *maclen) -+ unsigned char *mac, unsigned int *maclen) - { -- const EVP_MD *md_type; -- HMAC_CTX hmac; -- unsigned char key[EVP_MAX_MD_SIZE], *salt; -- int saltlen, iter; -+ const EVP_MD *md_type; -+ HMAC_CTX hmac; -+ unsigned char key[EVP_MAX_MD_SIZE], *salt; -+ int saltlen, iter; - -- if (!PKCS7_type_is_data(p12->authsafes)) -- { -- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA); -- return 0; -- } -+ if (!PKCS7_type_is_data(p12->authsafes)) { -+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); -+ return 0; -+ } - -- salt = p12->mac->salt->data; -- saltlen = p12->mac->salt->length; -- if (!p12->mac->iter) iter = 1; -- else iter = ASN1_INTEGER_get (p12->mac->iter); -- if(!(md_type = -- EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) { -- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); -- return 0; -- } -- if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, -- EVP_MD_size(md_type), key, md_type)) { -- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); -- return 0; -- } -- HMAC_CTX_init(&hmac); -- HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); -- HMAC_Update(&hmac, p12->authsafes->d.data->data, -- p12->authsafes->d.data->length); -- HMAC_Final(&hmac, mac, maclen); -- HMAC_CTX_cleanup(&hmac); -- return 1; -+ salt = p12->mac->salt->data; -+ saltlen = p12->mac->salt->length; -+ if (!p12->mac->iter) -+ iter = 1; -+ else -+ iter = ASN1_INTEGER_get(p12->mac->iter); -+ if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) { -+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); -+ return 0; -+ } -+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, -+ EVP_MD_size(md_type), key, md_type)) { -+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); -+ return 0; -+ } -+ HMAC_CTX_init(&hmac); -+ HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); -+ HMAC_Update(&hmac, p12->authsafes->d.data->data, -+ p12->authsafes->d.data->length); -+ HMAC_Final(&hmac, mac, maclen); -+ HMAC_CTX_cleanup(&hmac); -+ return 1; - } - - /* Verify the mac */ - int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) - { -- unsigned char mac[EVP_MAX_MD_SIZE]; -- unsigned int maclen; -- if(p12->mac == NULL) { -- PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT); -- return 0; -- } -- if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { -- PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); -- return 0; -- } -- if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) -- || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0; -- return 1; -+ unsigned char mac[EVP_MAX_MD_SIZE]; -+ unsigned int maclen; -+ if (p12->mac == NULL) { -+ PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); -+ return 0; -+ } -+ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { -+ PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); -+ return 0; -+ } -+ if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) -+ || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) -+ return 0; -+ return 1; - } - - /* Set a mac */ - - int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, -- unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) -+ unsigned char *salt, int saltlen, int iter, -+ const EVP_MD *md_type) - { -- unsigned char mac[EVP_MAX_MD_SIZE]; -- unsigned int maclen; -+ unsigned char mac[EVP_MAX_MD_SIZE]; -+ unsigned int maclen; - -- if (!md_type) md_type = EVP_sha1(); -- if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) == -- PKCS12_ERROR) { -- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR); -- return 0; -- } -- if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { -- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); -- return 0; -- } -- if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { -- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); -- return 0; -- } -- return 1; -+ if (!md_type) -+ md_type = EVP_sha1(); -+ if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) { -+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); -+ return 0; -+ } -+ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { -+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); -+ return 0; -+ } -+ if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { -+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); -+ return 0; -+ } -+ return 1; - } - - /* Set up a mac structure */ - int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, -- const EVP_MD *md_type) -+ const EVP_MD *md_type) - { -- if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; -- if (iter > 1) { -- if(!(p12->mac->iter = M_ASN1_INTEGER_new())) { -- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { -- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- if (!saltlen) saltlen = PKCS12_SALT_LEN; -- p12->mac->salt->length = saltlen; -- if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) { -- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if (!salt) { -- if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0) -- return 0; -- } -- else memcpy (p12->mac->salt->data, salt, saltlen); -- p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); -- if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { -- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; -- -- return 1; -+ if (!(p12->mac = PKCS12_MAC_DATA_new())) -+ return PKCS12_ERROR; -+ if (iter > 1) { -+ if (!(p12->mac->iter = M_ASN1_INTEGER_new())) { -+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { -+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ if (!saltlen) -+ saltlen = PKCS12_SALT_LEN; -+ p12->mac->salt->length = saltlen; -+ if (!(p12->mac->salt->data = OPENSSL_malloc(saltlen))) { -+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!salt) { -+ if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0) -+ return 0; -+ } else -+ memcpy(p12->mac->salt->data, salt, saltlen); -+ p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); -+ if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { -+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; -+ -+ return 1; - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c -index 2f71355..a89b61a 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c -@@ -1,6 +1,7 @@ - /* p12_npas.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -67,159 +68,168 @@ - - static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); - static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, -- char *newpass); -+ char *newpass); - static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); - static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); - --/* -+/* - * Change the password on a PKCS#12 structure. - */ - - int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) - { -- /* Check for NULL PKCS12 structure */ -- -- if(!p12) { -- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); -- return 0; -- } -- -- /* Check the mac */ -- -- if (!PKCS12_verify_mac(p12, oldpass, -1)) { -- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE); -- return 0; -- } -- -- if (!newpass_p12(p12, oldpass, newpass)) { -- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); -- return 0; -- } -- -- return 1; -+ /* Check for NULL PKCS12 structure */ -+ -+ if (!p12) { -+ PKCS12err(PKCS12_F_PKCS12_NEWPASS, -+ PKCS12_R_INVALID_NULL_PKCS12_POINTER); -+ return 0; -+ } -+ -+ /* Check the mac */ -+ -+ if (!PKCS12_verify_mac(p12, oldpass, -1)) { -+ PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE); -+ return 0; -+ } -+ -+ if (!newpass_p12(p12, oldpass, newpass)) { -+ PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR); -+ return 0; -+ } -+ -+ return 1; - } - - /* Parse the outer PKCS#12 structure */ - - static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) - { -- STACK_OF(PKCS7) *asafes, *newsafes; -- STACK_OF(PKCS12_SAFEBAG) *bags; -- int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; -- PKCS7 *p7, *p7new; -- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; -- unsigned char mac[EVP_MAX_MD_SIZE]; -- unsigned int maclen; -- -- if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0; -- if(!(newsafes = sk_PKCS7_new_null())) return 0; -- for (i = 0; i < sk_PKCS7_num (asafes); i++) { -- p7 = sk_PKCS7_value(asafes, i); -- bagnid = OBJ_obj2nid(p7->type); -- if (bagnid == NID_pkcs7_data) { -- bags = PKCS12_unpack_p7data(p7); -- } else if (bagnid == NID_pkcs7_encrypted) { -- bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); -- if (!alg_get(p7->d.encrypted->enc_data->algorithm, -- &pbe_nid, &pbe_iter, &pbe_saltlen)) -- { -- sk_PKCS12_SAFEBAG_pop_free(bags, -- PKCS12_SAFEBAG_free); -- bags = NULL; -- } -- } else continue; -- if (!bags) { -- sk_PKCS7_pop_free(asafes, PKCS7_free); -- return 0; -- } -- if (!newpass_bags(bags, oldpass, newpass)) { -- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -- sk_PKCS7_pop_free(asafes, PKCS7_free); -- return 0; -- } -- /* Repack bag in same form with new password */ -- if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); -- else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, -- pbe_saltlen, pbe_iter, bags); -- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -- if(!p7new) { -- sk_PKCS7_pop_free(asafes, PKCS7_free); -- return 0; -- } -- sk_PKCS7_push(newsafes, p7new); -- } -- sk_PKCS7_pop_free(asafes, PKCS7_free); -- -- /* Repack safe: save old safe in case of error */ -- -- p12_data_tmp = p12->authsafes->d.data; -- if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr; -- if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr; -- -- if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; -- if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr; -- if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr; -- ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); -- p12->mac->dinfo->digest = macnew; -- ASN1_OCTET_STRING_free(p12_data_tmp); -- -- return 1; -- -- saferr: -- /* Restore old safe */ -- ASN1_OCTET_STRING_free(p12->authsafes->d.data); -- ASN1_OCTET_STRING_free(macnew); -- p12->authsafes->d.data = p12_data_tmp; -- return 0; -+ STACK_OF(PKCS7) *asafes, *newsafes; -+ STACK_OF(PKCS12_SAFEBAG) *bags; -+ int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; -+ PKCS7 *p7, *p7new; -+ ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; -+ unsigned char mac[EVP_MAX_MD_SIZE]; -+ unsigned int maclen; -+ -+ if (!(asafes = PKCS12_unpack_authsafes(p12))) -+ return 0; -+ if (!(newsafes = sk_PKCS7_new_null())) -+ return 0; -+ for (i = 0; i < sk_PKCS7_num(asafes); i++) { -+ p7 = sk_PKCS7_value(asafes, i); -+ bagnid = OBJ_obj2nid(p7->type); -+ if (bagnid == NID_pkcs7_data) { -+ bags = PKCS12_unpack_p7data(p7); -+ } else if (bagnid == NID_pkcs7_encrypted) { -+ bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); -+ if (!alg_get(p7->d.encrypted->enc_data->algorithm, -+ &pbe_nid, &pbe_iter, &pbe_saltlen)) { -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ bags = NULL; -+ } -+ } else -+ continue; -+ if (!bags) { -+ sk_PKCS7_pop_free(asafes, PKCS7_free); -+ return 0; -+ } -+ if (!newpass_bags(bags, oldpass, newpass)) { -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ sk_PKCS7_pop_free(asafes, PKCS7_free); -+ return 0; -+ } -+ /* Repack bag in same form with new password */ -+ if (bagnid == NID_pkcs7_data) -+ p7new = PKCS12_pack_p7data(bags); -+ else -+ p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, -+ pbe_saltlen, pbe_iter, bags); -+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); -+ if (!p7new) { -+ sk_PKCS7_pop_free(asafes, PKCS7_free); -+ return 0; -+ } -+ sk_PKCS7_push(newsafes, p7new); -+ } -+ sk_PKCS7_pop_free(asafes, PKCS7_free); -+ -+ /* Repack safe: save old safe in case of error */ -+ -+ p12_data_tmp = p12->authsafes->d.data; -+ if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) -+ goto saferr; -+ if (!PKCS12_pack_authsafes(p12, newsafes)) -+ goto saferr; -+ -+ if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) -+ goto saferr; -+ if (!(macnew = ASN1_OCTET_STRING_new())) -+ goto saferr; -+ if (!ASN1_OCTET_STRING_set(macnew, mac, maclen)) -+ goto saferr; -+ ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); -+ p12->mac->dinfo->digest = macnew; -+ ASN1_OCTET_STRING_free(p12_data_tmp); -+ -+ return 1; -+ -+ saferr: -+ /* Restore old safe */ -+ ASN1_OCTET_STRING_free(p12->authsafes->d.data); -+ ASN1_OCTET_STRING_free(macnew); -+ p12->authsafes->d.data = p12_data_tmp; -+ return 0; - - } - -- - static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, -- char *newpass) -+ char *newpass) - { -- int i; -- for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { -- if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), -- oldpass, newpass)) -- return 0; -- } -- return 1; -+ int i; -+ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { -+ if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass)) -+ return 0; -+ } -+ return 1; - } - - /* Change password of safebag: only needs handle shrouded keybags */ - - static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) - { -- PKCS8_PRIV_KEY_INFO *p8; -- X509_SIG *p8new; -- int p8_nid, p8_saltlen, p8_iter; -- -- if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; -- -- if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0; -- if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, -- &p8_saltlen)) -- return 0; -- if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, -- p8_iter, p8))) return 0; -- X509_SIG_free(bag->value.shkeybag); -- bag->value.shkeybag = p8new; -- return 1; -+ PKCS8_PRIV_KEY_INFO *p8; -+ X509_SIG *p8new; -+ int p8_nid, p8_saltlen, p8_iter; -+ -+ if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) -+ return 1; -+ -+ if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) -+ return 0; -+ if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen)) -+ return 0; -+ if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, -+ p8_iter, p8))) -+ return 0; -+ X509_SIG_free(bag->value.shkeybag); -+ bag->value.shkeybag = p8new; -+ return 1; - } - - static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) - { -- PBEPARAM *pbe; -- const unsigned char *p; -- -- p = alg->parameter->value.sequence->data; -- pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); -- if (!pbe) -- return 0; -- *pnid = OBJ_obj2nid(alg->algorithm); -- *piter = ASN1_INTEGER_get(pbe->iter); -- *psaltlen = pbe->salt->length; -- PBEPARAM_free(pbe); -- return 1; -+ PBEPARAM *pbe; -+ const unsigned char *p; -+ -+ p = alg->parameter->value.sequence->data; -+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); -+ if (!pbe) -+ return 0; -+ *pnid = OBJ_obj2nid(alg->algorithm); -+ *piter = ASN1_INTEGER_get(pbe->iter); -+ *psaltlen = pbe->salt->length; -+ PBEPARAM_free(pbe); -+ return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c -index deba81e..3cc7a9f 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c -@@ -1,6 +1,7 @@ - /* p12_p8d.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,9 +61,10 @@ - #include "cryptlib.h" - #include - --PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen) -+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, -+ int passlen) - { -- return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, -- passlen, p8->digest, 1); -+ return PKCS12_item_decrypt_d2i(p8->algor, -+ ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, -+ passlen, p8->digest, 1); - } -- -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c -index bf20a77..d970f05 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c -@@ -1,6 +1,7 @@ - /* p12_p8e.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,37 +62,40 @@ - #include - - X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, -- const char *pass, int passlen, -- unsigned char *salt, int saltlen, int iter, -- PKCS8_PRIV_KEY_INFO *p8inf) -+ const char *pass, int passlen, -+ unsigned char *salt, int saltlen, int iter, -+ PKCS8_PRIV_KEY_INFO *p8inf) - { -- X509_SIG *p8 = NULL; -- X509_ALGOR *pbe; -+ X509_SIG *p8 = NULL; -+ X509_ALGOR *pbe; - -- if (!(p8 = X509_SIG_new())) { -- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ if (!(p8 = X509_SIG_new())) { -+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); -- else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); -- if(!pbe) { -- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); -- goto err; -- } -- X509_ALGOR_free(p8->algor); -- p8->algor = pbe; -- M_ASN1_OCTET_STRING_free(p8->digest); -- p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), -- pass, passlen, p8inf, 1); -- if(!p8->digest) { -- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); -- goto err; -- } -+ if (pbe_nid == -1) -+ pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); -+ else -+ pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); -+ if (!pbe) { -+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ X509_ALGOR_free(p8->algor); -+ p8->algor = pbe; -+ M_ASN1_OCTET_STRING_free(p8->digest); -+ p8->digest = -+ PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), -+ pass, passlen, p8inf, 1); -+ if (!p8->digest) { -+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); -+ goto err; -+ } - -- return p8; -+ return p8; - -- err: -- X509_SIG_free(p8); -- return NULL; -+ err: -+ X509_SIG_free(p8); -+ return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c -index 2edbf90..fc53cf0 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c -@@ -1,6 +1,7 @@ - /* p12_utl.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,91 +63,105 @@ - - #ifdef OPENSSL_SYS_NETWARE - /* Rename these functions to avoid name clashes on NetWare OS */ --#define uni2asc OPENSSL_uni2asc --#define asc2uni OPENSSL_asc2uni -+# define uni2asc OPENSSL_uni2asc -+# define asc2uni OPENSSL_asc2uni - #endif - - /* Cheap and nasty Unicode stuff */ - --unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) -+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, -+ int *unilen) - { -- int ulen, i; -- unsigned char *unitmp; -- if (asclen == -1) asclen = strlen(asc); -- ulen = asclen*2 + 2; -- if (!(unitmp = OPENSSL_malloc(ulen))) return NULL; -- for (i = 0; i < ulen - 2; i+=2) { -- unitmp[i] = 0; -- unitmp[i + 1] = asc[i>>1]; -- } -- /* Make result double null terminated */ -- unitmp[ulen - 2] = 0; -- unitmp[ulen - 1] = 0; -- if (unilen) *unilen = ulen; -- if (uni) *uni = unitmp; -- return unitmp; -+ int ulen, i; -+ unsigned char *unitmp; -+ if (asclen == -1) -+ asclen = strlen(asc); -+ ulen = asclen * 2 + 2; -+ if (!(unitmp = OPENSSL_malloc(ulen))) -+ return NULL; -+ for (i = 0; i < ulen - 2; i += 2) { -+ unitmp[i] = 0; -+ unitmp[i + 1] = asc[i >> 1]; -+ } -+ /* Make result double null terminated */ -+ unitmp[ulen - 2] = 0; -+ unitmp[ulen - 1] = 0; -+ if (unilen) -+ *unilen = ulen; -+ if (uni) -+ *uni = unitmp; -+ return unitmp; - } - - char *uni2asc(unsigned char *uni, int unilen) - { -- int asclen, i; -- char *asctmp; -- asclen = unilen / 2; -- /* If no terminating zero allow for one */ -- if (!unilen || uni[unilen - 1]) asclen++; -- uni++; -- if (!(asctmp = OPENSSL_malloc(asclen))) return NULL; -- for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; -- asctmp[asclen - 1] = 0; -- return asctmp; -+ int asclen, i; -+ char *asctmp; -+ asclen = unilen / 2; -+ /* If no terminating zero allow for one */ -+ if (!unilen || uni[unilen - 1]) -+ asclen++; -+ uni++; -+ if (!(asctmp = OPENSSL_malloc(asclen))) -+ return NULL; -+ for (i = 0; i < unilen; i += 2) -+ asctmp[i >> 1] = uni[i]; -+ asctmp[asclen - 1] = 0; -+ return asctmp; - } - - int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) - { -- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); -+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); - } - - #ifndef OPENSSL_NO_FP_API - int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) - { -- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); -+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); - } - #endif - - PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) - { -- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); -+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); - } -+ - #ifndef OPENSSL_NO_FP_API - PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) - { -- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); -+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); - } - #endif - - PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509) - { -- return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), -- NID_x509Certificate, NID_certBag); -+ return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), -+ NID_x509Certificate, NID_certBag); - } - - PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl) - { -- return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), -- NID_x509Crl, NID_crlBag); -+ return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), -+ NID_x509Crl, NID_crlBag); - } - - X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) - { -- if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL; -- if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL; -- return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509)); -+ if (M_PKCS12_bag_type(bag) != NID_certBag) -+ return NULL; -+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) -+ return NULL; -+ return ASN1_item_unpack(bag->value.bag->value.octet, -+ ASN1_ITEM_rptr(X509)); - } - - X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) - { -- if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL; -- if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL; -- return ASN1_item_unpack(bag->value.bag->value.octet, -- ASN1_ITEM_rptr(X509_CRL)); -+ if (M_PKCS12_bag_type(bag) != NID_crlBag) -+ return NULL; -+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl) -+ return NULL; -+ return ASN1_item_unpack(bag->value.bag->value.octet, -+ ASN1_ITEM_rptr(X509_CRL)); - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c -index 07a1fb6..799f838 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,80 +66,84 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) - --static ERR_STRING_DATA PKCS12_str_functs[]= -- { --{ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, --{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, --{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, --{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"}, --{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"}, --{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, --{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, --{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, --{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, --{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"}, --{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"}, --{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, --{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, --{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, --{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, --{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, --{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, --{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, --{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, --{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, --{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, --{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, --{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, --{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, --{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, --{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, --{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, --{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, --{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, --{0,NULL} -- }; -+static ERR_STRING_DATA PKCS12_str_functs[] = { -+ {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, -+ {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), -+ "PKCS12_add_friendlyname_asc"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), -+ "PKCS12_add_friendlyname_uni"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, -+ {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, -+ {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, -+ {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA PKCS12_str_reasons[]= -- { --{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"}, --{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"}, --{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"}, --{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"}, --{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"}, --{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"}, --{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, --{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"}, --{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"}, --{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"}, --{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"}, --{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"}, --{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"}, --{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"}, --{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"}, --{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"}, --{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"}, --{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"}, --{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"}, --{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"}, --{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"}, --{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"}, --{0,NULL} -- }; -+static ERR_STRING_DATA PKCS12_str_reasons[] = { -+ {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"}, -+ {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"}, -+ {ERR_REASON(PKCS12_R_DECODE_ERROR), "decode error"}, -+ {ERR_REASON(PKCS12_R_ENCODE_ERROR), "encode error"}, -+ {ERR_REASON(PKCS12_R_ENCRYPT_ERROR), "encrypt error"}, -+ {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), -+ "error setting encrypted data type"}, -+ {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, -+ {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER), -+ "invalid null pkcs12 pointer"}, -+ {ERR_REASON(PKCS12_R_IV_GEN_ERROR), "iv gen error"}, -+ {ERR_REASON(PKCS12_R_KEY_GEN_ERROR), "key gen error"}, -+ {ERR_REASON(PKCS12_R_MAC_ABSENT), "mac absent"}, -+ {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"}, -+ {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"}, -+ {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"}, -+ {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"}, -+ {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"}, -+ {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"}, -+ {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), -+ "pkcs12 algor cipherinit error"}, -+ {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR), -+ "pkcs12 cipherfinal error"}, -+ {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"}, -+ {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), -+ "unknown digest algorithm"}, -+ {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_PKCS12_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,PKCS12_str_functs); -- ERR_load_strings(0,PKCS12_str_reasons); -- } -+ if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, PKCS12_str_functs); -+ ERR_load_strings(0, PKCS12_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c -index 1f70d31..0e4e69d 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c -@@ -1,6 +1,7 @@ - /* pk7_asn.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -69,17 +70,17 @@ - ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); - - ASN1_ADB(PKCS7) = { -- ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), -- ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), -- ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), -- ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), -- ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), -- ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) -+ ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), -+ ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), -+ ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), -+ ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), -+ ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), -+ ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) - } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); - - ASN1_NDEF_SEQUENCE(PKCS7) = { -- ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), -- ASN1_ADB_OBJECT(PKCS7) -+ ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), -+ ASN1_ADB_OBJECT(PKCS7) - }ASN1_NDEF_SEQUENCE_END(PKCS7) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7) -@@ -87,12 +88,12 @@ IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) - IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) - - ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { -- ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), -- ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), -- ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), -- ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), -- ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), -- ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) -+ ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), -+ ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), -+ ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), -+ ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), -+ ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), -+ ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) - } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) -@@ -100,41 +101,41 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) - /* Minor tweak to operation: free up EVP_PKEY */ - static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- if(operation == ASN1_OP_FREE_POST) { -- PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; -- EVP_PKEY_free(si->pkey); -- } -- return 1; -+ if (operation == ASN1_OP_FREE_POST) { -+ PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; -+ EVP_PKEY_free(si->pkey); -+ } -+ return 1; - } - - ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { -- ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), -- ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), -- ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), -- /* NB this should be a SET OF but we use a SEQUENCE OF so the -- * original order * is retained when the structure is reencoded. -- * Since the attributes are implicitly tagged this will not affect -- * the encoding. -- */ -- ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), -- ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), -- ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), -- ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) -+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), -+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), -+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), -+ /* NB this should be a SET OF but we use a SEQUENCE OF so the -+ * original order * is retained when the structure is reencoded. -+ * Since the attributes are implicitly tagged this will not affect -+ * the encoding. -+ */ -+ ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), -+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), -+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), -+ ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) - } ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) - - ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { -- ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), -- ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) -+ ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), -+ ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) - } ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) - - ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { -- ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), -- ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), -- ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) -+ ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), -+ ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), -+ ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) - } ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) -@@ -142,73 +143,75 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) - /* Minor tweak to operation: free up X509 */ - static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- if(operation == ASN1_OP_FREE_POST) { -- PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; -- X509_free(ri->cert); -- } -- return 1; -+ if (operation == ASN1_OP_FREE_POST) { -+ PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; -+ X509_free(ri->cert); -+ } -+ return 1; - } - - ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { -- ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), -- ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), -- ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), -- ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) -+ ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), -+ ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), -+ ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), -+ ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) - } ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) - - ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { -- ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), -- ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), -- ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) -+ ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), -+ ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), -+ ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) - } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) - - ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { -- ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), -- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), -- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), -- ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), -- ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), -- ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), -- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) -+ ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), -+ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), -+ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), -+ ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), -+ ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), -+ ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), -+ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) - } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) - - ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { -- ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), -- ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) -+ ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), -+ ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) - } ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) - - ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { -- ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), -- ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), -- ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), -- ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) -+ ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), -+ ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), -+ ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), -+ ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) - } ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) - - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) - - /* Specials for authenticated attributes */ - --/* When signing attributes we want to reorder them to match the sorted -+/* -+ * When signing attributes we want to reorder them to match the sorted - * encoding. - */ - --ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) -+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) - ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) - --/* When verifying attributes we need to use the received order. So -- * we use SEQUENCE OF and tag it to SET OF -+/* -+ * When verifying attributes we need to use the received order. So we use -+ * SEQUENCE OF and tag it to SET OF - */ - --ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, -- V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) -+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, -+ V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) - ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c -index d549717..1fd65b5 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c -@@ -1,6 +1,7 @@ - /* pk7_attr.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,77 +66,78 @@ - #include - #include - --int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) -+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, -+ STACK_OF(X509_ALGOR) *cap) - { -- ASN1_STRING *seq; -- unsigned char *p, *pp; -- int len; -- len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR, -- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, -- IS_SEQUENCE); -- if(!(pp=(unsigned char *)OPENSSL_malloc(len))) { -- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- p=pp; -- i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, -- V_ASN1_UNIVERSAL, IS_SEQUENCE); -- if(!(seq = ASN1_STRING_new())) { -- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if(!ASN1_STRING_set (seq, pp, len)) { -- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- OPENSSL_free (pp); -- return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, -- V_ASN1_SEQUENCE, seq); -+ ASN1_STRING *seq; -+ unsigned char *p, *pp; -+ int len; -+ len = i2d_ASN1_SET_OF_X509_ALGOR(cap, NULL, i2d_X509_ALGOR, -+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, -+ IS_SEQUENCE); -+ if (!(pp = (unsigned char *)OPENSSL_malloc(len))) { -+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ p = pp; -+ i2d_ASN1_SET_OF_X509_ALGOR(cap, &p, i2d_X509_ALGOR, V_ASN1_SEQUENCE, -+ V_ASN1_UNIVERSAL, IS_SEQUENCE); -+ if (!(seq = ASN1_STRING_new())) { -+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!ASN1_STRING_set(seq, pp, len)) { -+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ OPENSSL_free(pp); -+ return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, -+ V_ASN1_SEQUENCE, seq); - } - - STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) -- { -- ASN1_TYPE *cap; -- const unsigned char *p; -+{ -+ ASN1_TYPE *cap; -+ const unsigned char *p; - -- cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); -- if (!cap || (cap->type != V_ASN1_SEQUENCE)) -- return NULL; -- p = cap->value.sequence->data; -- return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, -- cap->value.sequence->length, -- d2i_X509_ALGOR, X509_ALGOR_free, -- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -- } -+ cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); -+ if (!cap || (cap->type != V_ASN1_SEQUENCE)) -+ return NULL; -+ p = cap->value.sequence->data; -+ return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, -+ cap->value.sequence->length, -+ d2i_X509_ALGOR, X509_ALGOR_free, -+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -+} - - /* Basic smime-capabilities OID and optional integer arg */ - int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) - { -- X509_ALGOR *alg; -+ X509_ALGOR *alg; - -- if(!(alg = X509_ALGOR_new())) { -- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- ASN1_OBJECT_free(alg->algorithm); -- alg->algorithm = OBJ_nid2obj (nid); -- if (arg > 0) { -- ASN1_INTEGER *nbit; -- if(!(alg->parameter = ASN1_TYPE_new())) { -- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if(!(nbit = ASN1_INTEGER_new())) { -- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if(!ASN1_INTEGER_set (nbit, arg)) { -- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- alg->parameter->value.integer = nbit; -- alg->parameter->type = V_ASN1_INTEGER; -- } -- sk_X509_ALGOR_push (sk, alg); -- return 1; -+ if (!(alg = X509_ALGOR_new())) { -+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ ASN1_OBJECT_free(alg->algorithm); -+ alg->algorithm = OBJ_nid2obj(nid); -+ if (arg > 0) { -+ ASN1_INTEGER *nbit; -+ if (!(alg->parameter = ASN1_TYPE_new())) { -+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!(nbit = ASN1_INTEGER_new())) { -+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!ASN1_INTEGER_set(nbit, arg)) { -+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ alg->parameter->value.integer = nbit; -+ alg->parameter->type = V_ASN1_INTEGER; -+ } -+ sk_X509_ALGOR_push(sk, alg); -+ return 1; - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c -index 8b3024e..db134dd 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,1113 +65,1104 @@ - #include - - static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, -- void *value); -+ void *value); - static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); - --static int PKCS7_type_is_other(PKCS7* p7) -- { -- int isOther=1; -- -- int nid=OBJ_obj2nid(p7->type); -- -- switch( nid ) -- { -- case NID_pkcs7_data: -- case NID_pkcs7_signed: -- case NID_pkcs7_enveloped: -- case NID_pkcs7_signedAndEnveloped: -- case NID_pkcs7_digest: -- case NID_pkcs7_encrypted: -- isOther=0; -- break; -- default: -- isOther=1; -- } -- -- return isOther; -- -- } -+static int PKCS7_type_is_other(PKCS7 *p7) -+{ -+ int isOther = 1; -+ -+ int nid = OBJ_obj2nid(p7->type); -+ -+ switch (nid) { -+ case NID_pkcs7_data: -+ case NID_pkcs7_signed: -+ case NID_pkcs7_enveloped: -+ case NID_pkcs7_signedAndEnveloped: -+ case NID_pkcs7_digest: -+ case NID_pkcs7_encrypted: -+ isOther = 0; -+ break; -+ default: -+ isOther = 1; -+ } -+ -+ return isOther; -+ -+} - - static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) -- { -- if ( PKCS7_type_is_data(p7)) -- return p7->d.data; -- if ( PKCS7_type_is_other(p7) && p7->d.other -- && (p7->d.other->type == V_ASN1_OCTET_STRING)) -- return p7->d.other->value.octet_string; -- return NULL; -- } -+{ -+ if (PKCS7_type_is_data(p7)) -+ return p7->d.data; -+ if (PKCS7_type_is_other(p7) && p7->d.other -+ && (p7->d.other->type == V_ASN1_OCTET_STRING)) -+ return p7->d.other->value.octet_string; -+ return NULL; -+} - - static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) -- { -- BIO *btmp; -- const EVP_MD *md; -- if ((btmp=BIO_new(BIO_f_md())) == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); -- goto err; -- } -- -- md=EVP_get_digestbyobj(alg->algorithm); -- if (md == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); -- goto err; -- } -- -- BIO_set_md(btmp,md); -- if (*pbio == NULL) -- *pbio=btmp; -- else if (!BIO_push(*pbio,btmp)) -- { -- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); -- goto err; -- } -- btmp=NULL; -- -- return 1; -- -- err: -- if (btmp) -- BIO_free(btmp); -- return 0; -- -- } -+{ -+ BIO *btmp; -+ const EVP_MD *md; -+ if ((btmp = BIO_new(BIO_f_md())) == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); -+ goto err; -+ } -+ -+ md = EVP_get_digestbyobj(alg->algorithm); -+ if (md == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE); -+ goto err; -+ } -+ -+ BIO_set_md(btmp, md); -+ if (*pbio == NULL) -+ *pbio = btmp; -+ else if (!BIO_push(*pbio, btmp)) { -+ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); -+ goto err; -+ } -+ btmp = NULL; -+ -+ return 1; -+ -+ err: -+ if (btmp) -+ BIO_free(btmp); -+ return 0; -+ -+} - - BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) -- { -- int i; -- BIO *out=NULL,*btmp=NULL; -- X509_ALGOR *xa = NULL; -- const EVP_CIPHER *evp_cipher=NULL; -- STACK_OF(X509_ALGOR) *md_sk=NULL; -- STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; -- X509_ALGOR *xalg=NULL; -- PKCS7_RECIP_INFO *ri=NULL; -- EVP_PKEY *pkey; -- ASN1_OCTET_STRING *os=NULL; -- -- i=OBJ_obj2nid(p7->type); -- p7->state=PKCS7_S_HEADER; -- -- switch (i) -- { -- case NID_pkcs7_signed: -- md_sk=p7->d.sign->md_algs; -- os = PKCS7_get_octet_string(p7->d.sign->contents); -- break; -- case NID_pkcs7_signedAndEnveloped: -- rsk=p7->d.signed_and_enveloped->recipientinfo; -- md_sk=p7->d.signed_and_enveloped->md_algs; -- xalg=p7->d.signed_and_enveloped->enc_data->algorithm; -- evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; -- if (evp_cipher == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAINIT, -- PKCS7_R_CIPHER_NOT_INITIALIZED); -- goto err; -- } -- break; -- case NID_pkcs7_enveloped: -- rsk=p7->d.enveloped->recipientinfo; -- xalg=p7->d.enveloped->enc_data->algorithm; -- evp_cipher=p7->d.enveloped->enc_data->cipher; -- if (evp_cipher == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAINIT, -- PKCS7_R_CIPHER_NOT_INITIALIZED); -- goto err; -- } -- break; -- case NID_pkcs7_digest: -- xa = p7->d.digest->md; -- os = PKCS7_get_octet_string(p7->d.digest->contents); -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); -- goto err; -- } -- -- for (i=0; ialgorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); -- if (ivlen > 0) -- if (RAND_pseudo_bytes(iv,ivlen) <= 0) -- goto err; -- if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) -- goto err; -- if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) -- goto err; -- if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) -- goto err; -- -- if (ivlen > 0) { -- if (xalg->parameter == NULL) { -- xalg->parameter = ASN1_TYPE_new(); -- if (xalg->parameter == NULL) -- goto err; -- } -- if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) -- goto err; -- } -- -- /* Lets do the pub key stuff :-) */ -- max=0; -- for (i=0; icert == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); -- goto err; -- } -- if ((pkey=X509_get_pubkey(ri->cert)) == NULL) -- goto err; -- jj=EVP_PKEY_size(pkey); -- EVP_PKEY_free(pkey); -- if (max < jj) max=jj; -- } -- if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- for (i=0; icert)) == NULL) -- goto err; -- jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); -- EVP_PKEY_free(pkey); -- if (jj <= 0) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); -- OPENSSL_free(tmp); -- goto err; -- } -- if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj)) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAINIT, -- ERR_R_MALLOC_FAILURE); -- OPENSSL_free(tmp); -- goto err; -- } -- } -- OPENSSL_free(tmp); -- OPENSSL_cleanse(key, keylen); -- -- if (out == NULL) -- out=btmp; -- else -- BIO_push(out,btmp); -- btmp=NULL; -- } -- -- if (bio == NULL) -- { -- if (PKCS7_is_detached(p7)) -- bio=BIO_new(BIO_s_null()); -- else if (os && os->length > 0) -- bio = BIO_new_mem_buf(os->data, os->length); -- if(bio == NULL) -- { -- bio=BIO_new(BIO_s_mem()); -- if (bio == NULL) -- goto err; -- BIO_set_mem_eof_return(bio,0); -- } -- } -- BIO_push(out,bio); -- bio=NULL; -- if (0) -- { --err: -- if (out != NULL) -- BIO_free_all(out); -- if (btmp != NULL) -- BIO_free_all(btmp); -- out=NULL; -- } -- return(out); -- } -+{ -+ int i; -+ BIO *out = NULL, *btmp = NULL; -+ X509_ALGOR *xa = NULL; -+ const EVP_CIPHER *evp_cipher = NULL; -+ STACK_OF(X509_ALGOR) *md_sk = NULL; -+ STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; -+ X509_ALGOR *xalg = NULL; -+ PKCS7_RECIP_INFO *ri = NULL; -+ EVP_PKEY *pkey; -+ ASN1_OCTET_STRING *os = NULL; -+ -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ /* -+ * The content field in the PKCS7 ContentInfo is optional, but that really -+ * only applies to inner content (precisely, detached signatures). -+ * -+ * When reading content, missing outer content is therefore treated as an -+ * error. -+ * -+ * When creating content, PKCS7_content_new() must be called before -+ * calling this method, so a NULL p7->d is always an error. -+ */ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ -+ i = OBJ_obj2nid(p7->type); -+ p7->state = PKCS7_S_HEADER; -+ -+ switch (i) { -+ case NID_pkcs7_signed: -+ md_sk = p7->d.sign->md_algs; -+ os = PKCS7_get_octet_string(p7->d.sign->contents); -+ break; -+ case NID_pkcs7_signedAndEnveloped: -+ rsk = p7->d.signed_and_enveloped->recipientinfo; -+ md_sk = p7->d.signed_and_enveloped->md_algs; -+ xalg = p7->d.signed_and_enveloped->enc_data->algorithm; -+ evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; -+ if (evp_cipher == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED); -+ goto err; -+ } -+ break; -+ case NID_pkcs7_enveloped: -+ rsk = p7->d.enveloped->recipientinfo; -+ xalg = p7->d.enveloped->enc_data->algorithm; -+ evp_cipher = p7->d.enveloped->enc_data->cipher; -+ if (evp_cipher == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED); -+ goto err; -+ } -+ break; -+ case NID_pkcs7_digest: -+ xa = p7->d.digest->md; -+ os = PKCS7_get_octet_string(p7->d.digest->contents); -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); -+ goto err; -+ } -+ -+ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) -+ if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) -+ goto err; -+ -+ if (xa && !PKCS7_bio_add_digest(&out, xa)) -+ goto err; -+ -+ if (evp_cipher != NULL) { -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ unsigned char iv[EVP_MAX_IV_LENGTH]; -+ int keylen, ivlen; -+ int jj, max; -+ unsigned char *tmp; -+ EVP_CIPHER_CTX *ctx; -+ -+ if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB); -+ goto err; -+ } -+ BIO_get_cipher_ctx(btmp, &ctx); -+ keylen = EVP_CIPHER_key_length(evp_cipher); -+ ivlen = EVP_CIPHER_iv_length(evp_cipher); -+ xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); -+ if (ivlen > 0) -+ if (RAND_pseudo_bytes(iv, ivlen) <= 0) -+ goto err; -+ if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0) -+ goto err; -+ if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) -+ goto err; -+ if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) -+ goto err; -+ -+ if (ivlen > 0) { -+ if (xalg->parameter == NULL) { -+ xalg->parameter = ASN1_TYPE_new(); -+ if (xalg->parameter == NULL) -+ goto err; -+ } -+ if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) -+ goto err; -+ } -+ -+ /* Lets do the pub key stuff :-) */ -+ max = 0; -+ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { -+ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); -+ if (ri->cert == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, -+ PKCS7_R_MISSING_CERIPEND_INFO); -+ goto err; -+ } -+ if ((pkey = X509_get_pubkey(ri->cert)) == NULL) -+ goto err; -+ jj = EVP_PKEY_size(pkey); -+ EVP_PKEY_free(pkey); -+ if (max < jj) -+ max = jj; -+ } -+ if ((tmp = (unsigned char *)OPENSSL_malloc(max)) == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { -+ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); -+ if ((pkey = X509_get_pubkey(ri->cert)) == NULL) -+ goto err; -+ jj = EVP_PKEY_encrypt(tmp, key, keylen, pkey); -+ EVP_PKEY_free(pkey); -+ if (jj <= 0) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_EVP_LIB); -+ OPENSSL_free(tmp); -+ goto err; -+ } -+ if (!M_ASN1_OCTET_STRING_set(ri->enc_key, tmp, jj)) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE); -+ OPENSSL_free(tmp); -+ goto err; -+ } -+ } -+ OPENSSL_free(tmp); -+ OPENSSL_cleanse(key, keylen); -+ -+ if (out == NULL) -+ out = btmp; -+ else -+ BIO_push(out, btmp); -+ btmp = NULL; -+ } -+ -+ if (bio == NULL) { -+ if (PKCS7_is_detached(p7)) -+ bio = BIO_new(BIO_s_null()); -+ else if (os && os->length > 0) -+ bio = BIO_new_mem_buf(os->data, os->length); -+ if (bio == NULL) { -+ bio = BIO_new(BIO_s_mem()); -+ if (bio == NULL) -+ goto err; -+ BIO_set_mem_eof_return(bio, 0); -+ } -+ } -+ BIO_push(out, bio); -+ bio = NULL; -+ if (0) { -+ err: -+ if (out != NULL) -+ BIO_free_all(out); -+ if (btmp != NULL) -+ BIO_free_all(btmp); -+ out = NULL; -+ } -+ return (out); -+} - - static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) -- { -- int ret; -- ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, -- pcert->cert_info->issuer); -- if (ret) -- return ret; -- return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, -- ri->issuer_and_serial->serial); -- } -+{ -+ int ret; -+ ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, -+ pcert->cert_info->issuer); -+ if (ret) -+ return ret; -+ return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, -+ ri->issuer_and_serial->serial); -+} - - /* int */ - BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) -- { -- int i,j; -- BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; -- unsigned char *tmp=NULL; -- X509_ALGOR *xa; -- ASN1_OCTET_STRING *data_body=NULL; -- const EVP_MD *evp_md; -- const EVP_CIPHER *evp_cipher=NULL; -- EVP_CIPHER_CTX *evp_ctx=NULL; -- X509_ALGOR *enc_alg=NULL; -- STACK_OF(X509_ALGOR) *md_sk=NULL; -- STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; -- PKCS7_RECIP_INFO *ri=NULL; -- -- i=OBJ_obj2nid(p7->type); -- p7->state=PKCS7_S_HEADER; -- -- switch (i) -- { -- case NID_pkcs7_signed: -- data_body=PKCS7_get_octet_string(p7->d.sign->contents); -- md_sk=p7->d.sign->md_algs; -- break; -- case NID_pkcs7_signedAndEnveloped: -- rsk=p7->d.signed_and_enveloped->recipientinfo; -- md_sk=p7->d.signed_and_enveloped->md_algs; -- data_body=p7->d.signed_and_enveloped->enc_data->enc_data; -- enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; -- evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); -- if (evp_cipher == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); -- goto err; -- } -- break; -- case NID_pkcs7_enveloped: -- rsk=p7->d.enveloped->recipientinfo; -- enc_alg=p7->d.enveloped->enc_data->algorithm; -- data_body=p7->d.enveloped->enc_data->enc_data; -- evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); -- if (evp_cipher == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); -- goto err; -- } -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); -- goto err; -- } -- -- /* We will be checking the signature */ -- if (md_sk != NULL) -- { -- for (i=0; ialgorithm); -- evp_md=EVP_get_digestbynid(j); -- if (evp_md == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); -- goto err; -- } -- -- BIO_set_md(btmp,evp_md); -- if (out == NULL) -- out=btmp; -- else -- BIO_push(out,btmp); -- btmp=NULL; -- } -- } -- -- if (evp_cipher != NULL) -- { -+{ -+ int i, j; -+ BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; -+ unsigned char *tmp = NULL; -+ X509_ALGOR *xa; -+ ASN1_OCTET_STRING *data_body = NULL; -+ const EVP_MD *evp_md; -+ const EVP_CIPHER *evp_cipher = NULL; -+ EVP_CIPHER_CTX *evp_ctx = NULL; -+ X509_ALGOR *enc_alg = NULL; -+ STACK_OF(X509_ALGOR) *md_sk = NULL; -+ STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; -+ PKCS7_RECIP_INFO *ri = NULL; -+ -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ -+ i = OBJ_obj2nid(p7->type); -+ p7->state = PKCS7_S_HEADER; -+ -+ switch (i) { -+ case NID_pkcs7_signed: -+ data_body = PKCS7_get_octet_string(p7->d.sign->contents); -+ md_sk = p7->d.sign->md_algs; -+ break; -+ case NID_pkcs7_signedAndEnveloped: -+ rsk = p7->d.signed_and_enveloped->recipientinfo; -+ md_sk = p7->d.signed_and_enveloped->md_algs; -+ data_body = p7->d.signed_and_enveloped->enc_data->enc_data; -+ enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; -+ evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); -+ if (evp_cipher == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, -+ PKCS7_R_UNSUPPORTED_CIPHER_TYPE); -+ goto err; -+ } -+ break; -+ case NID_pkcs7_enveloped: -+ rsk = p7->d.enveloped->recipientinfo; -+ enc_alg = p7->d.enveloped->enc_data->algorithm; -+ data_body = p7->d.enveloped->enc_data->enc_data; -+ evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); -+ if (evp_cipher == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, -+ PKCS7_R_UNSUPPORTED_CIPHER_TYPE); -+ goto err; -+ } -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); -+ goto err; -+ } -+ -+ /* We will be checking the signature */ -+ if (md_sk != NULL) { -+ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { -+ xa = sk_X509_ALGOR_value(md_sk, i); -+ if ((btmp = BIO_new(BIO_f_md())) == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); -+ goto err; -+ } -+ -+ j = OBJ_obj2nid(xa->algorithm); -+ evp_md = EVP_get_digestbynid(j); -+ if (evp_md == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, -+ PKCS7_R_UNKNOWN_DIGEST_TYPE); -+ goto err; -+ } -+ -+ BIO_set_md(btmp, evp_md); -+ if (out == NULL) -+ out = btmp; -+ else -+ BIO_push(out, btmp); -+ btmp = NULL; -+ } -+ } -+ -+ if (evp_cipher != NULL) { - #if 0 -- unsigned char key[EVP_MAX_KEY_LENGTH]; -- unsigned char iv[EVP_MAX_IV_LENGTH]; -- unsigned char *p; -- int keylen,ivlen; -- int max; -- X509_OBJECT ret; -+ unsigned char key[EVP_MAX_KEY_LENGTH]; -+ unsigned char iv[EVP_MAX_IV_LENGTH]; -+ unsigned char *p; -+ int keylen, ivlen; -+ int max; -+ X509_OBJECT ret; - #endif -- unsigned char *tkey = NULL; -- int tkeylen; -- int jj; -- -- if ((etmp=BIO_new(BIO_f_cipher())) == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); -- goto err; -- } -- -- /* It was encrypted, we need to decrypt the secret key -- * with the private key */ -- -- /* Find the recipientInfo which matches the passed certificate -- * (if any) -- */ -- -- if (pcert) { -- for (i=0; ienc_key), -- M_ASN1_STRING_length(ri->enc_key), -- pkey); -- if (tret > 0) -- { -- memcpy(tmp, tmp2, tret); -- OPENSSL_cleanse(tmp2, tret); -- jj = tret; -- } -- ERR_clear_error(); -- } -- OPENSSL_free(tmp2); -- } -- else -- { -- jj=EVP_PKEY_decrypt(tmp, -- M_ASN1_STRING_data(ri->enc_key), -- M_ASN1_STRING_length(ri->enc_key), pkey); -- ERR_clear_error(); -- } -- -- evp_ctx=NULL; -- BIO_get_cipher_ctx(etmp,&evp_ctx); -- if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) -- goto err; -- if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) -- goto err; -- /* Generate random key to counter MMA */ -- tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); -- tkey = OPENSSL_malloc(tkeylen); -- if (!tkey) -- goto err; -- if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) -- goto err; -- /* If we have no key use random key */ -- if (jj <= 0) -- { -- OPENSSL_free(tmp); -- jj = tkeylen; -- tmp = tkey; -- tkey = NULL; -- } -- -- if (jj != tkeylen) { -- /* Some S/MIME clients don't use the same key -- * and effective key length. The key length is -- * determined by the size of the decrypted RSA key. -- */ -- if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) -- { -- /* As MMA defence use random key instead */ -- OPENSSL_cleanse(tmp, jj); -- OPENSSL_free(tmp); -- jj = tkeylen; -- tmp = tkey; -- tkey = NULL; -- } -- } -- ERR_clear_error(); -- if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) -- goto err; -- -- OPENSSL_cleanse(tmp,jj); -- -- if (tkey) -- { -- OPENSSL_cleanse(tkey, tkeylen); -- OPENSSL_free(tkey); -- } -- -- if (out == NULL) -- out=etmp; -- else -- BIO_push(out,etmp); -- etmp=NULL; -- } -- -+ unsigned char *tkey = NULL; -+ int tkeylen; -+ int jj; -+ -+ if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); -+ goto err; -+ } -+ -+ /* -+ * It was encrypted, we need to decrypt the secret key with the -+ * private key -+ */ -+ -+ /* -+ * Find the recipientInfo which matches the passed certificate (if -+ * any) -+ */ -+ -+ if (pcert) { -+ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { -+ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); -+ if (!pkcs7_cmp_ri(ri, pcert)) -+ break; -+ ri = NULL; -+ } -+ if (ri == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, -+ PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); -+ goto err; -+ } -+ } -+ -+ jj = EVP_PKEY_size(pkey); -+ tmp = (unsigned char *)OPENSSL_malloc(jj + 10); -+ if (tmp == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* If we haven't got a certificate try each ri in turn */ -+ -+ if (pcert == NULL) { -+ /* -+ * Temporary storage in case EVP_PKEY_decrypt overwrites output -+ * buffer on error. -+ */ -+ unsigned char *tmp2; -+ tmp2 = OPENSSL_malloc(jj); -+ if (!tmp2) -+ goto err; -+ jj = -1; -+ /* -+ * Always attempt to decrypt all cases to avoid leaking timing -+ * information about a successful decrypt. -+ */ -+ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { -+ int tret; -+ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); -+ tret = EVP_PKEY_decrypt(tmp2, -+ M_ASN1_STRING_data(ri->enc_key), -+ M_ASN1_STRING_length(ri->enc_key), -+ pkey); -+ if (tret > 0) { -+ memcpy(tmp, tmp2, tret); -+ OPENSSL_cleanse(tmp2, tret); -+ jj = tret; -+ } -+ ERR_clear_error(); -+ } -+ OPENSSL_free(tmp2); -+ } else { -+ jj = EVP_PKEY_decrypt(tmp, -+ M_ASN1_STRING_data(ri->enc_key), -+ M_ASN1_STRING_length(ri->enc_key), pkey); -+ ERR_clear_error(); -+ } -+ -+ evp_ctx = NULL; -+ BIO_get_cipher_ctx(etmp, &evp_ctx); -+ if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0) -+ goto err; -+ if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) -+ goto err; -+ /* Generate random key to counter MMA */ -+ tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); -+ tkey = OPENSSL_malloc(tkeylen); -+ if (!tkey) -+ goto err; -+ if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) -+ goto err; -+ /* If we have no key use random key */ -+ if (jj <= 0) { -+ OPENSSL_free(tmp); -+ jj = tkeylen; -+ tmp = tkey; -+ tkey = NULL; -+ } -+ -+ if (jj != tkeylen) { -+ /* -+ * Some S/MIME clients don't use the same key and effective key -+ * length. The key length is determined by the size of the -+ * decrypted RSA key. -+ */ -+ if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) { -+ /* As MMA defence use random key instead */ -+ OPENSSL_cleanse(tmp, jj); -+ OPENSSL_free(tmp); -+ jj = tkeylen; -+ tmp = tkey; -+ tkey = NULL; -+ } -+ } -+ ERR_clear_error(); -+ if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, tmp, NULL, 0) <= 0) -+ goto err; -+ -+ OPENSSL_cleanse(tmp, jj); -+ -+ if (tkey) { -+ OPENSSL_cleanse(tkey, tkeylen); -+ OPENSSL_free(tkey); -+ } -+ -+ if (out == NULL) -+ out = etmp; -+ else -+ BIO_push(out, etmp); -+ etmp = NULL; -+ } - #if 1 -- if (PKCS7_is_detached(p7) || (in_bio != NULL)) -- { -- bio=in_bio; -- } -- else -- { --#if 0 -- bio=BIO_new(BIO_s_mem()); -- /* We need to set this so that when we have read all -- * the data, the encrypt BIO, if present, will read -- * EOF and encode the last few bytes */ -- BIO_set_mem_eof_return(bio,0); -- -- if (data_body->length > 0) -- BIO_write(bio,(char *)data_body->data,data_body->length); --#else -- if (data_body->length > 0) -- bio = BIO_new_mem_buf(data_body->data,data_body->length); -- else { -- bio=BIO_new(BIO_s_mem()); -- BIO_set_mem_eof_return(bio,0); -- } -- if (bio == NULL) -- goto err; --#endif -- } -- BIO_push(out,bio); -- bio=NULL; -+ if (PKCS7_is_detached(p7) || (in_bio != NULL)) { -+ bio = in_bio; -+ } else { -+# if 0 -+ bio = BIO_new(BIO_s_mem()); -+ /* -+ * We need to set this so that when we have read all the data, the -+ * encrypt BIO, if present, will read EOF and encode the last few -+ * bytes -+ */ -+ BIO_set_mem_eof_return(bio, 0); -+ -+ if (data_body->length > 0) -+ BIO_write(bio, (char *)data_body->data, data_body->length); -+# else -+ if (data_body->length > 0) -+ bio = BIO_new_mem_buf(data_body->data, data_body->length); -+ else { -+ bio = BIO_new(BIO_s_mem()); -+ BIO_set_mem_eof_return(bio, 0); -+ } -+ if (bio == NULL) -+ goto err; -+# endif -+ } -+ BIO_push(out, bio); -+ bio = NULL; - #endif -- if (0) -- { --err: -- if (out != NULL) BIO_free_all(out); -- if (btmp != NULL) BIO_free_all(btmp); -- if (etmp != NULL) BIO_free_all(etmp); -- if (bio != NULL) BIO_free_all(bio); -- out=NULL; -- } -- if (tmp != NULL) -- OPENSSL_free(tmp); -- return(out); -- } -+ if (0) { -+ err: -+ if (out != NULL) -+ BIO_free_all(out); -+ if (btmp != NULL) -+ BIO_free_all(btmp); -+ if (etmp != NULL) -+ BIO_free_all(etmp); -+ if (bio != NULL) -+ BIO_free_all(bio); -+ out = NULL; -+ } -+ if (tmp != NULL) -+ OPENSSL_free(tmp); -+ return (out); -+} - - static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) -- { -- for (;;) -- { -- bio=BIO_find_type(bio,BIO_TYPE_MD); -- if (bio == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); -- return NULL; -- } -- BIO_get_md_ctx(bio,pmd); -- if (*pmd == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); -- return NULL; -- } -- if (EVP_MD_CTX_type(*pmd) == nid) -- return bio; -- bio=BIO_next(bio); -- } -- return NULL; -- } -+{ -+ for (;;) { -+ bio = BIO_find_type(bio, BIO_TYPE_MD); -+ if (bio == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, -+ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); -+ return NULL; -+ } -+ BIO_get_md_ctx(bio, pmd); -+ if (*pmd == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR); -+ return NULL; -+ } -+ if (EVP_MD_CTX_type(*pmd) == nid) -+ return bio; -+ bio = BIO_next(bio); -+ } -+ return NULL; -+} - - int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) -- { -- int ret=0; -- int i,j; -- BIO *btmp; -- BUF_MEM *buf_mem=NULL; -- BUF_MEM *buf=NULL; -- PKCS7_SIGNER_INFO *si; -- EVP_MD_CTX *mdc,ctx_tmp; -- STACK_OF(X509_ATTRIBUTE) *sk; -- STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; -- ASN1_OCTET_STRING *os=NULL; -- -- EVP_MD_CTX_init(&ctx_tmp); -- i=OBJ_obj2nid(p7->type); -- p7->state=PKCS7_S_HEADER; -- -- switch (i) -- { -- case NID_pkcs7_signedAndEnveloped: -- /* XXXXXXXXXXXXXXXX */ -- si_sk=p7->d.signed_and_enveloped->signer_info; -- if (!(os=M_ASN1_OCTET_STRING_new())) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- p7->d.signed_and_enveloped->enc_data->enc_data=os; -- break; -- case NID_pkcs7_enveloped: -- /* XXXXXXXXXXXXXXXX */ -- if (!(os=M_ASN1_OCTET_STRING_new())) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- p7->d.enveloped->enc_data->enc_data=os; -- break; -- case NID_pkcs7_signed: -- si_sk=p7->d.sign->signer_info; -- os=PKCS7_get_octet_string(p7->d.sign->contents); -- /* If detached data then the content is excluded */ -- if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { -- M_ASN1_OCTET_STRING_free(os); -- p7->d.sign->contents->d.data = NULL; -- } -- break; -- -- case NID_pkcs7_digest: -- os=PKCS7_get_octet_string(p7->d.digest->contents); -- /* If detached data then the content is excluded */ -- if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) -- { -- M_ASN1_OCTET_STRING_free(os); -- p7->d.digest->contents->d.data = NULL; -- } -- break; -- -- } -- -- if (si_sk != NULL) -- { -- if ((buf=BUF_MEM_new()) == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); -- goto err; -- } -- for (i=0; ipkey == NULL) continue; -- -- j=OBJ_obj2nid(si->digest_alg->algorithm); -- -- btmp=bio; -- -- btmp = PKCS7_find_digest(&mdc, btmp, j); -- -- if (btmp == NULL) -- goto err; -- -- /* We now have the EVP_MD_CTX, lets do the -- * signing. */ -- EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); -- if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); -- goto err; -- } -- -- sk=si->auth_attr; -- -- /* If there are attributes, we add the digest -- * attribute and only sign the attributes */ -- if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) -- { -- unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL; -- unsigned int md_len, alen; -- ASN1_OCTET_STRING *digest; -- ASN1_UTCTIME *sign_time; -- const EVP_MD *md_tmp; -- -- /* Add signing time if not already present */ -- if (!PKCS7_get_signed_attribute(si, -- NID_pkcs9_signingTime)) -- { -- if (!(sign_time=X509_gmtime_adj(NULL,0))) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!PKCS7_add_signed_attribute(si, -- NID_pkcs9_signingTime, -- V_ASN1_UTCTIME,sign_time)) -- { -- M_ASN1_UTCTIME_free(sign_time); -- goto err; -- } -- } -- -- /* Add digest */ -- md_tmp=EVP_MD_CTX_md(&ctx_tmp); -- EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); -- if (!(digest=M_ASN1_OCTET_STRING_new())) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!M_ASN1_OCTET_STRING_set(digest,md_data, -- md_len)) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, -- ERR_R_MALLOC_FAILURE); -- M_ASN1_OCTET_STRING_free(digest); -- goto err; -- } -- if (!PKCS7_add_signed_attribute(si, -- NID_pkcs9_messageDigest, -- V_ASN1_OCTET_STRING,digest)) -- { -- M_ASN1_OCTET_STRING_free(digest); -- goto err; -- } -- -- /* Now sign the attributes */ -- EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); -- alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf, -- ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); -- if(!abuf) goto err; -- EVP_SignUpdate(&ctx_tmp,abuf,alen); -- OPENSSL_free(abuf); -- } -- -+{ -+ int ret = 0; -+ int i, j; -+ BIO *btmp; -+ BUF_MEM *buf_mem = NULL; -+ BUF_MEM *buf = NULL; -+ PKCS7_SIGNER_INFO *si; -+ EVP_MD_CTX *mdc, ctx_tmp; -+ STACK_OF(X509_ATTRIBUTE) *sk; -+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; -+ ASN1_OCTET_STRING *os = NULL; -+ -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ -+ EVP_MD_CTX_init(&ctx_tmp); -+ i = OBJ_obj2nid(p7->type); -+ p7->state = PKCS7_S_HEADER; -+ -+ switch (i) { -+ case NID_pkcs7_signedAndEnveloped: -+ /* XXXXXXXXXXXXXXXX */ -+ si_sk = p7->d.signed_and_enveloped->signer_info; -+ if (!(os = M_ASN1_OCTET_STRING_new())) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ p7->d.signed_and_enveloped->enc_data->enc_data = os; -+ break; -+ case NID_pkcs7_enveloped: -+ /* XXXXXXXXXXXXXXXX */ -+ if (!(os = M_ASN1_OCTET_STRING_new())) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ p7->d.enveloped->enc_data->enc_data = os; -+ break; -+ case NID_pkcs7_signed: -+ si_sk = p7->d.sign->signer_info; -+ os = PKCS7_get_octet_string(p7->d.sign->contents); -+ /* If detached data then the content is excluded */ -+ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { -+ M_ASN1_OCTET_STRING_free(os); -+ os = NULL; -+ p7->d.sign->contents->d.data = NULL; -+ } -+ break; -+ -+ case NID_pkcs7_digest: -+ os = PKCS7_get_octet_string(p7->d.digest->contents); -+ /* If detached data then the content is excluded */ -+ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { -+ M_ASN1_OCTET_STRING_free(os); -+ os = NULL; -+ p7->d.digest->contents->d.data = NULL; -+ } -+ break; -+ -+ } -+ -+ if (si_sk != NULL) { -+ if ((buf = BUF_MEM_new()) == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB); -+ goto err; -+ } -+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) { -+ si = sk_PKCS7_SIGNER_INFO_value(si_sk, i); -+ if (si->pkey == NULL) -+ continue; -+ -+ j = OBJ_obj2nid(si->digest_alg->algorithm); -+ -+ btmp = bio; -+ -+ btmp = PKCS7_find_digest(&mdc, btmp, j); -+ -+ if (btmp == NULL) -+ goto err; -+ -+ /* -+ * We now have the EVP_MD_CTX, lets do the signing. -+ */ -+ EVP_MD_CTX_copy_ex(&ctx_tmp, mdc); -+ if (!BUF_MEM_grow_clean(buf, EVP_PKEY_size(si->pkey))) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB); -+ goto err; -+ } -+ -+ sk = si->auth_attr; -+ -+ /* -+ * If there are attributes, we add the digest attribute and only -+ * sign the attributes -+ */ -+ if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { -+ unsigned char md_data[EVP_MAX_MD_SIZE], *abuf = NULL; -+ unsigned int md_len, alen; -+ ASN1_OCTET_STRING *digest; -+ ASN1_UTCTIME *sign_time; -+ const EVP_MD *md_tmp; -+ -+ /* Add signing time if not already present */ -+ if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { -+ if (!(sign_time = X509_gmtime_adj(NULL, 0))) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!PKCS7_add_signed_attribute(si, -+ NID_pkcs9_signingTime, -+ V_ASN1_UTCTIME, -+ sign_time)) { -+ M_ASN1_UTCTIME_free(sign_time); -+ goto err; -+ } -+ } -+ -+ /* Add digest */ -+ md_tmp = EVP_MD_CTX_md(&ctx_tmp); -+ EVP_DigestFinal_ex(&ctx_tmp, md_data, &md_len); -+ if (!(digest = M_ASN1_OCTET_STRING_new())) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!M_ASN1_OCTET_STRING_set(digest, md_data, md_len)) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); -+ M_ASN1_OCTET_STRING_free(digest); -+ goto err; -+ } -+ if (!PKCS7_add_signed_attribute(si, -+ NID_pkcs9_messageDigest, -+ V_ASN1_OCTET_STRING, digest)) -+ { -+ M_ASN1_OCTET_STRING_free(digest); -+ goto err; -+ } -+ -+ /* Now sign the attributes */ -+ EVP_SignInit_ex(&ctx_tmp, md_tmp, NULL); -+ alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, -+ ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); -+ if (!abuf) -+ goto err; -+ EVP_SignUpdate(&ctx_tmp, abuf, alen); -+ OPENSSL_free(abuf); -+ } - #ifndef OPENSSL_NO_DSA -- if (si->pkey->type == EVP_PKEY_DSA) -- ctx_tmp.digest=EVP_dss1(); -+ if (si->pkey->type == EVP_PKEY_DSA) -+ ctx_tmp.digest = EVP_dss1(); - #endif - #ifndef OPENSSL_NO_ECDSA -- if (si->pkey->type == EVP_PKEY_EC) -- ctx_tmp.digest=EVP_ecdsa(); -+ if (si->pkey->type == EVP_PKEY_EC) -+ ctx_tmp.digest = EVP_ecdsa(); - #endif - -- if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, -- (unsigned int *)&buf->length,si->pkey)) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB); -- goto err; -- } -- if (!ASN1_STRING_set(si->enc_digest, -- (unsigned char *)buf->data,buf->length)) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB); -- goto err; -- } -- } -- } -- else if (i == NID_pkcs7_digest) -- { -- unsigned char md_data[EVP_MAX_MD_SIZE]; -- unsigned int md_len; -- if (!PKCS7_find_digest(&mdc, bio, -- OBJ_obj2nid(p7->d.digest->md->algorithm))) -- goto err; -- EVP_DigestFinal_ex(mdc,md_data,&md_len); -- M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); -- } -- -- if (!PKCS7_is_detached(p7)) -- { -- btmp=BIO_find_type(bio,BIO_TYPE_MEM); -- if (btmp == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); -- goto err; -- } -- BIO_get_mem_ptr(btmp,&buf_mem); -- /* Mark the BIO read only then we can use its copy of the data -- * instead of making an extra copy. -- */ -- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); -- BIO_set_mem_eof_return(btmp, 0); -- os->data = (unsigned char *)buf_mem->data; -- os->length = buf_mem->length; -+ if (!EVP_SignFinal(&ctx_tmp, (unsigned char *)buf->data, -+ (unsigned int *)&buf->length, si->pkey)) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); -+ goto err; -+ } -+ if (!ASN1_STRING_set(si->enc_digest, -+ (unsigned char *)buf->data, buf->length)) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ } -+ } else if (i == NID_pkcs7_digest) { -+ unsigned char md_data[EVP_MAX_MD_SIZE]; -+ unsigned int md_len; -+ if (!PKCS7_find_digest(&mdc, bio, -+ OBJ_obj2nid(p7->d.digest->md->algorithm))) -+ goto err; -+ EVP_DigestFinal_ex(mdc, md_data, &md_len); -+ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); -+ } -+ -+ if (!PKCS7_is_detached(p7)) { -+ /* -+ * NOTE(emilia): I think we only reach os == NULL here because detached -+ * digested data support is broken. -+ */ -+ if (os == NULL) -+ goto err; -+ btmp = BIO_find_type(bio, BIO_TYPE_MEM); -+ if (btmp == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); -+ goto err; -+ } -+ BIO_get_mem_ptr(btmp, &buf_mem); -+ /* -+ * Mark the BIO read only then we can use its copy of the data -+ * instead of making an extra copy. -+ */ -+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); -+ BIO_set_mem_eof_return(btmp, 0); -+ os->data = (unsigned char *)buf_mem->data; -+ os->length = buf_mem->length; - #if 0 -- M_ASN1_OCTET_STRING_set(os, -- (unsigned char *)buf_mem->data,buf_mem->length); -+ M_ASN1_OCTET_STRING_set(os, -+ (unsigned char *)buf_mem->data, -+ buf_mem->length); - #endif -- } -- ret=1; --err: -- EVP_MD_CTX_cleanup(&ctx_tmp); -- if (buf != NULL) BUF_MEM_free(buf); -- return(ret); -- } -+ } -+ ret = 1; -+ err: -+ EVP_MD_CTX_cleanup(&ctx_tmp); -+ if (buf != NULL) -+ BUF_MEM_free(buf); -+ return (ret); -+} - - int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, -- PKCS7 *p7, PKCS7_SIGNER_INFO *si) -- { -- PKCS7_ISSUER_AND_SERIAL *ias; -- int ret=0,i; -- STACK_OF(X509) *cert; -- X509 *x509; -- -- if (PKCS7_type_is_signed(p7)) -- { -- cert=p7->d.sign->cert; -- } -- else if (PKCS7_type_is_signedAndEnveloped(p7)) -- { -- cert=p7->d.signed_and_enveloped->cert; -- } -- else -- { -- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); -- goto err; -- } -- /* XXXXXXXXXXXXXXXXXXXXXXX */ -- ias=si->issuer_and_serial; -- -- x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); -- -- /* were we able to find the cert in passed to us */ -- if (x509 == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); -- goto err; -- } -- -- /* Lets verify */ -- if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); -- goto err; -- } -- X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); -- i=X509_verify_cert(ctx); -- if (i <= 0) -- { -- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); -- X509_STORE_CTX_cleanup(ctx); -- goto err; -- } -- X509_STORE_CTX_cleanup(ctx); -- -- return PKCS7_signatureVerify(bio, p7, si, x509); -- err: -- return ret; -- } -+ PKCS7 *p7, PKCS7_SIGNER_INFO *si) -+{ -+ PKCS7_ISSUER_AND_SERIAL *ias; -+ int ret = 0, i; -+ STACK_OF(X509) *cert; -+ X509 *x509; -+ -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ -+ if (PKCS7_type_is_signed(p7)) { -+ cert = p7->d.sign->cert; -+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) { -+ cert = p7->d.signed_and_enveloped->cert; -+ } else { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); -+ goto err; -+ } -+ /* XXXXXXXXXXXXXXXXXXXXXXX */ -+ ias = si->issuer_and_serial; -+ -+ x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial); -+ -+ /* were we able to find the cert in passed to us */ -+ if (x509 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, -+ PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); -+ goto err; -+ } -+ -+ /* Lets verify */ -+ if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); -+ goto err; -+ } -+ X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); -+ i = X509_verify_cert(ctx); -+ if (i <= 0) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); -+ X509_STORE_CTX_cleanup(ctx); -+ goto err; -+ } -+ X509_STORE_CTX_cleanup(ctx); -+ -+ return PKCS7_signatureVerify(bio, p7, si, x509); -+ err: -+ return ret; -+} - - int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, -- X509 *x509) -- { -- ASN1_OCTET_STRING *os; -- EVP_MD_CTX mdc_tmp,*mdc; -- int ret=0,i; -- int md_type; -- STACK_OF(X509_ATTRIBUTE) *sk; -- BIO *btmp; -- EVP_PKEY *pkey; -- -- EVP_MD_CTX_init(&mdc_tmp); -- -- if (!PKCS7_type_is_signed(p7) && -- !PKCS7_type_is_signedAndEnveloped(p7)) { -- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, -- PKCS7_R_WRONG_PKCS7_TYPE); -- goto err; -- } -- -- md_type=OBJ_obj2nid(si->digest_alg->algorithm); -- -- btmp=bio; -- for (;;) -- { -- if ((btmp == NULL) || -- ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) -- { -- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, -- PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); -- goto err; -- } -- BIO_get_md_ctx(btmp,&mdc); -- if (mdc == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, -- ERR_R_INTERNAL_ERROR); -- goto err; -- } -- if (EVP_MD_CTX_type(mdc) == md_type) -- break; -- /* Workaround for some broken clients that put the signature -- * OID instead of the digest OID in digest_alg->algorithm -- */ -- if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) -- break; -- btmp=BIO_next(btmp); -- } -- -- /* mdc is the digest ctx that we want, unless there are attributes, -- * in which case the digest is the signed attributes */ -- EVP_MD_CTX_copy_ex(&mdc_tmp,mdc); -- -- sk=si->auth_attr; -- if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) -- { -- unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; -- unsigned int md_len, alen; -- ASN1_OCTET_STRING *message_digest; -- -- EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); -- message_digest=PKCS7_digest_from_attributes(sk); -- if (!message_digest) -- { -- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, -- PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); -- goto err; -- } -- if ((message_digest->length != (int)md_len) || -- (memcmp(message_digest->data,md_dat,md_len))) -- { --#if 0 -+ X509 *x509) - { --int ii; --for (ii=0; iilength; ii++) -- printf("%02X",message_digest->data[ii]); printf(" sent\n"); --for (ii=0; iidigest_alg->algorithm); -+ -+ btmp = bio; -+ for (;;) { -+ if ((btmp == NULL) || -+ ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { -+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, -+ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); -+ goto err; -+ } -+ BIO_get_md_ctx(btmp, &mdc); -+ if (mdc == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ if (EVP_MD_CTX_type(mdc) == md_type) -+ break; -+ /* -+ * Workaround for some broken clients that put the signature OID -+ * instead of the digest OID in digest_alg->algorithm -+ */ -+ if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) -+ break; -+ btmp = BIO_next(btmp); -+ } -+ -+ /* -+ * mdc is the digest ctx that we want, unless there are attributes, in -+ * which case the digest is the signed attributes -+ */ -+ EVP_MD_CTX_copy_ex(&mdc_tmp, mdc); -+ -+ sk = si->auth_attr; -+ if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { -+ unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; -+ unsigned int md_len, alen; -+ ASN1_OCTET_STRING *message_digest; -+ -+ EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len); -+ message_digest = PKCS7_digest_from_attributes(sk); -+ if (!message_digest) { -+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, -+ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); -+ goto err; -+ } -+ if ((message_digest->length != (int)md_len) || -+ (memcmp(message_digest->data, md_dat, md_len))) { -+#if 0 -+ { -+ int ii; -+ for (ii = 0; ii < message_digest->length; ii++) -+ printf("%02X", message_digest->data[ii]); -+ printf(" sent\n"); -+ for (ii = 0; ii < md_len; ii++) -+ printf("%02X", md_dat[ii]); -+ printf(" calc\n"); -+ } - #endif -- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, -- PKCS7_R_DIGEST_FAILURE); -- ret= -1; -- goto err; -- } -- -- EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL); -- -- alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, -- ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); -- EVP_VerifyUpdate(&mdc_tmp, abuf, alen); -- -- OPENSSL_free(abuf); -- } -- -- os=si->enc_digest; -- pkey = X509_get_pubkey(x509); -- if (!pkey) -- { -- ret = -1; -- goto err; -- } -+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE); -+ ret = -1; -+ goto err; -+ } -+ -+ EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL); -+ -+ alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, -+ ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); -+ EVP_VerifyUpdate(&mdc_tmp, abuf, alen); -+ -+ OPENSSL_free(abuf); -+ } -+ -+ os = si->enc_digest; -+ pkey = X509_get_pubkey(x509); -+ if (!pkey) { -+ ret = -1; -+ goto err; -+ } - #ifndef OPENSSL_NO_DSA -- if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); -+ if (pkey->type == EVP_PKEY_DSA) -+ mdc_tmp.digest = EVP_dss1(); - #endif - #ifndef OPENSSL_NO_ECDSA -- if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa(); -+ if (pkey->type == EVP_PKEY_EC) -+ mdc_tmp.digest = EVP_ecdsa(); - #endif - -- i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); -- EVP_PKEY_free(pkey); -- if (i <= 0) -- { -- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, -- PKCS7_R_SIGNATURE_FAILURE); -- ret= -1; -- goto err; -- } -- else -- ret=1; --err: -- EVP_MD_CTX_cleanup(&mdc_tmp); -- return(ret); -- } -+ i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); -+ EVP_PKEY_free(pkey); -+ if (i <= 0) { -+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); -+ ret = -1; -+ goto err; -+ } else -+ ret = 1; -+ err: -+ EVP_MD_CTX_cleanup(&mdc_tmp); -+ return (ret); -+} - - PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) -- { -- STACK_OF(PKCS7_RECIP_INFO) *rsk; -- PKCS7_RECIP_INFO *ri; -- int i; -- -- i=OBJ_obj2nid(p7->type); -- if (i != NID_pkcs7_signedAndEnveloped) -- return NULL; -- if (p7->d.signed_and_enveloped == NULL) -- return NULL; -- rsk=p7->d.signed_and_enveloped->recipientinfo; -- if (rsk == NULL) -- return NULL; -- ri=sk_PKCS7_RECIP_INFO_value(rsk,0); -- if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); -- ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); -- return(ri->issuer_and_serial); -- } -+{ -+ STACK_OF(PKCS7_RECIP_INFO) *rsk; -+ PKCS7_RECIP_INFO *ri; -+ int i; -+ -+ i = OBJ_obj2nid(p7->type); -+ if (i != NID_pkcs7_signedAndEnveloped) -+ return NULL; -+ if (p7->d.signed_and_enveloped == NULL) -+ return NULL; -+ rsk = p7->d.signed_and_enveloped->recipientinfo; -+ if (rsk == NULL) -+ return NULL; -+ ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); -+ if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) -+ return (NULL); -+ ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); -+ return (ri->issuer_and_serial); -+} - - ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) -- { -- return(get_attribute(si->auth_attr,nid)); -- } -+{ -+ return (get_attribute(si->auth_attr, nid)); -+} - - ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) -- { -- return(get_attribute(si->unauth_attr,nid)); -- } -+{ -+ return (get_attribute(si->unauth_attr, nid)); -+} - - static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) -- { -- int i; -- X509_ATTRIBUTE *xa; -- ASN1_OBJECT *o; -- -- o=OBJ_nid2obj(nid); -- if (!o || !sk) return(NULL); -- for (i=0; iobject,o) == 0) -- { -- if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) -- return(sk_ASN1_TYPE_value(xa->value.set,0)); -- else -- return(NULL); -- } -- } -- return(NULL); -- } -+{ -+ int i; -+ X509_ATTRIBUTE *xa; -+ ASN1_OBJECT *o; -+ -+ o = OBJ_nid2obj(nid); -+ if (!o || !sk) -+ return (NULL); -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { -+ xa = sk_X509_ATTRIBUTE_value(sk, i); -+ if (OBJ_cmp(xa->object, o) == 0) { -+ if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) -+ return (sk_ASN1_TYPE_value(xa->value.set, 0)); -+ else -+ return (NULL); -+ } -+ } -+ return (NULL); -+} - - ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) - { -- ASN1_TYPE *astype; -- if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; -- return astype->value.octet_string; -+ ASN1_TYPE *astype; -+ if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) -+ return NULL; -+ return astype->value.octet_string; - } - - int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, -- STACK_OF(X509_ATTRIBUTE) *sk) -- { -- int i; -- -- if (p7si->auth_attr != NULL) -- sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); -- p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); -- if (p7si->auth_attr == NULL) -- return 0; -- for (i=0; iauth_attr,i, -- X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) -- == NULL) -- return(0); -- } -- return(1); -- } -- --int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) -- { -- int i; -- -- if (p7si->unauth_attr != NULL) -- sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, -- X509_ATTRIBUTE_free); -- p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); -- if (p7si->unauth_attr == NULL) -- return 0; -- for (i=0; iunauth_attr,i, -- X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) -- == NULL) -- return(0); -- } -- return(1); -- } -+ STACK_OF(X509_ATTRIBUTE) *sk) -+{ -+ int i; -+ -+ if (p7si->auth_attr != NULL) -+ sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); -+ p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); -+ if (p7si->auth_attr == NULL) -+ return 0; -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { -+ if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, -+ X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value -+ (sk, i)))) -+ == NULL) -+ return (0); -+ } -+ return (1); -+} -+ -+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, -+ STACK_OF(X509_ATTRIBUTE) *sk) -+{ -+ int i; -+ -+ if (p7si->unauth_attr != NULL) -+ sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); -+ p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); -+ if (p7si->unauth_attr == NULL) -+ return 0; -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { -+ if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, -+ X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value -+ (sk, i)))) -+ == NULL) -+ return (0); -+ } -+ return (1); -+} - - int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, -- void *value) -- { -- return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); -- } -+ void *value) -+{ -+ return (add_attribute(&(p7si->auth_attr), nid, atrtype, value)); -+} - - int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, -- void *value) -- { -- return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); -- } -+ void *value) -+{ -+ return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value)); -+} - - static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, -- void *value) -- { -- X509_ATTRIBUTE *attr=NULL; -- -- if (*sk == NULL) -- { -- if (!(*sk = sk_X509_ATTRIBUTE_new_null())) -- return 0; --new_attrib: -- if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) -- return 0; -- if (!sk_X509_ATTRIBUTE_push(*sk,attr)) -- { -- X509_ATTRIBUTE_free(attr); -- return 0; -- } -- } -- else -- { -- int i; -- -- for (i=0; iobject) == nid) -- { -- X509_ATTRIBUTE_free(attr); -- attr=X509_ATTRIBUTE_create(nid,atrtype,value); -- if (attr == NULL) -- return 0; -- if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) -- { -- X509_ATTRIBUTE_free(attr); -- return 0; -- } -- goto end; -- } -- } -- goto new_attrib; -- } --end: -- return(1); -- } -- -+ void *value) -+{ -+ X509_ATTRIBUTE *attr = NULL; -+ -+ if (*sk == NULL) { -+ if (!(*sk = sk_X509_ATTRIBUTE_new_null())) -+ return 0; -+ new_attrib: -+ if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) -+ return 0; -+ if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { -+ X509_ATTRIBUTE_free(attr); -+ return 0; -+ } -+ } else { -+ int i; -+ -+ for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { -+ attr = sk_X509_ATTRIBUTE_value(*sk, i); -+ if (OBJ_obj2nid(attr->object) == nid) { -+ X509_ATTRIBUTE_free(attr); -+ attr = X509_ATTRIBUTE_create(nid, atrtype, value); -+ if (attr == NULL) -+ return 0; -+ if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { -+ X509_ATTRIBUTE_free(attr); -+ return 0; -+ } -+ goto end; -+ } -+ } -+ goto new_attrib; -+ } -+ end: -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c -index 898cdda..c2ad3ec 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,526 +62,519 @@ - #include - - long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) -- { -- int nid; -- long ret; -- -- nid=OBJ_obj2nid(p7->type); -- -- switch (cmd) -- { -- case PKCS7_OP_SET_DETACHED_SIGNATURE: -- if (nid == NID_pkcs7_signed) -- { -- ret=p7->detached=(int)larg; -- if (ret && PKCS7_type_is_data(p7->d.sign->contents)) -- { -- ASN1_OCTET_STRING *os; -- os=p7->d.sign->contents->d.data; -- ASN1_OCTET_STRING_free(os); -- p7->d.sign->contents->d.data = NULL; -- } -- } -- else -- { -- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); -- ret=0; -- } -- break; -- case PKCS7_OP_GET_DETACHED_SIGNATURE: -- if (nid == NID_pkcs7_signed) -- { -- if(!p7->d.sign || !p7->d.sign->contents->d.ptr) -- ret = 1; -- else ret = 0; -- -- p7->detached = ret; -- } -- else -- { -- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); -- ret=0; -- } -- -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); -- ret=0; -- } -- return(ret); -- } -+{ -+ int nid; -+ long ret; -+ -+ nid = OBJ_obj2nid(p7->type); -+ -+ switch (cmd) { -+ /* NOTE(emilia): does not support detached digested data. */ -+ case PKCS7_OP_SET_DETACHED_SIGNATURE: -+ if (nid == NID_pkcs7_signed) { -+ ret = p7->detached = (int)larg; -+ if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { -+ ASN1_OCTET_STRING *os; -+ os = p7->d.sign->contents->d.data; -+ ASN1_OCTET_STRING_free(os); -+ p7->d.sign->contents->d.data = NULL; -+ } -+ } else { -+ PKCS7err(PKCS7_F_PKCS7_CTRL, -+ PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); -+ ret = 0; -+ } -+ break; -+ case PKCS7_OP_GET_DETACHED_SIGNATURE: -+ if (nid == NID_pkcs7_signed) { -+ if (!p7->d.sign || !p7->d.sign->contents->d.ptr) -+ ret = 1; -+ else -+ ret = 0; -+ -+ p7->detached = ret; -+ } else { -+ PKCS7err(PKCS7_F_PKCS7_CTRL, -+ PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); -+ ret = 0; -+ } -+ -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION); -+ ret = 0; -+ } -+ return (ret); -+} - - int PKCS7_content_new(PKCS7 *p7, int type) -- { -- PKCS7 *ret=NULL; -- -- if ((ret=PKCS7_new()) == NULL) goto err; -- if (!PKCS7_set_type(ret,type)) goto err; -- if (!PKCS7_set_content(p7,ret)) goto err; -- -- return(1); --err: -- if (ret != NULL) PKCS7_free(ret); -- return(0); -- } -+{ -+ PKCS7 *ret = NULL; -+ -+ if ((ret = PKCS7_new()) == NULL) -+ goto err; -+ if (!PKCS7_set_type(ret, type)) -+ goto err; -+ if (!PKCS7_set_content(p7, ret)) -+ goto err; -+ -+ return (1); -+ err: -+ if (ret != NULL) -+ PKCS7_free(ret); -+ return (0); -+} - - int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) -- { -- int i; -- -- i=OBJ_obj2nid(p7->type); -- switch (i) -- { -- case NID_pkcs7_signed: -- if (p7->d.sign->contents != NULL) -- PKCS7_free(p7->d.sign->contents); -- p7->d.sign->contents=p7_data; -- break; -- case NID_pkcs7_digest: -- if (p7->d.digest->contents != NULL) -- PKCS7_free(p7->d.digest->contents); -- p7->d.digest->contents=p7_data; -- break; -- case NID_pkcs7_data: -- case NID_pkcs7_enveloped: -- case NID_pkcs7_signedAndEnveloped: -- case NID_pkcs7_encrypted: -- default: -- PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); -- goto err; -- } -- return(1); --err: -- return(0); -- } -+{ -+ int i; -+ -+ i = OBJ_obj2nid(p7->type); -+ switch (i) { -+ case NID_pkcs7_signed: -+ if (p7->d.sign->contents != NULL) -+ PKCS7_free(p7->d.sign->contents); -+ p7->d.sign->contents = p7_data; -+ break; -+ case NID_pkcs7_digest: -+ if (p7->d.digest->contents != NULL) -+ PKCS7_free(p7->d.digest->contents); -+ p7->d.digest->contents = p7_data; -+ break; -+ case NID_pkcs7_data: -+ case NID_pkcs7_enveloped: -+ case NID_pkcs7_signedAndEnveloped: -+ case NID_pkcs7_encrypted: -+ default: -+ PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); -+ goto err; -+ } -+ return (1); -+ err: -+ return (0); -+} - - int PKCS7_set_type(PKCS7 *p7, int type) -- { -- ASN1_OBJECT *obj; -- -- /*PKCS7_content_free(p7);*/ -- obj=OBJ_nid2obj(type); /* will not fail */ -- -- switch (type) -- { -- case NID_pkcs7_signed: -- p7->type=obj; -- if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) -- goto err; -- if (!ASN1_INTEGER_set(p7->d.sign->version,1)) -- { -- PKCS7_SIGNED_free(p7->d.sign); -- p7->d.sign=NULL; -- goto err; -- } -- break; -- case NID_pkcs7_data: -- p7->type=obj; -- if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) -- goto err; -- break; -- case NID_pkcs7_signedAndEnveloped: -- p7->type=obj; -- if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) -- == NULL) goto err; -- ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); -- if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) -- goto err; -- p7->d.signed_and_enveloped->enc_data->content_type -- = OBJ_nid2obj(NID_pkcs7_data); -- break; -- case NID_pkcs7_enveloped: -- p7->type=obj; -- if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) -- == NULL) goto err; -- if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) -- goto err; -- p7->d.enveloped->enc_data->content_type -- = OBJ_nid2obj(NID_pkcs7_data); -- break; -- case NID_pkcs7_encrypted: -- p7->type=obj; -- if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) -- == NULL) goto err; -- if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) -- goto err; -- p7->d.encrypted->enc_data->content_type -- = OBJ_nid2obj(NID_pkcs7_data); -- break; -- -- case NID_pkcs7_digest: -- p7->type=obj; -- if ((p7->d.digest=PKCS7_DIGEST_new()) -- == NULL) goto err; -- if (!ASN1_INTEGER_set(p7->d.digest->version,0)) -- goto err; -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); -- goto err; -- } -- return(1); --err: -- return(0); -- } -+{ -+ ASN1_OBJECT *obj; -+ -+ /* -+ * PKCS7_content_free(p7); -+ */ -+ obj = OBJ_nid2obj(type); /* will not fail */ -+ -+ switch (type) { -+ case NID_pkcs7_signed: -+ p7->type = obj; -+ if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL) -+ goto err; -+ if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) { -+ PKCS7_SIGNED_free(p7->d.sign); -+ p7->d.sign = NULL; -+ goto err; -+ } -+ break; -+ case NID_pkcs7_data: -+ p7->type = obj; -+ if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL) -+ goto err; -+ break; -+ case NID_pkcs7_signedAndEnveloped: -+ p7->type = obj; -+ if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) -+ == NULL) -+ goto err; -+ ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1); -+ if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) -+ goto err; -+ p7->d.signed_and_enveloped->enc_data->content_type -+ = OBJ_nid2obj(NID_pkcs7_data); -+ break; -+ case NID_pkcs7_enveloped: -+ p7->type = obj; -+ if ((p7->d.enveloped = PKCS7_ENVELOPE_new()) -+ == NULL) -+ goto err; -+ if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0)) -+ goto err; -+ p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); -+ break; -+ case NID_pkcs7_encrypted: -+ p7->type = obj; -+ if ((p7->d.encrypted = PKCS7_ENCRYPT_new()) -+ == NULL) -+ goto err; -+ if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0)) -+ goto err; -+ p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); -+ break; -+ -+ case NID_pkcs7_digest: -+ p7->type = obj; -+ if ((p7->d.digest = PKCS7_DIGEST_new()) -+ == NULL) -+ goto err; -+ if (!ASN1_INTEGER_set(p7->d.digest->version, 0)) -+ goto err; -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); -+ goto err; -+ } -+ return (1); -+ err: -+ return (0); -+} - - int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) -- { -- p7->type = OBJ_nid2obj(type); -- p7->d.other = other; -- return 1; -- } -+{ -+ p7->type = OBJ_nid2obj(type); -+ p7->d.other = other; -+ return 1; -+} - - int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) -- { -- int i,j,nid; -- X509_ALGOR *alg; -- STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; -- STACK_OF(X509_ALGOR) *md_sk; -- -- i=OBJ_obj2nid(p7->type); -- switch (i) -- { -- case NID_pkcs7_signed: -- signer_sk= p7->d.sign->signer_info; -- md_sk= p7->d.sign->md_algs; -- break; -- case NID_pkcs7_signedAndEnveloped: -- signer_sk= p7->d.signed_and_enveloped->signer_info; -- md_sk= p7->d.signed_and_enveloped->md_algs; -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); -- return(0); -- } -- -- nid=OBJ_obj2nid(psi->digest_alg->algorithm); -- -- /* If the digest is not currently listed, add it */ -- j=0; -- for (i=0; ialgorithm) == nid) -- { -- j=1; -- break; -- } -- } -- if (!j) /* we need to add another algorithm */ -- { -- if(!(alg=X509_ALGOR_new()) -- || !(alg->parameter = ASN1_TYPE_new())) -- { -- X509_ALGOR_free(alg); -- PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- alg->algorithm=OBJ_nid2obj(nid); -- alg->parameter->type = V_ASN1_NULL; -- if (!sk_X509_ALGOR_push(md_sk,alg)) -- { -- X509_ALGOR_free(alg); -- return 0; -- } -- } -- -- if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) -- return 0; -- return(1); -- } -+{ -+ int i, j, nid; -+ X509_ALGOR *alg; -+ STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; -+ STACK_OF(X509_ALGOR) *md_sk; -+ -+ i = OBJ_obj2nid(p7->type); -+ switch (i) { -+ case NID_pkcs7_signed: -+ signer_sk = p7->d.sign->signer_info; -+ md_sk = p7->d.sign->md_algs; -+ break; -+ case NID_pkcs7_signedAndEnveloped: -+ signer_sk = p7->d.signed_and_enveloped->signer_info; -+ md_sk = p7->d.signed_and_enveloped->md_algs; -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE); -+ return (0); -+ } -+ -+ nid = OBJ_obj2nid(psi->digest_alg->algorithm); -+ -+ /* If the digest is not currently listed, add it */ -+ j = 0; -+ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { -+ alg = sk_X509_ALGOR_value(md_sk, i); -+ if (OBJ_obj2nid(alg->algorithm) == nid) { -+ j = 1; -+ break; -+ } -+ } -+ if (!j) { /* we need to add another algorithm */ -+ if (!(alg = X509_ALGOR_new()) -+ || !(alg->parameter = ASN1_TYPE_new())) { -+ X509_ALGOR_free(alg); -+ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ alg->algorithm = OBJ_nid2obj(nid); -+ alg->parameter->type = V_ASN1_NULL; -+ if (!sk_X509_ALGOR_push(md_sk, alg)) { -+ X509_ALGOR_free(alg); -+ return 0; -+ } -+ } -+ -+ if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi)) -+ return 0; -+ return (1); -+} - - int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) -- { -- int i; -- STACK_OF(X509) **sk; -- -- i=OBJ_obj2nid(p7->type); -- switch (i) -- { -- case NID_pkcs7_signed: -- sk= &(p7->d.sign->cert); -- break; -- case NID_pkcs7_signedAndEnveloped: -- sk= &(p7->d.signed_and_enveloped->cert); -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE); -- return(0); -- } -- -- if (*sk == NULL) -- *sk=sk_X509_new_null(); -- if (*sk == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); -- if (!sk_X509_push(*sk,x509)) -- { -- X509_free(x509); -- return 0; -- } -- return(1); -- } -+{ -+ int i; -+ STACK_OF(X509) **sk; -+ -+ i = OBJ_obj2nid(p7->type); -+ switch (i) { -+ case NID_pkcs7_signed: -+ sk = &(p7->d.sign->cert); -+ break; -+ case NID_pkcs7_signedAndEnveloped: -+ sk = &(p7->d.signed_and_enveloped->cert); -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE); -+ return (0); -+ } -+ -+ if (*sk == NULL) -+ *sk = sk_X509_new_null(); -+ if (*sk == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); -+ if (!sk_X509_push(*sk, x509)) { -+ X509_free(x509); -+ return 0; -+ } -+ return (1); -+} - - int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) -- { -- int i; -- STACK_OF(X509_CRL) **sk; -- -- i=OBJ_obj2nid(p7->type); -- switch (i) -- { -- case NID_pkcs7_signed: -- sk= &(p7->d.sign->crl); -- break; -- case NID_pkcs7_signedAndEnveloped: -- sk= &(p7->d.signed_and_enveloped->crl); -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE); -- return(0); -- } -- -- if (*sk == NULL) -- *sk=sk_X509_CRL_new_null(); -- if (*sk == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); -- if (!sk_X509_CRL_push(*sk,crl)) -- { -- X509_CRL_free(crl); -- return 0; -- } -- return(1); -- } -+{ -+ int i; -+ STACK_OF(X509_CRL) **sk; -+ -+ i = OBJ_obj2nid(p7->type); -+ switch (i) { -+ case NID_pkcs7_signed: -+ sk = &(p7->d.sign->crl); -+ break; -+ case NID_pkcs7_signedAndEnveloped: -+ sk = &(p7->d.signed_and_enveloped->crl); -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE); -+ return (0); -+ } -+ -+ if (*sk == NULL) -+ *sk = sk_X509_CRL_new_null(); -+ if (*sk == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); -+ if (!sk_X509_CRL_push(*sk, crl)) { -+ X509_CRL_free(crl); -+ return 0; -+ } -+ return (1); -+} - - int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, -- const EVP_MD *dgst) -- { -- int nid; -- char is_dsa; -- -- if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) -- is_dsa = 1; -- else -- is_dsa = 0; -- /* We now need to add another PKCS7_SIGNER_INFO entry */ -- if (!ASN1_INTEGER_set(p7i->version,1)) -- goto err; -- if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, -- X509_get_issuer_name(x509))) -- goto err; -- -- /* because ASN1_INTEGER_set is used to set a 'long' we will do -- * things the ugly way. */ -- M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); -- if (!(p7i->issuer_and_serial->serial= -- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) -- goto err; -- -- /* lets keep the pkey around for a while */ -- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); -- p7i->pkey=pkey; -- -- /* Set the algorithms */ -- if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); -- else -- p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); -- -- if (p7i->digest_alg->parameter != NULL) -- ASN1_TYPE_free(p7i->digest_alg->parameter); -- if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL) -- goto err; -- p7i->digest_alg->parameter->type=V_ASN1_NULL; -- -- if (p7i->digest_enc_alg->parameter != NULL) -- ASN1_TYPE_free(p7i->digest_enc_alg->parameter); -- nid = EVP_PKEY_type(pkey->type); -- if (nid == EVP_PKEY_RSA) -- { -- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption); -- if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) -- goto err; -- p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; -- } -- else if (nid == EVP_PKEY_DSA) -- { -+ const EVP_MD *dgst) -+{ -+ int nid; -+ char is_dsa; -+ -+ if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) -+ is_dsa = 1; -+ else -+ is_dsa = 0; -+ /* We now need to add another PKCS7_SIGNER_INFO entry */ -+ if (!ASN1_INTEGER_set(p7i->version, 1)) -+ goto err; -+ if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, -+ X509_get_issuer_name(x509))) -+ goto err; -+ -+ /* -+ * because ASN1_INTEGER_set is used to set a 'long' we will do things the -+ * ugly way. -+ */ -+ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); -+ if (!(p7i->issuer_and_serial->serial = -+ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) -+ goto err; -+ -+ /* lets keep the pkey around for a while */ -+ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); -+ p7i->pkey = pkey; -+ -+ /* Set the algorithms */ -+ if (is_dsa) -+ p7i->digest_alg->algorithm = OBJ_nid2obj(NID_sha1); -+ else -+ p7i->digest_alg->algorithm = OBJ_nid2obj(EVP_MD_type(dgst)); -+ -+ if (p7i->digest_alg->parameter != NULL) -+ ASN1_TYPE_free(p7i->digest_alg->parameter); -+ if ((p7i->digest_alg->parameter = ASN1_TYPE_new()) == NULL) -+ goto err; -+ p7i->digest_alg->parameter->type = V_ASN1_NULL; -+ -+ if (p7i->digest_enc_alg->parameter != NULL) -+ ASN1_TYPE_free(p7i->digest_enc_alg->parameter); -+ nid = EVP_PKEY_type(pkey->type); -+ if (nid == EVP_PKEY_RSA) { -+ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_rsaEncryption); -+ if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new())) -+ goto err; -+ p7i->digest_enc_alg->parameter->type = V_ASN1_NULL; -+ } else if (nid == EVP_PKEY_DSA) { - #if 1 -- /* use 'dsaEncryption' OID for compatibility with other software -- * (PKCS #7 v1.5 does specify how to handle DSA) ... */ -- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa); -+ /* -+ * use 'dsaEncryption' OID for compatibility with other software -+ * (PKCS #7 v1.5 does specify how to handle DSA) ... -+ */ -+ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsa); - #else -- /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS) -- * would make more sense. */ -- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1); -+ /* -+ * ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for -+ * CMS) would make more sense. -+ */ -+ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsaWithSHA1); - #endif -- p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ -- } -- else if (nid == EVP_PKEY_EC) -- { -- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); -- if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) -- goto err; -- p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; -- } -- else -- return(0); -- -- return(1); --err: -- return(0); -- } -+ p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit -+ * 'parameter'! */ -+ } else if (nid == EVP_PKEY_EC) { -+ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA1); -+ if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new())) -+ goto err; -+ p7i->digest_enc_alg->parameter->type = V_ASN1_NULL; -+ } else -+ return (0); -+ -+ return (1); -+ err: -+ return (0); -+} - - PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, -- const EVP_MD *dgst) -- { -- PKCS7_SIGNER_INFO *si; -- -- if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; -- if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; -- if (!PKCS7_add_signer(p7,si)) goto err; -- return(si); --err: -- PKCS7_SIGNER_INFO_free(si); -- return(NULL); -- } -+ const EVP_MD *dgst) -+{ -+ PKCS7_SIGNER_INFO *si; -+ -+ if ((si = PKCS7_SIGNER_INFO_new()) == NULL) -+ goto err; -+ if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) -+ goto err; -+ if (!PKCS7_add_signer(p7, si)) -+ goto err; -+ return (si); -+ err: -+ PKCS7_SIGNER_INFO_free(si); -+ return (NULL); -+} - - int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) -- { -- if (PKCS7_type_is_digest(p7)) -- { -- if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) -- { -- PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- p7->d.digest->md->parameter->type = V_ASN1_NULL; -- p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); -- return 1; -- } -- -- PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); -- return 1; -- } -+{ -+ if (PKCS7_type_is_digest(p7)) { -+ if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { -+ PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ p7->d.digest->md->parameter->type = V_ASN1_NULL; -+ p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); -+ return 1; -+ } -+ -+ PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE); -+ return 1; -+} - - STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) -- { -- if (PKCS7_type_is_signed(p7)) -- { -- return(p7->d.sign->signer_info); -- } -- else if (PKCS7_type_is_signedAndEnveloped(p7)) -- { -- return(p7->d.signed_and_enveloped->signer_info); -- } -- else -- return(NULL); -- } -+{ -+ if (p7 == NULL || p7->d.ptr == NULL) -+ return NULL; -+ if (PKCS7_type_is_signed(p7)) { -+ return (p7->d.sign->signer_info); -+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) { -+ return (p7->d.signed_and_enveloped->signer_info); -+ } else -+ return (NULL); -+} - - PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) -- { -- PKCS7_RECIP_INFO *ri; -- -- if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; -- if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; -- if (!PKCS7_add_recipient_info(p7,ri)) goto err; -- return(ri); --err: -- PKCS7_RECIP_INFO_free(ri); -- return(NULL); -- } -+{ -+ PKCS7_RECIP_INFO *ri; -+ -+ if ((ri = PKCS7_RECIP_INFO_new()) == NULL) -+ goto err; -+ if (!PKCS7_RECIP_INFO_set(ri, x509)) -+ goto err; -+ if (!PKCS7_add_recipient_info(p7, ri)) -+ goto err; -+ return (ri); -+ err: -+ PKCS7_RECIP_INFO_free(ri); -+ return (NULL); -+} - - int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) -- { -- int i; -- STACK_OF(PKCS7_RECIP_INFO) *sk; -- -- i=OBJ_obj2nid(p7->type); -- switch (i) -- { -- case NID_pkcs7_signedAndEnveloped: -- sk= p7->d.signed_and_enveloped->recipientinfo; -- break; -- case NID_pkcs7_enveloped: -- sk= p7->d.enveloped->recipientinfo; -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); -- return(0); -- } -- -- if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) -- return 0; -- return(1); -- } -+{ -+ int i; -+ STACK_OF(PKCS7_RECIP_INFO) *sk; -+ -+ i = OBJ_obj2nid(p7->type); -+ switch (i) { -+ case NID_pkcs7_signedAndEnveloped: -+ sk = p7->d.signed_and_enveloped->recipientinfo; -+ break; -+ case NID_pkcs7_enveloped: -+ sk = p7->d.enveloped->recipientinfo; -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, -+ PKCS7_R_WRONG_CONTENT_TYPE); -+ return (0); -+ } -+ -+ if (!sk_PKCS7_RECIP_INFO_push(sk, ri)) -+ return 0; -+ return (1); -+} - - int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) -- { -- if (!ASN1_INTEGER_set(p7i->version,0)) -- return 0; -- if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, -- X509_get_issuer_name(x509))) -- return 0; -+{ -+ if (!ASN1_INTEGER_set(p7i->version, 0)) -+ return 0; -+ if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, -+ X509_get_issuer_name(x509))) -+ return 0; - -- M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); -- if (!(p7i->issuer_and_serial->serial= -- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) -- return 0; -+ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); -+ if (!(p7i->issuer_and_serial->serial = -+ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) -+ return 0; - -- X509_ALGOR_free(p7i->key_enc_algor); -- if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor))) -- return 0; -+ X509_ALGOR_free(p7i->key_enc_algor); -+ if (!(p7i->key_enc_algor = X509_ALGOR_dup(x509->cert_info->key->algor))) -+ return 0; - -- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); -- p7i->cert=x509; -+ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); -+ p7i->cert = x509; - -- return(1); -- } -+ return (1); -+} - - X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) -- { -- if (PKCS7_type_is_signed(p7)) -- return(X509_find_by_issuer_and_serial(p7->d.sign->cert, -- si->issuer_and_serial->issuer, -- si->issuer_and_serial->serial)); -- else -- return(NULL); -- } -+{ -+ if (PKCS7_type_is_signed(p7)) -+ return (X509_find_by_issuer_and_serial(p7->d.sign->cert, -+ si->issuer_and_serial->issuer, -+ si-> -+ issuer_and_serial->serial)); -+ else -+ return (NULL); -+} - - int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) -- { -- int i; -- PKCS7_ENC_CONTENT *ec; -- -- i=OBJ_obj2nid(p7->type); -- switch (i) -- { -- case NID_pkcs7_signedAndEnveloped: -- ec=p7->d.signed_and_enveloped->enc_data; -- break; -- case NID_pkcs7_enveloped: -- ec=p7->d.enveloped->enc_data; -- break; -- default: -- PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); -- return(0); -- } -- -- /* Check cipher OID exists and has data in it*/ -- i = EVP_CIPHER_type(cipher); -- if(i == NID_undef) { -- PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); -- return(0); -- } -- -- ec->cipher = cipher; -- return 1; -- } -- -+{ -+ int i; -+ PKCS7_ENC_CONTENT *ec; -+ -+ i = OBJ_obj2nid(p7->type); -+ switch (i) { -+ case NID_pkcs7_signedAndEnveloped: -+ ec = p7->d.signed_and_enveloped->enc_data; -+ break; -+ case NID_pkcs7_enveloped: -+ ec = p7->d.enveloped->enc_data; -+ break; -+ default: -+ PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE); -+ return (0); -+ } -+ -+ /* Check cipher OID exists and has data in it */ -+ i = EVP_CIPHER_type(cipher); -+ if (i == NID_undef) { -+ PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, -+ PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); -+ return (0); -+ } -+ -+ ec->cipher = cipher; -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c -index 831b47d..2eca5ea 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c -@@ -1,5 +1,6 @@ - /* pk7_mime.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,64 +63,61 @@ - /* PKCS#7 wrappers round generalised MIME routines */ - - PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) -- { -- return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); -- } -+{ -+ return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); -+} - - /* Callback for int_smime_write_ASN1 */ - - static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, -- const ASN1_ITEM *it) -- { -- PKCS7 *p7 = (PKCS7 *)val; -- BIO *tmpbio, *p7bio; -+ const ASN1_ITEM *it) -+{ -+ PKCS7 *p7 = (PKCS7 *)val; -+ BIO *tmpbio, *p7bio; - -- if (!(flags & SMIME_DETACHED)) -- { -- SMIME_crlf_copy(data, out, flags); -- return 1; -- } -+ if (!(flags & SMIME_DETACHED)) { -+ SMIME_crlf_copy(data, out, flags); -+ return 1; -+ } - -- /* Let PKCS7 code prepend any needed BIOs */ -+ /* Let PKCS7 code prepend any needed BIOs */ - -- p7bio = PKCS7_dataInit(p7, out); -+ p7bio = PKCS7_dataInit(p7, out); - -- if (!p7bio) -- return 0; -+ if (!p7bio) -+ return 0; - -- /* Copy data across, passing through filter BIOs for processing */ -- SMIME_crlf_copy(data, p7bio, flags); -+ /* Copy data across, passing through filter BIOs for processing */ -+ SMIME_crlf_copy(data, p7bio, flags); - -- /* Finalize structure */ -- if (PKCS7_dataFinal(p7, p7bio) <= 0) -- goto err; -+ /* Finalize structure */ -+ if (PKCS7_dataFinal(p7, p7bio) <= 0) -+ goto err; - -- err: -+ err: - -- /* Now remove any digests prepended to the BIO */ -+ /* Now remove any digests prepended to the BIO */ - -- while (p7bio != out) -- { -- tmpbio = BIO_pop(p7bio); -- BIO_free(p7bio); -- p7bio = tmpbio; -- } -+ while (p7bio != out) { -+ tmpbio = BIO_pop(p7bio); -+ BIO_free(p7bio); -+ p7bio = tmpbio; -+ } - -- return 1; -+ return 1; - -- } -+} - - int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) -- { -- STACK_OF(X509_ALGOR) *mdalgs; -- int ctype_nid = OBJ_obj2nid(p7->type); -- if (ctype_nid == NID_pkcs7_signed) -- mdalgs = p7->d.sign->md_algs; -- else -- mdalgs = NULL; -- -- return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, -- ctype_nid, NID_undef, mdalgs, -- pk7_output_data, -- ASN1_ITEM_rptr(PKCS7)); -- } -+{ -+ STACK_OF(X509_ALGOR) *mdalgs; -+ int ctype_nid = OBJ_obj2nid(p7->type); -+ if (ctype_nid == NID_pkcs7_signed) -+ mdalgs = p7->d.sign->md_algs; -+ else -+ mdalgs = NULL; -+ -+ return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, -+ ctype_nid, NID_undef, mdalgs, -+ pk7_output_data, ASN1_ITEM_rptr(PKCS7)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -index 49b450d..cd22c85 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -@@ -1,5 +1,6 @@ - /* pk7_smime.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,470 +65,472 @@ - #include - - PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, -- BIO *data, int flags) -+ BIO *data, int flags) - { -- PKCS7 *p7 = NULL; -- PKCS7_SIGNER_INFO *si; -- BIO *p7bio = NULL; -- STACK_OF(X509_ALGOR) *smcap = NULL; -- int i; -- -- if(!X509_check_private_key(signcert, pkey)) { -- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); -- return NULL; -- } -- -- if(!(p7 = PKCS7_new())) { -- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- if (!PKCS7_set_type(p7, NID_pkcs7_signed)) -- goto err; -- -- if (!PKCS7_content_new(p7, NID_pkcs7_data)) -- goto err; -- -- /* -- NOTE: Update to SHA-256 digest algorithm for UEFI version. -- */ -- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) { -- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); -- goto err; -- } -- -- if(!(flags & PKCS7_NOCERTS)) { -- if (!PKCS7_add_certificate(p7, signcert)) -- goto err; -- if(certs) for(i = 0; i < sk_X509_num(certs); i++) -- if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) -- goto err; -- } -- -- if(!(flags & PKCS7_NOATTR)) { -- if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, -- V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data))) -- goto err; -- /* Add SMIMECapabilities */ -- if(!(flags & PKCS7_NOSMIMECAP)) -- { -- if(!(smcap = sk_X509_ALGOR_new_null())) { -- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ PKCS7 *p7 = NULL; -+ PKCS7_SIGNER_INFO *si; -+ BIO *p7bio = NULL; -+ STACK_OF(X509_ALGOR) *smcap = NULL; -+ int i; -+ -+ if (!X509_check_private_key(signcert, pkey)) { -+ PKCS7err(PKCS7_F_PKCS7_SIGN, -+ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); -+ return NULL; -+ } -+ -+ if (!(p7 = PKCS7_new())) { -+ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ if (!PKCS7_set_type(p7, NID_pkcs7_signed)) -+ goto err; -+ -+ if (!PKCS7_content_new(p7, NID_pkcs7_data)) -+ goto err; -+ -+#if defined(OPENSSL_SYS_UEFI) -+ /* -+ * NOTE: Update to SHA-256 digest algorithm for UEFI version. -+ */ -+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) { -+#else -+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) { -+#endif -+ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); -+ goto err; -+ } -+ -+ if (!(flags & PKCS7_NOCERTS)) { -+ if (!PKCS7_add_certificate(p7, signcert)) -+ goto err; -+ if (certs) -+ for (i = 0; i < sk_X509_num(certs); i++) -+ if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) -+ goto err; -+ } -+ -+ if (!(flags & PKCS7_NOATTR)) { -+ if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, -+ V_ASN1_OBJECT, -+ OBJ_nid2obj(NID_pkcs7_data))) -+ goto err; -+ /* Add SMIMECapabilities */ -+ if (!(flags & PKCS7_NOSMIMECAP)) { -+ if (!(smcap = sk_X509_ALGOR_new_null())) { -+ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - #ifndef OPENSSL_NO_DES -- if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1)) -- goto err; -+ if (!PKCS7_simple_smimecap(smcap, NID_des_ede3_cbc, -1)) -+ goto err; - #endif - #ifndef OPENSSL_NO_RC2 -- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128)) -- goto err; -- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64)) -- goto err; -+ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 128)) -+ goto err; -+ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 64)) -+ goto err; - #endif - #ifndef OPENSSL_NO_DES -- if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1)) -- goto err; -+ if (!PKCS7_simple_smimecap(smcap, NID_des_cbc, -1)) -+ goto err; - #endif - #ifndef OPENSSL_NO_RC2 -- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40)) -- goto err; -+ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 40)) -+ goto err; - #endif -- if (!PKCS7_add_attrib_smimecap (si, smcap)) -- goto err; -- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); -- smcap = NULL; -- } -- } -- -- if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); -- -- if (flags & PKCS7_STREAM) -- return p7; -- -- -- if (!(p7bio = PKCS7_dataInit(p7, NULL))) { -- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- SMIME_crlf_copy(data, p7bio, flags); -- -- -- if (!PKCS7_dataFinal(p7,p7bio)) { -- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); -- goto err; -- } -- -- BIO_free_all(p7bio); -- return p7; --err: -- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); -- BIO_free_all(p7bio); -- PKCS7_free(p7); -- return NULL; -+ if (!PKCS7_add_attrib_smimecap(si, smcap)) -+ goto err; -+ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); -+ smcap = NULL; -+ } -+ } -+ -+ if (flags & PKCS7_DETACHED) -+ PKCS7_set_detached(p7, 1); -+ -+ if (flags & PKCS7_STREAM) -+ return p7; -+ -+ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { -+ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ SMIME_crlf_copy(data, p7bio, flags); -+ -+ if (!PKCS7_dataFinal(p7, p7bio)) { -+ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_DATASIGN); -+ goto err; -+ } -+ -+ BIO_free_all(p7bio); -+ return p7; -+ err: -+ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); -+ BIO_free_all(p7bio); -+ PKCS7_free(p7); -+ return NULL; - } - - int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, -- BIO *indata, BIO *out, int flags) -+ BIO *indata, BIO *out, int flags) - { -- STACK_OF(X509) *signers; -- X509 *signer; -- STACK_OF(PKCS7_SIGNER_INFO) *sinfos; -- PKCS7_SIGNER_INFO *si; -- X509_STORE_CTX cert_ctx; -- char *buf = NULL; -- int bufsiz; -- int i, j=0, k, ret = 0; -- BIO *p7bio; -- BIO *tmpin, *tmpout; -- -- if(!p7) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); -- return 0; -- } -- -- if(!PKCS7_type_is_signed(p7)) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); -- return 0; -- } -- -- /* Check for no data and no content: no data to verify signature */ -- if(PKCS7_get_detached(p7) && !indata) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); -- return 0; -- } -+ STACK_OF(X509) *signers; -+ X509 *signer; -+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos; -+ PKCS7_SIGNER_INFO *si; -+ X509_STORE_CTX cert_ctx; -+ char *buf = NULL; -+ int bufsiz; -+ int i, j = 0, k, ret = 0; -+ BIO *p7bio; -+ BIO *tmpin, *tmpout; -+ -+ if (!p7) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (!PKCS7_type_is_signed(p7)) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE); -+ return 0; -+ } -+ -+ /* Check for no data and no content: no data to verify signature */ -+ if (PKCS7_get_detached(p7) && !indata) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); -+ return 0; -+ } - #if 0 -- /* NB: this test commented out because some versions of Netscape -- * illegally include zero length content when signing data. -- */ -- -- /* Check for data and content: two sets of data */ -- if(!PKCS7_get_detached(p7) && indata) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); -- return 0; -- } -+ /* -+ * NB: this test commented out because some versions of Netscape -+ * illegally include zero length content when signing data. -+ */ -+ -+ /* Check for data and content: two sets of data */ -+ if (!PKCS7_get_detached(p7) && indata) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); -+ return 0; -+ } - #endif - -- sinfos = PKCS7_get_signer_info(p7); -- -- if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); -- return 0; -- } -- -- -- signers = PKCS7_get0_signers(p7, certs, flags); -- -- if(!signers) return 0; -- -- /* Now verify the certificates */ -- -- if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { -- signer = sk_X509_value (signers, k); -- if (!(flags & PKCS7_NOCHAIN)) { -- if(!X509_STORE_CTX_init(&cert_ctx, store, signer, -- p7->d.sign->cert)) -- { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); -- sk_X509_free(signers); -- return 0; -- } -- X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); -- } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); -- sk_X509_free(signers); -- return 0; -- } -- if (!(flags & PKCS7_NOCRL)) -- X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); -- i = X509_verify_cert(&cert_ctx); -- if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); -- X509_STORE_CTX_cleanup(&cert_ctx); -- if (i <= 0) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); -- ERR_add_error_data(2, "Verify error:", -- X509_verify_cert_error_string(j)); -- sk_X509_free(signers); -- return 0; -- } -- /* Check for revocation status here */ -- } -- -- /* Performance optimization: if the content is a memory BIO then -- * store its contents in a temporary read only memory BIO. This -- * avoids potentially large numbers of slow copies of data which will -- * occur when reading from a read write memory BIO when signatures -- * are calculated. -- */ -- -- if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) -- { -- char *ptr; -- long len; -- len = BIO_get_mem_data(indata, &ptr); -- tmpin = BIO_new_mem_buf(ptr, len); -- if (tmpin == NULL) -- { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- else -- tmpin = indata; -- -- -- if (!(p7bio=PKCS7_dataInit(p7,tmpin))) -- goto err; -- -- if(flags & PKCS7_TEXT) { -- if(!(tmpout = BIO_new(BIO_s_mem()))) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- BIO_set_mem_eof_return(tmpout, 0); -- } else tmpout = out; -- -- bufsiz = 4096; -- buf = OPENSSL_malloc (bufsiz); -- if (buf == NULL) { -- goto err; -- } -- -- /* We now have to 'read' from p7bio to calculate digests etc. */ -- for (;;) -- { -- i=BIO_read(p7bio,buf,bufsiz); -- if (i <= 0) break; -- if (tmpout) BIO_write(tmpout, buf, i); -- } -- -- if(flags & PKCS7_TEXT) { -- if(!SMIME_text(tmpout, out)) { -- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); -- BIO_free(tmpout); -- goto err; -- } -- BIO_free(tmpout); -- } -- -- /* Now Verify All Signatures */ -- if (!(flags & PKCS7_NOSIGS)) -- for (i=0; id.sign->cert)) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); -+ sk_X509_free(signers); -+ return 0; -+ } -+ X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); -+ } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); -+ sk_X509_free(signers); -+ return 0; -+ } -+ if (!(flags & PKCS7_NOCRL)) -+ X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); -+ i = X509_verify_cert(&cert_ctx); -+ if (i <= 0) -+ j = X509_STORE_CTX_get_error(&cert_ctx); -+ X509_STORE_CTX_cleanup(&cert_ctx); -+ if (i <= 0) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, -+ PKCS7_R_CERTIFICATE_VERIFY_ERROR); -+ ERR_add_error_data(2, "Verify error:", -+ X509_verify_cert_error_string(j)); -+ sk_X509_free(signers); -+ return 0; -+ } -+ /* Check for revocation status here */ -+ } -+ -+ /* -+ * Performance optimization: if the content is a memory BIO then store -+ * its contents in a temporary read only memory BIO. This avoids -+ * potentially large numbers of slow copies of data which will occur when -+ * reading from a read write memory BIO when signatures are calculated. -+ */ -+ -+ if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) { -+ char *ptr; -+ long len; -+ len = BIO_get_mem_data(indata, &ptr); -+ tmpin = BIO_new_mem_buf(ptr, len); -+ if (tmpin == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } else -+ tmpin = indata; -+ -+ if (!(p7bio = PKCS7_dataInit(p7, tmpin))) -+ goto err; -+ -+ if (flags & PKCS7_TEXT) { -+ if (!(tmpout = BIO_new(BIO_s_mem()))) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ BIO_set_mem_eof_return(tmpout, 0); -+ } else -+ tmpout = out; -+ -+ bufsiz = 4096; -+ buf = OPENSSL_malloc (bufsiz); -+ if (buf == NULL) { -+ goto err; -+ } -+ -+ /* We now have to 'read' from p7bio to calculate digests etc. */ -+ for (;;) { -+ i = BIO_read(p7bio, buf, sizeof(buf)); -+ if (i <= 0) -+ break; -+ if (tmpout) -+ BIO_write(tmpout, buf, i); -+ } -+ -+ if (flags & PKCS7_TEXT) { -+ if (!SMIME_text(tmpout, out)) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR); -+ BIO_free(tmpout); -+ goto err; -+ } -+ BIO_free(tmpout); -+ } -+ -+ /* Now Verify All Signatures */ -+ if (!(flags & PKCS7_NOSIGS)) -+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { -+ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); -+ signer = sk_X509_value(signers, i); -+ j = PKCS7_signatureVerify(p7bio, p7, si, signer); -+ if (j <= 0) { -+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE); -+ goto err; -+ } -+ } -+ -+ ret = 1; -+ -+ err: -+ -+ if (tmpin == indata) { -+ if (indata) -+ BIO_pop(p7bio); -+ } -+ BIO_free_all(p7bio); -+ -+ sk_X509_free(signers); -+ -+ if (buf != NULL) { -+ OPENSSL_free (buf); -+ } -+ -+ return ret; - } - --STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) -+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, -+ int flags) - { -- STACK_OF(X509) *signers; -- STACK_OF(PKCS7_SIGNER_INFO) *sinfos; -- PKCS7_SIGNER_INFO *si; -- PKCS7_ISSUER_AND_SERIAL *ias; -- X509 *signer; -- int i; -- -- if(!p7) { -- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); -- return NULL; -- } -- -- if(!PKCS7_type_is_signed(p7)) { -- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); -- return NULL; -- } -- -- /* Collect all the signers together */ -- -- sinfos = PKCS7_get_signer_info(p7); -- -- if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { -- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); -- return NULL; -- } -- -- if(!(signers = sk_X509_new_null())) { -- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) -- { -- si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); -- ias = si->issuer_and_serial; -- signer = NULL; -- /* If any certificates passed they take priority */ -- if (certs) signer = X509_find_by_issuer_and_serial (certs, -- ias->issuer, ias->serial); -- if (!signer && !(flags & PKCS7_NOINTERN) -- && p7->d.sign->cert) signer = -- X509_find_by_issuer_and_serial (p7->d.sign->cert, -- ias->issuer, ias->serial); -- if (!signer) { -- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); -- sk_X509_free(signers); -- return NULL; -- } -- -- if (!sk_X509_push(signers, signer)) { -- sk_X509_free(signers); -- return NULL; -- } -- } -- return signers; -+ STACK_OF(X509) *signers; -+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos; -+ PKCS7_SIGNER_INFO *si; -+ PKCS7_ISSUER_AND_SERIAL *ias; -+ X509 *signer; -+ int i; -+ -+ if (!p7) { -+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ -+ if (!PKCS7_type_is_signed(p7)) { -+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE); -+ return NULL; -+ } -+ -+ /* Collect all the signers together */ -+ -+ sinfos = PKCS7_get_signer_info(p7); -+ -+ if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { -+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS); -+ return NULL; -+ } -+ -+ if (!(signers = sk_X509_new_null())) { -+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { -+ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); -+ ias = si->issuer_and_serial; -+ signer = NULL; -+ /* If any certificates passed they take priority */ -+ if (certs) -+ signer = X509_find_by_issuer_and_serial(certs, -+ ias->issuer, ias->serial); -+ if (!signer && !(flags & PKCS7_NOINTERN) -+ && p7->d.sign->cert) -+ signer = -+ X509_find_by_issuer_and_serial(p7->d.sign->cert, -+ ias->issuer, ias->serial); -+ if (!signer) { -+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, -+ PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); -+ sk_X509_free(signers); -+ return NULL; -+ } -+ -+ if (!sk_X509_push(signers, signer)) { -+ sk_X509_free(signers); -+ return NULL; -+ } -+ } -+ return signers; - } - -- - /* Build a complete PKCS#7 enveloped data */ - - PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, -- int flags) -+ int flags) - { -- PKCS7 *p7; -- BIO *p7bio = NULL; -- int i; -- X509 *x509; -- if(!(p7 = PKCS7_new())) { -- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) -- goto err; -- if(!PKCS7_set_cipher(p7, cipher)) { -- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); -- goto err; -- } -- -- for(i = 0; i < sk_X509_num(certs); i++) { -- x509 = sk_X509_value(certs, i); -- if(!PKCS7_add_recipient(p7, x509)) { -- PKCS7err(PKCS7_F_PKCS7_ENCRYPT, -- PKCS7_R_ERROR_ADDING_RECIPIENT); -- goto err; -- } -- } -- -- if(!(p7bio = PKCS7_dataInit(p7, NULL))) { -- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- SMIME_crlf_copy(in, p7bio, flags); -- -- (void)BIO_flush(p7bio); -- -- if (!PKCS7_dataFinal(p7,p7bio)) { -- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); -- goto err; -- } -- BIO_free_all(p7bio); -- -- return p7; -- -- err: -- -- BIO_free_all(p7bio); -- PKCS7_free(p7); -- return NULL; -+ PKCS7 *p7; -+ BIO *p7bio = NULL; -+ int i; -+ X509 *x509; -+ if (!(p7 = PKCS7_new())) { -+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) -+ goto err; -+ if (!PKCS7_set_cipher(p7, cipher)) { -+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER); -+ goto err; -+ } -+ -+ for (i = 0; i < sk_X509_num(certs); i++) { -+ x509 = sk_X509_value(certs, i); -+ if (!PKCS7_add_recipient(p7, x509)) { -+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT); -+ goto err; -+ } -+ } -+ -+ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { -+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ SMIME_crlf_copy(in, p7bio, flags); -+ -+ (void)BIO_flush(p7bio); -+ -+ if (!PKCS7_dataFinal(p7, p7bio)) { -+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_PKCS7_DATAFINAL_ERROR); -+ goto err; -+ } -+ BIO_free_all(p7bio); -+ -+ return p7; -+ -+ err: -+ -+ BIO_free_all(p7bio); -+ PKCS7_free(p7); -+ return NULL; - - } - - int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) - { -- BIO *tmpmem; -- int ret, i; -- char buf[4096]; -- -- if(!p7) { -- PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); -- return 0; -- } -- -- if(!PKCS7_type_is_enveloped(p7)) { -- PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); -- return 0; -- } -- -- if(cert && !X509_check_private_key(cert, pkey)) { -- PKCS7err(PKCS7_F_PKCS7_DECRYPT, -- PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); -- return 0; -- } -- -- if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { -- PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); -- return 0; -- } -- -- if (flags & PKCS7_TEXT) { -- BIO *tmpbuf, *bread; -- /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ -- if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { -- PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); -- BIO_free_all(tmpmem); -- return 0; -- } -- if(!(bread = BIO_push(tmpbuf, tmpmem))) { -- PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); -- BIO_free_all(tmpbuf); -- BIO_free_all(tmpmem); -- return 0; -- } -- ret = SMIME_text(bread, data); -- if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) -- { -- if (!BIO_get_cipher_status(tmpmem)) -- ret = 0; -- } -- BIO_free_all(bread); -- return ret; -- } else { -- for(;;) { -- i = BIO_read(tmpmem, buf, sizeof(buf)); -- if(i <= 0) -- { -- ret = 1; -- if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) -- { -- if (!BIO_get_cipher_status(tmpmem)) -- ret = 0; -- } -- -- break; -- } -- if (BIO_write(data, buf, i) != i) -- { -- ret = 0; -- break; -- } -- } -- BIO_free_all(tmpmem); -- return ret; -- } -+ BIO *tmpmem; -+ int ret, i; -+ char buf[4096]; -+ -+ if (!p7) { -+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (!PKCS7_type_is_enveloped(p7)) { -+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE); -+ return 0; -+ } -+ -+ if (cert && !X509_check_private_key(cert, pkey)) { -+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, -+ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); -+ return 0; -+ } -+ -+ if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { -+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); -+ return 0; -+ } -+ -+ if (flags & PKCS7_TEXT) { -+ BIO *tmpbuf, *bread; -+ /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ -+ if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { -+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); -+ BIO_free_all(tmpmem); -+ return 0; -+ } -+ if (!(bread = BIO_push(tmpbuf, tmpmem))) { -+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); -+ BIO_free_all(tmpbuf); -+ BIO_free_all(tmpmem); -+ return 0; -+ } -+ ret = SMIME_text(bread, data); -+ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { -+ if (!BIO_get_cipher_status(tmpmem)) -+ ret = 0; -+ } -+ BIO_free_all(bread); -+ return ret; -+ } else { -+ for (;;) { -+ i = BIO_read(tmpmem, buf, sizeof(buf)); -+ if (i <= 0) { -+ ret = 1; -+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { -+ if (!BIO_get_cipher_status(tmpmem)) -+ ret = 0; -+ } -+ -+ break; -+ } -+ if (BIO_write(data, buf, i) != i) { -+ ret = 0; -+ break; -+ } -+ } -+ BIO_free_all(tmpmem); -+ return ret; -+ } - } -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c -index c0e3d4c..7dc5e29 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,103 +66,115 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) - --static ERR_STRING_DATA PKCS7_str_functs[]= -- { --{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, --{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, --{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, --{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, --{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, --{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, --{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, --{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, --{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, --{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, --{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, --{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, --{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, --{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, --{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, --{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, --{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, --{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, --{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, --{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, --{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, --{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, --{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, --{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, --{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, --{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, --{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, --{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, --{0,NULL} -- }; -+static ERR_STRING_DATA PKCS7_str_functs[] = { -+ {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, -+ {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), -+ "PKCS7_add_attrib_smimecap"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, -+ {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, -+ {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, -+ {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA PKCS7_str_reasons[]= -- { --{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, --{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, --{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, --{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, --{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, --{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, --{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, --{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, --{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, --{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, --{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, --{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"}, --{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"}, --{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"}, --{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"}, --{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, --{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, --{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, --{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, --{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, --{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, --{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, --{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, --{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, --{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, --{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, --{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, --{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, --{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, --{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, --{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, --{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"}, --{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, --{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, --{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, --{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, --{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, --{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, --{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"}, --{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"}, --{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"}, --{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"}, --{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"}, --{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, --{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, --{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"}, --{0,NULL} -- }; -+static ERR_STRING_DATA PKCS7_str_reasons[] = { -+ {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), -+ "certificate verify error"}, -+ {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), -+ "cipher has no object identifier"}, -+ {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"}, -+ {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), -+ "content and data present"}, -+ {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"}, -+ {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), -+ "decrypted key is wrong length"}, -+ {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"}, -+ {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"}, -+ {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, -+ {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, -+ {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"}, -+ {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, -+ {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, -+ {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"}, -+ {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, -+ {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"}, -+ {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"}, -+ {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"}, -+ {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), -+ "no multipart body failure"}, -+ {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, -+ {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), -+ "no recipient matches certificate"}, -+ {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), -+ "no recipient matches key"}, -+ {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, -+ {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"}, -+ {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, -+ {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), -+ "operation not supported on this type"}, -+ {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), -+ "pkcs7 add signature error"}, -+ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"}, -+ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"}, -+ {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, -+ {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"}, -+ {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"}, -+ {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), -+ "private key does not match certificate"}, -+ {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"}, -+ {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), -+ "signer certificate not found"}, -+ {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, -+ {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, -+ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), -+ "unable to find certificate"}, -+ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"}, -+ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), -+ "unable to find message digest"}, -+ {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"}, -+ {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"}, -+ {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"}, -+ {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), -+ "unsupported content type"}, -+ {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"}, -+ {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_PKCS7_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,PKCS7_str_functs); -- ERR_load_strings(0,PKCS7_str_reasons); -- } -+ if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, PKCS7_str_functs); -+ ERR_load_strings(0, PKCS7_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c -index 8ebba8a..69cfefd 100644 ---- a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c -+++ b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c -@@ -1,7 +1,7 @@ - /* crypto/pqueue/pqueue.c */ --/* -+/* - * DTLS implementation written by Nagendra Modadugu -- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ - /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. -@@ -11,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,182 +61,164 @@ - #include - #include "pqueue.h" - --typedef struct _pqueue -- { -- pitem *items; -- int count; -- } pqueue_s; -- --pitem * --pitem_new(PQ_64BIT priority, void *data) -- { -- pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem)); -- if (item == NULL) return NULL; -- -- pq_64bit_init(&(item->priority)); -- pq_64bit_assign(&item->priority, &priority); -- -- item->data = data; -- item->next = NULL; -- -- return item; -- } -- --void --pitem_free(pitem *item) -- { -- if (item == NULL) return; -- -- pq_64bit_free(&(item->priority)); -- OPENSSL_free(item); -- } -- --pqueue_s * --pqueue_new() -- { -- pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s)); -- if (pq == NULL) return NULL; -- -- memset(pq, 0x00, sizeof(pqueue_s)); -- return pq; -- } -- --void --pqueue_free(pqueue_s *pq) -- { -- if (pq == NULL) return; -- -- OPENSSL_free(pq); -- } -- --pitem * --pqueue_insert(pqueue_s *pq, pitem *item) -- { -- pitem *curr, *next; -- -- if (pq->items == NULL) -- { -- pq->items = item; -- return item; -- } -- -- for(curr = NULL, next = pq->items; -- next != NULL; -- curr = next, next = next->next) -- { -- if (pq_64bit_gt(&(next->priority), &(item->priority))) -- { -- item->next = next; -- -- if (curr == NULL) -- pq->items = item; -- else -- curr->next = item; -- -- return item; -- } -- /* duplicates not allowed */ -- if (pq_64bit_eq(&(item->priority), &(next->priority))) -- return NULL; -- } -- -- item->next = NULL; -- curr->next = item; -- -- return item; -- } -- --pitem * --pqueue_peek(pqueue_s *pq) -- { -- return pq->items; -- } -- --pitem * --pqueue_pop(pqueue_s *pq) -- { -- pitem *item = pq->items; -- -- if (pq->items != NULL) -- pq->items = pq->items->next; -- -- return item; -- } -- --pitem * --pqueue_find(pqueue_s *pq, PQ_64BIT priority) -- { -- pitem *next; -- pitem *found = NULL; -- -- if ( pq->items == NULL) -- return NULL; -- -- for ( next = pq->items; next->next != NULL; next = next->next) -- { -- if ( pq_64bit_eq(&(next->priority), &priority)) -- { -- found = next; -- break; -- } -- } -- -- /* check the one last node */ -- if ( pq_64bit_eq(&(next->priority), &priority)) -- found = next; -- -- if ( ! found) -- return NULL; -- -- return found; -- } -+typedef struct _pqueue { -+ pitem *items; -+ int count; -+} pqueue_s; -+ -+pitem *pitem_new(PQ_64BIT priority, void *data) -+{ -+ pitem *item = (pitem *)OPENSSL_malloc(sizeof(pitem)); -+ if (item == NULL) -+ return NULL; -+ -+ pq_64bit_init(&(item->priority)); -+ pq_64bit_assign(&item->priority, &priority); -+ -+ item->data = data; -+ item->next = NULL; -+ -+ return item; -+} -+ -+void pitem_free(pitem *item) -+{ -+ if (item == NULL) -+ return; -+ -+ pq_64bit_free(&(item->priority)); -+ OPENSSL_free(item); -+} -+ -+pqueue_s *pqueue_new() -+{ -+ pqueue_s *pq = (pqueue_s *)OPENSSL_malloc(sizeof(pqueue_s)); -+ if (pq == NULL) -+ return NULL; -+ -+ memset(pq, 0x00, sizeof(pqueue_s)); -+ return pq; -+} -+ -+void pqueue_free(pqueue_s *pq) -+{ -+ if (pq == NULL) -+ return; -+ -+ OPENSSL_free(pq); -+} -+ -+pitem *pqueue_insert(pqueue_s *pq, pitem *item) -+{ -+ pitem *curr, *next; -+ -+ if (pq->items == NULL) { -+ pq->items = item; -+ return item; -+ } -+ -+ for (curr = NULL, next = pq->items; -+ next != NULL; curr = next, next = next->next) { -+ if (pq_64bit_gt(&(next->priority), &(item->priority))) { -+ item->next = next; -+ -+ if (curr == NULL) -+ pq->items = item; -+ else -+ curr->next = item; -+ -+ return item; -+ } -+ /* duplicates not allowed */ -+ if (pq_64bit_eq(&(item->priority), &(next->priority))) -+ return NULL; -+ } -+ -+ item->next = NULL; -+ curr->next = item; -+ -+ return item; -+} -+ -+pitem *pqueue_peek(pqueue_s *pq) -+{ -+ return pq->items; -+} -+ -+pitem *pqueue_pop(pqueue_s *pq) -+{ -+ pitem *item = pq->items; -+ -+ if (pq->items != NULL) -+ pq->items = pq->items->next; -+ -+ return item; -+} -+ -+pitem *pqueue_find(pqueue_s *pq, PQ_64BIT priority) -+{ -+ pitem *next; -+ pitem *found = NULL; -+ -+ if (pq->items == NULL) -+ return NULL; -+ -+ for (next = pq->items; next->next != NULL; next = next->next) { -+ if (pq_64bit_eq(&(next->priority), &priority)) { -+ found = next; -+ break; -+ } -+ } -+ -+ /* check the one last node */ -+ if (pq_64bit_eq(&(next->priority), &priority)) -+ found = next; -+ -+ if (!found) -+ return NULL; -+ -+ return found; -+} - - #if PQ_64BIT_IS_INTEGER --void --pqueue_print(pqueue_s *pq) -- { -- pitem *item = pq->items; -- -- while(item != NULL) -- { -- printf("item\t" PQ_64BIT_PRINT "\n", item->priority); -- item = item->next; -- } -- } --#endif -+void pqueue_print(pqueue_s *pq) -+{ -+ pitem *item = pq->items; - --pitem * --pqueue_iterator(pqueue_s *pq) -- { -- return pqueue_peek(pq); -- } -+ while (item != NULL) { -+ printf("item\t" PQ_64BIT_PRINT "\n", item->priority); -+ item = item->next; -+ } -+} -+#endif - --pitem * --pqueue_next(pitem **item) -- { -- pitem *ret; -+pitem *pqueue_iterator(pqueue_s *pq) -+{ -+ return pqueue_peek(pq); -+} - -- if ( item == NULL || *item == NULL) -- return NULL; -+pitem *pqueue_next(pitem **item) -+{ -+ pitem *ret; - -+ if (item == NULL || *item == NULL) -+ return NULL; - -- /* *item != NULL */ -- ret = *item; -- *item = (*item)->next; -+ /* *item != NULL */ -+ ret = *item; -+ *item = (*item)->next; - -- return ret; -- } -+ return ret; -+} - --int --pqueue_size(pqueue_s *pq) -+int pqueue_size(pqueue_s *pq) - { -- pitem *item = pq->items; -- int count = 0; -- -- while(item != NULL) -- { -- count++; -- item = item->next; -- } -- return count; -+ pitem *item = pq->items; -+ int count = 0; -+ -+ while (item != NULL) { -+ count++; -+ item = item->next; -+ } -+ return count; - } -diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c -index 0f8dd3e..6445c1b 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c -+++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -111,7 +111,7 @@ - - #ifdef MD_RAND_DEBUG - # ifndef NDEBUG --# define NDEBUG -+# define NDEBUG - # endif - #endif - -@@ -127,36 +127,36 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -- - #ifdef BN_DEBUG - # define PREDICT - #endif - --/* #define PREDICT 1 */ -+/* #define PREDICT 1 */ - --#define STATE_SIZE 1023 --static int state_num=0,state_index=0; --static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; -+#define STATE_SIZE 1023 -+static int state_num = 0, state_index = 0; -+static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH]; - static unsigned char md[MD_DIGEST_LENGTH]; --static long md_count[2]={0,0}; --static double entropy=0; --static int initialized=0; -+static long md_count[2] = { 0, 0 }; -+ -+static double entropy = 0; -+static int initialized = 0; - - static unsigned int crypto_lock_rand = 0; /* may be set only when a thread -- * holds CRYPTO_LOCK_RAND -- * (to prevent double locking) */ -+ * holds CRYPTO_LOCK_RAND (to -+ * prevent double locking) */ - /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ --static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ -- -+/* valid iff crypto_lock_rand is set */ -+static unsigned long locking_thread = 0; - - #ifdef PREDICT --int rand_predictable=0; -+int rand_predictable = 0; - #endif - --const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT; -+const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT; - - static void ssleay_rand_cleanup(void); - static void ssleay_rand_seed(const void *buf, int num); -@@ -165,420 +165,411 @@ static int ssleay_rand_bytes(unsigned char *buf, int num); - static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); - static int ssleay_rand_status(void); - --RAND_METHOD rand_ssleay_meth={ -- ssleay_rand_seed, -- ssleay_rand_bytes, -- ssleay_rand_cleanup, -- ssleay_rand_add, -- ssleay_rand_pseudo_bytes, -- ssleay_rand_status -- }; -+RAND_METHOD rand_ssleay_meth = { -+ ssleay_rand_seed, -+ ssleay_rand_bytes, -+ ssleay_rand_cleanup, -+ ssleay_rand_add, -+ ssleay_rand_pseudo_bytes, -+ ssleay_rand_status -+}; - - RAND_METHOD *RAND_SSLeay(void) -- { -- return(&rand_ssleay_meth); -- } -+{ -+ return (&rand_ssleay_meth); -+} - - static void ssleay_rand_cleanup(void) -- { -- OPENSSL_cleanse(state,sizeof(state)); -- state_num=0; -- state_index=0; -- OPENSSL_cleanse(md,MD_DIGEST_LENGTH); -- md_count[0]=0; -- md_count[1]=0; -- entropy=0; -- initialized=0; -- } -+{ -+ OPENSSL_cleanse(state, sizeof(state)); -+ state_num = 0; -+ state_index = 0; -+ OPENSSL_cleanse(md, MD_DIGEST_LENGTH); -+ md_count[0] = 0; -+ md_count[1] = 0; -+ entropy = 0; -+ initialized = 0; -+} - - static void ssleay_rand_add(const void *buf, int num, double add) -- { -- int i,j,k,st_idx; -- long md_c[2]; -- unsigned char local_md[MD_DIGEST_LENGTH]; -- EVP_MD_CTX m; -- int do_not_lock; -- -- /* -- * (Based on the rand(3) manpage) -- * -- * The input is chopped up into units of 20 bytes (or less for -- * the last block). Each of these blocks is run through the hash -- * function as follows: The data passed to the hash function -- * is the current 'md', the same number of bytes from the 'state' -- * (the location determined by in incremented looping index) as -- * the current 'block', the new key data 'block', and 'count' -- * (which is incremented after each use). -- * The result of this is kept in 'md' and also xored into the -- * 'state' at the same locations that were used as input into the -- * hash function. -- */ -- -- /* check if we already have the lock */ -- if (crypto_lock_rand) -- { -- CRYPTO_r_lock(CRYPTO_LOCK_RAND2); -- do_not_lock = (locking_thread == CRYPTO_thread_id()); -- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); -- } -- else -- do_not_lock = 0; -- -- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); -- st_idx=state_index; -- -- /* use our own copies of the counters so that even -- * if a concurrent thread seeds with exactly the -- * same data and uses the same subarray there's _some_ -- * difference */ -- md_c[0] = md_count[0]; -- md_c[1] = md_count[1]; -- -- memcpy(local_md, md, sizeof md); -- -- /* state_index <= state_num <= STATE_SIZE */ -- state_index += num; -- if (state_index >= STATE_SIZE) -- { -- state_index%=STATE_SIZE; -- state_num=STATE_SIZE; -- } -- else if (state_num < STATE_SIZE) -- { -- if (state_index > state_num) -- state_num=state_index; -- } -- /* state_index <= state_num <= STATE_SIZE */ -- -- /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] -- * are what we will use now, but other threads may use them -- * as well */ -- -- md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); -- -- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -- -- EVP_MD_CTX_init(&m); -- for (i=0; i MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j; -- -- MD_Init(&m); -- MD_Update(&m,local_md,MD_DIGEST_LENGTH); -- k=(st_idx+j)-STATE_SIZE; -- if (k > 0) -- { -- MD_Update(&m,&(state[st_idx]),j-k); -- MD_Update(&m,&(state[0]),k); -- } -- else -- MD_Update(&m,&(state[st_idx]),j); -- -- MD_Update(&m,buf,j); -- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); -- MD_Final(&m,local_md); -- md_c[1]++; -- -- buf=(const char *)buf + j; -- -- for (k=0; k= STATE_SIZE) -- st_idx=0; -- } -- } -- EVP_MD_CTX_cleanup(&m); -- -- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); -- /* Don't just copy back local_md into md -- this could mean that -- * other thread's seeding remains without effect (except for -- * the incremented counter). By XORing it we keep at least as -- * much entropy as fits into md. */ -- for (k = 0; k < (int)sizeof(md); k++) -- { -- md[k] ^= local_md[k]; -- } -- if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ -- entropy += add; -- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -- -+{ -+ int i, j, k, st_idx; -+ long md_c[2]; -+ unsigned char local_md[MD_DIGEST_LENGTH]; -+ EVP_MD_CTX m; -+ int do_not_lock; -+ -+ /* -+ * (Based on the rand(3) manpage) -+ * -+ * The input is chopped up into units of 20 bytes (or less for -+ * the last block). Each of these blocks is run through the hash -+ * function as follows: The data passed to the hash function -+ * is the current 'md', the same number of bytes from the 'state' -+ * (the location determined by in incremented looping index) as -+ * the current 'block', the new key data 'block', and 'count' -+ * (which is incremented after each use). -+ * The result of this is kept in 'md' and also xored into the -+ * 'state' at the same locations that were used as input into the -+ * hash function. -+ */ -+ -+ /* check if we already have the lock */ -+ if (crypto_lock_rand) { -+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); -+ do_not_lock = (locking_thread == CRYPTO_thread_id()); -+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); -+ } else -+ do_not_lock = 0; -+ -+ if (!do_not_lock) -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ st_idx = state_index; -+ -+ /* -+ * use our own copies of the counters so that even if a concurrent thread -+ * seeds with exactly the same data and uses the same subarray there's -+ * _some_ difference -+ */ -+ md_c[0] = md_count[0]; -+ md_c[1] = md_count[1]; -+ -+ memcpy(local_md, md, sizeof md); -+ -+ /* state_index <= state_num <= STATE_SIZE */ -+ state_index += num; -+ if (state_index >= STATE_SIZE) { -+ state_index %= STATE_SIZE; -+ state_num = STATE_SIZE; -+ } else if (state_num < STATE_SIZE) { -+ if (state_index > state_num) -+ state_num = state_index; -+ } -+ /* state_index <= state_num <= STATE_SIZE */ -+ -+ /* -+ * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we -+ * will use now, but other threads may use them as well -+ */ -+ -+ md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); -+ -+ if (!do_not_lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ -+ EVP_MD_CTX_init(&m); -+ for (i = 0; i < num; i += MD_DIGEST_LENGTH) { -+ j = (num - i); -+ j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; -+ -+ MD_Init(&m); -+ MD_Update(&m, local_md, MD_DIGEST_LENGTH); -+ k = (st_idx + j) - STATE_SIZE; -+ if (k > 0) { -+ MD_Update(&m, &(state[st_idx]), j - k); -+ MD_Update(&m, &(state[0]), k); -+ } else -+ MD_Update(&m, &(state[st_idx]), j); -+ -+ MD_Update(&m, buf, j); -+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); -+ MD_Final(&m, local_md); -+ md_c[1]++; -+ -+ buf = (const char *)buf + j; -+ -+ for (k = 0; k < j; k++) { -+ /* -+ * Parallel threads may interfere with this, but always each byte -+ * of the new state is the XOR of some previous value of its and -+ * local_md (itermediate values may be lost). Alway using locking -+ * could hurt performance more than necessary given that -+ * conflicts occur only when the total seeding is longer than the -+ * random state. -+ */ -+ state[st_idx++] ^= local_md[k]; -+ if (st_idx >= STATE_SIZE) -+ st_idx = 0; -+ } -+ } -+ EVP_MD_CTX_cleanup(&m); -+ -+ if (!do_not_lock) -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ /* -+ * Don't just copy back local_md into md -- this could mean that other -+ * thread's seeding remains without effect (except for the incremented -+ * counter). By XORing it we keep at least as much entropy as fits into -+ * md. -+ */ -+ for (k = 0; k < (int)sizeof(md); k++) { -+ md[k] ^= local_md[k]; -+ } -+ if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ -+ entropy += add; -+ if (!do_not_lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ - #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) -- assert(md_c[1] == md_count[1]); -+ assert(md_c[1] == md_count[1]); - #endif -- } -+} - - static void ssleay_rand_seed(const void *buf, int num) -- { -- ssleay_rand_add(buf, num, (double)num); -- } -+{ -+ ssleay_rand_add(buf, num, (double)num); -+} - - static int ssleay_rand_bytes(unsigned char *buf, int num) -- { -- static volatile int stirred_pool = 0; -- int i,j,k,st_num,st_idx; -- int num_ceil; -- int ok; -- long md_c[2]; -- unsigned char local_md[MD_DIGEST_LENGTH]; -- EVP_MD_CTX m; -+{ -+ static volatile int stirred_pool = 0; -+ int i, j, k, st_num, st_idx; -+ int num_ceil; -+ int ok; -+ long md_c[2]; -+ unsigned char local_md[MD_DIGEST_LENGTH]; -+ EVP_MD_CTX m; - #ifndef GETPID_IS_MEANINGLESS -- pid_t curr_pid = getpid(); -+ pid_t curr_pid = getpid(); - #endif -- int do_stir_pool = 0; -+ int do_stir_pool = 0; - - #ifdef OPENSSL_FIPS -- if(FIPS_mode()) -- { -- FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); -- return 0; -- } -+ if (FIPS_mode()) { -+ FIPSerr(FIPS_F_SSLEAY_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); -+ return 0; -+ } - #endif - - #ifdef PREDICT -- if (rand_predictable) -- { -- static unsigned char val=0; -- -- for (i=0; i= ENTROPY_NEEDED); -- if (!ok) -- { -- /* If the PRNG state is not yet unpredictable, then seeing -- * the PRNG output may help attackers to determine the new -- * state; thus we have to decrease the entropy estimate. -- * Once we've had enough initial seeding we don't bother to -- * adjust the entropy count, though, because we're not ambitious -- * to provide *information-theoretic* randomness. -- * -- * NOTE: This approach fails if the program forks before -- * we have enough entropy. Entropy should be collected -- * in a separate input pool and be transferred to the -- * output pool only when the entropy limit has been reached. -- */ -- entropy -= num; -- if (entropy < 0) -- entropy = 0; -- } -- -- if (do_stir_pool) -- { -- /* In the output function only half of 'md' remains secret, -- * so we better make sure that the required entropy gets -- * 'evenly distributed' through 'state', our randomness pool. -- * The input function (ssleay_rand_add) chains all of 'md', -- * which makes it more suitable for this purpose. -- */ -- -- int n = STATE_SIZE; /* so that the complete pool gets accessed */ -- while (n > 0) -- { -+ if (num <= 0) -+ return 1; -+ -+ EVP_MD_CTX_init(&m); -+ /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ -+ num_ceil = -+ (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); -+ -+ /* -+ * (Based on the rand(3) manpage:) -+ * -+ * For each group of 10 bytes (or less), we do the following: -+ * -+ * Input into the hash function the local 'md' (which is initialized from -+ * the global 'md' before any bytes are generated), the bytes that are to -+ * be overwritten by the random bytes, and bytes from the 'state' -+ * (incrementing looping index). From this digest output (which is kept -+ * in 'md'), the top (up to) 10 bytes are returned to the caller and the -+ * bottom 10 bytes are xored into the 'state'. -+ * -+ * Finally, after we have finished 'num' random bytes for the -+ * caller, 'count' (which is incremented) and the local and global 'md' -+ * are fed into the hash function and the results are kept in the -+ * global 'md'. -+ */ -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ -+ /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); -+ locking_thread = CRYPTO_thread_id(); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); -+ crypto_lock_rand = 1; -+ -+ if (!initialized) { -+ RAND_poll(); -+ initialized = 1; -+ } -+ -+ if (!stirred_pool) -+ do_stir_pool = 1; -+ -+ ok = (entropy >= ENTROPY_NEEDED); -+ if (!ok) { -+ /* -+ * If the PRNG state is not yet unpredictable, then seeing the PRNG -+ * output may help attackers to determine the new state; thus we have -+ * to decrease the entropy estimate. Once we've had enough initial -+ * seeding we don't bother to adjust the entropy count, though, -+ * because we're not ambitious to provide *information-theoretic* -+ * randomness. NOTE: This approach fails if the program forks before -+ * we have enough entropy. Entropy should be collected in a separate -+ * input pool and be transferred to the output pool only when the -+ * entropy limit has been reached. -+ */ -+ entropy -= num; -+ if (entropy < 0) -+ entropy = 0; -+ } -+ -+ if (do_stir_pool) { -+ /* -+ * In the output function only half of 'md' remains secret, so we -+ * better make sure that the required entropy gets 'evenly -+ * distributed' through 'state', our randomness pool. The input -+ * function (ssleay_rand_add) chains all of 'md', which makes it more -+ * suitable for this purpose. -+ */ -+ -+ int n = STATE_SIZE; /* so that the complete pool gets accessed */ -+ while (n > 0) { - #if MD_DIGEST_LENGTH > 20 - # error "Please adjust DUMMY_SEED." - #endif - #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ -- /* Note that the seed does not matter, it's just that -- * ssleay_rand_add expects to have something to hash. */ -- ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); -- n -= MD_DIGEST_LENGTH; -- } -- if (ok) -- stirred_pool = 1; -- } -- -- st_idx=state_index; -- st_num=state_num; -- md_c[0] = md_count[0]; -- md_c[1] = md_count[1]; -- memcpy(local_md, md, sizeof md); -- -- state_index+=num_ceil; -- if (state_index > state_num) -- state_index %= state_num; -- -- /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] -- * are now ours (but other threads may use them too) */ -- -- md_count[0] += 1; -- -- /* before unlocking, we must clear 'crypto_lock_rand' */ -- crypto_lock_rand = 0; -- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -- -- while (num > 0) -- { -- /* num_ceil -= MD_DIGEST_LENGTH/2 */ -- j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num; -- num-=j; -- MD_Init(&m); -+ /* -+ * Note that the seed does not matter, it's just that -+ * ssleay_rand_add expects to have something to hash. -+ */ -+ ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); -+ n -= MD_DIGEST_LENGTH; -+ } -+ if (ok) -+ stirred_pool = 1; -+ } -+ -+ st_idx = state_index; -+ st_num = state_num; -+ md_c[0] = md_count[0]; -+ md_c[1] = md_count[1]; -+ memcpy(local_md, md, sizeof md); -+ -+ state_index += num_ceil; -+ if (state_index > state_num) -+ state_index %= state_num; -+ -+ /* -+ * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now -+ * ours (but other threads may use them too) -+ */ -+ -+ md_count[0] += 1; -+ -+ /* before unlocking, we must clear 'crypto_lock_rand' */ -+ crypto_lock_rand = 0; -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ -+ while (num > 0) { -+ /* num_ceil -= MD_DIGEST_LENGTH/2 */ -+ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; -+ num -= j; -+ MD_Init(&m); - #ifndef GETPID_IS_MEANINGLESS -- if (curr_pid) /* just in the first iteration to save time */ -- { -- MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid); -- curr_pid = 0; -- } -+ if (curr_pid) { /* just in the first iteration to save time */ -+ MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid); -+ curr_pid = 0; -+ } - #endif -- MD_Update(&m,local_md,MD_DIGEST_LENGTH); -- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); -+ MD_Update(&m, local_md, MD_DIGEST_LENGTH); -+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - #ifndef PURIFY -- MD_Update(&m,buf,j); /* purify complains */ -+ MD_Update(&m, buf, j); /* purify complains */ - #endif -- k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; -- if (k > 0) -- { -- MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k); -- MD_Update(&m,&(state[0]),k); -- } -- else -- MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2); -- MD_Final(&m,local_md); -- -- for (i=0; i= st_num) -- st_idx=0; -- if (i < j) -- *(buf++)=local_md[i+MD_DIGEST_LENGTH/2]; -- } -- } -- -- MD_Init(&m); -- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); -- MD_Update(&m,local_md,MD_DIGEST_LENGTH); -- CRYPTO_w_lock(CRYPTO_LOCK_RAND); -- MD_Update(&m,md,MD_DIGEST_LENGTH); -- MD_Final(&m,md); -- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -- -- EVP_MD_CTX_cleanup(&m); -- if (ok) -- return(1); -- else -- { -- RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED); -- ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " -- "http://www.openssl.org/support/faq.html"); -- return(0); -- } -- } -- --/* pseudo-random bytes that are guaranteed to be unique but not -- unpredictable */ --static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) -- { -- int ret; -- unsigned long err; -- -- ret = RAND_bytes(buf, num); -- if (ret == 0) -- { -- err = ERR_peek_error(); -- if (ERR_GET_LIB(err) == ERR_LIB_RAND && -- ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) -- ERR_clear_error(); -- } -- return (ret); -- } -+ k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; -+ if (k > 0) { -+ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); -+ MD_Update(&m, &(state[0]), k); -+ } else -+ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2); -+ MD_Final(&m, local_md); -+ -+ for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { -+ /* may compete with other threads */ -+ state[st_idx++] ^= local_md[i]; -+ if (st_idx >= st_num) -+ st_idx = 0; -+ if (i < j) -+ *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2]; -+ } -+ } -+ -+ MD_Init(&m); -+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); -+ MD_Update(&m, local_md, MD_DIGEST_LENGTH); -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ MD_Update(&m, md, MD_DIGEST_LENGTH); -+ MD_Final(&m, md); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ -+ EVP_MD_CTX_cleanup(&m); -+ if (ok) -+ return (1); -+ else { -+ RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); -+ ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " -+ "http://www.openssl.org/support/faq.html"); -+ return (0); -+ } -+} -+ -+/* -+ * pseudo-random bytes that are guaranteed to be unique but not unpredictable -+ */ -+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) -+{ -+ int ret; -+ unsigned long err; -+ -+ ret = RAND_bytes(buf, num); -+ if (ret == 0) { -+ err = ERR_peek_error(); -+ if (ERR_GET_LIB(err) == ERR_LIB_RAND && -+ ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) -+ ERR_clear_error(); -+ } -+ return (ret); -+} - - static int ssleay_rand_status(void) -- { -- int ret; -- int do_not_lock; -- -- /* check if we already have the lock -- * (could happen if a RAND_poll() implementation calls RAND_status()) */ -- if (crypto_lock_rand) -- { -- CRYPTO_r_lock(CRYPTO_LOCK_RAND2); -- do_not_lock = (locking_thread == CRYPTO_thread_id()); -- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); -- } -- else -- do_not_lock = 0; -- -- if (!do_not_lock) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_RAND); -- -- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ -- CRYPTO_w_lock(CRYPTO_LOCK_RAND2); -- locking_thread = CRYPTO_thread_id(); -- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); -- crypto_lock_rand = 1; -- } -- -- if (!initialized) -- { -- RAND_poll(); -- initialized = 1; -- } -- -- ret = entropy >= ENTROPY_NEEDED; -- -- if (!do_not_lock) -- { -- /* before unlocking, we must clear 'crypto_lock_rand' */ -- crypto_lock_rand = 0; -- -- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -- } -- -- return ret; -- } -+{ -+ int ret; -+ int do_not_lock; -+ -+ /* -+ * check if we already have the lock (could happen if a RAND_poll() -+ * implementation calls RAND_status()) -+ */ -+ if (crypto_lock_rand) { -+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); -+ do_not_lock = (locking_thread == CRYPTO_thread_id()); -+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); -+ } else -+ do_not_lock = 0; -+ -+ if (!do_not_lock) { -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ -+ /* -+ * prevent ssleay_rand_bytes() from trying to obtain the lock again -+ */ -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); -+ locking_thread = CRYPTO_thread_id(); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); -+ crypto_lock_rand = 1; -+ } -+ -+ if (!initialized) { -+ RAND_poll(); -+ initialized = 1; -+ } -+ -+ ret = entropy >= ENTROPY_NEEDED; -+ -+ if (!do_not_lock) { -+ /* before unlocking, we must clear 'crypto_lock_rand' */ -+ crypto_lock_rand = 0; -+ -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ } -+ -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c -index 813a69e..c0a9618 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c -@@ -8,7 +8,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,7 +58,7 @@ - #include - #include - --/* -+/*- - * Query the EGD . - * - * This module supplies three routines: -@@ -97,207 +97,195 @@ - - #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) -- { -- return(-1); -- } -+{ -+ return (-1); -+} -+ - int RAND_egd(const char *path) -- { -- return(-1); -- } -+{ -+ return (-1); -+} - --int RAND_egd_bytes(const char *path,int bytes) -- { -- return(-1); -- } -+int RAND_egd_bytes(const char *path, int bytes) -+{ -+ return (-1); -+} - #else --#include --#include OPENSSL_UNISTD --#include --#include --#ifndef NO_SYS_UN_H --# ifdef OPENSSL_SYS_VXWORKS -+# include -+# include OPENSSL_UNISTD -+# include -+# include -+# ifndef NO_SYS_UN_H -+# ifdef OPENSSL_SYS_VXWORKS - # include --# else -+# else - # include --# endif --#else --struct sockaddr_un { -- short sun_family; /* AF_UNIX */ -- char sun_path[108]; /* path name (gag) */ -+# endif -+# else -+struct sockaddr_un { -+ short sun_family; /* AF_UNIX */ -+ char sun_path[108]; /* path name (gag) */ - }; --#endif /* NO_SYS_UN_H */ --#include --#include -+# endif /* NO_SYS_UN_H */ -+# include -+# include - --#ifndef offsetof -+# ifndef offsetof - # define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) --#endif -+# endif - - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) -- { -- int ret = 0; -- struct sockaddr_un addr; -- int len, num, numbytes; -- int fd = -1; -- int success; -- unsigned char egdbuf[2], tempbuf[255], *retrievebuf; -+{ -+ int ret = 0; -+ struct sockaddr_un addr; -+ int len, num, numbytes; -+ int fd = -1; -+ int success; -+ unsigned char egdbuf[2], tempbuf[255], *retrievebuf; - -- memset(&addr, 0, sizeof(addr)); -- addr.sun_family = AF_UNIX; -- if (strlen(path) >= sizeof(addr.sun_path)) -- return (-1); -- BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path); -- len = offsetof(struct sockaddr_un, sun_path) + strlen(path); -- fd = socket(AF_UNIX, SOCK_STREAM, 0); -- if (fd == -1) return (-1); -- success = 0; -- while (!success) -- { -- if (connect(fd, (struct sockaddr *)&addr, len) == 0) -- success = 1; -- else -- { -- switch (errno) -- { --#ifdef EINTR -- case EINTR: --#endif --#ifdef EAGAIN -- case EAGAIN: --#endif --#ifdef EINPROGRESS -- case EINPROGRESS: --#endif --#ifdef EALREADY -- case EALREADY: --#endif -- /* No error, try again */ -- break; --#ifdef EISCONN -- case EISCONN: -- success = 1; -- break; --#endif -- default: -- goto err; /* failure */ -- } -- } -- } -+ memset(&addr, 0, sizeof(addr)); -+ addr.sun_family = AF_UNIX; -+ if (strlen(path) >= sizeof(addr.sun_path)) -+ return (-1); -+ BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path); -+ len = offsetof(struct sockaddr_un, sun_path) + strlen(path); -+ fd = socket(AF_UNIX, SOCK_STREAM, 0); -+ if (fd == -1) -+ return (-1); -+ success = 0; -+ while (!success) { -+ if (connect(fd, (struct sockaddr *)&addr, len) == 0) -+ success = 1; -+ else { -+ switch (errno) { -+# ifdef EINTR -+ case EINTR: -+# endif -+# ifdef EAGAIN -+ case EAGAIN: -+# endif -+# ifdef EINPROGRESS -+ case EINPROGRESS: -+# endif -+# ifdef EALREADY -+ case EALREADY: -+# endif -+ /* No error, try again */ -+ break; -+# ifdef EISCONN -+ case EISCONN: -+ success = 1; -+ break; -+# endif -+ default: -+ goto err; /* failure */ -+ } -+ } -+ } - -- while(bytes > 0) -- { -- egdbuf[0] = 1; -- egdbuf[1] = bytes < 255 ? bytes : 255; -- numbytes = 0; -- while (numbytes != 2) -- { -- num = write(fd, egdbuf + numbytes, 2 - numbytes); -- if (num >= 0) -- numbytes += num; -- else -- { -- switch (errno) -- { --#ifdef EINTR -- case EINTR: --#endif --#ifdef EAGAIN -- case EAGAIN: --#endif -- /* No error, try again */ -- break; -- default: -- ret = -1; -- goto err; /* failure */ -- } -- } -- } -- numbytes = 0; -- while (numbytes != 1) -- { -- num = read(fd, egdbuf, 1); -- if (num == 0) -- goto err; /* descriptor closed */ -- else if (num > 0) -- numbytes += num; -- else -- { -- switch (errno) -- { --#ifdef EINTR -- case EINTR: --#endif --#ifdef EAGAIN -- case EAGAIN: --#endif -- /* No error, try again */ -- break; -- default: -- ret = -1; -- goto err; /* failure */ -- } -- } -- } -- if(egdbuf[0] == 0) -- goto err; -- if (buf) -- retrievebuf = buf + ret; -- else -- retrievebuf = tempbuf; -- numbytes = 0; -- while (numbytes != egdbuf[0]) -- { -- num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); -- if (num == 0) -- goto err; /* descriptor closed */ -- else if (num > 0) -- numbytes += num; -- else -- { -- switch (errno) -- { --#ifdef EINTR -- case EINTR: --#endif --#ifdef EAGAIN -- case EAGAIN: --#endif -- /* No error, try again */ -- break; -- default: -- ret = -1; -- goto err; /* failure */ -- } -- } -- } -- ret += egdbuf[0]; -- bytes -= egdbuf[0]; -- if (!buf) -- RAND_seed(tempbuf, egdbuf[0]); -- } -+ while (bytes > 0) { -+ egdbuf[0] = 1; -+ egdbuf[1] = bytes < 255 ? bytes : 255; -+ numbytes = 0; -+ while (numbytes != 2) { -+ num = write(fd, egdbuf + numbytes, 2 - numbytes); -+ if (num >= 0) -+ numbytes += num; -+ else { -+ switch (errno) { -+# ifdef EINTR -+ case EINTR: -+# endif -+# ifdef EAGAIN -+ case EAGAIN: -+# endif -+ /* No error, try again */ -+ break; -+ default: -+ ret = -1; -+ goto err; /* failure */ -+ } -+ } -+ } -+ numbytes = 0; -+ while (numbytes != 1) { -+ num = read(fd, egdbuf, 1); -+ if (num == 0) -+ goto err; /* descriptor closed */ -+ else if (num > 0) -+ numbytes += num; -+ else { -+ switch (errno) { -+# ifdef EINTR -+ case EINTR: -+# endif -+# ifdef EAGAIN -+ case EAGAIN: -+# endif -+ /* No error, try again */ -+ break; -+ default: -+ ret = -1; -+ goto err; /* failure */ -+ } -+ } -+ } -+ if (egdbuf[0] == 0) -+ goto err; -+ if (buf) -+ retrievebuf = buf + ret; -+ else -+ retrievebuf = tempbuf; -+ numbytes = 0; -+ while (numbytes != egdbuf[0]) { -+ num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); -+ if (num == 0) -+ goto err; /* descriptor closed */ -+ else if (num > 0) -+ numbytes += num; -+ else { -+ switch (errno) { -+# ifdef EINTR -+ case EINTR: -+# endif -+# ifdef EAGAIN -+ case EAGAIN: -+# endif -+ /* No error, try again */ -+ break; -+ default: -+ ret = -1; -+ goto err; /* failure */ -+ } -+ } -+ } -+ ret += egdbuf[0]; -+ bytes -= egdbuf[0]; -+ if (!buf) -+ RAND_seed(tempbuf, egdbuf[0]); -+ } - err: -- if (fd != -1) close(fd); -- return(ret); -- } -- -+ if (fd != -1) -+ close(fd); -+ return (ret); -+} - - int RAND_egd_bytes(const char *path, int bytes) -- { -- int num, ret = 0; -+{ -+ int num, ret = 0; - -- num = RAND_query_egd_bytes(path, NULL, bytes); -- if (num < 1) goto err; -- if (RAND_status() == 1) -- ret = num; -+ num = RAND_query_egd_bytes(path, NULL, bytes); -+ if (num < 1) -+ goto err; -+ if (RAND_status() == 1) -+ ret = num; - err: -- return(ret); -- } -- -+ return (ret); -+} - - int RAND_egd(const char *path) -- { -- return (RAND_egd_bytes(path, 255)); -- } -- -+{ -+ return (RAND_egd_bytes(path, 255)); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c -index 1669cef..c7fe2f0 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,91 +62,84 @@ - #include "rand_lcl.h" - #include - #ifdef OPENSSL_FIPS --#include --#include -+# include -+# include - #endif - - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - - #if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE) - - /* non-NULL if default_RAND_meth is ENGINE-provided */ --static ENGINE *funct_ref =NULL; -+static ENGINE *funct_ref = NULL; - --int eng_RAND_set_rand_method(const RAND_METHOD *meth, const RAND_METHOD **pmeth) -- { -- if(funct_ref) -- { -- ENGINE_finish(funct_ref); -- funct_ref = NULL; -- } -- *pmeth = meth; -- return 1; -- } -+int eng_RAND_set_rand_method(const RAND_METHOD *meth, -+ const RAND_METHOD **pmeth) -+{ -+ if (funct_ref) { -+ ENGINE_finish(funct_ref); -+ funct_ref = NULL; -+ } -+ *pmeth = meth; -+ return 1; -+} - - const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth) -- { -- if (!*pmeth) -- { -- ENGINE *e = ENGINE_get_default_RAND(); -- if(e) -- { -- *pmeth = ENGINE_get_RAND(e); -- if(!*pmeth) -- { -- ENGINE_finish(e); -- e = NULL; -- } -- } -- if(e) -- funct_ref = e; -- else -- if(FIPS_mode()) -- *pmeth=FIPS_rand_method(); -- else -- *pmeth = RAND_SSLeay(); -- } -+{ -+ if (!*pmeth) { -+ ENGINE *e = ENGINE_get_default_RAND(); -+ if (e) { -+ *pmeth = ENGINE_get_RAND(e); -+ if (!*pmeth) { -+ ENGINE_finish(e); -+ e = NULL; -+ } -+ } -+ if (e) -+ funct_ref = e; -+ else if (FIPS_mode()) -+ *pmeth = FIPS_rand_method(); -+ else -+ *pmeth = RAND_SSLeay(); -+ } - -- if(FIPS_mode() -- && *pmeth != FIPS_rand_check()) -- { -- RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); -- return 0; -- } -+ if (FIPS_mode() -+ && *pmeth != FIPS_rand_check()) { -+ RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD); -+ return 0; -+ } - -- return *pmeth; -- } -+ return *pmeth; -+} - - int RAND_set_rand_engine(ENGINE *engine) -- { -- const RAND_METHOD *tmp_meth = NULL; -- if(engine) -- { -- if(!ENGINE_init(engine)) -- return 0; -- tmp_meth = ENGINE_get_RAND(engine); -- if(!tmp_meth) -- { -- ENGINE_finish(engine); -- return 0; -- } -- } -- /* This function releases any prior ENGINE so call it first */ -- RAND_set_rand_method(tmp_meth); -- funct_ref = engine; -- return 1; -- } -+{ -+ const RAND_METHOD *tmp_meth = NULL; -+ if (engine) { -+ if (!ENGINE_init(engine)) -+ return 0; -+ tmp_meth = ENGINE_get_RAND(engine); -+ if (!tmp_meth) { -+ ENGINE_finish(engine); -+ return 0; -+ } -+ } -+ /* This function releases any prior ENGINE so call it first */ -+ RAND_set_rand_method(tmp_meth); -+ funct_ref = engine; -+ return 1; -+} - - void int_RAND_init_engine_callbacks(void) -- { -- static int done = 0; -- if (done) -- return; -- int_RAND_set_callbacks(eng_RAND_set_rand_method, -- eng_RAND_get_rand_method); -- done = 1; -- } -+{ -+ static int done = 0; -+ if (done) -+ return; -+ int_RAND_set_callbacks(eng_RAND_set_rand_method, -+ eng_RAND_get_rand_method); -+ done = 1; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c -index 829fb44..8ed247f 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_err.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,50 +66,48 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) - --static ERR_STRING_DATA RAND_str_functs[]= -- { --{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, --{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, --{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, --{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, --{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, --{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, --{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, --{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, --{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, --{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, --{0,NULL} -- }; -+static ERR_STRING_DATA RAND_str_functs[] = { -+ {ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, -+ {ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, -+ {ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, -+ {ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, -+ {ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, -+ {ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, -+ {ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, -+ {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, -+ {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, -+ {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA RAND_str_reasons[]= -- { --{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, --{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"}, --{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"}, --{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, --{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"}, --{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"}, --{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, --{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, --{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, --{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"}, --{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"}, --{0,NULL} -- }; -+static ERR_STRING_DATA RAND_str_reasons[] = { -+ {ERR_REASON(RAND_R_NON_FIPS_METHOD), "non fips method"}, -+ {ERR_REASON(RAND_R_NOT_IN_TEST_MODE), "not in test mode"}, -+ {ERR_REASON(RAND_R_NO_KEY_SET), "no key set"}, -+ {ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH), "prng asking for too much"}, -+ {ERR_REASON(RAND_R_PRNG_ERROR), "prng error"}, -+ {ERR_REASON(RAND_R_PRNG_KEYED), "prng keyed"}, -+ {ERR_REASON(RAND_R_PRNG_NOT_REKEYED), "prng not rekeyed"}, -+ {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED), "prng not reseeded"}, -+ {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, -+ {ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY), -+ "prng seed must not match key"}, -+ {ERR_REASON(RAND_R_PRNG_STUCK), "prng stuck"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_RAND_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,RAND_str_functs); -- ERR_load_strings(0,RAND_str_reasons); -- } -+ if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, RAND_str_functs); -+ ERR_load_strings(0, RAND_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c -index da6b4e0..96997bd 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,12 +62,12 @@ - #include - #include "rand_lcl.h" - #ifdef OPENSSL_FIPS --#include --#include -+# include -+# include - #endif - - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - - static const RAND_METHOD *default_RAND_meth = NULL; -@@ -75,171 +75,162 @@ static const RAND_METHOD *default_RAND_meth = NULL; - #ifdef OPENSSL_FIPS - - static int fips_RAND_set_rand_method(const RAND_METHOD *meth, -- const RAND_METHOD **pmeth) -- { -- *pmeth = meth; -- return 1; -- } -+ const RAND_METHOD **pmeth) -+{ -+ *pmeth = meth; -+ return 1; -+} - - static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth) -- { -- if (!*pmeth) -- { -- if(FIPS_mode()) -- *pmeth=FIPS_rand_method(); -- else -- *pmeth = RAND_SSLeay(); -- } -- -- if(FIPS_mode() -- && *pmeth != FIPS_rand_check()) -- { -- RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); -- return 0; -- } -- -- return *pmeth; -- } -- --static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth, -- const RAND_METHOD **pmeth) -- = fips_RAND_set_rand_method; -+{ -+ if (!*pmeth) { -+ if (FIPS_mode()) -+ *pmeth = FIPS_rand_method(); -+ else -+ *pmeth = RAND_SSLeay(); -+ } -+ -+ if (FIPS_mode() -+ && *pmeth != FIPS_rand_check()) { -+ RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD); -+ return 0; -+ } -+ -+ return *pmeth; -+} -+ -+static int (*RAND_set_rand_method_func) (const RAND_METHOD *meth, -+ const RAND_METHOD **pmeth) -+ = fips_RAND_set_rand_method; - static const RAND_METHOD *(*RAND_get_rand_method_func) -- (const RAND_METHOD **pmeth) -- = fips_RAND_get_rand_method; -- --#ifndef OPENSSL_NO_ENGINE --void int_RAND_set_callbacks( -- int (*set_rand_func)(const RAND_METHOD *meth, -- const RAND_METHOD **pmeth), -- const RAND_METHOD *(*get_rand_func) -- (const RAND_METHOD **pmeth)) -- { -- RAND_set_rand_method_func = set_rand_func; -- RAND_get_rand_method_func = get_rand_func; -- } --#endif -+ (const RAND_METHOD **pmeth) -+ = fips_RAND_get_rand_method; -+ -+# ifndef OPENSSL_NO_ENGINE -+void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth, -+ const RAND_METHOD **pmeth), -+ const RAND_METHOD *(*get_rand_func) -+ (const RAND_METHOD **pmeth)) -+{ -+ RAND_set_rand_method_func = set_rand_func; -+ RAND_get_rand_method_func = get_rand_func; -+} -+# endif - - int RAND_set_rand_method(const RAND_METHOD *meth) -- { -- return RAND_set_rand_method_func(meth, &default_RAND_meth); -- } -+{ -+ return RAND_set_rand_method_func(meth, &default_RAND_meth); -+} - - const RAND_METHOD *RAND_get_rand_method(void) -- { -- return RAND_get_rand_method_func(&default_RAND_meth); -- } -+{ -+ return RAND_get_rand_method_func(&default_RAND_meth); -+} - - #else - --#ifndef OPENSSL_NO_ENGINE -+# ifndef OPENSSL_NO_ENGINE - /* non-NULL if default_RAND_meth is ENGINE-provided */ --static ENGINE *funct_ref =NULL; --#endif -+static ENGINE *funct_ref = NULL; -+# endif - - int RAND_set_rand_method(const RAND_METHOD *meth) -- { --#ifndef OPENSSL_NO_ENGINE -- if(funct_ref) -- { -- ENGINE_finish(funct_ref); -- funct_ref = NULL; -- } --#endif -- default_RAND_meth = meth; -- return 1; -- } -+{ -+# ifndef OPENSSL_NO_ENGINE -+ if (funct_ref) { -+ ENGINE_finish(funct_ref); -+ funct_ref = NULL; -+ } -+# endif -+ default_RAND_meth = meth; -+ return 1; -+} - - const RAND_METHOD *RAND_get_rand_method(void) -- { -- if (!default_RAND_meth) -- { --#ifndef OPENSSL_NO_ENGINE -- ENGINE *e = ENGINE_get_default_RAND(); -- if(e) -- { -- default_RAND_meth = ENGINE_get_RAND(e); -- if(!default_RAND_meth) -- { -- ENGINE_finish(e); -- e = NULL; -- } -- } -- if(e) -- funct_ref = e; -- else --#endif -- default_RAND_meth = RAND_SSLeay(); -- } -- return default_RAND_meth; -- } -- --#ifndef OPENSSL_NO_ENGINE -+{ -+ if (!default_RAND_meth) { -+# ifndef OPENSSL_NO_ENGINE -+ ENGINE *e = ENGINE_get_default_RAND(); -+ if (e) { -+ default_RAND_meth = ENGINE_get_RAND(e); -+ if (!default_RAND_meth) { -+ ENGINE_finish(e); -+ e = NULL; -+ } -+ } -+ if (e) -+ funct_ref = e; -+ else -+# endif -+ default_RAND_meth = RAND_SSLeay(); -+ } -+ return default_RAND_meth; -+} -+ -+# ifndef OPENSSL_NO_ENGINE - int RAND_set_rand_engine(ENGINE *engine) -- { -- const RAND_METHOD *tmp_meth = NULL; -- if(engine) -- { -- if(!ENGINE_init(engine)) -- return 0; -- tmp_meth = ENGINE_get_RAND(engine); -- if(!tmp_meth) -- { -- ENGINE_finish(engine); -- return 0; -- } -- } -- /* This function releases any prior ENGINE so call it first */ -- RAND_set_rand_method(tmp_meth); -- funct_ref = engine; -- return 1; -- } --#endif -+{ -+ const RAND_METHOD *tmp_meth = NULL; -+ if (engine) { -+ if (!ENGINE_init(engine)) -+ return 0; -+ tmp_meth = ENGINE_get_RAND(engine); -+ if (!tmp_meth) { -+ ENGINE_finish(engine); -+ return 0; -+ } -+ } -+ /* This function releases any prior ENGINE so call it first */ -+ RAND_set_rand_method(tmp_meth); -+ funct_ref = engine; -+ return 1; -+} -+# endif - - #endif - - void RAND_cleanup(void) -- { -- const RAND_METHOD *meth = RAND_get_rand_method(); -- if (meth && meth->cleanup) -- meth->cleanup(); -- RAND_set_rand_method(NULL); -- } -+{ -+ const RAND_METHOD *meth = RAND_get_rand_method(); -+ if (meth && meth->cleanup) -+ meth->cleanup(); -+ RAND_set_rand_method(NULL); -+} - - void RAND_seed(const void *buf, int num) -- { -- const RAND_METHOD *meth = RAND_get_rand_method(); -- if (meth && meth->seed) -- meth->seed(buf,num); -- } -+{ -+ const RAND_METHOD *meth = RAND_get_rand_method(); -+ if (meth && meth->seed) -+ meth->seed(buf, num); -+} - - void RAND_add(const void *buf, int num, double entropy) -- { -- const RAND_METHOD *meth = RAND_get_rand_method(); -- if (meth && meth->add) -- meth->add(buf,num,entropy); -- } -+{ -+ const RAND_METHOD *meth = RAND_get_rand_method(); -+ if (meth && meth->add) -+ meth->add(buf, num, entropy); -+} - - int RAND_bytes(unsigned char *buf, int num) -- { -- const RAND_METHOD *meth = RAND_get_rand_method(); -- if (meth && meth->bytes) -- return meth->bytes(buf,num); -- return(-1); -- } -+{ -+ const RAND_METHOD *meth = RAND_get_rand_method(); -+ if (meth && meth->bytes) -+ return meth->bytes(buf, num); -+ return (-1); -+} - - int RAND_pseudo_bytes(unsigned char *buf, int num) -- { -- const RAND_METHOD *meth = RAND_get_rand_method(); -- if (meth && meth->pseudorand) -- return meth->pseudorand(buf,num); -- return(-1); -- } -+{ -+ const RAND_METHOD *meth = RAND_get_rand_method(); -+ if (meth && meth->pseudorand) -+ return meth->pseudorand(buf, num); -+ return (-1); -+} - - int RAND_status(void) -- { -- const RAND_METHOD *meth = RAND_get_rand_method(); -- if (meth && meth->status) -- return meth->status(); -- return 0; -- } -+{ -+ const RAND_METHOD *meth = RAND_get_rand_method(); -+ if (meth && meth->status) -+ return meth->status(); -+ return 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c -index 8d5b8d2..55ffe9a 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -115,69 +115,65 @@ - - #if defined (OPENSSL_SYS_NETWARE) - --#if defined(NETWARE_LIBC) --#include --#else --#include --#endif -+# if defined(NETWARE_LIBC) -+# include -+# else -+# include -+# endif - - extern int GetProcessSwitchCount(void); --#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) --extern void *RunningProcess; /* declare here same as found in newer NDKs */ -+# if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) -+extern void *RunningProcess; /* declare here same as found in newer NDKs */ - extern unsigned long GetSuperHighResolutionTimer(void); --#endif -+# endif - -- /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed -- */ -+ /* -+ * the FAQ indicates we need to provide at least 20 bytes (160 bits) of -+ * seed -+ */ - int RAND_poll(void) - { -- unsigned long l; -- unsigned long tsc; -- int i; -+ unsigned long l; -+ unsigned long tsc; -+ int i; - -- /* There are several options to gather miscellaneous data -- * but for now we will loop checking the time stamp counter (rdtsc) and -- * the SuperHighResolutionTimer. Each iteration will collect 8 bytes -- * of data but it is treated as only 1 byte of entropy. The call to -- * ThreadSwitchWithDelay() will introduce additional variability into -- * the data returned by rdtsc. -- * -- * Applications can agument the seed material by adding additional -- * stuff with RAND_add() and should probably do so. -- */ -- l = GetProcessSwitchCount(); -- RAND_add(&l,sizeof(l),1); -- -- /* need to cast the void* to unsigned long here */ -- l = (unsigned long)RunningProcess; -- RAND_add(&l,sizeof(l),1); -+ /* -+ * There are several options to gather miscellaneous data but for now we -+ * will loop checking the time stamp counter (rdtsc) and the -+ * SuperHighResolutionTimer. Each iteration will collect 8 bytes of data -+ * but it is treated as only 1 byte of entropy. The call to -+ * ThreadSwitchWithDelay() will introduce additional variability into the -+ * data returned by rdtsc. Applications can agument the seed material by -+ * adding additional stuff with RAND_add() and should probably do so. -+ */ -+ l = GetProcessSwitchCount(); -+ RAND_add(&l, sizeof(l), 1); - -- for( i=2; i=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -- asm volatile("rdtsc":"=a"(tsc)::"edx"); --#endif -+ /* need to cast the void* to unsigned long here */ -+ l = (unsigned long)RunningProcess; -+ RAND_add(&l, sizeof(l), 1); - -- RAND_add(&tsc, sizeof(tsc), 1); -+ for (i = 2; i < ENTROPY_NEEDED; i++) { -+# ifdef __MWERKS__ -+ asm { -+ rdtsc mov tsc, eax} -+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -+ asm volatile ("rdtsc":"=a" (tsc)::"edx"); -+# endif -+ -+ RAND_add(&tsc, sizeof(tsc), 1); - -- l = GetSuperHighResolutionTimer(); -- RAND_add(&l, sizeof(l), 0); -+ l = GetSuperHighResolutionTimer(); -+ RAND_add(&l, sizeof(l), 0); - - # if defined(NETWARE_LIBC) -- NXThreadYield(); --# else /* NETWARE_CLIB */ -- ThreadSwitchWithDelay(); -+ NXThreadYield(); -+# else /* NETWARE_CLIB */ -+ ThreadSwitchWithDelay(); - # endif -- } -+ } - -- return 1; -+ return 1; - } - --#endif -- -+#endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c -index c3e36d4..4de2115 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -59,27 +59,30 @@ - - #ifdef OPENSSL_SYS_OS2 - --#define INCL_DOSPROCESS --#define INCL_DOSPROFILE --#define INCL_DOSMISC --#define INCL_DOSMODULEMGR --#include -+# define INCL_DOSPROCESS -+# define INCL_DOSPROFILE -+# define INCL_DOSMISC -+# define INCL_DOSMODULEMGR -+# include - --#define CMD_KI_RDCNT (0x63) -+# define CMD_KI_RDCNT (0x63) - - typedef struct _CPUUTIL { -- ULONG ulTimeLow; /* Low 32 bits of time stamp */ -- ULONG ulTimeHigh; /* High 32 bits of time stamp */ -- ULONG ulIdleLow; /* Low 32 bits of idle time */ -- ULONG ulIdleHigh; /* High 32 bits of idle time */ -- ULONG ulBusyLow; /* Low 32 bits of busy time */ -- ULONG ulBusyHigh; /* High 32 bits of busy time */ -- ULONG ulIntrLow; /* Low 32 bits of interrupt time */ -+ ULONG ulTimeLow; /* Low 32 bits of time stamp */ -+ ULONG ulTimeHigh; /* High 32 bits of time stamp */ -+ ULONG ulIdleLow; /* Low 32 bits of idle time */ -+ ULONG ulIdleHigh; /* High 32 bits of idle time */ -+ ULONG ulBusyLow; /* Low 32 bits of busy time */ -+ ULONG ulBusyHigh; /* High 32 bits of busy time */ -+ ULONG ulIntrLow; /* Low 32 bits of interrupt time */ - ULONG ulIntrHigh; /* High 32 bits of interrupt time */ - } CPUUTIL; - --APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL; --APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL; -+APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, -+ ULONG ulParm2, ULONG ulParm3) = NULL; -+APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, -+ ULONG _res_, PVOID buf, ULONG bufsz) = -+ NULL; - HMODULE hDoscalls = 0; - - int RAND_poll(void) -@@ -89,15 +92,19 @@ int RAND_poll(void) - ULONG SysVars[QSV_FOREGROUND_PROCESS]; - - if (hDoscalls == 0) { -- ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls); -+ ULONG rc = -+ DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", -+ &hDoscalls); - - if (rc == 0) { -- rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall); -+ rc = DosQueryProcAddr(hDoscalls, 976, NULL, -+ (PFN *) & DosPerfSysCall); - - if (rc) - DosPerfSysCall = NULL; - -- rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState); -+ rc = DosQueryProcAddr(hDoscalls, 368, NULL, -+ (PFN *) & DosQuerySysState); - - if (rc) - DosQuerySysState = NULL; -@@ -108,33 +115,40 @@ int RAND_poll(void) - DosTmrQueryTime(&qwTime); - RAND_add(&qwTime, sizeof(qwTime), 2); - -- /* Sample a bunch of system variables, includes various process & memory statistics */ -+ /* -+ * Sample a bunch of system variables, includes various process & memory -+ * statistics -+ */ - DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars)); - RAND_add(SysVars, sizeof(SysVars), 4); - -- /* If available, sample CPU registers that count at CPU MHz -- * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this -+ /* -+ * If available, sample CPU registers that count at CPU MHz Only fairly -+ * new CPUs (PPro & K6 onwards) & OS/2 versions support this - */ - if (DosPerfSysCall) { - CPUUTIL util; - -- if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) { -+ if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG) & util, 0, 0) == 0) { - RAND_add(&util, sizeof(util), 10); -- } -- else { -+ } else { - DosPerfSysCall = NULL; - } - } - -- /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */ -+ /* -+ * DosQuerySysState() gives us a huge quantity of process, thread, memory -+ * & handle stats -+ */ - if (DosQuerySysState) { - char *buffer = OPENSSL_malloc(256 * 1024); - - if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { -- /* First 4 bytes in buffer is a pointer to the thread count -- * there should be at least 1 byte of entropy per thread -+ /* -+ * First 4 bytes in buffer is a pointer to the thread count there -+ * should be at least 1 byte of entropy per thread - */ -- RAND_add(buffer, 256 * 1024, **(ULONG **)buffer); -+ RAND_add(buffer, 256 * 1024, **(ULONG **) buffer); - } - - OPENSSL_free(buffer); -@@ -144,4 +158,4 @@ int RAND_poll(void) - return 0; - } - --#endif /* OPENSSL_SYS_OS2 */ -+#endif /* OPENSSL_SYS_OS2 */ -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c -index 8e2c4ca..0a6893c 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -118,213 +118,223 @@ - - #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) - --#include --#include --#include --#include --#include --#include --#include --#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ --# include --#endif --#include --#ifndef FD_SETSIZE --# define FD_SETSIZE (8*sizeof(fd_set)) --#endif -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually -+ * everywhere */ -+# include -+# endif -+# include -+# ifndef FD_SETSIZE -+# define FD_SETSIZE (8*sizeof(fd_set)) -+# endif - --#ifdef __OpenBSD__ -+# ifdef __OpenBSD__ - int RAND_poll(void) - { -- u_int32_t rnd = 0, i; -- unsigned char buf[ENTROPY_NEEDED]; -+ u_int32_t rnd = 0, i; -+ unsigned char buf[ENTROPY_NEEDED]; - -- for (i = 0; i < sizeof(buf); i++) { -- if (i % 4 == 0) -- rnd = arc4random(); -- buf[i] = rnd; -- rnd >>= 8; -- } -- RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); -- memset(buf, 0, sizeof(buf)); -+ for (i = 0; i < sizeof(buf); i++) { -+ if (i % 4 == 0) -+ rnd = arc4random(); -+ buf[i] = rnd; -+ rnd >>= 8; -+ } -+ RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); -+ memset(buf, 0, sizeof(buf)); - -- return 1; -+ return 1; - } --#else /* !defined(__OpenBSD__) */ -+# else /* !defined(__OpenBSD__) */ - int RAND_poll(void) - { -- unsigned long l; -- pid_t curr_pid = getpid(); --#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) -- unsigned char tmpbuf[ENTROPY_NEEDED]; -- int n = 0; --#endif --#ifdef DEVRANDOM -- static const char *randomfiles[] = { DEVRANDOM }; -- struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; -- int fd; -- size_t i; --#endif --#ifdef DEVRANDOM_EGD -- static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; -- const char **egdsocket = NULL; --#endif -+ unsigned long l; -+ pid_t curr_pid = getpid(); -+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) -+ unsigned char tmpbuf[ENTROPY_NEEDED]; -+ int n = 0; -+# endif -+# ifdef DEVRANDOM -+ static const char *randomfiles[] = { DEVRANDOM }; -+ struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; -+ int fd; -+ size_t i; -+# endif -+# ifdef DEVRANDOM_EGD -+ static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; -+ const char **egdsocket = NULL; -+# endif - --#ifdef DEVRANDOM -- memset(randomstats,0,sizeof(randomstats)); -- /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD -- * have this. Use /dev/urandom if you can as /dev/random may block -- * if it runs out of random entries. */ -+# ifdef DEVRANDOM -+ memset(randomstats, 0, sizeof(randomstats)); -+ /* -+ * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have -+ * this. Use /dev/urandom if you can as /dev/random may block if it runs -+ * out of random entries. -+ */ - -- for (i=0; i= 0) -- { -- int usec = 10*1000; /* spend 10ms on each file */ -- int r; -- size_t j; -- struct stat *st=&randomstats[i]; -+ for (i = 0; i < sizeof(randomfiles) / sizeof(randomfiles[0]) -+ && n < ENTROPY_NEEDED; i++) { -+ if ((fd = open(randomfiles[i], O_RDONLY -+# ifdef O_NONBLOCK -+ | O_NONBLOCK -+# endif -+# ifdef O_BINARY -+ | O_BINARY -+# endif -+# ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do -+ * not make it our controlling tty */ -+ | O_NOCTTY -+# endif -+ )) >= 0) { -+ int usec = 10 * 1000; /* spend 10ms on each file */ -+ int r; -+ size_t j; -+ struct stat *st = &randomstats[i]; - -- /* Avoid using same input... Used to be O_NOFOLLOW -- * above, but it's not universally appropriate... */ -- if (fstat(fd,st) != 0) { close(fd); continue; } -- for (j=0;jst_ino && -- randomstats[j].st_dev==st->st_dev) -- break; -- } -- if (jst_ino && -+ randomstats[j].st_dev == st->st_dev) -+ break; -+ } -+ if (j < i) { -+ close(fd); -+ continue; -+ } - -- do -- { -- int try_read = 0; -+ do { -+ int try_read = 0; - --#if defined(OPENSSL_SYS_LINUX) -- /* use poll() */ -- struct pollfd pset; -- -- pset.fd = fd; -- pset.events = POLLIN; -- pset.revents = 0; -+# if defined(OPENSSL_SYS_LINUX) -+ /* use poll() */ -+ struct pollfd pset; - -- if (poll(&pset, 1, usec / 1000) < 0) -- usec = 0; -- else -- try_read = (pset.revents & POLLIN) != 0; -+ pset.fd = fd; -+ pset.events = POLLIN; -+ pset.revents = 0; - --#else -- /* use select() */ -- fd_set fset; -- struct timeval t; -- -- t.tv_sec = 0; -- t.tv_usec = usec; -+ if (poll(&pset, 1, usec / 1000) < 0) -+ usec = 0; -+ else -+ try_read = (pset.revents & POLLIN) != 0; - -- if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) -- { -- /* can't use select, so just try to read once anyway */ -- try_read = 1; -- } -- else -- { -- FD_ZERO(&fset); -- FD_SET(fd, &fset); -- -- if (select(fd+1,&fset,NULL,NULL,&t) >= 0) -- { -- usec = t.tv_usec; -- if (FD_ISSET(fd, &fset)) -- try_read = 1; -- } -- else -- usec = 0; -- } --#endif -- -- if (try_read) -- { -- r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n); -- if (r > 0) -- n += r; -- } -- else -- r = -1; -- -- /* Some Unixen will update t in select(), some -- won't. For those who won't, or if we -- didn't use select() in the first place, -- give up here, otherwise, we will do -- this once again for the remaining -- time. */ -- if (usec == 10*1000) -- usec = 0; -- } -- while ((r > 0 || -- (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); -+# else -+ /* use select() */ -+ fd_set fset; -+ struct timeval t; - -- close(fd); -- } -- } --#endif /* defined(DEVRANDOM) */ -+ t.tv_sec = 0; -+ t.tv_usec = usec; - --#ifdef DEVRANDOM_EGD -- /* Use an EGD socket to read entropy from an EGD or PRNGD entropy -- * collecting daemon. */ -+ if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) { -+ /* -+ * can't use select, so just try to read once anyway -+ */ -+ try_read = 1; -+ } else { -+ FD_ZERO(&fset); -+ FD_SET(fd, &fset); - -- for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++) -- { -- int r; -+ if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) { -+ usec = t.tv_usec; -+ if (FD_ISSET(fd, &fset)) -+ try_read = 1; -+ } else -+ usec = 0; -+ } -+# endif - -- r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n, -- ENTROPY_NEEDED-n); -- if (r > 0) -- n += r; -- } --#endif /* defined(DEVRANDOM_EGD) */ -+ if (try_read) { -+ r = read(fd, (unsigned char *)tmpbuf + n, -+ ENTROPY_NEEDED - n); -+ if (r > 0) -+ n += r; -+ } else -+ r = -1; - --#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) -- if (n > 0) -- { -- RAND_add(tmpbuf,sizeof tmpbuf,(double)n); -- OPENSSL_cleanse(tmpbuf,n); -- } --#endif -+ /* -+ * Some Unixen will update t in select(), some won't. For -+ * those who won't, or if we didn't use select() in the first -+ * place, give up here, otherwise, we will do this once again -+ * for the remaining time. -+ */ -+ if (usec == 10 * 1000) -+ usec = 0; -+ } -+ while ((r > 0 || -+ (errno == EINTR || errno == EAGAIN)) && usec != 0 -+ && n < ENTROPY_NEEDED); - -- /* put in some default random data, we need more than just this */ -- l=curr_pid; -- RAND_add(&l,sizeof(l),0.0); -- l=getuid(); -- RAND_add(&l,sizeof(l),0.0); -+ close(fd); -+ } -+ } -+# endif /* defined(DEVRANDOM) */ - -- l=time(NULL); -- RAND_add(&l,sizeof(l),0.0); -+# ifdef DEVRANDOM_EGD -+ /* -+ * Use an EGD socket to read entropy from an EGD or PRNGD entropy -+ * collecting daemon. -+ */ - --#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) -- return 1; --#else -- return 0; --#endif --} -+ for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; -+ egdsocket++) { -+ int r; -+ -+ r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n, -+ ENTROPY_NEEDED - n); -+ if (r > 0) -+ n += r; -+ } -+# endif /* defined(DEVRANDOM_EGD) */ - --#endif /* defined(__OpenBSD__) */ --#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ -+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) -+ if (n > 0) { -+ RAND_add(tmpbuf, sizeof tmpbuf, (double)n); -+ OPENSSL_cleanse(tmpbuf, n); -+ } -+# endif - -+ /* put in some default random data, we need more than just this */ -+ l = curr_pid; -+ RAND_add(&l, sizeof(l), 0.0); -+ l = getuid(); -+ RAND_add(&l, sizeof(l), 0.0); -+ -+ l = time(NULL); -+ RAND_add(&l, sizeof(l), 0.0); -+ -+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) -+ return 1; -+# else -+ return 0; -+# endif -+} -+ -+# endif /* defined(__OpenBSD__) */ -+#endif /* !(defined(OPENSSL_SYS_WINDOWS) || -+ * defined(OPENSSL_SYS_WIN32) || -+ * defined(OPENSSL_SYS_VMS) || -+ * defined(OPENSSL_SYS_OS2) || -+ * defined(OPENSSL_SYS_VXWORKS) || -+ * defined(OPENSSL_SYS_NETWARE)) */ - - #if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) - int RAND_poll(void) -- { -- return 0; -- } -+{ -+ return 0; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c -index 5d134e1..0c616c4 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/rand_win.c -+++ b/Cryptlib/OpenSSL/crypto/rand/rand_win.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,7 +63,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -114,607 +114,552 @@ - #include "rand_lcl.h" - - #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) --#include --#ifndef _WIN32_WINNT --# define _WIN32_WINNT 0x0400 --#endif --#include --#include -+# include -+# ifndef _WIN32_WINNT -+# define _WIN32_WINNT 0x0400 -+# endif -+# include -+# include - --/* Limit the time spent walking through the heap, processes, threads and modules to -- a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */ --#define MAXDELAY 1000 -+/* -+ * Limit the time spent walking through the heap, processes, threads and -+ * modules to a maximum of 1000 miliseconds each, unless CryptoGenRandom -+ * failed -+ */ -+# define MAXDELAY 1000 - --/* Intel hardware RNG CSP -- available from -+/* -+ * Intel hardware RNG CSP -- available from - * http://developer.intel.com/design/security/rng/redist_license.htm - */ --#define PROV_INTEL_SEC 22 --#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" -+# define PROV_INTEL_SEC 22 -+# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" - - static void readtimer(void); - static void readscreen(void); - --/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined -- when WINVER is 0x0500 and up, which currently only happens on Win2000. -- Unfortunately, those are typedefs, so they're a little bit difficult to -- detect properly. On the other hand, the macro CURSOR_SHOWING is defined -- within the same conditional, so it can be use to detect the absence of said -- typedefs. */ -+/* -+ * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined -+ * when WINVER is 0x0500 and up, which currently only happens on Win2000. -+ * Unfortunately, those are typedefs, so they're a little bit difficult to -+ * detect properly. On the other hand, the macro CURSOR_SHOWING is defined -+ * within the same conditional, so it can be use to detect the absence of -+ * said typedefs. -+ */ - --#ifndef CURSOR_SHOWING -+# ifndef CURSOR_SHOWING - /* - * Information about the global cursor. - */ --typedef struct tagCURSORINFO --{ -- DWORD cbSize; -- DWORD flags; -+typedef struct tagCURSORINFO { -+ DWORD cbSize; -+ DWORD flags; - HCURSOR hCursor; -- POINT ptScreenPos; -+ POINT ptScreenPos; - } CURSORINFO, *PCURSORINFO, *LPCURSORINFO; - --#define CURSOR_SHOWING 0x00000001 --#endif /* CURSOR_SHOWING */ -- --#if !defined(OPENSSL_SYS_WINCE) --typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, -- DWORD, DWORD); --typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); --typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD); -- --typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID); --typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); --typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); -- --typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); --typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); --typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t); --typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); --typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); --typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); --typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); --typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); -- --#include --#include --#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE -- * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was -- * was added to the Platform SDK to allow the NET API to be used in -- * non-Unicode applications provided that Unicode strings were still -- * used for input. LMSTR is defined as LPWSTR. -- */ --typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) -- (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); --typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); --#endif /* 1 */ --#endif /* !OPENSSL_SYS_WINCE */ -+# define CURSOR_SHOWING 0x00000001 -+# endif /* CURSOR_SHOWING */ -+ -+# if !defined(OPENSSL_SYS_WINCE) -+typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR, -+ DWORD, DWORD); -+typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *); -+typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD); -+ -+typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID); -+typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO); -+typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT); -+ -+typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); -+typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); -+typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t); -+typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32); -+typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32); -+typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32); -+typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32); -+typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32); -+ -+# include -+# include -+# if 1 -+/* -+ * The NET API is Unicode only. It requires the use of the UNICODE macro. -+ * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the -+ * Platform SDK to allow the NET API to be used in non-Unicode applications -+ * provided that Unicode strings were still used for input. LMSTR is defined -+ * as LPWSTR. -+ */ -+typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET) -+ (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *); -+typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); -+# endif /* 1 */ -+# endif /* !OPENSSL_SYS_WINCE */ - - int RAND_poll(void) - { -- MEMORYSTATUS m; -- HCRYPTPROV hProvider = 0; -- DWORD w; -- int good = 0; -- -- /* Determine the OS version we are on so we can turn off things -- * that do not work properly. -- */ -- OSVERSIONINFO osverinfo ; -- osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; -- GetVersionEx( &osverinfo ) ; -- --#if defined(OPENSSL_SYS_WINCE) --# if defined(_WIN32_WCE) && _WIN32_WCE>=300 --/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available -- * in commonly available implementations prior 300... */ -- { -- BYTE buf[64]; -- /* poll the CryptoAPI PRNG */ -- /* The CryptoAPI returns sizeof(buf) bytes of randomness */ -- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, -- CRYPT_VERIFYCONTEXT)) -- { -- if (CryptGenRandom(hProvider, sizeof(buf), buf)) -- RAND_add(buf, sizeof(buf), sizeof(buf)); -- CryptReleaseContext(hProvider, 0); -- } -- } --# endif --#else /* OPENSSL_SYS_WINCE */ -- /* -- * None of below libraries are present on Windows CE, which is -- * why we #ifndef the whole section. This also excuses us from -- * handling the GetProcAddress issue. The trouble is that in -- * real Win32 API GetProcAddress is available in ANSI flavor -- * only. In WinCE on the other hand GetProcAddress is a macro -- * most commonly defined as GetProcAddressW, which accepts -- * Unicode argument. If we were to call GetProcAddress under -- * WinCE, I'd recommend to either redefine GetProcAddress as -- * GetProcAddressA (there seem to be one in common CE spec) or -- * implement own shim routine, which would accept ANSI argument -- * and expand it to Unicode. -- */ -- { -- /* load functions dynamically - not available on all systems */ -- HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); -- HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); -- HMODULE user = NULL; -- HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); -- CRYPTACQUIRECONTEXTW acquire = NULL; -- CRYPTGENRANDOM gen = NULL; -- CRYPTRELEASECONTEXT release = NULL; -- NETSTATGET netstatget = NULL; -- NETFREE netfree = NULL; -- BYTE buf[64]; -- -- if (netapi) -- { -- netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); -- netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); -- } -- -- if (netstatget && netfree) -- { -- LPBYTE outbuf; -- /* NetStatisticsGet() is a Unicode only function -- * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 -- * contains 17 fields. We treat each field as a source of -- * one byte of entropy. -- */ -- -- if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) -- { -- RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); -- netfree(outbuf); -- } -- if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) -- { -- RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); -- netfree(outbuf); -- } -- } -- -- if (netapi) -- FreeLibrary(netapi); -- -- /* It appears like this can cause an exception deep within ADVAPI32.DLL -- * at random times on Windows 2000. Reported by Jeffrey Altman. -- * Only use it on NT. -- */ -- /* Wolfgang Marczy reports that -- * the RegQueryValueEx call below can hang on NT4.0 (SP6). -- * So we don't use this at all for now. */ --#if 0 -- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && -- osverinfo.dwMajorVersion < 5) -- { -- /* Read Performance Statistics from NT/2000 registry -- * The size of the performance data can vary from call -- * to call so we must guess the size of the buffer to use -- * and increase its size if we get an ERROR_MORE_DATA -- * return instead of ERROR_SUCCESS. -- */ -- LONG rc=ERROR_MORE_DATA; -- char * buf=NULL; -- DWORD bufsz=0; -- DWORD length; -- -- while (rc == ERROR_MORE_DATA) -- { -- buf = realloc(buf,bufsz+8192); -- if (!buf) -- break; -- bufsz += 8192; -- -- length = bufsz; -- rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), -- NULL, NULL, buf, &length); -- } -- if (rc == ERROR_SUCCESS) -- { -- /* For entropy count assume only least significant -- * byte of each DWORD is random. -- */ -- RAND_add(&length, sizeof(length), 0); -- RAND_add(buf, length, length / 4.0); -- -- /* Close the Registry Key to allow Windows to cleanup/close -- * the open handle -- * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened -- * when the RegQueryValueEx above is done. However, if -- * it is not explicitly closed, it can cause disk -- * partition manipulation problems. -- */ -- RegCloseKey(HKEY_PERFORMANCE_DATA); -- } -- if (buf) -- free(buf); -- } --#endif -- -- if (advapi) -- { -- /* -- * If it's available, then it's available in both ANSI -- * and UNICODE flavors even in Win9x, documentation says. -- * We favor Unicode... -- */ -- acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, -- "CryptAcquireContextW"); -- gen = (CRYPTGENRANDOM) GetProcAddress(advapi, -- "CryptGenRandom"); -- release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, -- "CryptReleaseContext"); -- } -- -- if (acquire && gen && release) -- { -- /* poll the CryptoAPI PRNG */ -- /* The CryptoAPI returns sizeof(buf) bytes of randomness */ -- if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, -- CRYPT_VERIFYCONTEXT)) -- { -- if (gen(hProvider, sizeof(buf), buf) != 0) -- { -- RAND_add(buf, sizeof(buf), 0); -- good = 1; --#if 0 -- printf("randomness from PROV_RSA_FULL\n"); --#endif -- } -- release(hProvider, 0); -- } -- -- /* poll the Pentium PRG with CryptoAPI */ -- if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) -- { -- if (gen(hProvider, sizeof(buf), buf) != 0) -- { -- RAND_add(buf, sizeof(buf), sizeof(buf)); -- good = 1; --#if 0 -- printf("randomness from PROV_INTEL_SEC\n"); --#endif -- } -- release(hProvider, 0); -- } -- } -+ MEMORYSTATUS m; -+ HCRYPTPROV hProvider = 0; -+ DWORD w; -+ int good = 0; -+ -+# if defined(OPENSSL_SYS_WINCE) -+# if defined(_WIN32_WCE) && _WIN32_WCE>=300 -+ /* -+ * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available -+ * in commonly available implementations prior 300... -+ */ -+ { -+ BYTE buf[64]; -+ /* poll the CryptoAPI PRNG */ -+ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ -+ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, -+ CRYPT_VERIFYCONTEXT)) { -+ if (CryptGenRandom(hProvider, sizeof(buf), buf)) -+ RAND_add(buf, sizeof(buf), sizeof(buf)); -+ CryptReleaseContext(hProvider, 0); -+ } -+ } -+# endif -+# else /* OPENSSL_SYS_WINCE */ -+ /* -+ * None of below libraries are present on Windows CE, which is -+ * why we #ifndef the whole section. This also excuses us from -+ * handling the GetProcAddress issue. The trouble is that in -+ * real Win32 API GetProcAddress is available in ANSI flavor -+ * only. In WinCE on the other hand GetProcAddress is a macro -+ * most commonly defined as GetProcAddressW, which accepts -+ * Unicode argument. If we were to call GetProcAddress under -+ * WinCE, I'd recommend to either redefine GetProcAddress as -+ * GetProcAddressA (there seem to be one in common CE spec) or -+ * implement own shim routine, which would accept ANSI argument -+ * and expand it to Unicode. -+ */ -+ { -+ /* load functions dynamically - not available on all systems */ -+ HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); -+ HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); -+ HMODULE user = NULL; -+ HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); -+ CRYPTACQUIRECONTEXTW acquire = NULL; -+ CRYPTGENRANDOM gen = NULL; -+ CRYPTRELEASECONTEXT release = NULL; -+ NETSTATGET netstatget = NULL; -+ NETFREE netfree = NULL; -+ BYTE buf[64]; -+ -+ if (netapi) { -+ netstatget = -+ (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet"); -+ netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree"); -+ } -+ -+ if (netstatget && netfree) { -+ LPBYTE outbuf; -+ /* -+ * NetStatisticsGet() is a Unicode only function -+ * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 -+ * contains 17 fields. We treat each field as a source of one -+ * byte of entropy. -+ */ -+ -+ if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) { -+ RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); -+ netfree(outbuf); -+ } -+ if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) { -+ RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); -+ netfree(outbuf); -+ } -+ } -+ -+ if (netapi) -+ FreeLibrary(netapi); -+ -+ /* -+ * It appears like this can cause an exception deep within -+ * ADVAPI32.DLL at random times on Windows 2000. Reported by Jeffrey -+ * Altman. Only use it on NT. -+ */ -+ -+ if (advapi) { -+ /* -+ * If it's available, then it's available in both ANSI -+ * and UNICODE flavors even in Win9x, documentation says. -+ * We favor Unicode... -+ */ -+ acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, -+ "CryptAcquireContextW"); -+ gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom"); -+ release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, -+ "CryptReleaseContext"); -+ } -+ -+ if (acquire && gen && release) { -+ /* poll the CryptoAPI PRNG */ -+ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ -+ if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, -+ CRYPT_VERIFYCONTEXT)) { -+ if (gen(hProvider, sizeof(buf), buf) != 0) { -+ RAND_add(buf, sizeof(buf), 0); -+ good = 1; -+# if 0 -+ printf("randomness from PROV_RSA_FULL\n"); -+# endif -+ } -+ release(hProvider, 0); -+ } -+ -+ /* poll the Pentium PRG with CryptoAPI */ -+ if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) { -+ if (gen(hProvider, sizeof(buf), buf) != 0) { -+ RAND_add(buf, sizeof(buf), sizeof(buf)); -+ good = 1; -+# if 0 -+ printf("randomness from PROV_INTEL_SEC\n"); -+# endif -+ } -+ release(hProvider, 0); -+ } -+ } - - if (advapi) -- FreeLibrary(advapi); -- -- if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || -- !OPENSSL_isservice()) && -- (user = LoadLibrary(TEXT("USER32.DLL")))) -- { -- GETCURSORINFO cursor; -- GETFOREGROUNDWINDOW win; -- GETQUEUESTATUS queue; -- -- win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); -- cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); -- queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); -- -- if (win) -- { -- /* window handle */ -- HWND h = win(); -- RAND_add(&h, sizeof(h), 0); -- } -- if (cursor) -- { -- /* unfortunately, its not safe to call GetCursorInfo() -- * on NT4 even though it exists in SP3 (or SP6) and -- * higher. -- */ -- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && -- osverinfo.dwMajorVersion < 5) -- cursor = 0; -- } -- if (cursor) -- { -- /* cursor position */ -- /* assume 2 bytes of entropy */ -- CURSORINFO ci; -- ci.cbSize = sizeof(CURSORINFO); -- if (cursor(&ci)) -- RAND_add(&ci, ci.cbSize, 2); -- } -- -- if (queue) -- { -- /* message queue status */ -- /* assume 1 byte of entropy */ -- w = queue(QS_ALLEVENTS); -- RAND_add(&w, sizeof(w), 1); -- } -- -- FreeLibrary(user); -- } -- -- /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap -- * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm -- * (Win 9x and 2000 only, not available on NT) -- * -- * This seeding method was proposed in Peter Gutmann, Software -- * Generation of Practically Strong Random Numbers, -- * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html -- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf -- * (The assignment of entropy estimates below is arbitrary, but based -- * on Peter's analysis the full poll appears to be safe. Additional -- * interactive seeding is encouraged.) -- */ -- -- if (kernel) -- { -- CREATETOOLHELP32SNAPSHOT snap; -- CLOSETOOLHELP32SNAPSHOT close_snap; -- HANDLE handle; -- -- HEAP32FIRST heap_first; -- HEAP32NEXT heap_next; -- HEAP32LIST heaplist_first, heaplist_next; -- PROCESS32 process_first, process_next; -- THREAD32 thread_first, thread_next; -- MODULE32 module_first, module_next; -- -- HEAPLIST32 hlist; -- HEAPENTRY32 hentry; -- PROCESSENTRY32 p; -- THREADENTRY32 t; -- MODULEENTRY32 m; -- DWORD starttime = 0; -- -- snap = (CREATETOOLHELP32SNAPSHOT) -- GetProcAddress(kernel, "CreateToolhelp32Snapshot"); -- close_snap = (CLOSETOOLHELP32SNAPSHOT) -- GetProcAddress(kernel, "CloseToolhelp32Snapshot"); -- heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); -- heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); -- heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); -- heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); -- process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); -- process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); -- thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); -- thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); -- module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); -- module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); -- -- if (snap && heap_first && heap_next && heaplist_first && -- heaplist_next && process_first && process_next && -- thread_first && thread_next && module_first && -- module_next && (handle = snap(TH32CS_SNAPALL,0)) -- != INVALID_HANDLE_VALUE) -- { -- /* heap list and heap walking */ -- /* HEAPLIST32 contains 3 fields that will change with -- * each entry. Consider each field a source of 1 byte -- * of entropy. -- * HEAPENTRY32 contains 5 fields that will change with -- * each entry. Consider each field a source of 1 byte -- * of entropy. -- */ -- ZeroMemory(&hlist, sizeof(HEAPLIST32)); -- hlist.dwSize = sizeof(HEAPLIST32); -- if (good) starttime = GetTickCount(); --#ifdef _MSC_VER -- if (heaplist_first(handle, &hlist)) -- { -- /* -- following discussion on dev ML, exception on WinCE (or other Win -- platform) is theoretically of unknown origin; prevent infinite -- loop here when this theoretical case occurs; otherwise cope with -- the expected (MSDN documented) exception-throwing behaviour of -- Heap32Next() on WinCE. -- -- based on patch in original message by Tanguy Fautré (2009/03/02) -- Subject: RAND_poll() and CreateToolhelp32Snapshot() stability -- */ -- int ex_cnt_limit = 42; -- do -- { -- RAND_add(&hlist, hlist.dwSize, 3); -- __try -- { -- ZeroMemory(&hentry, sizeof(HEAPENTRY32)); -- hentry.dwSize = sizeof(HEAPENTRY32); -- if (heap_first(&hentry, -- hlist.th32ProcessID, -- hlist.th32HeapID)) -- { -- int entrycnt = 80; -- do -- RAND_add(&hentry, -- hentry.dwSize, 5); -- while (heap_next(&hentry) -- && (!good || (GetTickCount()-starttime) 0); -- } -- } -- __except (EXCEPTION_EXECUTE_HANDLER) -- { -- /* ignore access violations when walking the heap list */ -- ex_cnt_limit--; -- } -- } while (heaplist_next(handle, &hlist) -- && (!good || (GetTickCount()-starttime) 0); -- } -- --#else -- if (heaplist_first(handle, &hlist)) -- { -- do -- { -- RAND_add(&hlist, hlist.dwSize, 3); -- hentry.dwSize = sizeof(HEAPENTRY32); -- if (heap_first(&hentry, -- hlist.th32ProcessID, -- hlist.th32HeapID)) -- { -- int entrycnt = 80; -- do -- RAND_add(&hentry, -- hentry.dwSize, 5); -- while (heap_next(&hentry) -- && --entrycnt > 0); -- } -- } while (heaplist_next(handle, &hlist) -- && (!good || (GetTickCount()-starttime) 0); -+ } - } -- break; -- case WM_MOUSEMOVE: -- { -- static int lastx,lasty,lastdx,lastdy; -- int x,y,dx,dy; -- -- x=LOWORD(lParam); -- y=HIWORD(lParam); -- dx=lastx-x; -- dy=lasty-y; -- if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0) -- add_entropy=.2; -- lastx=x, lasty=y; -- lastdx=dx, lastdy=dy; -+ __except(EXCEPTION_EXECUTE_HANDLER) { -+ /* -+ * ignore access violations when walking the heap -+ * list -+ */ -+ ex_cnt_limit--; - } -- break; -- } -- -- readtimer(); -- RAND_add(&iMsg, sizeof(iMsg), add_entropy); -- RAND_add(&wParam, sizeof(wParam), 0); -- RAND_add(&lParam, sizeof(lParam), 0); -- -- return (RAND_status()); -- } -+ } while (heaplist_next(handle, &hlist) -+ && (!good -+ || (GetTickCount() - starttime) < MAXDELAY) -+ && ex_cnt_limit > 0); -+ } -+# else -+ if (heaplist_first(handle, &hlist)) { -+ do { -+ RAND_add(&hlist, hlist.dwSize, 3); -+ hentry.dwSize = sizeof(HEAPENTRY32); -+ if (heap_first(&hentry, -+ hlist.th32ProcessID, -+ hlist.th32HeapID)) { -+ int entrycnt = 80; -+ do -+ RAND_add(&hentry, hentry.dwSize, 5); -+ while (heap_next(&hentry) -+ && --entrycnt > 0); -+ } -+ } while (heaplist_next(handle, &hlist) -+ && (!good -+ || (GetTickCount() - starttime) < MAXDELAY)); -+ } -+# endif -+ -+ /* process walking */ -+ /* -+ * PROCESSENTRY32 contains 9 fields that will change with -+ * each entry. Consider each field a source of 1 byte of -+ * entropy. -+ */ -+ p.dwSize = sizeof(PROCESSENTRY32); -+ -+ if (good) -+ starttime = GetTickCount(); -+ if (process_first(handle, &p)) -+ do -+ RAND_add(&p, p.dwSize, 9); -+ while (process_next(handle, &p) -+ && (!good -+ || (GetTickCount() - starttime) < MAXDELAY)); -+ -+ /* thread walking */ -+ /* -+ * THREADENTRY32 contains 6 fields that will change with each -+ * entry. Consider each field a source of 1 byte of entropy. -+ */ -+ t.dwSize = sizeof(THREADENTRY32); -+ if (good) -+ starttime = GetTickCount(); -+ if (thread_first(handle, &t)) -+ do -+ RAND_add(&t, t.dwSize, 6); -+ while (thread_next(handle, &t) -+ && (!good -+ || (GetTickCount() - starttime) < MAXDELAY)); -+ -+ /* module walking */ -+ /* -+ * MODULEENTRY32 contains 9 fields that will change with each -+ * entry. Consider each field a source of 1 byte of entropy. -+ */ -+ m.dwSize = sizeof(MODULEENTRY32); -+ if (good) -+ starttime = GetTickCount(); -+ if (module_first(handle, &m)) -+ do -+ RAND_add(&m, m.dwSize, 9); -+ while (module_next(handle, &m) -+ && (!good -+ || (GetTickCount() - starttime) < MAXDELAY)); -+ if (close_snap) -+ close_snap(handle); -+ else -+ CloseHandle(handle); -+ -+ } -+ -+ FreeLibrary(kernel); -+ } -+ } -+# endif /* !OPENSSL_SYS_WINCE */ -+ -+ /* timer data */ -+ readtimer(); -+ -+ /* memory usage statistics */ -+ GlobalMemoryStatus(&m); -+ RAND_add(&m, sizeof(m), 1); -+ -+ /* process ID */ -+ w = GetCurrentProcessId(); -+ RAND_add(&w, sizeof(w), 1); -+ -+# if 0 -+ printf("Exiting RAND_poll\n"); -+# endif - -+ return (1); -+} - --void RAND_screen(void) /* function available for backward compatibility */ -+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) - { -- RAND_poll(); -- readscreen(); -+ double add_entropy = 0; -+ -+ switch (iMsg) { -+ case WM_KEYDOWN: -+ { -+ static WPARAM key; -+ if (key != wParam) -+ add_entropy = 0.05; -+ key = wParam; -+ } -+ break; -+ case WM_MOUSEMOVE: -+ { -+ static int lastx, lasty, lastdx, lastdy; -+ int x, y, dx, dy; -+ -+ x = LOWORD(lParam); -+ y = HIWORD(lParam); -+ dx = lastx - x; -+ dy = lasty - y; -+ if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0) -+ add_entropy = .2; -+ lastx = x, lasty = y; -+ lastdx = dx, lastdy = dy; -+ } -+ break; -+ } -+ -+ readtimer(); -+ RAND_add(&iMsg, sizeof(iMsg), add_entropy); -+ RAND_add(&wParam, sizeof(wParam), 0); -+ RAND_add(&lParam, sizeof(lParam), 0); -+ -+ return (RAND_status()); - } - -+void RAND_screen(void) -+{ /* function available for backward -+ * compatibility */ -+ RAND_poll(); -+ readscreen(); -+} - - /* feed timing information to the PRNG */ - static void readtimer(void) - { -- DWORD w; -- LARGE_INTEGER l; -- static int have_perfc = 1; --#if defined(_MSC_VER) && defined(_M_X86) -- static int have_tsc = 1; -- DWORD cyclecount; -- -- if (have_tsc) { -- __try { -- __asm { -- _emit 0x0f -- _emit 0x31 -- mov cyclecount, eax -- } -- RAND_add(&cyclecount, sizeof(cyclecount), 1); -- } __except(EXCEPTION_EXECUTE_HANDLER) { -- have_tsc = 0; -- } -- } --#else --# define have_tsc 0 --#endif -+ DWORD w; -+ LARGE_INTEGER l; -+ static int have_perfc = 1; -+# if defined(_MSC_VER) && defined(_M_X86) -+ static int have_tsc = 1; -+ DWORD cyclecount; -+ -+ if (have_tsc) { -+ __try { -+ __asm { -+ _emit 0x0f _emit 0x31 mov cyclecount, eax} -+ RAND_add(&cyclecount, sizeof(cyclecount), 1); -+ } -+ __except(EXCEPTION_EXECUTE_HANDLER) { -+ have_tsc = 0; -+ } -+ } -+# else -+# define have_tsc 0 -+# endif - -- if (have_perfc) { -- if (QueryPerformanceCounter(&l) == 0) -- have_perfc = 0; -- else -- RAND_add(&l, sizeof(l), 0); -- } -- -- if (!have_tsc && !have_perfc) { -- w = GetTickCount(); -- RAND_add(&w, sizeof(w), 0); -- } -+ if (have_perfc) { -+ if (QueryPerformanceCounter(&l) == 0) -+ have_perfc = 0; -+ else -+ RAND_add(&l, sizeof(l), 0); -+ } -+ -+ if (!have_tsc && !have_perfc) { -+ w = GetTickCount(); -+ RAND_add(&w, sizeof(w), 0); -+ } - } - - /* feed screen contents to PRNG */ -@@ -737,71 +682,70 @@ static void readtimer(void) - - static void readscreen(void) - { --#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) -- HDC hScrDC; /* screen DC */ -- HDC hMemDC; /* memory DC */ -- HBITMAP hBitmap; /* handle for our bitmap */ -- HBITMAP hOldBitmap; /* handle for previous bitmap */ -- BITMAP bm; /* bitmap properties */ -- unsigned int size; /* size of bitmap */ -- char *bmbits; /* contents of bitmap */ -- int w; /* screen width */ -- int h; /* screen height */ -- int y; /* y-coordinate of screen lines to grab */ -- int n = 16; /* number of screen lines to grab at a time */ -- -- if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0) -- return; -- -- /* Create a screen DC and a memory DC compatible to screen DC */ -- hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); -- hMemDC = CreateCompatibleDC(hScrDC); -- -- /* Get screen resolution */ -- w = GetDeviceCaps(hScrDC, HORZRES); -- h = GetDeviceCaps(hScrDC, VERTRES); -- -- /* Create a bitmap compatible with the screen DC */ -- hBitmap = CreateCompatibleBitmap(hScrDC, w, n); -- -- /* Select new bitmap into memory DC */ -- hOldBitmap = SelectObject(hMemDC, hBitmap); -- -- /* Get bitmap properties */ -- GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm); -- size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; -- -- bmbits = OPENSSL_malloc(size); -- if (bmbits) { -- /* Now go through the whole screen, repeatedly grabbing n lines */ -- for (y = 0; y < h-n; y += n) -- { -- unsigned char md[MD_DIGEST_LENGTH]; -- -- /* Bitblt screen DC to memory DC */ -- BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); -- -- /* Copy bitmap bits from memory DC to bmbits */ -- GetBitmapBits(hBitmap, size, bmbits); -- -- /* Get the hash of the bitmap */ -- MD(bmbits,size,md); -- -- /* Seed the random generator with the hash value */ -- RAND_add(md, MD_DIGEST_LENGTH, 0); -- } -- -- OPENSSL_free(bmbits); -- } -- -- /* Select old bitmap back into memory DC */ -- hBitmap = SelectObject(hMemDC, hOldBitmap); -- -- /* Clean up */ -- DeleteObject(hBitmap); -- DeleteDC(hMemDC); -- DeleteDC(hScrDC); --#endif /* !OPENSSL_SYS_WINCE */ -+# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) -+ HDC hScrDC; /* screen DC */ -+ HDC hMemDC; /* memory DC */ -+ HBITMAP hBitmap; /* handle for our bitmap */ -+ HBITMAP hOldBitmap; /* handle for previous bitmap */ -+ BITMAP bm; /* bitmap properties */ -+ unsigned int size; /* size of bitmap */ -+ char *bmbits; /* contents of bitmap */ -+ int w; /* screen width */ -+ int h; /* screen height */ -+ int y; /* y-coordinate of screen lines to grab */ -+ int n = 16; /* number of screen lines to grab at a time */ -+ -+ if (check_winnt() && OPENSSL_isservice() > 0) -+ return; -+ -+ /* Create a screen DC and a memory DC compatible to screen DC */ -+ hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); -+ hMemDC = CreateCompatibleDC(hScrDC); -+ -+ /* Get screen resolution */ -+ w = GetDeviceCaps(hScrDC, HORZRES); -+ h = GetDeviceCaps(hScrDC, VERTRES); -+ -+ /* Create a bitmap compatible with the screen DC */ -+ hBitmap = CreateCompatibleBitmap(hScrDC, w, n); -+ -+ /* Select new bitmap into memory DC */ -+ hOldBitmap = SelectObject(hMemDC, hBitmap); -+ -+ /* Get bitmap properties */ -+ GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm); -+ size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; -+ -+ bmbits = OPENSSL_malloc(size); -+ if (bmbits) { -+ /* Now go through the whole screen, repeatedly grabbing n lines */ -+ for (y = 0; y < h - n; y += n) { -+ unsigned char md[MD_DIGEST_LENGTH]; -+ -+ /* Bitblt screen DC to memory DC */ -+ BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); -+ -+ /* Copy bitmap bits from memory DC to bmbits */ -+ GetBitmapBits(hBitmap, size, bmbits); -+ -+ /* Get the hash of the bitmap */ -+ MD(bmbits, size, md); -+ -+ /* Seed the random generator with the hash value */ -+ RAND_add(md, MD_DIGEST_LENGTH, 0); -+ } -+ -+ OPENSSL_free(bmbits); -+ } -+ -+ /* Select old bitmap back into memory DC */ -+ hBitmap = SelectObject(hMemDC, hOldBitmap); -+ -+ /* Clean up */ -+ DeleteObject(hBitmap); -+ DeleteDC(hMemDC); -+ DeleteDC(hScrDC); -+# endif /* !OPENSSL_SYS_WINCE */ - } - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c -index 1810568..3feca3d 100644 ---- a/Cryptlib/OpenSSL/crypto/rand/randfile.c -+++ b/Cryptlib/OpenSSL/crypto/rand/randfile.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -70,7 +70,7 @@ - #include - - #ifdef OPENSSL_SYS_VMS --#include -+# include - #endif - #ifndef NO_SYS_TYPES_H - # include -@@ -82,243 +82,250 @@ - #endif - - #ifdef _WIN32 --#define stat _stat --#define chmod _chmod --#define open _open --#define fdopen _fdopen -+# define stat _stat -+# define chmod _chmod -+# define open _open -+# define fdopen _fdopen - #endif - - #undef BUFSIZE --#define BUFSIZE 1024 -+#define BUFSIZE 1024 - #define RAND_DATA 1024 - - #ifdef OPENSSL_SYS_VMS --/* This declaration is a nasty hack to get around vms' extension to fopen -- * for passing in sharing options being disabled by our /STANDARD=ANSI89 */ -+/* -+ * This declaration is a nasty hack to get around vms' extension to fopen for -+ * passing in sharing options being disabled by our /STANDARD=ANSI89 -+ */ - static FILE *(*const vms_fopen)(const char *, const char *, ...) = - (FILE *(*)(const char *, const char *, ...))fopen; --#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" -+# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" - #endif - - /* #define RFILE ".rnd" - defined in ../../e_os.h */ - --/* Note that these functions are intended for seed files only. -- * Entropy devices and EGD sockets are handled in rand_unix.c */ -+/* -+ * Note that these functions are intended for seed files only. Entropy -+ * devices and EGD sockets are handled in rand_unix.c -+ */ - - int RAND_load_file(const char *file, long bytes) -- { -- /* If bytes >= 0, read up to 'bytes' bytes. -- * if bytes == -1, read complete file. */ -+{ -+ /*- -+ * If bytes >= 0, read up to 'bytes' bytes. -+ * if bytes == -1, read complete file. -+ */ - -- MS_STATIC unsigned char buf[BUFSIZE]; -- struct stat sb; -- int i,ret=0,n; -- FILE *in; -+ MS_STATIC unsigned char buf[BUFSIZE]; -+ struct stat sb; -+ int i, ret = 0, n; -+ FILE *in; - -- if (file == NULL) return(0); -+ if (file == NULL) -+ return (0); - - #ifdef PURIFY -- /* struct stat can have padding and unused fields that may not be -- * initialized in the call to stat(). We need to clear the entire -- * structure before calling RAND_add() to avoid complaints from -- * applications such as Valgrind. -- */ -- memset(&sb, 0, sizeof(sb)); -+ /* -+ * struct stat can have padding and unused fields that may not be -+ * initialized in the call to stat(). We need to clear the entire -+ * structure before calling RAND_add() to avoid complaints from -+ * applications such as Valgrind. -+ */ -+ memset(&sb, 0, sizeof(sb)); - #endif - -- if (stat(file,&sb) < 0) return(0); -- RAND_add(&sb,sizeof(sb),0.0); -- if (bytes == 0) return(ret); -+ if (stat(file, &sb) < 0) -+ return (0); -+ RAND_add(&sb, sizeof(sb), 0.0); -+ if (bytes == 0) -+ return (ret); - - #ifdef OPENSSL_SYS_VMS -- in=vms_fopen(file,"rb",VMS_OPEN_ATTRS); -+ in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); - #else -- in=fopen(file,"rb"); -+ in = fopen(file, "rb"); - #endif -- if (in == NULL) goto err; -+ if (in == NULL) -+ goto err; - #if defined(S_ISBLK) && defined(S_ISCHR) -- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { -- /* this file is a device. we don't want read an infinite number -- * of bytes from a random device, nor do we want to use buffered -- * I/O because we will waste system entropy. -- */ -- bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ -- setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ -- } -+ if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { -+ /* -+ * this file is a device. we don't want read an infinite number of -+ * bytes from a random device, nor do we want to use buffered I/O -+ * because we will waste system entropy. -+ */ -+ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ -+ setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ -+ } - #endif -- for (;;) -- { -- if (bytes > 0) -- n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE; -- else -- n = BUFSIZE; -- i=fread(buf,1,n,in); -- if (i <= 0) break; -+ for (;;) { -+ if (bytes > 0) -+ n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE; -+ else -+ n = BUFSIZE; -+ i = fread(buf, 1, n, in); -+ if (i <= 0) -+ break; - #ifdef PURIFY -- RAND_add(buf,i,(double)i); -+ RAND_add(buf, i, (double)i); - #else -- /* even if n != i, use the full array */ -- RAND_add(buf,n,(double)i); -+ /* even if n != i, use the full array */ -+ RAND_add(buf, n, (double)i); - #endif -- ret+=i; -- if (bytes > 0) -- { -- bytes-=n; -- if (bytes <= 0) break; -- } -- } -- fclose(in); -- OPENSSL_cleanse(buf,BUFSIZE); --err: -- return(ret); -- } -+ ret += i; -+ if (bytes > 0) { -+ bytes -= n; -+ if (bytes <= 0) -+ break; -+ } -+ } -+ fclose(in); -+ OPENSSL_cleanse(buf, BUFSIZE); -+ err: -+ return (ret); -+} - - int RAND_write_file(const char *file) -- { -- unsigned char buf[BUFSIZE]; -- int i,ret=0,rand_err=0; -- FILE *out = NULL; -- int n; -- struct stat sb; -- -- i=stat(file,&sb); -- if (i != -1) { -+{ -+ unsigned char buf[BUFSIZE]; -+ int i, ret = 0, rand_err = 0; -+ FILE *out = NULL; -+ int n; -+ struct stat sb; -+ -+ i = stat(file, &sb); -+ if (i != -1) { - #if defined(S_ISBLK) && defined(S_ISCHR) -- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { -- /* this file is a device. we don't write back to it. -- * we "succeed" on the assumption this is some sort -- * of random device. Otherwise attempting to write to -- * and chmod the device causes problems. -- */ -- return(1); -- } -+ if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { -+ /* -+ * this file is a device. we don't write back to it. we -+ * "succeed" on the assumption this is some sort of random -+ * device. Otherwise attempting to write to and chmod the device -+ * causes problems. -+ */ -+ return (1); -+ } - #endif -- } -- -+ } - #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) -- { -- /* For some reason Win32 can't write to files created this way */ -- -- /* chmod(..., 0600) is too late to protect the file, -- * permissions should be restrictive from the start */ -- int fd = open(file, O_CREAT, 0600); -- if (fd != -1) -- out = fdopen(fd, "wb"); -- } -+ { -+ /* For some reason Win32 can't write to files created this way */ -+ -+ /* -+ * chmod(..., 0600) is too late to protect the file, permissions -+ * should be restrictive from the start -+ */ -+ int fd = open(file, O_CREAT, 0600); -+ if (fd != -1) -+ out = fdopen(fd, "wb"); -+ } - #endif - - #ifdef OPENSSL_SYS_VMS -- /* VMS NOTE: Prior versions of this routine created a _new_ -- * version of the rand file for each call into this routine, then -- * deleted all existing versions named ;-1, and finally renamed -- * the current version as ';1'. Under concurrent usage, this -- * resulted in an RMS race condition in rename() which could -- * orphan files (see vms message help for RMS$_REENT). With the -- * fopen() calls below, openssl/VMS now shares the top-level -- * version of the rand file. Note that there may still be -- * conditions where the top-level rand file is locked. If so, this -- * code will then create a new version of the rand file. Without -- * the delete and rename code, this can result in ascending file -- * versions that stop at version 32767, and this routine will then -- * return an error. The remedy for this is to recode the calling -- * application to avoid concurrent use of the rand file, or -- * synchronize usage at the application level. Also consider -- * whether or not you NEED a persistent rand file in a concurrent -- * use situation. -- */ -+ /* -+ * VMS NOTE: Prior versions of this routine created a _new_ version of -+ * the rand file for each call into this routine, then deleted all -+ * existing versions named ;-1, and finally renamed the current version -+ * as ';1'. Under concurrent usage, this resulted in an RMS race -+ * condition in rename() which could orphan files (see vms message help -+ * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares -+ * the top-level version of the rand file. Note that there may still be -+ * conditions where the top-level rand file is locked. If so, this code -+ * will then create a new version of the rand file. Without the delete -+ * and rename code, this can result in ascending file versions that stop -+ * at version 32767, and this routine will then return an error. The -+ * remedy for this is to recode the calling application to avoid -+ * concurrent use of the rand file, or synchronize usage at the -+ * application level. Also consider whether or not you NEED a persistent -+ * rand file in a concurrent use situation. -+ */ - -- out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS); -- if (out == NULL) -- out = vms_fopen(file,"wb",VMS_OPEN_ATTRS); -+ out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS); -+ if (out == NULL) -+ out = vms_fopen(file, "wb", VMS_OPEN_ATTRS); - #else -- if (out == NULL) -- out = fopen(file,"wb"); -+ if (out == NULL) -+ out = fopen(file, "wb"); - #endif -- if (out == NULL) goto err; -+ if (out == NULL) -+ goto err; - - #ifndef NO_CHMOD -- chmod(file,0600); -+ chmod(file, 0600); - #endif -- n=RAND_DATA; -- for (;;) -- { -- i=(n > BUFSIZE)?BUFSIZE:n; -- n-=BUFSIZE; -- if (RAND_bytes(buf,i) <= 0) -- rand_err=1; -- i=fwrite(buf,1,i,out); -- if (i <= 0) -- { -- ret=0; -- break; -- } -- ret+=i; -- if (n <= 0) break; -- } -+ n = RAND_DATA; -+ for (;;) { -+ i = (n > BUFSIZE) ? BUFSIZE : n; -+ n -= BUFSIZE; -+ if (RAND_bytes(buf, i) <= 0) -+ rand_err = 1; -+ i = fwrite(buf, 1, i, out); -+ if (i <= 0) { -+ ret = 0; -+ break; -+ } -+ ret += i; -+ if (n <= 0) -+ break; -+ } - -- fclose(out); -- OPENSSL_cleanse(buf,BUFSIZE); --err: -- return (rand_err ? -1 : ret); -- } -+ fclose(out); -+ OPENSSL_cleanse(buf, BUFSIZE); -+ err: -+ return (rand_err ? -1 : ret); -+} - - const char *RAND_file_name(char *buf, size_t size) -- { -- char *s=NULL; -+{ -+ char *s = NULL; - #ifdef __OpenBSD__ -- int ok = 0; -- struct stat sb; -+ int ok = 0; -+ struct stat sb; - #endif - -- if (OPENSSL_issetugid() == 0) -- s=getenv("RANDFILE"); -- if (s != NULL && *s && strlen(s) + 1 < size) -- { -- if (BUF_strlcpy(buf,s,size) >= size) -- return NULL; -- } -- else -- { -- if (OPENSSL_issetugid() == 0) -- s=getenv("HOME"); -+ if (OPENSSL_issetugid() == 0) -+ s = getenv("RANDFILE"); -+ if (s != NULL && *s && strlen(s) + 1 < size) { -+ if (BUF_strlcpy(buf, s, size) >= size) -+ return NULL; -+ } else { -+ if (OPENSSL_issetugid() == 0) -+ s = getenv("HOME"); - #ifdef DEFAULT_HOME -- if (s == NULL) -- { -- s = DEFAULT_HOME; -- } -+ if (s == NULL) { -+ s = DEFAULT_HOME; -+ } - #endif -- if (s && *s && strlen(s)+strlen(RFILE)+2 < size) -- { -- BUF_strlcpy(buf,s,size); -+ if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) { -+ BUF_strlcpy(buf, s, size); - #ifndef OPENSSL_SYS_VMS -- BUF_strlcat(buf,"/",size); -+ BUF_strlcat(buf, "/", size); - #endif -- BUF_strlcat(buf,RFILE,size); -+ BUF_strlcat(buf, RFILE, size); - #ifdef __OpenBSD__ -- ok = 1; -+ ok = 1; - #endif -- } -- else -- buf[0] = '\0'; /* no file name */ -- } -+ } else -+ buf[0] = '\0'; /* no file name */ -+ } - - #ifdef __OpenBSD__ -- /* given that all random loads just fail if the file can't be -- * seen on a stat, we stat the file we're returning, if it -- * fails, use /dev/arandom instead. this allows the user to -- * use their own source for good random data, but defaults -- * to something hopefully decent if that isn't available. -- */ -- -- if (!ok) -- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { -- return(NULL); -- } -- if (stat(buf,&sb) == -1) -- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { -- return(NULL); -- } -+ /* -+ * given that all random loads just fail if the file can't be seen on a -+ * stat, we stat the file we're returning, if it fails, use /dev/arandom -+ * instead. this allows the user to use their own source for good random -+ * data, but defaults to something hopefully decent if that isn't -+ * available. -+ */ - -+ if (!ok) -+ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { -+ return (NULL); -+ } -+ if (stat(buf, &sb) == -1) -+ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { -+ return (NULL); -+ } - #endif -- return(buf); -- } -+ return (buf); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c -index 74f48d3..5eaf01d 100644 ---- a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c -+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,167 +60,169 @@ - #include "rc2_locl.h" - - void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, -- RC2_KEY *ks, unsigned char *iv, int encrypt) -- { -- register unsigned long tin0,tin1; -- register unsigned long tout0,tout1,xor0,xor1; -- register long l=length; -- unsigned long tin[2]; -- -- if (encrypt) -- { -- c2l(iv,tout0); -- c2l(iv,tout1); -- iv-=8; -- for (l-=8; l>=0; l-=8) -- { -- c2l(in,tin0); -- c2l(in,tin1); -- tin0^=tout0; -- tin1^=tout1; -- tin[0]=tin0; -- tin[1]=tin1; -- RC2_encrypt(tin,ks); -- tout0=tin[0]; l2c(tout0,out); -- tout1=tin[1]; l2c(tout1,out); -- } -- if (l != -8) -- { -- c2ln(in,tin0,tin1,l+8); -- tin0^=tout0; -- tin1^=tout1; -- tin[0]=tin0; -- tin[1]=tin1; -- RC2_encrypt(tin,ks); -- tout0=tin[0]; l2c(tout0,out); -- tout1=tin[1]; l2c(tout1,out); -- } -- l2c(tout0,iv); -- l2c(tout1,iv); -- } -- else -- { -- c2l(iv,xor0); -- c2l(iv,xor1); -- iv-=8; -- for (l-=8; l>=0; l-=8) -- { -- c2l(in,tin0); tin[0]=tin0; -- c2l(in,tin1); tin[1]=tin1; -- RC2_decrypt(tin,ks); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- l2c(tout0,out); -- l2c(tout1,out); -- xor0=tin0; -- xor1=tin1; -- } -- if (l != -8) -- { -- c2l(in,tin0); tin[0]=tin0; -- c2l(in,tin1); tin[1]=tin1; -- RC2_decrypt(tin,ks); -- tout0=tin[0]^xor0; -- tout1=tin[1]^xor1; -- l2cn(tout0,tout1,out,l+8); -- xor0=tin0; -- xor1=tin1; -- } -- l2c(xor0,iv); -- l2c(xor1,iv); -- } -- tin0=tin1=tout0=tout1=xor0=xor1=0; -- tin[0]=tin[1]=0; -- } -+ RC2_KEY *ks, unsigned char *iv, int encrypt) -+{ -+ register unsigned long tin0, tin1; -+ register unsigned long tout0, tout1, xor0, xor1; -+ register long l = length; -+ unsigned long tin[2]; -+ -+ if (encrypt) { -+ c2l(iv, tout0); -+ c2l(iv, tout1); -+ iv -= 8; -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ c2l(in, tin1); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ tin[0] = tin0; -+ tin[1] = tin1; -+ RC2_encrypt(tin, ks); -+ tout0 = tin[0]; -+ l2c(tout0, out); -+ tout1 = tin[1]; -+ l2c(tout1, out); -+ } -+ if (l != -8) { -+ c2ln(in, tin0, tin1, l + 8); -+ tin0 ^= tout0; -+ tin1 ^= tout1; -+ tin[0] = tin0; -+ tin[1] = tin1; -+ RC2_encrypt(tin, ks); -+ tout0 = tin[0]; -+ l2c(tout0, out); -+ tout1 = tin[1]; -+ l2c(tout1, out); -+ } -+ l2c(tout0, iv); -+ l2c(tout1, iv); -+ } else { -+ c2l(iv, xor0); -+ c2l(iv, xor1); -+ iv -= 8; -+ for (l -= 8; l >= 0; l -= 8) { -+ c2l(in, tin0); -+ tin[0] = tin0; -+ c2l(in, tin1); -+ tin[1] = tin1; -+ RC2_decrypt(tin, ks); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2c(tout0, out); -+ l2c(tout1, out); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ if (l != -8) { -+ c2l(in, tin0); -+ tin[0] = tin0; -+ c2l(in, tin1); -+ tin[1] = tin1; -+ RC2_decrypt(tin, ks); -+ tout0 = tin[0] ^ xor0; -+ tout1 = tin[1] ^ xor1; -+ l2cn(tout0, tout1, out, l + 8); -+ xor0 = tin0; -+ xor1 = tin1; -+ } -+ l2c(xor0, iv); -+ l2c(xor1, iv); -+ } -+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; -+ tin[0] = tin[1] = 0; -+} - - void RC2_encrypt(unsigned long *d, RC2_KEY *key) -- { -- int i,n; -- register RC2_INT *p0,*p1; -- register RC2_INT x0,x1,x2,x3,t; -- unsigned long l; -- -- l=d[0]; -- x0=(RC2_INT)l&0xffff; -- x1=(RC2_INT)(l>>16L); -- l=d[1]; -- x2=(RC2_INT)l&0xffff; -- x3=(RC2_INT)(l>>16L); -- -- n=3; -- i=5; -- -- p0=p1= &(key->data[0]); -- for (;;) -- { -- t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; -- x0=(t<<1)|(t>>15); -- t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; -- x1=(t<<2)|(t>>14); -- t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; -- x2=(t<<3)|(t>>13); -- t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; -- x3=(t<<5)|(t>>11); -- -- if (--i == 0) -- { -- if (--n == 0) break; -- i=(n == 2)?6:5; -- -- x0+=p1[x3&0x3f]; -- x1+=p1[x0&0x3f]; -- x2+=p1[x1&0x3f]; -- x3+=p1[x2&0x3f]; -- } -- } -- -- d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L); -- d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); -- } -+{ -+ int i, n; -+ register RC2_INT *p0, *p1; -+ register RC2_INT x0, x1, x2, x3, t; -+ unsigned long l; -+ -+ l = d[0]; -+ x0 = (RC2_INT) l & 0xffff; -+ x1 = (RC2_INT) (l >> 16L); -+ l = d[1]; -+ x2 = (RC2_INT) l & 0xffff; -+ x3 = (RC2_INT) (l >> 16L); -+ -+ n = 3; -+ i = 5; -+ -+ p0 = p1 = &(key->data[0]); -+ for (;;) { -+ t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff; -+ x0 = (t << 1) | (t >> 15); -+ t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff; -+ x1 = (t << 2) | (t >> 14); -+ t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff; -+ x2 = (t << 3) | (t >> 13); -+ t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff; -+ x3 = (t << 5) | (t >> 11); -+ -+ if (--i == 0) { -+ if (--n == 0) -+ break; -+ i = (n == 2) ? 6 : 5; -+ -+ x0 += p1[x3 & 0x3f]; -+ x1 += p1[x0 & 0x3f]; -+ x2 += p1[x1 & 0x3f]; -+ x3 += p1[x2 & 0x3f]; -+ } -+ } -+ -+ d[0] = -+ (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); -+ d[1] = -+ (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); -+} - - void RC2_decrypt(unsigned long *d, RC2_KEY *key) -- { -- int i,n; -- register RC2_INT *p0,*p1; -- register RC2_INT x0,x1,x2,x3,t; -- unsigned long l; -- -- l=d[0]; -- x0=(RC2_INT)l&0xffff; -- x1=(RC2_INT)(l>>16L); -- l=d[1]; -- x2=(RC2_INT)l&0xffff; -- x3=(RC2_INT)(l>>16L); -- -- n=3; -- i=5; -- -- p0= &(key->data[63]); -- p1= &(key->data[0]); -- for (;;) -- { -- t=((x3<<11)|(x3>>5))&0xffff; -- x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff; -- t=((x2<<13)|(x2>>3))&0xffff; -- x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff; -- t=((x1<<14)|(x1>>2))&0xffff; -- x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff; -- t=((x0<<15)|(x0>>1))&0xffff; -- x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff; -- -- if (--i == 0) -- { -- if (--n == 0) break; -- i=(n == 2)?6:5; -- -- x3=(x3-p1[x2&0x3f])&0xffff; -- x2=(x2-p1[x1&0x3f])&0xffff; -- x1=(x1-p1[x0&0x3f])&0xffff; -- x0=(x0-p1[x3&0x3f])&0xffff; -- } -- } -- -- d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L); -- d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); -- } -- -+{ -+ int i, n; -+ register RC2_INT *p0, *p1; -+ register RC2_INT x0, x1, x2, x3, t; -+ unsigned long l; -+ -+ l = d[0]; -+ x0 = (RC2_INT) l & 0xffff; -+ x1 = (RC2_INT) (l >> 16L); -+ l = d[1]; -+ x2 = (RC2_INT) l & 0xffff; -+ x3 = (RC2_INT) (l >> 16L); -+ -+ n = 3; -+ i = 5; -+ -+ p0 = &(key->data[63]); -+ p1 = &(key->data[0]); -+ for (;;) { -+ t = ((x3 << 11) | (x3 >> 5)) & 0xffff; -+ x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff; -+ t = ((x2 << 13) | (x2 >> 3)) & 0xffff; -+ x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff; -+ t = ((x1 << 14) | (x1 >> 2)) & 0xffff; -+ x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff; -+ t = ((x0 << 15) | (x0 >> 1)) & 0xffff; -+ x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff; -+ -+ if (--i == 0) { -+ if (--n == 0) -+ break; -+ i = (n == 2) ? 6 : 5; -+ -+ x3 = (x3 - p1[x2 & 0x3f]) & 0xffff; -+ x2 = (x2 - p1[x1 & 0x3f]) & 0xffff; -+ x1 = (x1 - p1[x0 & 0x3f]) & 0xffff; -+ x0 = (x0 - p1[x3 & 0x3f]) & 0xffff; -+ } -+ } -+ -+ d[0] = -+ (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); -+ d[1] = -+ (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c -index fff86c7..48442a3 100644 ---- a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c -+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -60,9 +60,10 @@ - #include "rc2_locl.h" - #include - --const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT; -+const char RC2_version[] = "RC2" OPENSSL_VERSION_PTEXT; - --/* RC2 as implemented frm a posting from -+/*- -+ * RC2 as implemented frm a posting from - * Newsgroups: sci.crypt - * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann) - * Subject: Specification for Ron Rivests Cipher No.2 -@@ -71,18 +72,21 @@ const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT; - */ - - void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks, -- int encrypt) -- { -- unsigned long l,d[2]; -- -- c2l(in,l); d[0]=l; -- c2l(in,l); d[1]=l; -- if (encrypt) -- RC2_encrypt(d,ks); -- else -- RC2_decrypt(d,ks); -- l=d[0]; l2c(l,out); -- l=d[1]; l2c(l,out); -- l=d[0]=d[1]=0; -- } -+ int encrypt) -+{ -+ unsigned long l, d[2]; - -+ c2l(in, l); -+ d[0] = l; -+ c2l(in, l); -+ d[1] = l; -+ if (encrypt) -+ RC2_encrypt(d, ks); -+ else -+ RC2_decrypt(d, ks); -+ l = d[0]; -+ l2c(l, out); -+ l = d[1]; -+ l2c(l, out); -+ l = d[0] = d[1] = 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c -index 4e000e5..5363304 100644 ---- a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c -+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,104 +59,107 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #include "rc2_locl.h" - --static unsigned char key_table[256]={ -- 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79, -- 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e, -- 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5, -- 0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32, -- 0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22, -- 0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c, -- 0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f, -- 0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26, -- 0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b, -- 0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7, -- 0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde, -- 0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a, -- 0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e, -- 0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc, -- 0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85, -- 0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31, -- 0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10, -- 0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c, -- 0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b, -- 0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e, -- 0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68, -- 0xfe,0x7f,0xc1,0xad, -- }; -+static unsigned char key_table[256] = { -+ 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, -+ 0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, -+ 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5, -+ 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, -+ 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, -+ 0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, -+ 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f, -+ 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, -+ 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, -+ 0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, -+ 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde, -+ 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, -+ 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, -+ 0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, -+ 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85, -+ 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, -+ 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, -+ 0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, -+ 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b, -+ 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, -+ 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, -+ 0xfe, 0x7f, 0xc1, 0xad, -+}; - - #if defined(_MSC_VER) && defined(_ARM_) --#pragma optimize("g",off) -+# pragma optimize("g",off) - #endif - --/* It has come to my attention that there are 2 versions of the RC2 -- * key schedule. One which is normal, and anther which has a hook to -- * use a reduced key length. -- * BSAFE uses the 'retarded' version. What I previously shipped is -- * the same as specifying 1024 for the 'bits' parameter. Bsafe uses -- * a version where the bits parameter is the same as len*8 */ -+/* -+ * It has come to my attention that there are 2 versions of the RC2 key -+ * schedule. One which is normal, and anther which has a hook to use a -+ * reduced key length. BSAFE uses the 'retarded' version. What I previously -+ * shipped is the same as specifying 1024 for the 'bits' parameter. Bsafe -+ * uses a version where the bits parameter is the same as len*8 -+ */ - - #ifdef OPENSSL_FIPS - void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) -- { -- if (FIPS_mode()) -- FIPS_BAD_ABORT(RC2) -- private_RC2_set_key(key, len, data, bits); -- } -+{ -+ if (FIPS_mode()) -+ FIPS_BAD_ABORT(RC2) -+ private_RC2_set_key(key, len, data, bits); -+} -+ - void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, -- int bits) -+ int bits) - #else - void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) - #endif -- { -- int i,j; -- unsigned char *k; -- RC2_INT *ki; -- unsigned int c,d; -- -- k= (unsigned char *)&(key->data[0]); -- *k=0; /* for if there is a zero length key */ -- -- if (len > 128) len=128; -- if (bits <= 0) bits=1024; -- if (bits > 1024) bits=1024; -- -- for (i=0; i>3; -- i=128-j; -- c= (0xff>>(-bits & 0x07)); -- -- d=key_table[k[i]&c]; -- k[i]=d; -- while (i--) -- { -- d=key_table[k[i+j]^d]; -- k[i]=d; -- } -- -- /* copy from bytes into RC2_INT's */ -- ki= &(key->data[63]); -- for (i=127; i>=0; i-=2) -- *(ki--)=((k[i]<<8)|k[i-1])&0xffff; -- } -+{ -+ int i, j; -+ unsigned char *k; -+ RC2_INT *ki; -+ unsigned int c, d; -+ -+ k = (unsigned char *)&(key->data[0]); -+ *k = 0; /* for if there is a zero length key */ -+ -+ if (len > 128) -+ len = 128; -+ if (bits <= 0) -+ bits = 1024; -+ if (bits > 1024) -+ bits = 1024; -+ -+ for (i = 0; i < len; i++) -+ k[i] = data[i]; -+ -+ /* expand table */ -+ d = k[len - 1]; -+ j = 0; -+ for (i = len; i < 128; i++, j++) { -+ d = key_table[(k[j] + d) & 0xff]; -+ k[i] = d; -+ } -+ -+ /* hmm.... key reduction to 'bits' bits */ -+ -+ j = (bits + 7) >> 3; -+ i = 128 - j; -+ c = (0xff >> (-bits & 0x07)); -+ -+ d = key_table[k[i] & c]; -+ k[i] = d; -+ while (i--) { -+ d = key_table[k[i + j] ^ d]; -+ k[i] = d; -+ } -+ -+ /* copy from bytes into RC2_INT's */ -+ ki = &(key->data[63]); -+ for (i = 127; i >= 0; i -= 2) -+ *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff; -+} - - #if defined(_MSC_VER) --#pragma optimize("",on) -+# pragma optimize("",on) - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c -index b3a0158..8b5929f 100644 ---- a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c -+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,64 +59,65 @@ - #include - #include "rc2_locl.h" - --/* The input and output encrypted as though 64bit cfb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit cfb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - - void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, RC2_KEY *schedule, unsigned char *ivec, -- int *num, int encrypt) -- { -- register unsigned long v0,v1,t; -- register int n= *num; -- register long l=length; -- unsigned long ti[2]; -- unsigned char *iv,c,cc; -- -- iv=(unsigned char *)ivec; -- if (encrypt) -- { -- while (l--) -- { -- if (n == 0) -- { -- c2l(iv,v0); ti[0]=v0; -- c2l(iv,v1); ti[1]=v1; -- RC2_encrypt((unsigned long *)ti,schedule); -- iv=(unsigned char *)ivec; -- t=ti[0]; l2c(t,iv); -- t=ti[1]; l2c(t,iv); -- iv=(unsigned char *)ivec; -- } -- c= *(in++)^iv[n]; -- *(out++)=c; -- iv[n]=c; -- n=(n+1)&0x07; -- } -- } -- else -- { -- while (l--) -- { -- if (n == 0) -- { -- c2l(iv,v0); ti[0]=v0; -- c2l(iv,v1); ti[1]=v1; -- RC2_encrypt((unsigned long *)ti,schedule); -- iv=(unsigned char *)ivec; -- t=ti[0]; l2c(t,iv); -- t=ti[1]; l2c(t,iv); -- iv=(unsigned char *)ivec; -- } -- cc= *(in++); -- c=iv[n]; -- iv[n]=cc; -- *(out++)=c^cc; -- n=(n+1)&0x07; -- } -- } -- v0=v1=ti[0]=ti[1]=t=c=cc=0; -- *num=n; -- } -+ long length, RC2_KEY *schedule, unsigned char *ivec, -+ int *num, int encrypt) -+{ -+ register unsigned long v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ unsigned long ti[2]; -+ unsigned char *iv, c, cc; - -+ iv = (unsigned char *)ivec; -+ if (encrypt) { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ ti[0] = v0; -+ c2l(iv, v1); -+ ti[1] = v1; -+ RC2_encrypt((unsigned long *)ti, schedule); -+ iv = (unsigned char *)ivec; -+ t = ti[0]; -+ l2c(t, iv); -+ t = ti[1]; -+ l2c(t, iv); -+ iv = (unsigned char *)ivec; -+ } -+ c = *(in++) ^ iv[n]; -+ *(out++) = c; -+ iv[n] = c; -+ n = (n + 1) & 0x07; -+ } -+ } else { -+ while (l--) { -+ if (n == 0) { -+ c2l(iv, v0); -+ ti[0] = v0; -+ c2l(iv, v1); -+ ti[1] = v1; -+ RC2_encrypt((unsigned long *)ti, schedule); -+ iv = (unsigned char *)ivec; -+ t = ti[0]; -+ l2c(t, iv); -+ t = ti[1]; -+ l2c(t, iv); -+ iv = (unsigned char *)ivec; -+ } -+ cc = *(in++); -+ c = iv[n]; -+ iv[n] = cc; -+ *(out++) = c ^ cc; -+ n = (n + 1) & 0x07; -+ } -+ } -+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c -index 9e29786..b9f4d8c 100644 ---- a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c -+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,53 +59,52 @@ - #include - #include "rc2_locl.h" - --/* The input and output encrypted as though 64bit ofb mode is being -- * used. The extra state information to record how much of the -- * 64bit block we have used is contained in *num; -+/* -+ * The input and output encrypted as though 64bit ofb mode is being used. -+ * The extra state information to record how much of the 64bit block we have -+ * used is contained in *num; - */ - void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, -- long length, RC2_KEY *schedule, unsigned char *ivec, -- int *num) -- { -- register unsigned long v0,v1,t; -- register int n= *num; -- register long l=length; -- unsigned char d[8]; -- register char *dp; -- unsigned long ti[2]; -- unsigned char *iv; -- int save=0; -- -- iv=(unsigned char *)ivec; -- c2l(iv,v0); -- c2l(iv,v1); -- ti[0]=v0; -- ti[1]=v1; -- dp=(char *)d; -- l2c(v0,dp); -- l2c(v1,dp); -- while (l--) -- { -- if (n == 0) -- { -- RC2_encrypt((unsigned long *)ti,schedule); -- dp=(char *)d; -- t=ti[0]; l2c(t,dp); -- t=ti[1]; l2c(t,dp); -- save++; -- } -- *(out++)= *(in++)^d[n]; -- n=(n+1)&0x07; -- } -- if (save) -- { -- v0=ti[0]; -- v1=ti[1]; -- iv=(unsigned char *)ivec; -- l2c(v0,iv); -- l2c(v1,iv); -- } -- t=v0=v1=ti[0]=ti[1]=0; -- *num=n; -- } -+ long length, RC2_KEY *schedule, unsigned char *ivec, -+ int *num) -+{ -+ register unsigned long v0, v1, t; -+ register int n = *num; -+ register long l = length; -+ unsigned char d[8]; -+ register char *dp; -+ unsigned long ti[2]; -+ unsigned char *iv; -+ int save = 0; - -+ iv = (unsigned char *)ivec; -+ c2l(iv, v0); -+ c2l(iv, v1); -+ ti[0] = v0; -+ ti[1] = v1; -+ dp = (char *)d; -+ l2c(v0, dp); -+ l2c(v1, dp); -+ while (l--) { -+ if (n == 0) { -+ RC2_encrypt((unsigned long *)ti, schedule); -+ dp = (char *)d; -+ t = ti[0]; -+ l2c(t, dp); -+ t = ti[1]; -+ l2c(t, dp); -+ save++; -+ } -+ *(out++) = *(in++) ^ d[n]; -+ n = (n + 1) & 0x07; -+ } -+ if (save) { -+ v0 = ti[0]; -+ v1 = ti[1]; -+ iv = (unsigned char *)ivec; -+ l2c(v0, iv); -+ l2c(v1, iv); -+ } -+ t = v0 = v1 = ti[0] = ti[1] = 0; -+ *num = n; -+} -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c -index 0660ea6..72cc8f6 100644 ---- a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c -+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,7 +59,8 @@ - #include - #include "rc4_locl.h" - --/* RC4 as implemented from a posting from -+/*- -+ * RC4 as implemented from a posting from - * Newsgroups: sci.crypt - * From: sterndark@netcom.com (David Sterndark) - * Subject: RC4 Algorithm revealed. -@@ -68,248 +69,266 @@ - */ - - void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, -- unsigned char *outdata) -- { -- register RC4_INT *d; -- register RC4_INT x,y,tx,ty; -- int i; -- -- x=key->x; -- y=key->y; -- d=key->data; -+ unsigned char *outdata) -+{ -+ register RC4_INT *d; -+ register RC4_INT x, y, tx, ty; -+ int i; -+ -+ x = key->x; -+ y = key->y; -+ d = key->data; - - #if defined(RC4_CHUNK) -- /* -- * The original reason for implementing this(*) was the fact that -- * pre-21164a Alpha CPUs don't have byte load/store instructions -- * and e.g. a byte store has to be done with 64-bit load, shift, -- * and, or and finally 64-bit store. Peaking data and operating -- * at natural word size made it possible to reduce amount of -- * instructions as well as to perform early read-ahead without -- * suffering from RAW (read-after-write) hazard. This resulted -- * in ~40%(**) performance improvement on 21064 box with gcc. -- * But it's not only Alpha users who win here:-) Thanks to the -- * early-n-wide read-ahead this implementation also exhibits -- * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending -- * on sizeof(RC4_INT)). -- * -- * (*) "this" means code which recognizes the case when input -- * and output pointers appear to be aligned at natural CPU -- * word boundary -- * (**) i.e. according to 'apps/openssl speed rc4' benchmark, -- * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... -- * -- * Cavets. -- * -- * - RC4_CHUNK="unsigned long long" should be a #1 choice for -- * UltraSPARC. Unfortunately gcc generates very slow code -- * (2.5-3 times slower than one generated by Sun's WorkShop -- * C) and therefore gcc (at least 2.95 and earlier) should -- * always be told that RC4_CHUNK="unsigned long". -- * -- * -- */ -+ /*- -+ * The original reason for implementing this(*) was the fact that -+ * pre-21164a Alpha CPUs don't have byte load/store instructions -+ * and e.g. a byte store has to be done with 64-bit load, shift, -+ * and, or and finally 64-bit store. Peaking data and operating -+ * at natural word size made it possible to reduce amount of -+ * instructions as well as to perform early read-ahead without -+ * suffering from RAW (read-after-write) hazard. This resulted -+ * in ~40%(**) performance improvement on 21064 box with gcc. -+ * But it's not only Alpha users who win here:-) Thanks to the -+ * early-n-wide read-ahead this implementation also exhibits -+ * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending -+ * on sizeof(RC4_INT)). -+ * -+ * (*) "this" means code which recognizes the case when input -+ * and output pointers appear to be aligned at natural CPU -+ * word boundary -+ * (**) i.e. according to 'apps/openssl speed rc4' benchmark, -+ * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... -+ * -+ * Cavets. -+ * -+ * - RC4_CHUNK="unsigned long long" should be a #1 choice for -+ * UltraSPARC. Unfortunately gcc generates very slow code -+ * (2.5-3 times slower than one generated by Sun's WorkShop -+ * C) and therefore gcc (at least 2.95 and earlier) should -+ * always be told that RC4_CHUNK="unsigned long". -+ * -+ * -+ */ - --# define RC4_STEP ( \ -- x=(x+1) &0xff, \ -- tx=d[x], \ -- y=(tx+y)&0xff, \ -- ty=d[y], \ -- d[y]=tx, \ -- d[x]=ty, \ -- (RC4_CHUNK)d[(tx+ty)&0xff]\ -- ) -+# define RC4_STEP ( \ -+ x=(x+1) &0xff, \ -+ tx=d[x], \ -+ y=(tx+y)&0xff, \ -+ ty=d[y], \ -+ d[y]=tx, \ -+ d[x]=ty, \ -+ (RC4_CHUNK)d[(tx+ty)&0xff]\ -+ ) - -- if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) | -- ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) -- { -- RC4_CHUNK ichunk,otp; -- const union { long one; char little; } is_endian = {1}; -+ if ((((unsigned long)indata & (sizeof(RC4_CHUNK) - 1)) | -+ ((unsigned long)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) { -+ RC4_CHUNK ichunk, otp; -+ const union { -+ long one; -+ char little; -+ } is_endian = { -+ 1 -+ }; - -- /* -- * I reckon we can afford to implement both endian -- * cases and to decide which way to take at run-time -- * because the machine code appears to be very compact -- * and redundant 1-2KB is perfectly tolerable (i.e. -- * in case the compiler fails to eliminate it:-). By -- * suggestion from Terrel Larson -- * who also stands for the is_endian union:-) -- * -- * Special notes. -- * -- * - is_endian is declared automatic as doing otherwise -- * (declaring static) prevents gcc from eliminating -- * the redundant code; -- * - compilers (those I've tried) don't seem to have -- * problems eliminating either the operators guarded -- * by "if (sizeof(RC4_CHUNK)==8)" or the condition -- * expressions themselves so I've got 'em to replace -- * corresponding #ifdefs from the previous version; -- * - I chose to let the redundant switch cases when -- * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed -- * before); -- * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in -- * [LB]ESHFT guards against "shift is out of range" -- * warnings when sizeof(RC4_CHUNK)!=8 -- * -- * -- */ -- if (!is_endian.little) -- { /* BIG-ENDIAN CASE */ --# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) -- for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK)) -- { -- ichunk = *(RC4_CHUNK *)indata; -- otp = RC4_STEP< -+ * who also stands for the is_endian union:-) -+ * -+ * Special notes. -+ * -+ * - is_endian is declared automatic as doing otherwise -+ * (declaring static) prevents gcc from eliminating -+ * the redundant code; -+ * - compilers (those I've tried) don't seem to have -+ * problems eliminating either the operators guarded -+ * by "if (sizeof(RC4_CHUNK)==8)" or the condition -+ * expressions themselves so I've got 'em to replace -+ * corresponding #ifdefs from the previous version; -+ * - I chose to let the redundant switch cases when -+ * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed -+ * before); -+ * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in -+ * [LB]ESHFT guards against "shift is out of range" -+ * warnings when sizeof(RC4_CHUNK)!=8 -+ * -+ * -+ */ -+ if (!is_endian.little) { /* BIG-ENDIAN CASE */ -+# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) -+ for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) { -+ ichunk = *(RC4_CHUNK *) indata; -+ otp = RC4_STEP << BESHFT(0); -+ otp |= RC4_STEP << BESHFT(1); -+ otp |= RC4_STEP << BESHFT(2); -+ otp |= RC4_STEP << BESHFT(3); -+ if (sizeof(RC4_CHUNK) == 8) { -+ otp |= RC4_STEP << BESHFT(4); -+ otp |= RC4_STEP << BESHFT(5); -+ otp |= RC4_STEP << BESHFT(6); -+ otp |= RC4_STEP << BESHFT(7); -+ } -+ *(RC4_CHUNK *) outdata = otp ^ ichunk; -+ indata += sizeof(RC4_CHUNK); -+ outdata += sizeof(RC4_CHUNK); -+ } -+ if (len) { -+ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; - -- ichunk = *(RC4_CHUNK *)indata; -- ochunk = *(RC4_CHUNK *)outdata; -- otp = 0; -- i = BESHFT(0); -- mask <<= (sizeof(RC4_CHUNK)-len)<<3; -- switch (len&(sizeof(RC4_CHUNK)-1)) -- { -- case 7: otp = RC4_STEP<x=x; -- key->y=y; -- return; -- } -- else -- { /* LITTLE-ENDIAN CASE */ --# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) -- for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK)) -- { -- ichunk = *(RC4_CHUNK *)indata; -- otp = RC4_STEP; -- otp |= RC4_STEP<<8; -- otp |= RC4_STEP<<16; -- otp |= RC4_STEP<<24; -- if (sizeof(RC4_CHUNK)==8) -- { -- otp |= RC4_STEP<x = x; -+ key->y = y; -+ return; -+ } else { /* LITTLE-ENDIAN CASE */ -+# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) -+ for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) { -+ ichunk = *(RC4_CHUNK *) indata; -+ otp = RC4_STEP; -+ otp |= RC4_STEP << 8; -+ otp |= RC4_STEP << 16; -+ otp |= RC4_STEP << 24; -+ if (sizeof(RC4_CHUNK) == 8) { -+ otp |= RC4_STEP << LESHFT(4); -+ otp |= RC4_STEP << LESHFT(5); -+ otp |= RC4_STEP << LESHFT(6); -+ otp |= RC4_STEP << LESHFT(7); -+ } -+ *(RC4_CHUNK *) outdata = otp ^ ichunk; -+ indata += sizeof(RC4_CHUNK); -+ outdata += sizeof(RC4_CHUNK); -+ } -+ if (len) { -+ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; - -- ichunk = *(RC4_CHUNK *)indata; -- ochunk = *(RC4_CHUNK *)outdata; -- otp = 0; -- i = 0; -- mask >>= (sizeof(RC4_CHUNK)-len)<<3; -- switch (len&(sizeof(RC4_CHUNK)-1)) -- { -- case 7: otp = RC4_STEP, i+=8; -- case 6: otp |= RC4_STEP<x=x; -- key->y=y; -- return; -- } -- } -+ ichunk = *(RC4_CHUNK *) indata; -+ ochunk = *(RC4_CHUNK *) outdata; -+ otp = 0; -+ i = 0; -+ mask >>= (sizeof(RC4_CHUNK) - len) << 3; -+ switch (len & (sizeof(RC4_CHUNK) - 1)) { -+ case 7: -+ otp = RC4_STEP, i += 8; -+ case 6: -+ otp |= RC4_STEP << i, i += 8; -+ case 5: -+ otp |= RC4_STEP << i, i += 8; -+ case 4: -+ otp |= RC4_STEP << i, i += 8; -+ case 3: -+ otp |= RC4_STEP << i, i += 8; -+ case 2: -+ otp |= RC4_STEP << i, i += 8; -+ case 1: -+ otp |= RC4_STEP << i, i += 8; -+ case 0:; /* -+ * it's never the case, -+ * but it has to be here -+ * for ultrix? -+ */ -+ } -+ ochunk &= ~mask; -+ ochunk |= (otp ^ ichunk) & mask; -+ *(RC4_CHUNK *) outdata = ochunk; -+ } -+ key->x = x; -+ key->y = y; -+ return; -+ } -+ } - #endif - #define LOOP(in,out) \ -- x=((x+1)&0xff); \ -- tx=d[x]; \ -- y=(tx+y)&0xff; \ -- d[x]=ty=d[y]; \ -- d[y]=tx; \ -- (out) = d[(tx+ty)&0xff]^ (in); -+ x=((x+1)&0xff); \ -+ tx=d[x]; \ -+ y=(tx+y)&0xff; \ -+ d[x]=ty=d[y]; \ -+ d[y]=tx; \ -+ (out) = d[(tx+ty)&0xff]^ (in); - - #ifndef RC4_INDEX --#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) -+# define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) - #else --#define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) -+# define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) - #endif - -- i=(int)(len>>3L); -- if (i) -- { -- for (;;) -- { -- RC4_LOOP(indata,outdata,0); -- RC4_LOOP(indata,outdata,1); -- RC4_LOOP(indata,outdata,2); -- RC4_LOOP(indata,outdata,3); -- RC4_LOOP(indata,outdata,4); -- RC4_LOOP(indata,outdata,5); -- RC4_LOOP(indata,outdata,6); -- RC4_LOOP(indata,outdata,7); -+ i = (int)(len >> 3L); -+ if (i) { -+ for (;;) { -+ RC4_LOOP(indata, outdata, 0); -+ RC4_LOOP(indata, outdata, 1); -+ RC4_LOOP(indata, outdata, 2); -+ RC4_LOOP(indata, outdata, 3); -+ RC4_LOOP(indata, outdata, 4); -+ RC4_LOOP(indata, outdata, 5); -+ RC4_LOOP(indata, outdata, 6); -+ RC4_LOOP(indata, outdata, 7); - #ifdef RC4_INDEX -- indata+=8; -- outdata+=8; -+ indata += 8; -+ outdata += 8; - #endif -- if (--i == 0) break; -- } -- } -- i=(int)len&0x07; -- if (i) -- { -- for (;;) -- { -- RC4_LOOP(indata,outdata,0); if (--i == 0) break; -- RC4_LOOP(indata,outdata,1); if (--i == 0) break; -- RC4_LOOP(indata,outdata,2); if (--i == 0) break; -- RC4_LOOP(indata,outdata,3); if (--i == 0) break; -- RC4_LOOP(indata,outdata,4); if (--i == 0) break; -- RC4_LOOP(indata,outdata,5); if (--i == 0) break; -- RC4_LOOP(indata,outdata,6); if (--i == 0) break; -- } -- } -- key->x=x; -- key->y=y; -- } -+ if (--i == 0) -+ break; -+ } -+ } -+ i = (int)len & 0x07; -+ if (i) { -+ for (;;) { -+ RC4_LOOP(indata, outdata, 0); -+ if (--i == 0) -+ break; -+ RC4_LOOP(indata, outdata, 1); -+ if (--i == 0) -+ break; -+ RC4_LOOP(indata, outdata, 2); -+ if (--i == 0) -+ break; -+ RC4_LOOP(indata, outdata, 3); -+ if (--i == 0) -+ break; -+ RC4_LOOP(indata, outdata, 4); -+ if (--i == 0) -+ break; -+ RC4_LOOP(indata, outdata, 5); -+ if (--i == 0) -+ break; -+ RC4_LOOP(indata, outdata, 6); -+ if (--i == 0) -+ break; -+ } -+ } -+ key->x = x; -+ key->y = y; -+} -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c -index 1b2a429..f236685 100644 ---- a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c -+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c -@@ -1,5 +1,6 @@ - /* crypto/rc4/rc4_fblk.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -51,25 +52,24 @@ - * ==================================================================== - */ - -- - #include - #include "rc4_locl.h" - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - --/* FIPS mode blocking for RC4 has to be done separately since RC4_set_key -- * may be implemented in an assembly language file. -+/* -+ * FIPS mode blocking for RC4 has to be done separately since RC4_set_key may -+ * be implemented in an assembly language file. - */ - - #ifdef OPENSSL_FIPS - void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) -- { -- if (FIPS_mode()) -- FIPS_BAD_ABORT(RC4) -- private_RC4_set_key(key, len, data); -- } -+{ -+ if (FIPS_mode()) -+ FIPS_BAD_ABORT(RC4) -+ private_RC4_set_key(key, len, data); -+} - #endif -- -diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c -index d1dc912..62121d9 100644 ---- a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c -+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,28 +61,28 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -- --const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT; -+const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT; - - const char *RC4_options(void) -- { -+{ - #ifdef RC4_INDEX -- if (sizeof(RC4_INT) == 1) -- return("rc4(idx,char)"); -- else -- return("rc4(idx,int)"); -+ if (sizeof(RC4_INT) == 1) -+ return ("rc4(idx,char)"); -+ else -+ return ("rc4(idx,int)"); - #else -- if (sizeof(RC4_INT) == 1) -- return("rc4(ptr,char)"); -- else -- return("rc4(ptr,int)"); -+ if (sizeof(RC4_INT) == 1) -+ return ("rc4(ptr,char)"); -+ else -+ return ("rc4(ptr,int)"); - #endif -- } -+} - --/* RC4 as implemented from a posting from -+/*- -+ * RC4 as implemented from a posting from - * Newsgroups: sci.crypt - * From: sterndark@netcom.com (David Sterndark) - * Subject: RC4 Algorithm revealed. -@@ -95,71 +95,72 @@ void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) - #else - void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) - #endif -- { -- register RC4_INT tmp; -- register int id1,id2; -- register RC4_INT *d; -- unsigned int i; -- -- d= &(key->data[0]); -- key->x = 0; -- key->y = 0; -- id1=id2=0; -+{ -+ register RC4_INT tmp; -+ register int id1, id2; -+ register RC4_INT *d; -+ unsigned int i; -+ -+ d = &(key->data[0]); -+ key->x = 0; -+ key->y = 0; -+ id1 = id2 = 0; - - #define SK_LOOP(d,n) { \ -- tmp=d[(n)]; \ -- id2 = (data[id1] + tmp + id2) & 0xff; \ -- if (++id1 == len) id1=0; \ -- d[(n)]=d[id2]; \ -- d[id2]=tmp; } -+ tmp=d[(n)]; \ -+ id2 = (data[id1] + tmp + id2) & 0xff; \ -+ if (++id1 == len) id1=0; \ -+ d[(n)]=d[id2]; \ -+ d[id2]=tmp; } - - #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) --# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -- defined(__INTEL__) || \ -- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) -- if (sizeof(RC4_INT) > 1) { -- /* -- * Unlike all other x86 [and x86_64] implementations, -- * Intel P4 core [including EM64T] was found to perform -- * poorly with wider RC4_INT. Performance improvement -- * for IA-32 hand-coded assembler turned out to be 2.8x -- * if re-coded for RC4_CHAR! It's however inappropriate -- * to just switch to RC4_CHAR for x86[_64], as non-P4 -- * implementations suffer from significant performance -- * losses then, e.g. PIII exhibits >2x deterioration, -- * and so does Opteron. In order to assure optimal -- * all-round performance, we detect P4 at run-time by -- * checking upon reserved bit 20 in CPU capability -- * vector and set up compressed key schedule, which is -- * recognized by correspondingly updated assembler -- * module... Bit 20 is set up by OPENSSL_ia32_cpuid. -- * -- * -- */ --#ifdef OPENSSL_FIPS -- unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); -- if (ia32cap_ptr && (*ia32cap_ptr & (1<<20))) { --#else -- if (OPENSSL_ia32cap_P & (1<<20)) { --#endif -- unsigned char *cp=(unsigned char *)d; -+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -+ defined(__INTEL__) || \ -+ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) -+ if (sizeof(RC4_INT) > 1) { -+ /* -+ * Unlike all other x86 [and x86_64] implementations, -+ * Intel P4 core [including EM64T] was found to perform -+ * poorly with wider RC4_INT. Performance improvement -+ * for IA-32 hand-coded assembler turned out to be 2.8x -+ * if re-coded for RC4_CHAR! It's however inappropriate -+ * to just switch to RC4_CHAR for x86[_64], as non-P4 -+ * implementations suffer from significant performance -+ * losses then, e.g. PIII exhibits >2x deterioration, -+ * and so does Opteron. In order to assure optimal -+ * all-round performance, we detect P4 at run-time by -+ * checking upon reserved bit 20 in CPU capability -+ * vector and set up compressed key schedule, which is -+ * recognized by correspondingly updated assembler -+ * module... Bit 20 is set up by OPENSSL_ia32_cpuid. -+ * -+ * -+ */ -+# ifdef OPENSSL_FIPS -+ unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); -+ if (ia32cap_ptr && (*ia32cap_ptr & (1 << 20))) { -+# else -+ if (OPENSSL_ia32cap_P & (1 << 20)) { -+# endif -+ unsigned char *cp = (unsigned char *)d; - -- for (i=0;i<256;i++) cp[i]=i; -- for (i=0;i<256;i++) SK_LOOP(cp,i); -- /* mark schedule as compressed! */ -- d[256/sizeof(RC4_INT)]=-1; -- return; -- } -- } -+ for (i = 0; i < 256; i++) -+ cp[i] = i; -+ for (i = 0; i < 256; i++) -+ SK_LOOP(cp, i); -+ /* mark schedule as compressed! */ -+ d[256 / sizeof(RC4_INT)] = -1; -+ return; -+ } -+ } - # endif - #endif -- for (i=0; i < 256; i++) d[i]=i; -- for (i=0; i < 256; i+=4) -- { -- SK_LOOP(d,i+0); -- SK_LOOP(d,i+1); -- SK_LOOP(d,i+2); -- SK_LOOP(d,i+3); -- } -- } -- -+ for (i = 0; i < 256; i++) -+ d[i] = i; -+ for (i = 0; i < 256; i += 4) { -+ SK_LOOP(d, i + 0); -+ SK_LOOP(d, i + 1); -+ SK_LOOP(d, i + 2); -+ SK_LOOP(d, i + 3); -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c -index ead11d0..236a5ed 100644 ---- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c -+++ b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,238 +61,279 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - -+const char RMD160_version[] = "RIPE-MD160" OPENSSL_VERSION_PTEXT; - --const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; -- --# ifdef RMD160_ASM -- void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num); --# define ripemd160_block ripemd160_block_x86 --# else -- void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); --# endif -+#ifdef RMD160_ASM -+void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num); -+# define ripemd160_block ripemd160_block_x86 -+#else -+void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); -+#endif - - FIPS_NON_FIPS_MD_Init(RIPEMD160) -- { -- c->A=RIPEMD160_A; -- c->B=RIPEMD160_B; -- c->C=RIPEMD160_C; -- c->D=RIPEMD160_D; -- c->E=RIPEMD160_E; -- c->Nl=0; -- c->Nh=0; -- c->num=0; -- return 1; -- } -+{ -+ c->A = RIPEMD160_A; -+ c->B = RIPEMD160_B; -+ c->C = RIPEMD160_C; -+ c->D = RIPEMD160_D; -+ c->E = RIPEMD160_E; -+ c->Nl = 0; -+ c->Nh = 0; -+ c->num = 0; -+ return 1; -+} - - #ifndef ripemd160_block_data_order --#ifdef X --#undef X --#endif --void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num) -- { -- const unsigned char *data=p; -- register unsigned MD32_REG_T A,B,C,D,E; -- unsigned MD32_REG_T a,b,c,d,e,l; --#ifndef MD32_XARRAY -- /* See comment in crypto/sha/sha_locl.h for details. */ -- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, -- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; --# define X(i) XX##i --#else -- RIPEMD160_LONG XX[16]; --# define X(i) XX[i] --#endif -+# ifdef X -+# undef X -+# endif -+void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num) -+{ -+ const unsigned char *data = p; -+ register unsigned MD32_REG_T A, B, C, D, E; -+ unsigned MD32_REG_T a, b, c, d, e, l; -+# ifndef MD32_XARRAY -+ /* See comment in crypto/sha/sha_locl.h for details. */ -+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, -+ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -+# define X(i) XX##i -+# else -+ RIPEMD160_LONG XX[16]; -+# define X(i) XX[i] -+# endif - -- for (;num--;) -- { -+ for (; num--;) { - -- A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; -+ A = ctx->A; -+ B = ctx->B; -+ C = ctx->C; -+ D = ctx->D; -+ E = ctx->E; - -- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; -- RIP1(A,B,C,D,E,WL00,SL00); HOST_c2l(data,l); X( 2)=l; -- RIP1(E,A,B,C,D,WL01,SL01); HOST_c2l(data,l); X( 3)=l; -- RIP1(D,E,A,B,C,WL02,SL02); HOST_c2l(data,l); X( 4)=l; -- RIP1(C,D,E,A,B,WL03,SL03); HOST_c2l(data,l); X( 5)=l; -- RIP1(B,C,D,E,A,WL04,SL04); HOST_c2l(data,l); X( 6)=l; -- RIP1(A,B,C,D,E,WL05,SL05); HOST_c2l(data,l); X( 7)=l; -- RIP1(E,A,B,C,D,WL06,SL06); HOST_c2l(data,l); X( 8)=l; -- RIP1(D,E,A,B,C,WL07,SL07); HOST_c2l(data,l); X( 9)=l; -- RIP1(C,D,E,A,B,WL08,SL08); HOST_c2l(data,l); X(10)=l; -- RIP1(B,C,D,E,A,WL09,SL09); HOST_c2l(data,l); X(11)=l; -- RIP1(A,B,C,D,E,WL10,SL10); HOST_c2l(data,l); X(12)=l; -- RIP1(E,A,B,C,D,WL11,SL11); HOST_c2l(data,l); X(13)=l; -- RIP1(D,E,A,B,C,WL12,SL12); HOST_c2l(data,l); X(14)=l; -- RIP1(C,D,E,A,B,WL13,SL13); HOST_c2l(data,l); X(15)=l; -- RIP1(B,C,D,E,A,WL14,SL14); -- RIP1(A,B,C,D,E,WL15,SL15); -+ HOST_c2l(data, l); -+ X(0) = l; -+ HOST_c2l(data, l); -+ X(1) = l; -+ RIP1(A, B, C, D, E, WL00, SL00); -+ HOST_c2l(data, l); -+ X(2) = l; -+ RIP1(E, A, B, C, D, WL01, SL01); -+ HOST_c2l(data, l); -+ X(3) = l; -+ RIP1(D, E, A, B, C, WL02, SL02); -+ HOST_c2l(data, l); -+ X(4) = l; -+ RIP1(C, D, E, A, B, WL03, SL03); -+ HOST_c2l(data, l); -+ X(5) = l; -+ RIP1(B, C, D, E, A, WL04, SL04); -+ HOST_c2l(data, l); -+ X(6) = l; -+ RIP1(A, B, C, D, E, WL05, SL05); -+ HOST_c2l(data, l); -+ X(7) = l; -+ RIP1(E, A, B, C, D, WL06, SL06); -+ HOST_c2l(data, l); -+ X(8) = l; -+ RIP1(D, E, A, B, C, WL07, SL07); -+ HOST_c2l(data, l); -+ X(9) = l; -+ RIP1(C, D, E, A, B, WL08, SL08); -+ HOST_c2l(data, l); -+ X(10) = l; -+ RIP1(B, C, D, E, A, WL09, SL09); -+ HOST_c2l(data, l); -+ X(11) = l; -+ RIP1(A, B, C, D, E, WL10, SL10); -+ HOST_c2l(data, l); -+ X(12) = l; -+ RIP1(E, A, B, C, D, WL11, SL11); -+ HOST_c2l(data, l); -+ X(13) = l; -+ RIP1(D, E, A, B, C, WL12, SL12); -+ HOST_c2l(data, l); -+ X(14) = l; -+ RIP1(C, D, E, A, B, WL13, SL13); -+ HOST_c2l(data, l); -+ X(15) = l; -+ RIP1(B, C, D, E, A, WL14, SL14); -+ RIP1(A, B, C, D, E, WL15, SL15); - -- RIP2(E,A,B,C,D,WL16,SL16,KL1); -- RIP2(D,E,A,B,C,WL17,SL17,KL1); -- RIP2(C,D,E,A,B,WL18,SL18,KL1); -- RIP2(B,C,D,E,A,WL19,SL19,KL1); -- RIP2(A,B,C,D,E,WL20,SL20,KL1); -- RIP2(E,A,B,C,D,WL21,SL21,KL1); -- RIP2(D,E,A,B,C,WL22,SL22,KL1); -- RIP2(C,D,E,A,B,WL23,SL23,KL1); -- RIP2(B,C,D,E,A,WL24,SL24,KL1); -- RIP2(A,B,C,D,E,WL25,SL25,KL1); -- RIP2(E,A,B,C,D,WL26,SL26,KL1); -- RIP2(D,E,A,B,C,WL27,SL27,KL1); -- RIP2(C,D,E,A,B,WL28,SL28,KL1); -- RIP2(B,C,D,E,A,WL29,SL29,KL1); -- RIP2(A,B,C,D,E,WL30,SL30,KL1); -- RIP2(E,A,B,C,D,WL31,SL31,KL1); -+ RIP2(E, A, B, C, D, WL16, SL16, KL1); -+ RIP2(D, E, A, B, C, WL17, SL17, KL1); -+ RIP2(C, D, E, A, B, WL18, SL18, KL1); -+ RIP2(B, C, D, E, A, WL19, SL19, KL1); -+ RIP2(A, B, C, D, E, WL20, SL20, KL1); -+ RIP2(E, A, B, C, D, WL21, SL21, KL1); -+ RIP2(D, E, A, B, C, WL22, SL22, KL1); -+ RIP2(C, D, E, A, B, WL23, SL23, KL1); -+ RIP2(B, C, D, E, A, WL24, SL24, KL1); -+ RIP2(A, B, C, D, E, WL25, SL25, KL1); -+ RIP2(E, A, B, C, D, WL26, SL26, KL1); -+ RIP2(D, E, A, B, C, WL27, SL27, KL1); -+ RIP2(C, D, E, A, B, WL28, SL28, KL1); -+ RIP2(B, C, D, E, A, WL29, SL29, KL1); -+ RIP2(A, B, C, D, E, WL30, SL30, KL1); -+ RIP2(E, A, B, C, D, WL31, SL31, KL1); - -- RIP3(D,E,A,B,C,WL32,SL32,KL2); -- RIP3(C,D,E,A,B,WL33,SL33,KL2); -- RIP3(B,C,D,E,A,WL34,SL34,KL2); -- RIP3(A,B,C,D,E,WL35,SL35,KL2); -- RIP3(E,A,B,C,D,WL36,SL36,KL2); -- RIP3(D,E,A,B,C,WL37,SL37,KL2); -- RIP3(C,D,E,A,B,WL38,SL38,KL2); -- RIP3(B,C,D,E,A,WL39,SL39,KL2); -- RIP3(A,B,C,D,E,WL40,SL40,KL2); -- RIP3(E,A,B,C,D,WL41,SL41,KL2); -- RIP3(D,E,A,B,C,WL42,SL42,KL2); -- RIP3(C,D,E,A,B,WL43,SL43,KL2); -- RIP3(B,C,D,E,A,WL44,SL44,KL2); -- RIP3(A,B,C,D,E,WL45,SL45,KL2); -- RIP3(E,A,B,C,D,WL46,SL46,KL2); -- RIP3(D,E,A,B,C,WL47,SL47,KL2); -+ RIP3(D, E, A, B, C, WL32, SL32, KL2); -+ RIP3(C, D, E, A, B, WL33, SL33, KL2); -+ RIP3(B, C, D, E, A, WL34, SL34, KL2); -+ RIP3(A, B, C, D, E, WL35, SL35, KL2); -+ RIP3(E, A, B, C, D, WL36, SL36, KL2); -+ RIP3(D, E, A, B, C, WL37, SL37, KL2); -+ RIP3(C, D, E, A, B, WL38, SL38, KL2); -+ RIP3(B, C, D, E, A, WL39, SL39, KL2); -+ RIP3(A, B, C, D, E, WL40, SL40, KL2); -+ RIP3(E, A, B, C, D, WL41, SL41, KL2); -+ RIP3(D, E, A, B, C, WL42, SL42, KL2); -+ RIP3(C, D, E, A, B, WL43, SL43, KL2); -+ RIP3(B, C, D, E, A, WL44, SL44, KL2); -+ RIP3(A, B, C, D, E, WL45, SL45, KL2); -+ RIP3(E, A, B, C, D, WL46, SL46, KL2); -+ RIP3(D, E, A, B, C, WL47, SL47, KL2); - -- RIP4(C,D,E,A,B,WL48,SL48,KL3); -- RIP4(B,C,D,E,A,WL49,SL49,KL3); -- RIP4(A,B,C,D,E,WL50,SL50,KL3); -- RIP4(E,A,B,C,D,WL51,SL51,KL3); -- RIP4(D,E,A,B,C,WL52,SL52,KL3); -- RIP4(C,D,E,A,B,WL53,SL53,KL3); -- RIP4(B,C,D,E,A,WL54,SL54,KL3); -- RIP4(A,B,C,D,E,WL55,SL55,KL3); -- RIP4(E,A,B,C,D,WL56,SL56,KL3); -- RIP4(D,E,A,B,C,WL57,SL57,KL3); -- RIP4(C,D,E,A,B,WL58,SL58,KL3); -- RIP4(B,C,D,E,A,WL59,SL59,KL3); -- RIP4(A,B,C,D,E,WL60,SL60,KL3); -- RIP4(E,A,B,C,D,WL61,SL61,KL3); -- RIP4(D,E,A,B,C,WL62,SL62,KL3); -- RIP4(C,D,E,A,B,WL63,SL63,KL3); -+ RIP4(C, D, E, A, B, WL48, SL48, KL3); -+ RIP4(B, C, D, E, A, WL49, SL49, KL3); -+ RIP4(A, B, C, D, E, WL50, SL50, KL3); -+ RIP4(E, A, B, C, D, WL51, SL51, KL3); -+ RIP4(D, E, A, B, C, WL52, SL52, KL3); -+ RIP4(C, D, E, A, B, WL53, SL53, KL3); -+ RIP4(B, C, D, E, A, WL54, SL54, KL3); -+ RIP4(A, B, C, D, E, WL55, SL55, KL3); -+ RIP4(E, A, B, C, D, WL56, SL56, KL3); -+ RIP4(D, E, A, B, C, WL57, SL57, KL3); -+ RIP4(C, D, E, A, B, WL58, SL58, KL3); -+ RIP4(B, C, D, E, A, WL59, SL59, KL3); -+ RIP4(A, B, C, D, E, WL60, SL60, KL3); -+ RIP4(E, A, B, C, D, WL61, SL61, KL3); -+ RIP4(D, E, A, B, C, WL62, SL62, KL3); -+ RIP4(C, D, E, A, B, WL63, SL63, KL3); - -- RIP5(B,C,D,E,A,WL64,SL64,KL4); -- RIP5(A,B,C,D,E,WL65,SL65,KL4); -- RIP5(E,A,B,C,D,WL66,SL66,KL4); -- RIP5(D,E,A,B,C,WL67,SL67,KL4); -- RIP5(C,D,E,A,B,WL68,SL68,KL4); -- RIP5(B,C,D,E,A,WL69,SL69,KL4); -- RIP5(A,B,C,D,E,WL70,SL70,KL4); -- RIP5(E,A,B,C,D,WL71,SL71,KL4); -- RIP5(D,E,A,B,C,WL72,SL72,KL4); -- RIP5(C,D,E,A,B,WL73,SL73,KL4); -- RIP5(B,C,D,E,A,WL74,SL74,KL4); -- RIP5(A,B,C,D,E,WL75,SL75,KL4); -- RIP5(E,A,B,C,D,WL76,SL76,KL4); -- RIP5(D,E,A,B,C,WL77,SL77,KL4); -- RIP5(C,D,E,A,B,WL78,SL78,KL4); -- RIP5(B,C,D,E,A,WL79,SL79,KL4); -+ RIP5(B, C, D, E, A, WL64, SL64, KL4); -+ RIP5(A, B, C, D, E, WL65, SL65, KL4); -+ RIP5(E, A, B, C, D, WL66, SL66, KL4); -+ RIP5(D, E, A, B, C, WL67, SL67, KL4); -+ RIP5(C, D, E, A, B, WL68, SL68, KL4); -+ RIP5(B, C, D, E, A, WL69, SL69, KL4); -+ RIP5(A, B, C, D, E, WL70, SL70, KL4); -+ RIP5(E, A, B, C, D, WL71, SL71, KL4); -+ RIP5(D, E, A, B, C, WL72, SL72, KL4); -+ RIP5(C, D, E, A, B, WL73, SL73, KL4); -+ RIP5(B, C, D, E, A, WL74, SL74, KL4); -+ RIP5(A, B, C, D, E, WL75, SL75, KL4); -+ RIP5(E, A, B, C, D, WL76, SL76, KL4); -+ RIP5(D, E, A, B, C, WL77, SL77, KL4); -+ RIP5(C, D, E, A, B, WL78, SL78, KL4); -+ RIP5(B, C, D, E, A, WL79, SL79, KL4); - -- a=A; b=B; c=C; d=D; e=E; -- /* Do other half */ -- A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; -+ a = A; -+ b = B; -+ c = C; -+ d = D; -+ e = E; -+ /* Do other half */ -+ A = ctx->A; -+ B = ctx->B; -+ C = ctx->C; -+ D = ctx->D; -+ E = ctx->E; - -- RIP5(A,B,C,D,E,WR00,SR00,KR0); -- RIP5(E,A,B,C,D,WR01,SR01,KR0); -- RIP5(D,E,A,B,C,WR02,SR02,KR0); -- RIP5(C,D,E,A,B,WR03,SR03,KR0); -- RIP5(B,C,D,E,A,WR04,SR04,KR0); -- RIP5(A,B,C,D,E,WR05,SR05,KR0); -- RIP5(E,A,B,C,D,WR06,SR06,KR0); -- RIP5(D,E,A,B,C,WR07,SR07,KR0); -- RIP5(C,D,E,A,B,WR08,SR08,KR0); -- RIP5(B,C,D,E,A,WR09,SR09,KR0); -- RIP5(A,B,C,D,E,WR10,SR10,KR0); -- RIP5(E,A,B,C,D,WR11,SR11,KR0); -- RIP5(D,E,A,B,C,WR12,SR12,KR0); -- RIP5(C,D,E,A,B,WR13,SR13,KR0); -- RIP5(B,C,D,E,A,WR14,SR14,KR0); -- RIP5(A,B,C,D,E,WR15,SR15,KR0); -+ RIP5(A, B, C, D, E, WR00, SR00, KR0); -+ RIP5(E, A, B, C, D, WR01, SR01, KR0); -+ RIP5(D, E, A, B, C, WR02, SR02, KR0); -+ RIP5(C, D, E, A, B, WR03, SR03, KR0); -+ RIP5(B, C, D, E, A, WR04, SR04, KR0); -+ RIP5(A, B, C, D, E, WR05, SR05, KR0); -+ RIP5(E, A, B, C, D, WR06, SR06, KR0); -+ RIP5(D, E, A, B, C, WR07, SR07, KR0); -+ RIP5(C, D, E, A, B, WR08, SR08, KR0); -+ RIP5(B, C, D, E, A, WR09, SR09, KR0); -+ RIP5(A, B, C, D, E, WR10, SR10, KR0); -+ RIP5(E, A, B, C, D, WR11, SR11, KR0); -+ RIP5(D, E, A, B, C, WR12, SR12, KR0); -+ RIP5(C, D, E, A, B, WR13, SR13, KR0); -+ RIP5(B, C, D, E, A, WR14, SR14, KR0); -+ RIP5(A, B, C, D, E, WR15, SR15, KR0); - -- RIP4(E,A,B,C,D,WR16,SR16,KR1); -- RIP4(D,E,A,B,C,WR17,SR17,KR1); -- RIP4(C,D,E,A,B,WR18,SR18,KR1); -- RIP4(B,C,D,E,A,WR19,SR19,KR1); -- RIP4(A,B,C,D,E,WR20,SR20,KR1); -- RIP4(E,A,B,C,D,WR21,SR21,KR1); -- RIP4(D,E,A,B,C,WR22,SR22,KR1); -- RIP4(C,D,E,A,B,WR23,SR23,KR1); -- RIP4(B,C,D,E,A,WR24,SR24,KR1); -- RIP4(A,B,C,D,E,WR25,SR25,KR1); -- RIP4(E,A,B,C,D,WR26,SR26,KR1); -- RIP4(D,E,A,B,C,WR27,SR27,KR1); -- RIP4(C,D,E,A,B,WR28,SR28,KR1); -- RIP4(B,C,D,E,A,WR29,SR29,KR1); -- RIP4(A,B,C,D,E,WR30,SR30,KR1); -- RIP4(E,A,B,C,D,WR31,SR31,KR1); -+ RIP4(E, A, B, C, D, WR16, SR16, KR1); -+ RIP4(D, E, A, B, C, WR17, SR17, KR1); -+ RIP4(C, D, E, A, B, WR18, SR18, KR1); -+ RIP4(B, C, D, E, A, WR19, SR19, KR1); -+ RIP4(A, B, C, D, E, WR20, SR20, KR1); -+ RIP4(E, A, B, C, D, WR21, SR21, KR1); -+ RIP4(D, E, A, B, C, WR22, SR22, KR1); -+ RIP4(C, D, E, A, B, WR23, SR23, KR1); -+ RIP4(B, C, D, E, A, WR24, SR24, KR1); -+ RIP4(A, B, C, D, E, WR25, SR25, KR1); -+ RIP4(E, A, B, C, D, WR26, SR26, KR1); -+ RIP4(D, E, A, B, C, WR27, SR27, KR1); -+ RIP4(C, D, E, A, B, WR28, SR28, KR1); -+ RIP4(B, C, D, E, A, WR29, SR29, KR1); -+ RIP4(A, B, C, D, E, WR30, SR30, KR1); -+ RIP4(E, A, B, C, D, WR31, SR31, KR1); - -- RIP3(D,E,A,B,C,WR32,SR32,KR2); -- RIP3(C,D,E,A,B,WR33,SR33,KR2); -- RIP3(B,C,D,E,A,WR34,SR34,KR2); -- RIP3(A,B,C,D,E,WR35,SR35,KR2); -- RIP3(E,A,B,C,D,WR36,SR36,KR2); -- RIP3(D,E,A,B,C,WR37,SR37,KR2); -- RIP3(C,D,E,A,B,WR38,SR38,KR2); -- RIP3(B,C,D,E,A,WR39,SR39,KR2); -- RIP3(A,B,C,D,E,WR40,SR40,KR2); -- RIP3(E,A,B,C,D,WR41,SR41,KR2); -- RIP3(D,E,A,B,C,WR42,SR42,KR2); -- RIP3(C,D,E,A,B,WR43,SR43,KR2); -- RIP3(B,C,D,E,A,WR44,SR44,KR2); -- RIP3(A,B,C,D,E,WR45,SR45,KR2); -- RIP3(E,A,B,C,D,WR46,SR46,KR2); -- RIP3(D,E,A,B,C,WR47,SR47,KR2); -+ RIP3(D, E, A, B, C, WR32, SR32, KR2); -+ RIP3(C, D, E, A, B, WR33, SR33, KR2); -+ RIP3(B, C, D, E, A, WR34, SR34, KR2); -+ RIP3(A, B, C, D, E, WR35, SR35, KR2); -+ RIP3(E, A, B, C, D, WR36, SR36, KR2); -+ RIP3(D, E, A, B, C, WR37, SR37, KR2); -+ RIP3(C, D, E, A, B, WR38, SR38, KR2); -+ RIP3(B, C, D, E, A, WR39, SR39, KR2); -+ RIP3(A, B, C, D, E, WR40, SR40, KR2); -+ RIP3(E, A, B, C, D, WR41, SR41, KR2); -+ RIP3(D, E, A, B, C, WR42, SR42, KR2); -+ RIP3(C, D, E, A, B, WR43, SR43, KR2); -+ RIP3(B, C, D, E, A, WR44, SR44, KR2); -+ RIP3(A, B, C, D, E, WR45, SR45, KR2); -+ RIP3(E, A, B, C, D, WR46, SR46, KR2); -+ RIP3(D, E, A, B, C, WR47, SR47, KR2); - -- RIP2(C,D,E,A,B,WR48,SR48,KR3); -- RIP2(B,C,D,E,A,WR49,SR49,KR3); -- RIP2(A,B,C,D,E,WR50,SR50,KR3); -- RIP2(E,A,B,C,D,WR51,SR51,KR3); -- RIP2(D,E,A,B,C,WR52,SR52,KR3); -- RIP2(C,D,E,A,B,WR53,SR53,KR3); -- RIP2(B,C,D,E,A,WR54,SR54,KR3); -- RIP2(A,B,C,D,E,WR55,SR55,KR3); -- RIP2(E,A,B,C,D,WR56,SR56,KR3); -- RIP2(D,E,A,B,C,WR57,SR57,KR3); -- RIP2(C,D,E,A,B,WR58,SR58,KR3); -- RIP2(B,C,D,E,A,WR59,SR59,KR3); -- RIP2(A,B,C,D,E,WR60,SR60,KR3); -- RIP2(E,A,B,C,D,WR61,SR61,KR3); -- RIP2(D,E,A,B,C,WR62,SR62,KR3); -- RIP2(C,D,E,A,B,WR63,SR63,KR3); -+ RIP2(C, D, E, A, B, WR48, SR48, KR3); -+ RIP2(B, C, D, E, A, WR49, SR49, KR3); -+ RIP2(A, B, C, D, E, WR50, SR50, KR3); -+ RIP2(E, A, B, C, D, WR51, SR51, KR3); -+ RIP2(D, E, A, B, C, WR52, SR52, KR3); -+ RIP2(C, D, E, A, B, WR53, SR53, KR3); -+ RIP2(B, C, D, E, A, WR54, SR54, KR3); -+ RIP2(A, B, C, D, E, WR55, SR55, KR3); -+ RIP2(E, A, B, C, D, WR56, SR56, KR3); -+ RIP2(D, E, A, B, C, WR57, SR57, KR3); -+ RIP2(C, D, E, A, B, WR58, SR58, KR3); -+ RIP2(B, C, D, E, A, WR59, SR59, KR3); -+ RIP2(A, B, C, D, E, WR60, SR60, KR3); -+ RIP2(E, A, B, C, D, WR61, SR61, KR3); -+ RIP2(D, E, A, B, C, WR62, SR62, KR3); -+ RIP2(C, D, E, A, B, WR63, SR63, KR3); - -- RIP1(B,C,D,E,A,WR64,SR64); -- RIP1(A,B,C,D,E,WR65,SR65); -- RIP1(E,A,B,C,D,WR66,SR66); -- RIP1(D,E,A,B,C,WR67,SR67); -- RIP1(C,D,E,A,B,WR68,SR68); -- RIP1(B,C,D,E,A,WR69,SR69); -- RIP1(A,B,C,D,E,WR70,SR70); -- RIP1(E,A,B,C,D,WR71,SR71); -- RIP1(D,E,A,B,C,WR72,SR72); -- RIP1(C,D,E,A,B,WR73,SR73); -- RIP1(B,C,D,E,A,WR74,SR74); -- RIP1(A,B,C,D,E,WR75,SR75); -- RIP1(E,A,B,C,D,WR76,SR76); -- RIP1(D,E,A,B,C,WR77,SR77); -- RIP1(C,D,E,A,B,WR78,SR78); -- RIP1(B,C,D,E,A,WR79,SR79); -+ RIP1(B, C, D, E, A, WR64, SR64); -+ RIP1(A, B, C, D, E, WR65, SR65); -+ RIP1(E, A, B, C, D, WR66, SR66); -+ RIP1(D, E, A, B, C, WR67, SR67); -+ RIP1(C, D, E, A, B, WR68, SR68); -+ RIP1(B, C, D, E, A, WR69, SR69); -+ RIP1(A, B, C, D, E, WR70, SR70); -+ RIP1(E, A, B, C, D, WR71, SR71); -+ RIP1(D, E, A, B, C, WR72, SR72); -+ RIP1(C, D, E, A, B, WR73, SR73); -+ RIP1(B, C, D, E, A, WR74, SR74); -+ RIP1(A, B, C, D, E, WR75, SR75); -+ RIP1(E, A, B, C, D, WR76, SR76); -+ RIP1(D, E, A, B, C, WR77, SR77); -+ RIP1(C, D, E, A, B, WR78, SR78); -+ RIP1(B, C, D, E, A, WR79, SR79); - -- D =ctx->B+c+D; -- ctx->B=ctx->C+d+E; -- ctx->C=ctx->D+e+A; -- ctx->D=ctx->E+a+B; -- ctx->E=ctx->A+b+C; -- ctx->A=D; -+ D = ctx->B + c + D; -+ ctx->B = ctx->C + d + E; -+ ctx->C = ctx->D + e + A; -+ ctx->D = ctx->E + a + B; -+ ctx->E = ctx->A + b + C; -+ ctx->A = D; - -- } -- } -+ } -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c -index 3efb137..666e01a 100644 ---- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c -+++ b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -61,18 +61,17 @@ - #include - #include - --unsigned char *RIPEMD160(const unsigned char *d, size_t n, -- unsigned char *md) -- { -- RIPEMD160_CTX c; -- static unsigned char m[RIPEMD160_DIGEST_LENGTH]; -- -- if (md == NULL) md=m; -- if (!RIPEMD160_Init(&c)) -- return NULL; -- RIPEMD160_Update(&c,d,n); -- RIPEMD160_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ -- return(md); -- } -+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md) -+{ -+ RIPEMD160_CTX c; -+ static unsigned char m[RIPEMD160_DIGEST_LENGTH]; - -+ if (md == NULL) -+ md = m; -+ if (!RIPEMD160_Init(&c)) -+ return NULL; -+ RIPEMD160_Update(&c, d, n); -+ RIPEMD160_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ -+ return (md); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c -index 6e8a803..5286321 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c -@@ -1,6 +1,7 @@ - /* rsa_asn1.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2000. - */ - /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,48 +63,50 @@ - #include - #include - --static ASN1_METHOD method={ -- (I2D_OF(void)) i2d_RSAPrivateKey, -- (D2I_OF(void)) d2i_RSAPrivateKey, -- (void *(*)(void)) RSA_new, -- (void (*)(void *)) RSA_free}; -+static ASN1_METHOD method = { -+ (I2D_OF(void)) i2d_RSAPrivateKey, -+ (D2I_OF(void)) d2i_RSAPrivateKey, -+ (void *(*)(void))RSA_new, -+ (void (*)(void *))RSA_free -+}; - - ASN1_METHOD *RSAPrivateKey_asn1_meth(void) -- { -- return(&method); -- } -+{ -+ return (&method); -+} - - /* Override the default free and new methods */ - static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) - { -- if(operation == ASN1_OP_NEW_PRE) { -- *pval = (ASN1_VALUE *)RSA_new(); -- if(*pval) return 2; -- return 0; -- } else if(operation == ASN1_OP_FREE_PRE) { -- RSA_free((RSA *)*pval); -- *pval = NULL; -- return 2; -- } -- return 1; -+ if (operation == ASN1_OP_NEW_PRE) { -+ *pval = (ASN1_VALUE *)RSA_new(); -+ if (*pval) -+ return 2; -+ return 0; -+ } else if (operation == ASN1_OP_FREE_PRE) { -+ RSA_free((RSA *)*pval); -+ *pval = NULL; -+ return 2; -+ } -+ return 1; - } - - ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { -- ASN1_SIMPLE(RSA, version, LONG), -- ASN1_SIMPLE(RSA, n, BIGNUM), -- ASN1_SIMPLE(RSA, e, BIGNUM), -- ASN1_SIMPLE(RSA, d, BIGNUM), -- ASN1_SIMPLE(RSA, p, BIGNUM), -- ASN1_SIMPLE(RSA, q, BIGNUM), -- ASN1_SIMPLE(RSA, dmp1, BIGNUM), -- ASN1_SIMPLE(RSA, dmq1, BIGNUM), -- ASN1_SIMPLE(RSA, iqmp, BIGNUM) -+ ASN1_SIMPLE(RSA, version, LONG), -+ ASN1_SIMPLE(RSA, n, BIGNUM), -+ ASN1_SIMPLE(RSA, e, BIGNUM), -+ ASN1_SIMPLE(RSA, d, BIGNUM), -+ ASN1_SIMPLE(RSA, p, BIGNUM), -+ ASN1_SIMPLE(RSA, q, BIGNUM), -+ ASN1_SIMPLE(RSA, dmp1, BIGNUM), -+ ASN1_SIMPLE(RSA, dmq1, BIGNUM), -+ ASN1_SIMPLE(RSA, iqmp, BIGNUM) - } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) - - - ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { -- ASN1_SIMPLE(RSA, n, BIGNUM), -- ASN1_SIMPLE(RSA, e, BIGNUM), -+ ASN1_SIMPLE(RSA, n, BIGNUM), -+ ASN1_SIMPLE(RSA, e, BIGNUM), - } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) - - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) -@@ -111,11 +114,11 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey) - - RSA *RSAPublicKey_dup(RSA *rsa) -- { -- return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa); -- } -+{ -+ return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa); -+} - - RSA *RSAPrivateKey_dup(RSA *rsa) -- { -- return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa); -- } -+{ -+ return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c -index 9d848db..67724f8 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -52,133 +52,158 @@ - #include - #include - -- - int RSA_check_key(const RSA *key) -- { -- BIGNUM *i, *j, *k, *l, *m; -- BN_CTX *ctx; -- int r; -- int ret=1; -- -- i = BN_new(); -- j = BN_new(); -- k = BN_new(); -- l = BN_new(); -- m = BN_new(); -- ctx = BN_CTX_new(); -- if (i == NULL || j == NULL || k == NULL || l == NULL || -- m == NULL || ctx == NULL) -- { -- ret = -1; -- RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* p prime? */ -- r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); -- if (r != 1) -- { -- ret = r; -- if (r != 0) -- goto err; -- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); -- } -- -- /* q prime? */ -- r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); -- if (r != 1) -- { -- ret = r; -- if (r != 0) -- goto err; -- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); -- } -- -- /* n = p*q? */ -- r = BN_mul(i, key->p, key->q, ctx); -- if (!r) { ret = -1; goto err; } -- -- if (BN_cmp(i, key->n) != 0) -- { -- ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); -- } -- -- /* d*e = 1 mod lcm(p-1,q-1)? */ -- -- r = BN_sub(i, key->p, BN_value_one()); -- if (!r) { ret = -1; goto err; } -- r = BN_sub(j, key->q, BN_value_one()); -- if (!r) { ret = -1; goto err; } -- -- /* now compute k = lcm(i,j) */ -- r = BN_mul(l, i, j, ctx); -- if (!r) { ret = -1; goto err; } -- r = BN_gcd(m, i, j, ctx); -- if (!r) { ret = -1; goto err; } -- r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ -- if (!r) { ret = -1; goto err; } -- -- r = BN_mod_mul(i, key->d, key->e, k, ctx); -- if (!r) { ret = -1; goto err; } -- -- if (!BN_is_one(i)) -- { -- ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); -- } -- -- if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) -- { -- /* dmp1 = d mod (p-1)? */ -- r = BN_sub(i, key->p, BN_value_one()); -- if (!r) { ret = -1; goto err; } -- -- r = BN_mod(j, key->d, i, ctx); -- if (!r) { ret = -1; goto err; } -- -- if (BN_cmp(j, key->dmp1) != 0) -- { -- ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY, -- RSA_R_DMP1_NOT_CONGRUENT_TO_D); -- } -- -- /* dmq1 = d mod (q-1)? */ -- r = BN_sub(i, key->q, BN_value_one()); -- if (!r) { ret = -1; goto err; } -- -- r = BN_mod(j, key->d, i, ctx); -- if (!r) { ret = -1; goto err; } -- -- if (BN_cmp(j, key->dmq1) != 0) -- { -- ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY, -- RSA_R_DMQ1_NOT_CONGRUENT_TO_D); -- } -- -- /* iqmp = q^-1 mod p? */ -- if(!BN_mod_inverse(i, key->q, key->p, ctx)) -- { -- ret = -1; -- goto err; -- } -- -- if (BN_cmp(i, key->iqmp) != 0) -- { -- ret = 0; -- RSAerr(RSA_F_RSA_CHECK_KEY, -- RSA_R_IQMP_NOT_INVERSE_OF_Q); -- } -- } -+{ -+ BIGNUM *i, *j, *k, *l, *m; -+ BN_CTX *ctx; -+ int r; -+ int ret = 1; -+ -+ i = BN_new(); -+ j = BN_new(); -+ k = BN_new(); -+ l = BN_new(); -+ m = BN_new(); -+ ctx = BN_CTX_new(); -+ if (i == NULL || j == NULL || k == NULL || l == NULL || -+ m == NULL || ctx == NULL) { -+ ret = -1; -+ RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* p prime? */ -+ r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); -+ if (r != 1) { -+ ret = r; -+ if (r != 0) -+ goto err; -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); -+ } -+ -+ /* q prime? */ -+ r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); -+ if (r != 1) { -+ ret = r; -+ if (r != 0) -+ goto err; -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); -+ } -+ -+ /* n = p*q? */ -+ r = BN_mul(i, key->p, key->q, ctx); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ -+ if (BN_cmp(i, key->n) != 0) { -+ ret = 0; -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); -+ } -+ -+ /* d*e = 1 mod lcm(p-1,q-1)? */ -+ -+ r = BN_sub(i, key->p, BN_value_one()); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ r = BN_sub(j, key->q, BN_value_one()); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ -+ /* now compute k = lcm(i,j) */ -+ r = BN_mul(l, i, j, ctx); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ r = BN_gcd(m, i, j, ctx); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ -+ r = BN_mod_mul(i, key->d, key->e, k, ctx); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ -+ if (!BN_is_one(i)) { -+ ret = 0; -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); -+ } -+ -+ if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { -+ /* dmp1 = d mod (p-1)? */ -+ r = BN_sub(i, key->p, BN_value_one()); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ -+ r = BN_mod(j, key->d, i, ctx); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ -+ if (BN_cmp(j, key->dmp1) != 0) { -+ ret = 0; -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D); -+ } -+ -+ /* dmq1 = d mod (q-1)? */ -+ r = BN_sub(i, key->q, BN_value_one()); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ -+ r = BN_mod(j, key->d, i, ctx); -+ if (!r) { -+ ret = -1; -+ goto err; -+ } -+ -+ if (BN_cmp(j, key->dmq1) != 0) { -+ ret = 0; -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); -+ } -+ -+ /* iqmp = q^-1 mod p? */ -+ if (!BN_mod_inverse(i, key->q, key->p, ctx)) { -+ ret = -1; -+ goto err; -+ } -+ -+ if (BN_cmp(i, key->iqmp) != 0) { -+ ret = 0; -+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q); -+ } -+ } - - err: -- if (i != NULL) BN_free(i); -- if (j != NULL) BN_free(j); -- if (k != NULL) BN_free(k); -- if (l != NULL) BN_free(l); -- if (m != NULL) BN_free(m); -- if (ctx != NULL) BN_CTX_free(ctx); -- return (ret); -- } -+ if (i != NULL) -+ BN_free(i); -+ if (j != NULL) -+ BN_free(j); -+ if (k != NULL) -+ BN_free(k); -+ if (l != NULL) -+ BN_free(l); -+ if (m != NULL) -+ BN_free(m); -+ if (ctx != NULL) -+ BN_CTX_free(ctx); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c -index a859ded..32f0c88 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,8 +53,10 @@ - * - */ - --/* NB: This file contains deprecated functions (compatibility wrappers to the -- * "new" versions). */ -+/* -+ * NB: This file contains deprecated functions (compatibility wrappers to the -+ * "new" versions). -+ */ - - #include - #include -@@ -64,38 +66,42 @@ - - #ifdef OPENSSL_NO_DEPRECATED - --static void *dummy=&dummy; -+static void *dummy = &dummy; - - #else - - RSA *RSA_generate_key(int bits, unsigned long e_value, -- void (*callback)(int,int,void *), void *cb_arg) -- { -- BN_GENCB cb; -- int i; -- RSA *rsa = RSA_new(); -- BIGNUM *e = BN_new(); -+ void (*callback) (int, int, void *), void *cb_arg) -+{ -+ BN_GENCB cb; -+ int i; -+ RSA *rsa = RSA_new(); -+ BIGNUM *e = BN_new(); - -- if(!rsa || !e) goto err; -+ if (!rsa || !e) -+ goto err; - -- /* The problem is when building with 8, 16, or 32 BN_ULONG, -- * unsigned long can be larger */ -- for (i=0; i<(int)sizeof(unsigned long)*8; i++) -- { -- if (e_value & (1UL<n) > OPENSSL_RSA_MAX_MODULUS_BITS) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); -- return -1; -- } -- -- if (BN_ucmp(rsa->n, rsa->e) <= 0) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -- return -1; -- } -- -- /* for large moduli, enforce exponent limit */ -- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) -- { -- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -- return -1; -- } -- } -- -- if ((ctx=BN_CTX_new()) == NULL) goto err; -- BN_CTX_start(ctx); -- f = BN_CTX_get(ctx); -- ret = BN_CTX_get(ctx); -- num=BN_num_bytes(rsa->n); -- buf = OPENSSL_malloc(num); -- if (!f || !ret || !buf) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- switch (padding) -- { -- case RSA_PKCS1_PADDING: -- i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); -- break; --#ifndef OPENSSL_NO_SHA -- case RSA_PKCS1_OAEP_PADDING: -- i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); -- break; --#endif -- case RSA_SSLV23_PADDING: -- i=RSA_padding_add_SSLv23(buf,num,from,flen); -- break; -- case RSA_NO_PADDING: -- i=RSA_padding_add_none(buf,num,from,flen); -- break; -- default: -- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); -- goto err; -- } -- if (i <= 0) goto err; -- -- if (BN_bin2bn(buf,num,f) == NULL) goto err; -- -- if (BN_ucmp(f, rsa->n) >= 0) -- { -- /* usually the padding functions would catch this */ -- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -- goto err; -- } -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -- goto err; -- -- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, -- rsa->_method_mod_n)) goto err; -- -- /* put in leading 0 bytes if the number is less than the -- * length of the modulus */ -- j=BN_num_bytes(ret); -- i=BN_bn2bin(ret,&(to[num-j])); -- for (k=0; k<(num-i); k++) -- to[k]=0; -- -- r=num; --err: -- if (ctx != NULL) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- if (buf != NULL) -- { -- OPENSSL_cleanse(buf,num); -- OPENSSL_free(buf); -- } -- return(r); -- } -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ BIGNUM *f, *ret; -+ int i, j, k, num = 0, r = -1; -+ unsigned char *buf = NULL; -+ BN_CTX *ctx = NULL; -+ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ if (BN_ucmp(rsa->n, rsa->e) <= 0) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ -+ /* for large moduli, enforce exponent limit */ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { -+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ f = BN_CTX_get(ctx); -+ ret = BN_CTX_get(ctx); -+ num = BN_num_bytes(rsa->n); -+ buf = OPENSSL_malloc(num); -+ if (!f || !ret || !buf) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ switch (padding) { -+ case RSA_PKCS1_PADDING: -+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); -+ break; -+# ifndef OPENSSL_NO_SHA -+ case RSA_PKCS1_OAEP_PADDING: -+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); -+ break; -+# endif -+ case RSA_SSLV23_PADDING: -+ i = RSA_padding_add_SSLv23(buf, num, from, flen); -+ break; -+ case RSA_NO_PADDING: -+ i = RSA_padding_add_none(buf, num, from, flen); -+ break; -+ default: -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -+ goto err; -+ } -+ if (i <= 0) -+ goto err; -+ -+ if (BN_bin2bn(buf, num, f) == NULL) -+ goto err; -+ -+ if (BN_ucmp(f, rsa->n) >= 0) { -+ /* usually the padding functions would catch this */ -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, -+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -+ goto err; -+ } -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ -+ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ -+ /* -+ * put in leading 0 bytes if the number is less than the length of the -+ * modulus -+ */ -+ j = BN_num_bytes(ret); -+ i = BN_bn2bin(ret, &(to[num - j])); -+ for (k = 0; k < (num - i); k++) -+ to[k] = 0; -+ -+ r = num; -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, num); -+ OPENSSL_free(buf); -+ } -+ return (r); -+} - - static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) - { -- BN_BLINDING *ret; -- int got_write_lock = 0; -- -- CRYPTO_r_lock(CRYPTO_LOCK_RSA); -- -- if (rsa->blinding == NULL) -- { -- CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -- CRYPTO_w_lock(CRYPTO_LOCK_RSA); -- got_write_lock = 1; -- -- if (rsa->blinding == NULL) -- rsa->blinding = RSA_setup_blinding(rsa, ctx); -- } -- -- ret = rsa->blinding; -- if (ret == NULL) -- goto err; -- -- if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) -- { -- /* rsa->blinding is ours! */ -- -- *local = 1; -- } -- else -- { -- /* resort to rsa->mt_blinding instead */ -- -- *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() -- * that the BN_BLINDING is shared, meaning that accesses -- * require locks, and that the blinding factor must be -- * stored outside the BN_BLINDING -- */ -- -- if (rsa->mt_blinding == NULL) -- { -- if (!got_write_lock) -- { -- CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -- CRYPTO_w_lock(CRYPTO_LOCK_RSA); -- got_write_lock = 1; -- } -- -- if (rsa->mt_blinding == NULL) -- rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); -- } -- ret = rsa->mt_blinding; -- } -+ BN_BLINDING *ret; -+ int got_write_lock = 0; -+ -+ CRYPTO_r_lock(CRYPTO_LOCK_RSA); -+ -+ if (rsa->blinding == NULL) { -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA); -+ got_write_lock = 1; -+ -+ if (rsa->blinding == NULL) -+ rsa->blinding = RSA_setup_blinding(rsa, ctx); -+ } -+ -+ ret = rsa->blinding; -+ if (ret == NULL) -+ goto err; -+ -+ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) { -+ /* rsa->blinding is ours! */ -+ -+ *local = 1; -+ } else { -+ /* resort to rsa->mt_blinding instead */ -+ -+ /* -+ * instructs rsa_blinding_convert(), rsa_blinding_invert() that the -+ * BN_BLINDING is shared, meaning that accesses require locks, and -+ * that the blinding factor must be stored outside the BN_BLINDING -+ */ -+ *local = 0; -+ -+ if (rsa->mt_blinding == NULL) { -+ if (!got_write_lock) { -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA); -+ got_write_lock = 1; -+ } -+ -+ if (rsa->mt_blinding == NULL) -+ rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); -+ } -+ ret = rsa->mt_blinding; -+ } - - err: -- if (got_write_lock) -- CRYPTO_w_unlock(CRYPTO_LOCK_RSA); -- else -- CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -- return ret; -+ if (got_write_lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); -+ else -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -+ return ret; - } - - static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, -- BN_CTX *ctx) -- { -- if (unblind == NULL) -- /* Local blinding: store the unblinding factor -- * in BN_BLINDING. */ -- return BN_BLINDING_convert_ex(f, NULL, b, ctx); -- else -- { -- /* Shared blinding: store the unblinding factor -- * outside BN_BLINDING. */ -- int ret; -- CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); -- ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); -- CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); -- return ret; -- } -- } -+ BN_CTX *ctx) -+{ -+ if (unblind == NULL) -+ /* -+ * Local blinding: store the unblinding factor in BN_BLINDING. -+ */ -+ return BN_BLINDING_convert_ex(f, NULL, b, ctx); -+ else { -+ /* -+ * Shared blinding: store the unblinding factor outside BN_BLINDING. -+ */ -+ int ret; -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); -+ ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); -+ return ret; -+ } -+} - - static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, -- BN_CTX *ctx) -- { -- /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex -- * will use the unblinding factor stored in BN_BLINDING. -- * If BN_BLINDING is shared between threads, unblind must be non-null: -- * BN_BLINDING_invert_ex will then use the local unblinding factor, -- * and will only read the modulus from BN_BLINDING. -- * In both cases it's safe to access the blinding without a lock. -- */ -- return BN_BLINDING_invert_ex(f, unblind, b, ctx); -- } -+ BN_CTX *ctx) -+{ -+ /* -+ * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex -+ * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING -+ * is shared between threads, unblind must be non-null: -+ * BN_BLINDING_invert_ex will then use the local unblinding factor, and -+ * will only read the modulus from BN_BLINDING. In both cases it's safe -+ * to access the blinding without a lock. -+ */ -+ return BN_BLINDING_invert_ex(f, unblind, b, ctx); -+} - - /* signing */ - static int RSA_eay_private_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) -- { -- BIGNUM *f, *ret, *res; -- int i,j,k,num=0,r= -1; -- unsigned char *buf=NULL; -- BN_CTX *ctx=NULL; -- int local_blinding = 0; -- /* Used only if the blinding structure is shared. A non-NULL unblind -- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -- * the unblinding factor outside the blinding structure. */ -- BIGNUM *unblind = NULL; -- BN_BLINDING *blinding = NULL; -- -- if ((ctx=BN_CTX_new()) == NULL) goto err; -- BN_CTX_start(ctx); -- f = BN_CTX_get(ctx); -- ret = BN_CTX_get(ctx); -- num = BN_num_bytes(rsa->n); -- buf = OPENSSL_malloc(num); -- if(!f || !ret || !buf) -- { -- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- switch (padding) -- { -- case RSA_PKCS1_PADDING: -- i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); -- break; -- case RSA_X931_PADDING: -- i=RSA_padding_add_X931(buf,num,from,flen); -- break; -- case RSA_NO_PADDING: -- i=RSA_padding_add_none(buf,num,from,flen); -- break; -- case RSA_SSLV23_PADDING: -- default: -- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); -- goto err; -- } -- if (i <= 0) goto err; -- -- if (BN_bin2bn(buf,num,f) == NULL) goto err; -- -- if (BN_ucmp(f, rsa->n) >= 0) -- { -- /* usually the padding functions would catch this */ -- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -- goto err; -- } -- -- if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) -- { -- blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -- if (blinding == NULL) -- { -- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- if (blinding != NULL) -- { -- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) -- { -- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!rsa_blinding_convert(blinding, f, unblind, ctx)) -- goto err; -- } -- -- if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || -- ((rsa->p != NULL) && -- (rsa->q != NULL) && -- (rsa->dmp1 != NULL) && -- (rsa->dmq1 != NULL) && -- (rsa->iqmp != NULL)) ) -- { -- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; -- } -- else -- { -- BIGNUM local_d; -- BIGNUM *d = NULL; -- -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- BN_init(&local_d); -- d = &local_d; -- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -- } -- else -- d= rsa->d; -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -- goto err; -- -- if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, -- rsa->_method_mod_n)) goto err; -- } -- -- if (blinding) -- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -- goto err; -- -- if (padding == RSA_X931_PADDING) -- { -- BN_sub(f, rsa->n, ret); -- if (BN_cmp(ret, f) > 0) -- res = f; -- else -- res = ret; -- } -- else -- res = ret; -- -- /* put in leading 0 bytes if the number is less than the -- * length of the modulus */ -- j=BN_num_bytes(res); -- i=BN_bn2bin(res,&(to[num-j])); -- for (k=0; k<(num-i); k++) -- to[k]=0; -- -- r=num; --err: -- if (ctx != NULL) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- if (buf != NULL) -- { -- OPENSSL_cleanse(buf,num); -- OPENSSL_free(buf); -- } -- return(r); -- } -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ BIGNUM *f, *ret, *res; -+ int i, j, k, num = 0, r = -1; -+ unsigned char *buf = NULL; -+ BN_CTX *ctx = NULL; -+ int local_blinding = 0; -+ /* -+ * Used only if the blinding structure is shared. A non-NULL unblind -+ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -+ * the unblinding factor outside the blinding structure. -+ */ -+ BIGNUM *unblind = NULL; -+ BN_BLINDING *blinding = NULL; -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ f = BN_CTX_get(ctx); -+ ret = BN_CTX_get(ctx); -+ num = BN_num_bytes(rsa->n); -+ buf = OPENSSL_malloc(num); -+ if (!f || !ret || !buf) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ switch (padding) { -+ case RSA_PKCS1_PADDING: -+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); -+ break; -+ case RSA_X931_PADDING: -+ i = RSA_padding_add_X931(buf, num, from, flen); -+ break; -+ case RSA_NO_PADDING: -+ i = RSA_padding_add_none(buf, num, from, flen); -+ break; -+ case RSA_SSLV23_PADDING: -+ default: -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -+ goto err; -+ } -+ if (i <= 0) -+ goto err; -+ -+ if (BN_bin2bn(buf, num, f) == NULL) -+ goto err; -+ -+ if (BN_ucmp(f, rsa->n) >= 0) { -+ /* usually the padding functions would catch this */ -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, -+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -+ goto err; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { -+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -+ if (blinding == NULL) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ -+ if (blinding != NULL) { -+ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!rsa_blinding_convert(blinding, f, unblind, ctx)) -+ goto err; -+ } -+ -+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || -+ ((rsa->p != NULL) && -+ (rsa->q != NULL) && -+ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { -+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) -+ goto err; -+ } else { -+ BIGNUM local_d; -+ BIGNUM *d = NULL; -+ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ BN_init(&local_d); -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ -+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ } -+ -+ if (blinding) -+ if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -+ goto err; -+ -+ if (padding == RSA_X931_PADDING) { -+ BN_sub(f, rsa->n, ret); -+ if (BN_cmp(ret, f) > 0) -+ res = f; -+ else -+ res = ret; -+ } else -+ res = ret; -+ -+ /* -+ * put in leading 0 bytes if the number is less than the length of the -+ * modulus -+ */ -+ j = BN_num_bytes(res); -+ i = BN_bn2bin(res, &(to[num - j])); -+ for (k = 0; k < (num - i); k++) -+ to[k] = 0; -+ -+ r = num; -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, num); -+ OPENSSL_free(buf); -+ } -+ return (r); -+} - - static int RSA_eay_private_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) -- { -- BIGNUM *f, *ret; -- int j,num=0,r= -1; -- unsigned char *p; -- unsigned char *buf=NULL; -- BN_CTX *ctx=NULL; -- int local_blinding = 0; -- /* Used only if the blinding structure is shared. A non-NULL unblind -- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -- * the unblinding factor outside the blinding structure. */ -- BIGNUM *unblind = NULL; -- BN_BLINDING *blinding = NULL; -- -- if((ctx = BN_CTX_new()) == NULL) goto err; -- BN_CTX_start(ctx); -- f = BN_CTX_get(ctx); -- ret = BN_CTX_get(ctx); -- num = BN_num_bytes(rsa->n); -- buf = OPENSSL_malloc(num); -- if(!f || !ret || !buf) -- { -- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* This check was for equality but PGP does evil things -- * and chops off the top '0' bytes */ -- if (flen > num) -- { -- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); -- goto err; -- } -- -- /* make data into a big number */ -- if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; -- -- if (BN_ucmp(f, rsa->n) >= 0) -- { -- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -- goto err; -- } -- -- if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) -- { -- blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -- if (blinding == NULL) -- { -- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); -- goto err; -- } -- } -- -- if (blinding != NULL) -- { -- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) -- { -- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (!rsa_blinding_convert(blinding, f, unblind, ctx)) -- goto err; -- } -- -- /* do the decrypt */ -- if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || -- ((rsa->p != NULL) && -- (rsa->q != NULL) && -- (rsa->dmp1 != NULL) && -- (rsa->dmq1 != NULL) && -- (rsa->iqmp != NULL)) ) -- { -- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; -- } -- else -- { -- BIGNUM local_d; -- BIGNUM *d = NULL; -- -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- d = &local_d; -- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -- } -- else -- d = rsa->d; -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -- goto err; -- if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, -- rsa->_method_mod_n)) -- goto err; -- } -- -- if (blinding) -- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -- goto err; -- -- p=buf; -- j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ -- -- switch (padding) -- { -- case RSA_PKCS1_PADDING: -- r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); -- break; --#ifndef OPENSSL_NO_SHA -- case RSA_PKCS1_OAEP_PADDING: -- r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); -- break; --#endif -- case RSA_SSLV23_PADDING: -- r=RSA_padding_check_SSLv23(to,num,buf,j,num); -- break; -- case RSA_NO_PADDING: -- r=RSA_padding_check_none(to,num,buf,j,num); -- break; -- default: -- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); -- goto err; -- } -- if (r < 0) -- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); -- --err: -- if (ctx != NULL) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- if (buf != NULL) -- { -- OPENSSL_cleanse(buf,num); -- OPENSSL_free(buf); -- } -- return(r); -- } -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ BIGNUM *f, *ret; -+ int j, num = 0, r = -1; -+ unsigned char *p; -+ unsigned char *buf = NULL; -+ BN_CTX *ctx = NULL; -+ int local_blinding = 0; -+ /* -+ * Used only if the blinding structure is shared. A non-NULL unblind -+ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -+ * the unblinding factor outside the blinding structure. -+ */ -+ BIGNUM *unblind = NULL; -+ BN_BLINDING *blinding = NULL; -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ f = BN_CTX_get(ctx); -+ ret = BN_CTX_get(ctx); -+ num = BN_num_bytes(rsa->n); -+ buf = OPENSSL_malloc(num); -+ if (!f || !ret || !buf) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* -+ * This check was for equality but PGP does evil things and chops off the -+ * top '0' bytes -+ */ -+ if (flen > num) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, -+ RSA_R_DATA_GREATER_THAN_MOD_LEN); -+ goto err; -+ } -+ -+ /* make data into a big number */ -+ if (BN_bin2bn(from, (int)flen, f) == NULL) -+ goto err; -+ -+ if (BN_ucmp(f, rsa->n) >= 0) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, -+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -+ goto err; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { -+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); -+ if (blinding == NULL) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ -+ if (blinding != NULL) { -+ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (!rsa_blinding_convert(blinding, f, unblind, ctx)) -+ goto err; -+ } -+ -+ /* do the decrypt */ -+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || -+ ((rsa->p != NULL) && -+ (rsa->q != NULL) && -+ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { -+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) -+ goto err; -+ } else { -+ BIGNUM local_d; -+ BIGNUM *d = NULL; -+ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ } -+ -+ if (blinding) -+ if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -+ goto err; -+ -+ p = buf; -+ j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ -+ -+ switch (padding) { -+ case RSA_PKCS1_PADDING: -+ r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); -+ break; -+# ifndef OPENSSL_NO_SHA -+ case RSA_PKCS1_OAEP_PADDING: -+ r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); -+ break; -+# endif -+ case RSA_SSLV23_PADDING: -+ r = RSA_padding_check_SSLv23(to, num, buf, j, num); -+ break; -+ case RSA_NO_PADDING: -+ r = RSA_padding_check_none(to, num, buf, j, num); -+ break; -+ default: -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -+ goto err; -+ } -+ if (r < 0) -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); -+ -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, num); -+ OPENSSL_free(buf); -+ } -+ return (r); -+} - - /* signature verification */ - static int RSA_eay_public_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) -- { -- BIGNUM *f,*ret; -- int i,num=0,r= -1; -- unsigned char *p; -- unsigned char *buf=NULL; -- BN_CTX *ctx=NULL; -- -- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -- return -1; -- } -- -- if (BN_ucmp(rsa->n, rsa->e) <= 0) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -- return -1; -- } -- -- /* for large moduli, enforce exponent limit */ -- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) -- { -- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -- return -1; -- } -- } -- -- if((ctx = BN_CTX_new()) == NULL) goto err; -- BN_CTX_start(ctx); -- f = BN_CTX_get(ctx); -- ret = BN_CTX_get(ctx); -- num=BN_num_bytes(rsa->n); -- buf = OPENSSL_malloc(num); -- if(!f || !ret || !buf) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- /* This check was for equality but PGP does evil things -- * and chops off the top '0' bytes */ -- if (flen > num) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); -- goto err; -- } -- -- if (BN_bin2bn(from,flen,f) == NULL) goto err; -- -- if (BN_ucmp(f, rsa->n) >= 0) -- { -- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -- goto err; -- } -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -- goto err; -- -- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, -- rsa->_method_mod_n)) goto err; -- -- if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) -- if (!BN_sub(ret, rsa->n, ret)) goto err; -- -- p=buf; -- i=BN_bn2bin(ret,p); -- -- switch (padding) -- { -- case RSA_PKCS1_PADDING: -- r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); -- break; -- case RSA_X931_PADDING: -- r=RSA_padding_check_X931(to,num,buf,i,num); -- break; -- case RSA_NO_PADDING: -- r=RSA_padding_check_none(to,num,buf,i,num); -- break; -- default: -- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); -- goto err; -- } -- if (r < 0) -- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); -- --err: -- if (ctx != NULL) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- if (buf != NULL) -- { -- OPENSSL_cleanse(buf,num); -- OPENSSL_free(buf); -- } -- return(r); -- } -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ BIGNUM *f, *ret; -+ int i, num = 0, r = -1; -+ unsigned char *p; -+ unsigned char *buf = NULL; -+ BN_CTX *ctx = NULL; -+ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ if (BN_ucmp(rsa->n, rsa->e) <= 0) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ -+ /* for large moduli, enforce exponent limit */ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { -+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ } -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ f = BN_CTX_get(ctx); -+ ret = BN_CTX_get(ctx); -+ num = BN_num_bytes(rsa->n); -+ buf = OPENSSL_malloc(num); -+ if (!f || !ret || !buf) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* -+ * This check was for equality but PGP does evil things and chops off the -+ * top '0' bytes -+ */ -+ if (flen > num) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN); -+ goto err; -+ } -+ -+ if (BN_bin2bn(from, flen, f) == NULL) -+ goto err; -+ -+ if (BN_ucmp(f, rsa->n) >= 0) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, -+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); -+ goto err; -+ } -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ -+ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ -+ if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) -+ if (!BN_sub(ret, rsa->n, ret)) -+ goto err; -+ -+ p = buf; -+ i = BN_bn2bin(ret, p); -+ -+ switch (padding) { -+ case RSA_PKCS1_PADDING: -+ r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num); -+ break; -+ case RSA_X931_PADDING: -+ r = RSA_padding_check_X931(to, num, buf, i, num); -+ break; -+ case RSA_NO_PADDING: -+ r = RSA_padding_check_none(to, num, buf, i, num); -+ break; -+ default: -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); -+ goto err; -+ } -+ if (r < 0) -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); -+ -+ err: -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (buf != NULL) { -+ OPENSSL_cleanse(buf, num); -+ OPENSSL_free(buf); -+ } -+ return (r); -+} - - static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -- { -- BIGNUM *r1,*m1,*vrfy; -- BIGNUM local_dmp1,local_dmq1,local_c,local_r1; -- BIGNUM *dmp1,*dmq1,*c,*pr1; -- int ret=0; -- -- BN_CTX_start(ctx); -- r1 = BN_CTX_get(ctx); -- m1 = BN_CTX_get(ctx); -- vrfy = BN_CTX_get(ctx); -- -- { -- BIGNUM local_p, local_q; -- BIGNUM *p = NULL, *q = NULL; -- -- /* Make sure BN_mod_inverse in Montgomery intialization uses the -- * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) -- */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- BN_init(&local_p); -- p = &local_p; -- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -- -- BN_init(&local_q); -- q = &local_q; -- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); -- } -- else -- { -- p = rsa->p; -- q = rsa->q; -- } -- -- if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) -- { -- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) -- goto err; -- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) -- goto err; -- } -- } -- -- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -- goto err; -- -- /* compute I mod q */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- c = &local_c; -- BN_with_flags(c, I, BN_FLG_CONSTTIME); -- if (!BN_mod(r1,c,rsa->q,ctx)) goto err; -- } -- else -- { -- if (!BN_mod(r1,I,rsa->q,ctx)) goto err; -- } -- -- /* compute r1^dmq1 mod q */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- dmq1 = &local_dmq1; -- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); -- } -- else -- dmq1 = rsa->dmq1; -- if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx, -- rsa->_method_mod_q)) goto err; -- -- /* compute I mod p */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- c = &local_c; -- BN_with_flags(c, I, BN_FLG_CONSTTIME); -- if (!BN_mod(r1,c,rsa->p,ctx)) goto err; -- } -- else -- { -- if (!BN_mod(r1,I,rsa->p,ctx)) goto err; -- } -- -- /* compute r1^dmp1 mod p */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- dmp1 = &local_dmp1; -- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); -- } -- else -- dmp1 = rsa->dmp1; -- if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx, -- rsa->_method_mod_p)) goto err; -- -- if (!BN_sub(r0,r0,m1)) goto err; -- /* This will help stop the size of r0 increasing, which does -- * affect the multiply if it optimised for a power of 2 size */ -- if (BN_is_negative(r0)) -- if (!BN_add(r0,r0,rsa->p)) goto err; -- -- if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; -- -- /* Turn BN_FLG_CONSTTIME flag on before division operation */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- pr1 = &local_r1; -- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); -- } -- else -- pr1 = r1; -- if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; -- -- /* If p < q it is occasionally possible for the correction of -- * adding 'p' if r0 is negative above to leave the result still -- * negative. This can break the private key operations: the following -- * second correction should *always* correct this rare occurrence. -- * This will *never* happen with OpenSSL generated keys because -- * they ensure p > q [steve] -+{ -+ BIGNUM *r1, *m1, *vrfy; -+ BIGNUM local_dmp1, local_dmq1, local_c, local_r1; -+ BIGNUM *dmp1, *dmq1, *c, *pr1; -+ int ret = 0; -+ -+ BN_CTX_start(ctx); -+ r1 = BN_CTX_get(ctx); -+ m1 = BN_CTX_get(ctx); -+ vrfy = BN_CTX_get(ctx); -+ -+ { -+ BIGNUM local_p, local_q; -+ BIGNUM *p = NULL, *q = NULL; -+ -+ /* -+ * Make sure BN_mod_inverse in Montgomery intialization uses the -+ * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) -+ */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ BN_init(&local_p); -+ p = &local_p; -+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -+ -+ BN_init(&local_q); -+ q = &local_q; -+ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); -+ } else { -+ p = rsa->p; -+ q = rsa->q; -+ } -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) -+ goto err; -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) -+ goto err; -+ } -+ } -+ -+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) -+ if (!BN_MONT_CTX_set_locked -+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) -+ goto err; -+ -+ /* compute I mod q */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ c = &local_c; -+ BN_with_flags(c, I, BN_FLG_CONSTTIME); -+ if (!BN_mod(r1, c, rsa->q, ctx)) -+ goto err; -+ } else { -+ if (!BN_mod(r1, I, rsa->q, ctx)) -+ goto err; -+ } -+ -+ /* compute r1^dmq1 mod q */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ dmq1 = &local_dmq1; -+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); -+ } else -+ dmq1 = rsa->dmq1; -+ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q)) -+ goto err; -+ -+ /* compute I mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ c = &local_c; -+ BN_with_flags(c, I, BN_FLG_CONSTTIME); -+ if (!BN_mod(r1, c, rsa->p, ctx)) -+ goto err; -+ } else { -+ if (!BN_mod(r1, I, rsa->p, ctx)) -+ goto err; -+ } -+ -+ /* compute r1^dmp1 mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ dmp1 = &local_dmp1; -+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); -+ } else -+ dmp1 = rsa->dmp1; -+ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p)) -+ goto err; -+ -+ if (!BN_sub(r0, r0, m1)) -+ goto err; -+ /* -+ * This will help stop the size of r0 increasing, which does affect the -+ * multiply if it optimised for a power of 2 size -+ */ -+ if (BN_is_negative(r0)) -+ if (!BN_add(r0, r0, rsa->p)) -+ goto err; -+ -+ if (!BN_mul(r1, r0, rsa->iqmp, ctx)) -+ goto err; -+ -+ /* Turn BN_FLG_CONSTTIME flag on before division operation */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ pr1 = &local_r1; -+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); -+ } else -+ pr1 = r1; -+ if (!BN_mod(r0, pr1, rsa->p, ctx)) -+ goto err; -+ -+ /* -+ * If p < q it is occasionally possible for the correction of adding 'p' -+ * if r0 is negative above to leave the result still negative. This can -+ * break the private key operations: the following second correction -+ * should *always* correct this rare occurrence. This will *never* happen -+ * with OpenSSL generated keys because they ensure p > q [steve] -+ */ -+ if (BN_is_negative(r0)) -+ if (!BN_add(r0, r0, rsa->p)) -+ goto err; -+ if (!BN_mul(r1, r0, rsa->q, ctx)) -+ goto err; -+ if (!BN_add(r0, r1, m1)) -+ goto err; -+ -+ if (rsa->e && rsa->n) { -+ if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ /* -+ * If 'I' was greater than (or equal to) rsa->n, the operation will -+ * be equivalent to using 'I mod n'. However, the result of the -+ * verify will *always* be less than 'n' so we don't check for -+ * absolute equality, just congruency. - */ -- if (BN_is_negative(r0)) -- if (!BN_add(r0,r0,rsa->p)) goto err; -- if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; -- if (!BN_add(r0,r1,m1)) goto err; -- -- if (rsa->e && rsa->n) -- { -- if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; -- /* If 'I' was greater than (or equal to) rsa->n, the operation -- * will be equivalent to using 'I mod n'. However, the result of -- * the verify will *always* be less than 'n' so we don't check -- * for absolute equality, just congruency. */ -- if (!BN_sub(vrfy, vrfy, I)) goto err; -- if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; -- if (BN_is_negative(vrfy)) -- if (!BN_add(vrfy, vrfy, rsa->n)) goto err; -- if (!BN_is_zero(vrfy)) -- { -- /* 'I' and 'vrfy' aren't congruent mod n. Don't leak -- * miscalculated CRT output, just do a raw (slower) -- * mod_exp and return that instead. */ -- -- BIGNUM local_d; -- BIGNUM *d = NULL; -- -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- d = &local_d; -- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -- } -- else -- d = rsa->d; -- if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, -- rsa->_method_mod_n)) goto err; -- } -- } -- ret=1; --err: -- BN_CTX_end(ctx); -- return(ret); -- } -+ if (!BN_sub(vrfy, vrfy, I)) -+ goto err; -+ if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) -+ goto err; -+ if (BN_is_negative(vrfy)) -+ if (!BN_add(vrfy, vrfy, rsa->n)) -+ goto err; -+ if (!BN_is_zero(vrfy)) { -+ /* -+ * 'I' and 'vrfy' aren't congruent mod n. Don't leak -+ * miscalculated CRT output, just do a raw (slower) mod_exp and -+ * return that instead. -+ */ -+ -+ BIGNUM local_d; -+ BIGNUM *d = NULL; -+ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; -+ if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, -+ rsa->_method_mod_n)) -+ goto err; -+ } -+ } -+ ret = 1; -+ err: -+ BN_CTX_end(ctx); -+ return (ret); -+} - - static int RSA_eay_init(RSA *rsa) -- { -- rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; -- return(1); -- } -+{ -+ rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; -+ return (1); -+} - - static int RSA_eay_finish(RSA *rsa) -- { -- if (rsa->_method_mod_n != NULL) -- BN_MONT_CTX_free(rsa->_method_mod_n); -- if (rsa->_method_mod_p != NULL) -- BN_MONT_CTX_free(rsa->_method_mod_p); -- if (rsa->_method_mod_q != NULL) -- BN_MONT_CTX_free(rsa->_method_mod_q); -- return(1); -- } -+{ -+ if (rsa->_method_mod_n != NULL) -+ BN_MONT_CTX_free(rsa->_method_mod_n); -+ if (rsa->_method_mod_p != NULL) -+ BN_MONT_CTX_free(rsa->_method_mod_p); -+ if (rsa->_method_mod_q != NULL) -+ BN_MONT_CTX_free(rsa->_method_mod_q); -+ return (1); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c -index 2f21ddb..e1f8a52 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,294 +64,294 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - --const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; -+const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT; - --static const RSA_METHOD *default_RSA_meth=NULL; -+static const RSA_METHOD *default_RSA_meth = NULL; - - RSA *RSA_new(void) -- { -- RSA *r=RSA_new_method(NULL); -+{ -+ RSA *r = RSA_new_method(NULL); - -- return r; -- } -+ return r; -+} - - void RSA_set_default_method(const RSA_METHOD *meth) -- { -+{ - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) -- { -- RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD); -- return; -- } -+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD); -+ return; -+ } - #endif -- default_RSA_meth = meth; -- } -+ default_RSA_meth = meth; -+} - - const RSA_METHOD *RSA_get_default_method(void) -- { -- if (default_RSA_meth == NULL) -- { -+{ -+ if (default_RSA_meth == NULL) { - #ifdef RSA_NULL -- default_RSA_meth=RSA_null_method(); --#else --#if 0 /* was: #ifdef RSAref */ -- default_RSA_meth=RSA_PKCS1_RSAref(); -+ default_RSA_meth = RSA_null_method(); - #else -- default_RSA_meth=RSA_PKCS1_SSLeay(); --#endif -+# if 0 /* was: #ifdef RSAref */ -+ default_RSA_meth = RSA_PKCS1_RSAref(); -+# else -+ default_RSA_meth = RSA_PKCS1_SSLeay(); -+# endif - #endif -- } -+ } - -- return default_RSA_meth; -- } -+ return default_RSA_meth; -+} - - const RSA_METHOD *RSA_get_method(const RSA *rsa) -- { -- return rsa->meth; -- } -+{ -+ return rsa->meth; -+} - - int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) -- { -- /* NB: The caller is specifically setting a method, so it's not up to us -- * to deal with which ENGINE it comes from. */ -- const RSA_METHOD *mtmp; -+{ -+ /* -+ * NB: The caller is specifically setting a method, so it's not up to us -+ * to deal with which ENGINE it comes from. -+ */ -+ const RSA_METHOD *mtmp; - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) -- { -- RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD); -- return 0; -- } -+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD); -+ return 0; -+ } - #endif -- mtmp = rsa->meth; -- if (mtmp->finish) mtmp->finish(rsa); -+ mtmp = rsa->meth; -+ if (mtmp->finish) -+ mtmp->finish(rsa); - #ifndef OPENSSL_NO_ENGINE -- if (rsa->engine) -- { -- ENGINE_finish(rsa->engine); -- rsa->engine = NULL; -- } -+ if (rsa->engine) { -+ ENGINE_finish(rsa->engine); -+ rsa->engine = NULL; -+ } - #endif -- rsa->meth = meth; -- if (meth->init) meth->init(rsa); -- return 1; -- } -+ rsa->meth = meth; -+ if (meth->init) -+ meth->init(rsa); -+ return 1; -+} - - RSA *RSA_new_method(ENGINE *engine) -- { -- RSA *ret; -+{ -+ RSA *ret; - -- ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); -- if (ret == NULL) -- { -- RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -+ ret = (RSA *)OPENSSL_malloc(sizeof(RSA)); -+ if (ret == NULL) { -+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } - -- ret->meth = RSA_get_default_method(); -+ ret->meth = RSA_get_default_method(); - #ifndef OPENSSL_NO_ENGINE -- if (engine) -- { -- if (!ENGINE_init(engine)) -- { -- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); -- OPENSSL_free(ret); -- return NULL; -- } -- ret->engine = engine; -- } -- else -- ret->engine = ENGINE_get_default_RSA(); -- if(ret->engine) -- { -- ret->meth = ENGINE_get_RSA(ret->engine); -- if(!ret->meth) -- { -- RSAerr(RSA_F_RSA_NEW_METHOD, -- ERR_R_ENGINE_LIB); -- ENGINE_finish(ret->engine); -- OPENSSL_free(ret); -- return NULL; -- } -- } -+ if (engine) { -+ if (!ENGINE_init(engine)) { -+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ ret->engine = engine; -+ } else -+ ret->engine = ENGINE_get_default_RSA(); -+ if (ret->engine) { -+ ret->meth = ENGINE_get_RSA(ret->engine); -+ if (!ret->meth) { -+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); -+ ENGINE_finish(ret->engine); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ } - #endif - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) -- { -- RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD); --#ifndef OPENSSL_NO_ENGINE -- if (ret->engine) -- ENGINE_finish(ret->engine); --#endif -- OPENSSL_free(ret); -- return NULL; -- } -+ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD); -+# ifndef OPENSSL_NO_ENGINE -+ if (ret->engine) -+ ENGINE_finish(ret->engine); -+# endif -+ OPENSSL_free(ret); -+ return NULL; -+ } - #endif - -- ret->pad=0; -- ret->version=0; -- ret->n=NULL; -- ret->e=NULL; -- ret->d=NULL; -- ret->p=NULL; -- ret->q=NULL; -- ret->dmp1=NULL; -- ret->dmq1=NULL; -- ret->iqmp=NULL; -- ret->references=1; -- ret->_method_mod_n=NULL; -- ret->_method_mod_p=NULL; -- ret->_method_mod_q=NULL; -- ret->blinding=NULL; -- ret->mt_blinding=NULL; -- ret->bignum_data=NULL; -- ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; -- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) -- { -+ ret->pad = 0; -+ ret->version = 0; -+ ret->n = NULL; -+ ret->e = NULL; -+ ret->d = NULL; -+ ret->p = NULL; -+ ret->q = NULL; -+ ret->dmp1 = NULL; -+ ret->dmq1 = NULL; -+ ret->iqmp = NULL; -+ ret->references = 1; -+ ret->_method_mod_n = NULL; -+ ret->_method_mod_p = NULL; -+ ret->_method_mod_q = NULL; -+ ret->blinding = NULL; -+ ret->mt_blinding = NULL; -+ ret->bignum_data = NULL; -+ ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; -+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { - #ifndef OPENSSL_NO_ENGINE -- if (ret->engine) -- ENGINE_finish(ret->engine); -+ if (ret->engine) -+ ENGINE_finish(ret->engine); - #endif -- OPENSSL_free(ret); -- return(NULL); -- } -+ OPENSSL_free(ret); -+ return (NULL); -+ } - -- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) -- { -+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - #ifndef OPENSSL_NO_ENGINE -- if (ret->engine) -- ENGINE_finish(ret->engine); -+ if (ret->engine) -+ ENGINE_finish(ret->engine); - #endif -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); -- OPENSSL_free(ret); -- ret=NULL; -- } -- return(ret); -- } -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); -+ OPENSSL_free(ret); -+ ret = NULL; -+ } -+ return (ret); -+} - - void RSA_free(RSA *r) -- { -- int i; -+{ -+ int i; - -- if (r == NULL) return; -+ if (r == NULL) -+ return; - -- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); -+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); - #ifdef REF_PRINT -- REF_PRINT("RSA",r); -+ REF_PRINT("RSA", r); - #endif -- if (i > 0) return; -+ if (i > 0) -+ return; - #ifdef REF_CHECK -- if (i < 0) -- { -- fprintf(stderr,"RSA_free, bad reference count\n"); -- abort(); -- } -+ if (i < 0) { -+ fprintf(stderr, "RSA_free, bad reference count\n"); -+ abort(); -+ } - #endif - -- if (r->meth->finish) -- r->meth->finish(r); -+ if (r->meth->finish) -+ r->meth->finish(r); - #ifndef OPENSSL_NO_ENGINE -- if (r->engine) -- ENGINE_finish(r->engine); -+ if (r->engine) -+ ENGINE_finish(r->engine); - #endif - -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); - -- if (r->n != NULL) BN_clear_free(r->n); -- if (r->e != NULL) BN_clear_free(r->e); -- if (r->d != NULL) BN_clear_free(r->d); -- if (r->p != NULL) BN_clear_free(r->p); -- if (r->q != NULL) BN_clear_free(r->q); -- if (r->dmp1 != NULL) BN_clear_free(r->dmp1); -- if (r->dmq1 != NULL) BN_clear_free(r->dmq1); -- if (r->iqmp != NULL) BN_clear_free(r->iqmp); -- if (r->blinding != NULL) BN_BLINDING_free(r->blinding); -- if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); -- if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); -- OPENSSL_free(r); -- } -+ if (r->n != NULL) -+ BN_clear_free(r->n); -+ if (r->e != NULL) -+ BN_clear_free(r->e); -+ if (r->d != NULL) -+ BN_clear_free(r->d); -+ if (r->p != NULL) -+ BN_clear_free(r->p); -+ if (r->q != NULL) -+ BN_clear_free(r->q); -+ if (r->dmp1 != NULL) -+ BN_clear_free(r->dmp1); -+ if (r->dmq1 != NULL) -+ BN_clear_free(r->dmq1); -+ if (r->iqmp != NULL) -+ BN_clear_free(r->iqmp); -+ if (r->blinding != NULL) -+ BN_BLINDING_free(r->blinding); -+ if (r->mt_blinding != NULL) -+ BN_BLINDING_free(r->mt_blinding); -+ if (r->bignum_data != NULL) -+ OPENSSL_free_locked(r->bignum_data); -+ OPENSSL_free(r); -+} - - int RSA_up_ref(RSA *r) -- { -- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); -+{ -+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); - #ifdef REF_PRINT -- REF_PRINT("RSA",r); -+ REF_PRINT("RSA", r); - #endif - #ifdef REF_CHECK -- if (i < 2) -- { -- fprintf(stderr, "RSA_up_ref, bad reference count\n"); -- abort(); -- } -+ if (i < 2) { -+ fprintf(stderr, "RSA_up_ref, bad reference count\n"); -+ abort(); -+ } - #endif -- return ((i > 1) ? 1 : 0); -- } -+ return ((i > 1) ? 1 : 0); -+} - - int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, -- new_func, dup_func, free_func); -- } -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, -+ new_func, dup_func, free_func); -+} - - int RSA_set_ex_data(RSA *r, int idx, void *arg) -- { -- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); -- } -+{ -+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); -+} - - void *RSA_get_ex_data(const RSA *r, int idx) -- { -- return(CRYPTO_get_ex_data(&r->ex_data,idx)); -- } -+{ -+ return (CRYPTO_get_ex_data(&r->ex_data, idx)); -+} - - int RSA_flags(const RSA *r) -- { -- return((r == NULL)?0:r->meth->flags); -- } -+{ -+ return ((r == NULL) ? 0 : r->meth->flags); -+} - - int RSA_memory_lock(RSA *r) -- { -- int i,j,k,off; -- char *p; -- BIGNUM *bn,**t[6],*b; -- BN_ULONG *ul; -+{ -+ int i, j, k, off; -+ char *p; -+ BIGNUM *bn, **t[6], *b; -+ BN_ULONG *ul; -+ -+ if (r->d == NULL) -+ return (1); -+ t[0] = &r->d; -+ t[1] = &r->p; -+ t[2] = &r->q; -+ t[3] = &r->dmp1; -+ t[4] = &r->dmq1; -+ t[5] = &r->iqmp; -+ k = sizeof(BIGNUM) * 6; -+ off = k / sizeof(BN_ULONG) + 1; -+ j = 1; -+ for (i = 0; i < 6; i++) -+ j += (*t[i])->top; -+ if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) { -+ RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ bn = (BIGNUM *)p; -+ ul = (BN_ULONG *)&(p[off]); -+ for (i = 0; i < 6; i++) { -+ b = *(t[i]); -+ *(t[i]) = &(bn[i]); -+ memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM)); -+ bn[i].flags = BN_FLG_STATIC_DATA; -+ bn[i].d = ul; -+ memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top); -+ ul += b->top; -+ BN_clear_free(b); -+ } - -- if (r->d == NULL) return(1); -- t[0]= &r->d; -- t[1]= &r->p; -- t[2]= &r->q; -- t[3]= &r->dmp1; -- t[4]= &r->dmq1; -- t[5]= &r->iqmp; -- k=sizeof(BIGNUM)*6; -- off=k/sizeof(BN_ULONG)+1; -- j=1; -- for (i=0; i<6; i++) -- j+= (*t[i])->top; -- if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) -- { -- RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- bn=(BIGNUM *)p; -- ul=(BN_ULONG *)&(p[off]); -- for (i=0; i<6; i++) -- { -- b= *(t[i]); -- *(t[i])= &(bn[i]); -- memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); -- bn[i].flags=BN_FLG_STATIC_DATA; -- bn[i].d=ul; -- memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); -- ul+=b->top; -- BN_clear_free(b); -- } -- -- /* I should fix this so it can still be done */ -- r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); -+ /* I should fix this so it can still be done */ -+ r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC); - -- r->bignum_data=p; -- return(1); -- } -+ r->bignum_data = p; -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c -index 501f5ea..4457c42 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,115 +66,130 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) - --static ERR_STRING_DATA RSA_str_functs[]= -- { --{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, --{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, --{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, --{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, --{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, --{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, --{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, --{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, --{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, --{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, --{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, --{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, --{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, --{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, --{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, --{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, --{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, --{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, --{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, --{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, --{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, --{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"}, --{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"}, --{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, --{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"}, --{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"}, --{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"}, --{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"}, --{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"}, --{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"}, --{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, --{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, --{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, --{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, --{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, --{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, --{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, --{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, --{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, --{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, --{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, --{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"}, --{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, --{0,NULL} -- }; -+static ERR_STRING_DATA RSA_str_functs[] = { -+ {ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, -+ {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, -+ {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, -+ {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, -+ {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, -+ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, -+ {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, -+ {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, -+ {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), -+ "RSA_padding_add_PKCS1_OAEP"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), -+ "RSA_padding_add_PKCS1_type_1"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), -+ "RSA_padding_add_PKCS1_type_2"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), -+ "RSA_padding_check_PKCS1_OAEP"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), -+ "RSA_padding_check_PKCS1_type_1"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), -+ "RSA_padding_check_PKCS1_type_2"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"}, -+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, -+ {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, -+ {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, -+ {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, -+ {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, -+ {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, -+ {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, -+ {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, -+ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, -+ {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), -+ "RSA_sign_ASN1_OCTET_STRING"}, -+ {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, -+ {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), -+ "RSA_verify_ASN1_OCTET_STRING"}, -+ {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA RSA_str_reasons[]= -- { --{ERR_REASON(RSA_R_ALGORITHM_MISMATCH) ,"algorithm mismatch"}, --{ERR_REASON(RSA_R_BAD_E_VALUE) ,"bad e value"}, --{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"}, --{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) ,"bad pad byte count"}, --{ERR_REASON(RSA_R_BAD_SIGNATURE) ,"bad signature"}, --{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) ,"block type is not 01"}, --{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) ,"block type is not 02"}, --{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"}, --{ERR_REASON(RSA_R_DATA_TOO_LARGE) ,"data too large"}, --{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, --{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"}, --{ERR_REASON(RSA_R_DATA_TOO_SMALL) ,"data too small"}, --{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"}, --{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"}, --{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"}, --{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"}, --{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"}, --{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"}, --{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"}, --{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"}, --{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"}, --{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"}, --{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, --{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, --{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, --{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, --{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"}, --{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, --{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, --{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, --{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, --{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, --{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, --{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, --{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, --{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, --{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"}, --{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"}, --{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"}, --{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, --{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, --{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, --{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, --{0,NULL} -- }; -+static ERR_STRING_DATA RSA_str_reasons[] = { -+ {ERR_REASON(RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"}, -+ {ERR_REASON(RSA_R_BAD_E_VALUE), "bad e value"}, -+ {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"}, -+ {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"}, -+ {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"}, -+ {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"}, -+ {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"}, -+ {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), -+ "data greater than mod len"}, -+ {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"}, -+ {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), -+ "data too large for key size"}, -+ {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), -+ "data too large for modulus"}, -+ {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"}, -+ {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), -+ "data too small for key size"}, -+ {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), -+ "digest too big for rsa key"}, -+ {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"}, -+ {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"}, -+ {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"}, -+ {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"}, -+ {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"}, -+ {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"}, -+ {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"}, -+ {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"}, -+ {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"}, -+ {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, -+ {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, -+ {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, -+ {ERR_REASON(RSA_R_NON_FIPS_METHOD), "non fips method"}, -+ {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, -+ {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), -+ "null before block missing"}, -+ {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"}, -+ {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, -+ {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), -+ "operation not allowed in fips mode"}, -+ {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, -+ {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"}, -+ {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"}, -+ {ERR_REASON(RSA_R_Q_NOT_PRIME), "q not prime"}, -+ {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), -+ "rsa operations not supported"}, -+ {ERR_REASON(RSA_R_SLEN_CHECK_FAILED), "salt length check failed"}, -+ {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED), "salt length recovery failed"}, -+ {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK), "sslv3 rollback attack"}, -+ {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), -+ "the asn1 object identifier is not known for this md"}, -+ {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"}, -+ {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"}, -+ {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_RSA_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,RSA_str_functs); -- ERR_load_strings(0,RSA_str_reasons); -- } -+ if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, RSA_str_functs); -+ ERR_load_strings(0, RSA_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c -index 41278f8..5522827 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,17 +49,17 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -- --/* NB: these functions have been "upgraded", the deprecated versions (which are -- * compatibility wrappers using these functions) are in rsa_depr.c. -- * - Geoff -+/* -+ * NB: these functions have been "upgraded", the deprecated versions (which -+ * are compatibility wrappers using these functions) are in rsa_depr.c. - -+ * Geoff - */ - - #include -@@ -70,153 +70,169 @@ - - #ifndef OPENSSL_FIPS - --static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); -+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, -+ BN_GENCB *cb); - --/* NB: this wrapper would normally be placed in rsa_lib.c and the static -- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so -- * that we don't introduce a new linker dependency. Eg. any application that -- * wasn't previously linking object code related to key-generation won't have to -- * now just because key-generation is part of RSA_METHOD. */ -+/* -+ * NB: this wrapper would normally be placed in rsa_lib.c and the static -+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here -+ * so that we don't introduce a new linker dependency. Eg. any application -+ * that wasn't previously linking object code related to key-generation won't -+ * have to now just because key-generation is part of RSA_METHOD. -+ */ - int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) -- { -- if(rsa->meth->rsa_keygen) -- return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); -- return rsa_builtin_keygen(rsa, bits, e_value, cb); -- } -- --static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) -- { -- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; -- BIGNUM local_r0,local_d,local_p; -- BIGNUM *pr0,*d,*p; -- int bitsp,bitsq,ok= -1,n=0; -- BN_CTX *ctx=NULL; -- -- ctx=BN_CTX_new(); -- if (ctx == NULL) goto err; -- BN_CTX_start(ctx); -- r0 = BN_CTX_get(ctx); -- r1 = BN_CTX_get(ctx); -- r2 = BN_CTX_get(ctx); -- r3 = BN_CTX_get(ctx); -- if (r3 == NULL) goto err; -- -- bitsp=(bits+1)/2; -- bitsq=bits-bitsp; -- -- /* We need the RSA components non-NULL */ -- if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; -- if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; -- if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; -- if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; -- if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; -- if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; -- if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; -- if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; -- -- BN_copy(rsa->e, e_value); -- -- /* generate p and q */ -- for (;;) -- { -- if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) -- goto err; -- if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; -- if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; -- if (BN_is_one(r1)) break; -- if(!BN_GENCB_call(cb, 2, n++)) -- goto err; -- } -- if(!BN_GENCB_call(cb, 3, 0)) -- goto err; -- for (;;) -- { -- /* When generating ridiculously small keys, we can get stuck -- * continually regenerating the same prime values. Check for -- * this and bail if it happens 3 times. */ -- unsigned int degenerate = 0; -- do -- { -- if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) -- goto err; -- } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); -- if(degenerate == 3) -- { -- ok = 0; /* we set our own err */ -- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL); -- goto err; -- } -- if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; -- if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; -- if (BN_is_one(r1)) -- break; -- if(!BN_GENCB_call(cb, 2, n++)) -- goto err; -- } -- if(!BN_GENCB_call(cb, 3, 1)) -- goto err; -- if (BN_cmp(rsa->p,rsa->q) < 0) -- { -- tmp=rsa->p; -- rsa->p=rsa->q; -- rsa->q=tmp; -- } -- -- /* calculate n */ -- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; -- -- /* calculate d */ -- if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ -- if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ -- if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- pr0 = &local_r0; -- BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); -- } -- else -- pr0 = r0; -- if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */ -- -- /* set up d for correct BN_FLG_CONSTTIME flag */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- d = &local_d; -- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -- } -- else -- d = rsa->d; -- -- /* calculate d mod (p-1) */ -- if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err; -- -- /* calculate d mod (q-1) */ -- if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err; -- -- /* calculate inverse of q mod p */ -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- p = &local_p; -- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -- } -- else -- p = rsa->p; -- if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; -- -- ok=1; --err: -- if (ok == -1) -- { -- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); -- ok=0; -- } -- if (ctx != NULL) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- -- return ok; -- } -+{ -+ if (rsa->meth->rsa_keygen) -+ return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); -+ return rsa_builtin_keygen(rsa, bits, e_value, cb); -+} -+ -+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, -+ BN_GENCB *cb) -+{ -+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; -+ BIGNUM local_r0, local_d, local_p; -+ BIGNUM *pr0, *d, *p; -+ int bitsp, bitsq, ok = -1, n = 0; -+ BN_CTX *ctx = NULL; -+ -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ r0 = BN_CTX_get(ctx); -+ r1 = BN_CTX_get(ctx); -+ r2 = BN_CTX_get(ctx); -+ r3 = BN_CTX_get(ctx); -+ if (r3 == NULL) -+ goto err; -+ -+ bitsp = (bits + 1) / 2; -+ bitsq = bits - bitsp; -+ -+ /* We need the RSA components non-NULL */ -+ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->d && ((rsa->d = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->p && ((rsa->p = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->q && ((rsa->q = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) -+ goto err; -+ -+ BN_copy(rsa->e, e_value); -+ -+ /* generate p and q */ -+ for (;;) { -+ if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) -+ goto err; -+ if (!BN_sub(r2, rsa->p, BN_value_one())) -+ goto err; -+ if (!BN_gcd(r1, r2, rsa->e, ctx)) -+ goto err; -+ if (BN_is_one(r1)) -+ break; -+ if (!BN_GENCB_call(cb, 2, n++)) -+ goto err; -+ } -+ if (!BN_GENCB_call(cb, 3, 0)) -+ goto err; -+ for (;;) { -+ /* -+ * When generating ridiculously small keys, we can get stuck -+ * continually regenerating the same prime values. Check for this and -+ * bail if it happens 3 times. -+ */ -+ unsigned int degenerate = 0; -+ do { -+ if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) -+ goto err; -+ } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); -+ if (degenerate == 3) { -+ ok = 0; /* we set our own err */ -+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); -+ goto err; -+ } -+ if (!BN_sub(r2, rsa->q, BN_value_one())) -+ goto err; -+ if (!BN_gcd(r1, r2, rsa->e, ctx)) -+ goto err; -+ if (BN_is_one(r1)) -+ break; -+ if (!BN_GENCB_call(cb, 2, n++)) -+ goto err; -+ } -+ if (!BN_GENCB_call(cb, 3, 1)) -+ goto err; -+ if (BN_cmp(rsa->p, rsa->q) < 0) { -+ tmp = rsa->p; -+ rsa->p = rsa->q; -+ rsa->q = tmp; -+ } -+ -+ /* calculate n */ -+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) -+ goto err; -+ -+ /* calculate d */ -+ if (!BN_sub(r1, rsa->p, BN_value_one())) -+ goto err; /* p-1 */ -+ if (!BN_sub(r2, rsa->q, BN_value_one())) -+ goto err; /* q-1 */ -+ if (!BN_mul(r0, r1, r2, ctx)) -+ goto err; /* (p-1)(q-1) */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ pr0 = &local_r0; -+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); -+ } else -+ pr0 = r0; -+ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) -+ goto err; /* d */ -+ -+ /* set up d for correct BN_FLG_CONSTTIME flag */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; -+ -+ /* calculate d mod (p-1) */ -+ if (!BN_mod(rsa->dmp1, d, r1, ctx)) -+ goto err; -+ -+ /* calculate d mod (q-1) */ -+ if (!BN_mod(rsa->dmq1, d, r2, ctx)) -+ goto err; -+ -+ /* calculate inverse of q mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ p = &local_p; -+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -+ } else -+ p = rsa->p; -+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) -+ goto err; -+ -+ ok = 1; -+ err: -+ if (ok == -1) { -+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); -+ ok = 0; -+ } -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ -+ return ok; -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c -index 5714841..6638728 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,171 +64,165 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - - int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, -- RSA *rsa, int padding) -- { -- return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); -- } -- --int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, -- RSA *rsa, int padding) -- { -+ RSA *rsa, int padding) -+{ -+ return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); -+} -+ -+int RSA_private_encrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding) -+{ - #ifdef OPENSSL_FIPS -- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) -- { -- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return 0; -- } -+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, -+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return 0; -+ } - #endif -- return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); -- } -+ return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); -+} - --int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, -- RSA *rsa, int padding) -- { -- return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); -- } -+int RSA_private_decrypt(int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); -+} - - int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, -- RSA *rsa, int padding) -- { -+ RSA *rsa, int padding) -+{ - #ifdef OPENSSL_FIPS -- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) -- { -- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return 0; -- } -+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, -+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return 0; -+ } - #endif -- return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); -- } -+ return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); -+} - - int RSA_size(const RSA *r) -- { -- return(BN_num_bytes(r->n)); -- } -+{ -+ return (BN_num_bytes(r->n)); -+} - - void RSA_blinding_off(RSA *rsa) -- { -- if (rsa->blinding != NULL) -- { -- BN_BLINDING_free(rsa->blinding); -- rsa->blinding=NULL; -- } -- rsa->flags &= ~RSA_FLAG_BLINDING; -- rsa->flags |= RSA_FLAG_NO_BLINDING; -- } -+{ -+ if (rsa->blinding != NULL) { -+ BN_BLINDING_free(rsa->blinding); -+ rsa->blinding = NULL; -+ } -+ rsa->flags &= ~RSA_FLAG_BLINDING; -+ rsa->flags |= RSA_FLAG_NO_BLINDING; -+} - - int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) -- { -- int ret=0; -+{ -+ int ret = 0; - -- if (rsa->blinding != NULL) -- RSA_blinding_off(rsa); -+ if (rsa->blinding != NULL) -+ RSA_blinding_off(rsa); - -- rsa->blinding = RSA_setup_blinding(rsa, ctx); -- if (rsa->blinding == NULL) -- goto err; -+ rsa->blinding = RSA_setup_blinding(rsa, ctx); -+ if (rsa->blinding == NULL) -+ goto err; - -- rsa->flags |= RSA_FLAG_BLINDING; -- rsa->flags &= ~RSA_FLAG_NO_BLINDING; -- ret=1; --err: -- return(ret); -- } -+ rsa->flags |= RSA_FLAG_BLINDING; -+ rsa->flags &= ~RSA_FLAG_NO_BLINDING; -+ ret = 1; -+ err: -+ return (ret); -+} - - static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, -- const BIGNUM *q, BN_CTX *ctx) -+ const BIGNUM *q, BN_CTX *ctx) - { -- BIGNUM *ret = NULL, *r0, *r1, *r2; -- -- if (d == NULL || p == NULL || q == NULL) -- return NULL; -- -- BN_CTX_start(ctx); -- r0 = BN_CTX_get(ctx); -- r1 = BN_CTX_get(ctx); -- r2 = BN_CTX_get(ctx); -- if (r2 == NULL) -- goto err; -- -- if (!BN_sub(r1, p, BN_value_one())) goto err; -- if (!BN_sub(r2, q, BN_value_one())) goto err; -- if (!BN_mul(r0, r1, r2, ctx)) goto err; -- -- ret = BN_mod_inverse(NULL, d, r0, ctx); --err: -- BN_CTX_end(ctx); -- return ret; -+ BIGNUM *ret = NULL, *r0, *r1, *r2; -+ -+ if (d == NULL || p == NULL || q == NULL) -+ return NULL; -+ -+ BN_CTX_start(ctx); -+ r0 = BN_CTX_get(ctx); -+ r1 = BN_CTX_get(ctx); -+ r2 = BN_CTX_get(ctx); -+ if (r2 == NULL) -+ goto err; -+ -+ if (!BN_sub(r1, p, BN_value_one())) -+ goto err; -+ if (!BN_sub(r2, q, BN_value_one())) -+ goto err; -+ if (!BN_mul(r0, r1, r2, ctx)) -+ goto err; -+ -+ ret = BN_mod_inverse(NULL, d, r0, ctx); -+ err: -+ BN_CTX_end(ctx); -+ return ret; - } - - BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) - { -- BIGNUM local_n; -- BIGNUM *e,*n; -- BN_CTX *ctx; -- BN_BLINDING *ret = NULL; -- -- if (in_ctx == NULL) -- { -- if ((ctx = BN_CTX_new()) == NULL) return 0; -- } -- else -- ctx = in_ctx; -- -- BN_CTX_start(ctx); -- e = BN_CTX_get(ctx); -- if (e == NULL) -- { -- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- if (rsa->e == NULL) -- { -- e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); -- if (e == NULL) -- { -- RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); -- goto err; -- } -- } -- else -- e = rsa->e; -- -- -- if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) -- { -- /* if PRNG is not properly seeded, resort to secret -- * exponent as unpredictable seed */ -- RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); -- } -- -- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -- { -- /* Set BN_FLG_CONSTTIME flag */ -- n = &local_n; -- BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); -- } -- else -- n = rsa->n; -- -- ret = BN_BLINDING_create_param(NULL, e, n, ctx, -- rsa->meth->bn_mod_exp, rsa->_method_mod_n); -- if (ret == NULL) -- { -- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); -- goto err; -- } -- BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); --err: -- BN_CTX_end(ctx); -- if (in_ctx == NULL) -- BN_CTX_free(ctx); -- if(rsa->e == NULL) -- BN_free(e); -- -- return ret; -+ BIGNUM local_n; -+ BIGNUM *e, *n; -+ BN_CTX *ctx; -+ BN_BLINDING *ret = NULL; -+ -+ if (in_ctx == NULL) { -+ if ((ctx = BN_CTX_new()) == NULL) -+ return 0; -+ } else -+ ctx = in_ctx; -+ -+ BN_CTX_start(ctx); -+ e = BN_CTX_get(ctx); -+ if (e == NULL) { -+ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (rsa->e == NULL) { -+ e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); -+ if (e == NULL) { -+ RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); -+ goto err; -+ } -+ } else -+ e = rsa->e; -+ -+ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) { -+ /* -+ * if PRNG is not properly seeded, resort to secret exponent as -+ * unpredictable seed -+ */ -+ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ /* Set BN_FLG_CONSTTIME flag */ -+ n = &local_n; -+ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); -+ } else -+ n = rsa->n; -+ -+ ret = BN_BLINDING_create_param(NULL, e, n, ctx, -+ rsa->meth->bn_mod_exp, rsa->_method_mod_n); -+ if (ret == NULL) { -+ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); -+ goto err; -+ } -+ BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); -+ err: -+ BN_CTX_end(ctx); -+ if (in_ctx == NULL) -+ BN_CTX_free(ctx); -+ if (rsa->e == NULL) -+ BN_free(e); -+ -+ return ret; - } -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c -index e6f3e62..982b31f 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,36 +63,32 @@ - #include - - int RSA_padding_add_none(unsigned char *to, int tlen, -- const unsigned char *from, int flen) -- { -- if (flen > tlen) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -- return(0); -- } -+ const unsigned char *from, int flen) -+{ -+ if (flen > tlen) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ return (0); -+ } - -- if (flen < tlen) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); -- return(0); -- } -- -- memcpy(to,from,(unsigned int)flen); -- return(1); -- } -+ if (flen < tlen) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); -+ return (0); -+ } - --int RSA_padding_check_none(unsigned char *to, int tlen, -- const unsigned char *from, int flen, int num) -- { -+ memcpy(to, from, (unsigned int)flen); -+ return (1); -+} - -- if (flen > tlen) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); -- return(-1); -- } -+int RSA_padding_check_none(unsigned char *to, int tlen, -+ const unsigned char *from, int flen, int num) -+{ - -- memset(to,0,tlen-flen); -- memcpy(to+tlen-flen,from,flen); -- return(tlen); -- } -+ if (flen > tlen) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE); -+ return (-1); -+ } - -+ memset(to, 0, tlen - flen); -+ memcpy(to + tlen - flen, from, flen); -+ return (tlen); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c -index 2f2202f..241b431 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c -@@ -1,6 +1,7 @@ - /* rsa_null.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,7 +63,8 @@ - #include - #include - --/* This is a dummy RSA implementation that just returns errors when called. -+/* -+ * This is a dummy RSA implementation that just returns errors when called. - * It is designed to allow some RSA functions to work while stopping those - * covered by the RSA patent. That is RSA, encryption, decryption, signing - * and verify is not allowed but RSA key generation, key checking and other -@@ -70,82 +72,84 @@ - */ - - static int RSA_null_public_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa,int padding); -+ unsigned char *to, RSA *rsa, int padding); - static int RSA_null_private_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa,int padding); -+ unsigned char *to, RSA *rsa, int padding); - static int RSA_null_public_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa,int padding); -+ unsigned char *to, RSA *rsa, int padding); - static int RSA_null_private_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa,int padding); --#if 0 /* not currently used */ -+ unsigned char *to, RSA *rsa, int padding); -+#if 0 /* not currently used */ - static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa); - #endif - static int RSA_null_init(RSA *rsa); - static int RSA_null_finish(RSA *rsa); --static RSA_METHOD rsa_null_meth={ -- "Null RSA", -- RSA_null_public_encrypt, -- RSA_null_public_decrypt, -- RSA_null_private_encrypt, -- RSA_null_private_decrypt, -- NULL, -- NULL, -- RSA_null_init, -- RSA_null_finish, -- 0, -- NULL, -- NULL, -- NULL, -- NULL -- }; -+static RSA_METHOD rsa_null_meth = { -+ "Null RSA", -+ RSA_null_public_encrypt, -+ RSA_null_public_decrypt, -+ RSA_null_private_encrypt, -+ RSA_null_private_decrypt, -+ NULL, -+ NULL, -+ RSA_null_init, -+ RSA_null_finish, -+ 0, -+ NULL, -+ NULL, -+ NULL, -+ NULL -+}; - - const RSA_METHOD *RSA_null_method(void) -- { -- return(&rsa_null_meth); -- } -+{ -+ return (&rsa_null_meth); -+} - - static int RSA_null_public_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) -- { -- RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -- return -1; -- } -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -+ return -1; -+} - - static int RSA_null_private_encrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) -- { -- RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -- return -1; -- } -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, -+ RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -+ return -1; -+} - - static int RSA_null_private_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) -- { -- RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -- return -1; -- } -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, -+ RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -+ return -1; -+} - - static int RSA_null_public_decrypt(int flen, const unsigned char *from, -- unsigned char *to, RSA *rsa, int padding) -- { -- RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -- return -1; -- } -+ unsigned char *to, RSA *rsa, int padding) -+{ -+ RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -+ return -1; -+} - --#if 0 /* not currently used */ -+#if 0 /* not currently used */ - static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) -- { -- ...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -- return -1; -- } -+{ -+ ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); -+ return -1; -+} - #endif - - static int RSA_null_init(RSA *rsa) -- { -- return(1); -- } -+{ -+ return (1); -+} - - static int RSA_null_finish(RSA *rsa) -- { -- return(1); -- } -+{ -+ return (1); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -index b8e3edc..c2d4955 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c -@@ -1,220 +1,243 @@ - /* crypto/rsa/rsa_oaep.c */ --/* Written by Ulf Moeller. This software is distributed on an "AS IS" -- basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ -+/* -+ * Written by Ulf Moeller. This software is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. -+ */ - - /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ - --/* See Victor Shoup, "OAEP reconsidered," Nov. 2000, -- * -- * for problems with the security proof for the -- * original OAEP scheme, which EME-OAEP is based on. -- * -- * A new proof can be found in E. Fujisaki, T. Okamoto, -- * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!", -- * Dec. 2000, . -- * The new proof has stronger requirements for the -- * underlying permutation: "partial-one-wayness" instead -- * of one-wayness. For the RSA function, this is -- * an equivalent notion. -+/* -+ * See Victor Shoup, "OAEP reconsidered," Nov. 2000, for problems with the security -+ * proof for the original OAEP scheme, which EME-OAEP is based on. A new -+ * proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern, -+ * "RSA-OEAP is Still Alive!", Dec. 2000, . The new proof has stronger requirements -+ * for the underlying permutation: "partial-one-wayness" instead of -+ * one-wayness. For the RSA function, this is an equivalent notion. - */ - -+#include "constant_time_locl.h" - - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) --#include --#include "cryptlib.h" --#include --#include --#include --#include --#include -+# include -+# include "cryptlib.h" -+# include -+# include -+# include -+# include -+# include - - int MGF1(unsigned char *mask, long len, -- const unsigned char *seed, long seedlen); -+ const unsigned char *seed, long seedlen); - - int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, -- const unsigned char *from, int flen, -- const unsigned char *param, int plen) -- { -- int i, emlen = tlen - 1; -- unsigned char *db, *seed; -- unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; -- -- if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, -- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -- return 0; -- } -- -- if (emlen < 2 * SHA_DIGEST_LENGTH + 1) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); -- return 0; -- } -- -- to[0] = 0; -- seed = to + 1; -- db = to + SHA_DIGEST_LENGTH + 1; -- -- EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); -- memset(db + SHA_DIGEST_LENGTH, 0, -- emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); -- db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; -- memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); -- if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) -- return 0; --#ifdef PKCS_TESTVECT -- memcpy(seed, -- "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", -- 20); --#endif -- -- dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); -- if (dbmask == NULL) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); -- for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) -- db[i] ^= dbmask[i]; -- -- MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); -- for (i = 0; i < SHA_DIGEST_LENGTH; i++) -- seed[i] ^= seedmask[i]; -- -- OPENSSL_free(dbmask); -- return 1; -- } -+ const unsigned char *from, int flen, -+ const unsigned char *param, int plen) -+{ -+ int i, emlen = tlen - 1; -+ unsigned char *db, *seed; -+ unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; -+ -+ if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, -+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ return 0; -+ } -+ -+ if (emlen < 2 * SHA_DIGEST_LENGTH + 1) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); -+ return 0; -+ } -+ -+ to[0] = 0; -+ seed = to + 1; -+ db = to + SHA_DIGEST_LENGTH + 1; -+ -+ EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); -+ memset(db + SHA_DIGEST_LENGTH, 0, -+ emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); -+ db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; -+ memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int)flen); -+ if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) -+ return 0; -+# ifdef PKCS_TESTVECT -+ memcpy(seed, -+ "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", -+ 20); -+# endif -+ -+ dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); -+ if (dbmask == NULL) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); -+ for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) -+ db[i] ^= dbmask[i]; -+ -+ MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); -+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) -+ seed[i] ^= seedmask[i]; -+ -+ OPENSSL_free(dbmask); -+ return 1; -+} - - int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, -- const unsigned char *from, int flen, int num, -- const unsigned char *param, int plen) -- { -- int i, dblen, mlen = -1; -- const unsigned char *maskeddb; -- int lzero; -- unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; -- unsigned char *padded_from; -- int bad = 0; -- -- if (--num < 2 * SHA_DIGEST_LENGTH + 1) -- /* 'num' is the length of the modulus, i.e. does not depend on the -- * particular ciphertext. */ -- goto decoding_err; -- -- lzero = num - flen; -- if (lzero < 0) -- { -- /* signalling this error immediately after detection might allow -- * for side-channel attacks (e.g. timing if 'plen' is huge -- * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal -- * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), -- * so we use a 'bad' flag */ -- bad = 1; -- lzero = 0; -- flen = num; /* don't overflow the memcpy to padded_from */ -- } -- -- dblen = num - SHA_DIGEST_LENGTH; -- db = OPENSSL_malloc(dblen + num); -- if (db == NULL) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); -- return -1; -- } -- -- /* Always do this zero-padding copy (even when lzero == 0) -- * to avoid leaking timing info about the value of lzero. */ -- padded_from = db + dblen; -- memset(padded_from, 0, lzero); -- memcpy(padded_from + lzero, from, flen); -- -- maskeddb = padded_from + SHA_DIGEST_LENGTH; -- -- MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); -- for (i = 0; i < SHA_DIGEST_LENGTH; i++) -- seed[i] ^= padded_from[i]; -- -- MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); -- for (i = 0; i < dblen; i++) -- db[i] ^= maskeddb[i]; -- -- EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); -- -- if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) -- goto decoding_err; -- else -- { -- for (i = SHA_DIGEST_LENGTH; i < dblen; i++) -- if (db[i] != 0x00) -- break; -- if (i == dblen || db[i] != 0x01) -- goto decoding_err; -- else -- { -- /* everything looks OK */ -- -- mlen = dblen - ++i; -- if (tlen < mlen) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); -- mlen = -1; -- } -- else -- memcpy(to, db + i, mlen); -- } -- } -- OPENSSL_free(db); -- return mlen; -- --decoding_err: -- /* to avoid chosen ciphertext attacks, the error message should not reveal -- * which kind of decoding error happened */ -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); -- if (db != NULL) OPENSSL_free(db); -- return -1; -- } -+ const unsigned char *from, int flen, int num, -+ const unsigned char *param, int plen) -+{ -+ int i, dblen, mlen = -1, one_index = 0, msg_index; -+ unsigned int good, found_one_byte; -+ const unsigned char *maskedseed, *maskeddb; -+ /* -+ * |em| is the encoded message, zero-padded to exactly |num| bytes: em = -+ * Y || maskedSeed || maskedDB -+ */ -+ unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], -+ phash[EVP_MAX_MD_SIZE]; -+ -+ if (tlen <= 0 || flen <= 0) -+ return -1; -+ -+ /* -+ * |num| is the length of the modulus; |flen| is the length of the -+ * encoded message. Therefore, for any |from| that was obtained by -+ * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, -+ * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus -+ * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2. -+ * This does not leak any side-channel information. -+ */ -+ if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2) -+ goto decoding_err; -+ -+ dblen = num - SHA_DIGEST_LENGTH - 1; -+ db = OPENSSL_malloc(dblen); -+ em = OPENSSL_malloc(num); -+ if (db == NULL || em == NULL) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); -+ goto cleanup; -+ } -+ -+ /* -+ * Always do this zero-padding copy (even when num == flen) to avoid -+ * leaking that information. The copy still leaks some side-channel -+ * information, but it's impossible to have a fixed memory access -+ * pattern since we can't read out of the bounds of |from|. -+ * -+ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. -+ */ -+ memset(em, 0, num); -+ memcpy(em + num - flen, from, flen); -+ -+ /* -+ * The first byte must be zero, however we must not leak if this is -+ * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA -+ * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). -+ */ -+ good = constant_time_is_zero(em[0]); -+ -+ maskedseed = em + 1; -+ maskeddb = em + 1 + SHA_DIGEST_LENGTH; -+ -+ MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); -+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) -+ seed[i] ^= maskedseed[i]; -+ -+ MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); -+ for (i = 0; i < dblen; i++) -+ db[i] ^= maskeddb[i]; -+ -+ EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); -+ -+ good &= -+ constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH)); -+ -+ found_one_byte = 0; -+ for (i = SHA_DIGEST_LENGTH; i < dblen; i++) { -+ /* -+ * Padding consists of a number of 0-bytes, followed by a 1. -+ */ -+ unsigned int equals1 = constant_time_eq(db[i], 1); -+ unsigned int equals0 = constant_time_is_zero(db[i]); -+ one_index = constant_time_select_int(~found_one_byte & equals1, -+ i, one_index); -+ found_one_byte |= equals1; -+ good &= (found_one_byte | equals0); -+ } -+ -+ good &= found_one_byte; -+ -+ /* -+ * At this point |good| is zero unless the plaintext was valid, -+ * so plaintext-awareness ensures timing side-channels are no longer a -+ * concern. -+ */ -+ if (!good) -+ goto decoding_err; -+ -+ msg_index = one_index + 1; -+ mlen = dblen - msg_index; -+ -+ if (tlen < mlen) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); -+ mlen = -1; -+ } else { -+ memcpy(to, db + msg_index, mlen); -+ goto cleanup; -+ } -+ -+ decoding_err: -+ /* -+ * To avoid chosen ciphertext attacks, the error message should not -+ * reveal which kind of decoding error happened. -+ */ -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); -+ cleanup: -+ if (db != NULL) -+ OPENSSL_free(db); -+ if (em != NULL) -+ OPENSSL_free(em); -+ return mlen; -+} - - int PKCS1_MGF1(unsigned char *mask, long len, -- const unsigned char *seed, long seedlen, const EVP_MD *dgst) -- { -- long i, outlen = 0; -- unsigned char cnt[4]; -- EVP_MD_CTX c; -- unsigned char md[EVP_MAX_MD_SIZE]; -- int mdlen; -- -- EVP_MD_CTX_init(&c); -- mdlen = M_EVP_MD_size(dgst); -- for (i = 0; outlen < len; i++) -- { -- cnt[0] = (unsigned char)((i >> 24) & 255); -- cnt[1] = (unsigned char)((i >> 16) & 255); -- cnt[2] = (unsigned char)((i >> 8)) & 255; -- cnt[3] = (unsigned char)(i & 255); -- EVP_DigestInit_ex(&c,dgst, NULL); -- EVP_DigestUpdate(&c, seed, seedlen); -- EVP_DigestUpdate(&c, cnt, 4); -- if (outlen + mdlen <= len) -- { -- EVP_DigestFinal_ex(&c, mask + outlen, NULL); -- outlen += mdlen; -- } -- else -- { -- EVP_DigestFinal_ex(&c, md, NULL); -- memcpy(mask + outlen, md, len - outlen); -- outlen = len; -- } -- } -- EVP_MD_CTX_cleanup(&c); -- return 0; -- } -- --int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) -- { -- return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); -- } -+ const unsigned char *seed, long seedlen, const EVP_MD *dgst) -+{ -+ long i, outlen = 0; -+ unsigned char cnt[4]; -+ EVP_MD_CTX c; -+ unsigned char md[EVP_MAX_MD_SIZE]; -+ int mdlen; -+ -+ EVP_MD_CTX_init(&c); -+ mdlen = M_EVP_MD_size(dgst); -+ for (i = 0; outlen < len; i++) { -+ cnt[0] = (unsigned char)((i >> 24) & 255); -+ cnt[1] = (unsigned char)((i >> 16) & 255); -+ cnt[2] = (unsigned char)((i >> 8)) & 255; -+ cnt[3] = (unsigned char)(i & 255); -+ EVP_DigestInit_ex(&c, dgst, NULL); -+ EVP_DigestUpdate(&c, seed, seedlen); -+ EVP_DigestUpdate(&c, cnt, 4); -+ if (outlen + mdlen <= len) { -+ EVP_DigestFinal_ex(&c, mask + outlen, NULL); -+ outlen += mdlen; -+ } else { -+ EVP_DigestFinal_ex(&c, md, NULL); -+ memcpy(mask + outlen, md, len - outlen); -+ outlen = len; -+ } -+ } -+ EVP_MD_CTX_cleanup(&c); -+ return 0; -+} -+ -+int MGF1(unsigned char *mask, long len, const unsigned char *seed, -+ long seedlen) -+{ -+ return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c -index 8560755..efa1fd3 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,13 +49,15 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -+#include "constant_time_locl.h" -+ - #include - #include "cryptlib.h" - #include -@@ -63,162 +65,211 @@ - #include - - int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, -- const unsigned char *from, int flen) -- { -- int j; -- unsigned char *p; -- -- if (flen > (tlen-RSA_PKCS1_PADDING_SIZE)) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -- return(0); -- } -- -- p=(unsigned char *)to; -- -- *(p++)=0; -- *(p++)=1; /* Private Key BT (Block Type) */ -- -- /* pad out with 0xff data */ -- j=tlen-3-flen; -- memset(p,0xff,j); -- p+=j; -- *(p++)='\0'; -- memcpy(p,from,(unsigned int)flen); -- return(1); -- } -+ const unsigned char *from, int flen) -+{ -+ int j; -+ unsigned char *p; -+ -+ if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, -+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ return (0); -+ } -+ -+ p = (unsigned char *)to; -+ -+ *(p++) = 0; -+ *(p++) = 1; /* Private Key BT (Block Type) */ -+ -+ /* pad out with 0xff data */ -+ j = tlen - 3 - flen; -+ memset(p, 0xff, j); -+ p += j; -+ *(p++) = '\0'; -+ memcpy(p, from, (unsigned int)flen); -+ return (1); -+} - - int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, -- const unsigned char *from, int flen, int num) -- { -- int i,j; -- const unsigned char *p; -- -- p=from; -- if ((num != (flen+1)) || (*(p++) != 01)) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); -- return(-1); -- } -- -- /* scan over padding data */ -- j=flen-1; /* one for type. */ -- for (i=0; i tlen) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE); -- return(-1); -- } -- memcpy(to,p,(unsigned int)j); -- -- return(j); -- } -+ const unsigned char *from, int flen, -+ int num) -+{ -+ int i, j; -+ const unsigned char *p; -+ -+ p = from; -+ if ((num != (flen + 1)) || (*(p++) != 01)) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, -+ RSA_R_BLOCK_TYPE_IS_NOT_01); -+ return (-1); -+ } -+ -+ /* scan over padding data */ -+ j = flen - 1; /* one for type. */ -+ for (i = 0; i < j; i++) { -+ if (*p != 0xff) { /* should decrypt to 0xff */ -+ if (*p == 0) { -+ p++; -+ break; -+ } else { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, -+ RSA_R_BAD_FIXED_HEADER_DECRYPT); -+ return (-1); -+ } -+ } -+ p++; -+ } -+ -+ if (i == j) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, -+ RSA_R_NULL_BEFORE_BLOCK_MISSING); -+ return (-1); -+ } -+ -+ if (i < 8) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, -+ RSA_R_BAD_PAD_BYTE_COUNT); -+ return (-1); -+ } -+ i++; /* Skip over the '\0' */ -+ j -= i; -+ if (j > tlen) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE); -+ return (-1); -+ } -+ memcpy(to, p, (unsigned int)j); -+ -+ return (j); -+} - - int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, -- const unsigned char *from, int flen) -- { -- int i,j; -- unsigned char *p; -- -- if (flen > (tlen-11)) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -- return(0); -- } -- -- p=(unsigned char *)to; -- -- *(p++)=0; -- *(p++)=2; /* Public Key BT (Block Type) */ -- -- /* pad out with non-zero random data */ -- j=tlen-3-flen; -- -- if (RAND_bytes(p,j) <= 0) -- return(0); -- for (i=0; i (tlen - 11)) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, -+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ return (0); -+ } -+ -+ p = (unsigned char *)to; -+ -+ *(p++) = 0; -+ *(p++) = 2; /* Public Key BT (Block Type) */ -+ -+ /* pad out with non-zero random data */ -+ j = tlen - 3 - flen; -+ -+ if (RAND_bytes(p, j) <= 0) -+ return (0); -+ for (i = 0; i < j; i++) { -+ if (*p == '\0') -+ do { -+ if (RAND_bytes(p, 1) <= 0) -+ return (0); -+ } while (*p == '\0'); -+ p++; -+ } -+ -+ *(p++) = '\0'; -+ -+ memcpy(p, from, (unsigned int)flen); -+ return (1); -+} - - int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, -- const unsigned char *from, int flen, int num) -- { -- int i,j; -- const unsigned char *p; -- -- p=from; -- if ((num != (flen+1)) || (*(p++) != 02)) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); -- return(-1); -- } --#ifdef PKCS1_CHECK -- return(num-11); --#endif -- -- /* scan over padding data */ -- j=flen-1; /* one for type. */ -- for (i=0; i tlen) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); -- return(-1); -- } -- memcpy(to,p,(unsigned int)j); -- -- return(j); -- } -+ const unsigned char *from, int flen, -+ int num) -+{ -+ int i; -+ /* |em| is the encoded message, zero-padded to exactly |num| bytes */ -+ unsigned char *em = NULL; -+ unsigned int good, found_zero_byte; -+ int zero_index = 0, msg_index, mlen = -1; -+ -+ if (tlen < 0 || flen < 0) -+ return -1; -+ -+ /* -+ * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard", -+ * section 7.2.2. -+ */ -+ -+ if (flen > num) -+ goto err; -+ -+ if (num < 11) -+ goto err; -+ -+ em = OPENSSL_malloc(num); -+ if (em == NULL) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ memset(em, 0, num); -+ /* -+ * Always do this zero-padding copy (even when num == flen) to avoid -+ * leaking that information. The copy still leaks some side-channel -+ * information, but it's impossible to have a fixed memory access -+ * pattern since we can't read out of the bounds of |from|. -+ * -+ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. -+ */ -+ memcpy(em + num - flen, from, flen); -+ -+ good = constant_time_is_zero(em[0]); -+ good &= constant_time_eq(em[1], 2); -+ -+ found_zero_byte = 0; -+ for (i = 2; i < num; i++) { -+ unsigned int equals0 = constant_time_is_zero(em[i]); -+ zero_index = -+ constant_time_select_int(~found_zero_byte & equals0, i, -+ zero_index); -+ found_zero_byte |= equals0; -+ } -+ -+ /* -+ * PS must be at least 8 bytes long, and it starts two bytes into |em|. -+ * If we never found a 0-byte, then |zero_index| is 0 and the check -+ * also fails. -+ */ -+ good &= constant_time_ge((unsigned int)(zero_index), 2 + 8); -+ -+ /* -+ * Skip the zero byte. This is incorrect if we never found a zero-byte -+ * but in this case we also do not copy the message out. -+ */ -+ msg_index = zero_index + 1; -+ mlen = num - msg_index; -+ -+ /* -+ * For good measure, do this check in constant time as well; it could -+ * leak something if |tlen| was assuming valid padding. -+ */ -+ good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen)); -+ -+ /* -+ * We can't continue in constant-time because we need to copy the result -+ * and we cannot fake its length. This unavoidably leaks timing -+ * information at the API boundary. -+ * TODO(emilia): this could be addressed at the call site, -+ * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26. -+ */ -+ if (!good) { -+ mlen = -1; -+ goto err; -+ } -+ -+ memcpy(to, em + msg_index, mlen); - -+ err: -+ if (em != NULL) -+ OPENSSL_free(em); -+ if (mlen == -1) -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, -+ RSA_R_PKCS_DECODING_ERROR); -+ return mlen; -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c -index 2bda491..c405425 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c -@@ -1,6 +1,7 @@ - /* rsa_pss.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2005. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2005. - */ - /* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,206 +65,192 @@ - #include - #include - --static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; -+static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; - - #if defined(_MSC_VER) && defined(_ARM_) --#pragma optimize("g", off) -+# pragma optimize("g", off) - #endif - - int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, -- const EVP_MD *Hash, const unsigned char *EM, int sLen) -- { -- int i; -- int ret = 0; -- int hLen, maskedDBLen, MSBits, emLen; -- const unsigned char *H; -- unsigned char *DB = NULL; -- EVP_MD_CTX ctx; -- unsigned char H_[EVP_MAX_MD_SIZE]; -+ const EVP_MD *Hash, const unsigned char *EM, -+ int sLen) -+{ -+ int i; -+ int ret = 0; -+ int hLen, maskedDBLen, MSBits, emLen; -+ const unsigned char *H; -+ unsigned char *DB = NULL; -+ EVP_MD_CTX ctx; -+ unsigned char H_[EVP_MAX_MD_SIZE]; - -- hLen = M_EVP_MD_size(Hash); -- /* -- * Negative sLen has special meanings: -- * -1 sLen == hLen -- * -2 salt length is autorecovered from signature -- * -N reserved -- */ -- if (sLen == -1) sLen = hLen; -- else if (sLen == -2) sLen = -2; -- else if (sLen < -2) -- { -- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); -- goto err; -- } -+ hLen = M_EVP_MD_size(Hash); -+ /*- -+ * Negative sLen has special meanings: -+ * -1 sLen == hLen -+ * -2 salt length is autorecovered from signature -+ * -N reserved -+ */ -+ if (sLen == -1) -+ sLen = hLen; -+ else if (sLen == -2) -+ sLen = -2; -+ else if (sLen < -2) { -+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); -+ goto err; -+ } - -- MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; -- emLen = RSA_size(rsa); -- if (EM[0] & (0xFF << MSBits)) -- { -- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID); -- goto err; -- } -- if (MSBits == 0) -- { -- EM++; -- emLen--; -- } -- if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */ -- { -- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE); -- goto err; -- } -- if (EM[emLen - 1] != 0xbc) -- { -- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID); -- goto err; -- } -- maskedDBLen = emLen - hLen - 1; -- H = EM + maskedDBLen; -- DB = OPENSSL_malloc(maskedDBLen); -- if (!DB) -- { -- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); -- for (i = 0; i < maskedDBLen; i++) -- DB[i] ^= EM[i]; -- if (MSBits) -- DB[0] &= 0xFF >> (8 - MSBits); -- for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ; -- if (DB[i++] != 0x1) -- { -- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED); -- goto err; -- } -- if (sLen >= 0 && (maskedDBLen - i) != sLen) -- { -- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); -- goto err; -- } -- EVP_MD_CTX_init(&ctx); -- EVP_DigestInit_ex(&ctx, Hash, NULL); -- EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); -- EVP_DigestUpdate(&ctx, mHash, hLen); -- if (maskedDBLen - i) -- EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i); -- EVP_DigestFinal(&ctx, H_, NULL); -- EVP_MD_CTX_cleanup(&ctx); -- if (memcmp(H_, H, hLen)) -- { -- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE); -- ret = 0; -- } -- else -- ret = 1; -+ MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; -+ emLen = RSA_size(rsa); -+ if (EM[0] & (0xFF << MSBits)) { -+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID); -+ goto err; -+ } -+ if (MSBits == 0) { -+ EM++; -+ emLen--; -+ } -+ if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ -+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE); -+ goto err; -+ } -+ if (EM[emLen - 1] != 0xbc) { -+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID); -+ goto err; -+ } -+ maskedDBLen = emLen - hLen - 1; -+ H = EM + maskedDBLen; -+ DB = OPENSSL_malloc(maskedDBLen); -+ if (!DB) { -+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); -+ for (i = 0; i < maskedDBLen; i++) -+ DB[i] ^= EM[i]; -+ if (MSBits) -+ DB[0] &= 0xFF >> (8 - MSBits); -+ for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ; -+ if (DB[i++] != 0x1) { -+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED); -+ goto err; -+ } -+ if (sLen >= 0 && (maskedDBLen - i) != sLen) { -+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); -+ goto err; -+ } -+ EVP_MD_CTX_init(&ctx); -+ EVP_DigestInit_ex(&ctx, Hash, NULL); -+ EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); -+ EVP_DigestUpdate(&ctx, mHash, hLen); -+ if (maskedDBLen - i) -+ EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i); -+ EVP_DigestFinal(&ctx, H_, NULL); -+ EVP_MD_CTX_cleanup(&ctx); -+ if (memcmp(H_, H, hLen)) { -+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE); -+ ret = 0; -+ } else -+ ret = 1; - -- err: -- if (DB) -- OPENSSL_free(DB); -+ err: -+ if (DB) -+ OPENSSL_free(DB); - -- return ret; -+ return ret; - -- } -+} - - int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, -- const unsigned char *mHash, -- const EVP_MD *Hash, int sLen) -- { -- int i; -- int ret = 0; -- int hLen, maskedDBLen, MSBits, emLen; -- unsigned char *H, *salt = NULL, *p; -- EVP_MD_CTX ctx; -+ const unsigned char *mHash, -+ const EVP_MD *Hash, int sLen) -+{ -+ int i; -+ int ret = 0; -+ int hLen, maskedDBLen, MSBits, emLen; -+ unsigned char *H, *salt = NULL, *p; -+ EVP_MD_CTX ctx; - -- hLen = M_EVP_MD_size(Hash); -- /* -- * Negative sLen has special meanings: -- * -1 sLen == hLen -- * -2 salt length is maximized -- * -N reserved -- */ -- if (sLen == -1) sLen = hLen; -- else if (sLen == -2) sLen = -2; -- else if (sLen < -2) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); -- goto err; -- } -+ hLen = M_EVP_MD_size(Hash); -+ /*- -+ * Negative sLen has special meanings: -+ * -1 sLen == hLen -+ * -2 salt length is maximized -+ * -N reserved -+ */ -+ if (sLen == -1) -+ sLen = hLen; -+ else if (sLen == -2) -+ sLen = -2; -+ else if (sLen < -2) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); -+ goto err; -+ } - -- MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; -- emLen = RSA_size(rsa); -- if (MSBits == 0) -- { -- *EM++ = 0; -- emLen--; -- } -- if (sLen == -2) -- { -- sLen = emLen - hLen - 2; -- } -- else if (emLen < (hLen + sLen + 2)) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, -- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -- goto err; -- } -- if (sLen > 0) -- { -- salt = OPENSSL_malloc(sLen); -- if (!salt) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (RAND_bytes(salt, sLen) <= 0) -- goto err; -- } -- maskedDBLen = emLen - hLen - 1; -- H = EM + maskedDBLen; -- EVP_MD_CTX_init(&ctx); -- EVP_DigestInit_ex(&ctx, Hash, NULL); -- EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); -- EVP_DigestUpdate(&ctx, mHash, hLen); -- if (sLen) -- EVP_DigestUpdate(&ctx, salt, sLen); -- EVP_DigestFinal(&ctx, H, NULL); -- EVP_MD_CTX_cleanup(&ctx); -+ MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; -+ emLen = RSA_size(rsa); -+ if (MSBits == 0) { -+ *EM++ = 0; -+ emLen--; -+ } -+ if (sLen == -2) { -+ sLen = emLen - hLen - 2; -+ } else if (emLen < (hLen + sLen + 2)) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, -+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ goto err; -+ } -+ if (sLen > 0) { -+ salt = OPENSSL_malloc(sLen); -+ if (!salt) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (RAND_bytes(salt, sLen) <= 0) -+ goto err; -+ } -+ maskedDBLen = emLen - hLen - 1; -+ H = EM + maskedDBLen; -+ EVP_MD_CTX_init(&ctx); -+ EVP_DigestInit_ex(&ctx, Hash, NULL); -+ EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); -+ EVP_DigestUpdate(&ctx, mHash, hLen); -+ if (sLen) -+ EVP_DigestUpdate(&ctx, salt, sLen); -+ EVP_DigestFinal(&ctx, H, NULL); -+ EVP_MD_CTX_cleanup(&ctx); - -- /* Generate dbMask in place then perform XOR on it */ -- PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); -+ /* Generate dbMask in place then perform XOR on it */ -+ PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); - -- p = EM; -+ p = EM; - -- /* Initial PS XORs with all zeroes which is a NOP so just update -- * pointer. Note from a test above this value is guaranteed to -- * be non-negative. -- */ -- p += emLen - sLen - hLen - 2; -- *p++ ^= 0x1; -- if (sLen > 0) -- { -- for (i = 0; i < sLen; i++) -- *p++ ^= salt[i]; -- } -- if (MSBits) -- EM[0] &= 0xFF >> (8 - MSBits); -+ /* -+ * Initial PS XORs with all zeroes which is a NOP so just update pointer. -+ * Note from a test above this value is guaranteed to be non-negative. -+ */ -+ p += emLen - sLen - hLen - 2; -+ *p++ ^= 0x1; -+ if (sLen > 0) { -+ for (i = 0; i < sLen; i++) -+ *p++ ^= salt[i]; -+ } -+ if (MSBits) -+ EM[0] &= 0xFF >> (8 - MSBits); - -- /* H is already in place so just set final 0xbc */ -+ /* H is already in place so just set final 0xbc */ - -- EM[emLen - 1] = 0xbc; -+ EM[emLen - 1] = 0xbc; - -- ret = 1; -+ ret = 1; - -- err: -- if (salt) -- OPENSSL_free(salt); -+ err: -+ if (salt) -+ OPENSSL_free(salt); - -- return ret; -+ return ret; - -- } -+} - - #if defined(_MSC_VER) --#pragma optimize("",on) -+# pragma optimize("",on) - #endif -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c -index f98e0a8..e400236 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,87 +64,85 @@ - #include - - int RSA_sign_ASN1_OCTET_STRING(int type, -- const unsigned char *m, unsigned int m_len, -- unsigned char *sigret, unsigned int *siglen, RSA *rsa) -- { -- ASN1_OCTET_STRING sig; -- int i,j,ret=1; -- unsigned char *p,*s; -+ const unsigned char *m, unsigned int m_len, -+ unsigned char *sigret, unsigned int *siglen, -+ RSA *rsa) -+{ -+ ASN1_OCTET_STRING sig; -+ int i, j, ret = 1; -+ unsigned char *p, *s; - -- sig.type=V_ASN1_OCTET_STRING; -- sig.length=m_len; -- sig.data=(unsigned char *)m; -+ sig.type = V_ASN1_OCTET_STRING; -+ sig.length = m_len; -+ sig.data = (unsigned char *)m; - -- i=i2d_ASN1_OCTET_STRING(&sig,NULL); -- j=RSA_size(rsa); -- if (i > (j-RSA_PKCS1_PADDING_SIZE)) -- { -- RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); -- return(0); -- } -- s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); -- if (s == NULL) -- { -- RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- p=s; -- i2d_ASN1_OCTET_STRING(&sig,&p); -- i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); -- if (i <= 0) -- ret=0; -- else -- *siglen=i; -+ i = i2d_ASN1_OCTET_STRING(&sig, NULL); -+ j = RSA_size(rsa); -+ if (i > (j - RSA_PKCS1_PADDING_SIZE)) { -+ RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, -+ RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); -+ return (0); -+ } -+ s = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1); -+ if (s == NULL) { -+ RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ p = s; -+ i2d_ASN1_OCTET_STRING(&sig, &p); -+ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); -+ if (i <= 0) -+ ret = 0; -+ else -+ *siglen = i; - -- OPENSSL_cleanse(s,(unsigned int)j+1); -- OPENSSL_free(s); -- return(ret); -- } -+ OPENSSL_cleanse(s, (unsigned int)j + 1); -+ OPENSSL_free(s); -+ return (ret); -+} - - int RSA_verify_ASN1_OCTET_STRING(int dtype, -- const unsigned char *m, -- unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, -- RSA *rsa) -- { -- int i,ret=0; -- unsigned char *s; -- const unsigned char *p; -- ASN1_OCTET_STRING *sig=NULL; -- -- if (siglen != (unsigned int)RSA_size(rsa)) -- { -- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH); -- return(0); -- } -+ const unsigned char *m, -+ unsigned int m_len, unsigned char *sigbuf, -+ unsigned int siglen, RSA *rsa) -+{ -+ int i, ret = 0; -+ unsigned char *s; -+ const unsigned char *p; -+ ASN1_OCTET_STRING *sig = NULL; - -- s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); -- if (s == NULL) -- { -- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); -+ if (siglen != (unsigned int)RSA_size(rsa)) { -+ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, -+ RSA_R_WRONG_SIGNATURE_LENGTH); -+ return (0); -+ } - -- if (i <= 0) goto err; -+ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); -+ if (s == NULL) { -+ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); - -- p=s; -- sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i); -- if (sig == NULL) goto err; -+ if (i <= 0) -+ goto err; - -- if ( ((unsigned int)sig->length != m_len) || -- (memcmp(m,sig->data,m_len) != 0)) -- { -- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE); -- } -- else -- ret=1; --err: -- if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); -- if (s != NULL) -- { -- OPENSSL_cleanse(s,(unsigned int)siglen); -- OPENSSL_free(s); -- } -- return(ret); -- } -+ p = s; -+ sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i); -+ if (sig == NULL) -+ goto err; - -+ if (((unsigned int)sig->length != m_len) || -+ (memcmp(m, sig->data, m_len) != 0)) { -+ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE); -+ } else -+ ret = 1; -+ err: -+ if (sig != NULL) -+ M_ASN1_OCTET_STRING_free(sig); -+ if (s != NULL) { -+ OPENSSL_cleanse(s, (unsigned int)siglen); -+ OPENSSL_free(s); -+ } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c -index 743dfd7..b58c0ec 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,214 +64,217 @@ - #include - - /* Size of an SSL signature: MD5+SHA1 */ --#define SSL_SIG_LENGTH 36 -+#define SSL_SIG_LENGTH 36 - - int RSA_sign(int type, const unsigned char *m, unsigned int m_len, -- unsigned char *sigret, unsigned int *siglen, RSA *rsa) -- { -- X509_SIG sig; -- ASN1_TYPE parameter; -- int i,j,ret=1; -- unsigned char *p, *tmps = NULL; -- const unsigned char *s = NULL; -- X509_ALGOR algor; -- ASN1_OCTET_STRING digest; -- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) -- { -- return rsa->meth->rsa_sign(type, m, m_len, -- sigret, siglen, rsa); -- } -- /* Special case: SSL signature, just check the length */ -- if(type == NID_md5_sha1) { -- if(m_len != SSL_SIG_LENGTH) { -- RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH); -- return(0); -- } -- i = SSL_SIG_LENGTH; -- s = m; -- } else { -- /* NB: in FIPS mode block anything that isn't a TLS signature */ -+ unsigned char *sigret, unsigned int *siglen, RSA *rsa) -+{ -+ X509_SIG sig; -+ ASN1_TYPE parameter; -+ int i, j, ret = 1; -+ unsigned char *p, *tmps = NULL; -+ const unsigned char *s = NULL; -+ X509_ALGOR algor; -+ ASN1_OCTET_STRING digest; -+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { -+ return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); -+ } -+ /* Special case: SSL signature, just check the length */ -+ if (type == NID_md5_sha1) { -+ if (m_len != SSL_SIG_LENGTH) { -+ RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH); -+ return (0); -+ } -+ i = SSL_SIG_LENGTH; -+ s = m; -+ } else { -+ /* NB: in FIPS mode block anything that isn't a TLS signature */ - #ifdef OPENSSL_FIPS -- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) -- { -- RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return 0; -- } -+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return 0; -+ } - #endif -- sig.algor= &algor; -- sig.algor->algorithm=OBJ_nid2obj(type); -- if (sig.algor->algorithm == NULL) -- { -- RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); -- return(0); -- } -- if (sig.algor->algorithm->length == 0) -- { -- RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -- return(0); -- } -- parameter.type=V_ASN1_NULL; -- parameter.value.ptr=NULL; -- sig.algor->parameter= ¶meter; -+ sig.algor = &algor; -+ sig.algor->algorithm = OBJ_nid2obj(type); -+ if (sig.algor->algorithm == NULL) { -+ RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE); -+ return (0); -+ } -+ if (sig.algor->algorithm->length == 0) { -+ RSAerr(RSA_F_RSA_SIGN, -+ RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); -+ return (0); -+ } -+ parameter.type = V_ASN1_NULL; -+ parameter.value.ptr = NULL; -+ sig.algor->parameter = ¶meter; - -- sig.digest= &digest; -- sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */ -- sig.digest->length=m_len; -+ sig.digest = &digest; -+ sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */ -+ sig.digest->length = m_len; - -- i=i2d_X509_SIG(&sig,NULL); -- } -- j=RSA_size(rsa); -- if (i > (j-RSA_PKCS1_PADDING_SIZE)) -- { -- RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); -- return(0); -- } -- if(type != NID_md5_sha1) { -- tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); -- if (tmps == NULL) -- { -- RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- p=tmps; -- i2d_X509_SIG(&sig,&p); -- s=tmps; -- } -+ i = i2d_X509_SIG(&sig, NULL); -+ } -+ j = RSA_size(rsa); -+ if (i > (j - RSA_PKCS1_PADDING_SIZE)) { -+ RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); -+ return (0); -+ } -+ if (type != NID_md5_sha1) { -+ tmps = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1); -+ if (tmps == NULL) { -+ RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ p = tmps; -+ i2d_X509_SIG(&sig, &p); -+ s = tmps; -+ } - #ifdef OPENSSL_FIPS -- /* Bypass algorithm blocking: this is allowed if we get this far */ -- i=rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING); -+ /* Bypass algorithm blocking: this is allowed if we get this far */ -+ i = rsa->meth->rsa_priv_enc(i, s, sigret, rsa, RSA_PKCS1_PADDING); - #else -- i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); -+ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); - #endif -- if (i <= 0) -- ret=0; -- else -- *siglen=i; -+ if (i <= 0) -+ ret = 0; -+ else -+ *siglen = i; - -- if(type != NID_md5_sha1) { -- OPENSSL_cleanse(tmps,(unsigned int)j+1); -- OPENSSL_free(tmps); -- } -- return(ret); -- } -+ if (type != NID_md5_sha1) { -+ OPENSSL_cleanse(tmps, (unsigned int)j + 1); -+ OPENSSL_free(tmps); -+ } -+ return (ret); -+} -+ -+/* -+ * Check DigestInfo structure does not contain extraneous data by reencoding -+ * using DER and checking encoding against original. -+ */ -+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, -+ int dinfolen) -+{ -+ unsigned char *der = NULL; -+ int derlen; -+ int ret = 0; -+ derlen = i2d_X509_SIG(sig, &der); -+ if (derlen <= 0) -+ return 0; -+ if (derlen == dinfolen && !memcmp(dinfo, der, derlen)) -+ ret = 1; -+ OPENSSL_cleanse(der, derlen); -+ OPENSSL_free(der); -+ return ret; -+} - - int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, -- unsigned char *sigbuf, unsigned int siglen, RSA *rsa) -- { -- int i,ret=0,sigtype; -- unsigned char *s; -- X509_SIG *sig=NULL; -+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa) -+{ -+ int i, ret = 0, sigtype; -+ unsigned char *s; -+ X509_SIG *sig = NULL; - -- if (siglen != (unsigned int)RSA_size(rsa)) -- { -- RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); -- return(0); -- } -+ if (siglen != (unsigned int)RSA_size(rsa)) { -+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); -+ return (0); -+ } - -- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) -- { -- return rsa->meth->rsa_verify(dtype, m, m_len, -- sigbuf, siglen, rsa); -- } -+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { -+ return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); -+ } - -- s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); -- if (s == NULL) -- { -- RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if(dtype == NID_md5_sha1) -- { -- if (m_len != SSL_SIG_LENGTH) -- { -- RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); -- goto err; -- } -- } -- /* NB: in FIPS mode block anything that isn't a TLS signature */ -+ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); -+ if (s == NULL) { -+ RSAerr(RSA_F_RSA_VERIFY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (dtype == NID_md5_sha1) { -+ if (m_len != SSL_SIG_LENGTH) { -+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); -+ goto err; -+ } -+ } -+ /* NB: in FIPS mode block anything that isn't a TLS signature */ - #ifdef OPENSSL_FIPS -- else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) -- { -- RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -- return 0; -- } -- /* Bypass algorithm blocking: this is allowed */ -- i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); -+ else if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return 0; -+ } -+ /* Bypass algorithm blocking: this is allowed */ -+ i = rsa->meth->rsa_pub_dec((int)siglen, sigbuf, s, rsa, -+ RSA_PKCS1_PADDING); - #else -- i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); -+ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); - #endif - -- if (i <= 0) goto err; -- -- /* Special case: SSL signature */ -- if(dtype == NID_md5_sha1) { -- if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) -- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); -- else ret = 1; -- } else { -- const unsigned char *p=s; -- sig=d2i_X509_SIG(NULL,&p,(long)i); -+ if (i <= 0) -+ goto err; - -- if (sig == NULL) goto err; -+ /* Special case: SSL signature */ -+ if (dtype == NID_md5_sha1) { -+ if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) -+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -+ else -+ ret = 1; -+ } else { -+ const unsigned char *p = s; -+ sig = d2i_X509_SIG(NULL, &p, (long)i); - -- /* Excess data can be used to create forgeries */ -- if(p != s+i) -- { -- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); -- goto err; -- } -+ if (sig == NULL) -+ goto err; - -- /* Parameters to the signature algorithm can also be used to -- create forgeries */ -- if(sig->algor->parameter -- && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) -- { -- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); -- goto err; -- } -+ /* Excess data can be used to create forgeries */ -+ if (p != s + i || !rsa_check_digestinfo(sig, s, i)) { -+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -+ goto err; -+ } - -- sigtype=OBJ_obj2nid(sig->algor->algorithm); -+ /* -+ * Parameters to the signature algorithm can also be used to create -+ * forgeries -+ */ -+ if (sig->algor->parameter -+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { -+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -+ goto err; -+ } - -+ sigtype = OBJ_obj2nid(sig->algor->algorithm); - -- #ifdef RSA_DEBUG -- /* put a backward compatibility flag in EAY */ -- fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), -- OBJ_nid2ln(dtype)); -- #endif -- if (sigtype != dtype) -- { -- if (((dtype == NID_md5) && -- (sigtype == NID_md5WithRSAEncryption)) || -- ((dtype == NID_md2) && -- (sigtype == NID_md2WithRSAEncryption))) -- { -- /* ok, we will let it through */ -+#ifdef RSA_DEBUG -+ /* put a backward compatibility flag in EAY */ -+ fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype), -+ OBJ_nid2ln(dtype)); -+#endif -+ if (sigtype != dtype) { -+ if (((dtype == NID_md5) && -+ (sigtype == NID_md5WithRSAEncryption)) || -+ ((dtype == NID_md2) && -+ (sigtype == NID_md2WithRSAEncryption))) { -+ /* ok, we will let it through */ - #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) -- fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); -+ fprintf(stderr, -+ "signature has problems, re-make with post SSLeay045\n"); - #endif -- } -- else -- { -- RSAerr(RSA_F_RSA_VERIFY, -- RSA_R_ALGORITHM_MISMATCH); -- goto err; -- } -- } -- if ( ((unsigned int)sig->digest->length != m_len) || -- (memcmp(m,sig->digest->data,m_len) != 0)) -- { -- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); -- } -- else -- ret=1; -- } --err: -- if (sig != NULL) X509_SIG_free(sig); -- if (s != NULL) -- { -- OPENSSL_cleanse(s,(unsigned int)siglen); -- OPENSSL_free(s); -- } -- return(ret); -- } -- -+ } else { -+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); -+ goto err; -+ } -+ } -+ if (((unsigned int)sig->digest->length != m_len) || -+ (memcmp(m, sig->digest->data, m_len) != 0)) { -+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); -+ } else -+ ret = 1; -+ } -+ err: -+ if (sig != NULL) -+ X509_SIG_free(sig); -+ if (s != NULL) { -+ OPENSSL_cleanse(s, (unsigned int)siglen); -+ OPENSSL_free(s); -+ } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c -index cfeff15..746e01f 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,92 +63,87 @@ - #include - - int RSA_padding_add_SSLv23(unsigned char *to, int tlen, -- const unsigned char *from, int flen) -- { -- int i,j; -- unsigned char *p; -- -- if (flen > (tlen-11)) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -- return(0); -- } -- -- p=(unsigned char *)to; -+ const unsigned char *from, int flen) -+{ -+ int i, j; -+ unsigned char *p; - -- *(p++)=0; -- *(p++)=2; /* Public Key BT (Block Type) */ -+ if (flen > (tlen - 11)) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, -+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ return (0); -+ } - -- /* pad out with non-zero random data */ -- j=tlen-3-8-flen; -+ p = (unsigned char *)to; - -- if (RAND_bytes(p,j) <= 0) -- return(0); -- for (i=0; i tlen) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE); -- return(-1); -- } -- memcpy(to,p,(unsigned int)j); -+ if ((i == j) || (i < 8)) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, -+ RSA_R_NULL_BEFORE_BLOCK_MISSING); -+ return (-1); -+ } -+ for (k = -9; k < -1; k++) { -+ if (p[k] != 0x03) -+ break; -+ } -+ if (k == -1) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK); -+ return (-1); -+ } - -- return(j); -- } -+ i++; /* Skip over the '\0' */ -+ j -= i; -+ if (j > tlen) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE); -+ return (-1); -+ } -+ memcpy(to, p, (unsigned int)j); - -+ return (j); -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c -index 21548e3..725ead0 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c -@@ -1,6 +1,7 @@ - /* rsa_x931.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2005. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2005. - */ - /* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,114 +65,103 @@ - #include - - int RSA_padding_add_X931(unsigned char *to, int tlen, -- const unsigned char *from, int flen) -- { -- int j; -- unsigned char *p; -- -- /* Absolute minimum amount of padding is 1 header nibble, 1 padding -- * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. -- */ -- -- j = tlen - flen - 2; -- -- if (j < 0) -- { -- RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -- return -1; -- } -- -- p=(unsigned char *)to; -- -- /* If no padding start and end nibbles are in one byte */ -- if (j == 0) -- *p++ = 0x6A; -- else -- { -- *p++ = 0x6B; -- if (j > 1) -- { -- memset(p, 0xBB, j - 1); -- p += j - 1; -- } -- *p++ = 0xBA; -- } -- memcpy(p,from,(unsigned int)flen); -- p += flen; -- *p = 0xCC; -- return(1); -- } -+ const unsigned char *from, int flen) -+{ -+ int j; -+ unsigned char *p; -+ -+ /* -+ * Absolute minimum amount of padding is 1 header nibble, 1 padding -+ * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. -+ */ -+ -+ j = tlen - flen - 2; -+ -+ if (j < 0) { -+ RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); -+ return -1; -+ } -+ -+ p = (unsigned char *)to; -+ -+ /* If no padding start and end nibbles are in one byte */ -+ if (j == 0) -+ *p++ = 0x6A; -+ else { -+ *p++ = 0x6B; -+ if (j > 1) { -+ memset(p, 0xBB, j - 1); -+ p += j - 1; -+ } -+ *p++ = 0xBA; -+ } -+ memcpy(p, from, (unsigned int)flen); -+ p += flen; -+ *p = 0xCC; -+ return (1); -+} - - int RSA_padding_check_X931(unsigned char *to, int tlen, -- const unsigned char *from, int flen, int num) -- { -- int i = 0,j; -- const unsigned char *p; -- -- p=from; -- if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER); -- return -1; -- } -- -- if (*p++ == 0x6B) -- { -- j=flen-3; -- for (i = 0; i < j; i++) -- { -- unsigned char c = *p++; -- if (c == 0xBA) -- break; -- if (c != 0xBB) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_X931, -- RSA_R_INVALID_PADDING); -- return -1; -- } -- } -- -- j -= i; -- -- if (i == 0) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); -- return -1; -- } -- -- } -- else j = flen - 2; -- -- if (p[j] != 0xCC) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); -- return -1; -- } -- -- memcpy(to,p,(unsigned int)j); -- -- return(j); -- } -+ const unsigned char *from, int flen, int num) -+{ -+ int i = 0, j; -+ const unsigned char *p; -+ -+ p = from; -+ if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER); -+ return -1; -+ } -+ -+ if (*p++ == 0x6B) { -+ j = flen - 3; -+ for (i = 0; i < j; i++) { -+ unsigned char c = *p++; -+ if (c == 0xBA) -+ break; -+ if (c != 0xBB) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); -+ return -1; -+ } -+ } -+ -+ j -= i; -+ -+ if (i == 0) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); -+ return -1; -+ } -+ -+ } else -+ j = flen - 2; -+ -+ if (p[j] != 0xCC) { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); -+ return -1; -+ } -+ -+ memcpy(to, p, (unsigned int)j); -+ -+ return (j); -+} - - /* Translate between X931 hash ids and NIDs */ - - int RSA_X931_hash_id(int nid) -- { -- switch (nid) -- { -- case NID_sha1: -- return 0x33; -+{ -+ switch (nid) { -+ case NID_sha1: -+ return 0x33; - -- case NID_sha256: -- return 0x34; -+ case NID_sha256: -+ return 0x34; - -- case NID_sha384: -- return 0x36; -+ case NID_sha384: -+ return 0x36; - -- case NID_sha512: -- return 0x35; -- -- } -- return -1; -- } -+ case NID_sha512: -+ return 0x35; - -+ } -+ return -1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c -index bf94f8b..f29c501 100644 ---- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c -+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -67,189 +67,186 @@ - - /* X9.31 RSA key derivation and generation */ - --int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, -- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, -- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, -- const BIGNUM *e, BN_GENCB *cb) -- { -- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL; -- BN_CTX *ctx=NULL,*ctx2=NULL; -- -- if (!rsa) -- goto err; -- -- ctx = BN_CTX_new(); -- if (!ctx) -- goto err; -- BN_CTX_start(ctx); -- -- r0 = BN_CTX_get(ctx); -- r1 = BN_CTX_get(ctx); -- r2 = BN_CTX_get(ctx); -- r3 = BN_CTX_get(ctx); -- -- if (r3 == NULL) -- goto err; -- if (!rsa->e) -- { -- rsa->e = BN_dup(e); -- if (!rsa->e) -- goto err; -- } -- else -- e = rsa->e; -- -- /* If not all parameters present only calculate what we can. -- * This allows test programs to output selective parameters. -- */ -- -- if (Xp && !rsa->p) -- { -- rsa->p = BN_new(); -- if (!rsa->p) -- goto err; -- -- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, -- Xp, Xp1, Xp2, e, ctx, cb)) -- goto err; -- } -- -- if (Xq && !rsa->q) -- { -- rsa->q = BN_new(); -- if (!rsa->q) -- goto err; -- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, -- Xq, Xq1, Xq2, e, ctx, cb)) -- goto err; -- } -- -- if (!rsa->p || !rsa->q) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- return 2; -- } -- -- /* Since both primes are set we can now calculate all remaining -- * components. -- */ -- -- /* calculate n */ -- rsa->n=BN_new(); -- if (rsa->n == NULL) -- goto err; -- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) -- goto err; -- -- /* calculate d */ -- if (!BN_sub(r1,rsa->p,BN_value_one())) -- goto err; /* p-1 */ -- if (!BN_sub(r2,rsa->q,BN_value_one())) -- goto err; /* q-1 */ -- if (!BN_mul(r0,r1,r2,ctx)) -- goto err; /* (p-1)(q-1) */ -- -- if (!BN_gcd(r3, r1, r2, ctx)) -- goto err; -- -- if (!BN_div(r0, NULL, r0, r3, ctx)) -- goto err; /* LCM((p-1)(q-1)) */ -- -- ctx2 = BN_CTX_new(); -- if (!ctx2) -- goto err; -- -- rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ -- if (rsa->d == NULL) -- goto err; -- -- /* calculate d mod (p-1) */ -- rsa->dmp1=BN_new(); -- if (rsa->dmp1 == NULL) -- goto err; -- if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) -- goto err; -- -- /* calculate d mod (q-1) */ -- rsa->dmq1=BN_new(); -- if (rsa->dmq1 == NULL) -- goto err; -- if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) -- goto err; -- -- /* calculate inverse of q mod p */ -- rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); -- -- err: -- if (ctx) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- if (ctx2) -- BN_CTX_free(ctx2); -- /* If this is set all calls successful */ -- if (rsa && rsa->iqmp != NULL) -- return 1; -- -- return 0; -- -- } -- --int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) -- { -- int ok = 0; -- BIGNUM *Xp = NULL, *Xq = NULL; -- BN_CTX *ctx = NULL; -- -- ctx = BN_CTX_new(); -- if (!ctx) -- goto error; -- -- BN_CTX_start(ctx); -- Xp = BN_CTX_get(ctx); -- Xq = BN_CTX_get(ctx); -- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) -- goto error; -- -- rsa->p = BN_new(); -- rsa->q = BN_new(); -- if (!rsa->p || !rsa->q) -- goto error; -- -- /* Generate two primes from Xp, Xq */ -- -- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, -- e, ctx, cb)) -- goto error; -- -- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, -- e, ctx, cb)) -- goto error; -- -- /* Since rsa->p and rsa->q are valid this call will just derive -- * remaining RSA components. -- */ -- -- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, -- NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) -- goto error; -- -- ok = 1; -- -- error: -- if (ctx) -- { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- -- if (ok) -- return 1; -- -- return 0; -- -- } -+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, -+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, -+ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, -+ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) -+{ -+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; -+ BN_CTX *ctx = NULL, *ctx2 = NULL; -+ -+ if (!rsa) -+ goto err; -+ -+ ctx = BN_CTX_new(); -+ if (!ctx) -+ goto err; -+ BN_CTX_start(ctx); -+ -+ r0 = BN_CTX_get(ctx); -+ r1 = BN_CTX_get(ctx); -+ r2 = BN_CTX_get(ctx); -+ r3 = BN_CTX_get(ctx); -+ -+ if (r3 == NULL) -+ goto err; -+ if (!rsa->e) { -+ rsa->e = BN_dup(e); -+ if (!rsa->e) -+ goto err; -+ } else -+ e = rsa->e; -+ -+ /* -+ * If not all parameters present only calculate what we can. This allows -+ * test programs to output selective parameters. -+ */ -+ -+ if (Xp && !rsa->p) { -+ rsa->p = BN_new(); -+ if (!rsa->p) -+ goto err; -+ -+ if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, -+ Xp, Xp1, Xp2, e, ctx, cb)) -+ goto err; -+ } -+ -+ if (Xq && !rsa->q) { -+ rsa->q = BN_new(); -+ if (!rsa->q) -+ goto err; -+ if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, -+ Xq, Xq1, Xq2, e, ctx, cb)) -+ goto err; -+ } -+ -+ if (!rsa->p || !rsa->q) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ return 2; -+ } -+ -+ /* -+ * Since both primes are set we can now calculate all remaining -+ * components. -+ */ -+ -+ /* calculate n */ -+ rsa->n = BN_new(); -+ if (rsa->n == NULL) -+ goto err; -+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) -+ goto err; -+ -+ /* calculate d */ -+ if (!BN_sub(r1, rsa->p, BN_value_one())) -+ goto err; /* p-1 */ -+ if (!BN_sub(r2, rsa->q, BN_value_one())) -+ goto err; /* q-1 */ -+ if (!BN_mul(r0, r1, r2, ctx)) -+ goto err; /* (p-1)(q-1) */ -+ -+ if (!BN_gcd(r3, r1, r2, ctx)) -+ goto err; -+ -+ if (!BN_div(r0, NULL, r0, r3, ctx)) -+ goto err; /* LCM((p-1)(q-1)) */ -+ -+ ctx2 = BN_CTX_new(); -+ if (!ctx2) -+ goto err; -+ -+ rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */ -+ if (rsa->d == NULL) -+ goto err; -+ -+ /* calculate d mod (p-1) */ -+ rsa->dmp1 = BN_new(); -+ if (rsa->dmp1 == NULL) -+ goto err; -+ if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx)) -+ goto err; -+ -+ /* calculate d mod (q-1) */ -+ rsa->dmq1 = BN_new(); -+ if (rsa->dmq1 == NULL) -+ goto err; -+ if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx)) -+ goto err; -+ -+ /* calculate inverse of q mod p */ -+ rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); -+ -+ err: -+ if (ctx) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (ctx2) -+ BN_CTX_free(ctx2); -+ /* If this is set all calls successful */ -+ if (rsa && rsa->iqmp != NULL) -+ return 1; -+ -+ return 0; -+ -+} -+ -+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, -+ BN_GENCB *cb) -+{ -+ int ok = 0; -+ BIGNUM *Xp = NULL, *Xq = NULL; -+ BN_CTX *ctx = NULL; -+ -+ ctx = BN_CTX_new(); -+ if (!ctx) -+ goto error; -+ -+ BN_CTX_start(ctx); -+ Xp = BN_CTX_get(ctx); -+ Xq = BN_CTX_get(ctx); -+ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) -+ goto error; -+ -+ rsa->p = BN_new(); -+ rsa->q = BN_new(); -+ if (!rsa->p || !rsa->q) -+ goto error; -+ -+ /* Generate two primes from Xp, Xq */ -+ -+ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, -+ e, ctx, cb)) -+ goto error; -+ -+ if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, -+ e, ctx, cb)) -+ goto error; -+ -+ /* -+ * Since rsa->p and rsa->q are valid this call will just derive remaining -+ * RSA components. -+ */ -+ -+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, -+ NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) -+ goto error; -+ -+ ok = 1; -+ -+ error: -+ if (ctx) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ -+ if (ok) -+ return 1; -+ -+ return 0; -+ -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c -index 4831174..cf68f10 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,16 +63,17 @@ - - #if !defined(OPENSSL_NO_SHA1) - unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) -- { -- SHA_CTX c; -- static unsigned char m[SHA_DIGEST_LENGTH]; -+{ -+ SHA_CTX c; -+ static unsigned char m[SHA_DIGEST_LENGTH]; - -- if (md == NULL) md=m; -- if (!SHA1_Init(&c)) -- return NULL; -- SHA1_Update(&c,d,n); -- SHA1_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); -- return(md); -- } -+ if (md == NULL) -+ md = m; -+ if (!SHA1_Init(&c)) -+ return NULL; -+ SHA1_Update(&c, d, n); -+ SHA1_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); -+ return (md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c -index d31f078..16aa0ef 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,20 +59,18 @@ - #include - #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) - --#undef SHA_0 --#define SHA_1 -- --#include --#ifdef OPENSSL_FIPS --#include --#endif -+# undef SHA_0 -+# define SHA_1 - -+# include -+# ifdef OPENSSL_FIPS -+# include -+# endif - --const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -+const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT; - - /* The implementation is in ../md32_common.h */ - --#include "sha_locl.h" -+# include "sha_locl.h" - - #endif -- -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c -index 3256a83..980cc29 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha256.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha256.c -@@ -7,83 +7,102 @@ - #include - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) - --#include --#include -- --#include --#include --#ifdef OPENSSL_FIPS --#include --#endif -- --#include -- --const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; -- --int SHA224_Init (SHA256_CTX *c) -- { --#ifdef OPENSSL_FIPS -- FIPS_selftest_check(); --#endif -- c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; -- c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; -- c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; -- c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; -- c->Nl=0; c->Nh=0; -- c->num=0; c->md_len=SHA224_DIGEST_LENGTH; -- return 1; -- } -- --int SHA256_Init (SHA256_CTX *c) -- { --#ifdef OPENSSL_FIPS -- FIPS_selftest_check(); --#endif -- c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; -- c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -- c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; -- c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; -- c->Nl=0; c->Nh=0; -- c->num=0; c->md_len=SHA256_DIGEST_LENGTH; -- return 1; -- } -+# include -+# include -+ -+# include -+# include -+# ifdef OPENSSL_FIPS -+# include -+# endif -+ -+# include -+ -+const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; -+ -+int SHA224_Init(SHA256_CTX *c) -+{ -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif -+ c->h[0] = 0xc1059ed8UL; -+ c->h[1] = 0x367cd507UL; -+ c->h[2] = 0x3070dd17UL; -+ c->h[3] = 0xf70e5939UL; -+ c->h[4] = 0xffc00b31UL; -+ c->h[5] = 0x68581511UL; -+ c->h[6] = 0x64f98fa7UL; -+ c->h[7] = 0xbefa4fa4UL; -+ c->Nl = 0; -+ c->Nh = 0; -+ c->num = 0; -+ c->md_len = SHA224_DIGEST_LENGTH; -+ return 1; -+} -+ -+int SHA256_Init(SHA256_CTX *c) -+{ -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif -+ c->h[0] = 0x6a09e667UL; -+ c->h[1] = 0xbb67ae85UL; -+ c->h[2] = 0x3c6ef372UL; -+ c->h[3] = 0xa54ff53aUL; -+ c->h[4] = 0x510e527fUL; -+ c->h[5] = 0x9b05688cUL; -+ c->h[6] = 0x1f83d9abUL; -+ c->h[7] = 0x5be0cd19UL; -+ c->Nl = 0; -+ c->Nh = 0; -+ c->num = 0; -+ c->md_len = SHA256_DIGEST_LENGTH; -+ return 1; -+} - - unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) -- { -- SHA256_CTX c; -- static unsigned char m[SHA224_DIGEST_LENGTH]; -- -- if (md == NULL) md=m; -- SHA224_Init(&c); -- SHA256_Update(&c,d,n); -- SHA256_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); -- return(md); -- } -+{ -+ SHA256_CTX c; -+ static unsigned char m[SHA224_DIGEST_LENGTH]; -+ -+ if (md == NULL) -+ md = m; -+ SHA224_Init(&c); -+ SHA256_Update(&c, d, n); -+ SHA256_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); -+ return (md); -+} - - unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) -- { -- SHA256_CTX c; -- static unsigned char m[SHA256_DIGEST_LENGTH]; -- -- if (md == NULL) md=m; -- SHA256_Init(&c); -- SHA256_Update(&c,d,n); -- SHA256_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); -- return(md); -- } -+{ -+ SHA256_CTX c; -+ static unsigned char m[SHA256_DIGEST_LENGTH]; -+ -+ if (md == NULL) -+ md = m; -+ SHA256_Init(&c); -+ SHA256_Update(&c, d, n); -+ SHA256_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); -+ return (md); -+} - - int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) --{ return SHA256_Update (c,data,len); } --int SHA224_Final (unsigned char *md, SHA256_CTX *c) --{ return SHA256_Final (md,c); } -+{ -+ return SHA256_Update(c, data, len); -+} - --#define DATA_ORDER_IS_BIG_ENDIAN -+int SHA224_Final(unsigned char *md, SHA256_CTX *c) -+{ -+ return SHA256_Final(md, c); -+} -+ -+# define DATA_ORDER_IS_BIG_ENDIAN - --#define HASH_LONG SHA_LONG --#define HASH_CTX SHA256_CTX --#define HASH_CBLOCK SHA_CBLOCK -+# define HASH_LONG SHA_LONG -+# define HASH_CTX SHA256_CTX -+# define HASH_CBLOCK SHA_CBLOCK - /* - * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." - * default: case below covers for it. It's not clear however if it's -@@ -92,201 +111,291 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) - * Idea behind separate cases for pre-defined lenghts is to let the - * compiler decide if it's appropriate to unroll small loops. - */ --#define HASH_MAKE_STRING(c,s) do { \ -- unsigned long ll; \ -- unsigned int xn; \ -- switch ((c)->md_len) \ -- { case SHA224_DIGEST_LENGTH: \ -- for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ -- break; \ -- case SHA256_DIGEST_LENGTH: \ -- for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ -- break; \ -- default: \ -- if ((c)->md_len > SHA256_DIGEST_LENGTH) \ -- return 0; \ -- for (xn=0;xn<(c)->md_len/4;xn++) \ -- { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ -- break; \ -- } \ -- } while (0) -- --#define HASH_UPDATE SHA256_Update --#define HASH_TRANSFORM SHA256_Transform --#define HASH_FINAL SHA256_Final --#define HASH_BLOCK_DATA_ORDER sha256_block_data_order --#ifndef SHA256_ASM -+# define HASH_MAKE_STRING(c,s) do { \ -+ unsigned long ll; \ -+ unsigned int xn; \ -+ switch ((c)->md_len) \ -+ { case SHA224_DIGEST_LENGTH: \ -+ for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ -+ break; \ -+ case SHA256_DIGEST_LENGTH: \ -+ for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ -+ break; \ -+ default: \ -+ if ((c)->md_len > SHA256_DIGEST_LENGTH) \ -+ return 0; \ -+ for (xn=0;xn<(c)->md_len/4;xn++) \ -+ { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ -+ break; \ -+ } \ -+ } while (0) -+ -+# define HASH_UPDATE SHA256_Update -+# define HASH_TRANSFORM SHA256_Transform -+# define HASH_FINAL SHA256_Final -+# define HASH_BLOCK_DATA_ORDER sha256_block_data_order -+# ifndef SHA256_ASM - static --#endif --void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); -+# endif -+void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); - --#include "md32_common.h" -+# include "md32_common.h" - --#ifndef SHA256_ASM -+# ifndef SHA256_ASM - static const SHA_LONG K256[64] = { -- 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, -- 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, -- 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL, -- 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL, -- 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL, -- 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL, -- 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL, -- 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL, -- 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL, -- 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL, -- 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL, -- 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL, -- 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL, -- 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL, -- 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL, -- 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL }; -+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, -+ 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, -+ 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, -+ 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, -+ 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, -+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, -+ 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, -+ 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, -+ 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, -+ 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, -+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, -+ 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, -+ 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, -+ 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, -+ 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, -+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -+}; - - /* - * FIPS specification refers to right rotations, while our ROTATE macro - * is left one. This is why you might notice that rotation coefficients - * differ from those observed in FIPS document by 32-N... - */ --#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) --#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) --#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) --#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) -- --#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) --#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -- --#ifdef OPENSSL_SMALL_FOOTPRINT -- --static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) -- { -- unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; -- SHA_LONG X[16],l; -- int i; -- const unsigned char *data=in; -- -- while (num--) { -- -- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; -- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; -- -- for (i=0;i<16;i++) -- { -- HOST_c2l(data,l); T1 = X[i] = l; -- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; -- T2 = Sigma0(a) + Maj(a,b,c); -- h = g; g = f; f = e; e = d + T1; -- d = c; c = b; b = a; a = T1 + T2; -- } -- -- for (;i<64;i++) -- { -- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); -- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); -- -- T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; -- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; -- T2 = Sigma0(a) + Maj(a,b,c); -- h = g; g = f; f = e; e = d + T1; -- d = c; c = b; b = a; a = T1 + T2; -- } -- -- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; -- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; -- -- } -+# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) -+# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) -+# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) -+# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) -+ -+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -+ -+# ifdef OPENSSL_SMALL_FOOTPRINT -+ -+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, -+ size_t num) -+{ -+ unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2; -+ SHA_LONG X[16], l; -+ int i; -+ const unsigned char *data = in; -+ -+ while (num--) { -+ -+ a = ctx->h[0]; -+ b = ctx->h[1]; -+ c = ctx->h[2]; -+ d = ctx->h[3]; -+ e = ctx->h[4]; -+ f = ctx->h[5]; -+ g = ctx->h[6]; -+ h = ctx->h[7]; -+ -+ for (i = 0; i < 16; i++) { -+ HOST_c2l(data, l); -+ T1 = X[i] = l; -+ T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; -+ T2 = Sigma0(a) + Maj(a, b, c); -+ h = g; -+ g = f; -+ f = e; -+ e = d + T1; -+ d = c; -+ c = b; -+ b = a; -+ a = T1 + T2; -+ } -+ -+ for (; i < 64; i++) { -+ s0 = X[(i + 1) & 0x0f]; -+ s0 = sigma0(s0); -+ s1 = X[(i + 14) & 0x0f]; -+ s1 = sigma1(s1); -+ -+ T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; -+ T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; -+ T2 = Sigma0(a) + Maj(a, b, c); -+ h = g; -+ g = f; -+ f = e; -+ e = d + T1; -+ d = c; -+ c = b; -+ b = a; -+ a = T1 + T2; -+ } -+ -+ ctx->h[0] += a; -+ ctx->h[1] += b; -+ ctx->h[2] += c; -+ ctx->h[3] += d; -+ ctx->h[4] += e; -+ ctx->h[5] += f; -+ ctx->h[6] += g; -+ ctx->h[7] += h; -+ -+ } - } - --#else -- --#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ -- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ -- h = Sigma0(a) + Maj(a,b,c); \ -- d += T1; h += T1; } while (0) -- --#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ -- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ -- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ -- T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ -- ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) -- --static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) -- { -- unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; -- SHA_LONG X[16]; -- int i; -- const unsigned char *data=in; -- const union { long one; char little; } is_endian = {1}; -- -- while (num--) { -- -- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; -- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; -- -- if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0) -- { -- const SHA_LONG *W=(const SHA_LONG *)data; -- -- T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); -- T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); -- T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); -- T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); -- T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); -- T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); -- T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); -- T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); -- T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); -- T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); -- T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); -- T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); -- T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); -- T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); -- T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); -- T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); -- -- data += SHA256_CBLOCK; -- } -- else -- { -- SHA_LONG l; -- -- HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h); -- HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g); -- HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f); -- HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e); -- HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d); -- HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c); -- HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b); -- HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a); -- HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h); -- HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g); -- HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f); -- HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e); -- HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d); -- HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c); -- HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b); -- HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a); -- } -- -- for (i=16;i<64;i+=8) -- { -- ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X); -- ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X); -- ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X); -- ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X); -- ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X); -- ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X); -- ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X); -- ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X); -- } -- -- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; -- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; -- -- } -- } -- --#endif --#endif /* SHA256_ASM */ -- --#endif /* OPENSSL_NO_SHA256 */ -+# else -+ -+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ -+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ -+ h = Sigma0(a) + Maj(a,b,c); \ -+ d += T1; h += T1; } while (0) -+ -+# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ -+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ -+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ -+ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ -+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) -+ -+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, -+ size_t num) -+{ -+ unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1; -+ SHA_LONG X[16]; -+ int i; -+ const unsigned char *data = in; -+ const union { -+ long one; -+ char little; -+ } is_endian = { -+ 1 -+ }; -+ -+ while (num--) { -+ -+ a = ctx->h[0]; -+ b = ctx->h[1]; -+ c = ctx->h[2]; -+ d = ctx->h[3]; -+ e = ctx->h[4]; -+ f = ctx->h[5]; -+ g = ctx->h[6]; -+ h = ctx->h[7]; -+ -+ if (!is_endian.little && sizeof(SHA_LONG) == 4 -+ && ((size_t)in % 4) == 0) { -+ const SHA_LONG *W = (const SHA_LONG *)data; -+ -+ T1 = X[0] = W[0]; -+ ROUND_00_15(0, a, b, c, d, e, f, g, h); -+ T1 = X[1] = W[1]; -+ ROUND_00_15(1, h, a, b, c, d, e, f, g); -+ T1 = X[2] = W[2]; -+ ROUND_00_15(2, g, h, a, b, c, d, e, f); -+ T1 = X[3] = W[3]; -+ ROUND_00_15(3, f, g, h, a, b, c, d, e); -+ T1 = X[4] = W[4]; -+ ROUND_00_15(4, e, f, g, h, a, b, c, d); -+ T1 = X[5] = W[5]; -+ ROUND_00_15(5, d, e, f, g, h, a, b, c); -+ T1 = X[6] = W[6]; -+ ROUND_00_15(6, c, d, e, f, g, h, a, b); -+ T1 = X[7] = W[7]; -+ ROUND_00_15(7, b, c, d, e, f, g, h, a); -+ T1 = X[8] = W[8]; -+ ROUND_00_15(8, a, b, c, d, e, f, g, h); -+ T1 = X[9] = W[9]; -+ ROUND_00_15(9, h, a, b, c, d, e, f, g); -+ T1 = X[10] = W[10]; -+ ROUND_00_15(10, g, h, a, b, c, d, e, f); -+ T1 = X[11] = W[11]; -+ ROUND_00_15(11, f, g, h, a, b, c, d, e); -+ T1 = X[12] = W[12]; -+ ROUND_00_15(12, e, f, g, h, a, b, c, d); -+ T1 = X[13] = W[13]; -+ ROUND_00_15(13, d, e, f, g, h, a, b, c); -+ T1 = X[14] = W[14]; -+ ROUND_00_15(14, c, d, e, f, g, h, a, b); -+ T1 = X[15] = W[15]; -+ ROUND_00_15(15, b, c, d, e, f, g, h, a); -+ -+ data += SHA256_CBLOCK; -+ } else { -+ SHA_LONG l; -+ -+ HOST_c2l(data, l); -+ T1 = X[0] = l; -+ ROUND_00_15(0, a, b, c, d, e, f, g, h); -+ HOST_c2l(data, l); -+ T1 = X[1] = l; -+ ROUND_00_15(1, h, a, b, c, d, e, f, g); -+ HOST_c2l(data, l); -+ T1 = X[2] = l; -+ ROUND_00_15(2, g, h, a, b, c, d, e, f); -+ HOST_c2l(data, l); -+ T1 = X[3] = l; -+ ROUND_00_15(3, f, g, h, a, b, c, d, e); -+ HOST_c2l(data, l); -+ T1 = X[4] = l; -+ ROUND_00_15(4, e, f, g, h, a, b, c, d); -+ HOST_c2l(data, l); -+ T1 = X[5] = l; -+ ROUND_00_15(5, d, e, f, g, h, a, b, c); -+ HOST_c2l(data, l); -+ T1 = X[6] = l; -+ ROUND_00_15(6, c, d, e, f, g, h, a, b); -+ HOST_c2l(data, l); -+ T1 = X[7] = l; -+ ROUND_00_15(7, b, c, d, e, f, g, h, a); -+ HOST_c2l(data, l); -+ T1 = X[8] = l; -+ ROUND_00_15(8, a, b, c, d, e, f, g, h); -+ HOST_c2l(data, l); -+ T1 = X[9] = l; -+ ROUND_00_15(9, h, a, b, c, d, e, f, g); -+ HOST_c2l(data, l); -+ T1 = X[10] = l; -+ ROUND_00_15(10, g, h, a, b, c, d, e, f); -+ HOST_c2l(data, l); -+ T1 = X[11] = l; -+ ROUND_00_15(11, f, g, h, a, b, c, d, e); -+ HOST_c2l(data, l); -+ T1 = X[12] = l; -+ ROUND_00_15(12, e, f, g, h, a, b, c, d); -+ HOST_c2l(data, l); -+ T1 = X[13] = l; -+ ROUND_00_15(13, d, e, f, g, h, a, b, c); -+ HOST_c2l(data, l); -+ T1 = X[14] = l; -+ ROUND_00_15(14, c, d, e, f, g, h, a, b); -+ HOST_c2l(data, l); -+ T1 = X[15] = l; -+ ROUND_00_15(15, b, c, d, e, f, g, h, a); -+ } -+ -+ for (i = 16; i < 64; i += 8) { -+ ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X); -+ ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X); -+ ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X); -+ ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X); -+ ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X); -+ ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X); -+ ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X); -+ ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X); -+ } -+ -+ ctx->h[0] += a; -+ ctx->h[1] += b; -+ ctx->h[2] += c; -+ ctx->h[3] += d; -+ ctx->h[4] += e; -+ ctx->h[5] += f; -+ ctx->h[6] += g; -+ ctx->h[7] += h; -+ -+ } -+} -+ -+# endif -+# endif /* SHA256_ASM */ -+ -+#endif /* OPENSSL_NO_SHA256 */ -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c -index 9e91bca..abcbe53 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha512.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha512.c -@@ -6,11 +6,11 @@ - */ - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) --/* -+/*- - * IMPLEMENTATION NOTES. - * - * As you might have noticed 32-bit hash algorithms: -@@ -43,514 +43,579 @@ - * As this implementation relies on 64-bit integer type, it's totally - * inappropriate for platforms which don't support it, most notably - * 16-bit platforms. -- * -+ * - */ --#include --#include -+# include -+# include - --#include --#include --#include -+# include -+# include -+# include - --#include "cryptlib.h" -+# include "cryptlib.h" - --const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; -+const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; - --#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ - defined(SHA512_ASM) --#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA --#endif -+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -+# endif - --int SHA384_Init (SHA512_CTX *c) -- { --#ifdef OPENSSL_FIPS -- FIPS_selftest_check(); --#endif -- c->h[0]=U64(0xcbbb9d5dc1059ed8); -- c->h[1]=U64(0x629a292a367cd507); -- c->h[2]=U64(0x9159015a3070dd17); -- c->h[3]=U64(0x152fecd8f70e5939); -- c->h[4]=U64(0x67332667ffc00b31); -- c->h[5]=U64(0x8eb44a8768581511); -- c->h[6]=U64(0xdb0c2e0d64f98fa7); -- c->h[7]=U64(0x47b5481dbefa4fa4); -- c->Nl=0; c->Nh=0; -- c->num=0; c->md_len=SHA384_DIGEST_LENGTH; -- return 1; -- } -+int SHA384_Init(SHA512_CTX *c) -+{ -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif -+ c->h[0] = U64(0xcbbb9d5dc1059ed8); -+ c->h[1] = U64(0x629a292a367cd507); -+ c->h[2] = U64(0x9159015a3070dd17); -+ c->h[3] = U64(0x152fecd8f70e5939); -+ c->h[4] = U64(0x67332667ffc00b31); -+ c->h[5] = U64(0x8eb44a8768581511); -+ c->h[6] = U64(0xdb0c2e0d64f98fa7); -+ c->h[7] = U64(0x47b5481dbefa4fa4); -+ c->Nl = 0; -+ c->Nh = 0; -+ c->num = 0; -+ c->md_len = SHA384_DIGEST_LENGTH; -+ return 1; -+} -+ -+int SHA512_Init(SHA512_CTX *c) -+{ -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif -+ c->h[0] = U64(0x6a09e667f3bcc908); -+ c->h[1] = U64(0xbb67ae8584caa73b); -+ c->h[2] = U64(0x3c6ef372fe94f82b); -+ c->h[3] = U64(0xa54ff53a5f1d36f1); -+ c->h[4] = U64(0x510e527fade682d1); -+ c->h[5] = U64(0x9b05688c2b3e6c1f); -+ c->h[6] = U64(0x1f83d9abfb41bd6b); -+ c->h[7] = U64(0x5be0cd19137e2179); -+ c->Nl = 0; -+ c->Nh = 0; -+ c->num = 0; -+ c->md_len = SHA512_DIGEST_LENGTH; -+ return 1; -+} -+ -+# ifndef SHA512_ASM -+static -+# endif -+void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); -+ -+int SHA512_Final(unsigned char *md, SHA512_CTX *c) -+{ -+ unsigned char *p = (unsigned char *)c->u.p; -+ size_t n = c->num; -+ -+ p[n] = 0x80; /* There always is a room for one */ -+ n++; -+ if (n > (sizeof(c->u) - 16)) -+ memset(p + n, 0, sizeof(c->u) - n), n = 0, -+ sha512_block_data_order(c, p, 1); -+ -+ memset(p + n, 0, sizeof(c->u) - 16 - n); -+# ifdef B_ENDIAN -+ c->u.d[SHA_LBLOCK - 2] = c->Nh; -+ c->u.d[SHA_LBLOCK - 1] = c->Nl; -+# else -+ p[sizeof(c->u) - 1] = (unsigned char)(c->Nl); -+ p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8); -+ p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16); -+ p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24); -+ p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32); -+ p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40); -+ p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48); -+ p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56); -+ p[sizeof(c->u) - 9] = (unsigned char)(c->Nh); -+ p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8); -+ p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16); -+ p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24); -+ p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32); -+ p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40); -+ p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48); -+ p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56); -+# endif - --int SHA512_Init (SHA512_CTX *c) -- { --#ifdef OPENSSL_FIPS -- FIPS_selftest_check(); --#endif -- c->h[0]=U64(0x6a09e667f3bcc908); -- c->h[1]=U64(0xbb67ae8584caa73b); -- c->h[2]=U64(0x3c6ef372fe94f82b); -- c->h[3]=U64(0xa54ff53a5f1d36f1); -- c->h[4]=U64(0x510e527fade682d1); -- c->h[5]=U64(0x9b05688c2b3e6c1f); -- c->h[6]=U64(0x1f83d9abfb41bd6b); -- c->h[7]=U64(0x5be0cd19137e2179); -- c->Nl=0; c->Nh=0; -- c->num=0; c->md_len=SHA512_DIGEST_LENGTH; -+ sha512_block_data_order(c, p, 1); -+ -+ if (md == 0) -+ return 0; -+ -+ switch (c->md_len) { -+ /* Let compiler decide if it's appropriate to unroll... */ -+ case SHA384_DIGEST_LENGTH: -+ for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) { -+ SHA_LONG64 t = c->h[n]; -+ -+ *(md++) = (unsigned char)(t >> 56); -+ *(md++) = (unsigned char)(t >> 48); -+ *(md++) = (unsigned char)(t >> 40); -+ *(md++) = (unsigned char)(t >> 32); -+ *(md++) = (unsigned char)(t >> 24); -+ *(md++) = (unsigned char)(t >> 16); -+ *(md++) = (unsigned char)(t >> 8); -+ *(md++) = (unsigned char)(t); -+ } -+ break; -+ case SHA512_DIGEST_LENGTH: -+ for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) { -+ SHA_LONG64 t = c->h[n]; -+ -+ *(md++) = (unsigned char)(t >> 56); -+ *(md++) = (unsigned char)(t >> 48); -+ *(md++) = (unsigned char)(t >> 40); -+ *(md++) = (unsigned char)(t >> 32); -+ *(md++) = (unsigned char)(t >> 24); -+ *(md++) = (unsigned char)(t >> 16); -+ *(md++) = (unsigned char)(t >> 8); -+ *(md++) = (unsigned char)(t); -+ } -+ break; -+ /* ... as well as make sure md_len is not abused. */ -+ default: -+ return 0; -+ } -+ -+ return 1; -+} -+ -+int SHA384_Final(unsigned char *md, SHA512_CTX *c) -+{ -+ return SHA512_Final(md, c); -+} -+ -+int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) -+{ -+ SHA_LONG64 l; -+ unsigned char *p = c->u.p; -+ const unsigned char *data = (const unsigned char *)_data; -+ -+ if (len == 0) - return 1; -- } - --#ifndef SHA512_ASM --static --#endif --void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); -- --int SHA512_Final (unsigned char *md, SHA512_CTX *c) -- { -- unsigned char *p=(unsigned char *)c->u.p; -- size_t n=c->num; -- -- p[n]=0x80; /* There always is a room for one */ -- n++; -- if (n > (sizeof(c->u)-16)) -- memset (p+n,0,sizeof(c->u)-n), n=0, -- sha512_block_data_order (c,p,1); -- -- memset (p+n,0,sizeof(c->u)-16-n); --#ifdef B_ENDIAN -- c->u.d[SHA_LBLOCK-2] = c->Nh; -- c->u.d[SHA_LBLOCK-1] = c->Nl; --#else -- p[sizeof(c->u)-1] = (unsigned char)(c->Nl); -- p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); -- p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); -- p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); -- p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); -- p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); -- p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); -- p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); -- p[sizeof(c->u)-9] = (unsigned char)(c->Nh); -- p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); -- p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); -- p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); -- p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); -- p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); -- p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); -- p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); --#endif -+ l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff); -+ if (l < c->Nl) -+ c->Nh++; -+ if (sizeof(len) >= 8) -+ c->Nh += (((SHA_LONG64) len) >> 61); -+ c->Nl = l; -+ -+ if (c->num != 0) { -+ size_t n = sizeof(c->u) - c->num; -+ -+ if (len < n) { -+ memcpy(p + c->num, data, len), c->num += len; -+ return 1; -+ } else { -+ memcpy(p + c->num, data, n), c->num = 0; -+ len -= n, data += n; -+ sha512_block_data_order(c, p, 1); -+ } -+ } - -- sha512_block_data_order (c,p,1); -- -- if (md==0) return 0; -- -- switch (c->md_len) -- { -- /* Let compiler decide if it's appropriate to unroll... */ -- case SHA384_DIGEST_LENGTH: -- for (n=0;nh[n]; -- -- *(md++) = (unsigned char)(t>>56); -- *(md++) = (unsigned char)(t>>48); -- *(md++) = (unsigned char)(t>>40); -- *(md++) = (unsigned char)(t>>32); -- *(md++) = (unsigned char)(t>>24); -- *(md++) = (unsigned char)(t>>16); -- *(md++) = (unsigned char)(t>>8); -- *(md++) = (unsigned char)(t); -- } -- break; -- case SHA512_DIGEST_LENGTH: -- for (n=0;nh[n]; -- -- *(md++) = (unsigned char)(t>>56); -- *(md++) = (unsigned char)(t>>48); -- *(md++) = (unsigned char)(t>>40); -- *(md++) = (unsigned char)(t>>32); -- *(md++) = (unsigned char)(t>>24); -- *(md++) = (unsigned char)(t>>16); -- *(md++) = (unsigned char)(t>>8); -- *(md++) = (unsigned char)(t); -- } -- break; -- /* ... as well as make sure md_len is not abused. */ -- default: return 0; -- } -- -- return 1; -- } -- --int SHA384_Final (unsigned char *md,SHA512_CTX *c) --{ return SHA512_Final (md,c); } -- --int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) -- { -- SHA_LONG64 l; -- unsigned char *p=c->u.p; -- const unsigned char *data=(const unsigned char *)_data; -- -- if (len==0) return 1; -- -- l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); -- if (l < c->Nl) c->Nh++; -- if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); -- c->Nl=l; -- -- if (c->num != 0) -- { -- size_t n = sizeof(c->u) - c->num; -- -- if (len < n) -- { -- memcpy (p+c->num,data,len), c->num += len; -- return 1; -- } -- else { -- memcpy (p+c->num,data,n), c->num = 0; -- len-=n, data+=n; -- sha512_block_data_order (c,p,1); -- } -- } -- -- if (len >= sizeof(c->u)) -- { --#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -- if ((size_t)data%sizeof(c->u.d[0]) != 0) -- while (len >= sizeof(c->u)) -- memcpy (p,data,sizeof(c->u)), -- sha512_block_data_order (c,p,1), -- len -= sizeof(c->u), -- data += sizeof(c->u); -- else --#endif -- sha512_block_data_order (c,data,len/sizeof(c->u)), -- data += len, -- len %= sizeof(c->u), -- data -= len; -- } -+ if (len >= sizeof(c->u)) { -+# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -+ if ((size_t)data % sizeof(c->u.d[0]) != 0) -+ while (len >= sizeof(c->u)) -+ memcpy(p, data, sizeof(c->u)), -+ sha512_block_data_order(c, p, 1), -+ len -= sizeof(c->u), data += sizeof(c->u); -+ else -+# endif -+ sha512_block_data_order(c, data, len / sizeof(c->u)), -+ data += len, len %= sizeof(c->u), data -= len; -+ } - -- if (len != 0) memcpy (p,data,len), c->num = (int)len; -+ if (len != 0) -+ memcpy(p, data, len), c->num = (int)len; - -- return 1; -- } -+ return 1; -+} - --int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) --{ return SHA512_Update (c,data,len); } -+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) -+{ -+ return SHA512_Update(c, data, len); -+} - --void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) --{ sha512_block_data_order (c,data,1); } -+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) -+{ -+ sha512_block_data_order(c, data, 1); -+} - - unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) -- { -- SHA512_CTX c; -- static unsigned char m[SHA384_DIGEST_LENGTH]; -- -- if (md == NULL) md=m; -- SHA384_Init(&c); -- SHA512_Update(&c,d,n); -- SHA512_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); -- return(md); -- } -+{ -+ SHA512_CTX c; -+ static unsigned char m[SHA384_DIGEST_LENGTH]; -+ -+ if (md == NULL) -+ md = m; -+ SHA384_Init(&c); -+ SHA512_Update(&c, d, n); -+ SHA512_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); -+ return (md); -+} - - unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) -- { -- SHA512_CTX c; -- static unsigned char m[SHA512_DIGEST_LENGTH]; -- -- if (md == NULL) md=m; -- SHA512_Init(&c); -- SHA512_Update(&c,d,n); -- SHA512_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); -- return(md); -- } -- --#ifndef SHA512_ASM -+{ -+ SHA512_CTX c; -+ static unsigned char m[SHA512_DIGEST_LENGTH]; -+ -+ if (md == NULL) -+ md = m; -+ SHA512_Init(&c); -+ SHA512_Update(&c, d, n); -+ SHA512_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); -+ return (md); -+} -+ -+# ifndef SHA512_ASM - static const SHA_LONG64 K512[80] = { -- U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), -- U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), -- U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), -- U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), -- U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), -- U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), -- U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), -- U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), -- U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), -- U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), -- U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), -- U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), -- U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), -- U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), -- U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), -- U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), -- U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), -- U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), -- U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), -- U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), -- U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), -- U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), -- U64(0xd192e819d6ef5218),U64(0xd69906245565a910), -- U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), -- U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), -- U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), -- U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), -- U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), -- U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), -- U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), -- U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), -- U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), -- U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), -- U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), -- U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), -- U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), -- U64(0x28db77f523047d84),U64(0x32caab7b40c72493), -- U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), -- U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), -- U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; -- --#ifndef PEDANTIC --# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) --# if defined(__x86_64) || defined(__x86_64__) --# define ROTR(a,n) ({ unsigned long ret; \ -- asm ("rorq %1,%0" \ -- : "=r"(ret) \ -- : "J"(n),"0"(a) \ -- : "cc"); ret; }) --# if !defined(B_ENDIAN) --# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ -- asm ("bswapq %0" \ -- : "=r"(ret) \ -- : "0"(ret)); ret; }) --# endif --# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) --# if defined(I386_ONLY) --# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ -- unsigned int hi=p[0],lo=p[1]; \ -- asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ -- "roll $16,%%eax; roll $16,%%edx; "\ -- "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ -- : "=a"(lo),"=d"(hi) \ -- : "0"(lo),"1"(hi) : "cc"); \ -- ((SHA_LONG64)hi)<<32|lo; }) --# else --# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ -- unsigned int hi=p[0],lo=p[1]; \ -- asm ("bswapl %0; bswapl %1;" \ -- : "=r"(lo),"=r"(hi) \ -- : "0"(lo),"1"(hi)); \ -- ((SHA_LONG64)hi)<<32|lo; }) -+ U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), -+ U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc), -+ U64(0x3956c25bf348b538), U64(0x59f111f1b605d019), -+ U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118), -+ U64(0xd807aa98a3030242), U64(0x12835b0145706fbe), -+ U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2), -+ U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1), -+ U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694), -+ U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3), -+ U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65), -+ U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483), -+ U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5), -+ U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210), -+ U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4), -+ U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725), -+ U64(0x06ca6351e003826f), U64(0x142929670a0e6e70), -+ U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926), -+ U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df), -+ U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8), -+ U64(0x81c2c92e47edaee6), U64(0x92722c851482353b), -+ U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001), -+ U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30), -+ U64(0xd192e819d6ef5218), U64(0xd69906245565a910), -+ U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8), -+ U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53), -+ U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8), -+ U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb), -+ U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3), -+ U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60), -+ U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec), -+ U64(0x90befffa23631e28), U64(0xa4506cebde82bde9), -+ U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b), -+ U64(0xca273eceea26619c), U64(0xd186b8c721c0c207), -+ U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178), -+ U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6), -+ U64(0x113f9804bef90dae), U64(0x1b710b35131c471b), -+ U64(0x28db77f523047d84), U64(0x32caab7b40c72493), -+ U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c), -+ U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a), -+ U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) -+}; -+ -+# ifndef PEDANTIC -+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -+# if defined(__x86_64) || defined(__x86_64__) -+# define ROTR(a,n) ({ unsigned long ret; \ -+ asm ("rorq %1,%0" \ -+ : "=r"(ret) \ -+ : "J"(n),"0"(a) \ -+ : "cc"); ret; }) -+# if !defined(B_ENDIAN) -+# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ -+ asm ("bswapq %0" \ -+ : "=r"(ret) \ -+ : "0"(ret)); ret; }) -+# endif -+# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) -+# if defined(I386_ONLY) -+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ -+ unsigned int hi=p[0],lo=p[1]; \ -+ asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ -+ "roll $16,%%eax; roll $16,%%edx; "\ -+ "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ -+ : "=a"(lo),"=d"(hi) \ -+ : "0"(lo),"1"(hi) : "cc"); \ -+ ((SHA_LONG64)hi)<<32|lo; }) -+# else -+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ -+ unsigned int hi=p[0],lo=p[1]; \ -+ asm ("bswapl %0; bswapl %1;" \ -+ : "=r"(lo),"=r"(hi) \ -+ : "0"(lo),"1"(hi)); \ -+ ((SHA_LONG64)hi)<<32|lo; }) -+# endif -+# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -+# define ROTR(a,n) ({ unsigned long ret; \ -+ asm ("rotrdi %0,%1,%2" \ -+ : "=r"(ret) \ -+ : "r"(a),"K"(n)); ret; }) -+# endif -+# elif defined(_MSC_VER) -+# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -+# define ROTR(a,n) _rotr64((a),n) -+# endif -+# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -+# if defined(I386_ONLY) -+static SHA_LONG64 __fastcall __pull64be(const void *x) -+{ -+ _asm mov edx,[ecx + 0] -+ _asm mov eax,[ecx + 4] -+_asm xchg dh, dl -+ _asm xchg ah, al -+ _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al} -+# else -+static SHA_LONG64 __fastcall __pull64be(const void *x) -+{ -+ _asm mov edx,[ecx + 0] -+ _asm mov eax,[ecx + 4] -+_asm bswap edx _asm bswap eax} -+# endif -+# define PULL64(x) __pull64be(&(x)) -+# if _MSC_VER<=1200 -+# pragma inline_depth(0) -+# endif -+# endif - # endif --# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) --# define ROTR(a,n) ({ unsigned long ret; \ -- asm ("rotrdi %0,%1,%2" \ -- : "=r"(ret) \ -- : "r"(a),"K"(n)); ret; }) - # endif --# elif defined(_MSC_VER) --# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ --# define ROTR(a,n) _rotr64((a),n) -+# ifndef PULL64 -+# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -+# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) - # endif --# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) --# if defined(I386_ONLY) -- static SHA_LONG64 __fastcall __pull64be(const void *x) -- { _asm mov edx, [ecx + 0] -- _asm mov eax, [ecx + 4] -- _asm xchg dh,dl -- _asm xchg ah,al -- _asm rol edx,16 -- _asm rol eax,16 -- _asm xchg dh,dl -- _asm xchg ah,al -- } --# else -- static SHA_LONG64 __fastcall __pull64be(const void *x) -- { _asm mov edx, [ecx + 0] -- _asm mov eax, [ecx + 4] -- _asm bswap edx -- _asm bswap eax -- } --# endif --# define PULL64(x) __pull64be(&(x)) --# if _MSC_VER<=1200 --# pragma inline_depth(0) --# endif -+# ifndef ROTR -+# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) - # endif --# endif --#endif -- --#ifndef PULL64 --#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) --#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) --#endif -- --#ifndef ROTR --#define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) --#endif -- --#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) --#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) --#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) --#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) -- --#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) --#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -- --#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) --#define GO_FOR_SSE2(ctx,in,num) do { \ -- void sha512_block_sse2(void *,const void *,size_t); \ -- if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ -- sha512_block_sse2(ctx->h,in,num); return; \ -- } while (0) --#endif -- --#ifdef OPENSSL_SMALL_FOOTPRINT -- --static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) -- { -- const SHA_LONG64 *W=in; -- SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; -- SHA_LONG64 X[16]; -- int i; -- --#ifdef GO_FOR_SSE2 -- GO_FOR_SSE2(ctx,in,num); --#endif -+# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -+# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) -+# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) -+# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) -+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -+# if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -+# define GO_FOR_SSE2(ctx,in,num) do { \ -+ void sha512_block_sse2(void *,const void *,size_t); \ -+ if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ -+ sha512_block_sse2(ctx->h,in,num); return; \ -+ } while (0) -+# endif -+# ifdef OPENSSL_SMALL_FOOTPRINT -+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, -+ size_t num) -+{ -+ const SHA_LONG64 *W = in; -+ SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2; -+ SHA_LONG64 X[16]; -+ int i; -+ -+# ifdef GO_FOR_SSE2 -+ GO_FOR_SSE2(ctx, in, num); -+# endif - -- while (num--) { -+ while (num--) { - -- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; -- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; -+ a = ctx->h[0]; -+ b = ctx->h[1]; -+ c = ctx->h[2]; -+ d = ctx->h[3]; -+ e = ctx->h[4]; -+ f = ctx->h[5]; -+ g = ctx->h[6]; -+ h = ctx->h[7]; - -- for (i=0;i<16;i++) -- { --#ifdef B_ENDIAN -- T1 = X[i] = W[i]; --#else -- T1 = X[i] = PULL64(W[i]); --#endif -- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; -- T2 = Sigma0(a) + Maj(a,b,c); -- h = g; g = f; f = e; e = d + T1; -- d = c; c = b; b = a; a = T1 + T2; -- } -- -- for (;i<80;i++) -- { -- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); -- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); -- -- T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; -- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; -- T2 = Sigma0(a) + Maj(a,b,c); -- h = g; g = f; f = e; e = d + T1; -- d = c; c = b; b = a; a = T1 + T2; -- } -- -- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; -- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; -- -- W+=SHA_LBLOCK; -- } -- } -- --#else -- --#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ -- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ -- h = Sigma0(a) + Maj(a,b,c); \ -- d += T1; h += T1; } while (0) -- --#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ -- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ -- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ -- T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ -- ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) -- --static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) -- { -- const SHA_LONG64 *W=in; -- SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; -- SHA_LONG64 X[16]; -- int i; -- --#ifdef GO_FOR_SSE2 -- GO_FOR_SSE2(ctx,in,num); --#endif -+ for (i = 0; i < 16; i++) { -+# ifdef B_ENDIAN -+ T1 = X[i] = W[i]; -+# else -+ T1 = X[i] = PULL64(W[i]); -+# endif -+ T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; -+ T2 = Sigma0(a) + Maj(a, b, c); -+ h = g; -+ g = f; -+ f = e; -+ e = d + T1; -+ d = c; -+ c = b; -+ b = a; -+ a = T1 + T2; -+ } -+ -+ for (; i < 80; i++) { -+ s0 = X[(i + 1) & 0x0f]; -+ s0 = sigma0(s0); -+ s1 = X[(i + 14) & 0x0f]; -+ s1 = sigma1(s1); -+ -+ T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; -+ T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; -+ T2 = Sigma0(a) + Maj(a, b, c); -+ h = g; -+ g = f; -+ f = e; -+ e = d + T1; -+ d = c; -+ c = b; -+ b = a; -+ a = T1 + T2; -+ } -+ -+ ctx->h[0] += a; -+ ctx->h[1] += b; -+ ctx->h[2] += c; -+ ctx->h[3] += d; -+ ctx->h[4] += e; -+ ctx->h[5] += f; -+ ctx->h[6] += g; -+ ctx->h[7] += h; -+ -+ W += SHA_LBLOCK; -+ } -+} -+ -+# else -+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ -+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ -+ h = Sigma0(a) + Maj(a,b,c); \ -+ d += T1; h += T1; } while (0) -+# define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ -+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ -+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ -+ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ -+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) -+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, -+ size_t num) -+{ -+ const SHA_LONG64 *W = in; -+ SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1; -+ SHA_LONG64 X[16]; -+ int i; -+ -+# ifdef GO_FOR_SSE2 -+ GO_FOR_SSE2(ctx, in, num); -+# endif - -- while (num--) { -- -- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; -- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; -- --#ifdef B_ENDIAN -- T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); -- T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); -- T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); -- T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); -- T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); -- T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); -- T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); -- T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); -- T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); -- T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); -- T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); -- T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); -- T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); -- T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); -- T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); -- T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); --#else -- T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); -- T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); -- T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); -- T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); -- T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); -- T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); -- T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); -- T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); -- T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); -- T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); -- T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); -- T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); -- T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); -- T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); -- T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); -- T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); --#endif -+ while (num--) { -+ -+ a = ctx->h[0]; -+ b = ctx->h[1]; -+ c = ctx->h[2]; -+ d = ctx->h[3]; -+ e = ctx->h[4]; -+ f = ctx->h[5]; -+ g = ctx->h[6]; -+ h = ctx->h[7]; -+ -+# ifdef B_ENDIAN -+ T1 = X[0] = W[0]; -+ ROUND_00_15(0, a, b, c, d, e, f, g, h); -+ T1 = X[1] = W[1]; -+ ROUND_00_15(1, h, a, b, c, d, e, f, g); -+ T1 = X[2] = W[2]; -+ ROUND_00_15(2, g, h, a, b, c, d, e, f); -+ T1 = X[3] = W[3]; -+ ROUND_00_15(3, f, g, h, a, b, c, d, e); -+ T1 = X[4] = W[4]; -+ ROUND_00_15(4, e, f, g, h, a, b, c, d); -+ T1 = X[5] = W[5]; -+ ROUND_00_15(5, d, e, f, g, h, a, b, c); -+ T1 = X[6] = W[6]; -+ ROUND_00_15(6, c, d, e, f, g, h, a, b); -+ T1 = X[7] = W[7]; -+ ROUND_00_15(7, b, c, d, e, f, g, h, a); -+ T1 = X[8] = W[8]; -+ ROUND_00_15(8, a, b, c, d, e, f, g, h); -+ T1 = X[9] = W[9]; -+ ROUND_00_15(9, h, a, b, c, d, e, f, g); -+ T1 = X[10] = W[10]; -+ ROUND_00_15(10, g, h, a, b, c, d, e, f); -+ T1 = X[11] = W[11]; -+ ROUND_00_15(11, f, g, h, a, b, c, d, e); -+ T1 = X[12] = W[12]; -+ ROUND_00_15(12, e, f, g, h, a, b, c, d); -+ T1 = X[13] = W[13]; -+ ROUND_00_15(13, d, e, f, g, h, a, b, c); -+ T1 = X[14] = W[14]; -+ ROUND_00_15(14, c, d, e, f, g, h, a, b); -+ T1 = X[15] = W[15]; -+ ROUND_00_15(15, b, c, d, e, f, g, h, a); -+# else -+ T1 = X[0] = PULL64(W[0]); -+ ROUND_00_15(0, a, b, c, d, e, f, g, h); -+ T1 = X[1] = PULL64(W[1]); -+ ROUND_00_15(1, h, a, b, c, d, e, f, g); -+ T1 = X[2] = PULL64(W[2]); -+ ROUND_00_15(2, g, h, a, b, c, d, e, f); -+ T1 = X[3] = PULL64(W[3]); -+ ROUND_00_15(3, f, g, h, a, b, c, d, e); -+ T1 = X[4] = PULL64(W[4]); -+ ROUND_00_15(4, e, f, g, h, a, b, c, d); -+ T1 = X[5] = PULL64(W[5]); -+ ROUND_00_15(5, d, e, f, g, h, a, b, c); -+ T1 = X[6] = PULL64(W[6]); -+ ROUND_00_15(6, c, d, e, f, g, h, a, b); -+ T1 = X[7] = PULL64(W[7]); -+ ROUND_00_15(7, b, c, d, e, f, g, h, a); -+ T1 = X[8] = PULL64(W[8]); -+ ROUND_00_15(8, a, b, c, d, e, f, g, h); -+ T1 = X[9] = PULL64(W[9]); -+ ROUND_00_15(9, h, a, b, c, d, e, f, g); -+ T1 = X[10] = PULL64(W[10]); -+ ROUND_00_15(10, g, h, a, b, c, d, e, f); -+ T1 = X[11] = PULL64(W[11]); -+ ROUND_00_15(11, f, g, h, a, b, c, d, e); -+ T1 = X[12] = PULL64(W[12]); -+ ROUND_00_15(12, e, f, g, h, a, b, c, d); -+ T1 = X[13] = PULL64(W[13]); -+ ROUND_00_15(13, d, e, f, g, h, a, b, c); -+ T1 = X[14] = PULL64(W[14]); -+ ROUND_00_15(14, c, d, e, f, g, h, a, b); -+ T1 = X[15] = PULL64(W[15]); -+ ROUND_00_15(15, b, c, d, e, f, g, h, a); -+# endif - -- for (i=16;i<80;i+=8) -- { -- ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); -- ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); -- ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); -- ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); -- ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); -- ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); -- ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); -- ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); -- } -- -- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; -- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; -- -- W+=SHA_LBLOCK; -- } -- } -+ for (i = 16; i < 80; i += 8) { -+ ROUND_16_80(i + 0, a, b, c, d, e, f, g, h, X); -+ ROUND_16_80(i + 1, h, a, b, c, d, e, f, g, X); -+ ROUND_16_80(i + 2, g, h, a, b, c, d, e, f, X); -+ ROUND_16_80(i + 3, f, g, h, a, b, c, d, e, X); -+ ROUND_16_80(i + 4, e, f, g, h, a, b, c, d, X); -+ ROUND_16_80(i + 5, d, e, f, g, h, a, b, c, X); -+ ROUND_16_80(i + 6, c, d, e, f, g, h, a, b, X); -+ ROUND_16_80(i + 7, b, c, d, e, f, g, h, a, X); -+ } -+ -+ ctx->h[0] += a; -+ ctx->h[1] += b; -+ ctx->h[2] += c; -+ ctx->h[3] += d; -+ ctx->h[4] += e; -+ ctx->h[5] += f; -+ ctx->h[6] += g; -+ ctx->h[7] += h; -+ -+ W += SHA_LBLOCK; -+ } -+} - --#endif -+# endif - --#endif /* SHA512_ASM */ -+# endif /* SHA512_ASM */ - --#else /* OPENSSL_NO_SHA512 */ -+#else /* OPENSSL_NO_SHA512 */ - --/* Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for -- * example) dislike a statement-free file, complaining: -- * "%CC-W-EMPTYFILE, Source file does not contain any declarations." -+/* -+ * Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for example) -+ * dislike a statement-free file, complaining: "%CC-W-EMPTYFILE, Source file -+ * does not contain any declarations." - */ - - int sha512_dummy(); - --#endif /* OPENSSL_NO_SHA512 */ -+#endif /* OPENSSL_NO_SHA512 */ -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c -index 598f4d7..41ed7e9 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -59,22 +59,21 @@ - #include - #include - #ifdef OPENSSL_FIPS --#include -+# include - #endif - - #include - #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) - --#undef SHA_1 --#define SHA_0 -+# undef SHA_1 -+# define SHA_0 - --#include -+# include - --const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT; -+const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT; - - /* The implementation is in ../md32_common.h */ - --#include "sha_locl.h" -+# include "sha_locl.h" - - #endif -- -diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c -index 3bae623..0930b98 100644 ---- a/Cryptlib/OpenSSL/crypto/sha/sha_one.c -+++ b/Cryptlib/OpenSSL/crypto/sha/sha_one.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,16 +63,17 @@ - - #ifndef OPENSSL_NO_SHA0 - unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) -- { -- SHA_CTX c; -- static unsigned char m[SHA_DIGEST_LENGTH]; -+{ -+ SHA_CTX c; -+ static unsigned char m[SHA_DIGEST_LENGTH]; - -- if (md == NULL) md=m; -- if (!SHA_Init(&c)) -- return NULL; -- SHA_Update(&c,d,n); -- SHA_Final(md,&c); -- OPENSSL_cleanse(&c,sizeof(c)); -- return(md); -- } -+ if (md == NULL) -+ md = m; -+ if (!SHA_Init(&c)) -+ return NULL; -+ SHA_Update(&c, d, n); -+ SHA_Final(md, &c); -+ OPENSSL_cleanse(&c, sizeof(c)); -+ return (md); -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c -index 378bd7c..c59f0bb 100644 ---- a/Cryptlib/OpenSSL/crypto/stack/stack.c -+++ b/Cryptlib/OpenSSL/crypto/stack/stack.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,17 +49,18 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - --/* Code for stacks -+/*- -+ * Code for stacks - * Author - Eric Young v 1.0 -- * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the -- * lowest index for the searched item. -+ * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the -+ * lowest index for the searched item. - * - * 1.1 eay - Take from netdb and added to SSLeay - * -@@ -71,271 +72,292 @@ - #include - - #undef MIN_NODES --#define MIN_NODES 4 -+#define MIN_NODES 4 - --const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT; -+const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT; - - #include - --int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *))) -- (const char * const *, const char * const *) -- { -- int (*old)(const char * const *,const char * const *)=sk->comp; -- -- if (sk->comp != c) -- sk->sorted=0; -- sk->comp=c; -- -- return old; -- } -- --STACK *sk_dup(STACK *sk) -- { -- STACK *ret; -- char **s; -- -- if ((ret=sk_new(sk->comp)) == NULL) goto err; -- s=(char **)OPENSSL_realloc((char *)ret->data, -- (unsigned int)sizeof(char *)*sk->num_alloc); -- if (s == NULL) goto err; -- ret->data=s; -- -- ret->num=sk->num; -- memcpy(ret->data,sk->data,sizeof(char *)*sk->num); -- ret->sorted=sk->sorted; -- ret->num_alloc=sk->num_alloc; -- ret->comp=sk->comp; -- return(ret); --err: -- if(ret) -- sk_free(ret); -- return(NULL); -- } -+int (*sk_set_cmp_func -+ (STACK * sk, int (*c) (const char *const *, const char *const *))) -+ (const char *const *, const char *const *) { -+ int (*old) (const char *const *, const char *const *) = sk->comp; -+ -+ if (sk->comp != c) -+ sk->sorted = 0; -+ sk->comp = c; -+ -+ return old; -+} -+ -+STACK *sk_dup(STACK * sk) -+{ -+ STACK *ret; -+ char **s; -+ -+ if ((ret = sk_new(sk->comp)) == NULL) -+ goto err; -+ s = (char **)OPENSSL_realloc((char *)ret->data, -+ (unsigned int)sizeof(char *) * -+ sk->num_alloc); -+ if (s == NULL) -+ goto err; -+ ret->data = s; -+ -+ ret->num = sk->num; -+ memcpy(ret->data, sk->data, sizeof(char *) * sk->num); -+ ret->sorted = sk->sorted; -+ ret->num_alloc = sk->num_alloc; -+ ret->comp = sk->comp; -+ return (ret); -+ err: -+ if (ret) -+ sk_free(ret); -+ return (NULL); -+} - - STACK *sk_new_null(void) -- { -- return sk_new((int (*)(const char * const *, const char * const *))0); -- } -- --STACK *sk_new(int (*c)(const char * const *, const char * const *)) -- { -- STACK *ret; -- int i; -- -- if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL) -- goto err; -- if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL) -- goto err; -- for (i=0; idata[i]=NULL; -- ret->comp=c; -- ret->num_alloc=MIN_NODES; -- ret->num=0; -- ret->sorted=0; -- return(ret); --err: -- if(ret) -- OPENSSL_free(ret); -- return(NULL); -- } -- --int sk_insert(STACK *st, char *data, int loc) -- { -- char **s; -- -- if(st == NULL) return 0; -- if (st->num_alloc <= st->num+1) -- { -- s=(char **)OPENSSL_realloc((char *)st->data, -- (unsigned int)sizeof(char *)*st->num_alloc*2); -- if (s == NULL) -- return(0); -- st->data=s; -- st->num_alloc*=2; -- } -- if ((loc >= (int)st->num) || (loc < 0)) -- st->data[st->num]=data; -- else -- { -- int i; -- char **f,**t; -- -- f=(char **)st->data; -- t=(char **)&(st->data[1]); -- for (i=st->num; i>=loc; i--) -- t[i]=f[i]; -- --#ifdef undef /* no memmove on sunos :-( */ -- memmove( (char *)&(st->data[loc+1]), -- (char *)&(st->data[loc]), -- sizeof(char *)*(st->num-loc)); -+{ -+ return sk_new((int (*)(const char *const *, const char *const *))0); -+} -+ -+STACK *sk_new(int (*c) (const char *const *, const char *const *)) -+{ -+ STACK *ret; -+ int i; -+ -+ if ((ret = (STACK *) OPENSSL_malloc(sizeof(STACK))) == NULL) -+ goto err; -+ if ((ret->data = -+ (char **)OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL) -+ goto err; -+ for (i = 0; i < MIN_NODES; i++) -+ ret->data[i] = NULL; -+ ret->comp = c; -+ ret->num_alloc = MIN_NODES; -+ ret->num = 0; -+ ret->sorted = 0; -+ return (ret); -+ err: -+ if (ret) -+ OPENSSL_free(ret); -+ return (NULL); -+} -+ -+int sk_insert(STACK * st, char *data, int loc) -+{ -+ char **s; -+ -+ if (st == NULL) -+ return 0; -+ if (st->num_alloc <= st->num + 1) { -+ s = (char **)OPENSSL_realloc((char *)st->data, -+ (unsigned int)sizeof(char *) * -+ st->num_alloc * 2); -+ if (s == NULL) -+ return (0); -+ st->data = s; -+ st->num_alloc *= 2; -+ } -+ if ((loc >= (int)st->num) || (loc < 0)) -+ st->data[st->num] = data; -+ else { -+ int i; -+ char **f, **t; -+ -+ f = (char **)st->data; -+ t = (char **)&(st->data[1]); -+ for (i = st->num; i >= loc; i--) -+ t[i] = f[i]; -+ -+#ifdef undef /* no memmove on sunos :-( */ -+ memmove((char *)&(st->data[loc + 1]), -+ (char *)&(st->data[loc]), sizeof(char *) * (st->num - loc)); - #endif -- st->data[loc]=data; -- } -- st->num++; -- st->sorted=0; -- return(st->num); -- } -- --char *sk_delete_ptr(STACK *st, char *p) -- { -- int i; -- -- for (i=0; inum; i++) -- if (st->data[i] == p) -- return(sk_delete(st,i)); -- return(NULL); -- } -- --char *sk_delete(STACK *st, int loc) -- { -- char *ret; -- int i,j; -- -- if(!st || (loc < 0) || (loc >= st->num)) return NULL; -- -- ret=st->data[loc]; -- if (loc != st->num-1) -- { -- j=st->num-1; -- for (i=loc; idata[i]=st->data[i+1]; -- /* In theory memcpy is not safe for this -- * memcpy( &(st->data[loc]), -- * &(st->data[loc+1]), -- * sizeof(char *)*(st->num-loc-1)); -- */ -- } -- st->num--; -- return(ret); -- } -- --static int internal_find(STACK *st, char *data, int ret_val_options) -- { -- char **r; -- int i; -- int (*comp_func)(const void *,const void *); -- if(st == NULL) return -1; -- -- if (st->comp == NULL) -- { -- for (i=0; inum; i++) -- if (st->data[i] == data) -- return(i); -- return(-1); -- } -- sk_sort(st); -- if (data == NULL) return(-1); -- /* This (and the "qsort" below) are the two places in OpenSSL -- * where we need to convert from our standard (type **,type **) -- * compare callback type to the (void *,void *) type required by -- * bsearch. However, the "data" it is being called(back) with are -- * not (type *) pointers, but the *pointers* to (type *) pointers, -- * so we get our extra level of pointer dereferencing that way. */ -- comp_func=(int (*)(const void *,const void *))(st->comp); -- r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data, -- st->num,sizeof(char *),comp_func,ret_val_options); -- if (r == NULL) return(-1); -- return((int)(r-st->data)); -- } -- --int sk_find(STACK *st, char *data) -- { -- return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); -- } --int sk_find_ex(STACK *st, char *data) -- { -- return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); -- } -- --int sk_push(STACK *st, char *data) -- { -- return(sk_insert(st,data,st->num)); -- } -- --int sk_unshift(STACK *st, char *data) -- { -- return(sk_insert(st,data,0)); -- } -- --char *sk_shift(STACK *st) -- { -- if (st == NULL) return(NULL); -- if (st->num <= 0) return(NULL); -- return(sk_delete(st,0)); -- } -- --char *sk_pop(STACK *st) -- { -- if (st == NULL) return(NULL); -- if (st->num <= 0) return(NULL); -- return(sk_delete(st,st->num-1)); -- } -- --void sk_zero(STACK *st) -- { -- if (st == NULL) return; -- if (st->num <= 0) return; -- memset((char *)st->data,0,sizeof(st->data)*st->num); -- st->num=0; -- } -- --void sk_pop_free(STACK *st, void (*func)(void *)) -- { -- int i; -- -- if (st == NULL) return; -- for (i=0; inum; i++) -- if (st->data[i] != NULL) -- func(st->data[i]); -- sk_free(st); -- } -- --void sk_free(STACK *st) -- { -- if (st == NULL) return; -- if (st->data != NULL) OPENSSL_free(st->data); -- OPENSSL_free(st); -- } -- --int sk_num(const STACK *st) -+ st->data[loc] = data; -+ } -+ st->num++; -+ st->sorted = 0; -+ return (st->num); -+} -+ -+char *sk_delete_ptr(STACK * st, char *p) -+{ -+ int i; -+ -+ for (i = 0; i < st->num; i++) -+ if (st->data[i] == p) -+ return (sk_delete(st, i)); -+ return (NULL); -+} -+ -+char *sk_delete(STACK * st, int loc) -+{ -+ char *ret; -+ int i, j; -+ -+ if (!st || (loc < 0) || (loc >= st->num)) -+ return NULL; -+ -+ ret = st->data[loc]; -+ if (loc != st->num - 1) { -+ j = st->num - 1; -+ for (i = loc; i < j; i++) -+ st->data[i] = st->data[i + 1]; -+ /* -+ * In theory memcpy is not safe for this memcpy( &(st->data[loc]), -+ * &(st->data[loc+1]), sizeof(char *)*(st->num-loc-1)); -+ */ -+ } -+ st->num--; -+ return (ret); -+} -+ -+static int internal_find(STACK * st, char *data, int ret_val_options) -+{ -+ char **r; -+ int i; -+ int (*comp_func) (const void *, const void *); -+ if (st == NULL) -+ return -1; -+ -+ if (st->comp == NULL) { -+ for (i = 0; i < st->num; i++) -+ if (st->data[i] == data) -+ return (i); -+ return (-1); -+ } -+ sk_sort(st); -+ if (data == NULL) -+ return (-1); -+ /* -+ * This (and the "qsort" below) are the two places in OpenSSL where we -+ * need to convert from our standard (type **,type **) compare callback -+ * type to the (void *,void *) type required by bsearch. However, the -+ * "data" it is being called(back) with are not (type *) pointers, but -+ * the *pointers* to (type *) pointers, so we get our extra level of -+ * pointer dereferencing that way. -+ */ -+ comp_func = (int (*)(const void *, const void *))(st->comp); -+ r = (char **)OBJ_bsearch_ex((char *)&data, (char *)st->data, -+ st->num, sizeof(char *), comp_func, -+ ret_val_options); -+ if (r == NULL) -+ return (-1); -+ return ((int)(r - st->data)); -+} -+ -+int sk_find(STACK * st, char *data) -+{ -+ return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); -+} -+ -+int sk_find_ex(STACK * st, char *data) -+{ -+ return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); -+} -+ -+int sk_push(STACK * st, char *data) -+{ -+ return (sk_insert(st, data, st->num)); -+} -+ -+int sk_unshift(STACK * st, char *data) - { -- if(st == NULL) return -1; -- return st->num; -+ return (sk_insert(st, data, 0)); - } - --char *sk_value(const STACK *st, int i) -+char *sk_shift(STACK * st) - { -- if(!st || (i < 0) || (i >= st->num)) return NULL; -- return st->data[i]; -+ if (st == NULL) -+ return (NULL); -+ if (st->num <= 0) -+ return (NULL); -+ return (sk_delete(st, 0)); - } - --char *sk_set(STACK *st, int i, char *value) -+char *sk_pop(STACK * st) - { -- if(!st || (i < 0) || (i >= st->num)) return NULL; -- return (st->data[i] = value); -+ if (st == NULL) -+ return (NULL); -+ if (st->num <= 0) -+ return (NULL); -+ return (sk_delete(st, st->num - 1)); - } - --void sk_sort(STACK *st) -- { -- if (st && !st->sorted) -- { -- int (*comp_func)(const void *,const void *); -- -- /* same comment as in sk_find ... previously st->comp was declared -- * as a (void*,void*) callback type, but this made the population -- * of the callback pointer illogical - our callbacks compare -- * type** with type**, so we leave the casting until absolutely -- * necessary (ie. "now"). */ -- comp_func=(int (*)(const void *,const void *))(st->comp); -- qsort(st->data,st->num,sizeof(char *), comp_func); -- st->sorted=1; -- } -- } -- --int sk_is_sorted(const STACK *st) -- { -- if (!st) -- return 1; -- return st->sorted; -- } -+void sk_zero(STACK * st) -+{ -+ if (st == NULL) -+ return; -+ if (st->num <= 0) -+ return; -+ memset((char *)st->data, 0, sizeof(st->data) * st->num); -+ st->num = 0; -+} -+ -+void sk_pop_free(STACK * st, void (*func) (void *)) -+{ -+ int i; -+ -+ if (st == NULL) -+ return; -+ for (i = 0; i < st->num; i++) -+ if (st->data[i] != NULL) -+ func(st->data[i]); -+ sk_free(st); -+} -+ -+void sk_free(STACK * st) -+{ -+ if (st == NULL) -+ return; -+ if (st->data != NULL) -+ OPENSSL_free(st->data); -+ OPENSSL_free(st); -+} -+ -+int sk_num(const STACK * st) -+{ -+ if (st == NULL) -+ return -1; -+ return st->num; -+} -+ -+char *sk_value(const STACK * st, int i) -+{ -+ if (!st || (i < 0) || (i >= st->num)) -+ return NULL; -+ return st->data[i]; -+} -+ -+char *sk_set(STACK * st, int i, char *value) -+{ -+ if (!st || (i < 0) || (i >= st->num)) -+ return NULL; -+ return (st->data[i] = value); -+} -+ -+void sk_sort(STACK * st) -+{ -+ if (st && !st->sorted) { -+ int (*comp_func) (const void *, const void *); -+ -+ /* -+ * same comment as in sk_find ... previously st->comp was declared as -+ * a (void*,void*) callback type, but this made the population of the -+ * callback pointer illogical - our callbacks compare type** with -+ * type**, so we leave the casting until absolutely necessary (ie. -+ * "now"). -+ */ -+ comp_func = (int (*)(const void *, const void *))(st->comp); -+ qsort(st->data, st->num, sizeof(char *), comp_func); -+ st->sorted = 1; -+ } -+} -+ -+int sk_is_sorted(const STACK * st) -+{ -+ if (!st) -+ return 1; -+ return st->sorted; -+} -diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c -index 6fee649..fb03c53 100644 ---- a/Cryptlib/OpenSSL/crypto/store/str_err.c -+++ b/Cryptlib/OpenSSL/crypto/store/str_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,147 +66,193 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason) - --static ERR_STRING_DATA STORE_str_functs[]= -- { --{ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"}, --{ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"}, --{ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"}, --{ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"}, --{ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"}, --{ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"}, --{ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR), "STORE_ATTR_INFO_get0_cstr"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), "STORE_ATTR_INFO_get0_number"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR), "STORE_ATTR_INFO_get0_sha1str"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), "STORE_ATTR_INFO_modify_cstr"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN), "STORE_ATTR_INFO_modify_dn"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER), "STORE_ATTR_INFO_modify_number"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR), "STORE_ATTR_INFO_modify_sha1str"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER), "STORE_ATTR_INFO_set_number"}, --{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), "STORE_ATTR_INFO_set_sha1str"}, --{ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"}, --{ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"}, --{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"}, --{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"}, --{ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"}, --{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"}, --{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"}, --{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"}, --{ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"}, --{ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"}, --{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"}, --{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"}, --{ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"}, --{ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"}, --{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"}, --{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"}, --{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END), "STORE_list_certificate_end"}, --{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), "STORE_list_certificate_endp"}, --{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), "STORE_list_certificate_next"}, --{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START), "STORE_list_certificate_start"}, --{ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"}, --{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"}, --{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"}, --{ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"}, --{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END), "STORE_list_private_key_end"}, --{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), "STORE_list_private_key_endp"}, --{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), "STORE_list_private_key_next"}, --{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START), "STORE_list_private_key_start"}, --{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END), "STORE_list_public_key_end"}, --{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP), "STORE_list_public_key_endp"}, --{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT), "STORE_list_public_key_next"}, --{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), "STORE_list_public_key_start"}, --{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"}, --{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"}, --{ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"}, --{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"}, --{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"}, --{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"}, --{ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"}, --{ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"}, --{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"}, --{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"}, --{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"}, --{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"}, --{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"}, --{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"}, --{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"}, --{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"}, --{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"}, --{ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"}, --{ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"}, --{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"}, --{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"}, --{0,NULL} -- }; -+static ERR_STRING_DATA STORE_str_functs[] = { -+ {ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"}, -+ {ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"}, -+ {ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"}, -+ {ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"}, -+ {ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"}, -+ {ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"}, -+ {ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR), -+ "STORE_ATTR_INFO_get0_cstr"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), -+ "STORE_ATTR_INFO_get0_number"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR), -+ "STORE_ATTR_INFO_get0_sha1str"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), -+ "STORE_ATTR_INFO_modify_cstr"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN), -+ "STORE_ATTR_INFO_modify_dn"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER), -+ "STORE_ATTR_INFO_modify_number"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR), -+ "STORE_ATTR_INFO_modify_sha1str"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER), -+ "STORE_ATTR_INFO_set_number"}, -+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), -+ "STORE_ATTR_INFO_set_sha1str"}, -+ {ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"}, -+ {ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"}, -+ {ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"}, -+ {ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"}, -+ {ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"}, -+ {ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"}, -+ {ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"}, -+ {ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"}, -+ {ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"}, -+ {ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"}, -+ {ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"}, -+ {ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"}, -+ {ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"}, -+ {ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"}, -+ {ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"}, -+ {ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END), -+ "STORE_list_certificate_end"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), -+ "STORE_list_certificate_endp"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), -+ "STORE_list_certificate_next"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START), -+ "STORE_list_certificate_start"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END), -+ "STORE_list_private_key_end"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), -+ "STORE_list_private_key_endp"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), -+ "STORE_list_private_key_next"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START), -+ "STORE_list_private_key_start"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END), -+ "STORE_list_public_key_end"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP), -+ "STORE_list_public_key_endp"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT), -+ "STORE_list_public_key_next"}, -+ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), -+ "STORE_list_public_key_start"}, -+ {ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"}, -+ {ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"}, -+ {ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"}, -+ {ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"}, -+ {ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"}, -+ {ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"}, -+ {ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"}, -+ {ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"}, -+ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"}, -+ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"}, -+ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"}, -+ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"}, -+ {ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"}, -+ {ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"}, -+ {ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"}, -+ {ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"}, -+ {ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"}, -+ {ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"}, -+ {ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"}, -+ {ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"}, -+ {ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA STORE_str_reasons[]= -- { --{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"}, --{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"}, --{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"}, --{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"}, --{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"}, --{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"}, --{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"}, --{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"}, --{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"}, --{ERR_REASON(STORE_R_FAILED_GETTING_KEY) ,"failed getting key"}, --{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"}, --{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"}, --{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"}, --{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"}, --{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"}, --{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"}, --{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"}, --{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"}, --{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"}, --{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"}, --{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"}, --{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"}, --{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"}, --{ERR_REASON(STORE_R_FAILED_STORING_KEY) ,"failed storing key"}, --{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"}, --{ERR_REASON(STORE_R_NOT_IMPLEMENTED) ,"not implemented"}, --{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"}, --{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"}, --{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"}, --{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"}, --{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"}, --{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"}, --{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"}, --{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"}, --{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"}, --{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"}, --{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"}, --{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"}, --{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"}, --{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"}, --{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"}, --{ERR_REASON(STORE_R_NO_STORE) ,"no store"}, --{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"}, --{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"}, --{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"}, --{ERR_REASON(STORE_R_NO_VALUE) ,"no value"}, --{0,NULL} -- }; -+static ERR_STRING_DATA STORE_str_reasons[] = { -+ {ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE), "already has a value"}, -+ {ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY), -+ "failed deleting arbitrary"}, -+ {ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE), -+ "failed deleting certificate"}, -+ {ERR_REASON(STORE_R_FAILED_DELETING_KEY), "failed deleting key"}, -+ {ERR_REASON(STORE_R_FAILED_DELETING_NUMBER), "failed deleting number"}, -+ {ERR_REASON(STORE_R_FAILED_GENERATING_CRL), "failed generating crl"}, -+ {ERR_REASON(STORE_R_FAILED_GENERATING_KEY), "failed generating key"}, -+ {ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY), -+ "failed getting arbitrary"}, -+ {ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE), -+ "failed getting certificate"}, -+ {ERR_REASON(STORE_R_FAILED_GETTING_KEY), "failed getting key"}, -+ {ERR_REASON(STORE_R_FAILED_GETTING_NUMBER), "failed getting number"}, -+ {ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES), -+ "failed listing certificates"}, -+ {ERR_REASON(STORE_R_FAILED_LISTING_KEYS), "failed listing keys"}, -+ {ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY), -+ "failed modifying arbitrary"}, -+ {ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE), -+ "failed modifying certificate"}, -+ {ERR_REASON(STORE_R_FAILED_MODIFYING_CRL), "failed modifying crl"}, -+ {ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER), "failed modifying number"}, -+ {ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY), -+ "failed modifying private key"}, -+ {ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY), -+ "failed modifying public key"}, -+ {ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE), -+ "failed revoking certificate"}, -+ {ERR_REASON(STORE_R_FAILED_REVOKING_KEY), "failed revoking key"}, -+ {ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY), -+ "failed storing arbitrary"}, -+ {ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE), -+ "failed storing certificate"}, -+ {ERR_REASON(STORE_R_FAILED_STORING_KEY), "failed storing key"}, -+ {ERR_REASON(STORE_R_FAILED_STORING_NUMBER), "failed storing number"}, -+ {ERR_REASON(STORE_R_NOT_IMPLEMENTED), "not implemented"}, -+ {ERR_REASON(STORE_R_NO_CONTROL_FUNCTION), "no control function"}, -+ {ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION), -+ "no delete arbitrary function"}, -+ {ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION), -+ "no delete number function"}, -+ {ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION), -+ "no delete object function"}, -+ {ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION), -+ "no generate crl function"}, -+ {ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION), -+ "no generate object function"}, -+ {ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION), -+ "no get object arbitrary function"}, -+ {ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION), "no get object function"}, -+ {ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION), -+ "no get object number function"}, -+ {ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION), -+ "no list object endp function"}, -+ {ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION), -+ "no list object end function"}, -+ {ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION), -+ "no list object next function"}, -+ {ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION), -+ "no list object start function"}, -+ {ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION), -+ "no modify object function"}, -+ {ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION), -+ "no revoke object function"}, -+ {ERR_REASON(STORE_R_NO_STORE), "no store"}, -+ {ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION), -+ "no store object arbitrary function"}, -+ {ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION), -+ "no store object function"}, -+ {ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION), -+ "no store object number function"}, -+ {ERR_REASON(STORE_R_NO_VALUE), "no value"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_STORE_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(STORE_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,STORE_str_functs); -- ERR_load_strings(0,STORE_str_reasons); -- } -+ if (ERR_func_error_string(STORE_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, STORE_str_functs); -+ ERR_load_strings(0, STORE_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c -index 32ae5bd..c968319 100644 ---- a/Cryptlib/OpenSSL/crypto/store/str_lib.c -+++ b/Cryptlib/OpenSSL/crypto/store/str_lib.c -@@ -1,6 +1,7 @@ - /* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2003. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2003. - */ - /* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,1765 +61,1711 @@ - #include - #include - #ifndef OPENSSL_NO_ENGINE --#include -+# include - #endif - #include - #include - #include "str_locl.h" - --const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] = -- { -- 0, -- "X.509 Certificate", -- "X.509 CRL", -- "Private Key", -- "Public Key", -- "Number", -- "Arbitrary Data" -- }; -- --const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = -- { -- 0, -- sizeof(int), /* EVP_TYPE */ -- sizeof(size_t), /* BITS */ -- -1, /* KEY_PARAMETERS */ -- 0 /* KEY_NO_PARAMETERS */ -- }; -- --const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] = -- { -- 0, -- -1, /* FRIENDLYNAME: C string */ -- SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ -- SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ -- SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ -- SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ -- sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ -- sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ -- sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ -- SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ -- -1, /* EMAIL: C string */ -- -1, /* FILENAME: C string */ -- }; -+const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = { -+ 0, -+ "X.509 Certificate", -+ "X.509 CRL", -+ "Private Key", -+ "Public Key", -+ "Number", -+ "Arbitrary Data" -+}; -+ -+const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = { -+ 0, -+ sizeof(int), /* EVP_TYPE */ -+ sizeof(size_t), /* BITS */ -+ -1, /* KEY_PARAMETERS */ -+ 0 /* KEY_NO_PARAMETERS */ -+}; -+ -+const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = { -+ 0, -+ -1, /* FRIENDLYNAME: C string */ -+ SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ -+ SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ -+ SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ -+ SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ -+ sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ -+ sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ -+ sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ -+ SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ -+ -1, /* EMAIL: C string */ -+ -1, /* FILENAME: C string */ -+}; - - STORE *STORE_new_method(const STORE_METHOD *method) -- { -- STORE *ret; -- -- if (method == NULL) -- { -- STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- -- ret=(STORE *)OPENSSL_malloc(sizeof(STORE)); -- if (ret == NULL) -- { -- STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- ret->meth=method; -- -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); -- if (ret->meth->init && !ret->meth->init(ret)) -- { -- STORE_free(ret); -- ret = NULL; -- } -- return ret; -- } -+{ -+ STORE *ret; -+ -+ if (method == NULL) { -+ STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ -+ ret = (STORE *)OPENSSL_malloc(sizeof(STORE)); -+ if (ret == NULL) { -+ STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ ret->meth = method; -+ -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); -+ if (ret->meth->init && !ret->meth->init(ret)) { -+ STORE_free(ret); -+ ret = NULL; -+ } -+ return ret; -+} - - STORE *STORE_new_engine(ENGINE *engine) -- { -- STORE *ret = NULL; -- ENGINE *e = engine; -- const STORE_METHOD *meth = 0; -+{ -+ STORE *ret = NULL; -+ ENGINE *e = engine; -+ const STORE_METHOD *meth = 0; - - #ifdef OPENSSL_NO_ENGINE -- e = NULL; -+ e = NULL; - #else -- if (engine) -- { -- if (!ENGINE_init(engine)) -- { -- STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); -- return NULL; -- } -- e = engine; -- } -- else -- { -- STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- if(e) -- { -- meth = ENGINE_get_STORE(e); -- if(!meth) -- { -- STOREerr(STORE_F_STORE_NEW_ENGINE, -- ERR_R_ENGINE_LIB); -- ENGINE_finish(e); -- return NULL; -- } -- } -+ if (engine) { -+ if (!ENGINE_init(engine)) { -+ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); -+ return NULL; -+ } -+ e = engine; -+ } else { -+ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ if (e) { -+ meth = ENGINE_get_STORE(e); -+ if (!meth) { -+ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); -+ ENGINE_finish(e); -+ return NULL; -+ } -+ } - #endif - -- ret = STORE_new_method(meth); -- if (ret == NULL) -- { -- STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB); -- return NULL; -- } -+ ret = STORE_new_method(meth); -+ if (ret == NULL) { -+ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB); -+ return NULL; -+ } - -- ret->engine = e; -+ ret->engine = e; - -- return(ret); -- } -+ return (ret); -+} - - void STORE_free(STORE *store) -- { -- if (store == NULL) -- return; -- if (store->meth->clean) -- store->meth->clean(store); -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); -- OPENSSL_free(store); -- } -- --int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)) -- { -- if (store == NULL) -- { -- STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (store->meth->ctrl) -- return store->meth->ctrl(store, cmd, i, p, f); -- STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION); -- return 0; -- } -- -+{ -+ if (store == NULL) -+ return; -+ if (store->meth->clean) -+ store->meth->clean(store); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); -+ OPENSSL_free(store); -+} -+ -+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)) -+{ -+ if (store == NULL) { -+ STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (store->meth->ctrl) -+ return store->meth->ctrl(store, cmd, i, p, f); -+ STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION); -+ return 0; -+} - - int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, -- new_func, dup_func, free_func); -- } -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, -+ new_func, dup_func, free_func); -+} - - int STORE_set_ex_data(STORE *r, int idx, void *arg) -- { -- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); -- } -+{ -+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); -+} - - void *STORE_get_ex_data(STORE *r, int idx) -- { -- return(CRYPTO_get_ex_data(&r->ex_data,idx)); -- } -+{ -+ return (CRYPTO_get_ex_data(&r->ex_data, idx)); -+} - - const STORE_METHOD *STORE_get_method(STORE *store) -- { -- return store->meth; -- } -+{ -+ return store->meth; -+} - - const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) -- { -- store->meth=meth; -- return store->meth; -- } -- -+{ -+ store->meth = meth; -+ return store->meth; -+} - - /* API helpers */ - - #define check_store(s,fncode,fnname,fnerrcode) \ -- do \ -- { \ -- if ((s) == NULL || (s)->meth == NULL) \ -- { \ -- STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ -- return 0; \ -- } \ -- if ((s)->meth->fnname == NULL) \ -- { \ -- STOREerr((fncode), (fnerrcode)); \ -- return 0; \ -- } \ -- } \ -- while(0) -+ do \ -+ { \ -+ if ((s) == NULL || (s)->meth == NULL) \ -+ { \ -+ STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ -+ return 0; \ -+ } \ -+ if ((s)->meth->fnname == NULL) \ -+ { \ -+ STOREerr((fncode), (fnerrcode)); \ -+ return 0; \ -+ } \ -+ } \ -+ while(0) - - /* API functions */ - - X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- X509 *x; -- -- check_store(s,STORE_F_STORE_GET_CERTIFICATE, -- get_object,STORE_R_NO_GET_OBJECT_FUNCTION); -- -- object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -- attributes, parameters); -- if (!object || !object->data.x509.certificate) -- { -- STOREerr(STORE_F_STORE_GET_CERTIFICATE, -- STORE_R_FAILED_GETTING_CERTIFICATE); -- return 0; -- } -- CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ X509 *x; -+ -+ check_store(s, STORE_F_STORE_GET_CERTIFICATE, -+ get_object, STORE_R_NO_GET_OBJECT_FUNCTION); -+ -+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -+ attributes, parameters); -+ if (!object || !object->data.x509.certificate) { -+ STOREerr(STORE_F_STORE_GET_CERTIFICATE, -+ STORE_R_FAILED_GETTING_CERTIFICATE); -+ return 0; -+ } -+ CRYPTO_add(&object->data.x509.certificate->references, 1, -+ CRYPTO_LOCK_X509); - #ifdef REF_PRINT -- REF_PRINT("X509",data); -+ REF_PRINT("X509", data); - #endif -- x = object->data.x509.certificate; -- STORE_OBJECT_free(object); -- return x; -- } -+ x = object->data.x509.certificate; -+ STORE_OBJECT_free(object); -+ return x; -+} - - int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- int i; -- -- check_store(s,STORE_F_STORE_CERTIFICATE, -- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); -- -- object = STORE_OBJECT_new(); -- if (!object) -- { -- STOREerr(STORE_F_STORE_STORE_CERTIFICATE, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509); -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ int i; -+ -+ check_store(s, STORE_F_STORE_CERTIFICATE, -+ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); -+ -+ object = STORE_OBJECT_new(); -+ if (!object) { -+ STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509); - #ifdef REF_PRINT -- REF_PRINT("X509",data); -+ REF_PRINT("X509", data); - #endif -- object->data.x509.certificate = data; -+ object->data.x509.certificate = data; - -- i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -- object, attributes, parameters); -+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -+ object, attributes, parameters); - -- STORE_OBJECT_free(object); -+ STORE_OBJECT_free(object); - -- if (!i) -- { -- STOREerr(STORE_F_STORE_STORE_CERTIFICATE, -- STORE_R_FAILED_STORING_CERTIFICATE); -- return 0; -- } -- return 1; -- } -+ if (!i) { -+ STOREerr(STORE_F_STORE_STORE_CERTIFICATE, -+ STORE_R_FAILED_STORING_CERTIFICATE); -+ return 0; -+ } -+ return 1; -+} - - int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE, -- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); -- -- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -- search_attributes, add_attributes, modify_attributes, -- delete_attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE, -- STORE_R_FAILED_MODIFYING_CERTIFICATE); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE, -+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); -+ -+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -+ search_attributes, add_attributes, -+ modify_attributes, delete_attributes, -+ parameters)) { -+ STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE, -+ STORE_R_FAILED_MODIFYING_CERTIFICATE); -+ return 0; -+ } -+ return 1; -+} - - int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE, -- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); -- -- if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -- attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, -- STORE_R_FAILED_REVOKING_CERTIFICATE); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE, -+ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); -+ -+ if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -+ attributes, parameters)) { -+ STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, -+ STORE_R_FAILED_REVOKING_CERTIFICATE); -+ return 0; -+ } -+ return 1; -+} - - int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_DELETE_CERTIFICATE, -- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); -- -- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -- attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, -- STORE_R_FAILED_DELETING_CERTIFICATE); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_DELETE_CERTIFICATE, -+ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); -+ -+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, -+ attributes, parameters)) { -+ STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, -+ STORE_R_FAILED_DELETING_CERTIFICATE); -+ return 0; -+ } -+ return 1; -+} - - void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- void *handle; -- -- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START, -- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); -- -- handle = s->meth->list_object_start(s, -- STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters); -- if (!handle) -- { -- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, -- STORE_R_FAILED_LISTING_CERTIFICATES); -- return 0; -- } -- return handle; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ void *handle; -+ -+ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START, -+ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); -+ -+ handle = s->meth->list_object_start(s, -+ STORE_OBJECT_TYPE_X509_CERTIFICATE, -+ attributes, parameters); -+ if (!handle) { -+ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, -+ STORE_R_FAILED_LISTING_CERTIFICATES); -+ return 0; -+ } -+ return handle; -+} - - X509 *STORE_list_certificate_next(STORE *s, void *handle) -- { -- STORE_OBJECT *object; -- X509 *x; -- -- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT, -- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); -- -- object = s->meth->list_object_next(s, handle); -- if (!object || !object->data.x509.certificate) -- { -- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, -- STORE_R_FAILED_LISTING_CERTIFICATES); -- return 0; -- } -- CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); -+{ -+ STORE_OBJECT *object; -+ X509 *x; -+ -+ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT, -+ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); -+ -+ object = s->meth->list_object_next(s, handle); -+ if (!object || !object->data.x509.certificate) { -+ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, -+ STORE_R_FAILED_LISTING_CERTIFICATES); -+ return 0; -+ } -+ CRYPTO_add(&object->data.x509.certificate->references, 1, -+ CRYPTO_LOCK_X509); - #ifdef REF_PRINT -- REF_PRINT("X509",data); -+ REF_PRINT("X509", data); - #endif -- x = object->data.x509.certificate; -- STORE_OBJECT_free(object); -- return x; -- } -+ x = object->data.x509.certificate; -+ STORE_OBJECT_free(object); -+ return x; -+} - - int STORE_list_certificate_end(STORE *s, void *handle) -- { -- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END, -- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); -- -- if (!s->meth->list_object_end(s, handle)) -- { -- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, -- STORE_R_FAILED_LISTING_CERTIFICATES); -- return 0; -- } -- return 1; -- } -+{ -+ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END, -+ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); -+ -+ if (!s->meth->list_object_end(s, handle)) { -+ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, -+ STORE_R_FAILED_LISTING_CERTIFICATES); -+ return 0; -+ } -+ return 1; -+} - - int STORE_list_certificate_endp(STORE *s, void *handle) -- { -- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP, -- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); -- -- if (!s->meth->list_object_endp(s, handle)) -- { -- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, -- STORE_R_FAILED_LISTING_CERTIFICATES); -- return 0; -- } -- return 1; -- } -+{ -+ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP, -+ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); -+ -+ if (!s->meth->list_object_endp(s, handle)) { -+ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, -+ STORE_R_FAILED_LISTING_CERTIFICATES); -+ return 0; -+ } -+ return 1; -+} - - EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- EVP_PKEY *pkey; -- -- check_store(s,STORE_F_STORE_GENERATE_KEY, -- generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION); -- -- object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -- attributes, parameters); -- if (!object || !object->data.key) -- { -- STOREerr(STORE_F_STORE_GENERATE_KEY, -- STORE_R_FAILED_GENERATING_KEY); -- return 0; -- } -- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ EVP_PKEY *pkey; -+ -+ check_store(s, STORE_F_STORE_GENERATE_KEY, -+ generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION); -+ -+ object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -+ attributes, parameters); -+ if (!object || !object->data.key) { -+ STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY); -+ return 0; -+ } -+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); - #ifdef REF_PRINT -- REF_PRINT("EVP_PKEY",data); -+ REF_PRINT("EVP_PKEY", data); - #endif -- pkey = object->data.key; -- STORE_OBJECT_free(object); -- return pkey; -- } -+ pkey = object->data.key; -+ STORE_OBJECT_free(object); -+ return pkey; -+} - - EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- EVP_PKEY *pkey; -- -- check_store(s,STORE_F_STORE_GET_PRIVATE_KEY, -- get_object,STORE_R_NO_GET_OBJECT_FUNCTION); -- -- object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -- attributes, parameters); -- if (!object || !object->data.key || !object->data.key) -- { -- STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, -- STORE_R_FAILED_GETTING_KEY); -- return 0; -- } -- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ EVP_PKEY *pkey; -+ -+ check_store(s, STORE_F_STORE_GET_PRIVATE_KEY, -+ get_object, STORE_R_NO_GET_OBJECT_FUNCTION); -+ -+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -+ attributes, parameters); -+ if (!object || !object->data.key || !object->data.key) { -+ STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY); -+ return 0; -+ } -+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); - #ifdef REF_PRINT -- REF_PRINT("EVP_PKEY",data); -+ REF_PRINT("EVP_PKEY", data); - #endif -- pkey = object->data.key; -- STORE_OBJECT_free(object); -- return pkey; -- } -- --int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- int i; -- -- check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY, -- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); -- -- object = STORE_OBJECT_new(); -- if (!object) -- { -- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- object->data.key = EVP_PKEY_new(); -- if (!object->data.key) -- { -- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); -+ pkey = object->data.key; -+ STORE_OBJECT_free(object); -+ return pkey; -+} -+ -+int STORE_store_private_key(STORE *s, EVP_PKEY *data, -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ int i; -+ -+ check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY, -+ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); -+ -+ object = STORE_OBJECT_new(); -+ if (!object) { -+ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ object->data.key = EVP_PKEY_new(); -+ if (!object->data.key) { -+ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY); - #ifdef REF_PRINT -- REF_PRINT("EVP_PKEY",data); -+ REF_PRINT("EVP_PKEY", data); - #endif -- object->data.key = data; -+ object->data.key = data; - -- i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, -- attributes, parameters); -+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, -+ attributes, parameters); - -- STORE_OBJECT_free(object); -+ STORE_OBJECT_free(object); - -- if (!i) -- { -- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, -- STORE_R_FAILED_STORING_KEY); -- return 0; -- } -- return i; -- } -+ if (!i) { -+ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY); -+ return 0; -+ } -+ return i; -+} - - int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY, -- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); -- -- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -- search_attributes, add_attributes, modify_attributes, -- delete_attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY, -- STORE_R_FAILED_MODIFYING_PRIVATE_KEY); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY, -+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); -+ -+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -+ search_attributes, add_attributes, -+ modify_attributes, delete_attributes, -+ parameters)) { -+ STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY, -+ STORE_R_FAILED_MODIFYING_PRIVATE_KEY); -+ return 0; -+ } -+ return 1; -+} - - int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- int i; -+ OPENSSL_ITEM parameters[]) -+{ -+ int i; - -- check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY, -- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); -+ check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY, -+ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); - -- i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -- attributes, parameters); -+ i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -+ attributes, parameters); - -- if (!i) -- { -- STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, -- STORE_R_FAILED_REVOKING_KEY); -- return 0; -- } -- return i; -- } -+ if (!i) { -+ STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, -+ STORE_R_FAILED_REVOKING_KEY); -+ return 0; -+ } -+ return i; -+} - - int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY, -- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); -- -- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -- attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, -- STORE_R_FAILED_DELETING_KEY); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY, -+ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); -+ -+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -+ attributes, parameters)) { -+ STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, -+ STORE_R_FAILED_DELETING_KEY); -+ return 0; -+ } -+ return 1; -+} - - void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- void *handle; -- -- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START, -- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); -- -- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -- attributes, parameters); -- if (!handle) -- { -- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return handle; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ void *handle; -+ -+ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START, -+ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); -+ -+ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, -+ attributes, parameters); -+ if (!handle) { -+ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, -+ STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return handle; -+} - - EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle) -- { -- STORE_OBJECT *object; -- EVP_PKEY *pkey; -- -- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, -- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); -- -- object = s->meth->list_object_next(s, handle); -- if (!object || !object->data.key || !object->data.key) -- { -- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); -+{ -+ STORE_OBJECT *object; -+ EVP_PKEY *pkey; -+ -+ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, -+ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); -+ -+ object = s->meth->list_object_next(s, handle); -+ if (!object || !object->data.key || !object->data.key) { -+ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, -+ STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); - #ifdef REF_PRINT -- REF_PRINT("EVP_PKEY",data); -+ REF_PRINT("EVP_PKEY", data); - #endif -- pkey = object->data.key; -- STORE_OBJECT_free(object); -- return pkey; -- } -+ pkey = object->data.key; -+ STORE_OBJECT_free(object); -+ return pkey; -+} - - int STORE_list_private_key_end(STORE *s, void *handle) -- { -- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END, -- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); -- -- if (!s->meth->list_object_end(s, handle)) -- { -- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return 1; -- } -+{ -+ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END, -+ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); -+ -+ if (!s->meth->list_object_end(s, handle)) { -+ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, -+ STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return 1; -+} - - int STORE_list_private_key_endp(STORE *s, void *handle) -- { -- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, -- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); -- -- if (!s->meth->list_object_endp(s, handle)) -- { -- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return 1; -- } -+{ -+ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, -+ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); -+ -+ if (!s->meth->list_object_endp(s, handle)) { -+ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, -+ STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return 1; -+} - - EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- EVP_PKEY *pkey; -- -- check_store(s,STORE_F_STORE_GET_PUBLIC_KEY, -- get_object,STORE_R_NO_GET_OBJECT_FUNCTION); -- -- object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -- attributes, parameters); -- if (!object || !object->data.key || !object->data.key) -- { -- STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, -- STORE_R_FAILED_GETTING_KEY); -- return 0; -- } -- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ EVP_PKEY *pkey; -+ -+ check_store(s, STORE_F_STORE_GET_PUBLIC_KEY, -+ get_object, STORE_R_NO_GET_OBJECT_FUNCTION); -+ -+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -+ attributes, parameters); -+ if (!object || !object->data.key || !object->data.key) { -+ STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY); -+ return 0; -+ } -+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); - #ifdef REF_PRINT -- REF_PRINT("EVP_PKEY",data); -+ REF_PRINT("EVP_PKEY", data); - #endif -- pkey = object->data.key; -- STORE_OBJECT_free(object); -- return pkey; -- } -- --int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- int i; -- -- check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY, -- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); -- -- object = STORE_OBJECT_new(); -- if (!object) -- { -- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- object->data.key = EVP_PKEY_new(); -- if (!object->data.key) -- { -- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); -+ pkey = object->data.key; -+ STORE_OBJECT_free(object); -+ return pkey; -+} -+ -+int STORE_store_public_key(STORE *s, EVP_PKEY *data, -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ int i; -+ -+ check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY, -+ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); -+ -+ object = STORE_OBJECT_new(); -+ if (!object) { -+ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ object->data.key = EVP_PKEY_new(); -+ if (!object->data.key) { -+ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY); - #ifdef REF_PRINT -- REF_PRINT("EVP_PKEY",data); -+ REF_PRINT("EVP_PKEY", data); - #endif -- object->data.key = data; -+ object->data.key = data; - -- i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, -- attributes, parameters); -+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, -+ attributes, parameters); - -- STORE_OBJECT_free(object); -+ STORE_OBJECT_free(object); - -- if (!i) -- { -- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, -- STORE_R_FAILED_STORING_KEY); -- return 0; -- } -- return i; -- } -+ if (!i) { -+ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY); -+ return 0; -+ } -+ return i; -+} - - int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY, -- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); -- -- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -- search_attributes, add_attributes, modify_attributes, -- delete_attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY, -- STORE_R_FAILED_MODIFYING_PUBLIC_KEY); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY, -+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); -+ -+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -+ search_attributes, add_attributes, -+ modify_attributes, delete_attributes, -+ parameters)) { -+ STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY, -+ STORE_R_FAILED_MODIFYING_PUBLIC_KEY); -+ return 0; -+ } -+ return 1; -+} - - int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- int i; -+ OPENSSL_ITEM parameters[]) -+{ -+ int i; - -- check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY, -- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); -+ check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY, -+ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); - -- i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -- attributes, parameters); -+ i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -+ attributes, parameters); - -- if (!i) -- { -- STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY, -- STORE_R_FAILED_REVOKING_KEY); -- return 0; -- } -- return i; -- } -+ if (!i) { -+ STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY, -+ STORE_R_FAILED_REVOKING_KEY); -+ return 0; -+ } -+ return i; -+} - - int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY, -- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); -- -- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -- attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, -- STORE_R_FAILED_DELETING_KEY); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY, -+ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); -+ -+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -+ attributes, parameters)) { -+ STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, -+ STORE_R_FAILED_DELETING_KEY); -+ return 0; -+ } -+ return 1; -+} - - void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- void *handle; -- -- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START, -- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); -- -- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -- attributes, parameters); -- if (!handle) -- { -- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return handle; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ void *handle; -+ -+ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START, -+ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); -+ -+ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, -+ attributes, parameters); -+ if (!handle) { -+ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, -+ STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return handle; -+} - - EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle) -- { -- STORE_OBJECT *object; -- EVP_PKEY *pkey; -- -- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, -- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); -- -- object = s->meth->list_object_next(s, handle); -- if (!object || !object->data.key || !object->data.key) -- { -- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); -+{ -+ STORE_OBJECT *object; -+ EVP_PKEY *pkey; -+ -+ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, -+ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); -+ -+ object = s->meth->list_object_next(s, handle); -+ if (!object || !object->data.key || !object->data.key) { -+ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, -+ STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); - #ifdef REF_PRINT -- REF_PRINT("EVP_PKEY",data); -+ REF_PRINT("EVP_PKEY", data); - #endif -- pkey = object->data.key; -- STORE_OBJECT_free(object); -- return pkey; -- } -+ pkey = object->data.key; -+ STORE_OBJECT_free(object); -+ return pkey; -+} - - int STORE_list_public_key_end(STORE *s, void *handle) -- { -- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END, -- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); -- -- if (!s->meth->list_object_end(s, handle)) -- { -- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return 1; -- } -+{ -+ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END, -+ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); -+ -+ if (!s->meth->list_object_end(s, handle)) { -+ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END, -+ STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return 1; -+} - - int STORE_list_public_key_endp(STORE *s, void *handle) -- { -- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, -- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); -- -- if (!s->meth->list_object_endp(s, handle)) -- { -- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return 1; -- } -+{ -+ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, -+ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); -+ -+ if (!s->meth->list_object_endp(s, handle)) { -+ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, -+ STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return 1; -+} - - X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- X509_CRL *crl; -- -- check_store(s,STORE_F_STORE_GENERATE_CRL, -- generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION); -- -- object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, -- attributes, parameters); -- if (!object || !object->data.crl) -- { -- STOREerr(STORE_F_STORE_GENERATE_CRL, -- STORE_R_FAILED_GENERATING_CRL); -- return 0; -- } -- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ X509_CRL *crl; -+ -+ check_store(s, STORE_F_STORE_GENERATE_CRL, -+ generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION); -+ -+ object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, -+ attributes, parameters); -+ if (!object || !object->data.crl) { -+ STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL); -+ return 0; -+ } -+ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); - #ifdef REF_PRINT -- REF_PRINT("X509_CRL",data); -+ REF_PRINT("X509_CRL", data); - #endif -- crl = object->data.crl; -- STORE_OBJECT_free(object); -- return crl; -- } -+ crl = object->data.crl; -+ STORE_OBJECT_free(object); -+ return crl; -+} - - X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- X509_CRL *crl; -- -- check_store(s,STORE_F_STORE_GET_CRL, -- get_object,STORE_R_NO_GET_OBJECT_FUNCTION); -- -- object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, -- attributes, parameters); -- if (!object || !object->data.crl) -- { -- STOREerr(STORE_F_STORE_GET_CRL, -- STORE_R_FAILED_GETTING_KEY); -- return 0; -- } -- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ X509_CRL *crl; -+ -+ check_store(s, STORE_F_STORE_GET_CRL, -+ get_object, STORE_R_NO_GET_OBJECT_FUNCTION); -+ -+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, -+ attributes, parameters); -+ if (!object || !object->data.crl) { -+ STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY); -+ return 0; -+ } -+ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); - #ifdef REF_PRINT -- REF_PRINT("X509_CRL",data); -+ REF_PRINT("X509_CRL", data); - #endif -- crl = object->data.crl; -- STORE_OBJECT_free(object); -- return crl; -- } -+ crl = object->data.crl; -+ STORE_OBJECT_free(object); -+ return crl; -+} - - int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- int i; -- -- check_store(s,STORE_F_STORE_STORE_CRL, -- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); -- -- object = STORE_OBJECT_new(); -- if (!object) -- { -- STOREerr(STORE_F_STORE_STORE_CRL, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL); -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ int i; -+ -+ check_store(s, STORE_F_STORE_STORE_CRL, -+ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); -+ -+ object = STORE_OBJECT_new(); -+ if (!object) { -+ STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509_CRL); - #ifdef REF_PRINT -- REF_PRINT("X509_CRL",data); -+ REF_PRINT("X509_CRL", data); - #endif -- object->data.crl = data; -+ object->data.crl = data; - -- i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, -- attributes, parameters); -+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, -+ attributes, parameters); - -- STORE_OBJECT_free(object); -+ STORE_OBJECT_free(object); - -- if (!i) -- { -- STOREerr(STORE_F_STORE_STORE_CRL, -- STORE_R_FAILED_STORING_KEY); -- return 0; -- } -- return i; -- } -+ if (!i) { -+ STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY); -+ return 0; -+ } -+ return i; -+} - - int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_MODIFY_CRL, -- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); -- -- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL, -- search_attributes, add_attributes, modify_attributes, -- delete_attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_MODIFY_CRL, -- STORE_R_FAILED_MODIFYING_CRL); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_MODIFY_CRL, -+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); -+ -+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL, -+ search_attributes, add_attributes, -+ modify_attributes, delete_attributes, -+ parameters)) { -+ STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL); -+ return 0; -+ } -+ return 1; -+} - - int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_DELETE_CRL, -- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); -- -- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, -- attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_DELETE_CRL, -- STORE_R_FAILED_DELETING_KEY); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_DELETE_CRL, -+ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); -+ -+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, -+ attributes, parameters)) { -+ STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY); -+ return 0; -+ } -+ return 1; -+} - - void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- void *handle; -- -- check_store(s,STORE_F_STORE_LIST_CRL_START, -- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); -- -- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, -- attributes, parameters); -- if (!handle) -- { -- STOREerr(STORE_F_STORE_LIST_CRL_START, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return handle; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ void *handle; -+ -+ check_store(s, STORE_F_STORE_LIST_CRL_START, -+ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); -+ -+ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, -+ attributes, parameters); -+ if (!handle) { -+ STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return handle; -+} - - X509_CRL *STORE_list_crl_next(STORE *s, void *handle) -- { -- STORE_OBJECT *object; -- X509_CRL *crl; -- -- check_store(s,STORE_F_STORE_LIST_CRL_NEXT, -- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); -- -- object = s->meth->list_object_next(s, handle); -- if (!object || !object->data.crl) -- { -- STOREerr(STORE_F_STORE_LIST_CRL_NEXT, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); -+{ -+ STORE_OBJECT *object; -+ X509_CRL *crl; -+ -+ check_store(s, STORE_F_STORE_LIST_CRL_NEXT, -+ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); -+ -+ object = s->meth->list_object_next(s, handle); -+ if (!object || !object->data.crl) { -+ STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); - #ifdef REF_PRINT -- REF_PRINT("X509_CRL",data); -+ REF_PRINT("X509_CRL", data); - #endif -- crl = object->data.crl; -- STORE_OBJECT_free(object); -- return crl; -- } -+ crl = object->data.crl; -+ STORE_OBJECT_free(object); -+ return crl; -+} - - int STORE_list_crl_end(STORE *s, void *handle) -- { -- check_store(s,STORE_F_STORE_LIST_CRL_END, -- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); -- -- if (!s->meth->list_object_end(s, handle)) -- { -- STOREerr(STORE_F_STORE_LIST_CRL_END, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return 1; -- } -+{ -+ check_store(s, STORE_F_STORE_LIST_CRL_END, -+ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); -+ -+ if (!s->meth->list_object_end(s, handle)) { -+ STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return 1; -+} - - int STORE_list_crl_endp(STORE *s, void *handle) -- { -- check_store(s,STORE_F_STORE_LIST_CRL_ENDP, -- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); -- -- if (!s->meth->list_object_endp(s, handle)) -- { -- STOREerr(STORE_F_STORE_LIST_CRL_ENDP, -- STORE_R_FAILED_LISTING_KEYS); -- return 0; -- } -- return 1; -- } -+{ -+ check_store(s, STORE_F_STORE_LIST_CRL_ENDP, -+ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); -+ -+ if (!s->meth->list_object_endp(s, handle)) { -+ STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS); -+ return 0; -+ } -+ return 1; -+} - - int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- int i; -- -- check_store(s,STORE_F_STORE_STORE_NUMBER, -- store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); -- -- object = STORE_OBJECT_new(); -- if (!object) -- { -- STOREerr(STORE_F_STORE_STORE_NUMBER, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- object->data.number = data; -- -- i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, -- attributes, parameters); -- -- STORE_OBJECT_free(object); -- -- if (!i) -- { -- STOREerr(STORE_F_STORE_STORE_NUMBER, -- STORE_R_FAILED_STORING_NUMBER); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ int i; -+ -+ check_store(s, STORE_F_STORE_STORE_NUMBER, -+ store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); -+ -+ object = STORE_OBJECT_new(); -+ if (!object) { -+ STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ object->data.number = data; -+ -+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, -+ attributes, parameters); -+ -+ STORE_OBJECT_free(object); -+ -+ if (!i) { -+ STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER); -+ return 0; -+ } -+ return 1; -+} - - int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_MODIFY_NUMBER, -- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); -- -- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER, -- search_attributes, add_attributes, modify_attributes, -- delete_attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_MODIFY_NUMBER, -- STORE_R_FAILED_MODIFYING_NUMBER); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_MODIFY_NUMBER, -+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); -+ -+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER, -+ search_attributes, add_attributes, -+ modify_attributes, delete_attributes, -+ parameters)) { -+ STOREerr(STORE_F_STORE_MODIFY_NUMBER, -+ STORE_R_FAILED_MODIFYING_NUMBER); -+ return 0; -+ } -+ return 1; -+} - - BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- BIGNUM *n; -- -- check_store(s,STORE_F_STORE_GET_NUMBER, -- get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); -- -- object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, -- parameters); -- if (!object || !object->data.number) -- { -- STOREerr(STORE_F_STORE_GET_NUMBER, -- STORE_R_FAILED_GETTING_NUMBER); -- return 0; -- } -- n = object->data.number; -- object->data.number = NULL; -- STORE_OBJECT_free(object); -- return n; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ BIGNUM *n; -+ -+ check_store(s, STORE_F_STORE_GET_NUMBER, -+ get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); -+ -+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, -+ parameters); -+ if (!object || !object->data.number) { -+ STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER); -+ return 0; -+ } -+ n = object->data.number; -+ object->data.number = NULL; -+ STORE_OBJECT_free(object); -+ return n; -+} - - int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_DELETE_NUMBER, -- delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); -- -- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, -- parameters)) -- { -- STOREerr(STORE_F_STORE_DELETE_NUMBER, -- STORE_R_FAILED_DELETING_NUMBER); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_DELETE_NUMBER, -+ delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION); -+ -+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, -+ parameters)) { -+ STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER); -+ return 0; -+ } -+ return 1; -+} - - int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- int i; -- -- check_store(s,STORE_F_STORE_STORE_ARBITRARY, -- store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); -- -- object = STORE_OBJECT_new(); -- if (!object) -- { -- STOREerr(STORE_F_STORE_STORE_ARBITRARY, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- object->data.arbitrary = data; -- -- i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, -- attributes, parameters); -- -- STORE_OBJECT_free(object); -- -- if (!i) -- { -- STOREerr(STORE_F_STORE_STORE_ARBITRARY, -- STORE_R_FAILED_STORING_ARBITRARY); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ int i; -+ -+ check_store(s, STORE_F_STORE_STORE_ARBITRARY, -+ store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); -+ -+ object = STORE_OBJECT_new(); -+ if (!object) { -+ STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ object->data.arbitrary = data; -+ -+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, -+ attributes, parameters); -+ -+ STORE_OBJECT_free(object); -+ -+ if (!i) { -+ STOREerr(STORE_F_STORE_STORE_ARBITRARY, -+ STORE_R_FAILED_STORING_ARBITRARY); -+ return 0; -+ } -+ return 1; -+} - - int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[], -- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], -- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_MODIFY_ARBITRARY, -- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); -- -- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY, -- search_attributes, add_attributes, modify_attributes, -- delete_attributes, parameters)) -- { -- STOREerr(STORE_F_STORE_MODIFY_ARBITRARY, -- STORE_R_FAILED_MODIFYING_ARBITRARY); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_MODIFY_ARBITRARY, -+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); -+ -+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY, -+ search_attributes, add_attributes, -+ modify_attributes, delete_attributes, -+ parameters)) { -+ STOREerr(STORE_F_STORE_MODIFY_ARBITRARY, -+ STORE_R_FAILED_MODIFYING_ARBITRARY); -+ return 0; -+ } -+ return 1; -+} - - BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STORE_OBJECT *object; -- BUF_MEM *b; -- -- check_store(s,STORE_F_STORE_GET_ARBITRARY, -- get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); -- -- object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, -- attributes, parameters); -- if (!object || !object->data.arbitrary) -- { -- STOREerr(STORE_F_STORE_GET_ARBITRARY, -- STORE_R_FAILED_GETTING_ARBITRARY); -- return 0; -- } -- b = object->data.arbitrary; -- object->data.arbitrary = NULL; -- STORE_OBJECT_free(object); -- return b; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ STORE_OBJECT *object; -+ BUF_MEM *b; -+ -+ check_store(s, STORE_F_STORE_GET_ARBITRARY, -+ get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); -+ -+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, -+ attributes, parameters); -+ if (!object || !object->data.arbitrary) { -+ STOREerr(STORE_F_STORE_GET_ARBITRARY, -+ STORE_R_FAILED_GETTING_ARBITRARY); -+ return 0; -+ } -+ b = object->data.arbitrary; -+ object->data.arbitrary = NULL; -+ STORE_OBJECT_free(object); -+ return b; -+} - - int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- check_store(s,STORE_F_STORE_DELETE_ARBITRARY, -- delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION); -- -- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes, -- parameters)) -- { -- STOREerr(STORE_F_STORE_DELETE_ARBITRARY, -- STORE_R_FAILED_DELETING_ARBITRARY); -- return 0; -- } -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ check_store(s, STORE_F_STORE_DELETE_ARBITRARY, -+ delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION); -+ -+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes, -+ parameters)) { -+ STOREerr(STORE_F_STORE_DELETE_ARBITRARY, -+ STORE_R_FAILED_DELETING_ARBITRARY); -+ return 0; -+ } -+ return 1; -+} - - STORE_OBJECT *STORE_OBJECT_new(void) -- { -- STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); -- if (object) memset(object, 0, sizeof(STORE_OBJECT)); -- return object; -- } -+{ -+ STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); -+ if (object) -+ memset(object, 0, sizeof(STORE_OBJECT)); -+ return object; -+} -+ - void STORE_OBJECT_free(STORE_OBJECT *data) -- { -- if (!data) return; -- switch (data->type) -- { -- case STORE_OBJECT_TYPE_X509_CERTIFICATE: -- X509_free(data->data.x509.certificate); -- break; -- case STORE_OBJECT_TYPE_X509_CRL: -- X509_CRL_free(data->data.crl); -- break; -- case STORE_OBJECT_TYPE_PRIVATE_KEY: -- case STORE_OBJECT_TYPE_PUBLIC_KEY: -- EVP_PKEY_free(data->data.key); -- break; -- case STORE_OBJECT_TYPE_NUMBER: -- BN_free(data->data.number); -- break; -- case STORE_OBJECT_TYPE_ARBITRARY: -- BUF_MEM_free(data->data.arbitrary); -- break; -- } -- OPENSSL_free(data); -- } -+{ -+ if (!data) -+ return; -+ switch (data->type) { -+ case STORE_OBJECT_TYPE_X509_CERTIFICATE: -+ X509_free(data->data.x509.certificate); -+ break; -+ case STORE_OBJECT_TYPE_X509_CRL: -+ X509_CRL_free(data->data.crl); -+ break; -+ case STORE_OBJECT_TYPE_PRIVATE_KEY: -+ case STORE_OBJECT_TYPE_PUBLIC_KEY: -+ EVP_PKEY_free(data->data.key); -+ break; -+ case STORE_OBJECT_TYPE_NUMBER: -+ BN_free(data->data.number); -+ break; -+ case STORE_OBJECT_TYPE_ARBITRARY: -+ BUF_MEM_free(data->data.arbitrary); -+ break; -+ } -+ OPENSSL_free(data); -+} - - IMPLEMENT_STACK_OF(STORE_OBJECT*) - -- --struct STORE_attr_info_st -- { -- unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; -- union -- { -- char *cstring; -- unsigned char *sha1string; -- X509_NAME *dn; -- BIGNUM *number; -- void *any; -- } values[STORE_ATTR_TYPE_NUM+1]; -- size_t value_sizes[STORE_ATTR_TYPE_NUM+1]; -- }; -- --#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \ -- && ((a)->set[(i) / 8] & (1 << ((i) % 8)))) --#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8))) --#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8))) -+struct STORE_attr_info_st { -+ unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; -+ union { -+ char *cstring; -+ unsigned char *sha1string; -+ X509_NAME *dn; -+ BIGNUM *number; -+ void *any; -+ } values[STORE_ATTR_TYPE_NUM + 1]; -+ size_t value_sizes[STORE_ATTR_TYPE_NUM + 1]; -+}; -+ -+#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \ -+ && ((a)->set[(i) / 8] & (1 << ((i) % 8)))) -+#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8))) -+#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8))) - - STORE_ATTR_INFO *STORE_ATTR_INFO_new(void) -- { -- return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); -- } -+{ -+ return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); -+} -+ - static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs, -- STORE_ATTR_TYPES code) -- { -- if (ATTR_IS_SET(attrs,code)) -- { -- switch(code) -- { -- case STORE_ATTR_FRIENDLYNAME: -- case STORE_ATTR_EMAIL: -- case STORE_ATTR_FILENAME: -- STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0); -- break; -- case STORE_ATTR_KEYID: -- case STORE_ATTR_ISSUERKEYID: -- case STORE_ATTR_SUBJECTKEYID: -- case STORE_ATTR_ISSUERSERIALHASH: -- case STORE_ATTR_CERTHASH: -- STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0); -- break; -- case STORE_ATTR_ISSUER: -- case STORE_ATTR_SUBJECT: -- STORE_ATTR_INFO_modify_dn(attrs, code, NULL); -- break; -- case STORE_ATTR_SERIAL: -- STORE_ATTR_INFO_modify_number(attrs, code, NULL); -- break; -- default: -- break; -- } -- } -- } -+ STORE_ATTR_TYPES code) -+{ -+ if (ATTR_IS_SET(attrs, code)) { -+ switch (code) { -+ case STORE_ATTR_FRIENDLYNAME: -+ case STORE_ATTR_EMAIL: -+ case STORE_ATTR_FILENAME: -+ STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0); -+ break; -+ case STORE_ATTR_KEYID: -+ case STORE_ATTR_ISSUERKEYID: -+ case STORE_ATTR_SUBJECTKEYID: -+ case STORE_ATTR_ISSUERSERIALHASH: -+ case STORE_ATTR_CERTHASH: -+ STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0); -+ break; -+ case STORE_ATTR_ISSUER: -+ case STORE_ATTR_SUBJECT: -+ STORE_ATTR_INFO_modify_dn(attrs, code, NULL); -+ break; -+ case STORE_ATTR_SERIAL: -+ STORE_ATTR_INFO_modify_number(attrs, code, NULL); -+ break; -+ default: -+ break; -+ } -+ } -+} -+ - int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs) -- { -- if (attrs) -- { -- STORE_ATTR_TYPES i; -- for(i = 0; i++ < STORE_ATTR_TYPE_NUM;) -- STORE_ATTR_INFO_attr_free(attrs, i); -- OPENSSL_free(attrs); -- } -- return 1; -- } -+{ -+ if (attrs) { -+ STORE_ATTR_TYPES i; -+ for (i = 0; i++ < STORE_ATTR_TYPE_NUM;) -+ STORE_ATTR_INFO_attr_free(attrs, i); -+ OPENSSL_free(attrs); -+ } -+ return 1; -+} -+ - char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, -- ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- if (ATTR_IS_SET(attrs,code)) -- return attrs->values[code].cstring; -- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, -- STORE_R_NO_VALUE); -- return NULL; -- } -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ if (ATTR_IS_SET(attrs, code)) -+ return attrs->values[code].cstring; -+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE); -+ return NULL; -+} -+ - unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, -- STORE_ATTR_TYPES code) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, -- ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- if (ATTR_IS_SET(attrs,code)) -- return attrs->values[code].sha1string; -- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, -- STORE_R_NO_VALUE); -- return NULL; -- } --X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, -- ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- if (ATTR_IS_SET(attrs,code)) -- return attrs->values[code].dn; -- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, -- STORE_R_NO_VALUE); -- return NULL; -- } --BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, -- ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- if (ATTR_IS_SET(attrs,code)) -- return attrs->values[code].number; -- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, -- STORE_R_NO_VALUE); -- return NULL; -- } -+ STORE_ATTR_TYPES code) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ if (ATTR_IS_SET(attrs, code)) -+ return attrs->values[code].sha1string; -+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE); -+ return NULL; -+} -+ -+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ if (ATTR_IS_SET(attrs, code)) -+ return attrs->values[code].dn; -+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE); -+ return NULL; -+} -+ -+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ if (ATTR_IS_SET(attrs, code)) -+ return attrs->values[code].number; -+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE); -+ return NULL; -+} -+ - int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- char *cstr, size_t cstr_size) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (!ATTR_IS_SET(attrs,code)) -- { -- if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size))) -- return 1; -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE); -- return 0; -- } -+ char *cstr, size_t cstr_size) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (!ATTR_IS_SET(attrs, code)) { -+ if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size))) -+ return 1; -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE); -+ return 0; -+} -+ - int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- unsigned char *sha1str, size_t sha1str_size) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (!ATTR_IS_SET(attrs,code)) -- { -- if ((attrs->values[code].sha1string = -- (unsigned char *)BUF_memdup(sha1str, -- sha1str_size))) -- return 1; -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE); -- return 0; -- } -+ unsigned char *sha1str, size_t sha1str_size) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (!ATTR_IS_SET(attrs, code)) { -+ if ((attrs->values[code].sha1string = -+ (unsigned char *)BUF_memdup(sha1str, sha1str_size))) -+ return 1; -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, -+ STORE_R_ALREADY_HAS_A_VALUE); -+ return 0; -+} -+ - int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- X509_NAME *dn) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (!ATTR_IS_SET(attrs,code)) -- { -- if ((attrs->values[code].dn = X509_NAME_dup(dn))) -- return 1; -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE); -- return 0; -- } -+ X509_NAME *dn) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (!ATTR_IS_SET(attrs, code)) { -+ if ((attrs->values[code].dn = X509_NAME_dup(dn))) -+ return 1; -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE); -+ return 0; -+} -+ - int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- BIGNUM *number) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (!ATTR_IS_SET(attrs,code)) -- { -- if ((attrs->values[code].number = BN_dup(number))) -- return 1; -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, -- ERR_R_MALLOC_FAILURE); -- return 0; -- } -- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE); -- return 0; -- } -+ BIGNUM *number) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (!ATTR_IS_SET(attrs, code)) { -+ if ((attrs->values[code].number = BN_dup(number))) -+ return 1; -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE); -+ return 0; -+} -+ - int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- char *cstr, size_t cstr_size) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (ATTR_IS_SET(attrs,code)) -- { -- OPENSSL_free(attrs->values[code].cstring); -- attrs->values[code].cstring = NULL; -- CLEAR_ATTRBIT(attrs, code); -- } -- return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size); -- } --int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- unsigned char *sha1str, size_t sha1str_size) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (ATTR_IS_SET(attrs,code)) -- { -- OPENSSL_free(attrs->values[code].sha1string); -- attrs->values[code].sha1string = NULL; -- CLEAR_ATTRBIT(attrs, code); -- } -- return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size); -- } -+ char *cstr, size_t cstr_size) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (ATTR_IS_SET(attrs, code)) { -+ OPENSSL_free(attrs->values[code].cstring); -+ attrs->values[code].cstring = NULL; -+ CLEAR_ATTRBIT(attrs, code); -+ } -+ return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size); -+} -+ -+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code, -+ unsigned char *sha1str, -+ size_t sha1str_size) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (ATTR_IS_SET(attrs, code)) { -+ OPENSSL_free(attrs->values[code].sha1string); -+ attrs->values[code].sha1string = NULL; -+ CLEAR_ATTRBIT(attrs, code); -+ } -+ return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size); -+} -+ - int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- X509_NAME *dn) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (ATTR_IS_SET(attrs,code)) -- { -- OPENSSL_free(attrs->values[code].dn); -- attrs->values[code].dn = NULL; -- CLEAR_ATTRBIT(attrs, code); -- } -- return STORE_ATTR_INFO_set_dn(attrs, code, dn); -- } --int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, -- BIGNUM *number) -- { -- if (!attrs) -- { -- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER, -- ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (ATTR_IS_SET(attrs,code)) -- { -- OPENSSL_free(attrs->values[code].number); -- attrs->values[code].number = NULL; -- CLEAR_ATTRBIT(attrs, code); -- } -- return STORE_ATTR_INFO_set_number(attrs, code, number); -- } -- --struct attr_list_ctx_st -- { -- OPENSSL_ITEM *attributes; -- }; -+ X509_NAME *dn) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (ATTR_IS_SET(attrs, code)) { -+ OPENSSL_free(attrs->values[code].dn); -+ attrs->values[code].dn = NULL; -+ CLEAR_ATTRBIT(attrs, code); -+ } -+ return STORE_ATTR_INFO_set_dn(attrs, code, dn); -+} -+ -+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, -+ STORE_ATTR_TYPES code, BIGNUM *number) -+{ -+ if (!attrs) { -+ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (ATTR_IS_SET(attrs, code)) { -+ OPENSSL_free(attrs->values[code].number); -+ attrs->values[code].number = NULL; -+ CLEAR_ATTRBIT(attrs, code); -+ } -+ return STORE_ATTR_INFO_set_number(attrs, code, number); -+} -+ -+struct attr_list_ctx_st { -+ OPENSSL_ITEM *attributes; -+}; - void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes) -- { -- if (attributes) -- { -- struct attr_list_ctx_st *context = -- (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); -- if (context) -- context->attributes = attributes; -- else -- STOREerr(STORE_F_STORE_PARSE_ATTRS_START, -- ERR_R_MALLOC_FAILURE); -- return context; -- } -- STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -+{ -+ if (attributes) { -+ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *) -+ OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); -+ if (context) -+ context->attributes = attributes; -+ else -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE); -+ return context; -+ } -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+} -+ - STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) -- { -- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; -- -- if (context && context->attributes) -- { -- STORE_ATTR_INFO *attrs = NULL; -- -- while(context->attributes -- && context->attributes->code != STORE_ATTR_OR -- && context->attributes->code != STORE_ATTR_END) -- { -- switch(context->attributes->code) -- { -- case STORE_ATTR_FRIENDLYNAME: -- case STORE_ATTR_EMAIL: -- case STORE_ATTR_FILENAME: -- if (!attrs) attrs = STORE_ATTR_INFO_new(); -- if (attrs == NULL) -- { -- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- STORE_ATTR_INFO_set_cstr(attrs, -- context->attributes->code, -- context->attributes->value, -- context->attributes->value_size); -- break; -- case STORE_ATTR_KEYID: -- case STORE_ATTR_ISSUERKEYID: -- case STORE_ATTR_SUBJECTKEYID: -- case STORE_ATTR_ISSUERSERIALHASH: -- case STORE_ATTR_CERTHASH: -- if (!attrs) attrs = STORE_ATTR_INFO_new(); -- if (attrs == NULL) -- { -- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- STORE_ATTR_INFO_set_sha1str(attrs, -- context->attributes->code, -- context->attributes->value, -- context->attributes->value_size); -- break; -- case STORE_ATTR_ISSUER: -- case STORE_ATTR_SUBJECT: -- if (!attrs) attrs = STORE_ATTR_INFO_new(); -- if (attrs == NULL) -- { -- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- STORE_ATTR_INFO_modify_dn(attrs, -- context->attributes->code, -- context->attributes->value); -- break; -- case STORE_ATTR_SERIAL: -- if (!attrs) attrs = STORE_ATTR_INFO_new(); -- if (attrs == NULL) -- { -- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- STORE_ATTR_INFO_modify_number(attrs, -- context->attributes->code, -- context->attributes->value); -- break; -- } -- context->attributes++; -- } -- if (context->attributes->code == STORE_ATTR_OR) -- context->attributes++; -- return attrs; -- err: -- while(context->attributes -- && context->attributes->code != STORE_ATTR_OR -- && context->attributes->code != STORE_ATTR_END) -- context->attributes++; -- if (context->attributes->code == STORE_ATTR_OR) -- context->attributes++; -- return NULL; -- } -- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -+{ -+ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; -+ -+ if (context && context->attributes) { -+ STORE_ATTR_INFO *attrs = NULL; -+ -+ while (context->attributes -+ && context->attributes->code != STORE_ATTR_OR -+ && context->attributes->code != STORE_ATTR_END) { -+ switch (context->attributes->code) { -+ case STORE_ATTR_FRIENDLYNAME: -+ case STORE_ATTR_EMAIL: -+ case STORE_ATTR_FILENAME: -+ if (!attrs) -+ attrs = STORE_ATTR_INFO_new(); -+ if (attrs == NULL) { -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ STORE_ATTR_INFO_set_cstr(attrs, -+ context->attributes->code, -+ context->attributes->value, -+ context->attributes->value_size); -+ break; -+ case STORE_ATTR_KEYID: -+ case STORE_ATTR_ISSUERKEYID: -+ case STORE_ATTR_SUBJECTKEYID: -+ case STORE_ATTR_ISSUERSERIALHASH: -+ case STORE_ATTR_CERTHASH: -+ if (!attrs) -+ attrs = STORE_ATTR_INFO_new(); -+ if (attrs == NULL) { -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ STORE_ATTR_INFO_set_sha1str(attrs, -+ context->attributes->code, -+ context->attributes->value, -+ context->attributes->value_size); -+ break; -+ case STORE_ATTR_ISSUER: -+ case STORE_ATTR_SUBJECT: -+ if (!attrs) -+ attrs = STORE_ATTR_INFO_new(); -+ if (attrs == NULL) { -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ STORE_ATTR_INFO_modify_dn(attrs, -+ context->attributes->code, -+ context->attributes->value); -+ break; -+ case STORE_ATTR_SERIAL: -+ if (!attrs) -+ attrs = STORE_ATTR_INFO_new(); -+ if (attrs == NULL) { -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ STORE_ATTR_INFO_modify_number(attrs, -+ context->attributes->code, -+ context->attributes->value); -+ break; -+ } -+ context->attributes++; -+ } -+ if (context->attributes->code == STORE_ATTR_OR) -+ context->attributes++; -+ return attrs; -+ err: -+ while (context->attributes -+ && context->attributes->code != STORE_ATTR_OR -+ && context->attributes->code != STORE_ATTR_END) -+ context->attributes++; -+ if (context->attributes->code == STORE_ATTR_OR) -+ context->attributes++; -+ return NULL; -+ } -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+} -+ - int STORE_parse_attrs_end(void *handle) -- { -- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; -+{ -+ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; - -- if (context && context->attributes) -- { -+ if (context && context->attributes) { - #if 0 -- OPENSSL_ITEM *attributes = context->attributes; -+ OPENSSL_ITEM *attributes = context->attributes; - #endif -- OPENSSL_free(context); -- return 1; -- } -- STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -+ OPENSSL_free(context); -+ return 1; -+ } -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+} - - int STORE_parse_attrs_endp(void *handle) -- { -- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; -- -- if (context && context->attributes) -- { -- return context->attributes->code == STORE_ATTR_END; -- } -- STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- --static int attr_info_compare_compute_range( -- unsigned char *abits, unsigned char *bbits, -- unsigned int *alowp, unsigned int *ahighp, -- unsigned int *blowp, unsigned int *bhighp) -- { -- unsigned int alow = (unsigned int)-1, ahigh = 0; -- unsigned int blow = (unsigned int)-1, bhigh = 0; -- int i, res = 0; -- -- for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) -- { -- if (res == 0) -- { -- if (*abits < *bbits) res = -1; -- if (*abits > *bbits) res = 1; -- } -- if (*abits) -- { -- if (alow == (unsigned int)-1) -- { -- alow = i * 8; -- if (!(*abits & 0x01)) alow++; -- if (!(*abits & 0x02)) alow++; -- if (!(*abits & 0x04)) alow++; -- if (!(*abits & 0x08)) alow++; -- if (!(*abits & 0x10)) alow++; -- if (!(*abits & 0x20)) alow++; -- if (!(*abits & 0x40)) alow++; -- } -- ahigh = i * 8 + 7; -- if (!(*abits & 0x80)) ahigh++; -- if (!(*abits & 0x40)) ahigh++; -- if (!(*abits & 0x20)) ahigh++; -- if (!(*abits & 0x10)) ahigh++; -- if (!(*abits & 0x08)) ahigh++; -- if (!(*abits & 0x04)) ahigh++; -- if (!(*abits & 0x02)) ahigh++; -- } -- if (*bbits) -- { -- if (blow == (unsigned int)-1) -- { -- blow = i * 8; -- if (!(*bbits & 0x01)) blow++; -- if (!(*bbits & 0x02)) blow++; -- if (!(*bbits & 0x04)) blow++; -- if (!(*bbits & 0x08)) blow++; -- if (!(*bbits & 0x10)) blow++; -- if (!(*bbits & 0x20)) blow++; -- if (!(*bbits & 0x40)) blow++; -- } -- bhigh = i * 8 + 7; -- if (!(*bbits & 0x80)) bhigh++; -- if (!(*bbits & 0x40)) bhigh++; -- if (!(*bbits & 0x20)) bhigh++; -- if (!(*bbits & 0x10)) bhigh++; -- if (!(*bbits & 0x08)) bhigh++; -- if (!(*bbits & 0x04)) bhigh++; -- if (!(*bbits & 0x02)) bhigh++; -- } -- } -- if (ahigh + alow < bhigh + blow) res = -1; -- if (ahigh + alow > bhigh + blow) res = 1; -- if (alowp) *alowp = alow; -- if (ahighp) *ahighp = ahigh; -- if (blowp) *blowp = blow; -- if (bhighp) *bhighp = bhigh; -- return res; -- } -+{ -+ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; -+ -+ if (context && context->attributes) { -+ return context->attributes->code == STORE_ATTR_END; -+ } -+ STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+} -+ -+static int attr_info_compare_compute_range(unsigned char *abits, -+ unsigned char *bbits, -+ unsigned int *alowp, -+ unsigned int *ahighp, -+ unsigned int *blowp, -+ unsigned int *bhighp) -+{ -+ unsigned int alow = (unsigned int)-1, ahigh = 0; -+ unsigned int blow = (unsigned int)-1, bhigh = 0; -+ int i, res = 0; -+ -+ for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) { -+ if (res == 0) { -+ if (*abits < *bbits) -+ res = -1; -+ if (*abits > *bbits) -+ res = 1; -+ } -+ if (*abits) { -+ if (alow == (unsigned int)-1) { -+ alow = i * 8; -+ if (!(*abits & 0x01)) -+ alow++; -+ if (!(*abits & 0x02)) -+ alow++; -+ if (!(*abits & 0x04)) -+ alow++; -+ if (!(*abits & 0x08)) -+ alow++; -+ if (!(*abits & 0x10)) -+ alow++; -+ if (!(*abits & 0x20)) -+ alow++; -+ if (!(*abits & 0x40)) -+ alow++; -+ } -+ ahigh = i * 8 + 7; -+ if (!(*abits & 0x80)) -+ ahigh++; -+ if (!(*abits & 0x40)) -+ ahigh++; -+ if (!(*abits & 0x20)) -+ ahigh++; -+ if (!(*abits & 0x10)) -+ ahigh++; -+ if (!(*abits & 0x08)) -+ ahigh++; -+ if (!(*abits & 0x04)) -+ ahigh++; -+ if (!(*abits & 0x02)) -+ ahigh++; -+ } -+ if (*bbits) { -+ if (blow == (unsigned int)-1) { -+ blow = i * 8; -+ if (!(*bbits & 0x01)) -+ blow++; -+ if (!(*bbits & 0x02)) -+ blow++; -+ if (!(*bbits & 0x04)) -+ blow++; -+ if (!(*bbits & 0x08)) -+ blow++; -+ if (!(*bbits & 0x10)) -+ blow++; -+ if (!(*bbits & 0x20)) -+ blow++; -+ if (!(*bbits & 0x40)) -+ blow++; -+ } -+ bhigh = i * 8 + 7; -+ if (!(*bbits & 0x80)) -+ bhigh++; -+ if (!(*bbits & 0x40)) -+ bhigh++; -+ if (!(*bbits & 0x20)) -+ bhigh++; -+ if (!(*bbits & 0x10)) -+ bhigh++; -+ if (!(*bbits & 0x08)) -+ bhigh++; -+ if (!(*bbits & 0x04)) -+ bhigh++; -+ if (!(*bbits & 0x02)) -+ bhigh++; -+ } -+ } -+ if (ahigh + alow < bhigh + blow) -+ res = -1; -+ if (ahigh + alow > bhigh + blow) -+ res = 1; -+ if (alowp) -+ *alowp = alow; -+ if (ahighp) -+ *ahighp = ahigh; -+ if (blowp) -+ *blowp = blow; -+ if (bhighp) -+ *bhighp = bhigh; -+ return res; -+} - - int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) -- { -- if (a == b) return 0; -- if (!a) return -1; -- if (!b) return 1; -- return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); -- } -+{ -+ if (a == b) -+ return 0; -+ if (!a) -+ return -1; -+ if (!b) -+ return 1; -+ return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); -+} -+ - int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) -- { -- unsigned int alow, ahigh, blow, bhigh; -- -- if (a == b) return 1; -- if (!a) return 0; -- if (!b) return 0; -- attr_info_compare_compute_range(a->set, b->set, -- &alow, &ahigh, &blow, &bhigh); -- if (alow >= blow && ahigh <= bhigh) -- return 1; -- return 0; -- } -+{ -+ unsigned int alow, ahigh, blow, bhigh; -+ -+ if (a == b) -+ return 1; -+ if (!a) -+ return 0; -+ if (!b) -+ return 0; -+ attr_info_compare_compute_range(a->set, b->set, -+ &alow, &ahigh, &blow, &bhigh); -+ if (alow >= blow && ahigh <= bhigh) -+ return 1; -+ return 0; -+} -+ - int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) -- { -- unsigned char *abits, *bbits; -- int i; -- -- if (a == b) return 1; -- if (!a) return 0; -- if (!b) return 0; -- abits = a->set; -- bbits = b->set; -- for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) -- { -- if (*abits && (*bbits & *abits) != *abits) -- return 0; -- } -- return 1; -- } -+{ -+ unsigned char *abits, *bbits; -+ int i; -+ -+ if (a == b) -+ return 1; -+ if (!a) -+ return 0; -+ if (!b) -+ return 0; -+ abits = a->set; -+ bbits = b->set; -+ for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) { -+ if (*abits && (*bbits & *abits) != *abits) -+ return 0; -+ } -+ return 1; -+} -+ - int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) -- { -- STORE_ATTR_TYPES i; -- -- if (a == b) return 1; -- if (!STORE_ATTR_INFO_in(a, b)) return 0; -- for (i = 1; i < STORE_ATTR_TYPE_NUM; i++) -- if (ATTR_IS_SET(a, i)) -- { -- switch(i) -- { -- case STORE_ATTR_FRIENDLYNAME: -- case STORE_ATTR_EMAIL: -- case STORE_ATTR_FILENAME: -- if (strcmp(a->values[i].cstring, -- b->values[i].cstring)) -- return 0; -- break; -- case STORE_ATTR_KEYID: -- case STORE_ATTR_ISSUERKEYID: -- case STORE_ATTR_SUBJECTKEYID: -- case STORE_ATTR_ISSUERSERIALHASH: -- case STORE_ATTR_CERTHASH: -- if (memcmp(a->values[i].sha1string, -- b->values[i].sha1string, -- a->value_sizes[i])) -- return 0; -- break; -- case STORE_ATTR_ISSUER: -- case STORE_ATTR_SUBJECT: -- if (X509_NAME_cmp(a->values[i].dn, -- b->values[i].dn)) -- return 0; -- break; -- case STORE_ATTR_SERIAL: -- if (BN_cmp(a->values[i].number, -- b->values[i].number)) -- return 0; -- break; -- default: -- break; -- } -- } -- -- return 1; -- } -+{ -+ STORE_ATTR_TYPES i; -+ -+ if (a == b) -+ return 1; -+ if (!STORE_ATTR_INFO_in(a, b)) -+ return 0; -+ for (i = 1; i < STORE_ATTR_TYPE_NUM; i++) -+ if (ATTR_IS_SET(a, i)) { -+ switch (i) { -+ case STORE_ATTR_FRIENDLYNAME: -+ case STORE_ATTR_EMAIL: -+ case STORE_ATTR_FILENAME: -+ if (strcmp(a->values[i].cstring, b->values[i].cstring)) -+ return 0; -+ break; -+ case STORE_ATTR_KEYID: -+ case STORE_ATTR_ISSUERKEYID: -+ case STORE_ATTR_SUBJECTKEYID: -+ case STORE_ATTR_ISSUERSERIALHASH: -+ case STORE_ATTR_CERTHASH: -+ if (memcmp(a->values[i].sha1string, -+ b->values[i].sha1string, a->value_sizes[i])) -+ return 0; -+ break; -+ case STORE_ATTR_ISSUER: -+ case STORE_ATTR_SUBJECT: -+ if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn)) -+ return 0; -+ break; -+ case STORE_ATTR_SERIAL: -+ if (BN_cmp(a->values[i].number, b->values[i].number)) -+ return 0; -+ break; -+ default: -+ break; -+ } -+ } -+ -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c -index 527757a..99e5a21 100644 ---- a/Cryptlib/OpenSSL/crypto/store/str_mem.c -+++ b/Cryptlib/OpenSSL/crypto/store/str_mem.c -@@ -1,6 +1,7 @@ - /* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2003. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2003. - */ - /* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,298 +61,317 @@ - #include - #include "str_locl.h" - --/* The memory store is currently highly experimental. It's meant to become -- a base store used by other stores for internal caching (for full caching -- support, aging needs to be added). -- -- The database use is meant to support as much attribute association as -- possible, while providing for as small search ranges as possible. -- This is currently provided for by sorting the entries by numbers that -- are composed of bits set at the positions indicated by attribute type -- codes. This provides for ranges determined by the highest attribute -- type code value. A better idea might be to sort by values computed -- from the range of attributes associated with the object (basically, -- the difference between the highest and lowest attribute type code) -- and it's distance from a base (basically, the lowest associated -- attribute type code). --*/ -- --struct mem_object_data_st -- { -- STORE_OBJECT *object; -- STORE_ATTR_INFO *attr_info; -- int references; -- }; -- --struct mem_data_st -- { -- STACK *data; /* A stack of mem_object_data_st, -- sorted with STORE_ATTR_INFO_compare(). */ -- unsigned int compute_components : 1; /* Currently unused, but can -- be used to add attributes -- from parts of the data. */ -- }; -- --struct mem_ctx_st -- { -- int type; /* The type we're searching for */ -- STACK *search_attributes; /* Sets of attributes to search for. -- Each element is a STORE_ATTR_INFO. */ -- int search_index; /* which of the search attributes we found a match -- for, -1 when we still haven't found any */ -- int index; /* -1 as long as we're searching for the first */ -- }; -+/* -+ * The memory store is currently highly experimental. It's meant to become a -+ * base store used by other stores for internal caching (for full caching -+ * support, aging needs to be added). -+ * -+ * The database use is meant to support as much attribute association as -+ * possible, while providing for as small search ranges as possible. This is -+ * currently provided for by sorting the entries by numbers that are composed -+ * of bits set at the positions indicated by attribute type codes. This -+ * provides for ranges determined by the highest attribute type code value. -+ * A better idea might be to sort by values computed from the range of -+ * attributes associated with the object (basically, the difference between -+ * the highest and lowest attribute type code) and it's distance from a base -+ * (basically, the lowest associated attribute type code). -+ */ -+ -+struct mem_object_data_st { -+ STORE_OBJECT *object; -+ STORE_ATTR_INFO *attr_info; -+ int references; -+}; -+ -+struct mem_data_st { -+ /* -+ * A stack of mem_object_data_st, -+ * sorted with STORE_ATTR_INFO_compare(). -+ */ -+ STACK *data; -+ /* -+ * Currently unused, but can be used to add attributes from parts of the -+ * data. -+ */ -+ unsigned int compute_components:1; -+}; -+ -+struct mem_ctx_st { -+ /* The type we're searching for */ -+ int type; -+ /* -+ * Sets of attributes to search for. -+ * Each element is a STORE_ATTR_INFO. -+ */ -+ STACK *search_attributes; -+ /* -+ * which of the search attributes we found a match -+ * for, -1 when we still haven't found any -+ */ -+ int search_index; -+ /* -1 as long as we're searching for the first */ -+ int index; -+}; - - static int mem_init(STORE *s); - static void mem_clean(STORE *s); - static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); - static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); --static int mem_store(STORE *s, STORE_OBJECT_TYPES type, -- STORE_OBJECT *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); -+static int mem_store(STORE *s, STORE_OBJECT_TYPES type, STORE_OBJECT *data, -+ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); - static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], -- OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM search_attributes[], -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]); - static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); - static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]); - static STORE_OBJECT *mem_list_next(STORE *s, void *handle); - static int mem_list_end(STORE *s, void *handle); - static int mem_list_endp(STORE *s, void *handle); - static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); -+ OPENSSL_ITEM parameters[]); - static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]); --static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)); -- --static STORE_METHOD store_memory = -- { -- "OpenSSL memory store interface", -- mem_init, -- mem_clean, -- mem_generate, -- mem_get, -- mem_store, -- mem_modify, -- NULL, /* revoke */ -- mem_delete, -- mem_list_start, -- mem_list_next, -- mem_list_end, -- mem_list_endp, -- NULL, /* update */ -- mem_lock, -- mem_unlock, -- mem_ctrl -- }; -+ OPENSSL_ITEM parameters[]); -+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void)); -+ -+static STORE_METHOD store_memory = { -+ "OpenSSL memory store interface", -+ mem_init, -+ mem_clean, -+ mem_generate, -+ mem_get, -+ mem_store, -+ mem_modify, -+ NULL, /* revoke */ -+ mem_delete, -+ mem_list_start, -+ mem_list_next, -+ mem_list_end, -+ mem_list_endp, -+ NULL, /* update */ -+ mem_lock, -+ mem_unlock, -+ mem_ctrl -+}; - - const STORE_METHOD *STORE_Memory(void) -- { -- return &store_memory; -- } -+{ -+ return &store_memory; -+} - - static int mem_init(STORE *s) -- { -- return 1; -- } -+{ -+ return 1; -+} - - static void mem_clean(STORE *s) -- { -- return; -- } -+{ -+ return; -+} - - static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) -- { -- STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); -- return 0; -- } -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); -+ return 0; -+} -+ - static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) -- { -- void *context = mem_list_start(s, type, attributes, parameters); -- -- if (context) -- { -- STORE_OBJECT *object = mem_list_next(s, context); -- -- if (mem_list_end(s, context)) -- return object; -- } -- return NULL; -- } -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ void *context = mem_list_start(s, type, attributes, parameters); -+ -+ if (context) { -+ STORE_OBJECT *object = mem_list_next(s, context); -+ -+ if (mem_list_end(s, context)) -+ return object; -+ } -+ return NULL; -+} -+ - static int mem_store(STORE *s, STORE_OBJECT_TYPES type, -- STORE_OBJECT *data, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); -- return 0; -- } -+ STORE_OBJECT *data, OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); -+ return 0; -+} -+ - static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], -- OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], -- OPENSSL_ITEM parameters[]) -- { -- STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED); -- return 0; -- } -+ OPENSSL_ITEM search_attributes[], -+ OPENSSL_ITEM add_attributes[], -+ OPENSSL_ITEM modify_attributes[], -+ OPENSSL_ITEM delete_attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED); -+ return 0; -+} -+ - static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) -- { -- STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); -- return 0; -- } -- --/* The list functions may be the hardest to understand. Basically, -- mem_list_start compiles a stack of attribute info elements, and -- puts that stack into the context to be returned. mem_list_next -- will then find the first matching element in the store, and then -- walk all the way to the end of the store (since any combination -- of attribute bits above the starting point may match the searched -- for bit pattern...). */ -+ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) -+{ -+ STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); -+ return 0; -+} -+ -+/* -+ * The list functions may be the hardest to understand. Basically, -+ * mem_list_start compiles a stack of attribute info elements, and puts that -+ * stack into the context to be returned. mem_list_next will then find the -+ * first matching element in the store, and then walk all the way to the end -+ * of the store (since any combination of attribute bits above the starting -+ * point may match the searched for bit pattern...). -+ */ - static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, -- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) -- { -- struct mem_ctx_st *context = -- (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); -- void *attribute_context = NULL; -- STORE_ATTR_INFO *attrs = NULL; -- -- if (!context) -- { -- STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- memset(context, 0, sizeof(struct mem_ctx_st)); -- -- attribute_context = STORE_parse_attrs_start(attributes); -- if (!attribute_context) -- { -- STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB); -- goto err; -- } -- -- while((attrs = STORE_parse_attrs_next(attribute_context))) -- { -- if (context->search_attributes == NULL) -- { -- context->search_attributes = -- sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare); -- if (!context->search_attributes) -- { -- STOREerr(STORE_F_MEM_LIST_START, -- ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- sk_push(context->search_attributes,(char *)attrs); -- } -- if (!STORE_parse_attrs_endp(attribute_context)) -- goto err; -- STORE_parse_attrs_end(attribute_context); -- context->search_index = -1; -- context->index = -1; -- return context; -+ OPENSSL_ITEM attributes[], -+ OPENSSL_ITEM parameters[]) -+{ -+ struct mem_ctx_st *context = -+ (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); -+ void *attribute_context = NULL; -+ STORE_ATTR_INFO *attrs = NULL; -+ -+ if (!context) { -+ STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ memset(context, 0, sizeof(struct mem_ctx_st)); -+ -+ attribute_context = STORE_parse_attrs_start(attributes); -+ if (!attribute_context) { -+ STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB); -+ goto err; -+ } -+ -+ while ((attrs = STORE_parse_attrs_next(attribute_context))) { -+ if (context->search_attributes == NULL) { -+ context->search_attributes = -+ sk_new((int (*)(const char *const *, const char *const *)) -+ STORE_ATTR_INFO_compare); -+ if (!context->search_attributes) { -+ STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ sk_push(context->search_attributes, (char *)attrs); -+ } -+ if (!STORE_parse_attrs_endp(attribute_context)) -+ goto err; -+ STORE_parse_attrs_end(attribute_context); -+ context->search_index = -1; -+ context->index = -1; -+ return context; - err: -- if (attribute_context) STORE_parse_attrs_end(attribute_context); -- mem_list_end(s, context); -- return NULL; -- } -+ if (attribute_context) -+ STORE_parse_attrs_end(attribute_context); -+ mem_list_end(s, context); -+ return NULL; -+} -+ - static STORE_OBJECT *mem_list_next(STORE *s, void *handle) -- { -- int i; -- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; -- struct mem_object_data_st key = { 0, 0, 1 }; -- struct mem_data_st *store = -- (struct mem_data_st *)STORE_get_ex_data(s, 1); -- int srch; -- int cres = 0; -- -- if (!context) -- { -- STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); -- return NULL; -- } -- if (!store) -- { -- STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE); -- return NULL; -- } -- -- if (context->search_index == -1) -- { -- for (i = 0; i < sk_num(context->search_attributes); i++) -- { -- key.attr_info = -- (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); -- srch = sk_find_ex(store->data, (char *)&key); -- -- if (srch >= 0) -- { -- context->search_index = srch; -- break; -- } -- } -- } -- if (context->search_index < 0) -- return NULL; -- -- key.attr_info = -- (STORE_ATTR_INFO *)sk_value(context->search_attributes, -- context->search_index); -- for(srch = context->search_index; -- srch < sk_num(store->data) -- && STORE_ATTR_INFO_in_range(key.attr_info, -- (STORE_ATTR_INFO *)sk_value(store->data, srch)) -- && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, -- (STORE_ATTR_INFO *)sk_value(store->data, srch))); -- srch++) -- ; -- -- context->search_index = srch; -- if (cres) -- return ((struct mem_object_data_st *)sk_value(store->data, -- srch))->object; -- return NULL; -- } -+{ -+ int i; -+ struct mem_ctx_st *context = (struct mem_ctx_st *)handle; -+ struct mem_object_data_st key = { 0, 0, 1 }; -+ struct mem_data_st *store = (struct mem_data_st *)STORE_get_ex_data(s, 1); -+ int srch; -+ int cres = 0; -+ -+ if (!context) { -+ STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ if (!store) { -+ STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE); -+ return NULL; -+ } -+ -+ if (context->search_index == -1) { -+ for (i = 0; i < sk_num(context->search_attributes); i++) { -+ key.attr_info = -+ (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); -+ srch = sk_find_ex(store->data, (char *)&key); -+ -+ if (srch >= 0) { -+ context->search_index = srch; -+ break; -+ } -+ } -+ } -+ if (context->search_index < 0) -+ return NULL; -+ -+ key.attr_info = -+ (STORE_ATTR_INFO *)sk_value(context->search_attributes, -+ context->search_index); -+ for (srch = context->search_index; srch < sk_num(store->data) -+ && STORE_ATTR_INFO_in_range(key.attr_info, -+ (STORE_ATTR_INFO *)sk_value(store->data, -+ srch)) -+ && !(cres = -+ STORE_ATTR_INFO_in_ex(key.attr_info, -+ (STORE_ATTR_INFO *)sk_value(store->data, -+ srch))); -+ srch++) ; -+ -+ context->search_index = srch; -+ if (cres) -+ return ((struct mem_object_data_st *)sk_value(store->data, -+ srch))->object; -+ return NULL; -+} -+ - static int mem_list_end(STORE *s, void *handle) -- { -- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; -- -- if (!context) -- { -- STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER); -- return 0; -- } -- if (context && context->search_attributes) -- sk_free(context->search_attributes); -- if (context) OPENSSL_free(context); -- return 1; -- } -+{ -+ struct mem_ctx_st *context = (struct mem_ctx_st *)handle; -+ -+ if (!context) { -+ STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (context && context->search_attributes) -+ sk_free(context->search_attributes); -+ if (context) -+ OPENSSL_free(context); -+ return 1; -+} -+ - static int mem_list_endp(STORE *s, void *handle) -- { -- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; -- -- if (!context -- || context->search_index == sk_num(context->search_attributes)) -- return 1; -- return 0; -- } -+{ -+ struct mem_ctx_st *context = (struct mem_ctx_st *)handle; -+ -+ if (!context -+ || context->search_index == sk_num(context->search_attributes)) -+ return 1; -+ return 0; -+} -+ - static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ return 1; -+} -+ - static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], -- OPENSSL_ITEM parameters[]) -- { -- return 1; -- } --static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)) -- { -- return 1; -- } -+ OPENSSL_ITEM parameters[]) -+{ -+ return 1; -+} -+ -+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void)) -+{ -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c -index a46de03..d83a6de 100644 ---- a/Cryptlib/OpenSSL/crypto/store/str_meth.c -+++ b/Cryptlib/OpenSSL/crypto/store/str_meth.c -@@ -1,6 +1,7 @@ - /* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2003. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2003. - */ - /* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,190 +62,219 @@ - #include "str_locl.h" - - STORE_METHOD *STORE_create_method(char *name) -- { -- STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); -- -- if (store_method) -- { -- memset(store_method, 0, sizeof(*store_method)); -- store_method->name = BUF_strdup(name); -- } -- return store_method; -- } -- --/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method -- (that is, it hasn't been allocated using STORE_create_method(), you deserve -- anything Murphy can throw at you and more! You have been warned. */ -+{ -+ STORE_METHOD *store_method = -+ (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); -+ -+ if (store_method) { -+ memset(store_method, 0, sizeof(*store_method)); -+ store_method->name = BUF_strdup(name); -+ } -+ return store_method; -+} -+ -+/* -+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method -+ * (that is, it hasn't been allocated using STORE_create_method(), you -+ * deserve anything Murphy can throw at you and more! You have been warned. -+ */ - void STORE_destroy_method(STORE_METHOD *store_method) -- { -- if (!store_method) return; -- OPENSSL_free(store_method->name); -- store_method->name = NULL; -- OPENSSL_free(store_method); -- } -- --int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f) -- { -- sm->init = init_f; -- return 1; -- } -- --int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f) -- { -- sm->clean = clean_f; -- return 1; -- } -- --int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f) -- { -- sm->generate_object = generate_f; -- return 1; -- } -- --int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f) -- { -- sm->get_object = get_f; -- return 1; -- } -- --int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f) -- { -- sm->store_object = store_f; -- return 1; -- } -- --int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f) -- { -- sm->modify_object = modify_f; -- return 1; -- } -- --int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) -- { -- sm->revoke_object = revoke_f; -- return 1; -- } -- --int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f) -- { -- sm->delete_object = delete_f; -- return 1; -- } -- --int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f) -- { -- sm->list_object_start = list_start_f; -- return 1; -- } -- --int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f) -- { -- sm->list_object_next = list_next_f; -- return 1; -- } -- --int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f) -- { -- sm->list_object_end = list_end_f; -- return 1; -- } -- --int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) -- { -- sm->update_store = update_f; -- return 1; -- } -- --int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) -- { -- sm->lock_store = lock_f; -- return 1; -- } -- --int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) -- { -- sm->unlock_store = unlock_f; -- return 1; -- } -- --int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f) -- { -- sm->ctrl = ctrl_f; -- return 1; -- } -- --STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm) -- { -- return sm->init; -- } -+{ -+ if (!store_method) -+ return; -+ OPENSSL_free(store_method->name); -+ store_method->name = NULL; -+ OPENSSL_free(store_method); -+} -+ -+int STORE_method_set_initialise_function(STORE_METHOD *sm, -+ STORE_INITIALISE_FUNC_PTR init_f) -+{ -+ sm->init = init_f; -+ return 1; -+} -+ -+int STORE_method_set_cleanup_function(STORE_METHOD *sm, -+ STORE_CLEANUP_FUNC_PTR clean_f) -+{ -+ sm->clean = clean_f; -+ return 1; -+} -+ -+int STORE_method_set_generate_function(STORE_METHOD *sm, -+ STORE_GENERATE_OBJECT_FUNC_PTR -+ generate_f) -+{ -+ sm->generate_object = generate_f; -+ return 1; -+} -+ -+int STORE_method_set_get_function(STORE_METHOD *sm, -+ STORE_GET_OBJECT_FUNC_PTR get_f) -+{ -+ sm->get_object = get_f; -+ return 1; -+} -+ -+int STORE_method_set_store_function(STORE_METHOD *sm, -+ STORE_STORE_OBJECT_FUNC_PTR store_f) -+{ -+ sm->store_object = store_f; -+ return 1; -+} -+ -+int STORE_method_set_modify_function(STORE_METHOD *sm, -+ STORE_MODIFY_OBJECT_FUNC_PTR modify_f) -+{ -+ sm->modify_object = modify_f; -+ return 1; -+} -+ -+int STORE_method_set_revoke_function(STORE_METHOD *sm, -+ STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) -+{ -+ sm->revoke_object = revoke_f; -+ return 1; -+} -+ -+int STORE_method_set_delete_function(STORE_METHOD *sm, -+ STORE_HANDLE_OBJECT_FUNC_PTR delete_f) -+{ -+ sm->delete_object = delete_f; -+ return 1; -+} -+ -+int STORE_method_set_list_start_function(STORE_METHOD *sm, -+ STORE_START_OBJECT_FUNC_PTR -+ list_start_f) -+{ -+ sm->list_object_start = list_start_f; -+ return 1; -+} -+ -+int STORE_method_set_list_next_function(STORE_METHOD *sm, -+ STORE_NEXT_OBJECT_FUNC_PTR -+ list_next_f) -+{ -+ sm->list_object_next = list_next_f; -+ return 1; -+} -+ -+int STORE_method_set_list_end_function(STORE_METHOD *sm, -+ STORE_END_OBJECT_FUNC_PTR list_end_f) -+{ -+ sm->list_object_end = list_end_f; -+ return 1; -+} -+ -+int STORE_method_set_update_store_function(STORE_METHOD *sm, -+ STORE_GENERIC_FUNC_PTR update_f) -+{ -+ sm->update_store = update_f; -+ return 1; -+} -+ -+int STORE_method_set_lock_store_function(STORE_METHOD *sm, -+ STORE_GENERIC_FUNC_PTR lock_f) -+{ -+ sm->lock_store = lock_f; -+ return 1; -+} -+ -+int STORE_method_set_unlock_store_function(STORE_METHOD *sm, -+ STORE_GENERIC_FUNC_PTR unlock_f) -+{ -+ sm->unlock_store = unlock_f; -+ return 1; -+} -+ -+int STORE_method_set_ctrl_function(STORE_METHOD *sm, -+ STORE_CTRL_FUNC_PTR ctrl_f) -+{ -+ sm->ctrl = ctrl_f; -+ return 1; -+} -+ -+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD -+ *sm) -+{ -+ return sm->init; -+} - - STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm) -- { -- return sm->clean; -- } -+{ -+ return sm->clean; -+} - --STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm) -- { -- return sm->generate_object; -- } -+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD -+ *sm) -+{ -+ return sm->generate_object; -+} - - STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm) -- { -- return sm->get_object; -- } -+{ -+ return sm->get_object; -+} - - STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm) -- { -- return sm->store_object; -- } -- --STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm) -- { -- return sm->modify_object; -- } -- --STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm) -- { -- return sm->revoke_object; -- } -- --STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm) -- { -- return sm->delete_object; -- } -- --STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm) -- { -- return sm->list_object_start; -- } -- --STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm) -- { -- return sm->list_object_next; -- } -+{ -+ return sm->store_object; -+} -+ -+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD -+ *sm) -+{ -+ return sm->modify_object; -+} -+ -+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD -+ *sm) -+{ -+ return sm->revoke_object; -+} -+ -+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD -+ *sm) -+{ -+ return sm->delete_object; -+} -+ -+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD -+ *sm) -+{ -+ return sm->list_object_start; -+} -+ -+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD -+ *sm) -+{ -+ return sm->list_object_next; -+} - - STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm) -- { -- return sm->list_object_end; -- } -+{ -+ return sm->list_object_end; -+} - --STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm) -- { -- return sm->update_store; -- } -+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD -+ *sm) -+{ -+ return sm->update_store; -+} - - STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm) -- { -- return sm->lock_store; -- } -+{ -+ return sm->lock_store; -+} - --STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm) -- { -- return sm->unlock_store; -- } -+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD -+ *sm) -+{ -+ return sm->unlock_store; -+} - - STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm) -- { -- return sm->ctrl; -- } -- -+{ -+ return sm->ctrl; -+} -diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c -index 3ed5f72..a81eaae 100644 ---- a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c -+++ b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,323 +64,318 @@ - #include - - #undef BUFSIZE --#define BUFSIZE 512 -+#define BUFSIZE 512 - --const char TXT_DB_version[]="TXT_DB" OPENSSL_VERSION_PTEXT; -+const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT; - - TXT_DB *TXT_DB_read(BIO *in, int num) -- { -- TXT_DB *ret=NULL; -- int er=1; -- int esc=0; -- long ln=0; -- int i,add,n; -- int size=BUFSIZE; -- int offset=0; -- char *p,**pp,*f; -- BUF_MEM *buf=NULL; -+{ -+ TXT_DB *ret = NULL; -+ int er = 1; -+ int esc = 0; -+ long ln = 0; -+ int i, add, n; -+ int size = BUFSIZE; -+ int offset = 0; -+ char *p, **pp, *f; -+ BUF_MEM *buf = NULL; - -- if ((buf=BUF_MEM_new()) == NULL) goto err; -- if (!BUF_MEM_grow(buf,size)) goto err; -+ if ((buf = BUF_MEM_new()) == NULL) -+ goto err; -+ if (!BUF_MEM_grow(buf, size)) -+ goto err; - -- if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL) -- goto err; -- ret->num_fields=num; -- ret->index=NULL; -- ret->qual=NULL; -- if ((ret->data=sk_new_null()) == NULL) -- goto err; -- if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL) -- goto err; -- if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL) -- goto err; -- for (i=0; iindex[i]=NULL; -- ret->qual[i]=NULL; -- } -+ if ((ret = (TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL) -+ goto err; -+ ret->num_fields = num; -+ ret->index = NULL; -+ ret->qual = NULL; -+ if ((ret->data = sk_new_null()) == NULL) -+ goto err; -+ if ((ret->index = -+ (LHASH **)OPENSSL_malloc(sizeof(LHASH *) * num)) == NULL) -+ goto err; -+ if ((ret->qual = -+ (int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **)) * -+ num)) == NULL) -+ goto err; -+ for (i = 0; i < num; i++) { -+ ret->index[i] = NULL; -+ ret->qual[i] = NULL; -+ } - -- add=(num+1)*sizeof(char *); -- buf->data[size-1]='\0'; -- offset=0; -- for (;;) -- { -- if (offset != 0) -- { -- size+=BUFSIZE; -- if (!BUF_MEM_grow_clean(buf,size)) goto err; -- } -- buf->data[offset]='\0'; -- BIO_gets(in,&(buf->data[offset]),size-offset); -- ln++; -- if (buf->data[offset] == '\0') break; -- if ((offset == 0) && (buf->data[0] == '#')) continue; -- i=strlen(&(buf->data[offset])); -- offset+=i; -- if (buf->data[offset-1] != '\n') -- continue; -- else -- { -- buf->data[offset-1]='\0'; /* blat the '\n' */ -- if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err; -- offset=0; -- } -- pp=(char **)p; -- p+=add; -- n=0; -- pp[n++]=p; -- i=0; -- f=buf->data; -+ add = (num + 1) * sizeof(char *); -+ buf->data[size - 1] = '\0'; -+ offset = 0; -+ for (;;) { -+ if (offset != 0) { -+ size += BUFSIZE; -+ if (!BUF_MEM_grow_clean(buf, size)) -+ goto err; -+ } -+ buf->data[offset] = '\0'; -+ BIO_gets(in, &(buf->data[offset]), size - offset); -+ ln++; -+ if (buf->data[offset] == '\0') -+ break; -+ if ((offset == 0) && (buf->data[0] == '#')) -+ continue; -+ i = strlen(&(buf->data[offset])); -+ offset += i; -+ if (buf->data[offset - 1] != '\n') -+ continue; -+ else { -+ buf->data[offset - 1] = '\0'; /* blat the '\n' */ -+ if (!(p = (char *)OPENSSL_malloc(add + offset))) -+ goto err; -+ offset = 0; -+ } -+ pp = (char **)p; -+ p += add; -+ n = 0; -+ pp[n++] = p; -+ i = 0; -+ f = buf->data; - -- esc=0; -- for (;;) -- { -- if (*f == '\0') break; -- if (*f == '\t') -- { -- if (esc) -- p--; -- else -- { -- *(p++)='\0'; -- f++; -- if (n >= num) break; -- pp[n++]=p; -- continue; -- } -- } -- esc=(*f == '\\'); -- *(p++)= *(f++); -- } -- *(p++)='\0'; -- if ((n != num) || (*f != '\0')) -- { --#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ -- fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); -+ esc = 0; -+ for (;;) { -+ if (*f == '\0') -+ break; -+ if (*f == '\t') { -+ if (esc) -+ p--; -+ else { -+ *(p++) = '\0'; -+ f++; -+ if (n >= num) -+ break; -+ pp[n++] = p; -+ continue; -+ } -+ } -+ esc = (*f == '\\'); -+ *(p++) = *(f++); -+ } -+ *(p++) = '\0'; -+ if ((n != num) || (*f != '\0')) { -+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty -+ * fix :-( */ -+ fprintf(stderr, -+ "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", -+ ln, num, n, f); - #endif -- er=2; -- goto err; -- } -- pp[n]=p; -- if (!sk_push(ret->data,(char *)pp)) -- { --#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ -- fprintf(stderr,"failure in sk_push\n"); -+ er = 2; -+ goto err; -+ } -+ pp[n] = p; -+ if (!sk_push(ret->data, (char *)pp)) { -+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty -+ * fix :-( */ -+ fprintf(stderr, "failure in sk_push\n"); - #endif -- er=2; -- goto err; -- } -- } -- er=0; --err: -- BUF_MEM_free(buf); -- if (er) -- { -+ er = 2; -+ goto err; -+ } -+ } -+ er = 0; -+ err: -+ BUF_MEM_free(buf); -+ if (er) { - #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) -- if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n"); -+ if (er == 1) -+ fprintf(stderr, "OPENSSL_malloc failure\n"); - #endif -- if (ret != NULL) -- { -- if (ret->data != NULL) sk_free(ret->data); -- if (ret->index != NULL) OPENSSL_free(ret->index); -- if (ret->qual != NULL) OPENSSL_free(ret->qual); -- if (ret != NULL) OPENSSL_free(ret); -- } -- return(NULL); -- } -- else -- return(ret); -- } -+ if (ret != NULL) { -+ if (ret->data != NULL) -+ sk_free(ret->data); -+ if (ret->index != NULL) -+ OPENSSL_free(ret->index); -+ if (ret->qual != NULL) -+ OPENSSL_free(ret->qual); -+ if (ret != NULL) -+ OPENSSL_free(ret); -+ } -+ return (NULL); -+ } else -+ return (ret); -+} - - char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) -- { -- char **ret; -- LHASH *lh; -+{ -+ char **ret; -+ LHASH *lh; - -- if (idx >= db->num_fields) -- { -- db->error=DB_ERROR_INDEX_OUT_OF_RANGE; -- return(NULL); -- } -- lh=db->index[idx]; -- if (lh == NULL) -- { -- db->error=DB_ERROR_NO_INDEX; -- return(NULL); -- } -- ret=(char **)lh_retrieve(lh,value); -- db->error=DB_ERROR_OK; -- return(ret); -- } -+ if (idx >= db->num_fields) { -+ db->error = DB_ERROR_INDEX_OUT_OF_RANGE; -+ return (NULL); -+ } -+ lh = db->index[idx]; -+ if (lh == NULL) { -+ db->error = DB_ERROR_NO_INDEX; -+ return (NULL); -+ } -+ ret = (char **)lh_retrieve(lh, value); -+ db->error = DB_ERROR_OK; -+ return (ret); -+} - --int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **), -- LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) -- { -- LHASH *idx; -- char **r; -- int i,n; -+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **), -+ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) -+{ -+ LHASH *idx; -+ char **r; -+ int i, n; - -- if (field >= db->num_fields) -- { -- db->error=DB_ERROR_INDEX_OUT_OF_RANGE; -- return(0); -- } -- if ((idx=lh_new(hash,cmp)) == NULL) -- { -- db->error=DB_ERROR_MALLOC; -- return(0); -- } -- n=sk_num(db->data); -- for (i=0; idata,i); -- if ((qual != NULL) && (qual(r) == 0)) continue; -- if ((r=lh_insert(idx,r)) != NULL) -- { -- db->error=DB_ERROR_INDEX_CLASH; -- db->arg1=sk_find(db->data,(char *)r); -- db->arg2=i; -- lh_free(idx); -- return(0); -- } -- } -- if (db->index[field] != NULL) lh_free(db->index[field]); -- db->index[field]=idx; -- db->qual[field]=qual; -- return(1); -- } -+ if (field >= db->num_fields) { -+ db->error = DB_ERROR_INDEX_OUT_OF_RANGE; -+ return (0); -+ } -+ if ((idx = lh_new(hash, cmp)) == NULL) { -+ db->error = DB_ERROR_MALLOC; -+ return (0); -+ } -+ n = sk_num(db->data); -+ for (i = 0; i < n; i++) { -+ r = (char **)sk_value(db->data, i); -+ if ((qual != NULL) && (qual(r) == 0)) -+ continue; -+ if ((r = lh_insert(idx, r)) != NULL) { -+ db->error = DB_ERROR_INDEX_CLASH; -+ db->arg1 = sk_find(db->data, (char *)r); -+ db->arg2 = i; -+ lh_free(idx); -+ return (0); -+ } -+ } -+ if (db->index[field] != NULL) -+ lh_free(db->index[field]); -+ db->index[field] = idx; -+ db->qual[field] = qual; -+ return (1); -+} - - long TXT_DB_write(BIO *out, TXT_DB *db) -- { -- long i,j,n,nn,l,tot=0; -- char *p,**pp,*f; -- BUF_MEM *buf=NULL; -- long ret= -1; -+{ -+ long i, j, n, nn, l, tot = 0; -+ char *p, **pp, *f; -+ BUF_MEM *buf = NULL; -+ long ret = -1; - -- if ((buf=BUF_MEM_new()) == NULL) -- goto err; -- n=sk_num(db->data); -- nn=db->num_fields; -- for (i=0; idata,i); -+ if ((buf = BUF_MEM_new()) == NULL) -+ goto err; -+ n = sk_num(db->data); -+ nn = db->num_fields; -+ for (i = 0; i < n; i++) { -+ pp = (char **)sk_value(db->data, i); - -- l=0; -- for (j=0; jdata; -- for (j=0; jdata; -- if (BIO_write(out,buf->data,(int)j) != j) -- goto err; -- tot+=j; -- } -- ret=tot; --err: -- if (buf != NULL) BUF_MEM_free(buf); -- return(ret); -- } -+ p = buf->data; -+ for (j = 0; j < nn; j++) { -+ f = pp[j]; -+ if (f != NULL) -+ for (;;) { -+ if (*f == '\0') -+ break; -+ if (*f == '\t') -+ *(p++) = '\\'; -+ *(p++) = *(f++); -+ } -+ *(p++) = '\t'; -+ } -+ p[-1] = '\n'; -+ j = p - buf->data; -+ if (BIO_write(out, buf->data, (int)j) != j) -+ goto err; -+ tot += j; -+ } -+ ret = tot; -+ err: -+ if (buf != NULL) -+ BUF_MEM_free(buf); -+ return (ret); -+} - - int TXT_DB_insert(TXT_DB *db, char **row) -- { -- int i; -- char **r; -+{ -+ int i; -+ char **r; - -- for (i=0; inum_fields; i++) -- { -- if (db->index[i] != NULL) -- { -- if ((db->qual[i] != NULL) && -- (db->qual[i](row) == 0)) continue; -- r=(char **)lh_retrieve(db->index[i],row); -- if (r != NULL) -- { -- db->error=DB_ERROR_INDEX_CLASH; -- db->arg1=i; -- db->arg_row=r; -- goto err; -- } -- } -- } -- /* We have passed the index checks, now just append and insert */ -- if (!sk_push(db->data,(char *)row)) -- { -- db->error=DB_ERROR_MALLOC; -- goto err; -- } -+ for (i = 0; i < db->num_fields; i++) { -+ if (db->index[i] != NULL) { -+ if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) -+ continue; -+ r = (char **)lh_retrieve(db->index[i], row); -+ if (r != NULL) { -+ db->error = DB_ERROR_INDEX_CLASH; -+ db->arg1 = i; -+ db->arg_row = r; -+ goto err; -+ } -+ } -+ } -+ /* We have passed the index checks, now just append and insert */ -+ if (!sk_push(db->data, (char *)row)) { -+ db->error = DB_ERROR_MALLOC; -+ goto err; -+ } - -- for (i=0; inum_fields; i++) -- { -- if (db->index[i] != NULL) -- { -- if ((db->qual[i] != NULL) && -- (db->qual[i](row) == 0)) continue; -- lh_insert(db->index[i],row); -- } -- } -- return(1); --err: -- return(0); -- } -+ for (i = 0; i < db->num_fields; i++) { -+ if (db->index[i] != NULL) { -+ if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) -+ continue; -+ lh_insert(db->index[i], row); -+ } -+ } -+ return (1); -+ err: -+ return (0); -+} - - void TXT_DB_free(TXT_DB *db) -- { -- int i,n; -- char **p,*max; -+{ -+ int i, n; -+ char **p, *max; - -- if(db == NULL) -- return; -+ if (db == NULL) -+ return; - -- if (db->index != NULL) -- { -- for (i=db->num_fields-1; i>=0; i--) -- if (db->index[i] != NULL) lh_free(db->index[i]); -- OPENSSL_free(db->index); -- } -- if (db->qual != NULL) -- OPENSSL_free(db->qual); -- if (db->data != NULL) -- { -- for (i=sk_num(db->data)-1; i>=0; i--) -- { -- /* check if any 'fields' have been allocated -- * from outside of the initial block */ -- p=(char **)sk_value(db->data,i); -- max=p[db->num_fields]; /* last address */ -- if (max == NULL) /* new row */ -- { -- for (n=0; nnum_fields; n++) -- if (p[n] != NULL) OPENSSL_free(p[n]); -- } -- else -- { -- for (n=0; nnum_fields; n++) -- { -- if (((p[n] < (char *)p) || (p[n] > max)) -- && (p[n] != NULL)) -- OPENSSL_free(p[n]); -- } -- } -- OPENSSL_free(sk_value(db->data,i)); -- } -- sk_free(db->data); -- } -- OPENSSL_free(db); -- } -+ if (db->index != NULL) { -+ for (i = db->num_fields - 1; i >= 0; i--) -+ if (db->index[i] != NULL) -+ lh_free(db->index[i]); -+ OPENSSL_free(db->index); -+ } -+ if (db->qual != NULL) -+ OPENSSL_free(db->qual); -+ if (db->data != NULL) { -+ for (i = sk_num(db->data) - 1; i >= 0; i--) { -+ /* -+ * check if any 'fields' have been allocated from outside of the -+ * initial block -+ */ -+ p = (char **)sk_value(db->data, i); -+ max = p[db->num_fields]; /* last address */ -+ if (max == NULL) { /* new row */ -+ for (n = 0; n < db->num_fields; n++) -+ if (p[n] != NULL) -+ OPENSSL_free(p[n]); -+ } else { -+ for (n = 0; n < db->num_fields; n++) { -+ if (((p[n] < (char *)p) || (p[n] > max)) -+ && (p[n] != NULL)) -+ OPENSSL_free(p[n]); -+ } -+ } -+ OPENSSL_free(sk_value(db->data, i)); -+ } -+ sk_free(db->data); -+ } -+ OPENSSL_free(db); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c -index 13e0f70..0ca5284 100644 ---- a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,12 +56,14 @@ - #include - #include - --int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify) -- { -- return UI_UTIL_read_pw_string(buf, length, prompt, verify); -- } -+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, -+ int verify) -+{ -+ return UI_UTIL_read_pw_string(buf, length, prompt, verify); -+} - --int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify) -- { -- return UI_UTIL_read_pw(buf, buff, size, prompt, verify); -- } -+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, -+ int verify) -+{ -+ return UI_UTIL_read_pw(buf, buff, size, prompt, verify); -+} -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c -index 786bd0d..ffeb003 100644 ---- a/Cryptlib/OpenSSL/crypto/ui/ui_err.c -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,48 +66,46 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) - --static ERR_STRING_DATA UI_str_functs[]= -- { --{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"}, --{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"}, --{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"}, --{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"}, --{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"}, --{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"}, --{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"}, --{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"}, --{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"}, --{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"}, --{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"}, --{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"}, --{0,NULL} -- }; -+static ERR_STRING_DATA UI_str_functs[] = { -+ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"}, -+ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"}, -+ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"}, -+ {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"}, -+ {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"}, -+ {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"}, -+ {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"}, -+ {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"}, -+ {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"}, -+ {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"}, -+ {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"}, -+ {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA UI_str_reasons[]= -- { --{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"}, --{ERR_REASON(UI_R_INDEX_TOO_LARGE) ,"index too large"}, --{ERR_REASON(UI_R_INDEX_TOO_SMALL) ,"index too small"}, --{ERR_REASON(UI_R_NO_RESULT_BUFFER) ,"no result buffer"}, --{ERR_REASON(UI_R_RESULT_TOO_LARGE) ,"result too large"}, --{ERR_REASON(UI_R_RESULT_TOO_SMALL) ,"result too small"}, --{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"}, --{0,NULL} -- }; -+static ERR_STRING_DATA UI_str_reasons[] = { -+ {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), -+ "common ok and cancel characters"}, -+ {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"}, -+ {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"}, -+ {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"}, -+ {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"}, -+ {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"}, -+ {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_UI_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(UI_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,UI_str_functs); -- ERR_load_strings(0,UI_str_reasons); -- } -+ if (ERR_func_error_string(UI_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, UI_str_functs); -+ ERR_load_strings(0, UI_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c -index 67013f8..84d65cb 100644 ---- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c -@@ -1,6 +1,7 @@ - /* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */ --/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -66,840 +67,781 @@ - - IMPLEMENT_STACK_OF(UI_STRING_ST) - --static const UI_METHOD *default_UI_meth=NULL; -+static const UI_METHOD *default_UI_meth = NULL; - - UI *UI_new(void) -- { -- return(UI_new_method(NULL)); -- } -+{ -+ return (UI_new_method(NULL)); -+} - - UI *UI_new_method(const UI_METHOD *method) -- { -- UI *ret; -- -- ret=(UI *)OPENSSL_malloc(sizeof(UI)); -- if (ret == NULL) -- { -- UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- if (method == NULL) -- ret->meth=UI_get_default_method(); -- else -- ret->meth=method; -- -- ret->strings=NULL; -- ret->user_data=NULL; -- ret->flags=0; -- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); -- return ret; -- } -+{ -+ UI *ret; -+ -+ ret = (UI *)OPENSSL_malloc(sizeof(UI)); -+ if (ret == NULL) { -+ UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ if (method == NULL) -+ ret->meth = UI_get_default_method(); -+ else -+ ret->meth = method; -+ -+ ret->strings = NULL; -+ ret->user_data = NULL; -+ ret->flags = 0; -+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); -+ return ret; -+} - - static void free_string(UI_STRING *uis) -- { -- if (uis->flags & OUT_STRING_FREEABLE) -- { -- OPENSSL_free((char *)uis->out_string); -- switch(uis->type) -- { -- case UIT_BOOLEAN: -- OPENSSL_free((char *)uis->_.boolean_data.action_desc); -- OPENSSL_free((char *)uis->_.boolean_data.ok_chars); -- OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); -- break; -- default: -- break; -- } -- } -- OPENSSL_free(uis); -- } -+{ -+ if (uis->flags & OUT_STRING_FREEABLE) { -+ OPENSSL_free((char *)uis->out_string); -+ switch (uis->type) { -+ case UIT_BOOLEAN: -+ OPENSSL_free((char *)uis->_.boolean_data.action_desc); -+ OPENSSL_free((char *)uis->_.boolean_data.ok_chars); -+ OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); -+ break; -+ default: -+ break; -+ } -+ } -+ OPENSSL_free(uis); -+} - - void UI_free(UI *ui) -- { -- if (ui == NULL) -- return; -- sk_UI_STRING_pop_free(ui->strings,free_string); -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); -- OPENSSL_free(ui); -- } -+{ -+ if (ui == NULL) -+ return; -+ sk_UI_STRING_pop_free(ui->strings, free_string); -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); -+ OPENSSL_free(ui); -+} - - static int allocate_string_stack(UI *ui) -- { -- if (ui->strings == NULL) -- { -- ui->strings=sk_UI_STRING_new_null(); -- if (ui->strings == NULL) -- { -- return -1; -- } -- } -- return 0; -- } -+{ -+ if (ui->strings == NULL) { -+ ui->strings = sk_UI_STRING_new_null(); -+ if (ui->strings == NULL) { -+ return -1; -+ } -+ } -+ return 0; -+} - - static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, -- int prompt_freeable, enum UI_string_types type, int input_flags, -- char *result_buf) -- { -- UI_STRING *ret = NULL; -- -- if (prompt == NULL) -- { -- UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER); -- } -- else if ((type == UIT_PROMPT || type == UIT_VERIFY -- || type == UIT_BOOLEAN) && result_buf == NULL) -- { -- UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER); -- } -- else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) -- { -- ret->out_string=prompt; -- ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0; -- ret->input_flags=input_flags; -- ret->type=type; -- ret->result_buf=result_buf; -- } -- return ret; -- } -+ int prompt_freeable, -+ enum UI_string_types type, -+ int input_flags, char *result_buf) -+{ -+ UI_STRING *ret = NULL; -+ -+ if (prompt == NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER); -+ } else if ((type == UIT_PROMPT || type == UIT_VERIFY -+ || type == UIT_BOOLEAN) && result_buf == NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER); -+ } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) { -+ ret->out_string = prompt; -+ ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0; -+ ret->input_flags = input_flags; -+ ret->type = type; -+ ret->result_buf = result_buf; -+ } -+ return ret; -+} - - static int general_allocate_string(UI *ui, const char *prompt, -- int prompt_freeable, enum UI_string_types type, int input_flags, -- char *result_buf, int minsize, int maxsize, const char *test_buf) -- { -- int ret = -1; -- UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, -- type, input_flags, result_buf); -- -- if (s) -- { -- if (allocate_string_stack(ui) >= 0) -- { -- s->_.string_data.result_minsize=minsize; -- s->_.string_data.result_maxsize=maxsize; -- s->_.string_data.test_buf=test_buf; -- ret=sk_UI_STRING_push(ui->strings, s); -- /* sk_push() returns 0 on error. Let's addapt that */ -- if (ret <= 0) ret--; -- } -- else -- free_string(s); -- } -- return ret; -- } -+ int prompt_freeable, -+ enum UI_string_types type, int input_flags, -+ char *result_buf, int minsize, int maxsize, -+ const char *test_buf) -+{ -+ int ret = -1; -+ UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, -+ type, input_flags, result_buf); -+ -+ if (s) { -+ if (allocate_string_stack(ui) >= 0) { -+ s->_.string_data.result_minsize = minsize; -+ s->_.string_data.result_maxsize = maxsize; -+ s->_.string_data.test_buf = test_buf; -+ ret = sk_UI_STRING_push(ui->strings, s); -+ /* sk_push() returns 0 on error. Let's addapt that */ -+ if (ret <= 0) -+ ret--; -+ } else -+ free_string(s); -+ } -+ return ret; -+} - - static int general_allocate_boolean(UI *ui, -- const char *prompt, const char *action_desc, -- const char *ok_chars, const char *cancel_chars, -- int prompt_freeable, enum UI_string_types type, int input_flags, -- char *result_buf) -- { -- int ret = -1; -- UI_STRING *s; -- const char *p; -- -- if (ok_chars == NULL) -- { -- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER); -- } -- else if (cancel_chars == NULL) -- { -- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER); -- } -- else -- { -- for(p = ok_chars; *p; p++) -- { -- if (strchr(cancel_chars, *p)) -- { -- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, -- UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); -- } -- } -- -- s = general_allocate_prompt(ui, prompt, prompt_freeable, -- type, input_flags, result_buf); -- -- if (s) -- { -- if (allocate_string_stack(ui) >= 0) -- { -- s->_.boolean_data.action_desc = action_desc; -- s->_.boolean_data.ok_chars = ok_chars; -- s->_.boolean_data.cancel_chars = cancel_chars; -- ret=sk_UI_STRING_push(ui->strings, s); -- /* sk_push() returns 0 on error. -- Let's addapt that */ -- if (ret <= 0) ret--; -- } -- else -- free_string(s); -- } -- } -- return ret; -- } -- --/* Returns the index to the place in the stack or -1 for error. Uses a -- direct reference to the prompt. */ -+ const char *prompt, -+ const char *action_desc, -+ const char *ok_chars, -+ const char *cancel_chars, -+ int prompt_freeable, -+ enum UI_string_types type, -+ int input_flags, char *result_buf) -+{ -+ int ret = -1; -+ UI_STRING *s; -+ const char *p; -+ -+ if (ok_chars == NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER); -+ } else if (cancel_chars == NULL) { -+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER); -+ } else { -+ for (p = ok_chars; *p; p++) { -+ if (strchr(cancel_chars, *p)) { -+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, -+ UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); -+ } -+ } -+ -+ s = general_allocate_prompt(ui, prompt, prompt_freeable, -+ type, input_flags, result_buf); -+ -+ if (s) { -+ if (allocate_string_stack(ui) >= 0) { -+ s->_.boolean_data.action_desc = action_desc; -+ s->_.boolean_data.ok_chars = ok_chars; -+ s->_.boolean_data.cancel_chars = cancel_chars; -+ ret = sk_UI_STRING_push(ui->strings, s); -+ /* -+ * sk_push() returns 0 on error. Let's addapt that -+ */ -+ if (ret <= 0) -+ ret--; -+ } else -+ free_string(s); -+ } -+ } -+ return ret; -+} -+ -+/* -+ * Returns the index to the place in the stack or -1 for error. Uses a -+ * direct reference to the prompt. -+ */ - int UI_add_input_string(UI *ui, const char *prompt, int flags, -- char *result_buf, int minsize, int maxsize) -- { -- return general_allocate_string(ui, prompt, 0, -- UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL); -- } -+ char *result_buf, int minsize, int maxsize) -+{ -+ return general_allocate_string(ui, prompt, 0, -+ UIT_PROMPT, flags, result_buf, minsize, -+ maxsize, NULL); -+} - - /* Same as UI_add_input_string(), excepts it takes a copy of the prompt */ - int UI_dup_input_string(UI *ui, const char *prompt, int flags, -- char *result_buf, int minsize, int maxsize) -- { -- char *prompt_copy=NULL; -- -- if (prompt) -- { -- prompt_copy=BUF_strdup(prompt); -- if (prompt_copy == NULL) -- { -- UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- -- return general_allocate_string(ui, prompt_copy, 1, -- UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL); -- } -+ char *result_buf, int minsize, int maxsize) -+{ -+ char *prompt_copy = NULL; -+ -+ if (prompt) { -+ prompt_copy = BUF_strdup(prompt); -+ if (prompt_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ -+ return general_allocate_string(ui, prompt_copy, 1, -+ UIT_PROMPT, flags, result_buf, minsize, -+ maxsize, NULL); -+} - - int UI_add_verify_string(UI *ui, const char *prompt, int flags, -- char *result_buf, int minsize, int maxsize, const char *test_buf) -- { -- return general_allocate_string(ui, prompt, 0, -- UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf); -- } -+ char *result_buf, int minsize, int maxsize, -+ const char *test_buf) -+{ -+ return general_allocate_string(ui, prompt, 0, -+ UIT_VERIFY, flags, result_buf, minsize, -+ maxsize, test_buf); -+} - - int UI_dup_verify_string(UI *ui, const char *prompt, int flags, -- char *result_buf, int minsize, int maxsize, const char *test_buf) -- { -- char *prompt_copy=NULL; -- -- if (prompt) -- { -- prompt_copy=BUF_strdup(prompt); -- if (prompt_copy == NULL) -- { -- UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE); -- return -1; -- } -- } -- -- return general_allocate_string(ui, prompt_copy, 1, -- UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf); -- } -+ char *result_buf, int minsize, int maxsize, -+ const char *test_buf) -+{ -+ char *prompt_copy = NULL; -+ -+ if (prompt) { -+ prompt_copy = BUF_strdup(prompt); -+ if (prompt_copy == NULL) { -+ UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ } -+ -+ return general_allocate_string(ui, prompt_copy, 1, -+ UIT_VERIFY, flags, result_buf, minsize, -+ maxsize, test_buf); -+} - - int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, -- const char *ok_chars, const char *cancel_chars, -- int flags, char *result_buf) -- { -- return general_allocate_boolean(ui, prompt, action_desc, -- ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf); -- } -+ const char *ok_chars, const char *cancel_chars, -+ int flags, char *result_buf) -+{ -+ return general_allocate_boolean(ui, prompt, action_desc, -+ ok_chars, cancel_chars, 0, UIT_BOOLEAN, -+ flags, result_buf); -+} - - int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, -- const char *ok_chars, const char *cancel_chars, -- int flags, char *result_buf) -- { -- char *prompt_copy = NULL; -- char *action_desc_copy = NULL; -- char *ok_chars_copy = NULL; -- char *cancel_chars_copy = NULL; -- -- if (prompt) -- { -- prompt_copy=BUF_strdup(prompt); -- if (prompt_copy == NULL) -- { -- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- -- if (action_desc) -- { -- action_desc_copy=BUF_strdup(action_desc); -- if (action_desc_copy == NULL) -- { -- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- -- if (ok_chars) -- { -- ok_chars_copy=BUF_strdup(ok_chars); -- if (ok_chars_copy == NULL) -- { -- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- -- if (cancel_chars) -- { -- cancel_chars_copy=BUF_strdup(cancel_chars); -- if (cancel_chars_copy == NULL) -- { -- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- -- return general_allocate_boolean(ui, prompt_copy, action_desc_copy, -- ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags, -- result_buf); -+ const char *ok_chars, const char *cancel_chars, -+ int flags, char *result_buf) -+{ -+ char *prompt_copy = NULL; -+ char *action_desc_copy = NULL; -+ char *ok_chars_copy = NULL; -+ char *cancel_chars_copy = NULL; -+ -+ if (prompt) { -+ prompt_copy = BUF_strdup(prompt); -+ if (prompt_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ if (action_desc) { -+ action_desc_copy = BUF_strdup(action_desc); -+ if (action_desc_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ if (ok_chars) { -+ ok_chars_copy = BUF_strdup(ok_chars); -+ if (ok_chars_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ if (cancel_chars) { -+ cancel_chars_copy = BUF_strdup(cancel_chars); -+ if (cancel_chars_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ return general_allocate_boolean(ui, prompt_copy, action_desc_copy, -+ ok_chars_copy, cancel_chars_copy, 1, -+ UIT_BOOLEAN, flags, result_buf); - err: -- if (prompt_copy) OPENSSL_free(prompt_copy); -- if (action_desc_copy) OPENSSL_free(action_desc_copy); -- if (ok_chars_copy) OPENSSL_free(ok_chars_copy); -- if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy); -- return -1; -- } -+ if (prompt_copy) -+ OPENSSL_free(prompt_copy); -+ if (action_desc_copy) -+ OPENSSL_free(action_desc_copy); -+ if (ok_chars_copy) -+ OPENSSL_free(ok_chars_copy); -+ if (cancel_chars_copy) -+ OPENSSL_free(cancel_chars_copy); -+ return -1; -+} - - int UI_add_info_string(UI *ui, const char *text) -- { -- return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, -- NULL); -- } -+{ -+ return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, -+ NULL); -+} - - int UI_dup_info_string(UI *ui, const char *text) -- { -- char *text_copy=NULL; -- -- if (text) -- { -- text_copy=BUF_strdup(text); -- if (text_copy == NULL) -- { -- UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE); -- return -1; -- } -- } -- -- return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, -- 0, 0, NULL); -- } -+{ -+ char *text_copy = NULL; -+ -+ if (text) { -+ text_copy = BUF_strdup(text); -+ if (text_copy == NULL) { -+ UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ } -+ -+ return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, -+ 0, 0, NULL); -+} - - int UI_add_error_string(UI *ui, const char *text) -- { -- return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, -- NULL); -- } -+{ -+ return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, -+ NULL); -+} - - int UI_dup_error_string(UI *ui, const char *text) -- { -- char *text_copy=NULL; -- -- if (text) -- { -- text_copy=BUF_strdup(text); -- if (text_copy == NULL) -- { -- UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE); -- return -1; -- } -- } -- return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, -- 0, 0, NULL); -- } -+{ -+ char *text_copy = NULL; -+ -+ if (text) { -+ text_copy = BUF_strdup(text); -+ if (text_copy == NULL) { -+ UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ } -+ return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, -+ 0, 0, NULL); -+} - - char *UI_construct_prompt(UI *ui, const char *object_desc, -- const char *object_name) -- { -- char *prompt = NULL; -- -- if (ui->meth->ui_construct_prompt) -- prompt = ui->meth->ui_construct_prompt(ui, -- object_desc, object_name); -- else -- { -- char prompt1[] = "Enter "; -- char prompt2[] = " for "; -- char prompt3[] = ":"; -- int len = 0; -- -- if (object_desc == NULL) -- return NULL; -- len = sizeof(prompt1) - 1 + strlen(object_desc); -- if (object_name) -- len += sizeof(prompt2) - 1 + strlen(object_name); -- len += sizeof(prompt3) - 1; -- -- prompt = (char *)OPENSSL_malloc(len + 1); -- BUF_strlcpy(prompt, prompt1, len + 1); -- BUF_strlcat(prompt, object_desc, len + 1); -- if (object_name) -- { -- BUF_strlcat(prompt, prompt2, len + 1); -- BUF_strlcat(prompt, object_name, len + 1); -- } -- BUF_strlcat(prompt, prompt3, len + 1); -- } -- return prompt; -- } -+ const char *object_name) -+{ -+ char *prompt = NULL; -+ -+ if (ui->meth->ui_construct_prompt) -+ prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name); -+ else { -+ char prompt1[] = "Enter "; -+ char prompt2[] = " for "; -+ char prompt3[] = ":"; -+ int len = 0; -+ -+ if (object_desc == NULL) -+ return NULL; -+ len = sizeof(prompt1) - 1 + strlen(object_desc); -+ if (object_name) -+ len += sizeof(prompt2) - 1 + strlen(object_name); -+ len += sizeof(prompt3) - 1; -+ -+ prompt = (char *)OPENSSL_malloc(len + 1); -+ BUF_strlcpy(prompt, prompt1, len + 1); -+ BUF_strlcat(prompt, object_desc, len + 1); -+ if (object_name) { -+ BUF_strlcat(prompt, prompt2, len + 1); -+ BUF_strlcat(prompt, object_name, len + 1); -+ } -+ BUF_strlcat(prompt, prompt3, len + 1); -+ } -+ return prompt; -+} - - void *UI_add_user_data(UI *ui, void *user_data) -- { -- void *old_data = ui->user_data; -- ui->user_data = user_data; -- return old_data; -- } -+{ -+ void *old_data = ui->user_data; -+ ui->user_data = user_data; -+ return old_data; -+} - - void *UI_get0_user_data(UI *ui) -- { -- return ui->user_data; -- } -+{ -+ return ui->user_data; -+} - - const char *UI_get0_result(UI *ui, int i) -- { -- if (i < 0) -- { -- UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL); -- return NULL; -- } -- if (i >= sk_UI_STRING_num(ui->strings)) -- { -- UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE); -- return NULL; -- } -- return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); -- } -+{ -+ if (i < 0) { -+ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL); -+ return NULL; -+ } -+ if (i >= sk_UI_STRING_num(ui->strings)) { -+ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE); -+ return NULL; -+ } -+ return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); -+} - - static int print_error(const char *str, size_t len, UI *ui) -- { -- UI_STRING uis; -+{ -+ UI_STRING uis; - -- memset(&uis, 0, sizeof(uis)); -- uis.type = UIT_ERROR; -- uis.out_string = str; -+ memset(&uis, 0, sizeof(uis)); -+ uis.type = UIT_ERROR; -+ uis.out_string = str; - -- if (ui->meth->ui_write_string -- && !ui->meth->ui_write_string(ui, &uis)) -- return -1; -- return 0; -- } -+ if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis)) -+ return -1; -+ return 0; -+} - - int UI_process(UI *ui) -- { -- int i, ok=0; -- -- if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui)) -- return -1; -- -- if (ui->flags & UI_FLAG_PRINT_ERRORS) -- ERR_print_errors_cb( -- (int (*)(const char *, size_t, void *))print_error, -- (void *)ui); -- -- for(i=0; istrings); i++) -- { -- if (ui->meth->ui_write_string -- && !ui->meth->ui_write_string(ui, -- sk_UI_STRING_value(ui->strings, i))) -- { -- ok=-1; -- goto err; -- } -- } -- -- if (ui->meth->ui_flush) -- switch(ui->meth->ui_flush(ui)) -- { -- case -1: /* Interrupt/Cancel/something... */ -- ok = -2; -- goto err; -- case 0: /* Errors */ -- ok = -1; -- goto err; -- default: /* Success */ -- ok = 0; -- break; -- } -- -- for(i=0; istrings); i++) -- { -- if (ui->meth->ui_read_string) -- { -- switch(ui->meth->ui_read_string(ui, -- sk_UI_STRING_value(ui->strings, i))) -- { -- case -1: /* Interrupt/Cancel/something... */ -- ok = -2; -- goto err; -- case 0: /* Errors */ -- ok = -1; -- goto err; -- default: /* Success */ -- ok = 0; -- break; -- } -- } -- } -- err: -- if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui)) -- return -1; -- return ok; -- } -- --int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)) -- { -- if (ui == NULL) -- { -- UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER); -- return -1; -- } -- switch(cmd) -- { -- case UI_CTRL_PRINT_ERRORS: -- { -- int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS); -- if (i) -- ui->flags |= UI_FLAG_PRINT_ERRORS; -- else -- ui->flags &= ~UI_FLAG_PRINT_ERRORS; -- return save_flag; -- } -- case UI_CTRL_IS_REDOABLE: -- return !!(ui->flags & UI_FLAG_REDOABLE); -- default: -- break; -- } -- UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND); -- return -1; -- } -+{ -+ int i, ok = 0; - --int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+ if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui)) -+ return -1; -+ -+ if (ui->flags & UI_FLAG_PRINT_ERRORS) -+ ERR_print_errors_cb((int (*)(const char *, size_t, void *)) -+ print_error, (void *)ui); -+ -+ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { -+ if (ui->meth->ui_write_string -+ && !ui->meth->ui_write_string(ui, -+ sk_UI_STRING_value(ui->strings, i))) -+ { -+ ok = -1; -+ goto err; -+ } -+ } -+ -+ if (ui->meth->ui_flush) -+ switch (ui->meth->ui_flush(ui)) { -+ case -1: /* Interrupt/Cancel/something... */ -+ ok = -2; -+ goto err; -+ case 0: /* Errors */ -+ ok = -1; -+ goto err; -+ default: /* Success */ -+ ok = 0; -+ break; -+ } -+ -+ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { -+ if (ui->meth->ui_read_string) { -+ switch (ui->meth->ui_read_string(ui, -+ sk_UI_STRING_value(ui->strings, -+ i))) { -+ case -1: /* Interrupt/Cancel/something... */ -+ ok = -2; -+ goto err; -+ case 0: /* Errors */ -+ ok = -1; -+ goto err; -+ default: /* Success */ -+ ok = 0; -+ break; -+ } -+ } -+ } -+ err: -+ if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui)) -+ return -1; -+ return ok; -+} -+ -+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) -+{ -+ if (ui == NULL) { -+ UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER); -+ return -1; -+ } -+ switch (cmd) { -+ case UI_CTRL_PRINT_ERRORS: - { -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, -- new_func, dup_func, free_func); -+ int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS); -+ if (i) -+ ui->flags |= UI_FLAG_PRINT_ERRORS; -+ else -+ ui->flags &= ~UI_FLAG_PRINT_ERRORS; -+ return save_flag; - } -+ case UI_CTRL_IS_REDOABLE: -+ return ! !(ui->flags & UI_FLAG_REDOABLE); -+ default: -+ break; -+ } -+ UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND); -+ return -1; -+} -+ -+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -+{ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, -+ new_func, dup_func, free_func); -+} - - int UI_set_ex_data(UI *r, int idx, void *arg) -- { -- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); -- } -+{ -+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); -+} - - void *UI_get_ex_data(UI *r, int idx) -- { -- return(CRYPTO_get_ex_data(&r->ex_data,idx)); -- } -+{ -+ return (CRYPTO_get_ex_data(&r->ex_data, idx)); -+} - - void UI_set_default_method(const UI_METHOD *meth) -- { -- default_UI_meth=meth; -- } -+{ -+ default_UI_meth = meth; -+} - - const UI_METHOD *UI_get_default_method(void) -- { -- if (default_UI_meth == NULL) -- { -- default_UI_meth=UI_OpenSSL(); -- } -- return default_UI_meth; -- } -+{ -+ if (default_UI_meth == NULL) { -+ default_UI_meth = UI_OpenSSL(); -+ } -+ return default_UI_meth; -+} - - const UI_METHOD *UI_get_method(UI *ui) -- { -- return ui->meth; -- } -+{ -+ return ui->meth; -+} - - const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) -- { -- ui->meth=meth; -- return ui->meth; -- } -- -+{ -+ ui->meth = meth; -+ return ui->meth; -+} - - UI_METHOD *UI_create_method(char *name) -- { -- UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); -- -- if (ui_method) -- { -- memset(ui_method, 0, sizeof(*ui_method)); -- ui_method->name = BUF_strdup(name); -- } -- return ui_method; -- } -- --/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method -- (that is, it hasn't been allocated using UI_create_method(), you deserve -- anything Murphy can throw at you and more! You have been warned. */ -+{ -+ UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); -+ -+ if (ui_method) { -+ memset(ui_method, 0, sizeof(*ui_method)); -+ ui_method->name = BUF_strdup(name); -+ } -+ return ui_method; -+} -+ -+/* -+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method -+ * (that is, it hasn't been allocated using UI_create_method(), you deserve -+ * anything Murphy can throw at you and more! You have been warned. -+ */ - void UI_destroy_method(UI_METHOD *ui_method) -- { -- OPENSSL_free(ui_method->name); -- ui_method->name = NULL; -- OPENSSL_free(ui_method); -- } -- --int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)) -- { -- if (method) -- { -- method->ui_open_session = opener; -- return 0; -- } -- else -- return -1; -- } -- --int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis)) -- { -- if (method) -- { -- method->ui_write_string = writer; -- return 0; -- } -- else -- return -1; -- } -- --int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)) -- { -- if (method) -- { -- method->ui_flush = flusher; -- return 0; -- } -- else -- return -1; -- } -- --int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)) -- { -- if (method) -- { -- method->ui_read_string = reader; -- return 0; -- } -- else -- return -1; -- } -- --int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)) -- { -- if (method) -- { -- method->ui_close_session = closer; -- return 0; -- } -- else -- return -1; -- } -- --int (*UI_method_get_opener(UI_METHOD *method))(UI*) -- { -- if (method) -- return method->ui_open_session; -- else -- return NULL; -- } -- --int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*) -- { -- if (method) -- return method->ui_write_string; -- else -- return NULL; -- } -- --int (*UI_method_get_flusher(UI_METHOD *method))(UI*) -- { -- if (method) -- return method->ui_flush; -- else -- return NULL; -- } -- --int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*) -- { -- if (method) -- return method->ui_read_string; -- else -- return NULL; -- } -- --int (*UI_method_get_closer(UI_METHOD *method))(UI*) -- { -- if (method) -- return method->ui_close_session; -- else -- return NULL; -- } -+{ -+ OPENSSL_free(ui_method->name); -+ ui_method->name = NULL; -+ OPENSSL_free(ui_method); -+} -+ -+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)) -+{ -+ if (method) { -+ method->ui_open_session = opener; -+ return 0; -+ } else -+ return -1; -+} -+ -+int UI_method_set_writer(UI_METHOD *method, -+ int (*writer) (UI *ui, UI_STRING *uis)) -+{ -+ if (method) { -+ method->ui_write_string = writer; -+ return 0; -+ } else -+ return -1; -+} -+ -+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)) -+{ -+ if (method) { -+ method->ui_flush = flusher; -+ return 0; -+ } else -+ return -1; -+} -+ -+int UI_method_set_reader(UI_METHOD *method, -+ int (*reader) (UI *ui, UI_STRING *uis)) -+{ -+ if (method) { -+ method->ui_read_string = reader; -+ return 0; -+ } else -+ return -1; -+} -+ -+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)) -+{ -+ if (method) { -+ method->ui_close_session = closer; -+ return 0; -+ } else -+ return -1; -+} -+ -+int (*UI_method_get_opener(UI_METHOD *method)) (UI *) { -+ if (method) -+ return method->ui_open_session; -+ else -+ return NULL; -+} -+ -+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) { -+ if (method) -+ return method->ui_write_string; -+ else -+ return NULL; -+} -+ -+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) { -+ if (method) -+ return method->ui_flush; -+ else -+ return NULL; -+} -+ -+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) { -+ if (method) -+ return method->ui_read_string; -+ else -+ return NULL; -+} -+ -+int (*UI_method_get_closer(UI_METHOD *method)) (UI *) { -+ if (method) -+ return method->ui_close_session; -+ else -+ return NULL; -+} - - enum UI_string_types UI_get_string_type(UI_STRING *uis) -- { -- if (!uis) -- return UIT_NONE; -- return uis->type; -- } -+{ -+ if (!uis) -+ return UIT_NONE; -+ return uis->type; -+} - - int UI_get_input_flags(UI_STRING *uis) -- { -- if (!uis) -- return 0; -- return uis->input_flags; -- } -+{ -+ if (!uis) -+ return 0; -+ return uis->input_flags; -+} - - const char *UI_get0_output_string(UI_STRING *uis) -- { -- if (!uis) -- return NULL; -- return uis->out_string; -- } -+{ -+ if (!uis) -+ return NULL; -+ return uis->out_string; -+} - - const char *UI_get0_action_string(UI_STRING *uis) -- { -- if (!uis) -- return NULL; -- switch(uis->type) -- { -- case UIT_PROMPT: -- case UIT_BOOLEAN: -- return uis->_.boolean_data.action_desc; -- default: -- return NULL; -- } -- } -+{ -+ if (!uis) -+ return NULL; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_BOOLEAN: -+ return uis->_.boolean_data.action_desc; -+ default: -+ return NULL; -+ } -+} - - const char *UI_get0_result_string(UI_STRING *uis) -- { -- if (!uis) -- return NULL; -- switch(uis->type) -- { -- case UIT_PROMPT: -- case UIT_VERIFY: -- return uis->result_buf; -- default: -- return NULL; -- } -- } -+{ -+ if (!uis) -+ return NULL; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_VERIFY: -+ return uis->result_buf; -+ default: -+ return NULL; -+ } -+} - - const char *UI_get0_test_string(UI_STRING *uis) -- { -- if (!uis) -- return NULL; -- switch(uis->type) -- { -- case UIT_VERIFY: -- return uis->_.string_data.test_buf; -- default: -- return NULL; -- } -- } -+{ -+ if (!uis) -+ return NULL; -+ switch (uis->type) { -+ case UIT_VERIFY: -+ return uis->_.string_data.test_buf; -+ default: -+ return NULL; -+ } -+} - - int UI_get_result_minsize(UI_STRING *uis) -- { -- if (!uis) -- return -1; -- switch(uis->type) -- { -- case UIT_PROMPT: -- case UIT_VERIFY: -- return uis->_.string_data.result_minsize; -- default: -- return -1; -- } -- } -+{ -+ if (!uis) -+ return -1; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_VERIFY: -+ return uis->_.string_data.result_minsize; -+ default: -+ return -1; -+ } -+} - - int UI_get_result_maxsize(UI_STRING *uis) -- { -- if (!uis) -- return -1; -- switch(uis->type) -- { -- case UIT_PROMPT: -- case UIT_VERIFY: -- return uis->_.string_data.result_maxsize; -- default: -- return -1; -- } -- } -+{ -+ if (!uis) -+ return -1; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_VERIFY: -+ return uis->_.string_data.result_maxsize; -+ default: -+ return -1; -+ } -+} - - int UI_set_result(UI *ui, UI_STRING *uis, const char *result) -- { -- int l = strlen(result); -- -- ui->flags &= ~UI_FLAG_REDOABLE; -- -- if (!uis) -- return -1; -- switch (uis->type) -- { -- case UIT_PROMPT: -- case UIT_VERIFY: -- { -- char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1]; -- char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1]; -- -- BIO_snprintf(number1, sizeof(number1), "%d", -- uis->_.string_data.result_minsize); -- BIO_snprintf(number2, sizeof(number2), "%d", -- uis->_.string_data.result_maxsize); -- -- if (l < uis->_.string_data.result_minsize) -- { -- ui->flags |= UI_FLAG_REDOABLE; -- UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL); -- ERR_add_error_data(5,"You must type in ", -- number1," to ",number2," characters"); -- return -1; -- } -- if (l > uis->_.string_data.result_maxsize) -- { -- ui->flags |= UI_FLAG_REDOABLE; -- UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE); -- ERR_add_error_data(5,"You must type in ", -- number1," to ",number2," characters"); -- return -1; -- } -- } -- -- if (!uis->result_buf) -- { -- UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER); -- return -1; -- } -- -- BUF_strlcpy(uis->result_buf, result, -- uis->_.string_data.result_maxsize + 1); -- break; -- case UIT_BOOLEAN: -- { -- const char *p; -- -- if (!uis->result_buf) -- { -- UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER); -- return -1; -- } -- -- uis->result_buf[0] = '\0'; -- for(p = result; *p; p++) -- { -- if (strchr(uis->_.boolean_data.ok_chars, *p)) -- { -- uis->result_buf[0] = -- uis->_.boolean_data.ok_chars[0]; -- break; -- } -- if (strchr(uis->_.boolean_data.cancel_chars, *p)) -- { -- uis->result_buf[0] = -- uis->_.boolean_data.cancel_chars[0]; -- break; -- } -- } -- } -- default: -- break; -- } -- return 0; -- } -+{ -+ int l = strlen(result); -+ -+ ui->flags &= ~UI_FLAG_REDOABLE; -+ -+ if (!uis) -+ return -1; -+ switch (uis->type) { -+ case UIT_PROMPT: -+ case UIT_VERIFY: -+ { -+ char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1]; -+ char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1]; -+ -+ BIO_snprintf(number1, sizeof(number1), "%d", -+ uis->_.string_data.result_minsize); -+ BIO_snprintf(number2, sizeof(number2), "%d", -+ uis->_.string_data.result_maxsize); -+ -+ if (l < uis->_.string_data.result_minsize) { -+ ui->flags |= UI_FLAG_REDOABLE; -+ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL); -+ ERR_add_error_data(5, "You must type in ", -+ number1, " to ", number2, " characters"); -+ return -1; -+ } -+ if (l > uis->_.string_data.result_maxsize) { -+ ui->flags |= UI_FLAG_REDOABLE; -+ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE); -+ ERR_add_error_data(5, "You must type in ", -+ number1, " to ", number2, " characters"); -+ return -1; -+ } -+ } -+ -+ if (!uis->result_buf) { -+ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); -+ return -1; -+ } -+ -+ BUF_strlcpy(uis->result_buf, result, -+ uis->_.string_data.result_maxsize + 1); -+ break; -+ case UIT_BOOLEAN: -+ { -+ const char *p; -+ -+ if (!uis->result_buf) { -+ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); -+ return -1; -+ } -+ -+ uis->result_buf[0] = '\0'; -+ for (p = result; *p; p++) { -+ if (strchr(uis->_.boolean_data.ok_chars, *p)) { -+ uis->result_buf[0] = uis->_.boolean_data.ok_chars[0]; -+ break; -+ } -+ if (strchr(uis->_.boolean_data.cancel_chars, *p)) { -+ uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0]; -+ break; -+ } -+ } -+ } -+ default: -+ break; -+ } -+ return 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c -index 5d9760b..f65f80d 100644 ---- a/Cryptlib/OpenSSL/crypto/ui/ui_util.c -+++ b/Cryptlib/OpenSSL/crypto/ui/ui_util.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,36 +56,38 @@ - #include - #include "ui_locl.h" - --int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify) -- { -- char buff[BUFSIZ]; -- int ret; -+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, -+ int verify) -+{ -+ char buff[BUFSIZ]; -+ int ret; - -- ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); -- OPENSSL_cleanse(buff,BUFSIZ); -- return(ret); -- } -+ ret = -+ UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, -+ prompt, verify); -+ OPENSSL_cleanse(buff, BUFSIZ); -+ return (ret); -+} - --int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify) -- { -- int ok = 0; -- UI *ui; -+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, -+ int verify) -+{ -+ int ok = 0; -+ UI *ui; - -- if (size < 1) -- return -1; -+ if (size < 1) -+ return -1; - -- ui = UI_new(); -- if (ui) -- { -- ok = UI_add_input_string(ui,prompt,0,buf,0,size-1); -- if (ok >= 0 && verify) -- ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1, -- buf); -- if (ok >= 0) -- ok=UI_process(ui); -- UI_free(ui); -- } -- if (ok > 0) -- ok = 0; -- return(ok); -- } -+ ui = UI_new(); -+ if (ui) { -+ ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); -+ if (ok >= 0 && verify) -+ ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf); -+ if (ok >= 0) -+ ok = UI_process(ui); -+ UI_free(ui); -+ } -+ if (ok > 0) -+ ok = 0; -+ return (ok); -+} -diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c -index b1fd52b..90694c6 100644 ---- a/Cryptlib/OpenSSL/crypto/uid.c -+++ b/Cryptlib/OpenSSL/crypto/uid.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,32 +58,31 @@ - - #if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) - --#include OPENSSL_UNISTD -+# include OPENSSL_UNISTD - - int OPENSSL_issetugid(void) -- { -- return issetugid(); -- } -+{ -+ return issetugid(); -+} - - #elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) - - int OPENSSL_issetugid(void) -- { -- return 0; -- } -+{ -+ return 0; -+} - - #else - --#include OPENSSL_UNISTD --#include -+# include OPENSSL_UNISTD -+# include - - int OPENSSL_issetugid(void) -- { -- if (getuid() != geteuid()) return 1; -- if (getgid() != getegid()) return 1; -- return 0; -- } -+{ -+ if (getuid() != geteuid()) -+ return 1; -+ if (getgid() != getegid()) -+ return 1; -+ return 0; -+} - #endif -- -- -- -diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c -index b3acd80..5a12743 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/by_dir.c -+++ b/Cryptlib/OpenSSL/crypto/x509/by_dir.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -75,311 +75,294 @@ - #include - - #ifdef _WIN32 --#define stat _stat -+# define stat _stat - #endif - --typedef struct lookup_dir_st -- { -- BUF_MEM *buffer; -- int num_dirs; -- char **dirs; -- int *dirs_type; -- int num_dirs_alloced; -- } BY_DIR; -+typedef struct lookup_dir_st { -+ BUF_MEM *buffer; -+ int num_dirs; -+ char **dirs; -+ int *dirs_type; -+ int num_dirs_alloced; -+} BY_DIR; - - static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, -- char **ret); -+ char **ret); - static int new_dir(X509_LOOKUP *lu); - static void free_dir(X509_LOOKUP *lu); --static int add_cert_dir(BY_DIR *ctx,const char *dir,int type); --static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, -- X509_OBJECT *ret); --X509_LOOKUP_METHOD x509_dir_lookup= -- { -- "Load certs from files in a directory", -- new_dir, /* new */ -- free_dir, /* free */ -- NULL, /* init */ -- NULL, /* shutdown */ -- dir_ctrl, /* ctrl */ -- get_cert_by_subject, /* get_by_subject */ -- NULL, /* get_by_issuer_serial */ -- NULL, /* get_by_fingerprint */ -- NULL, /* get_by_alias */ -- }; -+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); -+static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, -+ X509_OBJECT *ret); -+X509_LOOKUP_METHOD x509_dir_lookup = { -+ "Load certs from files in a directory", -+ new_dir, /* new */ -+ free_dir, /* free */ -+ NULL, /* init */ -+ NULL, /* shutdown */ -+ dir_ctrl, /* ctrl */ -+ get_cert_by_subject, /* get_by_subject */ -+ NULL, /* get_by_issuer_serial */ -+ NULL, /* get_by_fingerprint */ -+ NULL, /* get_by_alias */ -+}; - - X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) -- { -- return(&x509_dir_lookup); -- } -+{ -+ return (&x509_dir_lookup); -+} - - static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, -- char **retp) -- { -- int ret=0; -- BY_DIR *ld; -- char *dir = NULL; -+ char **retp) -+{ -+ int ret = 0; -+ BY_DIR *ld; -+ char *dir = NULL; - -- ld=(BY_DIR *)ctx->method_data; -+ ld = (BY_DIR *)ctx->method_data; - -- switch (cmd) -- { -- case X509_L_ADD_DIR: -- if (argl == X509_FILETYPE_DEFAULT) -- { -- dir=(char *)Getenv(X509_get_default_cert_dir_env()); -- if (dir) -- ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); -- else -- ret=add_cert_dir(ld,X509_get_default_cert_dir(), -- X509_FILETYPE_PEM); -- if (!ret) -- { -- X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR); -- } -- } -- else -- ret=add_cert_dir(ld,argp,(int)argl); -- break; -- } -- return(ret); -- } -+ switch (cmd) { -+ case X509_L_ADD_DIR: -+ if (argl == X509_FILETYPE_DEFAULT) { -+ dir = (char *)Getenv(X509_get_default_cert_dir_env()); -+ if (dir) -+ ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); -+ else -+ ret = add_cert_dir(ld, X509_get_default_cert_dir(), -+ X509_FILETYPE_PEM); -+ if (!ret) { -+ X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR); -+ } -+ } else -+ ret = add_cert_dir(ld, argp, (int)argl); -+ break; -+ } -+ return (ret); -+} - - static int new_dir(X509_LOOKUP *lu) -- { -- BY_DIR *a; -+{ -+ BY_DIR *a; - -- if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) -- return(0); -- if ((a->buffer=BUF_MEM_new()) == NULL) -- { -- OPENSSL_free(a); -- return(0); -- } -- a->num_dirs=0; -- a->dirs=NULL; -- a->dirs_type=NULL; -- a->num_dirs_alloced=0; -- lu->method_data=(char *)a; -- return(1); -- } -+ if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) -+ return (0); -+ if ((a->buffer = BUF_MEM_new()) == NULL) { -+ OPENSSL_free(a); -+ return (0); -+ } -+ a->num_dirs = 0; -+ a->dirs = NULL; -+ a->dirs_type = NULL; -+ a->num_dirs_alloced = 0; -+ lu->method_data = (char *)a; -+ return (1); -+} - - static void free_dir(X509_LOOKUP *lu) -- { -- BY_DIR *a; -- int i; -+{ -+ BY_DIR *a; -+ int i; - -- a=(BY_DIR *)lu->method_data; -- for (i=0; inum_dirs; i++) -- if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]); -- if (a->dirs != NULL) OPENSSL_free(a->dirs); -- if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type); -- if (a->buffer != NULL) BUF_MEM_free(a->buffer); -- OPENSSL_free(a); -- } -+ a = (BY_DIR *)lu->method_data; -+ for (i = 0; i < a->num_dirs; i++) -+ if (a->dirs[i] != NULL) -+ OPENSSL_free(a->dirs[i]); -+ if (a->dirs != NULL) -+ OPENSSL_free(a->dirs); -+ if (a->dirs_type != NULL) -+ OPENSSL_free(a->dirs_type); -+ if (a->buffer != NULL) -+ BUF_MEM_free(a->buffer); -+ OPENSSL_free(a); -+} - - static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) -- { -- int j,len; -- int *ip; -- const char *s,*ss,*p; -- char **pp; -+{ -+ int j, len; -+ int *ip; -+ const char *s, *ss, *p; -+ char **pp; - -- if (dir == NULL || !*dir) -- { -- X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY); -- return 0; -- } -+ if (dir == NULL || !*dir) { -+ X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY); -+ return 0; -+ } - -- s=dir; -- p=s; -- for (;;p++) -- { -- if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) -- { -- ss=s; -- s=p+1; -- len=(int)(p-ss); -- if (len == 0) continue; -- for (j=0; jnum_dirs; j++) -- if (strlen(ctx->dirs[j]) == (size_t)len && -- strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) -- break; -- if (jnum_dirs) -- continue; -- if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) -- { -- ctx->num_dirs_alloced+=10; -- pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced* -- sizeof(char *)); -- ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced* -- sizeof(int)); -- if ((pp == NULL) || (ip == NULL)) -- { -- X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)* -- sizeof(char *)); -- memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* -- sizeof(int)); -- if (ctx->dirs != NULL) -- OPENSSL_free(ctx->dirs); -- if (ctx->dirs_type != NULL) -- OPENSSL_free(ctx->dirs_type); -- ctx->dirs=pp; -- ctx->dirs_type=ip; -- } -- ctx->dirs_type[ctx->num_dirs]=type; -- ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1); -- if (ctx->dirs[ctx->num_dirs] == NULL) return(0); -- strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); -- ctx->dirs[ctx->num_dirs][len]='\0'; -- ctx->num_dirs++; -- } -- if (*p == '\0') break; -- } -- return(1); -- } -+ s = dir; -+ p = s; -+ for (;; p++) { -+ if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { -+ ss = s; -+ s = p + 1; -+ len = (int)(p - ss); -+ if (len == 0) -+ continue; -+ for (j = 0; j < ctx->num_dirs; j++) -+ if (strlen(ctx->dirs[j]) == (size_t)len && -+ strncmp(ctx->dirs[j], ss, (unsigned int)len) == 0) -+ break; -+ if (j < ctx->num_dirs) -+ continue; -+ if (ctx->num_dirs_alloced < (ctx->num_dirs + 1)) { -+ ctx->num_dirs_alloced += 10; -+ pp = (char **)OPENSSL_malloc(ctx->num_dirs_alloced * -+ sizeof(char *)); -+ ip = (int *)OPENSSL_malloc(ctx->num_dirs_alloced * -+ sizeof(int)); -+ if ((pp == NULL) || (ip == NULL)) { -+ X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); -+ return (0); -+ } -+ memcpy(pp, ctx->dirs, (ctx->num_dirs_alloced - 10) * -+ sizeof(char *)); -+ memcpy(ip, ctx->dirs_type, (ctx->num_dirs_alloced - 10) * -+ sizeof(int)); -+ if (ctx->dirs != NULL) -+ OPENSSL_free(ctx->dirs); -+ if (ctx->dirs_type != NULL) -+ OPENSSL_free(ctx->dirs_type); -+ ctx->dirs = pp; -+ ctx->dirs_type = ip; -+ } -+ ctx->dirs_type[ctx->num_dirs] = type; -+ ctx->dirs[ctx->num_dirs] = -+ (char *)OPENSSL_malloc((unsigned int)len + 1); -+ if (ctx->dirs[ctx->num_dirs] == NULL) -+ return (0); -+ strncpy(ctx->dirs[ctx->num_dirs], ss, (unsigned int)len); -+ ctx->dirs[ctx->num_dirs][len] = '\0'; -+ ctx->num_dirs++; -+ } -+ if (*p == '\0') -+ break; -+ } -+ return (1); -+} - - static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, -- X509_OBJECT *ret) -- { -- BY_DIR *ctx; -- union { -- struct { -- X509 st_x509; -- X509_CINF st_x509_cinf; -- } x509; -- struct { -- X509_CRL st_crl; -- X509_CRL_INFO st_crl_info; -- } crl; -- } data; -- int ok=0; -- int i,j,k; -- unsigned long h; -- BUF_MEM *b=NULL; -- struct stat st; -- X509_OBJECT stmp,*tmp; -- const char *postfix=""; -+ X509_OBJECT *ret) -+{ -+ BY_DIR *ctx; -+ union { -+ struct { -+ X509 st_x509; -+ X509_CINF st_x509_cinf; -+ } x509; -+ struct { -+ X509_CRL st_crl; -+ X509_CRL_INFO st_crl_info; -+ } crl; -+ } data; -+ int ok = 0; -+ int i, j, k; -+ unsigned long h; -+ BUF_MEM *b = NULL; -+ struct stat st; -+ X509_OBJECT stmp, *tmp; -+ const char *postfix = ""; -+ -+ if (name == NULL) -+ return (0); - -- if (name == NULL) return(0); -+ stmp.type = type; -+ if (type == X509_LU_X509) { -+ data.x509.st_x509.cert_info = &data.x509.st_x509_cinf; -+ data.x509.st_x509_cinf.subject = name; -+ stmp.data.x509 = &data.x509.st_x509; -+ postfix = ""; -+ } else if (type == X509_LU_CRL) { -+ data.crl.st_crl.crl = &data.crl.st_crl_info; -+ data.crl.st_crl_info.issuer = name; -+ stmp.data.crl = &data.crl.st_crl; -+ postfix = "r"; -+ } else { -+ X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE); -+ goto finish; -+ } - -- stmp.type=type; -- if (type == X509_LU_X509) -- { -- data.x509.st_x509.cert_info= &data.x509.st_x509_cinf; -- data.x509.st_x509_cinf.subject=name; -- stmp.data.x509= &data.x509.st_x509; -- postfix=""; -- } -- else if (type == X509_LU_CRL) -- { -- data.crl.st_crl.crl= &data.crl.st_crl_info; -- data.crl.st_crl_info.issuer=name; -- stmp.data.crl= &data.crl.st_crl; -- postfix="r"; -- } -- else -- { -- X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE); -- goto finish; -- } -+ if ((b = BUF_MEM_new()) == NULL) { -+ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB); -+ goto finish; -+ } - -- if ((b=BUF_MEM_new()) == NULL) -- { -- X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB); -- goto finish; -- } -- -- ctx=(BY_DIR *)xl->method_data; -+ ctx = (BY_DIR *)xl->method_data; - -- h=X509_NAME_hash(name); -- for (i=0; inum_dirs; i++) -- { -- j=strlen(ctx->dirs[i])+1+8+6+1+1; -- if (!BUF_MEM_grow(b,j)) -- { -- X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE); -- goto finish; -- } -- k=0; -- for (;;) -- { -- char c = '/'; -+ h = X509_NAME_hash(name); -+ for (i = 0; i < ctx->num_dirs; i++) { -+ j = strlen(ctx->dirs[i]) + 1 + 8 + 6 + 1 + 1; -+ if (!BUF_MEM_grow(b, j)) { -+ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); -+ goto finish; -+ } -+ k = 0; -+ for (;;) { -+ char c = '/'; - #ifdef OPENSSL_SYS_VMS -- c = ctx->dirs[i][strlen(ctx->dirs[i])-1]; -- if (c != ':' && c != '>' && c != ']') -- { -- /* If no separator is present, we assume the -- directory specifier is a logical name, and -- add a colon. We really should use better -- VMS routines for merging things like this, -- but this will do for now... -- -- Richard Levitte */ -- c = ':'; -- } -- else -- { -- c = '\0'; -- } -+ c = ctx->dirs[i][strlen(ctx->dirs[i]) - 1]; -+ if (c != ':' && c != '>' && c != ']') { -+ /* -+ * If no separator is present, we assume the directory -+ * specifier is a logical name, and add a colon. We really -+ * should use better VMS routines for merging things like -+ * this, but this will do for now... -- Richard Levitte -+ */ -+ c = ':'; -+ } else { -+ c = '\0'; -+ } - #endif -- if (c == '\0') -- { -- /* This is special. When c == '\0', no -- directory separator should be added. */ -- BIO_snprintf(b->data,b->max, -- "%s%08lx.%s%d",ctx->dirs[i],h, -- postfix,k); -- } -- else -- { -- BIO_snprintf(b->data,b->max, -- "%s%c%08lx.%s%d",ctx->dirs[i],c,h, -- postfix,k); -- } -- k++; -- if (stat(b->data,&st) < 0) -- break; -- /* found one. */ -- if (type == X509_LU_X509) -- { -- if ((X509_load_cert_file(xl,b->data, -- ctx->dirs_type[i])) == 0) -- break; -- } -- else if (type == X509_LU_CRL) -- { -- if ((X509_load_crl_file(xl,b->data, -- ctx->dirs_type[i])) == 0) -- break; -- } -- /* else case will caught higher up */ -- } -+ if (c == '\0') { -+ /* -+ * This is special. When c == '\0', no directory separator -+ * should be added. -+ */ -+ BIO_snprintf(b->data, b->max, -+ "%s%08lx.%s%d", ctx->dirs[i], h, postfix, k); -+ } else { -+ BIO_snprintf(b->data, b->max, -+ "%s%c%08lx.%s%d", ctx->dirs[i], c, h, -+ postfix, k); -+ } -+ k++; -+ if (stat(b->data, &st) < 0) -+ break; -+ /* found one. */ -+ if (type == X509_LU_X509) { -+ if ((X509_load_cert_file(xl, b->data, -+ ctx->dirs_type[i])) == 0) -+ break; -+ } else if (type == X509_LU_CRL) { -+ if ((X509_load_crl_file(xl, b->data, ctx->dirs_type[i])) == 0) -+ break; -+ } -+ /* else case will caught higher up */ -+ } - -- /* we have added it to the cache so now pull -- * it out again */ -- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -- j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); -- if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); -- else tmp = NULL; -- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -+ /* -+ * we have added it to the cache so now pull it out again -+ */ -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -+ j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); -+ if (j != -1) -+ tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); -+ else -+ tmp = NULL; -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - -- if (tmp != NULL) -- { -- ok=1; -- ret->type=tmp->type; -- memcpy(&ret->data,&tmp->data,sizeof(ret->data)); -- /* If we were going to up the reference count, -- * we would need to do it on a perl 'type' -- * basis */ -- /* CRYPTO_add(&tmp->data.x509->references,1, -- CRYPTO_LOCK_X509);*/ -- goto finish; -- } -- } --finish: -- if (b != NULL) BUF_MEM_free(b); -- return(ok); -- } -+ if (tmp != NULL) { -+ ok = 1; -+ ret->type = tmp->type; -+ memcpy(&ret->data, &tmp->data, sizeof(ret->data)); -+ /* -+ * If we were going to up the reference count, we would need to -+ * do it on a perl 'type' basis -+ */ -+ /*- CRYPTO_add(&tmp->data.x509->references,1, -+ CRYPTO_LOCK_X509);*/ -+ goto finish; -+ } -+ } -+ finish: -+ if (b != NULL) -+ BUF_MEM_free(b); -+ return (ok); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c -index a5e0d4a..737a825 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/by_file.c -+++ b/Cryptlib/OpenSSL/crypto/x509/by_file.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -69,232 +69,209 @@ - #ifndef OPENSSL_NO_STDIO - - static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, -- long argl, char **ret); --X509_LOOKUP_METHOD x509_file_lookup= -- { -- "Load file into cache", -- NULL, /* new */ -- NULL, /* free */ -- NULL, /* init */ -- NULL, /* shutdown */ -- by_file_ctrl, /* ctrl */ -- NULL, /* get_by_subject */ -- NULL, /* get_by_issuer_serial */ -- NULL, /* get_by_fingerprint */ -- NULL, /* get_by_alias */ -- }; -+ long argl, char **ret); -+X509_LOOKUP_METHOD x509_file_lookup = { -+ "Load file into cache", -+ NULL, /* new */ -+ NULL, /* free */ -+ NULL, /* init */ -+ NULL, /* shutdown */ -+ by_file_ctrl, /* ctrl */ -+ NULL, /* get_by_subject */ -+ NULL, /* get_by_issuer_serial */ -+ NULL, /* get_by_fingerprint */ -+ NULL, /* get_by_alias */ -+}; - - X509_LOOKUP_METHOD *X509_LOOKUP_file(void) -- { -- return(&x509_file_lookup); -- } -+{ -+ return (&x509_file_lookup); -+} - --static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, -- char **ret) -- { -- int ok=0; -- char *file; -+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, -+ long argl, char **ret) -+{ -+ int ok = 0; -+ char *file; - -- switch (cmd) -- { -- case X509_L_FILE_LOAD: -- if (argl == X509_FILETYPE_DEFAULT) -- { -- file = (char *)Getenv(X509_get_default_cert_file_env()); -- if (file) -- ok = (X509_load_cert_crl_file(ctx,file, -- X509_FILETYPE_PEM) != 0); -+ switch (cmd) { -+ case X509_L_FILE_LOAD: -+ if (argl == X509_FILETYPE_DEFAULT) { -+ file = (char *)Getenv(X509_get_default_cert_file_env()); -+ if (file) -+ ok = (X509_load_cert_crl_file(ctx, file, -+ X509_FILETYPE_PEM) != 0); - -- else -- ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), -- X509_FILETYPE_PEM) != 0); -+ else -+ ok = (X509_load_cert_crl_file -+ (ctx, X509_get_default_cert_file(), -+ X509_FILETYPE_PEM) != 0); - -- if (!ok) -- { -- X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); -- } -- } -- else -- { -- if(argl == X509_FILETYPE_PEM) -- ok = (X509_load_cert_crl_file(ctx,argp, -- X509_FILETYPE_PEM) != 0); -- else -- ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0); -- } -- break; -- } -- return(ok); -- } -+ if (!ok) { -+ X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS); -+ } -+ } else { -+ if (argl == X509_FILETYPE_PEM) -+ ok = (X509_load_cert_crl_file(ctx, argp, -+ X509_FILETYPE_PEM) != 0); -+ else -+ ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0); -+ } -+ break; -+ } -+ return (ok); -+} - - int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) -- { -- int ret=0; -- BIO *in=NULL; -- int i,count=0; -- X509 *x=NULL; -+{ -+ int ret = 0; -+ BIO *in = NULL; -+ int i, count = 0; -+ X509 *x = NULL; - -- if (file == NULL) return(1); -- in=BIO_new(BIO_s_file_internal()); -+ if (file == NULL) -+ return (1); -+ in = BIO_new(BIO_s_file_internal()); - -- if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) -- { -- X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB); -- goto err; -- } -+ if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { -+ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB); -+ goto err; -+ } - -- if (type == X509_FILETYPE_PEM) -- { -- for (;;) -- { -- x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); -- if (x == NULL) -- { -- if ((ERR_GET_REASON(ERR_peek_last_error()) == -- PEM_R_NO_START_LINE) && (count > 0)) -- { -- ERR_clear_error(); -- break; -- } -- else -- { -- X509err(X509_F_X509_LOAD_CERT_FILE, -- ERR_R_PEM_LIB); -- goto err; -- } -- } -- i=X509_STORE_add_cert(ctx->store_ctx,x); -- if (!i) goto err; -- count++; -- X509_free(x); -- x=NULL; -- } -- ret=count; -- } -- else if (type == X509_FILETYPE_ASN1) -- { -- x=d2i_X509_bio(in,NULL); -- if (x == NULL) -- { -- X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB); -- goto err; -- } -- i=X509_STORE_add_cert(ctx->store_ctx,x); -- if (!i) goto err; -- ret=i; -- } -- else -- { -- X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE); -- goto err; -- } --err: -- if (x != NULL) X509_free(x); -- if (in != NULL) BIO_free(in); -- return(ret); -- } -+ if (type == X509_FILETYPE_PEM) { -+ for (;;) { -+ x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); -+ if (x == NULL) { -+ if ((ERR_GET_REASON(ERR_peek_last_error()) == -+ PEM_R_NO_START_LINE) && (count > 0)) { -+ ERR_clear_error(); -+ break; -+ } else { -+ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB); -+ goto err; -+ } -+ } -+ i = X509_STORE_add_cert(ctx->store_ctx, x); -+ if (!i) -+ goto err; -+ count++; -+ X509_free(x); -+ x = NULL; -+ } -+ ret = count; -+ } else if (type == X509_FILETYPE_ASN1) { -+ x = d2i_X509_bio(in, NULL); -+ if (x == NULL) { -+ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ i = X509_STORE_add_cert(ctx->store_ctx, x); -+ if (!i) -+ goto err; -+ ret = i; -+ } else { -+ X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); -+ goto err; -+ } -+ err: -+ if (x != NULL) -+ X509_free(x); -+ if (in != NULL) -+ BIO_free(in); -+ return (ret); -+} - - int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) -- { -- int ret=0; -- BIO *in=NULL; -- int i,count=0; -- X509_CRL *x=NULL; -+{ -+ int ret = 0; -+ BIO *in = NULL; -+ int i, count = 0; -+ X509_CRL *x = NULL; - -- if (file == NULL) return(1); -- in=BIO_new(BIO_s_file_internal()); -+ if (file == NULL) -+ return (1); -+ in = BIO_new(BIO_s_file_internal()); - -- if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) -- { -- X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB); -- goto err; -- } -+ if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { -+ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB); -+ goto err; -+ } - -- if (type == X509_FILETYPE_PEM) -- { -- for (;;) -- { -- x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); -- if (x == NULL) -- { -- if ((ERR_GET_REASON(ERR_peek_last_error()) == -- PEM_R_NO_START_LINE) && (count > 0)) -- { -- ERR_clear_error(); -- break; -- } -- else -- { -- X509err(X509_F_X509_LOAD_CRL_FILE, -- ERR_R_PEM_LIB); -- goto err; -- } -- } -- i=X509_STORE_add_crl(ctx->store_ctx,x); -- if (!i) goto err; -- count++; -- X509_CRL_free(x); -- x=NULL; -- } -- ret=count; -- } -- else if (type == X509_FILETYPE_ASN1) -- { -- x=d2i_X509_CRL_bio(in,NULL); -- if (x == NULL) -- { -- X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB); -- goto err; -- } -- i=X509_STORE_add_crl(ctx->store_ctx,x); -- if (!i) goto err; -- ret=i; -- } -- else -- { -- X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE); -- goto err; -- } --err: -- if (x != NULL) X509_CRL_free(x); -- if (in != NULL) BIO_free(in); -- return(ret); -- } -+ if (type == X509_FILETYPE_PEM) { -+ for (;;) { -+ x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); -+ if (x == NULL) { -+ if ((ERR_GET_REASON(ERR_peek_last_error()) == -+ PEM_R_NO_START_LINE) && (count > 0)) { -+ ERR_clear_error(); -+ break; -+ } else { -+ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB); -+ goto err; -+ } -+ } -+ i = X509_STORE_add_crl(ctx->store_ctx, x); -+ if (!i) -+ goto err; -+ count++; -+ X509_CRL_free(x); -+ x = NULL; -+ } -+ ret = count; -+ } else if (type == X509_FILETYPE_ASN1) { -+ x = d2i_X509_CRL_bio(in, NULL); -+ if (x == NULL) { -+ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB); -+ goto err; -+ } -+ i = X509_STORE_add_crl(ctx->store_ctx, x); -+ if (!i) -+ goto err; -+ ret = i; -+ } else { -+ X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE); -+ goto err; -+ } -+ err: -+ if (x != NULL) -+ X509_CRL_free(x); -+ if (in != NULL) -+ BIO_free(in); -+ return (ret); -+} - - int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) - { -- STACK_OF(X509_INFO) *inf; -- X509_INFO *itmp; -- BIO *in; -- int i, count = 0; -- if(type != X509_FILETYPE_PEM) -- return X509_load_cert_file(ctx, file, type); -- in = BIO_new_file(file, "r"); -- if(!in) { -- X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB); -- return 0; -- } -- inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); -- BIO_free(in); -- if(!inf) { -- X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB); -- return 0; -- } -- for(i = 0; i < sk_X509_INFO_num(inf); i++) { -- itmp = sk_X509_INFO_value(inf, i); -- if(itmp->x509) { -- X509_STORE_add_cert(ctx->store_ctx, itmp->x509); -- count++; -- } -- if(itmp->crl) { -- X509_STORE_add_crl(ctx->store_ctx, itmp->crl); -- count++; -- } -- } -- sk_X509_INFO_pop_free(inf, X509_INFO_free); -- return count; -+ STACK_OF(X509_INFO) *inf; -+ X509_INFO *itmp; -+ BIO *in; -+ int i, count = 0; -+ if (type != X509_FILETYPE_PEM) -+ return X509_load_cert_file(ctx, file, type); -+ in = BIO_new_file(file, "r"); -+ if (!in) { -+ X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); -+ return 0; -+ } -+ inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); -+ BIO_free(in); -+ if (!inf) { -+ X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); -+ return 0; -+ } -+ for (i = 0; i < sk_X509_INFO_num(inf); i++) { -+ itmp = sk_X509_INFO_value(inf, i); -+ if (itmp->x509) { -+ X509_STORE_add_cert(ctx->store_ctx, itmp->x509); -+ count++; -+ } -+ if (itmp->crl) { -+ X509_STORE_add_crl(ctx->store_ctx, itmp->crl); -+ count++; -+ } -+ } -+ sk_X509_INFO_pop_free(inf, X509_INFO_free); -+ return count; - } - -- --#endif /* OPENSSL_NO_STDIO */ -- -+#endif /* OPENSSL_NO_STDIO */ -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c -index 98460e8..bd59281 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_att.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_att.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -67,293 +67,318 @@ - - int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) - { -- return sk_X509_ATTRIBUTE_num(x); -+ return sk_X509_ATTRIBUTE_num(x); - } - - int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, -- int lastpos) -+ int lastpos) - { -- ASN1_OBJECT *obj; -+ ASN1_OBJECT *obj; - -- obj=OBJ_nid2obj(nid); -- if (obj == NULL) return(-2); -- return(X509at_get_attr_by_OBJ(x,obj,lastpos)); -+ obj = OBJ_nid2obj(nid); -+ if (obj == NULL) -+ return (-2); -+ return (X509at_get_attr_by_OBJ(x, obj, lastpos)); - } - --int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, -- int lastpos) -+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, -+ ASN1_OBJECT *obj, int lastpos) - { -- int n; -- X509_ATTRIBUTE *ex; -+ int n; -+ X509_ATTRIBUTE *ex; - -- if (sk == NULL) return(-1); -- lastpos++; -- if (lastpos < 0) -- lastpos=0; -- n=sk_X509_ATTRIBUTE_num(sk); -- for ( ; lastpos < n; lastpos++) -- { -- ex=sk_X509_ATTRIBUTE_value(sk,lastpos); -- if (OBJ_cmp(ex->object,obj) == 0) -- return(lastpos); -- } -- return(-1); -+ if (sk == NULL) -+ return (-1); -+ lastpos++; -+ if (lastpos < 0) -+ lastpos = 0; -+ n = sk_X509_ATTRIBUTE_num(sk); -+ for (; lastpos < n; lastpos++) { -+ ex = sk_X509_ATTRIBUTE_value(sk, lastpos); -+ if (OBJ_cmp(ex->object, obj) == 0) -+ return (lastpos); -+ } -+ return (-1); - } - - X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) - { -- if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) -- return NULL; -- else -- return sk_X509_ATTRIBUTE_value(x,loc); -+ if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) -+ return NULL; -+ else -+ return sk_X509_ATTRIBUTE_value(x, loc); - } - - X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) - { -- X509_ATTRIBUTE *ret; -+ X509_ATTRIBUTE *ret; - -- if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) -- return(NULL); -- ret=sk_X509_ATTRIBUTE_delete(x,loc); -- return(ret); -+ if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) -+ return (NULL); -+ ret = sk_X509_ATTRIBUTE_delete(x, loc); -+ return (ret); - } - - STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, -- X509_ATTRIBUTE *attr) -+ X509_ATTRIBUTE *attr) - { -- X509_ATTRIBUTE *new_attr=NULL; -- STACK_OF(X509_ATTRIBUTE) *sk=NULL; -+ X509_ATTRIBUTE *new_attr = NULL; -+ STACK_OF(X509_ATTRIBUTE) *sk = NULL; - -- if (x == NULL) -- { -- X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER); -- goto err2; -- } -+ if (x == NULL) { -+ X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER); -+ goto err2; -+ } - -- if (*x == NULL) -- { -- if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL) -- goto err; -- } -- else -- sk= *x; -+ if (*x == NULL) { -+ if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) -+ goto err; -+ } else -+ sk = *x; - -- if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL) -- goto err2; -- if (!sk_X509_ATTRIBUTE_push(sk,new_attr)) -- goto err; -- if (*x == NULL) -- *x=sk; -- return(sk); --err: -- X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE); --err2: -- if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); -- if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); -- return(NULL); -+ if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL) -+ goto err2; -+ if (!sk_X509_ATTRIBUTE_push(sk, new_attr)) -+ goto err; -+ if (*x == NULL) -+ *x = sk; -+ return (sk); -+ err: -+ X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE); -+ err2: -+ if (new_attr != NULL) -+ X509_ATTRIBUTE_free(new_attr); -+ if (sk != NULL) -+ sk_X509_ATTRIBUTE_free(sk); -+ return (NULL); - } - --STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, -- const ASN1_OBJECT *obj, int type, -- const unsigned char *bytes, int len) -+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) -+ **x, const ASN1_OBJECT *obj, -+ int type, -+ const unsigned char *bytes, -+ int len) - { -- X509_ATTRIBUTE *attr; -- STACK_OF(X509_ATTRIBUTE) *ret; -- attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); -- if(!attr) return 0; -- ret = X509at_add1_attr(x, attr); -- X509_ATTRIBUTE_free(attr); -- return ret; -+ X509_ATTRIBUTE *attr; -+ STACK_OF(X509_ATTRIBUTE) *ret; -+ attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); -+ if (!attr) -+ return 0; -+ ret = X509at_add1_attr(x, attr); -+ X509_ATTRIBUTE_free(attr); -+ return ret; - } - --STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, -- int nid, int type, -- const unsigned char *bytes, int len) -+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) -+ **x, int nid, int type, -+ const unsigned char *bytes, -+ int len) - { -- X509_ATTRIBUTE *attr; -- STACK_OF(X509_ATTRIBUTE) *ret; -- attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); -- if(!attr) return 0; -- ret = X509at_add1_attr(x, attr); -- X509_ATTRIBUTE_free(attr); -- return ret; -+ X509_ATTRIBUTE *attr; -+ STACK_OF(X509_ATTRIBUTE) *ret; -+ attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); -+ if (!attr) -+ return 0; -+ ret = X509at_add1_attr(x, attr); -+ X509_ATTRIBUTE_free(attr); -+ return ret; - } - --STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, -- const char *attrname, int type, -- const unsigned char *bytes, int len) -+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) -+ **x, const char *attrname, -+ int type, -+ const unsigned char *bytes, -+ int len) - { -- X509_ATTRIBUTE *attr; -- STACK_OF(X509_ATTRIBUTE) *ret; -- attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); -- if(!attr) return 0; -- ret = X509at_add1_attr(x, attr); -- X509_ATTRIBUTE_free(attr); -- return ret; -+ X509_ATTRIBUTE *attr; -+ STACK_OF(X509_ATTRIBUTE) *ret; -+ attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); -+ if (!attr) -+ return 0; -+ ret = X509at_add1_attr(x, attr); -+ X509_ATTRIBUTE_free(attr); -+ return ret; - } - - void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, -- ASN1_OBJECT *obj, int lastpos, int type) -+ ASN1_OBJECT *obj, int lastpos, int type) - { -- int i; -- X509_ATTRIBUTE *at; -- i = X509at_get_attr_by_OBJ(x, obj, lastpos); -- if (i == -1) -- return NULL; -- if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) -- return NULL; -- at = X509at_get_attr(x, i); -- if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) -- return NULL; -- return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); -+ int i; -+ X509_ATTRIBUTE *at; -+ i = X509at_get_attr_by_OBJ(x, obj, lastpos); -+ if (i == -1) -+ return NULL; -+ if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) -+ return NULL; -+ at = X509at_get_attr(x, i); -+ if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) -+ return NULL; -+ return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); - } - - X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, -- int atrtype, const void *data, int len) -+ int atrtype, const void *data, -+ int len) - { -- ASN1_OBJECT *obj; -- X509_ATTRIBUTE *ret; -+ ASN1_OBJECT *obj; -+ X509_ATTRIBUTE *ret; - -- obj=OBJ_nid2obj(nid); -- if (obj == NULL) -- { -- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID); -- return(NULL); -- } -- ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len); -- if (ret == NULL) ASN1_OBJECT_free(obj); -- return(ret); -+ obj = OBJ_nid2obj(nid); -+ if (obj == NULL) { -+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len); -+ if (ret == NULL) -+ ASN1_OBJECT_free(obj); -+ return (ret); - } - - X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, -- const ASN1_OBJECT *obj, int atrtype, const void *data, int len) -+ const ASN1_OBJECT *obj, -+ int atrtype, const void *data, -+ int len) - { -- X509_ATTRIBUTE *ret; -+ X509_ATTRIBUTE *ret; - -- if ((attr == NULL) || (*attr == NULL)) -- { -- if ((ret=X509_ATTRIBUTE_new()) == NULL) -- { -- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- } -- else -- ret= *attr; -+ if ((attr == NULL) || (*attr == NULL)) { -+ if ((ret = X509_ATTRIBUTE_new()) == NULL) { -+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, -+ ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ } else -+ ret = *attr; - -- if (!X509_ATTRIBUTE_set1_object(ret,obj)) -- goto err; -- if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len)) -- goto err; -+ if (!X509_ATTRIBUTE_set1_object(ret, obj)) -+ goto err; -+ if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len)) -+ goto err; - -- if ((attr != NULL) && (*attr == NULL)) *attr=ret; -- return(ret); --err: -- if ((attr == NULL) || (ret != *attr)) -- X509_ATTRIBUTE_free(ret); -- return(NULL); -+ if ((attr != NULL) && (*attr == NULL)) -+ *attr = ret; -+ return (ret); -+ err: -+ if ((attr == NULL) || (ret != *attr)) -+ X509_ATTRIBUTE_free(ret); -+ return (NULL); - } - - X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, -- const char *atrname, int type, const unsigned char *bytes, int len) -- { -- ASN1_OBJECT *obj; -- X509_ATTRIBUTE *nattr; -+ const char *atrname, int type, -+ const unsigned char *bytes, -+ int len) -+{ -+ ASN1_OBJECT *obj; -+ X509_ATTRIBUTE *nattr; - -- obj=OBJ_txt2obj(atrname, 0); -- if (obj == NULL) -- { -- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, -- X509_R_INVALID_FIELD_NAME); -- ERR_add_error_data(2, "name=", atrname); -- return(NULL); -- } -- nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len); -- ASN1_OBJECT_free(obj); -- return nattr; -- } -+ obj = OBJ_txt2obj(atrname, 0); -+ if (obj == NULL) { -+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, -+ X509_R_INVALID_FIELD_NAME); -+ ERR_add_error_data(2, "name=", atrname); -+ return (NULL); -+ } -+ nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len); -+ ASN1_OBJECT_free(obj); -+ return nattr; -+} - - int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) - { -- if ((attr == NULL) || (obj == NULL)) -- return(0); -- ASN1_OBJECT_free(attr->object); -- attr->object=OBJ_dup(obj); -- return(1); -+ if ((attr == NULL) || (obj == NULL)) -+ return (0); -+ ASN1_OBJECT_free(attr->object); -+ attr->object = OBJ_dup(obj); -+ return (1); - } - --int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) -+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, -+ const void *data, int len) - { -- ASN1_TYPE *ttmp; -- ASN1_STRING *stmp = NULL; -- int atype = 0; -- if (!attr) return 0; -- if(attrtype & MBSTRING_FLAG) { -- stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, -- OBJ_obj2nid(attr->object)); -- if(!stmp) { -- X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB); -- return 0; -- } -- atype = stmp->type; -- } else if (len != -1){ -- if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; -- if(!ASN1_STRING_set(stmp, data, len)) goto err; -- atype = attrtype; -- } -- if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; -- attr->single = 0; -- /* This is a bit naughty because the attribute should really have -- * at least one value but some types use and zero length SET and -- * require this. -- */ -- if (attrtype == 0) -- return 1; -- if(!(ttmp = ASN1_TYPE_new())) goto err; -- if ((len == -1) && !(attrtype & MBSTRING_FLAG)) -- { -- if (!ASN1_TYPE_set1(ttmp, attrtype, data)) -- goto err; -- } -- else -- ASN1_TYPE_set(ttmp, atype, stmp); -- if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; -- return 1; -- err: -- X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); -- return 0; -+ ASN1_TYPE *ttmp; -+ ASN1_STRING *stmp = NULL; -+ int atype = 0; -+ if (!attr) -+ return 0; -+ if (attrtype & MBSTRING_FLAG) { -+ stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, -+ OBJ_obj2nid(attr->object)); -+ if (!stmp) { -+ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB); -+ return 0; -+ } -+ atype = stmp->type; -+ } else if (len != -1) { -+ if (!(stmp = ASN1_STRING_type_new(attrtype))) -+ goto err; -+ if (!ASN1_STRING_set(stmp, data, len)) -+ goto err; -+ atype = attrtype; -+ } -+ if (!(attr->value.set = sk_ASN1_TYPE_new_null())) -+ goto err; -+ attr->single = 0; -+ /* -+ * This is a bit naughty because the attribute should really have at -+ * least one value but some types use and zero length SET and require -+ * this. -+ */ -+ if (attrtype == 0) -+ return 1; -+ if (!(ttmp = ASN1_TYPE_new())) -+ goto err; -+ if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { -+ if (!ASN1_TYPE_set1(ttmp, attrtype, data)) -+ goto err; -+ } else -+ ASN1_TYPE_set(ttmp, atype, stmp); -+ if (!sk_ASN1_TYPE_push(attr->value.set, ttmp)) -+ goto err; -+ return 1; -+ err: -+ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); -+ return 0; - } - - int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) - { -- if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set); -- if(attr->value.single) return 1; -- return 0; -+ if (!attr->single) -+ return sk_ASN1_TYPE_num(attr->value.set); -+ if (attr->value.single) -+ return 1; -+ return 0; - } - - ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) - { -- if (attr == NULL) return(NULL); -- return(attr->object); -+ if (attr == NULL) -+ return (NULL); -+ return (attr->object); - } - - void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, -- int atrtype, void *data) -+ int atrtype, void *data) - { -- ASN1_TYPE *ttmp; -- ttmp = X509_ATTRIBUTE_get0_type(attr, idx); -- if(!ttmp) return NULL; -- if(atrtype != ASN1_TYPE_get(ttmp)){ -- X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); -- return NULL; -- } -- return ttmp->value.ptr; -+ ASN1_TYPE *ttmp; -+ ttmp = X509_ATTRIBUTE_get0_type(attr, idx); -+ if (!ttmp) -+ return NULL; -+ if (atrtype != ASN1_TYPE_get(ttmp)) { -+ X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); -+ return NULL; -+ } -+ return ttmp->value.ptr; - } - - ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) - { -- if (attr == NULL) return(NULL); -- if(idx >= X509_ATTRIBUTE_count(attr)) return NULL; -- if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx); -- else return attr->value.single; -+ if (attr == NULL) -+ return (NULL); -+ if (idx >= X509_ATTRIBUTE_count(attr)) -+ return NULL; -+ if (!attr->single) -+ return sk_ASN1_TYPE_value(attr->value.set, idx); -+ else -+ return attr->value.single; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c -index 2faf925..de66d37 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,368 +65,361 @@ - #include - - int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) -- { -- int i; -- X509_CINF *ai,*bi; -- -- ai=a->cert_info; -- bi=b->cert_info; -- i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); -- if (i) return(i); -- return(X509_NAME_cmp(ai->issuer,bi->issuer)); -- } -+{ -+ int i; -+ X509_CINF *ai, *bi; -+ -+ ai = a->cert_info; -+ bi = b->cert_info; -+ i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); -+ if (i) -+ return (i); -+ return (X509_NAME_cmp(ai->issuer, bi->issuer)); -+} - - #ifndef OPENSSL_NO_MD5 - unsigned long X509_issuer_and_serial_hash(X509 *a) -- { -- unsigned long ret=0; -- EVP_MD_CTX ctx; -- unsigned char md[16]; -- char *f; -- -- EVP_MD_CTX_init(&ctx); -- f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); -- ret=strlen(f); -- EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); -- EVP_DigestUpdate(&ctx,(unsigned char *)f,ret); -- OPENSSL_free(f); -- EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, -- (unsigned long)a->cert_info->serialNumber->length); -- EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); -- ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| -- ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) -- )&0xffffffffL; -- EVP_MD_CTX_cleanup(&ctx); -- return(ret); -- } -+{ -+ unsigned long ret = 0; -+ EVP_MD_CTX ctx; -+ unsigned char md[16]; -+ char *f; -+ -+ EVP_MD_CTX_init(&ctx); -+ f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); -+ ret = strlen(f); -+ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); -+ EVP_DigestUpdate(&ctx, (unsigned char *)f, ret); -+ OPENSSL_free(f); -+ EVP_DigestUpdate(&ctx, (unsigned char *)a->cert_info->serialNumber->data, -+ (unsigned long)a->cert_info->serialNumber->length); -+ EVP_DigestFinal_ex(&ctx, &(md[0]), NULL); -+ ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | -+ ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) -+ ) & 0xffffffffL; -+ EVP_MD_CTX_cleanup(&ctx); -+ return (ret); -+} - #endif -- -+ - int X509_issuer_name_cmp(const X509 *a, const X509 *b) -- { -- return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); -- } -+{ -+ return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer)); -+} - - int X509_subject_name_cmp(const X509 *a, const X509 *b) -- { -- return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); -- } -+{ -+ return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject)); -+} - - int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) -- { -- return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); -- } -+{ -+ return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); -+} - - X509_NAME *X509_get_issuer_name(X509 *a) -- { -- return(a->cert_info->issuer); -- } -+{ -+ return (a->cert_info->issuer); -+} - - unsigned long X509_issuer_name_hash(X509 *x) -- { -- return(X509_NAME_hash(x->cert_info->issuer)); -- } -+{ -+ return (X509_NAME_hash(x->cert_info->issuer)); -+} - - X509_NAME *X509_get_subject_name(X509 *a) -- { -- return(a->cert_info->subject); -- } -+{ -+ return (a->cert_info->subject); -+} - - ASN1_INTEGER *X509_get_serialNumber(X509 *a) -- { -- return(a->cert_info->serialNumber); -- } -+{ -+ return (a->cert_info->serialNumber); -+} - - unsigned long X509_subject_name_hash(X509 *x) -- { -- return(X509_NAME_hash(x->cert_info->subject)); -- } -+{ -+ return (X509_NAME_hash(x->cert_info->subject)); -+} - - #ifndef OPENSSL_NO_SHA --/* Compare two certificates: they must be identical for -- * this to work. NB: Although "cmp" operations are generally -- * prototyped to take "const" arguments (eg. for use in -- * STACKs), the way X509 handling is - these operations may -- * involve ensuring the hashes are up-to-date and ensuring -- * certain cert information is cached. So this is the point -- * where the "depth-first" constification tree has to halt -- * with an evil cast. -+/* -+ * Compare two certificates: they must be identical for this to work. NB: -+ * Although "cmp" operations are generally prototyped to take "const" -+ * arguments (eg. for use in STACKs), the way X509 handling is - these -+ * operations may involve ensuring the hashes are up-to-date and ensuring -+ * certain cert information is cached. So this is the point where the -+ * "depth-first" constification tree has to halt with an evil cast. - */ - int X509_cmp(const X509 *a, const X509 *b) - { -- /* ensure hash is valid */ -- X509_check_purpose((X509 *)a, -1, 0); -- X509_check_purpose((X509 *)b, -1, 0); -+ /* ensure hash is valid */ -+ X509_check_purpose((X509 *)a, -1, 0); -+ X509_check_purpose((X509 *)b, -1, 0); - -- return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); -+ return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); - } - #endif - -- - /* Case insensitive string comparision */ - static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) - { -- int i; -+ int i; - -- if (a->length != b->length) -- return (a->length - b->length); -+ if (a->length != b->length) -+ return (a->length - b->length); - -- for (i=0; ilength; i++) -- { -- int ca, cb; -+ for (i = 0; i < a->length; i++) { -+ int ca, cb; - -- ca = tolower(a->data[i]); -- cb = tolower(b->data[i]); -+ ca = tolower(a->data[i]); -+ cb = tolower(b->data[i]); - -- if (ca != cb) -- return(ca-cb); -- } -- return 0; -+ if (ca != cb) -+ return (ca - cb); -+ } -+ return 0; - } - --/* Case insensitive string comparision with space normalization -- * Space normalization - ignore leading, trailing spaces, -- * multiple spaces between characters are replaced by single space -+/* -+ * Case insensitive string comparision with space normalization Space -+ * normalization - ignore leading, trailing spaces, multiple spaces between -+ * characters are replaced by single space - */ - static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) - { -- unsigned char *pa = NULL, *pb = NULL; -- int la, lb; -- -- la = a->length; -- lb = b->length; -- pa = a->data; -- pb = b->data; -- -- /* skip leading spaces */ -- while (la > 0 && isspace(*pa)) -- { -- la--; -- pa++; -- } -- while (lb > 0 && isspace(*pb)) -- { -- lb--; -- pb++; -- } -- -- /* skip trailing spaces */ -- while (la > 0 && isspace(pa[la-1])) -- la--; -- while (lb > 0 && isspace(pb[lb-1])) -- lb--; -- -- /* compare strings with space normalization */ -- while (la > 0 && lb > 0) -- { -- int ca, cb; -- -- /* compare character */ -- ca = tolower(*pa); -- cb = tolower(*pb); -- if (ca != cb) -- return (ca - cb); -- -- pa++; pb++; -- la--; lb--; -- -- if (la <= 0 || lb <= 0) -- break; -- -- /* is white space next character ? */ -- if (isspace(*pa) && isspace(*pb)) -- { -- /* skip remaining white spaces */ -- while (la > 0 && isspace(*pa)) -- { -- la--; -- pa++; -- } -- while (lb > 0 && isspace(*pb)) -- { -- lb--; -- pb++; -- } -- } -- } -- if (la > 0 || lb > 0) -- return la - lb; -- -- return 0; -+ unsigned char *pa = NULL, *pb = NULL; -+ int la, lb; -+ -+ la = a->length; -+ lb = b->length; -+ pa = a->data; -+ pb = b->data; -+ -+ /* skip leading spaces */ -+ while (la > 0 && isspace(*pa)) { -+ la--; -+ pa++; -+ } -+ while (lb > 0 && isspace(*pb)) { -+ lb--; -+ pb++; -+ } -+ -+ /* skip trailing spaces */ -+ while (la > 0 && isspace(pa[la - 1])) -+ la--; -+ while (lb > 0 && isspace(pb[lb - 1])) -+ lb--; -+ -+ /* compare strings with space normalization */ -+ while (la > 0 && lb > 0) { -+ int ca, cb; -+ -+ /* compare character */ -+ ca = tolower(*pa); -+ cb = tolower(*pb); -+ if (ca != cb) -+ return (ca - cb); -+ -+ pa++; -+ pb++; -+ la--; -+ lb--; -+ -+ if (la <= 0 || lb <= 0) -+ break; -+ -+ /* is white space next character ? */ -+ if (isspace(*pa) && isspace(*pb)) { -+ /* skip remaining white spaces */ -+ while (la > 0 && isspace(*pa)) { -+ la--; -+ pa++; -+ } -+ while (lb > 0 && isspace(*pb)) { -+ lb--; -+ pb++; -+ } -+ } -+ } -+ if (la > 0 || lb > 0) -+ return la - lb; -+ -+ return 0; - } - - static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b) -- { -- int j; -- j = a->length - b->length; -- if (j) -- return j; -- return memcmp(a->data, b->data, a->length); -- } -+{ -+ int j; -+ j = a->length - b->length; -+ if (j) -+ return j; -+ return memcmp(a->data, b->data, a->length); -+} - - #define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING) - - int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) -- { -- int i,j; -- X509_NAME_ENTRY *na,*nb; -- -- unsigned long nabit, nbbit; -- -- j = sk_X509_NAME_ENTRY_num(a->entries) -- - sk_X509_NAME_ENTRY_num(b->entries); -- if (j) -- return j; -- for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) -- { -- na=sk_X509_NAME_ENTRY_value(a->entries,i); -- nb=sk_X509_NAME_ENTRY_value(b->entries,i); -- j=na->value->type-nb->value->type; -- if (j) -- { -- nabit = ASN1_tag2bit(na->value->type); -- nbbit = ASN1_tag2bit(nb->value->type); -- if (!(nabit & STR_TYPE_CMP) || -- !(nbbit & STR_TYPE_CMP)) -- return j; -- if (!asn1_string_memcmp(na->value, nb->value)) -- j = 0; -- } -- else if (na->value->type == V_ASN1_PRINTABLESTRING) -- j=nocase_spacenorm_cmp(na->value, nb->value); -- else if (na->value->type == V_ASN1_IA5STRING -- && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) -- j=nocase_cmp(na->value, nb->value); -- else -- j = asn1_string_memcmp(na->value, nb->value); -- if (j) return(j); -- j=na->set-nb->set; -- if (j) return(j); -- } -- -- /* We will check the object types after checking the values -- * since the values will more often be different than the object -- * types. */ -- for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) -- { -- na=sk_X509_NAME_ENTRY_value(a->entries,i); -- nb=sk_X509_NAME_ENTRY_value(b->entries,i); -- j=OBJ_cmp(na->object,nb->object); -- if (j) return(j); -- } -- return(0); -- } -+{ -+ int i, j; -+ X509_NAME_ENTRY *na, *nb; -+ -+ unsigned long nabit, nbbit; -+ -+ j = sk_X509_NAME_ENTRY_num(a->entries) -+ - sk_X509_NAME_ENTRY_num(b->entries); -+ if (j) -+ return j; -+ for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) { -+ na = sk_X509_NAME_ENTRY_value(a->entries, i); -+ nb = sk_X509_NAME_ENTRY_value(b->entries, i); -+ j = na->value->type - nb->value->type; -+ if (j) { -+ nabit = ASN1_tag2bit(na->value->type); -+ nbbit = ASN1_tag2bit(nb->value->type); -+ if (!(nabit & STR_TYPE_CMP) || !(nbbit & STR_TYPE_CMP)) -+ return j; -+ if (!asn1_string_memcmp(na->value, nb->value)) -+ j = 0; -+ } else if (na->value->type == V_ASN1_PRINTABLESTRING) -+ j = nocase_spacenorm_cmp(na->value, nb->value); -+ else if (na->value->type == V_ASN1_IA5STRING -+ && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) -+ j = nocase_cmp(na->value, nb->value); -+ else -+ j = asn1_string_memcmp(na->value, nb->value); -+ if (j) -+ return (j); -+ j = na->set - nb->set; -+ if (j) -+ return (j); -+ } -+ -+ /* -+ * We will check the object types after checking the values since the -+ * values will more often be different than the object types. -+ */ -+ for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) { -+ na = sk_X509_NAME_ENTRY_value(a->entries, i); -+ nb = sk_X509_NAME_ENTRY_value(b->entries, i); -+ j = OBJ_cmp(na->object, nb->object); -+ if (j) -+ return (j); -+ } -+ return (0); -+} - - #ifndef OPENSSL_NO_MD5 --/* I now DER encode the name and hash it. Since I cache the DER encoding, -- * this is reasonably efficient. */ -+/* -+ * I now DER encode the name and hash it. Since I cache the DER encoding, -+ * this is reasonably efficient. -+ */ - unsigned long X509_NAME_hash(X509_NAME *x) -- { -- unsigned long ret=0; -- unsigned char md[16]; -- EVP_MD_CTX md_ctx; -- -- /* Make sure X509_NAME structure contains valid cached encoding */ -- i2d_X509_NAME(x,NULL); -- EVP_MD_CTX_init(&md_ctx); -- EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -- EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); -- EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); -- EVP_DigestFinal_ex(&md_ctx,md,NULL); -- EVP_MD_CTX_cleanup(&md_ctx); -- -- ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| -- ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) -- )&0xffffffffL; -- return(ret); -- } -+{ -+ unsigned long ret = 0; -+ unsigned char md[16]; -+ EVP_MD_CTX md_ctx; -+ -+ /* Make sure X509_NAME structure contains valid cached encoding */ -+ i2d_X509_NAME(x, NULL); -+ EVP_MD_CTX_init(&md_ctx); -+ EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -+ EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); -+ EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); -+ EVP_DigestFinal_ex(&md_ctx, md, NULL); -+ EVP_MD_CTX_cleanup(&md_ctx); -+ -+ ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | -+ ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) -+ ) & 0xffffffffL; -+ return (ret); -+} - #endif - - /* Search a stack of X509 for a match */ - X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, -- ASN1_INTEGER *serial) -- { -- int i; -- X509_CINF cinf; -- X509 x,*x509=NULL; -- -- if(!sk) return NULL; -- -- x.cert_info= &cinf; -- cinf.serialNumber=serial; -- cinf.issuer=name; -- -- for (i=0; icert_info == NULL)) -- return(NULL); -- return(X509_PUBKEY_get(x->cert_info->key)); -- } -+{ -+ if ((x == NULL) || (x->cert_info == NULL)) -+ return (NULL); -+ return (X509_PUBKEY_get(x->cert_info->key)); -+} - - ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) -- { -- if(!x) return NULL; -- return x->cert_info->key->public_key; -- } -+{ -+ if (!x) -+ return NULL; -+ return x->cert_info->key->public_key; -+} - - int X509_check_private_key(X509 *x, EVP_PKEY *k) -- { -- EVP_PKEY *xk=NULL; -- int ok=0; -- -- xk=X509_get_pubkey(x); -- switch (EVP_PKEY_cmp(xk, k)) -- { -- case 1: -- ok=1; -- break; -- case 0: -- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); -- break; -- case -1: -- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); -- break; -- case -2: -+{ -+ EVP_PKEY *xk = NULL; -+ int ok = 0; -+ -+ xk = X509_get_pubkey(x); -+ switch (EVP_PKEY_cmp(xk, k)) { -+ case 1: -+ ok = 1; -+ break; -+ case 0: -+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH); -+ break; -+ case -1: -+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH); -+ break; -+ case -2: - #ifndef OPENSSL_NO_EC -- if (k->type == EVP_PKEY_EC) -- { -- X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); -- break; -- } -+ if (k->type == EVP_PKEY_EC) { -+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); -+ break; -+ } - #endif - #ifndef OPENSSL_NO_DH -- if (k->type == EVP_PKEY_DH) -- { -- /* No idea */ -- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); -- break; -- } -+ if (k->type == EVP_PKEY_DH) { -+ /* No idea */ -+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_CANT_CHECK_DH_KEY); -+ break; -+ } - #endif -- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); -- } -+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); -+ } - -- EVP_PKEY_free(xk); -- return(ok); -- } -+ EVP_PKEY_free(xk); -+ return (ok); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c -index 51410cf..50ca2a6 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,45 +63,47 @@ - - #ifndef OPENSSL_NO_STDIO - int X509_STORE_set_default_paths(X509_STORE *ctx) -- { -- X509_LOOKUP *lookup; -+{ -+ X509_LOOKUP *lookup; -+ -+ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); -+ if (lookup == NULL) -+ return (0); -+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); - -- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); -- if (lookup == NULL) return(0); -- X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); -+ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); -+ if (lookup == NULL) -+ return (0); -+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); - -- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); -- if (lookup == NULL) return(0); -- X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); -- -- /* clear any errors */ -- ERR_clear_error(); -+ /* clear any errors */ -+ ERR_clear_error(); - -- return(1); -- } -+ return (1); -+} - - int X509_STORE_load_locations(X509_STORE *ctx, const char *file, -- const char *path) -- { -- X509_LOOKUP *lookup; -+ const char *path) -+{ -+ X509_LOOKUP *lookup; - -- if (file != NULL) -- { -- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); -- if (lookup == NULL) return(0); -- if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1) -- return(0); -- } -- if (path != NULL) -- { -- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); -- if (lookup == NULL) return(0); -- if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1) -- return(0); -- } -- if ((path == NULL) && (file == NULL)) -- return(0); -- return(1); -- } -+ if (file != NULL) { -+ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); -+ if (lookup == NULL) -+ return (0); -+ if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1) -+ return (0); -+ } -+ if (path != NULL) { -+ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); -+ if (lookup == NULL) -+ return (0); -+ if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1) -+ return (0); -+ } -+ if ((path == NULL) && (file == NULL)) -+ return (0); -+ return (1); -+} - - #endif -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c -index e0ac151..25c5537 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_def.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_def.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -62,20 +62,31 @@ - #include - - const char *X509_get_default_private_dir(void) -- { return(X509_PRIVATE_DIR); } -- -+{ -+ return (X509_PRIVATE_DIR); -+} -+ - const char *X509_get_default_cert_area(void) -- { return(X509_CERT_AREA); } -+{ -+ return (X509_CERT_AREA); -+} - - const char *X509_get_default_cert_dir(void) -- { return(X509_CERT_DIR); } -+{ -+ return (X509_CERT_DIR); -+} - - const char *X509_get_default_cert_file(void) -- { return(X509_CERT_FILE); } -+{ -+ return (X509_CERT_FILE); -+} - - const char *X509_get_default_cert_dir_env(void) -- { return(X509_CERT_DIR_EVP); } -+{ -+ return (X509_CERT_DIR_EVP); -+} - - const char *X509_get_default_cert_file_env(void) -- { return(X509_CERT_FILE_EVP); } -- -+{ -+ return (X509_CERT_FILE_EVP); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c -index fb37729..ea14920 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_err.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,97 +66,110 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) - --static ERR_STRING_DATA X509_str_functs[]= -- { --{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, --{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, --{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, --{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, --{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, --{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, --{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, --{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, --{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, --{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, --{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, --{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, --{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, --{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, --{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, --{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, --{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, --{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, --{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, --{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, --{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, --{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, --{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, --{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, --{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, --{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, --{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, --{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, --{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, --{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, --{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, --{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, --{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, --{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, --{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, --{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, --{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, --{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, --{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, --{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, --{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, --{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, --{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, --{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, --{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, --{0,NULL} -- }; -+static ERR_STRING_DATA X509_str_functs[] = { -+ {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, -+ {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, -+ {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, -+ {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, -+ {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, -+ {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, -+ {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, -+ {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, -+ {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, -+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), -+ "X509_ATTRIBUTE_create_by_NID"}, -+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), -+ "X509_ATTRIBUTE_create_by_OBJ"}, -+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), -+ "X509_ATTRIBUTE_create_by_txt"}, -+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, -+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, -+ {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, -+ {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, -+ {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), -+ "X509_EXTENSION_create_by_NID"}, -+ {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), -+ "X509_EXTENSION_create_by_OBJ"}, -+ {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), -+ "X509_get_pubkey_parameters"}, -+ {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, -+ {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, -+ {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, -+ {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, -+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), -+ "X509_NAME_ENTRY_create_by_NID"}, -+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), -+ "X509_NAME_ENTRY_create_by_txt"}, -+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), -+ "X509_NAME_ENTRY_set_object"}, -+ {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, -+ {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, -+ {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, -+ {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, -+ {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, -+ {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), -+ "X509_REQ_check_private_key"}, -+ {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, -+ {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, -+ {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, -+ {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, -+ {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, -+ {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), -+ "X509_STORE_CTX_get1_issuer"}, -+ {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, -+ {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, -+ {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), -+ "X509_STORE_CTX_purpose_inherit"}, -+ {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, -+ {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, -+ {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, -+ {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA X509_str_reasons[]= -- { --{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, --{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, --{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, --{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, --{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, --{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, --{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, --{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, --{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, --{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, --{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, --{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, --{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, --{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, --{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, --{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, --{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"}, --{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"}, --{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"}, --{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"}, --{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, --{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"}, --{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"}, --{0,NULL} -- }; -+static ERR_STRING_DATA X509_str_reasons[] = { -+ {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, -+ {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"}, -+ {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, -+ {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), -+ "cert already in hash table"}, -+ {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"}, -+ {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"}, -+ {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"}, -+ {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"}, -+ {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"}, -+ {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"}, -+ {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"}, -+ {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"}, -+ {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), -+ "no cert set for us to verify"}, -+ {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"}, -+ {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), -+ "unable to find parameters in chain"}, -+ {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), -+ "unable to get certs public key"}, -+ {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"}, -+ {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"}, -+ {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"}, -+ {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"}, -+ {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, -+ {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"}, -+ {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_X509_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(X509_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,X509_str_functs); -- ERR_load_strings(0,X509_str_reasons); -- } -+ if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, X509_str_functs); -+ ERR_load_strings(0, X509_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c -index e7fdacb..fb4e311 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,146 +65,147 @@ - #include - #include - -- - int X509_CRL_get_ext_count(X509_CRL *x) -- { -- return(X509v3_get_ext_count(x->crl->extensions)); -- } -+{ -+ return (X509v3_get_ext_count(x->crl->extensions)); -+} - - int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) -- { -- return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); -+} - - int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) -- { -- return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); -+} - - int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) -- { -- return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); -+} - - X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) -- { -- return(X509v3_get_ext(x->crl->extensions,loc)); -- } -+{ -+ return (X509v3_get_ext(x->crl->extensions, loc)); -+} - - X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) -- { -- return(X509v3_delete_ext(x->crl->extensions,loc)); -- } -+{ -+ return (X509v3_delete_ext(x->crl->extensions, loc)); -+} - - void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) - { -- return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); -+ return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); - } - - int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, -- unsigned long flags) -+ unsigned long flags) - { -- return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); -+ return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); - } - - int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) -- { -- return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); -- } -+{ -+ return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); -+} - - int X509_get_ext_count(X509 *x) -- { -- return(X509v3_get_ext_count(x->cert_info->extensions)); -- } -+{ -+ return (X509v3_get_ext_count(x->cert_info->extensions)); -+} - - int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) -- { -- return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); -+} - - int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) -- { -- return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); -+} - - int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) -- { -- return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_critical -+ (x->cert_info->extensions, crit, lastpos)); -+} - - X509_EXTENSION *X509_get_ext(X509 *x, int loc) -- { -- return(X509v3_get_ext(x->cert_info->extensions,loc)); -- } -+{ -+ return (X509v3_get_ext(x->cert_info->extensions, loc)); -+} - - X509_EXTENSION *X509_delete_ext(X509 *x, int loc) -- { -- return(X509v3_delete_ext(x->cert_info->extensions,loc)); -- } -+{ -+ return (X509v3_delete_ext(x->cert_info->extensions, loc)); -+} - - int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) -- { -- return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); -- } -+{ -+ return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); -+} - - void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) - { -- return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); -+ return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); - } - - int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, -- unsigned long flags) -+ unsigned long flags) - { -- return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, -- flags); -+ return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, -+ flags); - } - - int X509_REVOKED_get_ext_count(X509_REVOKED *x) -- { -- return(X509v3_get_ext_count(x->extensions)); -- } -+{ -+ return (X509v3_get_ext_count(x->extensions)); -+} - - int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) -- { -- return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); -+} - - int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, -- int lastpos) -- { -- return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); -- } -+ int lastpos) -+{ -+ return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); -+} - - int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) -- { -- return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); -- } -+{ -+ return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); -+} - - X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) -- { -- return(X509v3_get_ext(x->extensions,loc)); -- } -+{ -+ return (X509v3_get_ext(x->extensions, loc)); -+} - - X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) -- { -- return(X509v3_delete_ext(x->extensions,loc)); -- } -+{ -+ return (X509v3_delete_ext(x->extensions, loc)); -+} - - int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) -- { -- return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); -- } -+{ -+ return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); -+} - - void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) - { -- return X509V3_get_d2i(x->extensions, nid, crit, idx); -+ return X509V3_get_d2i(x->extensions, nid, crit, idx); - } - - int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, -- unsigned long flags) -+ unsigned long flags) - { -- return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); -+ return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); - } - - IMPLEMENT_STACK_OF(X509_EXTENSION) -+ - IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c -index b486171..684ef5f 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,423 +63,413 @@ - #include - - X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) -- { -- X509_LOOKUP *ret; -- -- ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); -- if (ret == NULL) return NULL; -- -- ret->init=0; -- ret->skip=0; -- ret->method=method; -- ret->method_data=NULL; -- ret->store_ctx=NULL; -- if ((method->new_item != NULL) && !method->new_item(ret)) -- { -- OPENSSL_free(ret); -- return NULL; -- } -- return ret; -- } -+{ -+ X509_LOOKUP *ret; -+ -+ ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); -+ if (ret == NULL) -+ return NULL; -+ -+ ret->init = 0; -+ ret->skip = 0; -+ ret->method = method; -+ ret->method_data = NULL; -+ ret->store_ctx = NULL; -+ if ((method->new_item != NULL) && !method->new_item(ret)) { -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ return ret; -+} - - void X509_LOOKUP_free(X509_LOOKUP *ctx) -- { -- if (ctx == NULL) return; -- if ( (ctx->method != NULL) && -- (ctx->method->free != NULL)) -- ctx->method->free(ctx); -- OPENSSL_free(ctx); -- } -+{ -+ if (ctx == NULL) -+ return; -+ if ((ctx->method != NULL) && (ctx->method->free != NULL)) -+ ctx->method->free(ctx); -+ OPENSSL_free(ctx); -+} - - int X509_LOOKUP_init(X509_LOOKUP *ctx) -- { -- if (ctx->method == NULL) return 0; -- if (ctx->method->init != NULL) -- return ctx->method->init(ctx); -- else -- return 1; -- } -+{ -+ if (ctx->method == NULL) -+ return 0; -+ if (ctx->method->init != NULL) -+ return ctx->method->init(ctx); -+ else -+ return 1; -+} - - int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) -- { -- if (ctx->method == NULL) return 0; -- if (ctx->method->shutdown != NULL) -- return ctx->method->shutdown(ctx); -- else -- return 1; -- } -+{ -+ if (ctx->method == NULL) -+ return 0; -+ if (ctx->method->shutdown != NULL) -+ return ctx->method->shutdown(ctx); -+ else -+ return 1; -+} - - int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, -- char **ret) -- { -- if (ctx->method == NULL) return -1; -- if (ctx->method->ctrl != NULL) -- return ctx->method->ctrl(ctx,cmd,argc,argl,ret); -- else -- return 1; -- } -+ char **ret) -+{ -+ if (ctx->method == NULL) -+ return -1; -+ if (ctx->method->ctrl != NULL) -+ return ctx->method->ctrl(ctx, cmd, argc, argl, ret); -+ else -+ return 1; -+} - - int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, -- X509_OBJECT *ret) -- { -- if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) -- return X509_LU_FAIL; -- if (ctx->skip) return 0; -- return ctx->method->get_by_subject(ctx,type,name,ret); -- } -+ X509_OBJECT *ret) -+{ -+ if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) -+ return X509_LU_FAIL; -+ if (ctx->skip) -+ return 0; -+ return ctx->method->get_by_subject(ctx, type, name, ret); -+} - - int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, -- ASN1_INTEGER *serial, X509_OBJECT *ret) -- { -- if ((ctx->method == NULL) || -- (ctx->method->get_by_issuer_serial == NULL)) -- return X509_LU_FAIL; -- return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); -- } -+ ASN1_INTEGER *serial, X509_OBJECT *ret) -+{ -+ if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) -+ return X509_LU_FAIL; -+ return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); -+} - - int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, -- unsigned char *bytes, int len, X509_OBJECT *ret) -- { -- if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) -- return X509_LU_FAIL; -- return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); -- } -+ unsigned char *bytes, int len, -+ X509_OBJECT *ret) -+{ -+ if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) -+ return X509_LU_FAIL; -+ return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); -+} - - int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, -- X509_OBJECT *ret) -- { -- if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) -- return X509_LU_FAIL; -- return ctx->method->get_by_alias(ctx,type,str,len,ret); -- } -- -- --static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) -- { -- int ret; -- -- ret=((*a)->type - (*b)->type); -- if (ret) return ret; -- switch ((*a)->type) -- { -- case X509_LU_X509: -- ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); -- break; -- case X509_LU_CRL: -- ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); -- break; -- default: -- /* abort(); */ -- return 0; -- } -- return ret; -- } -+ X509_OBJECT *ret) -+{ -+ if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) -+ return X509_LU_FAIL; -+ return ctx->method->get_by_alias(ctx, type, str, len, ret); -+} -+ -+static int x509_object_cmp(const X509_OBJECT *const *a, -+ const X509_OBJECT *const *b) -+{ -+ int ret; -+ -+ ret = ((*a)->type - (*b)->type); -+ if (ret) -+ return ret; -+ switch ((*a)->type) { -+ case X509_LU_X509: -+ ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); -+ break; -+ case X509_LU_CRL: -+ ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); -+ break; -+ default: -+ /* abort(); */ -+ return 0; -+ } -+ return ret; -+} - - X509_STORE *X509_STORE_new(void) -- { -- X509_STORE *ret; -- -- if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) -- return NULL; -- ret->objs = sk_X509_OBJECT_new(x509_object_cmp); -- ret->cache=1; -- ret->get_cert_methods=sk_X509_LOOKUP_new_null(); -- ret->verify=0; -- ret->verify_cb=0; -- -- if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) -- return NULL; -- -- ret->get_issuer = 0; -- ret->check_issued = 0; -- ret->check_revocation = 0; -- ret->get_crl = 0; -- ret->check_crl = 0; -- ret->cert_crl = 0; -- ret->cleanup = 0; -- -- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) -- { -- sk_X509_OBJECT_free(ret->objs); -- OPENSSL_free(ret); -- return NULL; -- } -- -- ret->references=1; -- return ret; -- } -+{ -+ X509_STORE *ret; -+ -+ if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) -+ return NULL; -+ ret->objs = sk_X509_OBJECT_new(x509_object_cmp); -+ ret->cache = 1; -+ ret->get_cert_methods = sk_X509_LOOKUP_new_null(); -+ ret->verify = 0; -+ ret->verify_cb = 0; -+ -+ if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) -+ return NULL; -+ -+ ret->get_issuer = 0; -+ ret->check_issued = 0; -+ ret->check_revocation = 0; -+ ret->get_crl = 0; -+ ret->check_crl = 0; -+ ret->cert_crl = 0; -+ ret->cleanup = 0; -+ -+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { -+ sk_X509_OBJECT_free(ret->objs); -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ -+ ret->references = 1; -+ return ret; -+} - - static void cleanup(X509_OBJECT *a) -- { -- if (a->type == X509_LU_X509) -- { -- X509_free(a->data.x509); -- } -- else if (a->type == X509_LU_CRL) -- { -- X509_CRL_free(a->data.crl); -- } -- else -- { -- /* abort(); */ -- } -- -- OPENSSL_free(a); -- } -+{ -+ if (a->type == X509_LU_X509) { -+ X509_free(a->data.x509); -+ } else if (a->type == X509_LU_CRL) { -+ X509_CRL_free(a->data.crl); -+ } else { -+ /* abort(); */ -+ } -+ -+ OPENSSL_free(a); -+} - - void X509_STORE_free(X509_STORE *vfy) -- { -- int i; -- STACK_OF(X509_LOOKUP) *sk; -- X509_LOOKUP *lu; -- -- if (vfy == NULL) -- return; -- -- sk=vfy->get_cert_methods; -- for (i=0; iobjs, cleanup); -- -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); -- if (vfy->param) -- X509_VERIFY_PARAM_free(vfy->param); -- OPENSSL_free(vfy); -- } -+{ -+ int i; -+ STACK_OF(X509_LOOKUP) *sk; -+ X509_LOOKUP *lu; -+ -+ if (vfy == NULL) -+ return; -+ -+ sk = vfy->get_cert_methods; -+ for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { -+ lu = sk_X509_LOOKUP_value(sk, i); -+ X509_LOOKUP_shutdown(lu); -+ X509_LOOKUP_free(lu); -+ } -+ sk_X509_LOOKUP_free(sk); -+ sk_X509_OBJECT_pop_free(vfy->objs, cleanup); -+ -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); -+ if (vfy->param) -+ X509_VERIFY_PARAM_free(vfy->param); -+ OPENSSL_free(vfy); -+} - - X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) -- { -- int i; -- STACK_OF(X509_LOOKUP) *sk; -- X509_LOOKUP *lu; -- -- sk=v->get_cert_methods; -- for (i=0; imethod) -- { -- return lu; -- } -- } -- /* a new one */ -- lu=X509_LOOKUP_new(m); -- if (lu == NULL) -- return NULL; -- else -- { -- lu->store_ctx=v; -- if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) -- return lu; -- else -- { -- X509_LOOKUP_free(lu); -- return NULL; -- } -- } -- } -+{ -+ int i; -+ STACK_OF(X509_LOOKUP) *sk; -+ X509_LOOKUP *lu; -+ -+ sk = v->get_cert_methods; -+ for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { -+ lu = sk_X509_LOOKUP_value(sk, i); -+ if (m == lu->method) { -+ return lu; -+ } -+ } -+ /* a new one */ -+ lu = X509_LOOKUP_new(m); -+ if (lu == NULL) -+ return NULL; -+ else { -+ lu->store_ctx = v; -+ if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) -+ return lu; -+ else { -+ X509_LOOKUP_free(lu); -+ return NULL; -+ } -+ } -+} - - int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, -- X509_OBJECT *ret) -- { -- X509_STORE *ctx=vs->ctx; -- X509_LOOKUP *lu; -- X509_OBJECT stmp,*tmp; -- int i,j; -- -- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -- tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); -- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -- -- if (tmp == NULL) -- { -- for (i=vs->current_method; iget_cert_methods); i++) -- { -- lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); -- j=X509_LOOKUP_by_subject(lu,type,name,&stmp); -- if (j < 0) -- { -- vs->current_method=j; -- return j; -- } -- else if (j) -- { -- tmp= &stmp; -- break; -- } -- } -- vs->current_method=0; -- if (tmp == NULL) -- return 0; -- } -- --/* if (ret->data.ptr != NULL) -- X509_OBJECT_free_contents(ret); */ -- -- ret->type=tmp->type; -- ret->data.ptr=tmp->data.ptr; -- -- X509_OBJECT_up_ref_count(ret); -- -- return 1; -- } -+ X509_OBJECT *ret) -+{ -+ X509_STORE *ctx = vs->ctx; -+ X509_LOOKUP *lu; -+ X509_OBJECT stmp, *tmp; -+ int i, j; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -+ tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -+ -+ if (tmp == NULL) { -+ for (i = vs->current_method; -+ i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { -+ lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); -+ j = X509_LOOKUP_by_subject(lu, type, name, &stmp); -+ if (j < 0) { -+ vs->current_method = j; -+ return j; -+ } else if (j) { -+ tmp = &stmp; -+ break; -+ } -+ } -+ vs->current_method = 0; -+ if (tmp == NULL) -+ return 0; -+ } -+ -+/*- if (ret->data.ptr != NULL) -+ X509_OBJECT_free_contents(ret); */ -+ -+ ret->type = tmp->type; -+ ret->data.ptr = tmp->data.ptr; -+ -+ X509_OBJECT_up_ref_count(ret); -+ -+ return 1; -+} - - int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) -- { -- X509_OBJECT *obj; -- int ret=1; -- -- if (x == NULL) return 0; -- obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); -- if (obj == NULL) -- { -- X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- obj->type=X509_LU_X509; -- obj->data.x509=x; -- -- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -- -- X509_OBJECT_up_ref_count(obj); -- -- if (X509_OBJECT_retrieve_match(ctx->objs, obj)) -- { -- X509_OBJECT_free_contents(obj); -- OPENSSL_free(obj); -- X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); -- ret=0; -- } -- else sk_X509_OBJECT_push(ctx->objs, obj); -- -- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -- -- return ret; -- } -+{ -+ X509_OBJECT *obj; -+ int ret = 1; -+ -+ if (x == NULL) -+ return 0; -+ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); -+ if (obj == NULL) { -+ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ obj->type = X509_LU_X509; -+ obj->data.x509 = x; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -+ -+ X509_OBJECT_up_ref_count(obj); -+ -+ if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { -+ X509_OBJECT_free_contents(obj); -+ OPENSSL_free(obj); -+ X509err(X509_F_X509_STORE_ADD_CERT, -+ X509_R_CERT_ALREADY_IN_HASH_TABLE); -+ ret = 0; -+ } else -+ sk_X509_OBJECT_push(ctx->objs, obj); -+ -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -+ -+ return ret; -+} - - int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) -- { -- X509_OBJECT *obj; -- int ret=1; -- -- if (x == NULL) return 0; -- obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); -- if (obj == NULL) -- { -- X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- obj->type=X509_LU_CRL; -- obj->data.crl=x; -- -- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -- -- X509_OBJECT_up_ref_count(obj); -- -- if (X509_OBJECT_retrieve_match(ctx->objs, obj)) -- { -- X509_OBJECT_free_contents(obj); -- OPENSSL_free(obj); -- X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); -- ret=0; -- } -- else sk_X509_OBJECT_push(ctx->objs, obj); -- -- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -- -- return ret; -- } -+{ -+ X509_OBJECT *obj; -+ int ret = 1; -+ -+ if (x == NULL) -+ return 0; -+ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); -+ if (obj == NULL) { -+ X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ obj->type = X509_LU_CRL; -+ obj->data.crl = x; -+ -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -+ -+ X509_OBJECT_up_ref_count(obj); -+ -+ if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { -+ X509_OBJECT_free_contents(obj); -+ OPENSSL_free(obj); -+ X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); -+ ret = 0; -+ } else -+ sk_X509_OBJECT_push(ctx->objs, obj); -+ -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -+ -+ return ret; -+} - - void X509_OBJECT_up_ref_count(X509_OBJECT *a) -- { -- switch (a->type) -- { -- case X509_LU_X509: -- CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); -- break; -- case X509_LU_CRL: -- CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); -- break; -- } -- } -+{ -+ switch (a->type) { -+ case X509_LU_X509: -+ CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509); -+ break; -+ case X509_LU_CRL: -+ CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); -+ break; -+ } -+} - - void X509_OBJECT_free_contents(X509_OBJECT *a) -- { -- switch (a->type) -- { -- case X509_LU_X509: -- X509_free(a->data.x509); -- break; -- case X509_LU_CRL: -- X509_CRL_free(a->data.crl); -- break; -- } -- } -+{ -+ switch (a->type) { -+ case X509_LU_X509: -+ X509_free(a->data.x509); -+ break; -+ case X509_LU_CRL: -+ X509_CRL_free(a->data.crl); -+ break; -+ } -+} - - int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, -- X509_NAME *name) -- { -- X509_OBJECT stmp; -- X509 x509_s; -- X509_CINF cinf_s; -- X509_CRL crl_s; -- X509_CRL_INFO crl_info_s; -- -- stmp.type=type; -- switch (type) -- { -- case X509_LU_X509: -- stmp.data.x509= &x509_s; -- x509_s.cert_info= &cinf_s; -- cinf_s.subject=name; -- break; -- case X509_LU_CRL: -- stmp.data.crl= &crl_s; -- crl_s.crl= &crl_info_s; -- crl_info_s.issuer=name; -- break; -- default: -- /* abort(); */ -- return -1; -- } -- -- return sk_X509_OBJECT_find(h,&stmp); -- } -- --X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, -- X509_NAME *name) -- { -- int idx; -- idx = X509_OBJECT_idx_by_subject(h, type, name); -- if (idx==-1) return NULL; -- return sk_X509_OBJECT_value(h, idx); -- } -- --X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) -- { -- int idx, i; -- X509_OBJECT *obj; -- idx = sk_X509_OBJECT_find(h, x); -- if (idx == -1) return NULL; -- if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx); -- for (i = idx; i < sk_X509_OBJECT_num(h); i++) -- { -- obj = sk_X509_OBJECT_value(h, i); -- if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) -- return NULL; -- if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) -- return obj; -- } -- return NULL; -- } -- -- --/* Try to get issuer certificate from store. Due to limitations -+ X509_NAME *name) -+{ -+ X509_OBJECT stmp; -+ X509 x509_s; -+ X509_CINF cinf_s; -+ X509_CRL crl_s; -+ X509_CRL_INFO crl_info_s; -+ -+ stmp.type = type; -+ switch (type) { -+ case X509_LU_X509: -+ stmp.data.x509 = &x509_s; -+ x509_s.cert_info = &cinf_s; -+ cinf_s.subject = name; -+ break; -+ case X509_LU_CRL: -+ stmp.data.crl = &crl_s; -+ crl_s.crl = &crl_info_s; -+ crl_info_s.issuer = name; -+ break; -+ default: -+ /* abort(); */ -+ return -1; -+ } -+ -+ return sk_X509_OBJECT_find(h, &stmp); -+} -+ -+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, -+ int type, X509_NAME *name) -+{ -+ int idx; -+ idx = X509_OBJECT_idx_by_subject(h, type, name); -+ if (idx == -1) -+ return NULL; -+ return sk_X509_OBJECT_value(h, idx); -+} -+ -+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, -+ X509_OBJECT *x) -+{ -+ int idx, i; -+ X509_OBJECT *obj; -+ idx = sk_X509_OBJECT_find(h, x); -+ if (idx == -1) -+ return NULL; -+ if (x->type != X509_LU_X509) -+ return sk_X509_OBJECT_value(h, idx); -+ for (i = idx; i < sk_X509_OBJECT_num(h); i++) { -+ obj = sk_X509_OBJECT_value(h, i); -+ if (x509_object_cmp -+ ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) -+ return NULL; -+ if ((x->type != X509_LU_X509) -+ || !X509_cmp(obj->data.x509, x->data.x509)) -+ return obj; -+ } -+ return NULL; -+} -+ -+/*- -+ * Try to get issuer certificate from store. Due to limitations - * of the API this can only retrieve a single certificate matching - * a given subject name. However it will fill the cache with all - * matching certificates, so we can examine the cache for all -@@ -491,89 +481,83 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x - * -1 some other error. - */ - int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) -- { -- X509_NAME *xn; -- X509_OBJECT obj, *pobj; -- int i, ok, idx, ret; -- xn=X509_get_issuer_name(x); -- ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); -- if (ok != X509_LU_X509) -- { -- if (ok == X509_LU_RETRY) -- { -- X509_OBJECT_free_contents(&obj); -- X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); -- return -1; -- } -- else if (ok != X509_LU_FAIL) -- { -- X509_OBJECT_free_contents(&obj); -- /* not good :-(, break anyway */ -- return -1; -- } -- return 0; -- } -- /* If certificate matches all OK */ -- if (ctx->check_issued(ctx, x, obj.data.x509)) -- { -- *issuer = obj.data.x509; -- return 1; -- } -- X509_OBJECT_free_contents(&obj); -- -- /* Else find index of first cert accepted by 'check_issued' */ -- ret = 0; -- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -- idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); -- if (idx != -1) /* should be true as we've had at least one match */ -- { -- /* Look through all matching certs for suitable issuer */ -- for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) -- { -- pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); -- /* See if we've run past the matches */ -- if (pobj->type != X509_LU_X509) -- break; -- if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) -- break; -- if (ctx->check_issued(ctx, x, pobj->data.x509)) -- { -- *issuer = pobj->data.x509; -- X509_OBJECT_up_ref_count(pobj); -- ret = 1; -- break; -- } -- } -- } -- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -- return ret; -- } -+{ -+ X509_NAME *xn; -+ X509_OBJECT obj, *pobj; -+ int i, ok, idx, ret; -+ xn = X509_get_issuer_name(x); -+ ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); -+ if (ok != X509_LU_X509) { -+ if (ok == X509_LU_RETRY) { -+ X509_OBJECT_free_contents(&obj); -+ X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY); -+ return -1; -+ } else if (ok != X509_LU_FAIL) { -+ X509_OBJECT_free_contents(&obj); -+ /* not good :-(, break anyway */ -+ return -1; -+ } -+ return 0; -+ } -+ /* If certificate matches all OK */ -+ if (ctx->check_issued(ctx, x, obj.data.x509)) { -+ *issuer = obj.data.x509; -+ return 1; -+ } -+ X509_OBJECT_free_contents(&obj); -+ -+ /* Else find index of first cert accepted by 'check_issued' */ -+ ret = 0; -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); -+ idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); -+ if (idx != -1) { /* should be true as we've had at least one -+ * match */ -+ /* Look through all matching certs for suitable issuer */ -+ for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { -+ pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); -+ /* See if we've run past the matches */ -+ if (pobj->type != X509_LU_X509) -+ break; -+ if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) -+ break; -+ if (ctx->check_issued(ctx, x, pobj->data.x509)) { -+ *issuer = pobj->data.x509; -+ X509_OBJECT_up_ref_count(pobj); -+ ret = 1; -+ break; -+ } -+ } -+ } -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); -+ return ret; -+} - - int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) -- { -- return X509_VERIFY_PARAM_set_flags(ctx->param, flags); -- } -+{ -+ return X509_VERIFY_PARAM_set_flags(ctx->param, flags); -+} - - int X509_STORE_set_depth(X509_STORE *ctx, int depth) -- { -- X509_VERIFY_PARAM_set_depth(ctx->param, depth); -- return 1; -- } -+{ -+ X509_VERIFY_PARAM_set_depth(ctx->param, depth); -+ return 1; -+} - - int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) -- { -- return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); -- } -+{ -+ return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); -+} - - int X509_STORE_set_trust(X509_STORE *ctx, int trust) -- { -- return X509_VERIFY_PARAM_set_trust(ctx->param, trust); -- } -+{ -+ return X509_VERIFY_PARAM_set_trust(ctx->param, trust); -+} - - int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) -- { -- return X509_VERIFY_PARAM_set1(ctx->param, param); -- } -+{ -+ return X509_VERIFY_PARAM_set1(ctx->param, param); -+} - - IMPLEMENT_STACK_OF(X509_LOOKUP) -+ - IMPLEMENT_STACK_OF(X509_OBJECT) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c -index 1e718f7..c334d3b 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,163 +64,149 @@ - #include - - char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) -- { -- X509_NAME_ENTRY *ne; --int i; -- int n,lold,l,l1,l2,num,j,type; -- const char *s; -- char *p; -- unsigned char *q; -- BUF_MEM *b=NULL; -- static char hex[17]="0123456789ABCDEF"; -- int gs_doit[4]; -- char tmp_buf[80]; -+{ -+ X509_NAME_ENTRY *ne; -+ int i; -+ int n, lold, l, l1, l2, num, j, type; -+ const char *s; -+ char *p; -+ unsigned char *q; -+ BUF_MEM *b = NULL; -+ static char hex[17] = "0123456789ABCDEF"; -+ int gs_doit[4]; -+ char tmp_buf[80]; - #ifdef CHARSET_EBCDIC -- char ebcdic_buf[1024]; -+ char ebcdic_buf[1024]; - #endif - -- if (buf == NULL) -- { -- if ((b=BUF_MEM_new()) == NULL) goto err; -- if (!BUF_MEM_grow(b,200)) goto err; -- b->data[0]='\0'; -- len=200; -- } -- if (a == NULL) -- { -- if(b) -- { -- buf=b->data; -- OPENSSL_free(b); -- } -- strncpy(buf,"NO X509_NAME",len); -- buf[len-1]='\0'; -- return buf; -- } -+ if (buf == NULL) { -+ if ((b = BUF_MEM_new()) == NULL) -+ goto err; -+ if (!BUF_MEM_grow(b, 200)) -+ goto err; -+ b->data[0] = '\0'; -+ len = 200; -+ } -+ if (a == NULL) { -+ if (b) { -+ buf = b->data; -+ OPENSSL_free(b); -+ } -+ strncpy(buf, "NO X509_NAME", len); -+ buf[len - 1] = '\0'; -+ return buf; -+ } - -- len--; /* space for '\0' */ -- l=0; -- for (i=0; ientries); i++) -- { -- ne=sk_X509_NAME_ENTRY_value(a->entries,i); -- n=OBJ_obj2nid(ne->object); -- if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) -- { -- i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); -- s=tmp_buf; -- } -- l1=strlen(s); -+ len--; /* space for '\0' */ -+ l = 0; -+ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { -+ ne = sk_X509_NAME_ENTRY_value(a->entries, i); -+ n = OBJ_obj2nid(ne->object); -+ if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) { -+ i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object); -+ s = tmp_buf; -+ } -+ l1 = strlen(s); - -- type=ne->value->type; -- num=ne->value->length; -- q=ne->value->data; -+ type = ne->value->type; -+ num = ne->value->length; -+ q = ne->value->data; - #ifdef CHARSET_EBCDIC -- if (type == V_ASN1_GENERALSTRING || -- type == V_ASN1_VISIBLESTRING || -- type == V_ASN1_PRINTABLESTRING || -- type == V_ASN1_TELETEXSTRING || -- type == V_ASN1_VISIBLESTRING || -- type == V_ASN1_IA5STRING) { -- ascii2ebcdic(ebcdic_buf, q, -- (num > sizeof ebcdic_buf) -- ? sizeof ebcdic_buf : num); -- q=ebcdic_buf; -- } -+ if (type == V_ASN1_GENERALSTRING || -+ type == V_ASN1_VISIBLESTRING || -+ type == V_ASN1_PRINTABLESTRING || -+ type == V_ASN1_TELETEXSTRING || -+ type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) { -+ ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf) -+ ? sizeof ebcdic_buf : num); -+ q = ebcdic_buf; -+ } - #endif - -- if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) -- { -- gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; -- for (j=0; j '~')) l2+=3; -+ if ((q[j] < ' ') || (q[j] > '~')) -+ l2 += 3; - #else -- if ((os_toascii[q[j]] < os_toascii[' ']) || -- (os_toascii[q[j]] > os_toascii['~'])) l2+=3; -+ if ((os_toascii[q[j]] < os_toascii[' ']) || -+ (os_toascii[q[j]] > os_toascii['~'])) -+ l2 += 3; - #endif -- } -+ } - -- lold=l; -- l+=1+l1+1+l2; -- if (b != NULL) -- { -- if (!BUF_MEM_grow(b,l+1)) goto err; -- p= &(b->data[lold]); -- } -- else if (l > len) -- { -- break; -- } -- else -- p= &(buf[lold]); -- *(p++)='/'; -- memcpy(p,s,(unsigned int)l1); p+=l1; -- *(p++)='='; -+ lold = l; -+ l += 1 + l1 + 1 + l2; -+ if (b != NULL) { -+ if (!BUF_MEM_grow(b, l + 1)) -+ goto err; -+ p = &(b->data[lold]); -+ } else if (l > len) { -+ break; -+ } else -+ p = &(buf[lold]); -+ *(p++) = '/'; -+ memcpy(p, s, (unsigned int)l1); -+ p += l1; -+ *(p++) = '='; - --#ifndef CHARSET_EBCDIC /* q was assigned above already. */ -- q=ne->value->data; -+#ifndef CHARSET_EBCDIC /* q was assigned above already. */ -+ q = ne->value->data; - #endif - -- for (j=0; j '~')) -- { -- *(p++)='\\'; -- *(p++)='x'; -- *(p++)=hex[(n>>4)&0x0f]; -- *(p++)=hex[n&0x0f]; -- } -- else -- *(p++)=n; -+ n = q[j]; -+ if ((n < ' ') || (n > '~')) { -+ *(p++) = '\\'; -+ *(p++) = 'x'; -+ *(p++) = hex[(n >> 4) & 0x0f]; -+ *(p++) = hex[n & 0x0f]; -+ } else -+ *(p++) = n; - #else -- n=os_toascii[q[j]]; -- if ((n < os_toascii[' ']) || -- (n > os_toascii['~'])) -- { -- *(p++)='\\'; -- *(p++)='x'; -- *(p++)=hex[(n>>4)&0x0f]; -- *(p++)=hex[n&0x0f]; -- } -- else -- *(p++)=q[j]; -+ n = os_toascii[q[j]]; -+ if ((n < os_toascii[' ']) || (n > os_toascii['~'])) { -+ *(p++) = '\\'; -+ *(p++) = 'x'; -+ *(p++) = hex[(n >> 4) & 0x0f]; -+ *(p++) = hex[n & 0x0f]; -+ } else -+ *(p++) = q[j]; - #endif -- } -- *p='\0'; -- } -- if (b != NULL) -- { -- p=b->data; -- OPENSSL_free(b); -- } -- else -- p=buf; -- if (i == 0) -- *p = '\0'; -- return(p); --err: -- X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); -- if (b != NULL) BUF_MEM_free(b); -- return(NULL); -- } -- -+ } -+ *p = '\0'; -+ } -+ if (b != NULL) { -+ p = b->data; -+ OPENSSL_free(b); -+ } else -+ p = buf; -+ if (i == 0) -+ *p = '\0'; -+ return (p); -+ err: -+ X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE); -+ if (b != NULL) -+ BUF_MEM_free(b); -+ return (NULL); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c -index 254a146..0ff439c 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -66,49 +66,48 @@ - #include - - X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) -- { -- X509 *ret=NULL; -- X509_CINF *xi=NULL; -- X509_NAME *xn; -- -- if ((ret=X509_new()) == NULL) -- { -- X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); -- goto err; -- } -+{ -+ X509 *ret = NULL; -+ X509_CINF *xi = NULL; -+ X509_NAME *xn; - -- /* duplicate the request */ -- xi=ret->cert_info; -+ if ((ret = X509_new()) == NULL) { -+ X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) -- { -- if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; -- if (!ASN1_INTEGER_set(xi->version,2)) goto err; --/* xi->extensions=ri->attributes; <- bad, should not ever be done -- ri->attributes=NULL; */ -- } -+ /* duplicate the request */ -+ xi = ret->cert_info; - -- xn=X509_REQ_get_subject_name(r); -- if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) -- goto err; -- if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) -- goto err; -+ if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { -+ if ((xi->version = M_ASN1_INTEGER_new()) == NULL) -+ goto err; -+ if (!ASN1_INTEGER_set(xi->version, 2)) -+ goto err; -+/*- xi->extensions=ri->attributes; <- bad, should not ever be done -+ ri->attributes=NULL; */ -+ } - -- if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) -- goto err; -- if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) -- goto err; -+ xn = X509_REQ_get_subject_name(r); -+ if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) -+ goto err; -+ if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) -+ goto err; - -- X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); -+ if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) -+ goto err; -+ if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) == -+ NULL) -+ goto err; - -- if (!X509_sign(ret,pkey,EVP_md5())) -- goto err; -- if (0) -- { --err: -- X509_free(ret); -- ret=NULL; -- } -- return(ret); -- } -+ X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); - -+ if (!X509_sign(ret, pkey, EVP_md5())) -+ goto err; -+ if (0) { -+ err: -+ X509_free(ret); -+ ret = NULL; -+ } -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c -index 3872e1f..31e59c4 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_req.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_req.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -67,258 +67,275 @@ - #include - - X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) -- { -- X509_REQ *ret; -- X509_REQ_INFO *ri; -- int i; -- EVP_PKEY *pktmp; -- -- ret=X509_REQ_new(); -- if (ret == NULL) -- { -- X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- ri=ret->req_info; -- -- ri->version->length=1; -- ri->version->data=(unsigned char *)OPENSSL_malloc(1); -- if (ri->version->data == NULL) goto err; -- ri->version->data[0]=0; /* version == 0 */ -- -- if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) -- goto err; -- -- pktmp = X509_get_pubkey(x); -- i=X509_REQ_set_pubkey(ret,pktmp); -- EVP_PKEY_free(pktmp); -- if (!i) goto err; -- -- if (pkey != NULL) -- { -- if (!X509_REQ_sign(ret,pkey,md)) -- goto err; -- } -- return(ret); --err: -- X509_REQ_free(ret); -- return(NULL); -- } -+{ -+ X509_REQ *ret; -+ X509_REQ_INFO *ri; -+ int i; -+ EVP_PKEY *pktmp; -+ -+ ret = X509_REQ_new(); -+ if (ret == NULL) { -+ X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ ri = ret->req_info; -+ -+ ri->version->length = 1; -+ ri->version->data = (unsigned char *)OPENSSL_malloc(1); -+ if (ri->version->data == NULL) -+ goto err; -+ ri->version->data[0] = 0; /* version == 0 */ -+ -+ if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) -+ goto err; -+ -+ pktmp = X509_get_pubkey(x); -+ if (pktmp == NULL) -+ goto err; -+ i = X509_REQ_set_pubkey(ret, pktmp); -+ EVP_PKEY_free(pktmp); -+ if (!i) -+ goto err; -+ -+ if (pkey != NULL) { -+ if (!X509_REQ_sign(ret, pkey, md)) -+ goto err; -+ } -+ return (ret); -+ err: -+ X509_REQ_free(ret); -+ return (NULL); -+} - - EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) -- { -- if ((req == NULL) || (req->req_info == NULL)) -- return(NULL); -- return(X509_PUBKEY_get(req->req_info->pubkey)); -- } -+{ -+ if ((req == NULL) || (req->req_info == NULL)) -+ return (NULL); -+ return (X509_PUBKEY_get(req->req_info->pubkey)); -+} - - int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) -- { -- EVP_PKEY *xk=NULL; -- int ok=0; -- -- xk=X509_REQ_get_pubkey(x); -- switch (EVP_PKEY_cmp(xk, k)) -- { -- case 1: -- ok=1; -- break; -- case 0: -- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); -- break; -- case -1: -- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); -- break; -- case -2: -+{ -+ EVP_PKEY *xk = NULL; -+ int ok = 0; -+ -+ xk = X509_REQ_get_pubkey(x); -+ switch (EVP_PKEY_cmp(xk, k)) { -+ case 1: -+ ok = 1; -+ break; -+ case 0: -+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, -+ X509_R_KEY_VALUES_MISMATCH); -+ break; -+ case -1: -+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH); -+ break; -+ case -2: - #ifndef OPENSSL_NO_EC -- if (k->type == EVP_PKEY_EC) -- { -- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); -- break; -- } -+ if (k->type == EVP_PKEY_EC) { -+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); -+ break; -+ } - #endif - #ifndef OPENSSL_NO_DH -- if (k->type == EVP_PKEY_DH) -- { -- /* No idea */ -- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); -- break; -- } -+ if (k->type == EVP_PKEY_DH) { -+ /* No idea */ -+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, -+ X509_R_CANT_CHECK_DH_KEY); -+ break; -+ } - #endif -- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); -- } -+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); -+ } - -- EVP_PKEY_free(xk); -- return(ok); -- } -+ EVP_PKEY_free(xk); -+ return (ok); -+} - --/* It seems several organisations had the same idea of including a list of -+/* -+ * It seems several organisations had the same idea of including a list of - * extensions in a certificate request. There are at least two OIDs that are - * used and there may be more: so the list is configurable. - */ - --static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef}; -+static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef }; - - static int *ext_nids = ext_nid_list; - - int X509_REQ_extension_nid(int req_nid) - { -- int i, nid; -- for(i = 0; ; i++) { -- nid = ext_nids[i]; -- if(nid == NID_undef) return 0; -- else if (req_nid == nid) return 1; -- } -+ int i, nid; -+ for (i = 0;; i++) { -+ nid = ext_nids[i]; -+ if (nid == NID_undef) -+ return 0; -+ else if (req_nid == nid) -+ return 1; -+ } - } - - int *X509_REQ_get_extension_nids(void) - { -- return ext_nids; -+ return ext_nids; - } -- -+ - void X509_REQ_set_extension_nids(int *nids) - { -- ext_nids = nids; -+ ext_nids = nids; - } - - STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) -- { -- X509_ATTRIBUTE *attr; -- ASN1_TYPE *ext = NULL; -- int idx, *pnid; -- const unsigned char *p; -- -- if ((req == NULL) || (req->req_info == NULL) || !ext_nids) -- return(NULL); -- for (pnid = ext_nids; *pnid != NID_undef; pnid++) -- { -- idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); -- if (idx == -1) -- continue; -- attr = X509_REQ_get_attr(req, idx); -- if(attr->single) ext = attr->value.single; -- else if(sk_ASN1_TYPE_num(attr->value.set)) -- ext = sk_ASN1_TYPE_value(attr->value.set, 0); -- break; -- } -- if(!ext || (ext->type != V_ASN1_SEQUENCE)) -- return NULL; -- p = ext->value.sequence->data; -- return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, -- ext->value.sequence->length, -- d2i_X509_EXTENSION, X509_EXTENSION_free, -- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); -+{ -+ X509_ATTRIBUTE *attr; -+ ASN1_TYPE *ext = NULL; -+ int idx, *pnid; -+ const unsigned char *p; -+ -+ if ((req == NULL) || (req->req_info == NULL) || !ext_nids) -+ return (NULL); -+ for (pnid = ext_nids; *pnid != NID_undef; pnid++) { -+ idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); -+ if (idx == -1) -+ continue; -+ attr = X509_REQ_get_attr(req, idx); -+ if (attr->single) -+ ext = attr->value.single; -+ else if (sk_ASN1_TYPE_num(attr->value.set)) -+ ext = sk_ASN1_TYPE_value(attr->value.set, 0); -+ break; -+ } -+ if (!ext || (ext->type != V_ASN1_SEQUENCE)) -+ return NULL; -+ p = ext->value.sequence->data; -+ return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, -+ ext->value.sequence->length, -+ d2i_X509_EXTENSION, -+ X509_EXTENSION_free, -+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); - } - --/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs -+/* -+ * Add a STACK_OF extensions to a certificate request: allow alternative OIDs - * in case we want to create a non standard one. - */ - - int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, -- int nid) -+ int nid) - { -- unsigned char *p = NULL, *q; -- long len; -- ASN1_TYPE *at = NULL; -- X509_ATTRIBUTE *attr = NULL; -- if(!(at = ASN1_TYPE_new()) || -- !(at->value.sequence = ASN1_STRING_new())) goto err; -- -- at->type = V_ASN1_SEQUENCE; -- /* Generate encoding of extensions */ -- len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, -- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); -- if(!(p = OPENSSL_malloc(len))) goto err; -- q = p; -- i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, -- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); -- at->value.sequence->data = p; -- p = NULL; -- at->value.sequence->length = len; -- if(!(attr = X509_ATTRIBUTE_new())) goto err; -- if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; -- if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; -- at = NULL; -- attr->single = 0; -- attr->object = OBJ_nid2obj(nid); -- if (!req->req_info->attributes) -- { -- if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) -- goto err; -- } -- if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; -- return 1; -- err: -- if(p) OPENSSL_free(p); -- X509_ATTRIBUTE_free(attr); -- ASN1_TYPE_free(at); -- return 0; -+ unsigned char *p = NULL, *q; -+ long len; -+ ASN1_TYPE *at = NULL; -+ X509_ATTRIBUTE *attr = NULL; -+ if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new())) -+ goto err; -+ -+ at->type = V_ASN1_SEQUENCE; -+ /* Generate encoding of extensions */ -+ len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, -+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, -+ IS_SEQUENCE); -+ if (!(p = OPENSSL_malloc(len))) -+ goto err; -+ q = p; -+ i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, -+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, -+ IS_SEQUENCE); -+ at->value.sequence->data = p; -+ p = NULL; -+ at->value.sequence->length = len; -+ if (!(attr = X509_ATTRIBUTE_new())) -+ goto err; -+ if (!(attr->value.set = sk_ASN1_TYPE_new_null())) -+ goto err; -+ if (!sk_ASN1_TYPE_push(attr->value.set, at)) -+ goto err; -+ at = NULL; -+ attr->single = 0; -+ attr->object = OBJ_nid2obj(nid); -+ if (!req->req_info->attributes) { -+ if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) -+ goto err; -+ } -+ if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) -+ goto err; -+ return 1; -+ err: -+ if (p) -+ OPENSSL_free(p); -+ X509_ATTRIBUTE_free(attr); -+ ASN1_TYPE_free(at); -+ return 0; - } -+ - /* This is the normal usage: use the "official" OID */ - int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) - { -- return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); -+ return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); - } - - /* Request attribute functions */ - - int X509_REQ_get_attr_count(const X509_REQ *req) - { -- return X509at_get_attr_count(req->req_info->attributes); -+ return X509at_get_attr_count(req->req_info->attributes); - } - --int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, -- int lastpos) -+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) - { -- return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); -+ return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); - } - - int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, -- int lastpos) -+ int lastpos) - { -- return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); -+ return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); - } - - X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) - { -- return X509at_get_attr(req->req_info->attributes, loc); -+ return X509at_get_attr(req->req_info->attributes, loc); - } - - X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) - { -- return X509at_delete_attr(req->req_info->attributes, loc); -+ return X509at_delete_attr(req->req_info->attributes, loc); - } - - int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) - { -- if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; -- return 0; -+ if (X509at_add1_attr(&req->req_info->attributes, attr)) -+ return 1; -+ return 0; - } - - int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, -- const ASN1_OBJECT *obj, int type, -- const unsigned char *bytes, int len) -+ const ASN1_OBJECT *obj, int type, -+ const unsigned char *bytes, int len) - { -- if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, -- type, bytes, len)) return 1; -- return 0; -+ if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, -+ type, bytes, len)) -+ return 1; -+ return 0; - } - - int X509_REQ_add1_attr_by_NID(X509_REQ *req, -- int nid, int type, -- const unsigned char *bytes, int len) -+ int nid, int type, -+ const unsigned char *bytes, int len) - { -- if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, -- type, bytes, len)) return 1; -- return 0; -+ if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, -+ type, bytes, len)) -+ return 1; -+ return 0; - } - - int X509_REQ_add1_attr_by_txt(X509_REQ *req, -- const char *attrname, int type, -- const unsigned char *bytes, int len) -+ const char *attrname, int type, -+ const unsigned char *bytes, int len) - { -- if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, -- type, bytes, len)) return 1; -- return 0; -+ if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, -+ type, bytes, len)) -+ return 1; -+ return 0; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c -index aaf61ca..4eec1da 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_set.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_set.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,87 +64,84 @@ - #include - - int X509_set_version(X509 *x, long version) -- { -- if (x == NULL) return(0); -- if (x->cert_info->version == NULL) -- { -- if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL) -- return(0); -- } -- return(ASN1_INTEGER_set(x->cert_info->version,version)); -- } -+{ -+ if (x == NULL) -+ return (0); -+ if (x->cert_info->version == NULL) { -+ if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL) -+ return (0); -+ } -+ return (ASN1_INTEGER_set(x->cert_info->version, version)); -+} - - int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) -- { -- ASN1_INTEGER *in; -+{ -+ ASN1_INTEGER *in; - -- if (x == NULL) return(0); -- in=x->cert_info->serialNumber; -- if (in != serial) -- { -- in=M_ASN1_INTEGER_dup(serial); -- if (in != NULL) -- { -- M_ASN1_INTEGER_free(x->cert_info->serialNumber); -- x->cert_info->serialNumber=in; -- } -- } -- return(in != NULL); -- } -+ if (x == NULL) -+ return (0); -+ in = x->cert_info->serialNumber; -+ if (in != serial) { -+ in = M_ASN1_INTEGER_dup(serial); -+ if (in != NULL) { -+ M_ASN1_INTEGER_free(x->cert_info->serialNumber); -+ x->cert_info->serialNumber = in; -+ } -+ } -+ return (in != NULL); -+} - - int X509_set_issuer_name(X509 *x, X509_NAME *name) -- { -- if ((x == NULL) || (x->cert_info == NULL)) return(0); -- return(X509_NAME_set(&x->cert_info->issuer,name)); -- } -+{ -+ if ((x == NULL) || (x->cert_info == NULL)) -+ return (0); -+ return (X509_NAME_set(&x->cert_info->issuer, name)); -+} - - int X509_set_subject_name(X509 *x, X509_NAME *name) -- { -- if ((x == NULL) || (x->cert_info == NULL)) return(0); -- return(X509_NAME_set(&x->cert_info->subject,name)); -- } -+{ -+ if ((x == NULL) || (x->cert_info == NULL)) -+ return (0); -+ return (X509_NAME_set(&x->cert_info->subject, name)); -+} - - int X509_set_notBefore(X509 *x, ASN1_TIME *tm) -- { -- ASN1_TIME *in; -+{ -+ ASN1_TIME *in; - -- if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); -- in=x->cert_info->validity->notBefore; -- if (in != tm) -- { -- in=M_ASN1_TIME_dup(tm); -- if (in != NULL) -- { -- M_ASN1_TIME_free(x->cert_info->validity->notBefore); -- x->cert_info->validity->notBefore=in; -- } -- } -- return(in != NULL); -- } -+ if ((x == NULL) || (x->cert_info->validity == NULL)) -+ return (0); -+ in = x->cert_info->validity->notBefore; -+ if (in != tm) { -+ in = M_ASN1_TIME_dup(tm); -+ if (in != NULL) { -+ M_ASN1_TIME_free(x->cert_info->validity->notBefore); -+ x->cert_info->validity->notBefore = in; -+ } -+ } -+ return (in != NULL); -+} - - int X509_set_notAfter(X509 *x, ASN1_TIME *tm) -- { -- ASN1_TIME *in; -+{ -+ ASN1_TIME *in; - -- if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); -- in=x->cert_info->validity->notAfter; -- if (in != tm) -- { -- in=M_ASN1_TIME_dup(tm); -- if (in != NULL) -- { -- M_ASN1_TIME_free(x->cert_info->validity->notAfter); -- x->cert_info->validity->notAfter=in; -- } -- } -- return(in != NULL); -- } -+ if ((x == NULL) || (x->cert_info->validity == NULL)) -+ return (0); -+ in = x->cert_info->validity->notAfter; -+ if (in != tm) { -+ in = M_ASN1_TIME_dup(tm); -+ if (in != NULL) { -+ M_ASN1_TIME_free(x->cert_info->validity->notAfter); -+ x->cert_info->validity->notAfter = in; -+ } -+ } -+ return (in != NULL); -+} - - int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) -- { -- if ((x == NULL) || (x->cert_info == NULL)) return(0); -- return(X509_PUBKEY_set(&(x->cert_info->key),pkey)); -- } -- -- -- -+{ -+ if ((x == NULL) || (x->cert_info == NULL)) -+ return (0); -+ return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c -index ed18700..11f2532 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c -@@ -1,6 +1,7 @@ - /* x509_trs.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,9 +61,7 @@ - #include "cryptlib.h" - #include - -- --static int tr_cmp(const X509_TRUST * const *a, -- const X509_TRUST * const *b); -+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); - static void trtable_free(X509_TRUST *p); - - static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); -@@ -70,218 +69,240 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); - static int trust_compat(X509_TRUST *trust, X509 *x, int flags); - - static int obj_trust(int id, X509 *x, int flags); --static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; -+static int (*default_trust) (int id, X509 *x, int flags) = obj_trust; - --/* WARNING: the following table should be kept in order of trust -- * and without any gaps so we can just subtract the minimum trust -- * value to get an index into the table -+/* -+ * WARNING: the following table should be kept in order of trust and without -+ * any gaps so we can just subtract the minimum trust value to get an index -+ * into the table - */ - - static X509_TRUST trstandard[] = { --{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, --{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, --{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, --{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, --{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, --{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, --{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} -+ {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, -+ {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, -+ NULL}, -+ {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, -+ NULL}, -+ {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, -+ NULL}, -+ {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, -+ NULL}, -+ {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, -+ NULL}, -+ {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} - }; - --#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) -+#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) - - IMPLEMENT_STACK_OF(X509_TRUST) - - static STACK_OF(X509_TRUST) *trtable = NULL; - --static int tr_cmp(const X509_TRUST * const *a, -- const X509_TRUST * const *b) -+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b) - { -- return (*a)->trust - (*b)->trust; -+ return (*a)->trust - (*b)->trust; - } - --int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) --{ -- int (*oldtrust)(int , X509 *, int); -- oldtrust = default_trust; -- default_trust = trust; -- return oldtrust; -+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, -+ int) { -+ int (*oldtrust) (int, X509 *, int); -+ oldtrust = default_trust; -+ default_trust = trust; -+ return oldtrust; - } - -- - int X509_check_trust(X509 *x, int id, int flags) - { -- X509_TRUST *pt; -- int idx; -- if(id == -1) return 1; -- idx = X509_TRUST_get_by_id(id); -- if(idx == -1) return default_trust(id, x, flags); -- pt = X509_TRUST_get0(idx); -- return pt->check_trust(pt, x, flags); -+ X509_TRUST *pt; -+ int idx; -+ if (id == -1) -+ return 1; -+ idx = X509_TRUST_get_by_id(id); -+ if (idx == -1) -+ return default_trust(id, x, flags); -+ pt = X509_TRUST_get0(idx); -+ return pt->check_trust(pt, x, flags); - } - - int X509_TRUST_get_count(void) - { -- if(!trtable) return X509_TRUST_COUNT; -- return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; -+ if (!trtable) -+ return X509_TRUST_COUNT; -+ return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; - } - --X509_TRUST * X509_TRUST_get0(int idx) -+X509_TRUST *X509_TRUST_get0(int idx) - { -- if(idx < 0) return NULL; -- if(idx < (int)X509_TRUST_COUNT) return trstandard + idx; -- return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); -+ if (idx < 0) -+ return NULL; -+ if (idx < (int)X509_TRUST_COUNT) -+ return trstandard + idx; -+ return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); - } - - int X509_TRUST_get_by_id(int id) - { -- X509_TRUST tmp; -- int idx; -- if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) -- return id - X509_TRUST_MIN; -- tmp.trust = id; -- if(!trtable) return -1; -- idx = sk_X509_TRUST_find(trtable, &tmp); -- if(idx == -1) return -1; -- return idx + X509_TRUST_COUNT; -+ X509_TRUST tmp; -+ int idx; -+ if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) -+ return id - X509_TRUST_MIN; -+ tmp.trust = id; -+ if (!trtable) -+ return -1; -+ idx = sk_X509_TRUST_find(trtable, &tmp); -+ if (idx == -1) -+ return -1; -+ return idx + X509_TRUST_COUNT; - } - - int X509_TRUST_set(int *t, int trust) - { -- if(X509_TRUST_get_by_id(trust) == -1) { -- X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST); -- return 0; -- } -- *t = trust; -- return 1; -+ if (X509_TRUST_get_by_id(trust) == -1) { -+ X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST); -+ return 0; -+ } -+ *t = trust; -+ return 1; - } - --int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), -- char *name, int arg1, void *arg2) -+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), -+ char *name, int arg1, void *arg2) - { -- int idx; -- X509_TRUST *trtmp; -- /* This is set according to what we change: application can't set it */ -- flags &= ~X509_TRUST_DYNAMIC; -- /* This will always be set for application modified trust entries */ -- flags |= X509_TRUST_DYNAMIC_NAME; -- /* Get existing entry if any */ -- idx = X509_TRUST_get_by_id(id); -- /* Need a new entry */ -- if(idx == -1) { -- if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { -- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- trtmp->flags = X509_TRUST_DYNAMIC; -- } else trtmp = X509_TRUST_get0(idx); -- -- /* OPENSSL_free existing name if dynamic */ -- if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name); -- /* dup supplied name */ -- if(!(trtmp->name = BUF_strdup(name))) { -- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- /* Keep the dynamic flag of existing entry */ -- trtmp->flags &= X509_TRUST_DYNAMIC; -- /* Set all other flags */ -- trtmp->flags |= flags; -- -- trtmp->trust = id; -- trtmp->check_trust = ck; -- trtmp->arg1 = arg1; -- trtmp->arg2 = arg2; -- -- /* If its a new entry manage the dynamic table */ -- if(idx == -1) { -- if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { -- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if (!sk_X509_TRUST_push(trtable, trtmp)) { -- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- return 1; -+ int idx; -+ X509_TRUST *trtmp; -+ /* -+ * This is set according to what we change: application can't set it -+ */ -+ flags &= ~X509_TRUST_DYNAMIC; -+ /* This will always be set for application modified trust entries */ -+ flags |= X509_TRUST_DYNAMIC_NAME; -+ /* Get existing entry if any */ -+ idx = X509_TRUST_get_by_id(id); -+ /* Need a new entry */ -+ if (idx == -1) { -+ if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { -+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ trtmp->flags = X509_TRUST_DYNAMIC; -+ } else -+ trtmp = X509_TRUST_get0(idx); -+ -+ /* OPENSSL_free existing name if dynamic */ -+ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) -+ OPENSSL_free(trtmp->name); -+ /* dup supplied name */ -+ if (!(trtmp->name = BUF_strdup(name))) { -+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ /* Keep the dynamic flag of existing entry */ -+ trtmp->flags &= X509_TRUST_DYNAMIC; -+ /* Set all other flags */ -+ trtmp->flags |= flags; -+ -+ trtmp->trust = id; -+ trtmp->check_trust = ck; -+ trtmp->arg1 = arg1; -+ trtmp->arg2 = arg2; -+ -+ /* If its a new entry manage the dynamic table */ -+ if (idx == -1) { -+ if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { -+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!sk_X509_TRUST_push(trtable, trtmp)) { -+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ return 1; - } - - static void trtable_free(X509_TRUST *p) -- { -- if(!p) return; -- if (p->flags & X509_TRUST_DYNAMIC) -- { -- if (p->flags & X509_TRUST_DYNAMIC_NAME) -- OPENSSL_free(p->name); -- OPENSSL_free(p); -- } -- } -+{ -+ if (!p) -+ return; -+ if (p->flags & X509_TRUST_DYNAMIC) { -+ if (p->flags & X509_TRUST_DYNAMIC_NAME) -+ OPENSSL_free(p->name); -+ OPENSSL_free(p); -+ } -+} - - void X509_TRUST_cleanup(void) - { -- unsigned int i; -- for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); -- sk_X509_TRUST_pop_free(trtable, trtable_free); -- trtable = NULL; -+ unsigned int i; -+ for (i = 0; i < X509_TRUST_COUNT; i++) -+ trtable_free(trstandard + i); -+ sk_X509_TRUST_pop_free(trtable, trtable_free); -+ trtable = NULL; - } - - int X509_TRUST_get_flags(X509_TRUST *xp) - { -- return xp->flags; -+ return xp->flags; - } - - char *X509_TRUST_get0_name(X509_TRUST *xp) - { -- return xp->name; -+ return xp->name; - } - - int X509_TRUST_get_trust(X509_TRUST *xp) - { -- return xp->trust; -+ return xp->trust; - } - - static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) - { -- if(x->aux && (x->aux->trust || x->aux->reject)) -- return obj_trust(trust->arg1, x, flags); -- /* we don't have any trust settings: for compatibility -- * we return trusted if it is self signed -- */ -- return trust_compat(trust, x, flags); -+ if (x->aux && (x->aux->trust || x->aux->reject)) -+ return obj_trust(trust->arg1, x, flags); -+ /* -+ * we don't have any trust settings: for compatibility we return trusted -+ * if it is self signed -+ */ -+ return trust_compat(trust, x, flags); - } - - static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) - { -- if(x->aux) return obj_trust(trust->arg1, x, flags); -- return X509_TRUST_UNTRUSTED; -+ if (x->aux) -+ return obj_trust(trust->arg1, x, flags); -+ return X509_TRUST_UNTRUSTED; - } - - static int trust_compat(X509_TRUST *trust, X509 *x, int flags) - { -- X509_check_purpose(x, -1, 0); -- if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; -- else return X509_TRUST_UNTRUSTED; -+ X509_check_purpose(x, -1, 0); -+ if (x->ex_flags & EXFLAG_SS) -+ return X509_TRUST_TRUSTED; -+ else -+ return X509_TRUST_UNTRUSTED; - } - - static int obj_trust(int id, X509 *x, int flags) - { -- ASN1_OBJECT *obj; -- int i; -- X509_CERT_AUX *ax; -- ax = x->aux; -- if(!ax) return X509_TRUST_UNTRUSTED; -- if(ax->reject) { -- for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { -- obj = sk_ASN1_OBJECT_value(ax->reject, i); -- if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED; -- } -- } -- if(ax->trust) { -- for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { -- obj = sk_ASN1_OBJECT_value(ax->trust, i); -- if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED; -- } -- } -- return X509_TRUST_UNTRUSTED; -+ ASN1_OBJECT *obj; -+ int i; -+ X509_CERT_AUX *ax; -+ ax = x->aux; -+ if (!ax) -+ return X509_TRUST_UNTRUSTED; -+ if (ax->reject) { -+ for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { -+ obj = sk_ASN1_OBJECT_value(ax->reject, i); -+ if (OBJ_obj2nid(obj) == id) -+ return X509_TRUST_REJECTED; -+ } -+ } -+ if (ax->trust) { -+ for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { -+ obj = sk_ASN1_OBJECT_value(ax->trust, i); -+ if (OBJ_obj2nid(obj) == id) -+ return X509_TRUST_TRUSTED; -+ } -+ } -+ return X509_TRUST_UNTRUSTED; - } -- -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c -index 73a8ec7..1cadbf9 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -69,105 +69,103 @@ - #include - - const char *X509_verify_cert_error_string(long n) -- { -- static char buf[100]; -- -- switch ((int)n) -- { -- case X509_V_OK: -- return("ok"); -- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -- return("unable to get issuer certificate"); -- case X509_V_ERR_UNABLE_TO_GET_CRL: -- return("unable to get certificate CRL"); -- case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: -- return("unable to decrypt certificate's signature"); -- case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: -- return("unable to decrypt CRL's signature"); -- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: -- return("unable to decode issuer public key"); -- case X509_V_ERR_CERT_SIGNATURE_FAILURE: -- return("certificate signature failure"); -- case X509_V_ERR_CRL_SIGNATURE_FAILURE: -- return("CRL signature failure"); -- case X509_V_ERR_CERT_NOT_YET_VALID: -- return("certificate is not yet valid"); -- case X509_V_ERR_CRL_NOT_YET_VALID: -- return("CRL is not yet valid"); -- case X509_V_ERR_CERT_HAS_EXPIRED: -- return("certificate has expired"); -- case X509_V_ERR_CRL_HAS_EXPIRED: -- return("CRL has expired"); -- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -- return("format error in certificate's notBefore field"); -- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -- return("format error in certificate's notAfter field"); -- case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: -- return("format error in CRL's lastUpdate field"); -- case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: -- return("format error in CRL's nextUpdate field"); -- case X509_V_ERR_OUT_OF_MEM: -- return("out of memory"); -- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: -- return("self signed certificate"); -- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: -- return("self signed certificate in certificate chain"); -- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: -- return("unable to get local issuer certificate"); -- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: -- return("unable to verify the first certificate"); -- case X509_V_ERR_CERT_CHAIN_TOO_LONG: -- return("certificate chain too long"); -- case X509_V_ERR_CERT_REVOKED: -- return("certificate revoked"); -- case X509_V_ERR_INVALID_CA: -- return ("invalid CA certificate"); -- case X509_V_ERR_INVALID_NON_CA: -- return ("invalid non-CA certificate (has CA markings)"); -- case X509_V_ERR_PATH_LENGTH_EXCEEDED: -- return ("path length constraint exceeded"); -- case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: -- return("proxy path length constraint exceeded"); -- case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: -- return("proxy certificates not allowed, please set the appropriate flag"); -- case X509_V_ERR_INVALID_PURPOSE: -- return ("unsupported certificate purpose"); -- case X509_V_ERR_CERT_UNTRUSTED: -- return ("certificate not trusted"); -- case X509_V_ERR_CERT_REJECTED: -- return ("certificate rejected"); -- case X509_V_ERR_APPLICATION_VERIFICATION: -- return("application verification failure"); -- case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: -- return("subject issuer mismatch"); -- case X509_V_ERR_AKID_SKID_MISMATCH: -- return("authority and subject key identifier mismatch"); -- case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: -- return("authority and issuer serial number mismatch"); -- case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: -- return("key usage does not include certificate signing"); -- case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: -- return("unable to get CRL issuer certificate"); -- case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: -- return("unhandled critical extension"); -- case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: -- return("key usage does not include CRL signing"); -- case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: -- return("key usage does not include digital signature"); -- case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: -- return("unhandled critical CRL extension"); -- case X509_V_ERR_INVALID_EXTENSION: -- return("invalid or inconsistent certificate extension"); -- case X509_V_ERR_INVALID_POLICY_EXTENSION: -- return("invalid or inconsistent certificate policy extension"); -- case X509_V_ERR_NO_EXPLICIT_POLICY: -- return("no explicit policy"); -- case X509_V_ERR_UNNESTED_RESOURCE: -- return("RFC 3779 resource not subset of parent's resources"); -- default: -- BIO_snprintf(buf,sizeof buf,"error number %ld",n); -- return(buf); -- } -- } -- -+{ -+ static char buf[100]; - -+ switch ((int)n) { -+ case X509_V_OK: -+ return ("ok"); -+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -+ return ("unable to get issuer certificate"); -+ case X509_V_ERR_UNABLE_TO_GET_CRL: -+ return ("unable to get certificate CRL"); -+ case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: -+ return ("unable to decrypt certificate's signature"); -+ case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: -+ return ("unable to decrypt CRL's signature"); -+ case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: -+ return ("unable to decode issuer public key"); -+ case X509_V_ERR_CERT_SIGNATURE_FAILURE: -+ return ("certificate signature failure"); -+ case X509_V_ERR_CRL_SIGNATURE_FAILURE: -+ return ("CRL signature failure"); -+ case X509_V_ERR_CERT_NOT_YET_VALID: -+ return ("certificate is not yet valid"); -+ case X509_V_ERR_CRL_NOT_YET_VALID: -+ return ("CRL is not yet valid"); -+ case X509_V_ERR_CERT_HAS_EXPIRED: -+ return ("certificate has expired"); -+ case X509_V_ERR_CRL_HAS_EXPIRED: -+ return ("CRL has expired"); -+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -+ return ("format error in certificate's notBefore field"); -+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -+ return ("format error in certificate's notAfter field"); -+ case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: -+ return ("format error in CRL's lastUpdate field"); -+ case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: -+ return ("format error in CRL's nextUpdate field"); -+ case X509_V_ERR_OUT_OF_MEM: -+ return ("out of memory"); -+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: -+ return ("self signed certificate"); -+ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: -+ return ("self signed certificate in certificate chain"); -+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: -+ return ("unable to get local issuer certificate"); -+ case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: -+ return ("unable to verify the first certificate"); -+ case X509_V_ERR_CERT_CHAIN_TOO_LONG: -+ return ("certificate chain too long"); -+ case X509_V_ERR_CERT_REVOKED: -+ return ("certificate revoked"); -+ case X509_V_ERR_INVALID_CA: -+ return ("invalid CA certificate"); -+ case X509_V_ERR_INVALID_NON_CA: -+ return ("invalid non-CA certificate (has CA markings)"); -+ case X509_V_ERR_PATH_LENGTH_EXCEEDED: -+ return ("path length constraint exceeded"); -+ case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: -+ return ("proxy path length constraint exceeded"); -+ case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: -+ return -+ ("proxy certificates not allowed, please set the appropriate flag"); -+ case X509_V_ERR_INVALID_PURPOSE: -+ return ("unsupported certificate purpose"); -+ case X509_V_ERR_CERT_UNTRUSTED: -+ return ("certificate not trusted"); -+ case X509_V_ERR_CERT_REJECTED: -+ return ("certificate rejected"); -+ case X509_V_ERR_APPLICATION_VERIFICATION: -+ return ("application verification failure"); -+ case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: -+ return ("subject issuer mismatch"); -+ case X509_V_ERR_AKID_SKID_MISMATCH: -+ return ("authority and subject key identifier mismatch"); -+ case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: -+ return ("authority and issuer serial number mismatch"); -+ case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: -+ return ("key usage does not include certificate signing"); -+ case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: -+ return ("unable to get CRL issuer certificate"); -+ case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: -+ return ("unhandled critical extension"); -+ case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: -+ return ("key usage does not include CRL signing"); -+ case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: -+ return ("key usage does not include digital signature"); -+ case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: -+ return ("unhandled critical CRL extension"); -+ case X509_V_ERR_INVALID_EXTENSION: -+ return ("invalid or inconsistent certificate extension"); -+ case X509_V_ERR_INVALID_POLICY_EXTENSION: -+ return ("invalid or inconsistent certificate policy extension"); -+ case X509_V_ERR_NO_EXPLICIT_POLICY: -+ return ("no explicit policy"); -+ case X509_V_ERR_UNNESTED_RESOURCE: -+ return ("RFC 3779 resource not subset of parent's resources"); -+ default: -+ BIO_snprintf(buf, sizeof buf, "error number %ld", n); -+ return (buf); -+ } -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c -index 42e6f0a..4a03445 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -66,209 +66,219 @@ - #include - - int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) -- { -- if (x == NULL) return(0); -- return(sk_X509_EXTENSION_num(x)); -- } -+{ -+ if (x == NULL) -+ return (0); -+ return (sk_X509_EXTENSION_num(x)); -+} - - int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, -- int lastpos) -- { -- ASN1_OBJECT *obj; -+ int lastpos) -+{ -+ ASN1_OBJECT *obj; - -- obj=OBJ_nid2obj(nid); -- if (obj == NULL) return(-2); -- return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); -- } -+ obj = OBJ_nid2obj(nid); -+ if (obj == NULL) -+ return (-2); -+ return (X509v3_get_ext_by_OBJ(x, obj, lastpos)); -+} - --int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj, -- int lastpos) -- { -- int n; -- X509_EXTENSION *ex; -+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, -+ ASN1_OBJECT *obj, int lastpos) -+{ -+ int n; -+ X509_EXTENSION *ex; - -- if (sk == NULL) return(-1); -- lastpos++; -- if (lastpos < 0) -- lastpos=0; -- n=sk_X509_EXTENSION_num(sk); -- for ( ; lastpos < n; lastpos++) -- { -- ex=sk_X509_EXTENSION_value(sk,lastpos); -- if (OBJ_cmp(ex->object,obj) == 0) -- return(lastpos); -- } -- return(-1); -- } -+ if (sk == NULL) -+ return (-1); -+ lastpos++; -+ if (lastpos < 0) -+ lastpos = 0; -+ n = sk_X509_EXTENSION_num(sk); -+ for (; lastpos < n; lastpos++) { -+ ex = sk_X509_EXTENSION_value(sk, lastpos); -+ if (OBJ_cmp(ex->object, obj) == 0) -+ return (lastpos); -+ } -+ return (-1); -+} - - int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, -- int lastpos) -- { -- int n; -- X509_EXTENSION *ex; -+ int lastpos) -+{ -+ int n; -+ X509_EXTENSION *ex; - -- if (sk == NULL) return(-1); -- lastpos++; -- if (lastpos < 0) -- lastpos=0; -- n=sk_X509_EXTENSION_num(sk); -- for ( ; lastpos < n; lastpos++) -- { -- ex=sk_X509_EXTENSION_value(sk,lastpos); -- if ( ((ex->critical > 0) && crit) || -- ((ex->critical <= 0) && !crit)) -- return(lastpos); -- } -- return(-1); -- } -+ if (sk == NULL) -+ return (-1); -+ lastpos++; -+ if (lastpos < 0) -+ lastpos = 0; -+ n = sk_X509_EXTENSION_num(sk); -+ for (; lastpos < n; lastpos++) { -+ ex = sk_X509_EXTENSION_value(sk, lastpos); -+ if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit)) -+ return (lastpos); -+ } -+ return (-1); -+} - - X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) -- { -- if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) -- return NULL; -- else -- return sk_X509_EXTENSION_value(x,loc); -- } -+{ -+ if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) -+ return NULL; -+ else -+ return sk_X509_EXTENSION_value(x, loc); -+} - - X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) -- { -- X509_EXTENSION *ret; -+{ -+ X509_EXTENSION *ret; - -- if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) -- return(NULL); -- ret=sk_X509_EXTENSION_delete(x,loc); -- return(ret); -- } -+ if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) -+ return (NULL); -+ ret = sk_X509_EXTENSION_delete(x, loc); -+ return (ret); -+} - - STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, -- X509_EXTENSION *ex, int loc) -- { -- X509_EXTENSION *new_ex=NULL; -- int n; -- STACK_OF(X509_EXTENSION) *sk=NULL; -+ X509_EXTENSION *ex, int loc) -+{ -+ X509_EXTENSION *new_ex = NULL; -+ int n; -+ STACK_OF(X509_EXTENSION) *sk = NULL; - -- if (x == NULL) -- { -- X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER); -- goto err2; -- } -+ if (x == NULL) { -+ X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER); -+ goto err2; -+ } - -- if (*x == NULL) -- { -- if ((sk=sk_X509_EXTENSION_new_null()) == NULL) -- goto err; -- } -- else -- sk= *x; -+ if (*x == NULL) { -+ if ((sk = sk_X509_EXTENSION_new_null()) == NULL) -+ goto err; -+ } else -+ sk = *x; - -- n=sk_X509_EXTENSION_num(sk); -- if (loc > n) loc=n; -- else if (loc < 0) loc=n; -+ n = sk_X509_EXTENSION_num(sk); -+ if (loc > n) -+ loc = n; -+ else if (loc < 0) -+ loc = n; - -- if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) -- goto err2; -- if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) -- goto err; -- if (*x == NULL) -- *x=sk; -- return(sk); --err: -- X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); --err2: -- if (new_ex != NULL) X509_EXTENSION_free(new_ex); -- if (sk != NULL) sk_X509_EXTENSION_free(sk); -- return(NULL); -- } -+ if ((new_ex = X509_EXTENSION_dup(ex)) == NULL) -+ goto err2; -+ if (!sk_X509_EXTENSION_insert(sk, new_ex, loc)) -+ goto err; -+ if (*x == NULL) -+ *x = sk; -+ return (sk); -+ err: -+ X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE); -+ err2: -+ if (new_ex != NULL) -+ X509_EXTENSION_free(new_ex); -+ if (sk != NULL) -+ sk_X509_EXTENSION_free(sk); -+ return (NULL); -+} - - X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, -- int crit, ASN1_OCTET_STRING *data) -- { -- ASN1_OBJECT *obj; -- X509_EXTENSION *ret; -+ int crit, -+ ASN1_OCTET_STRING *data) -+{ -+ ASN1_OBJECT *obj; -+ X509_EXTENSION *ret; - -- obj=OBJ_nid2obj(nid); -- if (obj == NULL) -- { -- X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID); -- return(NULL); -- } -- ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data); -- if (ret == NULL) ASN1_OBJECT_free(obj); -- return(ret); -- } -+ obj = OBJ_nid2obj(nid); -+ if (obj == NULL) { -+ X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data); -+ if (ret == NULL) -+ ASN1_OBJECT_free(obj); -+ return (ret); -+} - - X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, -- ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data) -- { -- X509_EXTENSION *ret; -+ ASN1_OBJECT *obj, int crit, -+ ASN1_OCTET_STRING *data) -+{ -+ X509_EXTENSION *ret; -+ -+ if ((ex == NULL) || (*ex == NULL)) { -+ if ((ret = X509_EXTENSION_new()) == NULL) { -+ X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ, -+ ERR_R_MALLOC_FAILURE); -+ return (NULL); -+ } -+ } else -+ ret = *ex; - -- if ((ex == NULL) || (*ex == NULL)) -- { -- if ((ret=X509_EXTENSION_new()) == NULL) -- { -- X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); -- return(NULL); -- } -- } -- else -- ret= *ex; -+ if (!X509_EXTENSION_set_object(ret, obj)) -+ goto err; -+ if (!X509_EXTENSION_set_critical(ret, crit)) -+ goto err; -+ if (!X509_EXTENSION_set_data(ret, data)) -+ goto err; - -- if (!X509_EXTENSION_set_object(ret,obj)) -- goto err; -- if (!X509_EXTENSION_set_critical(ret,crit)) -- goto err; -- if (!X509_EXTENSION_set_data(ret,data)) -- goto err; -- -- if ((ex != NULL) && (*ex == NULL)) *ex=ret; -- return(ret); --err: -- if ((ex == NULL) || (ret != *ex)) -- X509_EXTENSION_free(ret); -- return(NULL); -- } -+ if ((ex != NULL) && (*ex == NULL)) -+ *ex = ret; -+ return (ret); -+ err: -+ if ((ex == NULL) || (ret != *ex)) -+ X509_EXTENSION_free(ret); -+ return (NULL); -+} - - int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj) -- { -- if ((ex == NULL) || (obj == NULL)) -- return(0); -- ASN1_OBJECT_free(ex->object); -- ex->object=OBJ_dup(obj); -- return(1); -- } -+{ -+ if ((ex == NULL) || (obj == NULL)) -+ return (0); -+ ASN1_OBJECT_free(ex->object); -+ ex->object = OBJ_dup(obj); -+ return (1); -+} - - int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) -- { -- if (ex == NULL) return(0); -- ex->critical=(crit)?0xFF:-1; -- return(1); -- } -+{ -+ if (ex == NULL) -+ return (0); -+ ex->critical = (crit) ? 0xFF : -1; -+ return (1); -+} - - int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) -- { -- int i; -+{ -+ int i; - -- if (ex == NULL) return(0); -- i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length); -- if (!i) return(0); -- return(1); -- } -+ if (ex == NULL) -+ return (0); -+ i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length); -+ if (!i) -+ return (0); -+ return (1); -+} - - ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) -- { -- if (ex == NULL) return(NULL); -- return(ex->object); -- } -+{ -+ if (ex == NULL) -+ return (NULL); -+ return (ex->object); -+} - - ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) -- { -- if (ex == NULL) return(NULL); -- return(ex->value); -- } -+{ -+ if (ex == NULL) -+ return (NULL); -+ return (ex->value); -+} - - int X509_EXTENSION_get_critical(X509_EXTENSION *ex) -- { -- if (ex == NULL) return(0); -- if(ex->critical > 0) return 1; -- return 0; -- } -+{ -+ if (ex == NULL) -+ return (0); -+ if (ex->critical > 0) -+ return 1; -+ return 0; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -index b87617a..3249ff8 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -70,7 +70,7 @@ - #include - #include - --static int null_callback(int ok,X509_STORE_CTX *e); -+static int null_callback(int ok, X509_STORE_CTX *e); - static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); - static int check_chain_extensions(X509_STORE_CTX *ctx); -@@ -79,1472 +79,1438 @@ static int check_revocation(X509_STORE_CTX *ctx); - static int check_cert(X509_STORE_CTX *ctx); - static int check_policy(X509_STORE_CTX *ctx); - static int internal_verify(X509_STORE_CTX *ctx); --const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT; -- -+const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT; - - static int null_callback(int ok, X509_STORE_CTX *e) -- { -- return ok; -- } -+{ -+ return ok; -+} - - #if 0 - static int x509_subject_cmp(X509 **a, X509 **b) -- { -- return X509_subject_name_cmp(*a,*b); -- } -+{ -+ return X509_subject_name_cmp(*a, *b); -+} - #endif - - int X509_verify_cert(X509_STORE_CTX *ctx) -- { -- X509 *x,*xtmp,*chain_ss=NULL; -- int bad_chain = 0; -- X509_VERIFY_PARAM *param = ctx->param; -- int depth,i,ok=0; -- int num; -- int (*cb)(int xok,X509_STORE_CTX *xctx); -- STACK_OF(X509) *sktmp=NULL; -- if (ctx->cert == NULL) -- { -- X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); -- return -1; -- } -- -- cb=ctx->verify_cb; -- -- /* first we make sure the chain we are going to build is -- * present and that the first entry is in place */ -- if (ctx->chain == NULL) -- { -- if ( ((ctx->chain=sk_X509_new_null()) == NULL) || -- (!sk_X509_push(ctx->chain,ctx->cert))) -- { -- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); -- goto end; -- } -- CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509); -- ctx->last_untrusted=1; -- } -- -- /* We use a temporary STACK so we can chop and hack at it */ -- if (ctx->untrusted != NULL -- && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) -- { -- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); -- goto end; -- } -- -- num=sk_X509_num(ctx->chain); -- x=sk_X509_value(ctx->chain,num-1); -- depth=param->depth; -- -- -- for (;;) -- { -- /* If we have enough, we break */ -- if (depth < num) break; /* FIXME: If this happens, we should take -- * note of it and, if appropriate, use the -- * X509_V_ERR_CERT_CHAIN_TOO_LONG error -- * code later. -- */ -- -- /* If we are self signed, we break */ -- if (ctx->check_issued(ctx, x,x)) break; -- -- /* If we were passed a cert chain, use it first */ -- if (ctx->untrusted != NULL) -- { -- xtmp=find_issuer(ctx, sktmp,x); -- if (xtmp != NULL) -- { -- if (!sk_X509_push(ctx->chain,xtmp)) -- { -- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); -- goto end; -- } -- CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); -- (void)sk_X509_delete_ptr(sktmp,xtmp); -- ctx->last_untrusted++; -- x=xtmp; -- num++; -- /* reparse the full chain for -- * the next one */ -- continue; -- } -- } -- break; -- } -- -- /* at this point, chain should contain a list of untrusted -- * certificates. We now need to add at least one trusted one, -- * if possible, otherwise we complain. */ -- -- /* Examine last certificate in chain and see if it -- * is self signed. -- */ -- -- i=sk_X509_num(ctx->chain); -- x=sk_X509_value(ctx->chain,i-1); -- if (ctx->check_issued(ctx, x, x)) -- { -- /* we have a self signed certificate */ -- if (sk_X509_num(ctx->chain) == 1) -- { -- /* We have a single self signed certificate: see if -- * we can find it in the store. We must have an exact -- * match to avoid possible impersonation. -- */ -- ok = ctx->get_issuer(&xtmp, ctx, x); -- if ((ok <= 0) || X509_cmp(x, xtmp)) -- { -- ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; -- ctx->current_cert=x; -- ctx->error_depth=i-1; -- if (ok == 1) X509_free(xtmp); -- bad_chain = 1; -- ok=cb(0,ctx); -- if (!ok) goto end; -- } -- else -- { -- /* We have a match: replace certificate with store version -- * so we get any trust settings. -- */ -- X509_free(x); -- x = xtmp; -- (void)sk_X509_set(ctx->chain, i - 1, x); -- ctx->last_untrusted=0; -- } -- } -- else -- { -- /* extract and save self signed certificate for later use */ -- chain_ss=sk_X509_pop(ctx->chain); -- ctx->last_untrusted--; -- num--; -- x=sk_X509_value(ctx->chain,num-1); -- } -- } -- -- /* We now lookup certs from the certificate store */ -- for (;;) -- { -- /* If we have enough, we break */ -- if (depth < num) break; -- -- /* If we are self signed, we break */ -- if (ctx->check_issued(ctx,x,x)) break; -- -- ok = ctx->get_issuer(&xtmp, ctx, x); -- -- if (ok < 0) return ok; -- if (ok == 0) break; -- -- x = xtmp; -- if (!sk_X509_push(ctx->chain,x)) -- { -- X509_free(xtmp); -- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- num++; -- } -- -- /* we now have our chain, lets check it... */ -- -- /* Is last certificate looked up self signed? */ -- if (!ctx->check_issued(ctx,x,x)) -- { -- if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) -- { -- if (ctx->last_untrusted >= num) -- ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; -- else -- ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; -- ctx->current_cert=x; -- } -- else -- { -- -- sk_X509_push(ctx->chain,chain_ss); -- num++; -- ctx->last_untrusted=num; -- ctx->current_cert=chain_ss; -- ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; -- chain_ss=NULL; -- } -- -- ctx->error_depth=num-1; -- bad_chain = 1; -- ok=cb(0,ctx); -- if (!ok) goto end; -- } -- -- /* We have the chain complete: now we need to check its purpose */ -- ok = check_chain_extensions(ctx); -- -- if (!ok) goto end; -- -- /* The chain extensions are OK: check trust */ -- -- if (param->trust > 0) ok = check_trust(ctx); -- -- if (!ok) goto end; -- -- /* We may as well copy down any DSA parameters that are required */ -- X509_get_pubkey_parameters(NULL,ctx->chain); -- -- /* Check revocation status: we do this after copying parameters -- * because they may be needed for CRL signature verification. -- */ -- -- ok = ctx->check_revocation(ctx); -- if(!ok) goto end; -- -- /* At this point, we have a chain and need to verify it */ -- if (ctx->verify != NULL) -- ok=ctx->verify(ctx); -- else -- ok=internal_verify(ctx); -- if(!ok) goto end; -+{ -+ X509 *x, *xtmp, *chain_ss = NULL; -+ int bad_chain = 0; -+ X509_VERIFY_PARAM *param = ctx->param; -+ int depth, i, ok = 0; -+ int num; -+ int (*cb) (int xok, X509_STORE_CTX *xctx); -+ STACK_OF(X509) *sktmp = NULL; -+ if (ctx->cert == NULL) { -+ X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); -+ return -1; -+ } -+ -+ cb = ctx->verify_cb; -+ -+ /* -+ * first we make sure the chain we are going to build is present and that -+ * the first entry is in place -+ */ -+ if (ctx->chain == NULL) { -+ if (((ctx->chain = sk_X509_new_null()) == NULL) || -+ (!sk_X509_push(ctx->chain, ctx->cert))) { -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); -+ ctx->last_untrusted = 1; -+ } -+ -+ /* We use a temporary STACK so we can chop and hack at it */ -+ if (ctx->untrusted != NULL -+ && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ -+ num = sk_X509_num(ctx->chain); -+ x = sk_X509_value(ctx->chain, num - 1); -+ depth = param->depth; -+ -+ for (;;) { -+ /* If we have enough, we break */ -+ if (depth < num) -+ break; /* FIXME: If this happens, we should take -+ * note of it and, if appropriate, use the -+ * X509_V_ERR_CERT_CHAIN_TOO_LONG error code -+ * later. */ -+ -+ /* If we are self signed, we break */ -+ if (ctx->check_issued(ctx, x, x)) -+ break; -+ -+ /* If we were passed a cert chain, use it first */ -+ if (ctx->untrusted != NULL) { -+ xtmp = find_issuer(ctx, sktmp, x); -+ if (xtmp != NULL) { -+ if (!sk_X509_push(ctx->chain, xtmp)) { -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); -+ (void)sk_X509_delete_ptr(sktmp, xtmp); -+ ctx->last_untrusted++; -+ x = xtmp; -+ num++; -+ /* -+ * reparse the full chain for the next one -+ */ -+ continue; -+ } -+ } -+ break; -+ } -+ -+ /* -+ * at this point, chain should contain a list of untrusted certificates. -+ * We now need to add at least one trusted one, if possible, otherwise we -+ * complain. -+ */ -+ -+ /* -+ * Examine last certificate in chain and see if it is self signed. -+ */ -+ -+ i = sk_X509_num(ctx->chain); -+ x = sk_X509_value(ctx->chain, i - 1); -+ if (ctx->check_issued(ctx, x, x)) { -+ /* we have a self signed certificate */ -+ if (sk_X509_num(ctx->chain) == 1) { -+ /* -+ * We have a single self signed certificate: see if we can find -+ * it in the store. We must have an exact match to avoid possible -+ * impersonation. -+ */ -+ ok = ctx->get_issuer(&xtmp, ctx, x); -+ if ((ok <= 0) || X509_cmp(x, xtmp)) { -+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; -+ ctx->current_cert = x; -+ ctx->error_depth = i - 1; -+ if (ok == 1) -+ X509_free(xtmp); -+ bad_chain = 1; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } else { -+ /* -+ * We have a match: replace certificate with store version so -+ * we get any trust settings. -+ */ -+ X509_free(x); -+ x = xtmp; -+ (void)sk_X509_set(ctx->chain, i - 1, x); -+ ctx->last_untrusted = 0; -+ } -+ } else { -+ /* -+ * extract and save self signed certificate for later use -+ */ -+ chain_ss = sk_X509_pop(ctx->chain); -+ ctx->last_untrusted--; -+ num--; -+ x = sk_X509_value(ctx->chain, num - 1); -+ } -+ } -+ -+ /* We now lookup certs from the certificate store */ -+ for (;;) { -+ /* If we have enough, we break */ -+ if (depth < num) -+ break; -+ -+ /* If we are self signed, we break */ -+ if (ctx->check_issued(ctx, x, x)) -+ break; -+ -+ ok = ctx->get_issuer(&xtmp, ctx, x); -+ -+ if (ok < 0) -+ return ok; -+ if (ok == 0) -+ break; -+ -+ x = xtmp; -+ if (!sk_X509_push(ctx->chain, x)) { -+ X509_free(xtmp); -+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ num++; -+ } -+ -+ /* we now have our chain, lets check it... */ -+ -+ /* Is last certificate looked up self signed? */ -+ if (!ctx->check_issued(ctx, x, x)) { -+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { -+ if (ctx->last_untrusted >= num) -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; -+ else -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; -+ ctx->current_cert = x; -+ } else { -+ -+ sk_X509_push(ctx->chain, chain_ss); -+ num++; -+ ctx->last_untrusted = num; -+ ctx->current_cert = chain_ss; -+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; -+ chain_ss = NULL; -+ } -+ -+ ctx->error_depth = num - 1; -+ bad_chain = 1; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ -+ /* We have the chain complete: now we need to check its purpose */ -+ ok = check_chain_extensions(ctx); -+ -+ if (!ok) -+ goto end; -+ -+ /* The chain extensions are OK: check trust */ -+ -+ if (param->trust > 0) -+ ok = check_trust(ctx); -+ -+ if (!ok) -+ goto end; -+ -+ /* We may as well copy down any DSA parameters that are required */ -+ X509_get_pubkey_parameters(NULL, ctx->chain); -+ -+ /* -+ * Check revocation status: we do this after copying parameters because -+ * they may be needed for CRL signature verification. -+ */ -+ -+ ok = ctx->check_revocation(ctx); -+ if (!ok) -+ goto end; -+ -+ /* At this point, we have a chain and need to verify it */ -+ if (ctx->verify != NULL) -+ ok = ctx->verify(ctx); -+ else -+ ok = internal_verify(ctx); -+ if (!ok) -+ goto end; - - #ifndef OPENSSL_NO_RFC3779 -- /* RFC 3779 path validation, now that CRL check has been done */ -- ok = v3_asid_validate_path(ctx); -- if (!ok) goto end; -- ok = v3_addr_validate_path(ctx); -- if (!ok) goto end; -+ /* RFC 3779 path validation, now that CRL check has been done */ -+ ok = v3_asid_validate_path(ctx); -+ if (!ok) -+ goto end; -+ ok = v3_addr_validate_path(ctx); -+ if (!ok) -+ goto end; - #endif - -- /* If we get this far evaluate policies */ -- if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) -- ok = ctx->check_policy(ctx); -- if(!ok) goto end; -- if (0) -- { --end: -- X509_get_pubkey_parameters(NULL,ctx->chain); -- } -- if (sktmp != NULL) sk_X509_free(sktmp); -- if (chain_ss != NULL) X509_free(chain_ss); -- return ok; -- } -- -- --/* Given a STACK_OF(X509) find the issuer of cert (if any) -+ /* If we get this far evaluate policies */ -+ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) -+ ok = ctx->check_policy(ctx); -+ if (!ok) -+ goto end; -+ if (0) { -+ end: -+ X509_get_pubkey_parameters(NULL, ctx->chain); -+ } -+ if (sktmp != NULL) -+ sk_X509_free(sktmp); -+ if (chain_ss != NULL) -+ X509_free(chain_ss); -+ return ok; -+} -+ -+/* -+ * Given a STACK_OF(X509) find the issuer of cert (if any) - */ - - static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) - { -- int i; -- X509 *issuer; -- for (i = 0; i < sk_X509_num(sk); i++) -- { -- issuer = sk_X509_value(sk, i); -- if (ctx->check_issued(ctx, x, issuer)) -- return issuer; -- } -- return NULL; -+ int i; -+ X509 *issuer; -+ for (i = 0; i < sk_X509_num(sk); i++) { -+ issuer = sk_X509_value(sk, i); -+ if (ctx->check_issued(ctx, x, issuer)) -+ return issuer; -+ } -+ return NULL; - } - - /* Given a possible certificate and issuer check them */ - - static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) - { -- int ret; -- ret = X509_check_issued(issuer, x); -- if (ret == X509_V_OK) -- return 1; -- /* If we haven't asked for issuer errors don't set ctx */ -- if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) -- return 0; -- -- ctx->error = ret; -- ctx->current_cert = x; -- ctx->current_issuer = issuer; -- return ctx->verify_cb(0, ctx); -- return 0; -+ int ret; -+ ret = X509_check_issued(issuer, x); -+ if (ret == X509_V_OK) -+ return 1; -+ /* If we haven't asked for issuer errors don't set ctx */ -+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) -+ return 0; -+ -+ ctx->error = ret; -+ ctx->current_cert = x; -+ ctx->current_issuer = issuer; -+ return ctx->verify_cb(0, ctx); -+ return 0; - } - - /* Alternative lookup method: look from a STACK stored in other_ctx */ - - static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) - { -- *issuer = find_issuer(ctx, ctx->other_ctx, x); -- if (*issuer) -- { -- CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509); -- return 1; -- } -- else -- return 0; -+ *issuer = find_issuer(ctx, ctx->other_ctx, x); -+ if (*issuer) { -+ CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); -+ return 1; -+ } else -+ return 0; - } -- - --/* Check a certificate chains extensions for consistency -- * with the supplied purpose -+/* -+ * Check a certificate chains extensions for consistency with the supplied -+ * purpose - */ - - static int check_chain_extensions(X509_STORE_CTX *ctx) - { - #ifdef OPENSSL_NO_CHAIN_VERIFY -- return 1; -+ return 1; - #else -- int i, ok=0, must_be_ca, plen = 0; -- X509 *x; -- int (*cb)(int xok,X509_STORE_CTX *xctx); -- int proxy_path_length = 0; -- int allow_proxy_certs = -- !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); -- cb=ctx->verify_cb; -- -- /* must_be_ca can have 1 of 3 values: -- -1: we accept both CA and non-CA certificates, to allow direct -- use of self-signed certificates (which are marked as CA). -- 0: we only accept non-CA certificates. This is currently not -- used, but the possibility is present for future extensions. -- 1: we only accept CA certificates. This is currently used for -- all certificates in the chain except the leaf certificate. -- */ -- must_be_ca = -1; -- -- /* A hack to keep people who don't want to modify their software -- happy */ -- if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) -- allow_proxy_certs = 1; -- -- /* Check all untrusted certificates */ -- for (i = 0; i < ctx->last_untrusted; i++) -- { -- int ret; -- x = sk_X509_value(ctx->chain, i); -- if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) -- && (x->ex_flags & EXFLAG_CRITICAL)) -- { -- ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; -- ctx->error_depth = i; -- ctx->current_cert = x; -- ok=cb(0,ctx); -- if (!ok) goto end; -- } -- if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) -- { -- ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; -- ctx->error_depth = i; -- ctx->current_cert = x; -- ok=cb(0,ctx); -- if (!ok) goto end; -- } -- ret = X509_check_ca(x); -- switch(must_be_ca) -- { -- case -1: -- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) -- && (ret != 1) && (ret != 0)) -- { -- ret = 0; -- ctx->error = X509_V_ERR_INVALID_CA; -- } -- else -- ret = 1; -- break; -- case 0: -- if (ret != 0) -- { -- ret = 0; -- ctx->error = X509_V_ERR_INVALID_NON_CA; -- } -- else -- ret = 1; -- break; -- default: -- if ((ret == 0) -- || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) -- && (ret != 1))) -- { -- ret = 0; -- ctx->error = X509_V_ERR_INVALID_CA; -- } -- else -- ret = 1; -- break; -- } -- if (ret == 0) -- { -- ctx->error_depth = i; -- ctx->current_cert = x; -- ok=cb(0,ctx); -- if (!ok) goto end; -- } -- if (ctx->param->purpose > 0) -- { -- ret = X509_check_purpose(x, ctx->param->purpose, -- must_be_ca > 0); -- if ((ret == 0) -- || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) -- && (ret != 1))) -- { -- ctx->error = X509_V_ERR_INVALID_PURPOSE; -- ctx->error_depth = i; -- ctx->current_cert = x; -- ok=cb(0,ctx); -- if (!ok) goto end; -- } -- } -- /* Check pathlen if not self issued */ -- if ((i > 1) && !(x->ex_flags & EXFLAG_SI) -- && (x->ex_pathlen != -1) -- && (plen > (x->ex_pathlen + proxy_path_length + 1))) -- { -- ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; -- ctx->error_depth = i; -- ctx->current_cert = x; -- ok=cb(0,ctx); -- if (!ok) goto end; -- } -- /* Increment path length if not self issued */ -- if (!(x->ex_flags & EXFLAG_SI)) -- plen++; -- /* If this certificate is a proxy certificate, the next -- certificate must be another proxy certificate or a EE -- certificate. If not, the next certificate must be a -- CA certificate. */ -- if (x->ex_flags & EXFLAG_PROXY) -- { -- if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) -- { -- ctx->error = -- X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; -- ctx->error_depth = i; -- ctx->current_cert = x; -- ok=cb(0,ctx); -- if (!ok) goto end; -- } -- proxy_path_length++; -- must_be_ca = 0; -- } -- else -- must_be_ca = 1; -- } -- ok = 1; -+ int i, ok = 0, must_be_ca, plen = 0; -+ X509 *x; -+ int (*cb) (int xok, X509_STORE_CTX *xctx); -+ int proxy_path_length = 0; -+ int allow_proxy_certs = -+ ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); -+ cb = ctx->verify_cb; -+ -+ /*- -+ * must_be_ca can have 1 of 3 values: -+ * -1: we accept both CA and non-CA certificates, to allow direct -+ * use of self-signed certificates (which are marked as CA). -+ * 0: we only accept non-CA certificates. This is currently not -+ * used, but the possibility is present for future extensions. -+ * 1: we only accept CA certificates. This is currently used for -+ * all certificates in the chain except the leaf certificate. -+ */ -+ must_be_ca = -1; -+ -+ /* -+ * A hack to keep people who don't want to modify their software happy -+ */ -+ if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) -+ allow_proxy_certs = 1; -+ -+ /* Check all untrusted certificates */ -+ for (i = 0; i < ctx->last_untrusted; i++) { -+ int ret; -+ x = sk_X509_value(ctx->chain, i); -+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) -+ && (x->ex_flags & EXFLAG_CRITICAL)) { -+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { -+ ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ ret = X509_check_ca(x); -+ switch (must_be_ca) { -+ case -1: -+ if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) -+ && (ret != 1) && (ret != 0)) { -+ ret = 0; -+ ctx->error = X509_V_ERR_INVALID_CA; -+ } else -+ ret = 1; -+ break; -+ case 0: -+ if (ret != 0) { -+ ret = 0; -+ ctx->error = X509_V_ERR_INVALID_NON_CA; -+ } else -+ ret = 1; -+ break; -+ default: -+ if ((ret == 0) -+ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) -+ && (ret != 1))) { -+ ret = 0; -+ ctx->error = X509_V_ERR_INVALID_CA; -+ } else -+ ret = 1; -+ break; -+ } -+ if (ret == 0) { -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ if (ctx->param->purpose > 0) { -+ ret = X509_check_purpose(x, ctx->param->purpose, must_be_ca > 0); -+ if ((ret == 0) -+ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) -+ && (ret != 1))) { -+ ctx->error = X509_V_ERR_INVALID_PURPOSE; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ } -+ /* Check pathlen if not self issued */ -+ if ((i > 1) && !(x->ex_flags & EXFLAG_SI) -+ && (x->ex_pathlen != -1) -+ && (plen > (x->ex_pathlen + proxy_path_length + 1))) { -+ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ /* Increment path length if not self issued */ -+ if (!(x->ex_flags & EXFLAG_SI)) -+ plen++; -+ /* -+ * If this certificate is a proxy certificate, the next certificate -+ * must be another proxy certificate or a EE certificate. If not, -+ * the next certificate must be a CA certificate. -+ */ -+ if (x->ex_flags & EXFLAG_PROXY) { -+ if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { -+ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ok = cb(0, ctx); -+ if (!ok) -+ goto end; -+ } -+ proxy_path_length++; -+ must_be_ca = 0; -+ } else -+ must_be_ca = 1; -+ } -+ ok = 1; - end: -- return ok; -+ return ok; - #endif - } - - static int check_trust(X509_STORE_CTX *ctx) - { - #ifdef OPENSSL_NO_CHAIN_VERIFY -- return 1; -+ return 1; - #else -- int i, ok; -- X509 *x; -- int (*cb)(int xok,X509_STORE_CTX *xctx); -- cb=ctx->verify_cb; -+ int i, ok; -+ X509 *x; -+ int (*cb) (int xok, X509_STORE_CTX *xctx); -+ cb = ctx->verify_cb; - /* For now just check the last certificate in the chain */ -- i = sk_X509_num(ctx->chain) - 1; -- x = sk_X509_value(ctx->chain, i); -- ok = X509_check_trust(x, ctx->param->trust, 0); -- if (ok == X509_TRUST_TRUSTED) -- return 1; -- ctx->error_depth = i; -- ctx->current_cert = x; -- if (ok == X509_TRUST_REJECTED) -- ctx->error = X509_V_ERR_CERT_REJECTED; -- else -- ctx->error = X509_V_ERR_CERT_UNTRUSTED; -- ok = cb(0, ctx); -- return ok; -+ i = sk_X509_num(ctx->chain) - 1; -+ x = sk_X509_value(ctx->chain, i); -+ ok = X509_check_trust(x, ctx->param->trust, 0); -+ if (ok == X509_TRUST_TRUSTED) -+ return 1; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ if (ok == X509_TRUST_REJECTED) -+ ctx->error = X509_V_ERR_CERT_REJECTED; -+ else -+ ctx->error = X509_V_ERR_CERT_UNTRUSTED; -+ ok = cb(0, ctx); -+ return ok; - #endif - } - - static int check_revocation(X509_STORE_CTX *ctx) -- { -- int i, last, ok; -- if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) -- return 1; -- if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) -- last = sk_X509_num(ctx->chain) - 1; -- else -- last = 0; -- for(i = 0; i <= last; i++) -- { -- ctx->error_depth = i; -- ok = check_cert(ctx); -- if (!ok) return ok; -- } -- return 1; -- } -+{ -+ int i, last, ok; -+ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) -+ return 1; -+ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) -+ last = sk_X509_num(ctx->chain) - 1; -+ else -+ last = 0; -+ for (i = 0; i <= last; i++) { -+ ctx->error_depth = i; -+ ok = check_cert(ctx); -+ if (!ok) -+ return ok; -+ } -+ return 1; -+} - - static int check_cert(X509_STORE_CTX *ctx) -- { -- X509_CRL *crl = NULL; -- X509 *x; -- int ok, cnum; -- cnum = ctx->error_depth; -- x = sk_X509_value(ctx->chain, cnum); -- ctx->current_cert = x; -- /* Try to retrieve relevant CRL */ -- ok = ctx->get_crl(ctx, &crl, x); -- /* If error looking up CRL, nothing we can do except -- * notify callback -- */ -- if(!ok) -- { -- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; -- ok = ctx->verify_cb(0, ctx); -- goto err; -- } -- ctx->current_crl = crl; -- ok = ctx->check_crl(ctx, crl); -- if (!ok) goto err; -- ok = ctx->cert_crl(ctx, crl, x); -- err: -- ctx->current_crl = NULL; -- X509_CRL_free(crl); -- return ok; -- -- } -+{ -+ X509_CRL *crl = NULL; -+ X509 *x; -+ int ok, cnum; -+ cnum = ctx->error_depth; -+ x = sk_X509_value(ctx->chain, cnum); -+ ctx->current_cert = x; -+ /* Try to retrieve relevant CRL */ -+ ok = ctx->get_crl(ctx, &crl, x); -+ /* -+ * If error looking up CRL, nothing we can do except notify callback -+ */ -+ if (!ok) { -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; -+ ok = ctx->verify_cb(0, ctx); -+ goto err; -+ } -+ ctx->current_crl = crl; -+ ok = ctx->check_crl(ctx, crl); -+ if (!ok) -+ goto err; -+ ok = ctx->cert_crl(ctx, crl, x); -+ err: -+ ctx->current_crl = NULL; -+ X509_CRL_free(crl); -+ return ok; -+ -+} - - /* Check CRL times against values in X509_STORE_CTX */ - - static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) -- { -- time_t *ptime; -- int i; -- ctx->current_crl = crl; -- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) -- ptime = &ctx->param->check_time; -- else -- ptime = NULL; -- -- i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); -- if (i == 0) -- { -- ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; -- if (!notify || !ctx->verify_cb(0, ctx)) -- return 0; -- } -- -- if (i > 0) -- { -- ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; -- if (!notify || !ctx->verify_cb(0, ctx)) -- return 0; -- } -- -- if(X509_CRL_get_nextUpdate(crl)) -- { -- i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); -- -- if (i == 0) -- { -- ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; -- if (!notify || !ctx->verify_cb(0, ctx)) -- return 0; -- } -- -- if (i < 0) -- { -- ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; -- if (!notify || !ctx->verify_cb(0, ctx)) -- return 0; -- } -- } -- -- ctx->current_crl = NULL; -- -- return 1; -- } -- --/* Lookup CRLs from the supplied list. Look for matching isser name -- * and validity. If we can't find a valid CRL return the last one -- * with matching name. This gives more meaningful error codes. Otherwise -- * we'd get a CRL not found error if a CRL existed with matching name but -- * was invalid. -+{ -+ time_t *ptime; -+ int i; -+ ctx->current_crl = crl; -+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) -+ ptime = &ctx->param->check_time; -+ else -+ ptime = NULL; -+ -+ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); -+ if (i == 0) { -+ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; -+ if (!notify || !ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ if (i > 0) { -+ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; -+ if (!notify || !ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ if (X509_CRL_get_nextUpdate(crl)) { -+ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); -+ -+ if (i == 0) { -+ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; -+ if (!notify || !ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ if (i < 0) { -+ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; -+ if (!notify || !ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ } -+ -+ ctx->current_crl = NULL; -+ -+ return 1; -+} -+ -+/* -+ * Lookup CRLs from the supplied list. Look for matching isser name and -+ * validity. If we can't find a valid CRL return the last one with matching -+ * name. This gives more meaningful error codes. Otherwise we'd get a CRL not -+ * found error if a CRL existed with matching name but was invalid. - */ - - static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, -- X509_NAME *nm, STACK_OF(X509_CRL) *crls) -- { -- int i; -- X509_CRL *crl, *best_crl = NULL; -- for (i = 0; i < sk_X509_CRL_num(crls); i++) -- { -- crl = sk_X509_CRL_value(crls, i); -- if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) -- continue; -- if (check_crl_time(ctx, crl, 0)) -- { -- *pcrl = crl; -- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); -- return 1; -- } -- best_crl = crl; -- } -- if (best_crl) -- { -- *pcrl = best_crl; -- CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); -- } -- -- return 0; -- } -- --/* Retrieve CRL corresponding to certificate: currently just a -- * subject lookup: maybe use AKID later... -+ X509_NAME *nm, STACK_OF(X509_CRL) *crls) -+{ -+ int i; -+ X509_CRL *crl, *best_crl = NULL; -+ for (i = 0; i < sk_X509_CRL_num(crls); i++) { -+ crl = sk_X509_CRL_value(crls, i); -+ if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) -+ continue; -+ if (check_crl_time(ctx, crl, 0)) { -+ *pcrl = crl; -+ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); -+ return 1; -+ } -+ best_crl = crl; -+ } -+ if (best_crl) { -+ *pcrl = best_crl; -+ CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); -+ } -+ -+ return 0; -+} -+ -+/* -+ * Retrieve CRL corresponding to certificate: currently just a subject -+ * lookup: maybe use AKID later... - */ - static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) -- { -- int ok; -- X509_CRL *crl = NULL; -- X509_OBJECT xobj; -- X509_NAME *nm; -- nm = X509_get_issuer_name(x); -- ok = get_crl_sk(ctx, &crl, nm, ctx->crls); -- if (ok) -- { -- *pcrl = crl; -- return 1; -- } -- -- ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); -- -- if (!ok) -- { -- /* If we got a near match from get_crl_sk use that */ -- if (crl) -- { -- *pcrl = crl; -- return 1; -- } -- return 0; -- } -- -- *pcrl = xobj.data.crl; -- if (crl) -- X509_CRL_free(crl); -- return 1; -- } -+{ -+ int ok; -+ X509_CRL *crl = NULL; -+ X509_OBJECT xobj; -+ X509_NAME *nm; -+ nm = X509_get_issuer_name(x); -+ ok = get_crl_sk(ctx, &crl, nm, ctx->crls); -+ if (ok) { -+ *pcrl = crl; -+ return 1; -+ } -+ -+ ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); -+ -+ if (!ok) { -+ /* If we got a near match from get_crl_sk use that */ -+ if (crl) { -+ *pcrl = crl; -+ return 1; -+ } -+ return 0; -+ } -+ -+ *pcrl = xobj.data.crl; -+ if (crl) -+ X509_CRL_free(crl); -+ return 1; -+} - - /* Check CRL validity */ - static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) -- { -- X509 *issuer = NULL; -- EVP_PKEY *ikey = NULL; -- int ok = 0, chnum, cnum; -- cnum = ctx->error_depth; -- chnum = sk_X509_num(ctx->chain) - 1; -- /* Find CRL issuer: if not last certificate then issuer -- * is next certificate in chain. -- */ -- if(cnum < chnum) -- issuer = sk_X509_value(ctx->chain, cnum + 1); -- else -- { -- issuer = sk_X509_value(ctx->chain, chnum); -- /* If not self signed, can't check signature */ -- if(!ctx->check_issued(ctx, issuer, issuer)) -- { -- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; -- ok = ctx->verify_cb(0, ctx); -- if(!ok) goto err; -- } -- } -- -- if(issuer) -- { -- /* Check for cRLSign bit if keyUsage present */ -- if ((issuer->ex_flags & EXFLAG_KUSAGE) && -- !(issuer->ex_kusage & KU_CRL_SIGN)) -- { -- ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; -- ok = ctx->verify_cb(0, ctx); -- if(!ok) goto err; -- } -- -- /* Attempt to get issuer certificate public key */ -- ikey = X509_get_pubkey(issuer); -- -- if(!ikey) -- { -- ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; -- ok = ctx->verify_cb(0, ctx); -- if (!ok) goto err; -- } -- else -- { -- /* Verify CRL signature */ -- if(X509_CRL_verify(crl, ikey) <= 0) -- { -- ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE; -- ok = ctx->verify_cb(0, ctx); -- if (!ok) goto err; -- } -- } -- } -- -- ok = check_crl_time(ctx, crl, 1); -- if (!ok) -- goto err; -- -- ok = 1; -- -- err: -- EVP_PKEY_free(ikey); -- return ok; -- } -+{ -+ X509 *issuer = NULL; -+ EVP_PKEY *ikey = NULL; -+ int ok = 0, chnum, cnum; -+ cnum = ctx->error_depth; -+ chnum = sk_X509_num(ctx->chain) - 1; -+ /* -+ * Find CRL issuer: if not last certificate then issuer is next -+ * certificate in chain. -+ */ -+ if (cnum < chnum) -+ issuer = sk_X509_value(ctx->chain, cnum + 1); -+ else { -+ issuer = sk_X509_value(ctx->chain, chnum); -+ /* If not self signed, can't check signature */ -+ if (!ctx->check_issued(ctx, issuer, issuer)) { -+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } -+ } -+ -+ if (issuer) { -+ /* Check for cRLSign bit if keyUsage present */ -+ if ((issuer->ex_flags & EXFLAG_KUSAGE) && -+ !(issuer->ex_kusage & KU_CRL_SIGN)) { -+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } -+ -+ /* Attempt to get issuer certificate public key */ -+ ikey = X509_get_pubkey(issuer); -+ -+ if (!ikey) { -+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } else { -+ /* Verify CRL signature */ -+ if (X509_CRL_verify(crl, ikey) <= 0) { -+ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ goto err; -+ } -+ } -+ } -+ -+ ok = check_crl_time(ctx, crl, 1); -+ if (!ok) -+ goto err; -+ -+ ok = 1; -+ -+ err: -+ EVP_PKEY_free(ikey); -+ return ok; -+} - - /* Check certificate against CRL */ - static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) -- { -- int idx, ok; -- X509_REVOKED rtmp; -- STACK_OF(X509_EXTENSION) *exts; -- X509_EXTENSION *ext; -- /* Look for serial number of certificate in CRL */ -- rtmp.serialNumber = X509_get_serialNumber(x); -- /* Sort revoked into serial number order if not already sorted. -- * Do this under a lock to avoid race condition. -- */ -- if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); -- sk_X509_REVOKED_sort(crl->crl->revoked); -- CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); -- } -- idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); -- /* If found assume revoked: want something cleverer than -- * this to handle entry extensions in V2 CRLs. -- */ -- if(idx >= 0) -- { -- ctx->error = X509_V_ERR_CERT_REVOKED; -- ok = ctx->verify_cb(0, ctx); -- if (!ok) return 0; -- } -- -- if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) -- return 1; -- -- /* See if we have any critical CRL extensions: since we -- * currently don't handle any CRL extensions the CRL must be -- * rejected. -- * This code accesses the X509_CRL structure directly: applications -- * shouldn't do this. -- */ -- -- exts = crl->crl->extensions; -- -- for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) -- { -- ext = sk_X509_EXTENSION_value(exts, idx); -- if (ext->critical > 0) -- { -- ctx->error = -- X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; -- ok = ctx->verify_cb(0, ctx); -- if(!ok) return 0; -- break; -- } -- } -- return 1; -- } -+{ -+ int idx, ok; -+ X509_REVOKED rtmp; -+ STACK_OF(X509_EXTENSION) *exts; -+ X509_EXTENSION *ext; -+ /* Look for serial number of certificate in CRL */ -+ rtmp.serialNumber = X509_get_serialNumber(x); -+ /* -+ * Sort revoked into serial number order if not already sorted. Do this -+ * under a lock to avoid race condition. -+ */ -+ if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { -+ CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); -+ sk_X509_REVOKED_sort(crl->crl->revoked); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); -+ } -+ idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); -+ /* -+ * If found assume revoked: want something cleverer than this to handle -+ * entry extensions in V2 CRLs. -+ */ -+ if (idx >= 0) { -+ ctx->error = X509_V_ERR_CERT_REVOKED; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ return 0; -+ } -+ -+ if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) -+ return 1; -+ -+ /* -+ * See if we have any critical CRL extensions: since we currently don't -+ * handle any CRL extensions the CRL must be rejected. This code -+ * accesses the X509_CRL structure directly: applications shouldn't do -+ * this. -+ */ -+ -+ exts = crl->crl->extensions; -+ -+ for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { -+ ext = sk_X509_EXTENSION_value(exts, idx); -+ if (ext->critical > 0) { -+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; -+ ok = ctx->verify_cb(0, ctx); -+ if (!ok) -+ return 0; -+ break; -+ } -+ } -+ return 1; -+} - - static int check_policy(X509_STORE_CTX *ctx) -- { -- int ret; -- ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, -- ctx->param->policies, ctx->param->flags); -- if (ret == 0) -- { -- X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- /* Invalid or inconsistent extensions */ -- if (ret == -1) -- { -- /* Locate certificates with bad extensions and notify -- * callback. -- */ -- X509 *x; -- int i; -- for (i = 1; i < sk_X509_num(ctx->chain); i++) -- { -- x = sk_X509_value(ctx->chain, i); -- if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) -- continue; -- ctx->current_cert = x; -- ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; -- ret = ctx->verify_cb(0, ctx); -- } -- return 1; -- } -- if (ret == -2) -- { -- ctx->current_cert = NULL; -- ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; -- return ctx->verify_cb(0, ctx); -- } -- -- if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) -- { -- ctx->current_cert = NULL; -- ctx->error = X509_V_OK; -- if (!ctx->verify_cb(2, ctx)) -- return 0; -- } -- -- return 1; -- } -+{ -+ int ret; -+ ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, -+ ctx->param->policies, ctx->param->flags); -+ if (ret == 0) { -+ X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ /* Invalid or inconsistent extensions */ -+ if (ret == -1) { -+ /* -+ * Locate certificates with bad extensions and notify callback. -+ */ -+ X509 *x; -+ int i; -+ for (i = 1; i < sk_X509_num(ctx->chain); i++) { -+ x = sk_X509_value(ctx->chain, i); -+ if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) -+ continue; -+ ctx->current_cert = x; -+ ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; -+ ret = ctx->verify_cb(0, ctx); -+ } -+ return 1; -+ } -+ if (ret == -2) { -+ ctx->current_cert = NULL; -+ ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; -+ return ctx->verify_cb(0, ctx); -+ } -+ -+ if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { -+ ctx->current_cert = NULL; -+ ctx->error = X509_V_OK; -+ if (!ctx->verify_cb(2, ctx)) -+ return 0; -+ } -+ -+ return 1; -+} - - static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) -- { -+{ - #if defined(OPENSSL_SYS_UEFI) - /* Bypass Certificate Time Checking for UEFI version. */ - return 1; - #else -- time_t *ptime; -- int i; -- -- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) -- ptime = &ctx->param->check_time; -- else -- ptime = NULL; -- -- i=X509_cmp_time(X509_get_notBefore(x), ptime); -- if (i == 0) -- { -- ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; -- ctx->current_cert=x; -- if (!ctx->verify_cb(0, ctx)) -- return 0; -- } -- -- if (i > 0) -- { -- ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; -- ctx->current_cert=x; -- if (!ctx->verify_cb(0, ctx)) -- return 0; -- } -- -- i=X509_cmp_time(X509_get_notAfter(x), ptime); -- if (i == 0) -- { -- ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; -- ctx->current_cert=x; -- if (!ctx->verify_cb(0, ctx)) -- return 0; -- } -- -- if (i < 0) -- { -- ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; -- ctx->current_cert=x; -- if (!ctx->verify_cb(0, ctx)) -- return 0; -- } -- -- return 1; --#endif -- } -+ time_t *ptime; -+ int i; -+ -+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) -+ ptime = &ctx->param->check_time; -+ else -+ ptime = NULL; -+ -+ i = X509_cmp_time(X509_get_notBefore(x), ptime); -+ if (i == 0) { -+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ if (i > 0) { -+ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ i = X509_cmp_time(X509_get_notAfter(x), ptime); -+ if (i == 0) { -+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ if (i < 0) { -+ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0, ctx)) -+ return 0; -+ } -+ -+ return 1; -+#endif -+} - - static int internal_verify(X509_STORE_CTX *ctx) -- { -- int ok=0,n; -- X509 *xs,*xi; -- EVP_PKEY *pkey=NULL; -- int (*cb)(int xok,X509_STORE_CTX *xctx); -- -- cb=ctx->verify_cb; -- -- n=sk_X509_num(ctx->chain); -- ctx->error_depth=n-1; -- n--; -- xi=sk_X509_value(ctx->chain,n); -- -- if (ctx->check_issued(ctx, xi, xi)) -- xs=xi; -- else -- { -- if (n <= 0) -- { -- ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; -- ctx->current_cert=xi; -- ok=cb(0,ctx); -- goto end; -- } -- else -- { -- n--; -- ctx->error_depth=n; -- xs=sk_X509_value(ctx->chain,n); -- } -- } -- --/* ctx->error=0; not needed */ -- while (n >= 0) -- { -- ctx->error_depth=n; -- -- /* Skip signature check for self signed certificates unless -- * explicitly asked for. It doesn't add any security and -- * just wastes time. -- */ -- if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) -- { -- if ((pkey=X509_get_pubkey(xi)) == NULL) -- { -- ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; -- ctx->current_cert=xi; -- ok=(*cb)(0,ctx); -- if (!ok) goto end; -- } -- else if (X509_verify(xs,pkey) <= 0) -- { -- ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; -- ctx->current_cert=xs; -- ok=(*cb)(0,ctx); -- if (!ok) -- { -- EVP_PKEY_free(pkey); -- goto end; -- } -- } -- EVP_PKEY_free(pkey); -- pkey=NULL; -- } -- -- xs->valid = 1; -- -- ok = check_cert_time(ctx, xs); -- if (!ok) -- goto end; -- -- /* The last error (if any) is still in the error value */ -- ctx->current_issuer=xi; -- ctx->current_cert=xs; -- ok=(*cb)(1,ctx); -- if (!ok) goto end; -- -- n--; -- if (n >= 0) -- { -- xi=xs; -- xs=sk_X509_value(ctx->chain,n); -- } -- } -- ok=1; --end: -- return ok; -- } -+{ -+ int ok = 0, n; -+ X509 *xs, *xi; -+ EVP_PKEY *pkey = NULL; -+ int (*cb) (int xok, X509_STORE_CTX *xctx); -+ -+ cb = ctx->verify_cb; -+ -+ n = sk_X509_num(ctx->chain); -+ ctx->error_depth = n - 1; -+ n--; -+ xi = sk_X509_value(ctx->chain, n); -+ -+ if (ctx->check_issued(ctx, xi, xi)) -+ xs = xi; -+ else { -+ if (n <= 0) { -+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; -+ ctx->current_cert = xi; -+ ok = cb(0, ctx); -+ goto end; -+ } else { -+ n--; -+ ctx->error_depth = n; -+ xs = sk_X509_value(ctx->chain, n); -+ } -+ } -+ -+/* ctx->error=0; not needed */ -+ while (n >= 0) { -+ ctx->error_depth = n; -+ -+ /* -+ * Skip signature check for self signed certificates unless -+ * explicitly asked for. It doesn't add any security and just wastes -+ * time. -+ */ -+ if (!xs->valid -+ && (xs != xi -+ || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { -+ if ((pkey = X509_get_pubkey(xi)) == NULL) { -+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; -+ ctx->current_cert = xi; -+ ok = (*cb) (0, ctx); -+ if (!ok) -+ goto end; -+ } else if (X509_verify(xs, pkey) <= 0) { -+ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; -+ ctx->current_cert = xs; -+ ok = (*cb) (0, ctx); -+ if (!ok) { -+ EVP_PKEY_free(pkey); -+ goto end; -+ } -+ } -+ EVP_PKEY_free(pkey); -+ pkey = NULL; -+ } -+ -+ xs->valid = 1; -+ -+ ok = check_cert_time(ctx, xs); -+ if (!ok) -+ goto end; -+ -+ /* The last error (if any) is still in the error value */ -+ ctx->current_issuer = xi; -+ ctx->current_cert = xs; -+ ok = (*cb) (1, ctx); -+ if (!ok) -+ goto end; -+ -+ n--; -+ if (n >= 0) { -+ xi = xs; -+ xs = sk_X509_value(ctx->chain, n); -+ } -+ } -+ ok = 1; -+ end: -+ return ok; -+} - - int X509_cmp_current_time(ASN1_TIME *ctm) - { -- return X509_cmp_time(ctm, NULL); -+ return X509_cmp_time(ctm, NULL); - } - - int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) -- { -- char *str; -- ASN1_TIME atm; -- long offset; -- char buff1[24],buff2[24],*p; -- int i,j; -- -- p=buff1; -- i=ctm->length; -- str=(char *)ctm->data; -- if (ctm->type == V_ASN1_UTCTIME) -- { -- if ((i < 11) || (i > 17)) return 0; -- memcpy(p,str,10); -- p+=10; -- str+=10; -- } -- else -- { -- if (i < 13) return 0; -- memcpy(p,str,12); -- p+=12; -- str+=12; -- } -- -- if ((*str == 'Z') || (*str == '-') || (*str == '+')) -- { *(p++)='0'; *(p++)='0'; } -- else -- { -- *(p++)= *(str++); -- *(p++)= *(str++); -- /* Skip any fractional seconds... */ -- if (*str == '.') -- { -- str++; -- while ((*str >= '0') && (*str <= '9')) str++; -- } -- -- } -- *(p++)='Z'; -- *(p++)='\0'; -- -- if (*str == 'Z') -- offset=0; -- else -- { -- if ((*str != '+') && (*str != '-')) -- return 0; -- offset=((str[1]-'0')*10+(str[2]-'0'))*60; -- offset+=(str[3]-'0')*10+(str[4]-'0'); -- if (*str == '-') -- offset= -offset; -- } -- atm.type=ctm->type; -- atm.length=sizeof(buff2); -- atm.data=(unsigned char *)buff2; -- -- if (X509_time_adj(&atm, offset*60, cmp_time) == NULL) -- return 0; -- -- if (ctm->type == V_ASN1_UTCTIME) -- { -- i=(buff1[0]-'0')*10+(buff1[1]-'0'); -- if (i < 50) i+=100; /* cf. RFC 2459 */ -- j=(buff2[0]-'0')*10+(buff2[1]-'0'); -- if (j < 50) j+=100; -- -- if (i < j) return -1; -- if (i > j) return 1; -- } -- i=strcmp(buff1,buff2); -- if (i == 0) /* wait a second then return younger :-) */ -- return -1; -- else -- return i; -- } -+{ -+ char *str; -+ ASN1_TIME atm; -+ long offset; -+ char buff1[24], buff2[24], *p; -+ int i, j; -+ -+ p = buff1; -+ i = ctm->length; -+ str = (char *)ctm->data; -+ if (ctm->type == V_ASN1_UTCTIME) { -+ if ((i < 11) || (i > 17)) -+ return 0; -+ memcpy(p, str, 10); -+ p += 10; -+ str += 10; -+ } else { -+ if (i < 13) -+ return 0; -+ memcpy(p, str, 12); -+ p += 12; -+ str += 12; -+ } -+ -+ if ((*str == 'Z') || (*str == '-') || (*str == '+')) { -+ *(p++) = '0'; -+ *(p++) = '0'; -+ } else { -+ *(p++) = *(str++); -+ *(p++) = *(str++); -+ /* Skip any fractional seconds... */ -+ if (*str == '.') { -+ str++; -+ while ((*str >= '0') && (*str <= '9')) -+ str++; -+ } -+ -+ } -+ *(p++) = 'Z'; -+ *(p++) = '\0'; -+ -+ if (*str == 'Z') -+ offset = 0; -+ else { -+ if ((*str != '+') && (*str != '-')) -+ return 0; -+ offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; -+ offset += (str[3] - '0') * 10 + (str[4] - '0'); -+ if (*str == '-') -+ offset = -offset; -+ } -+ atm.type = ctm->type; -+ atm.length = sizeof(buff2); -+ atm.data = (unsigned char *)buff2; -+ -+ if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) -+ return 0; -+ -+ if (ctm->type == V_ASN1_UTCTIME) { -+ i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); -+ if (i < 50) -+ i += 100; /* cf. RFC 2459 */ -+ j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); -+ if (j < 50) -+ j += 100; -+ -+ if (i < j) -+ return -1; -+ if (i > j) -+ return 1; -+ } -+ i = strcmp(buff1, buff2); -+ if (i == 0) /* wait a second then return younger :-) */ -+ return -1; -+ else -+ return i; -+} - - ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) - { -- return X509_time_adj(s, adj, NULL); -+ return X509_time_adj(s, adj, NULL); - } - - ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) -- { -- time_t t; -- int type = -1; -- -- if (in_tm) t = *in_tm; -- else time(&t); -- -- t+=adj; -- if (s) type = s->type; -- if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); -- if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); -- return ASN1_TIME_set(s, t); -- } -+{ -+ time_t t; -+ int type = -1; -+ -+ if (in_tm) -+ t = *in_tm; -+ else -+ time(&t); -+ -+ t += adj; -+ if (s) -+ type = s->type; -+ if (type == V_ASN1_UTCTIME) -+ return ASN1_UTCTIME_set(s, t); -+ if (type == V_ASN1_GENERALIZEDTIME) -+ return ASN1_GENERALIZEDTIME_set(s, t); -+ return ASN1_TIME_set(s, t); -+} - - int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) -- { -- EVP_PKEY *ktmp=NULL,*ktmp2; -- int i,j; -- -- if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; -- -- for (i=0; i= 0; j--) -- { -- ktmp2=X509_get_pubkey(sk_X509_value(chain,j)); -- EVP_PKEY_copy_parameters(ktmp2,ktmp); -- EVP_PKEY_free(ktmp2); -- } -- -- if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); -- EVP_PKEY_free(ktmp); -- return 1; -- } -- --int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, -- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -- { -- /* This function is (usually) called only once, by -- * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ -- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, -- new_func, dup_func, free_func); -- } -+{ -+ EVP_PKEY *ktmp = NULL, *ktmp2; -+ int i, j; -+ -+ if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) -+ return 1; -+ -+ for (i = 0; i < sk_X509_num(chain); i++) { -+ ktmp = X509_get_pubkey(sk_X509_value(chain, i)); -+ if (ktmp == NULL) { -+ X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, -+ X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); -+ return 0; -+ } -+ if (!EVP_PKEY_missing_parameters(ktmp)) -+ break; -+ else { -+ EVP_PKEY_free(ktmp); -+ ktmp = NULL; -+ } -+ } -+ if (ktmp == NULL) { -+ X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, -+ X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); -+ return 0; -+ } -+ -+ /* first, populate the other certs */ -+ for (j = i - 1; j >= 0; j--) { -+ ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); -+ EVP_PKEY_copy_parameters(ktmp2, ktmp); -+ EVP_PKEY_free(ktmp2); -+ } -+ -+ if (pkey != NULL) -+ EVP_PKEY_copy_parameters(pkey, ktmp); -+ EVP_PKEY_free(ktmp); -+ return 1; -+} -+ -+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, -+ CRYPTO_EX_new *new_func, -+ CRYPTO_EX_dup *dup_func, -+ CRYPTO_EX_free *free_func) -+{ -+ /* -+ * This function is (usually) called only once, by -+ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). -+ */ -+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, -+ new_func, dup_func, free_func); -+} - - int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) -- { -- return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); -- } -+{ -+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); -+} - - void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) -- { -- return CRYPTO_get_ex_data(&ctx->ex_data,idx); -- } -+{ -+ return CRYPTO_get_ex_data(&ctx->ex_data, idx); -+} - - int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) -- { -- return ctx->error; -- } -+{ -+ return ctx->error; -+} - - void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) -- { -- ctx->error=err; -- } -+{ -+ ctx->error = err; -+} - - int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) -- { -- return ctx->error_depth; -- } -+{ -+ return ctx->error_depth; -+} - - X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) -- { -- return ctx->current_cert; -- } -+{ -+ return ctx->current_cert; -+} - - STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) -- { -- return ctx->chain; -- } -+{ -+ return ctx->chain; -+} - - STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) -- { -- int i; -- X509 *x; -- STACK_OF(X509) *chain; -- if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; -- for (i = 0; i < sk_X509_num(chain); i++) -- { -- x = sk_X509_value(chain, i); -- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); -- } -- return chain; -- } -+{ -+ int i; -+ X509 *x; -+ STACK_OF(X509) *chain; -+ if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) -+ return NULL; -+ for (i = 0; i < sk_X509_num(chain); i++) { -+ x = sk_X509_value(chain, i); -+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); -+ } -+ return chain; -+} - - void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) -- { -- ctx->cert=x; -- } -+{ -+ ctx->cert = x; -+} - - void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) -- { -- ctx->untrusted=sk; -- } -+{ -+ ctx->untrusted = sk; -+} - - void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) -- { -- ctx->crls=sk; -- } -+{ -+ ctx->crls = sk; -+} - - int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) -- { -- return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); -- } -+{ -+ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); -+} - - int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) -- { -- return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); -- } -- --/* This function is used to set the X509_STORE_CTX purpose and trust -- * values. This is intended to be used when another structure has its -- * own trust and purpose values which (if set) will be inherited by -- * the ctx. If they aren't set then we will usually have a default -- * purpose in mind which should then be used to set the trust value. -- * An example of this is SSL use: an SSL structure will have its own -- * purpose and trust settings which the application can set: if they -- * aren't set then we use the default of SSL client/server. -+{ -+ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); -+} -+ -+/* -+ * This function is used to set the X509_STORE_CTX purpose and trust values. -+ * This is intended to be used when another structure has its own trust and -+ * purpose values which (if set) will be inherited by the ctx. If they aren't -+ * set then we will usually have a default purpose in mind which should then -+ * be used to set the trust value. An example of this is SSL use: an SSL -+ * structure will have its own purpose and trust settings which the -+ * application can set: if they aren't set then we use the default of SSL -+ * client/server. - */ - - int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, -- int purpose, int trust) -+ int purpose, int trust) - { -- int idx; -- /* If purpose not set use default */ -- if (!purpose) purpose = def_purpose; -- /* If we have a purpose then check it is valid */ -- if (purpose) -- { -- X509_PURPOSE *ptmp; -- idx = X509_PURPOSE_get_by_id(purpose); -- if (idx == -1) -- { -- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, -- X509_R_UNKNOWN_PURPOSE_ID); -- return 0; -- } -- ptmp = X509_PURPOSE_get0(idx); -- if (ptmp->trust == X509_TRUST_DEFAULT) -- { -- idx = X509_PURPOSE_get_by_id(def_purpose); -- if (idx == -1) -- { -- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, -- X509_R_UNKNOWN_PURPOSE_ID); -- return 0; -- } -- ptmp = X509_PURPOSE_get0(idx); -- } -- /* If trust not set then get from purpose default */ -- if (!trust) trust = ptmp->trust; -- } -- if (trust) -- { -- idx = X509_TRUST_get_by_id(trust); -- if (idx == -1) -- { -- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, -- X509_R_UNKNOWN_TRUST_ID); -- return 0; -- } -- } -- -- if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose; -- if (trust && !ctx->param->trust) ctx->param->trust = trust; -- return 1; -+ int idx; -+ /* If purpose not set use default */ -+ if (!purpose) -+ purpose = def_purpose; -+ /* If we have a purpose then check it is valid */ -+ if (purpose) { -+ X509_PURPOSE *ptmp; -+ idx = X509_PURPOSE_get_by_id(purpose); -+ if (idx == -1) { -+ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, -+ X509_R_UNKNOWN_PURPOSE_ID); -+ return 0; -+ } -+ ptmp = X509_PURPOSE_get0(idx); -+ if (ptmp->trust == X509_TRUST_DEFAULT) { -+ idx = X509_PURPOSE_get_by_id(def_purpose); -+ if (idx == -1) { -+ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, -+ X509_R_UNKNOWN_PURPOSE_ID); -+ return 0; -+ } -+ ptmp = X509_PURPOSE_get0(idx); -+ } -+ /* If trust not set then get from purpose default */ -+ if (!trust) -+ trust = ptmp->trust; -+ } -+ if (trust) { -+ idx = X509_TRUST_get_by_id(trust); -+ if (idx == -1) { -+ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, -+ X509_R_UNKNOWN_TRUST_ID); -+ return 0; -+ } -+ } -+ -+ if (purpose && !ctx->param->purpose) -+ ctx->param->purpose = purpose; -+ if (trust && !ctx->param->trust) -+ ctx->param->trust = trust; -+ return 1; - } - - X509_STORE_CTX *X509_STORE_CTX_new(void) - { -- X509_STORE_CTX *ctx; -- ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); -- if (!ctx) -- { -- X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- memset(ctx, 0, sizeof(X509_STORE_CTX)); -- return ctx; -+ X509_STORE_CTX *ctx; -+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); -+ if (!ctx) { -+ X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ memset(ctx, 0, sizeof(X509_STORE_CTX)); -+ return ctx; - } - - void X509_STORE_CTX_free(X509_STORE_CTX *ctx) - { -- X509_STORE_CTX_cleanup(ctx); -- OPENSSL_free(ctx); -+ X509_STORE_CTX_cleanup(ctx); -+ OPENSSL_free(ctx); - } - - int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, -- STACK_OF(X509) *chain) -- { -- int ret = 1; -- ctx->ctx=store; -- ctx->current_method=0; -- ctx->cert=x509; -- ctx->untrusted=chain; -- ctx->crls = NULL; -- ctx->last_untrusted=0; -- ctx->other_ctx=NULL; -- ctx->valid=0; -- ctx->chain=NULL; -- ctx->error=0; -- ctx->explicit_policy=0; -- ctx->error_depth=0; -- ctx->current_cert=NULL; -- ctx->current_issuer=NULL; -- ctx->tree = NULL; -- -- ctx->param = X509_VERIFY_PARAM_new(); -- -- if (!ctx->param) -- { -- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- /* Inherit callbacks and flags from X509_STORE if not set -- * use defaults. -- */ -- -- -- if (store) -- ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); -- else -- ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; -- -- if (store) -- { -- ctx->verify_cb = store->verify_cb; -- ctx->cleanup = store->cleanup; -- } -- else -- ctx->cleanup = 0; -- -- if (ret) -- ret = X509_VERIFY_PARAM_inherit(ctx->param, -- X509_VERIFY_PARAM_lookup("default")); -- -- if (ret == 0) -- { -- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- -- if (store && store->check_issued) -- ctx->check_issued = store->check_issued; -- else -- ctx->check_issued = check_issued; -- -- if (store && store->get_issuer) -- ctx->get_issuer = store->get_issuer; -- else -- ctx->get_issuer = X509_STORE_CTX_get1_issuer; -- -- if (store && store->verify_cb) -- ctx->verify_cb = store->verify_cb; -- else -- ctx->verify_cb = null_callback; -- -- if (store && store->verify) -- ctx->verify = store->verify; -- else -- ctx->verify = internal_verify; -- -- if (store && store->check_revocation) -- ctx->check_revocation = store->check_revocation; -- else -- ctx->check_revocation = check_revocation; -- -- if (store && store->get_crl) -- ctx->get_crl = store->get_crl; -- else -- ctx->get_crl = get_crl; -- -- if (store && store->check_crl) -- ctx->check_crl = store->check_crl; -- else -- ctx->check_crl = check_crl; -- -- if (store && store->cert_crl) -- ctx->cert_crl = store->cert_crl; -- else -- ctx->cert_crl = cert_crl; -- -- ctx->check_policy = check_policy; -- -- -- /* This memset() can't make any sense anyway, so it's removed. As -- * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a -- * corresponding "new" here and remove this bogus initialisation. */ -- /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ -- if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, -- &(ctx->ex_data))) -- { -- OPENSSL_free(ctx); -- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- return 1; -- } -- --/* Set alternative lookup method: just a STACK of trusted certificates. -- * This avoids X509_STORE nastiness where it isn't needed. -+ STACK_OF(X509) *chain) -+{ -+ int ret = 1; -+ ctx->ctx = store; -+ ctx->current_method = 0; -+ ctx->cert = x509; -+ ctx->untrusted = chain; -+ ctx->crls = NULL; -+ ctx->last_untrusted = 0; -+ ctx->other_ctx = NULL; -+ ctx->valid = 0; -+ ctx->chain = NULL; -+ ctx->error = 0; -+ ctx->explicit_policy = 0; -+ ctx->error_depth = 0; -+ ctx->current_cert = NULL; -+ ctx->current_issuer = NULL; -+ ctx->tree = NULL; -+ -+ ctx->param = X509_VERIFY_PARAM_new(); -+ -+ if (!ctx->param) { -+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ /* -+ * Inherit callbacks and flags from X509_STORE if not set use defaults. -+ */ -+ -+ if (store) -+ ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); -+ else -+ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; -+ -+ if (store) { -+ ctx->verify_cb = store->verify_cb; -+ ctx->cleanup = store->cleanup; -+ } else -+ ctx->cleanup = 0; -+ -+ if (ret) -+ ret = X509_VERIFY_PARAM_inherit(ctx->param, -+ X509_VERIFY_PARAM_lookup("default")); -+ -+ if (ret == 0) { -+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ if (store && store->check_issued) -+ ctx->check_issued = store->check_issued; -+ else -+ ctx->check_issued = check_issued; -+ -+ if (store && store->get_issuer) -+ ctx->get_issuer = store->get_issuer; -+ else -+ ctx->get_issuer = X509_STORE_CTX_get1_issuer; -+ -+ if (store && store->verify_cb) -+ ctx->verify_cb = store->verify_cb; -+ else -+ ctx->verify_cb = null_callback; -+ -+ if (store && store->verify) -+ ctx->verify = store->verify; -+ else -+ ctx->verify = internal_verify; -+ -+ if (store && store->check_revocation) -+ ctx->check_revocation = store->check_revocation; -+ else -+ ctx->check_revocation = check_revocation; -+ -+ if (store && store->get_crl) -+ ctx->get_crl = store->get_crl; -+ else -+ ctx->get_crl = get_crl; -+ -+ if (store && store->check_crl) -+ ctx->check_crl = store->check_crl; -+ else -+ ctx->check_crl = check_crl; -+ -+ if (store && store->cert_crl) -+ ctx->cert_crl = store->cert_crl; -+ else -+ ctx->cert_crl = cert_crl; -+ -+ ctx->check_policy = check_policy; -+ -+ /* -+ * This memset() can't make any sense anyway, so it's removed. As -+ * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a -+ * corresponding "new" here and remove this bogus initialisation. -+ */ -+ /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ -+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, -+ &(ctx->ex_data))) { -+ OPENSSL_free(ctx); -+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ return 1; -+} -+ -+/* -+ * Set alternative lookup method: just a STACK of trusted certificates. This -+ * avoids X509_STORE nastiness where it isn't needed. - */ - - void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) - { -- ctx->other_ctx = sk; -- ctx->get_issuer = get_issuer_sk; -+ ctx->other_ctx = sk; -+ ctx->get_issuer = get_issuer_sk; - } - - void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) -- { -- if (ctx->cleanup) ctx->cleanup(ctx); -- if (ctx->param != NULL) -- { -- X509_VERIFY_PARAM_free(ctx->param); -- ctx->param=NULL; -- } -- if (ctx->tree != NULL) -- { -- X509_policy_tree_free(ctx->tree); -- ctx->tree=NULL; -- } -- if (ctx->chain != NULL) -- { -- sk_X509_pop_free(ctx->chain,X509_free); -- ctx->chain=NULL; -- } -- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); -- memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); -- } -+{ -+ if (ctx->cleanup) -+ ctx->cleanup(ctx); -+ if (ctx->param != NULL) { -+ X509_VERIFY_PARAM_free(ctx->param); -+ ctx->param = NULL; -+ } -+ if (ctx->tree != NULL) { -+ X509_policy_tree_free(ctx->tree); -+ ctx->tree = NULL; -+ } -+ if (ctx->chain != NULL) { -+ sk_X509_pop_free(ctx->chain, X509_free); -+ ctx->chain = NULL; -+ } -+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); -+ memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); -+} - - void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) -- { -- X509_VERIFY_PARAM_set_depth(ctx->param, depth); -- } -+{ -+ X509_VERIFY_PARAM_set_depth(ctx->param, depth); -+} - - void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) -- { -- X509_VERIFY_PARAM_set_flags(ctx->param, flags); -- } -+{ -+ X509_VERIFY_PARAM_set_flags(ctx->param, flags); -+} - --void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) -- { -- X509_VERIFY_PARAM_set_time(ctx->param, t); -- } -+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, -+ time_t t) -+{ -+ X509_VERIFY_PARAM_set_time(ctx->param, t); -+} - - void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, -- int (*verify_cb)(int, X509_STORE_CTX *)) -- { -- ctx->verify_cb=verify_cb; -- } -+ int (*verify_cb) (int, X509_STORE_CTX *)) -+{ -+ ctx->verify_cb = verify_cb; -+} - - X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) -- { -- return ctx->tree; -- } -+{ -+ return ctx->tree; -+} - - int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) -- { -- return ctx->explicit_policy; -- } -+{ -+ return ctx->explicit_policy; -+} - - int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) -- { -- const X509_VERIFY_PARAM *param; -- param = X509_VERIFY_PARAM_lookup(name); -- if (!param) -- return 0; -- return X509_VERIFY_PARAM_inherit(ctx->param, param); -- } -+{ -+ const X509_VERIFY_PARAM *param; -+ param = X509_VERIFY_PARAM_lookup(name); -+ if (!param) -+ return 0; -+ return X509_VERIFY_PARAM_inherit(ctx->param, param); -+} - - X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) -- { -- return ctx->param; -- } -+{ -+ return ctx->param; -+} - - void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) -- { -- if (ctx->param) -- X509_VERIFY_PARAM_free(ctx->param); -- ctx->param = param; -- } -+{ -+ if (ctx->param) -+ X509_VERIFY_PARAM_free(ctx->param); -+ ctx->param = param; -+} - - IMPLEMENT_STACK_OF(X509) -+ - IMPLEMENT_ASN1_SET_OF(X509) - - IMPLEMENT_STACK_OF(X509_NAME) - - IMPLEMENT_STACK_OF(X509_ATTRIBUTE) -+ - IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c -index 01c5541..955ece2 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c -@@ -1,6 +1,7 @@ - /* x509_vpm.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -68,38 +69,38 @@ - /* X509_VERIFY_PARAM functions */ - - static void x509_verify_param_zero(X509_VERIFY_PARAM *param) -- { -- if (!param) -- return; -- param->name = NULL; -- param->purpose = 0; -- param->trust = 0; -- param->inh_flags = 0; -- param->flags = 0; -- param->depth = -1; -- if (param->policies) -- { -- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -- param->policies = NULL; -- } -- } -+{ -+ if (!param) -+ return; -+ param->name = NULL; -+ param->purpose = 0; -+ param->trust = 0; -+ param->inh_flags = 0; -+ param->flags = 0; -+ param->depth = -1; -+ if (param->policies) { -+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -+ param->policies = NULL; -+ } -+} - - X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) -- { -- X509_VERIFY_PARAM *param; -- param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); -- memset(param, 0, sizeof(X509_VERIFY_PARAM)); -- x509_verify_param_zero(param); -- return param; -- } -+{ -+ X509_VERIFY_PARAM *param; -+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); -+ memset(param, 0, sizeof(X509_VERIFY_PARAM)); -+ x509_verify_param_zero(param); -+ return param; -+} - - void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) -- { -- x509_verify_param_zero(param); -- OPENSSL_free(param); -- } -+{ -+ x509_verify_param_zero(param); -+ OPENSSL_free(param); -+} - --/* This function determines how parameters are "inherited" from one structure -+/*- -+ * This function determines how parameters are "inherited" from one structure - * to another. There are several different ways this can happen. - * - * 1. If a child structure needs to have its values initialized from a parent -@@ -109,7 +110,7 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) - * for SSL servers or clients but only if the application has not set new - * ones. - * -- * The "inh_flags" field determines how this function behaves. -+ * The "inh_flags" field determines how this function behaves. - * - * Normally any values which are set in the default are not copied from the - * destination and verify flags are ORed together. -@@ -133,302 +134,293 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) - /* Macro to test if a field should be copied from src to dest */ - - #define test_x509_verify_param_copy(field, def) \ -- (to_overwrite || \ -- ((src->field != def) && (to_default || (dest->field == def)))) -+ (to_overwrite || \ -+ ((src->field != def) && (to_default || (dest->field == def)))) - - /* Macro to test and copy a field if necessary */ - - #define x509_verify_param_copy(field, def) \ -- if (test_x509_verify_param_copy(field, def)) \ -- dest->field = src->field -- -+ if (test_x509_verify_param_copy(field, def)) \ -+ dest->field = src->field - - int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, -- const X509_VERIFY_PARAM *src) -- { -- unsigned long inh_flags; -- int to_default, to_overwrite; -- if (!src) -- return 1; -- inh_flags = dest->inh_flags | src->inh_flags; -+ const X509_VERIFY_PARAM *src) -+{ -+ unsigned long inh_flags; -+ int to_default, to_overwrite; -+ if (!src) -+ return 1; -+ inh_flags = dest->inh_flags | src->inh_flags; - -- if (inh_flags & X509_VP_FLAG_ONCE) -- dest->inh_flags = 0; -+ if (inh_flags & X509_VP_FLAG_ONCE) -+ dest->inh_flags = 0; - -- if (inh_flags & X509_VP_FLAG_LOCKED) -- return 1; -+ if (inh_flags & X509_VP_FLAG_LOCKED) -+ return 1; - -- if (inh_flags & X509_VP_FLAG_DEFAULT) -- to_default = 1; -- else -- to_default = 0; -+ if (inh_flags & X509_VP_FLAG_DEFAULT) -+ to_default = 1; -+ else -+ to_default = 0; - -- if (inh_flags & X509_VP_FLAG_OVERWRITE) -- to_overwrite = 1; -- else -- to_overwrite = 0; -+ if (inh_flags & X509_VP_FLAG_OVERWRITE) -+ to_overwrite = 1; -+ else -+ to_overwrite = 0; - -- x509_verify_param_copy(purpose, 0); -- x509_verify_param_copy(trust, 0); -- x509_verify_param_copy(depth, -1); -+ x509_verify_param_copy(purpose, 0); -+ x509_verify_param_copy(trust, 0); -+ x509_verify_param_copy(depth, -1); - -- /* If overwrite or check time not set, copy across */ -+ /* If overwrite or check time not set, copy across */ - -- if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) -- { -- dest->check_time = src->check_time; -- dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; -- /* Don't need to copy flag: that is done below */ -- } -+ if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { -+ dest->check_time = src->check_time; -+ dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; -+ /* Don't need to copy flag: that is done below */ -+ } - -- if (inh_flags & X509_VP_FLAG_RESET_FLAGS) -- dest->flags = 0; -+ if (inh_flags & X509_VP_FLAG_RESET_FLAGS) -+ dest->flags = 0; - -- dest->flags |= src->flags; -+ dest->flags |= src->flags; - -- if (test_x509_verify_param_copy(policies, NULL)) -- { -- if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) -- return 0; -- } -+ if (test_x509_verify_param_copy(policies, NULL)) { -+ if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) -+ return 0; -+ } - -- return 1; -- } -+ return 1; -+} - - int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, -- const X509_VERIFY_PARAM *from) -- { -- unsigned long save_flags = to->inh_flags; -- int ret; -- to->inh_flags |= X509_VP_FLAG_DEFAULT; -- ret = X509_VERIFY_PARAM_inherit(to, from); -- to->inh_flags = save_flags; -- return ret; -- } -+ const X509_VERIFY_PARAM *from) -+{ -+ unsigned long save_flags = to->inh_flags; -+ int ret; -+ to->inh_flags |= X509_VP_FLAG_DEFAULT; -+ ret = X509_VERIFY_PARAM_inherit(to, from); -+ to->inh_flags = save_flags; -+ return ret; -+} - - int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) -- { -- if (param->name) -- OPENSSL_free(param->name); -- param->name = BUF_strdup(name); -- if (param->name) -- return 1; -- return 0; -- } -+{ -+ if (param->name) -+ OPENSSL_free(param->name); -+ param->name = BUF_strdup(name); -+ if (param->name) -+ return 1; -+ return 0; -+} - - int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) -- { -- param->flags |= flags; -- if (flags & X509_V_FLAG_POLICY_MASK) -- param->flags |= X509_V_FLAG_POLICY_CHECK; -- return 1; -- } -- --int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) -- { -- param->flags &= ~flags; -- return 1; -- } -+{ -+ param->flags |= flags; -+ if (flags & X509_V_FLAG_POLICY_MASK) -+ param->flags |= X509_V_FLAG_POLICY_CHECK; -+ return 1; -+} -+ -+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, -+ unsigned long flags) -+{ -+ param->flags &= ~flags; -+ return 1; -+} - - unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) -- { -- return param->flags; -- } -+{ -+ return param->flags; -+} - - int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) -- { -- return X509_PURPOSE_set(¶m->purpose, purpose); -- } -+{ -+ return X509_PURPOSE_set(¶m->purpose, purpose); -+} - - int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) -- { -- return X509_TRUST_set(¶m->trust, trust); -- } -+{ -+ return X509_TRUST_set(¶m->trust, trust); -+} - - void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) -- { -- param->depth = depth; -- } -+{ -+ param->depth = depth; -+} - - void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) -- { -- param->check_time = t; -- param->flags |= X509_V_FLAG_USE_CHECK_TIME; -- } -- --int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) -- { -- if (!param->policies) -- { -- param->policies = sk_ASN1_OBJECT_new_null(); -- if (!param->policies) -- return 0; -- } -- if (!sk_ASN1_OBJECT_push(param->policies, policy)) -- return 0; -- return 1; -- } -- --int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, -- STACK_OF(ASN1_OBJECT) *policies) -- { -- int i; -- ASN1_OBJECT *oid, *doid; -- if (!param) -- return 0; -- if (param->policies) -- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -- -- if (!policies) -- { -- param->policies = NULL; -- return 1; -- } -- -- param->policies = sk_ASN1_OBJECT_new_null(); -- if (!param->policies) -- return 0; -- -- for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) -- { -- oid = sk_ASN1_OBJECT_value(policies, i); -- doid = OBJ_dup(oid); -- if (!doid) -- return 0; -- if (!sk_ASN1_OBJECT_push(param->policies, doid)) -- { -- ASN1_OBJECT_free(doid); -- return 0; -- } -- } -- param->flags |= X509_V_FLAG_POLICY_CHECK; -- return 1; -- } -+{ -+ param->check_time = t; -+ param->flags |= X509_V_FLAG_USE_CHECK_TIME; -+} -+ -+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, -+ ASN1_OBJECT *policy) -+{ -+ if (!param->policies) { -+ param->policies = sk_ASN1_OBJECT_new_null(); -+ if (!param->policies) -+ return 0; -+ } -+ if (!sk_ASN1_OBJECT_push(param->policies, policy)) -+ return 0; -+ return 1; -+} -+ -+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, -+ STACK_OF(ASN1_OBJECT) *policies) -+{ -+ int i; -+ ASN1_OBJECT *oid, *doid; -+ if (!param) -+ return 0; -+ if (param->policies) -+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -+ -+ if (!policies) { -+ param->policies = NULL; -+ return 1; -+ } -+ -+ param->policies = sk_ASN1_OBJECT_new_null(); -+ if (!param->policies) -+ return 0; -+ -+ for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) { -+ oid = sk_ASN1_OBJECT_value(policies, i); -+ doid = OBJ_dup(oid); -+ if (!doid) -+ return 0; -+ if (!sk_ASN1_OBJECT_push(param->policies, doid)) { -+ ASN1_OBJECT_free(doid); -+ return 0; -+ } -+ } -+ param->flags |= X509_V_FLAG_POLICY_CHECK; -+ return 1; -+} - - int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) -- { -- return param->depth; -- } -- --/* Default verify parameters: these are used for various -- * applications and can be overridden by the user specified table. -- * NB: the 'name' field *must* be in alphabetical order because it -- * will be searched using OBJ_search. -+{ -+ return param->depth; -+} -+ -+/* -+ * Default verify parameters: these are used for various applications and can -+ * be overridden by the user specified table. NB: the 'name' field *must* be -+ * in alphabetical order because it will be searched using OBJ_search. - */ - - static const X509_VERIFY_PARAM default_table[] = { -- { -- "default", /* X509 default parameters */ -- 0, /* Check time */ -- 0, /* internal flags */ -- 0, /* flags */ -- 0, /* purpose */ -- 0, /* trust */ -- 100, /* depth */ -- NULL /* policies */ -- }, -- { -- "pkcs7", /* S/MIME signing parameters */ -- 0, /* Check time */ -- 0, /* internal flags */ -- 0, /* flags */ -- X509_PURPOSE_SMIME_SIGN, /* purpose */ -- X509_TRUST_EMAIL, /* trust */ -- -1, /* depth */ -- NULL /* policies */ -- }, -- { -- "smime_sign", /* S/MIME signing parameters */ -- 0, /* Check time */ -- 0, /* internal flags */ -- 0, /* flags */ -- X509_PURPOSE_SMIME_SIGN, /* purpose */ -- X509_TRUST_EMAIL, /* trust */ -- -1, /* depth */ -- NULL /* policies */ -- }, -- { -- "ssl_client", /* SSL/TLS client parameters */ -- 0, /* Check time */ -- 0, /* internal flags */ -- 0, /* flags */ -- X509_PURPOSE_SSL_CLIENT, /* purpose */ -- X509_TRUST_SSL_CLIENT, /* trust */ -- -1, /* depth */ -- NULL /* policies */ -- }, -- { -- "ssl_server", /* SSL/TLS server parameters */ -- 0, /* Check time */ -- 0, /* internal flags */ -- 0, /* flags */ -- X509_PURPOSE_SSL_SERVER, /* purpose */ -- X509_TRUST_SSL_SERVER, /* trust */ -- -1, /* depth */ -- NULL /* policies */ -- }}; -+ { -+ "default", /* X509 default parameters */ -+ 0, /* Check time */ -+ 0, /* internal flags */ -+ 0, /* flags */ -+ 0, /* purpose */ -+ 0, /* trust */ -+ 100, /* depth */ -+ NULL /* policies */ -+ }, -+ { -+ "pkcs7", /* S/MIME signing parameters */ -+ 0, /* Check time */ -+ 0, /* internal flags */ -+ 0, /* flags */ -+ X509_PURPOSE_SMIME_SIGN, /* purpose */ -+ X509_TRUST_EMAIL, /* trust */ -+ -1, /* depth */ -+ NULL /* policies */ -+ }, -+ { -+ "smime_sign", /* S/MIME signing parameters */ -+ 0, /* Check time */ -+ 0, /* internal flags */ -+ 0, /* flags */ -+ X509_PURPOSE_SMIME_SIGN, /* purpose */ -+ X509_TRUST_EMAIL, /* trust */ -+ -1, /* depth */ -+ NULL /* policies */ -+ }, -+ { -+ "ssl_client", /* SSL/TLS client parameters */ -+ 0, /* Check time */ -+ 0, /* internal flags */ -+ 0, /* flags */ -+ X509_PURPOSE_SSL_CLIENT, /* purpose */ -+ X509_TRUST_SSL_CLIENT, /* trust */ -+ -1, /* depth */ -+ NULL /* policies */ -+ }, -+ { -+ "ssl_server", /* SSL/TLS server parameters */ -+ 0, /* Check time */ -+ 0, /* internal flags */ -+ 0, /* flags */ -+ X509_PURPOSE_SSL_SERVER, /* purpose */ -+ X509_TRUST_SSL_SERVER, /* trust */ -+ -1, /* depth */ -+ NULL /* policies */ -+ } -+}; - - static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; - - static int table_cmp(const void *pa, const void *pb) -- { -- const X509_VERIFY_PARAM *a = pa, *b = pb; -- return strcmp(a->name, b->name); -- } -+{ -+ const X509_VERIFY_PARAM *a = pa, *b = pb; -+ return strcmp(a->name, b->name); -+} - --static int param_cmp(const X509_VERIFY_PARAM * const *a, -- const X509_VERIFY_PARAM * const *b) -- { -- return strcmp((*a)->name, (*b)->name); -- } -+static int param_cmp(const X509_VERIFY_PARAM *const *a, -+ const X509_VERIFY_PARAM *const *b) -+{ -+ return strcmp((*a)->name, (*b)->name); -+} - - int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) -- { -- int idx; -- X509_VERIFY_PARAM *ptmp; -- if (!param_table) -- { -- param_table = sk_X509_VERIFY_PARAM_new(param_cmp); -- if (!param_table) -- return 0; -- } -- else -- { -- idx = sk_X509_VERIFY_PARAM_find(param_table, param); -- if (idx != -1) -- { -- ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); -- X509_VERIFY_PARAM_free(ptmp); -- (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); -- } -- } -- if (!sk_X509_VERIFY_PARAM_push(param_table, param)) -- return 0; -- return 1; -- } -+{ -+ int idx; -+ X509_VERIFY_PARAM *ptmp; -+ if (!param_table) { -+ param_table = sk_X509_VERIFY_PARAM_new(param_cmp); -+ if (!param_table) -+ return 0; -+ } else { -+ idx = sk_X509_VERIFY_PARAM_find(param_table, param); -+ if (idx != -1) { -+ ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); -+ X509_VERIFY_PARAM_free(ptmp); -+ (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); -+ } -+ } -+ if (!sk_X509_VERIFY_PARAM_push(param_table, param)) -+ return 0; -+ return 1; -+} - - const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) -- { -- int idx; -- X509_VERIFY_PARAM pm; -- pm.name = (char *)name; -- if (param_table) -- { -- idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); -- if (idx != -1) -- return sk_X509_VERIFY_PARAM_value(param_table, idx); -- } -- return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm, -- (char *)&default_table, -- sizeof(default_table)/sizeof(X509_VERIFY_PARAM), -- sizeof(X509_VERIFY_PARAM), -- table_cmp); -- } -+{ -+ int idx; -+ X509_VERIFY_PARAM pm; -+ pm.name = (char *)name; -+ if (param_table) { -+ idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); -+ if (idx != -1) -+ return sk_X509_VERIFY_PARAM_value(param_table, idx); -+ } -+ return (const X509_VERIFY_PARAM *)OBJ_bsearch((char *)&pm, -+ (char *)&default_table, -+ sizeof(default_table) / -+ sizeof(X509_VERIFY_PARAM), -+ sizeof(X509_VERIFY_PARAM), -+ table_cmp); -+} - - void X509_VERIFY_PARAM_table_cleanup(void) -- { -- if (param_table) -- sk_X509_VERIFY_PARAM_pop_free(param_table, -- X509_VERIFY_PARAM_free); -- param_table = NULL; -- } -+{ -+ if (param_table) -+ sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); -+ param_table = NULL; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c -index 7f4004b..4ef8808 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509cset.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509cset.c -@@ -1,6 +1,7 @@ - /* crypto/x509/x509cset.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,107 +65,103 @@ - #include - - int X509_CRL_set_version(X509_CRL *x, long version) -- { -- if (x == NULL) return(0); -- if (x->crl->version == NULL) -- { -- if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL) -- return(0); -- } -- return(ASN1_INTEGER_set(x->crl->version,version)); -- } -+{ -+ if (x == NULL) -+ return (0); -+ if (x->crl->version == NULL) { -+ if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL) -+ return (0); -+ } -+ return (ASN1_INTEGER_set(x->crl->version, version)); -+} - - int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) -- { -- if ((x == NULL) || (x->crl == NULL)) return(0); -- return(X509_NAME_set(&x->crl->issuer,name)); -- } -- -+{ -+ if ((x == NULL) || (x->crl == NULL)) -+ return (0); -+ return (X509_NAME_set(&x->crl->issuer, name)); -+} - - int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) -- { -- ASN1_TIME *in; -+{ -+ ASN1_TIME *in; - -- if (x == NULL) return(0); -- in=x->crl->lastUpdate; -- if (in != tm) -- { -- in=M_ASN1_TIME_dup(tm); -- if (in != NULL) -- { -- M_ASN1_TIME_free(x->crl->lastUpdate); -- x->crl->lastUpdate=in; -- } -- } -- return(in != NULL); -- } -+ if (x == NULL) -+ return (0); -+ in = x->crl->lastUpdate; -+ if (in != tm) { -+ in = M_ASN1_TIME_dup(tm); -+ if (in != NULL) { -+ M_ASN1_TIME_free(x->crl->lastUpdate); -+ x->crl->lastUpdate = in; -+ } -+ } -+ return (in != NULL); -+} - - int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm) -- { -- ASN1_TIME *in; -+{ -+ ASN1_TIME *in; - -- if (x == NULL) return(0); -- in=x->crl->nextUpdate; -- if (in != tm) -- { -- in=M_ASN1_TIME_dup(tm); -- if (in != NULL) -- { -- M_ASN1_TIME_free(x->crl->nextUpdate); -- x->crl->nextUpdate=in; -- } -- } -- return(in != NULL); -- } -+ if (x == NULL) -+ return (0); -+ in = x->crl->nextUpdate; -+ if (in != tm) { -+ in = M_ASN1_TIME_dup(tm); -+ if (in != NULL) { -+ M_ASN1_TIME_free(x->crl->nextUpdate); -+ x->crl->nextUpdate = in; -+ } -+ } -+ return (in != NULL); -+} - - int X509_CRL_sort(X509_CRL *c) -- { -- int i; -- X509_REVOKED *r; -- /* sort the data so it will be written in serial -- * number order */ -- sk_X509_REVOKED_sort(c->crl->revoked); -- for (i=0; icrl->revoked); i++) -- { -- r=sk_X509_REVOKED_value(c->crl->revoked,i); -- r->sequence=i; -- } -- c->crl->enc.modified = 1; -- return 1; -- } -+{ -+ int i; -+ X509_REVOKED *r; -+ /* -+ * sort the data so it will be written in serial number order -+ */ -+ sk_X509_REVOKED_sort(c->crl->revoked); -+ for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) { -+ r = sk_X509_REVOKED_value(c->crl->revoked, i); -+ r->sequence = i; -+ } -+ c->crl->enc.modified = 1; -+ return 1; -+} - - int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) -- { -- ASN1_TIME *in; -+{ -+ ASN1_TIME *in; - -- if (x == NULL) return(0); -- in=x->revocationDate; -- if (in != tm) -- { -- in=M_ASN1_TIME_dup(tm); -- if (in != NULL) -- { -- M_ASN1_TIME_free(x->revocationDate); -- x->revocationDate=in; -- } -- } -- return(in != NULL); -- } -+ if (x == NULL) -+ return (0); -+ in = x->revocationDate; -+ if (in != tm) { -+ in = M_ASN1_TIME_dup(tm); -+ if (in != NULL) { -+ M_ASN1_TIME_free(x->revocationDate); -+ x->revocationDate = in; -+ } -+ } -+ return (in != NULL); -+} - - int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) -- { -- ASN1_INTEGER *in; -+{ -+ ASN1_INTEGER *in; - -- if (x == NULL) return(0); -- in=x->serialNumber; -- if (in != serial) -- { -- in=M_ASN1_INTEGER_dup(serial); -- if (in != NULL) -- { -- M_ASN1_INTEGER_free(x->serialNumber); -- x->serialNumber=in; -- } -- } -- return(in != NULL); -- } -+ if (x == NULL) -+ return (0); -+ in = x->serialNumber; -+ if (in != serial) { -+ in = M_ASN1_INTEGER_dup(serial); -+ if (in != NULL) { -+ M_ASN1_INTEGER_free(x->serialNumber); -+ x->serialNumber = in; -+ } -+ } -+ return (in != NULL); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c -index 068abfe..4e7b64f 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509name.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509name.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,319 +65,333 @@ - #include - - int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) -- { -- ASN1_OBJECT *obj; -+{ -+ ASN1_OBJECT *obj; - -- obj=OBJ_nid2obj(nid); -- if (obj == NULL) return(-1); -- return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); -- } -+ obj = OBJ_nid2obj(nid); -+ if (obj == NULL) -+ return (-1); -+ return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); -+} - - int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, -- int len) -- { -- int i; -- ASN1_STRING *data; -- -- i=X509_NAME_get_index_by_OBJ(name,obj,-1); -- if (i < 0) return(-1); -- data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i)); -- i=(data->length > (len-1))?(len-1):data->length; -- if (buf == NULL) return(data->length); -- memcpy(buf,data->data,i); -- buf[i]='\0'; -- return(i); -- } -+ int len) -+{ -+ int i; -+ ASN1_STRING *data; -+ -+ i = X509_NAME_get_index_by_OBJ(name, obj, -1); -+ if (i < 0) -+ return (-1); -+ data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); -+ i = (data->length > (len - 1)) ? (len - 1) : data->length; -+ if (buf == NULL) -+ return (data->length); -+ memcpy(buf, data->data, i); -+ buf[i] = '\0'; -+ return (i); -+} - - int X509_NAME_entry_count(X509_NAME *name) -- { -- if (name == NULL) return(0); -- return(sk_X509_NAME_ENTRY_num(name->entries)); -- } -+{ -+ if (name == NULL) -+ return (0); -+ return (sk_X509_NAME_ENTRY_num(name->entries)); -+} - - int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) -- { -- ASN1_OBJECT *obj; -+{ -+ ASN1_OBJECT *obj; - -- obj=OBJ_nid2obj(nid); -- if (obj == NULL) return(-2); -- return(X509_NAME_get_index_by_OBJ(name,obj,lastpos)); -- } -+ obj = OBJ_nid2obj(nid); -+ if (obj == NULL) -+ return (-2); -+ return (X509_NAME_get_index_by_OBJ(name, obj, lastpos)); -+} - - /* NOTE: you should be passsing -1, not 0 as lastpos */ --int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, -- int lastpos) -- { -- int n; -- X509_NAME_ENTRY *ne; -- STACK_OF(X509_NAME_ENTRY) *sk; -- -- if (name == NULL) return(-1); -- if (lastpos < 0) -- lastpos= -1; -- sk=name->entries; -- n=sk_X509_NAME_ENTRY_num(sk); -- for (lastpos++; lastpos < n; lastpos++) -- { -- ne=sk_X509_NAME_ENTRY_value(sk,lastpos); -- if (OBJ_cmp(ne->object,obj) == 0) -- return(lastpos); -- } -- return(-1); -- } -+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos) -+{ -+ int n; -+ X509_NAME_ENTRY *ne; -+ STACK_OF(X509_NAME_ENTRY) *sk; -+ -+ if (name == NULL) -+ return (-1); -+ if (lastpos < 0) -+ lastpos = -1; -+ sk = name->entries; -+ n = sk_X509_NAME_ENTRY_num(sk); -+ for (lastpos++; lastpos < n; lastpos++) { -+ ne = sk_X509_NAME_ENTRY_value(sk, lastpos); -+ if (OBJ_cmp(ne->object, obj) == 0) -+ return (lastpos); -+ } -+ return (-1); -+} - - X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) -- { -- if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc -- || loc < 0) -- return(NULL); -- else -- return(sk_X509_NAME_ENTRY_value(name->entries,loc)); -- } -+{ -+ if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc -+ || loc < 0) -+ return (NULL); -+ else -+ return (sk_X509_NAME_ENTRY_value(name->entries, loc)); -+} - - X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) -- { -- X509_NAME_ENTRY *ret; -- int i,n,set_prev,set_next; -- STACK_OF(X509_NAME_ENTRY) *sk; -- -- if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc -- || loc < 0) -- return(NULL); -- sk=name->entries; -- ret=sk_X509_NAME_ENTRY_delete(sk,loc); -- n=sk_X509_NAME_ENTRY_num(sk); -- name->modified=1; -- if (loc == n) return(ret); -- -- /* else we need to fixup the set field */ -- if (loc != 0) -- set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set; -- else -- set_prev=ret->set-1; -- set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set; -- -- /* set_prev is the previous set -- * set is the current set -- * set_next is the following -- * prev 1 1 1 1 1 1 1 1 -- * set 1 1 2 2 -- * next 1 1 2 2 2 2 3 2 -- * so basically only if prev and next differ by 2, then -- * re-number down by 1 */ -- if (set_prev+1 < set_next) -- for (i=loc; iset--; -- return(ret); -- } -+{ -+ X509_NAME_ENTRY *ret; -+ int i, n, set_prev, set_next; -+ STACK_OF(X509_NAME_ENTRY) *sk; -+ -+ if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc -+ || loc < 0) -+ return (NULL); -+ sk = name->entries; -+ ret = sk_X509_NAME_ENTRY_delete(sk, loc); -+ n = sk_X509_NAME_ENTRY_num(sk); -+ name->modified = 1; -+ if (loc == n) -+ return (ret); -+ -+ /* else we need to fixup the set field */ -+ if (loc != 0) -+ set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set; -+ else -+ set_prev = ret->set - 1; -+ set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set; -+ -+ /*- -+ * set_prev is the previous set -+ * set is the current set -+ * set_next is the following -+ * prev 1 1 1 1 1 1 1 1 -+ * set 1 1 2 2 -+ * next 1 1 2 2 2 2 3 2 -+ * so basically only if prev and next differ by 2, then -+ * re-number down by 1 -+ */ -+ if (set_prev + 1 < set_next) -+ for (i = loc; i < n; i++) -+ sk_X509_NAME_ENTRY_value(sk, i)->set--; -+ return (ret); -+} - - int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, -- unsigned char *bytes, int len, int loc, int set) -+ unsigned char *bytes, int len, int loc, -+ int set) - { -- X509_NAME_ENTRY *ne; -- int ret; -- ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); -- if(!ne) return 0; -- ret = X509_NAME_add_entry(name, ne, loc, set); -- X509_NAME_ENTRY_free(ne); -- return ret; -+ X509_NAME_ENTRY *ne; -+ int ret; -+ ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); -+ if (!ne) -+ return 0; -+ ret = X509_NAME_add_entry(name, ne, loc, set); -+ X509_NAME_ENTRY_free(ne); -+ return ret; - } - - int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, -- unsigned char *bytes, int len, int loc, int set) -+ unsigned char *bytes, int len, int loc, -+ int set) - { -- X509_NAME_ENTRY *ne; -- int ret; -- ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); -- if(!ne) return 0; -- ret = X509_NAME_add_entry(name, ne, loc, set); -- X509_NAME_ENTRY_free(ne); -- return ret; -+ X509_NAME_ENTRY *ne; -+ int ret; -+ ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); -+ if (!ne) -+ return 0; -+ ret = X509_NAME_add_entry(name, ne, loc, set); -+ X509_NAME_ENTRY_free(ne); -+ return ret; - } - - int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, -- const unsigned char *bytes, int len, int loc, int set) -+ const unsigned char *bytes, int len, int loc, -+ int set) - { -- X509_NAME_ENTRY *ne; -- int ret; -- ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); -- if(!ne) return 0; -- ret = X509_NAME_add_entry(name, ne, loc, set); -- X509_NAME_ENTRY_free(ne); -- return ret; -+ X509_NAME_ENTRY *ne; -+ int ret; -+ ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); -+ if (!ne) -+ return 0; -+ ret = X509_NAME_add_entry(name, ne, loc, set); -+ X509_NAME_ENTRY_free(ne); -+ return ret; - } - --/* if set is -1, append to previous set, 0 'a new one', and 1, -- * prepend to the guy we are about to stomp on. */ -+/* -+ * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the -+ * guy we are about to stomp on. -+ */ - int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, -- int set) -- { -- X509_NAME_ENTRY *new_name=NULL; -- int n,i,inc; -- STACK_OF(X509_NAME_ENTRY) *sk; -- -- if (name == NULL) return(0); -- sk=name->entries; -- n=sk_X509_NAME_ENTRY_num(sk); -- if (loc > n) loc=n; -- else if (loc < 0) loc=n; -- -- name->modified=1; -- -- if (set == -1) -- { -- if (loc == 0) -- { -- set=0; -- inc=1; -- } -- else -- { -- set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set; -- inc=0; -- } -- } -- else /* if (set >= 0) */ -- { -- if (loc >= n) -- { -- if (loc != 0) -- set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1; -- else -- set=0; -- } -- else -- set=sk_X509_NAME_ENTRY_value(sk,loc)->set; -- inc=(set == 0)?1:0; -- } -- -- if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) -- goto err; -- new_name->set=set; -- if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc)) -- { -- X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (inc) -- { -- n=sk_X509_NAME_ENTRY_num(sk); -- for (i=loc+1; iset+=1; -- } -- return(1); --err: -- if (new_name != NULL) -- X509_NAME_ENTRY_free(new_name); -- return(0); -- } -+ int set) -+{ -+ X509_NAME_ENTRY *new_name = NULL; -+ int n, i, inc; -+ STACK_OF(X509_NAME_ENTRY) *sk; -+ -+ if (name == NULL) -+ return (0); -+ sk = name->entries; -+ n = sk_X509_NAME_ENTRY_num(sk); -+ if (loc > n) -+ loc = n; -+ else if (loc < 0) -+ loc = n; -+ -+ name->modified = 1; -+ -+ if (set == -1) { -+ if (loc == 0) { -+ set = 0; -+ inc = 1; -+ } else { -+ set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; -+ inc = 0; -+ } -+ } else { /* if (set >= 0) */ -+ -+ if (loc >= n) { -+ if (loc != 0) -+ set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1; -+ else -+ set = 0; -+ } else -+ set = sk_X509_NAME_ENTRY_value(sk, loc)->set; -+ inc = (set == 0) ? 1 : 0; -+ } -+ -+ if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) -+ goto err; -+ new_name->set = set; -+ if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { -+ X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (inc) { -+ n = sk_X509_NAME_ENTRY_num(sk); -+ for (i = loc + 1; i < n; i++) -+ sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1; -+ } -+ return (1); -+ err: -+ if (new_name != NULL) -+ X509_NAME_ENTRY_free(new_name); -+ return (0); -+} - - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, -- const char *field, int type, const unsigned char *bytes, int len) -- { -- ASN1_OBJECT *obj; -- X509_NAME_ENTRY *nentry; -- -- obj=OBJ_txt2obj(field, 0); -- if (obj == NULL) -- { -- X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, -- X509_R_INVALID_FIELD_NAME); -- ERR_add_error_data(2, "name=", field); -- return(NULL); -- } -- nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); -- ASN1_OBJECT_free(obj); -- return nentry; -- } -+ const char *field, int type, -+ const unsigned char *bytes, -+ int len) -+{ -+ ASN1_OBJECT *obj; -+ X509_NAME_ENTRY *nentry; -+ -+ obj = OBJ_txt2obj(field, 0); -+ if (obj == NULL) { -+ X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, -+ X509_R_INVALID_FIELD_NAME); -+ ERR_add_error_data(2, "name=", field); -+ return (NULL); -+ } -+ nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); -+ ASN1_OBJECT_free(obj); -+ return nentry; -+} - - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, -- int type, unsigned char *bytes, int len) -- { -- ASN1_OBJECT *obj; -- X509_NAME_ENTRY *nentry; -- -- obj=OBJ_nid2obj(nid); -- if (obj == NULL) -- { -- X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); -- return(NULL); -- } -- nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); -- ASN1_OBJECT_free(obj); -- return nentry; -- } -+ int type, unsigned char *bytes, -+ int len) -+{ -+ ASN1_OBJECT *obj; -+ X509_NAME_ENTRY *nentry; -+ -+ obj = OBJ_nid2obj(nid); -+ if (obj == NULL) { -+ X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID); -+ return (NULL); -+ } -+ nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); -+ ASN1_OBJECT_free(obj); -+ return nentry; -+} - - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, -- ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) -- { -- X509_NAME_ENTRY *ret; -- -- if ((ne == NULL) || (*ne == NULL)) -- { -- if ((ret=X509_NAME_ENTRY_new()) == NULL) -- return(NULL); -- } -- else -- ret= *ne; -- -- if (!X509_NAME_ENTRY_set_object(ret,obj)) -- goto err; -- if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) -- goto err; -- -- if ((ne != NULL) && (*ne == NULL)) *ne=ret; -- return(ret); --err: -- if ((ne == NULL) || (ret != *ne)) -- X509_NAME_ENTRY_free(ret); -- return(NULL); -- } -+ ASN1_OBJECT *obj, int type, -+ const unsigned char *bytes, -+ int len) -+{ -+ X509_NAME_ENTRY *ret; -+ -+ if ((ne == NULL) || (*ne == NULL)) { -+ if ((ret = X509_NAME_ENTRY_new()) == NULL) -+ return (NULL); -+ } else -+ ret = *ne; -+ -+ if (!X509_NAME_ENTRY_set_object(ret, obj)) -+ goto err; -+ if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len)) -+ goto err; -+ -+ if ((ne != NULL) && (*ne == NULL)) -+ *ne = ret; -+ return (ret); -+ err: -+ if ((ne == NULL) || (ret != *ne)) -+ X509_NAME_ENTRY_free(ret); -+ return (NULL); -+} - - int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) -- { -- if ((ne == NULL) || (obj == NULL)) -- { -- X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER); -- return(0); -- } -- ASN1_OBJECT_free(ne->object); -- ne->object=OBJ_dup(obj); -- return((ne->object == NULL)?0:1); -- } -+{ -+ if ((ne == NULL) || (obj == NULL)) { -+ X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT, -+ ERR_R_PASSED_NULL_PARAMETER); -+ return (0); -+ } -+ ASN1_OBJECT_free(ne->object); -+ ne->object = OBJ_dup(obj); -+ return ((ne->object == NULL) ? 0 : 1); -+} - - int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, -- const unsigned char *bytes, int len) -- { -- int i; -- -- if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); -- if((type > 0) && (type & MBSTRING_FLAG)) -- return ASN1_STRING_set_by_NID(&ne->value, bytes, -- len, type, -- OBJ_obj2nid(ne->object)) ? 1 : 0; -- if (len < 0) len=strlen((char *)bytes); -- i=ASN1_STRING_set(ne->value,bytes,len); -- if (!i) return(0); -- if (type != V_ASN1_UNDEF) -- { -- if (type == V_ASN1_APP_CHOOSE) -- ne->value->type=ASN1_PRINTABLE_type(bytes,len); -- else -- ne->value->type=type; -- } -- return(1); -- } -+ const unsigned char *bytes, int len) -+{ -+ int i; -+ -+ if ((ne == NULL) || ((bytes == NULL) && (len != 0))) -+ return (0); -+ if ((type > 0) && (type & MBSTRING_FLAG)) -+ return ASN1_STRING_set_by_NID(&ne->value, bytes, -+ len, type, -+ OBJ_obj2nid(ne->object)) ? 1 : 0; -+ if (len < 0) -+ len = strlen((char *)bytes); -+ i = ASN1_STRING_set(ne->value, bytes, len); -+ if (!i) -+ return (0); -+ if (type != V_ASN1_UNDEF) { -+ if (type == V_ASN1_APP_CHOOSE) -+ ne->value->type = ASN1_PRINTABLE_type(bytes, len); -+ else -+ ne->value->type = type; -+ } -+ return (1); -+} - - ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) -- { -- if (ne == NULL) return(NULL); -- return(ne->object); -- } -+{ -+ if (ne == NULL) -+ return (NULL); -+ return (ne->object); -+} - - ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) -- { -- if (ne == NULL) return(NULL); -- return(ne->value); -- } -- -+{ -+ if (ne == NULL) -+ return (NULL); -+ return (ne->value); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c -index d9f6b57..80e273e 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509rset.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509rset.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -64,20 +64,22 @@ - #include - - int X509_REQ_set_version(X509_REQ *x, long version) -- { -- if (x == NULL) return(0); -- return(ASN1_INTEGER_set(x->req_info->version,version)); -- } -+{ -+ if (x == NULL) -+ return (0); -+ return (ASN1_INTEGER_set(x->req_info->version, version)); -+} - - int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) -- { -- if ((x == NULL) || (x->req_info == NULL)) return(0); -- return(X509_NAME_set(&x->req_info->subject,name)); -- } -+{ -+ if ((x == NULL) || (x->req_info == NULL)) -+ return (0); -+ return (X509_NAME_set(&x->req_info->subject, name)); -+} - - int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) -- { -- if ((x == NULL) || (x->req_info == NULL)) return(0); -- return(X509_PUBKEY_set(&x->req_info->pubkey,pkey)); -- } -- -+{ -+ if ((x == NULL) || (x->req_info == NULL)) -+ return (0); -+ return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c -index 02a203d..2df84ea 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509spki.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509spki.c -@@ -1,6 +1,7 @@ - /* x509spki.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,60 +63,61 @@ - - int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) - { -- if ((x == NULL) || (x->spkac == NULL)) return(0); -- return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey)); -+ if ((x == NULL) || (x->spkac == NULL)) -+ return (0); -+ return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey)); - } - - EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) - { -- if ((x == NULL) || (x->spkac == NULL)) -- return(NULL); -- return(X509_PUBKEY_get(x->spkac->pubkey)); -+ if ((x == NULL) || (x->spkac == NULL)) -+ return (NULL); -+ return (X509_PUBKEY_get(x->spkac->pubkey)); - } - - /* Load a Netscape SPKI from a base64 encoded string */ - --NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) -+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len) - { -- unsigned char *spki_der; -- const unsigned char *p; -- int spki_len; -- NETSCAPE_SPKI *spki; -- if(len <= 0) len = strlen(str); -- if (!(spki_der = OPENSSL_malloc(len + 1))) { -- X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); -- if(spki_len < 0) { -- X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, -- X509_R_BASE64_DECODE_ERROR); -- OPENSSL_free(spki_der); -- return NULL; -- } -- p = spki_der; -- spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); -- OPENSSL_free(spki_der); -- return spki; -+ unsigned char *spki_der; -+ const unsigned char *p; -+ int spki_len; -+ NETSCAPE_SPKI *spki; -+ if (len <= 0) -+ len = strlen(str); -+ if (!(spki_der = OPENSSL_malloc(len + 1))) { -+ X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); -+ if (spki_len < 0) { -+ X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR); -+ OPENSSL_free(spki_der); -+ return NULL; -+ } -+ p = spki_der; -+ spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); -+ OPENSSL_free(spki_der); -+ return spki; - } - - /* Generate a base64 encoded string from an SPKI */ - --char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) -+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) - { -- unsigned char *der_spki, *p; -- char *b64_str; -- int der_len; -- der_len = i2d_NETSCAPE_SPKI(spki, NULL); -- der_spki = OPENSSL_malloc(der_len); -- b64_str = OPENSSL_malloc(der_len * 2); -- if(!der_spki || !b64_str) { -- X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- p = der_spki; -- i2d_NETSCAPE_SPKI(spki, &p); -- EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); -- OPENSSL_free(der_spki); -- return b64_str; -+ unsigned char *der_spki, *p; -+ char *b64_str; -+ int der_len; -+ der_len = i2d_NETSCAPE_SPKI(spki, NULL); -+ der_spki = OPENSSL_malloc(der_len); -+ b64_str = OPENSSL_malloc(der_len * 2); -+ if (!der_spki || !b64_str) { -+ X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ p = der_spki; -+ i2d_NETSCAPE_SPKI(spki, &p); -+ EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); -+ OPENSSL_free(der_spki); -+ return b64_str; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c -index 2cd994c..eb177fc 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x509type.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x509type.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -63,59 +63,59 @@ - #include - - int X509_certificate_type(X509 *x, EVP_PKEY *pkey) -- { -- EVP_PKEY *pk; -- int ret=0,i; -- -- if (x == NULL) return(0); -+{ -+ EVP_PKEY *pk; -+ int ret = 0, i; - -- if (pkey == NULL) -- pk=X509_get_pubkey(x); -- else -- pk=pkey; -+ if (x == NULL) -+ return (0); - -- if (pk == NULL) return(0); -+ if (pkey == NULL) -+ pk = X509_get_pubkey(x); -+ else -+ pk = pkey; - -- switch (pk->type) -- { -- case EVP_PKEY_RSA: -- ret=EVP_PK_RSA|EVP_PKT_SIGN; --/* if (!sign only extension) */ -- ret|=EVP_PKT_ENC; -- break; -- case EVP_PKEY_DSA: -- ret=EVP_PK_DSA|EVP_PKT_SIGN; -- break; -- case EVP_PKEY_EC: -- ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH; -- break; -- case EVP_PKEY_DH: -- ret=EVP_PK_DH|EVP_PKT_EXCH; -- break; -- default: -- break; -- } -+ if (pk == NULL) -+ return (0); - -- i=X509_get_signature_type(x); -- switch (i) -- { -- case EVP_PKEY_RSA: -- ret|=EVP_PKS_RSA; -- break; -- case EVP_PKEY_DSA: -- ret|=EVP_PKS_DSA; -- break; -- case EVP_PKEY_EC: -- ret|=EVP_PKS_EC; -- break; -- default: -- break; -- } -+ switch (pk->type) { -+ case EVP_PKEY_RSA: -+ ret = EVP_PK_RSA | EVP_PKT_SIGN; -+/* if (!sign only extension) */ -+ ret |= EVP_PKT_ENC; -+ break; -+ case EVP_PKEY_DSA: -+ ret = EVP_PK_DSA | EVP_PKT_SIGN; -+ break; -+ case EVP_PKEY_EC: -+ ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH; -+ break; -+ case EVP_PKEY_DH: -+ ret = EVP_PK_DH | EVP_PKT_EXCH; -+ break; -+ default: -+ break; -+ } - -- if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look -- for, not bytes */ -- ret|=EVP_PKT_EXP; -- if(pkey==NULL) EVP_PKEY_free(pk); -- return(ret); -- } -+ i = X509_get_signature_type(x); -+ switch (i) { -+ case EVP_PKEY_RSA: -+ ret |= EVP_PKS_RSA; -+ break; -+ case EVP_PKEY_DSA: -+ ret |= EVP_PKS_DSA; -+ break; -+ case EVP_PKEY_EC: -+ ret |= EVP_PKS_EC; -+ break; -+ default: -+ break; -+ } - -+ /* /8 because it's 1024 bits we look for, not bytes */ -+ if (EVP_PKEY_size(pk) <= 1024 / 8) -+ ret |= EVP_PKT_EXP; -+ if (pkey == NULL) -+ EVP_PKEY_free(pk); -+ return (ret); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c -index c7b07f7..3140cea 100644 ---- a/Cryptlib/OpenSSL/crypto/x509/x_all.c -+++ b/Cryptlib/OpenSSL/crypto/x509/x_all.c -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -65,459 +65,464 @@ - #include - #include - #ifndef OPENSSL_NO_RSA --#include -+# include - #endif - #ifndef OPENSSL_NO_DSA --#include -+# include - #endif - - int X509_verify(X509 *a, EVP_PKEY *r) -- { -- return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, -- a->signature,a->cert_info,r)); -- } -+{ -+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) -+ return 0; -+ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg, -+ a->signature, a->cert_info, r)); -+} - - int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) -- { -- return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), -- a->sig_alg,a->signature,a->req_info,r)); -- } -+{ -+ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), -+ a->sig_alg, a->signature, a->req_info, r)); -+} - - int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) -- { -- return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), -- a->sig_alg, a->signature,a->crl,r)); -- } -+{ -+ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), -+ a->sig_alg, a->signature, a->crl, r)); -+} - - int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) -- { -- return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), -- a->sig_algor,a->signature,a->spkac,r)); -- } -+{ -+ return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), -+ a->sig_algor, a->signature, a->spkac, r)); -+} - - int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) -- { -- x->cert_info->enc.modified = 1; -- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, -- x->sig_alg, x->signature, x->cert_info,pkey,md)); -- } -+{ -+ x->cert_info->enc.modified = 1; -+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, -+ x->sig_alg, x->signature, x->cert_info, pkey, md)); -+} - - int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) -- { -- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL, -- x->signature, x->req_info,pkey,md)); -- } -+{ -+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL, -+ x->signature, x->req_info, pkey, md)); -+} - - int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) -- { -- x->crl->enc.modified = 1; -- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, -- x->sig_alg, x->signature, x->crl,pkey,md)); -- } -+{ -+ x->crl->enc.modified = 1; -+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg, -+ x->sig_alg, x->signature, x->crl, pkey, md)); -+} - - int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) -- { -- return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL, -- x->signature, x->spkac,pkey,md)); -- } -+{ -+ return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL, -+ x->signature, x->spkac, pkey, md)); -+} - - #ifndef OPENSSL_NO_FP_API - X509 *d2i_X509_fp(FILE *fp, X509 **x509) -- { -- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); -- } -+{ -+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); -+} - - int i2d_X509_fp(FILE *fp, X509 *x509) -- { -- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); -- } -+{ -+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); -+} - #endif - - X509 *d2i_X509_bio(BIO *bp, X509 **x509) -- { -- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); -- } -+{ -+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); -+} - - int i2d_X509_bio(BIO *bp, X509 *x509) -- { -- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); -- } -+{ -+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); -+} - - #ifndef OPENSSL_NO_FP_API - X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) -- { -- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); -- } -+{ -+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); -+} - - int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) -- { -- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); -- } -+{ -+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); -+} - #endif - - X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) -- { -- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); -- } -+{ -+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); -+} - - int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) -- { -- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); -- } -+{ -+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); -+} - - #ifndef OPENSSL_NO_FP_API - PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) -- { -- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); -- } -+{ -+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); -+} - - int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) -- { -- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); -- } -+{ -+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); -+} - #endif - - PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) -- { -- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); -- } -+{ -+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); -+} - - int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) -- { -- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); -- } -+{ -+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); -+} - - #ifndef OPENSSL_NO_FP_API - X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) -- { -- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); -- } -+{ -+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); -+} - - int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) -- { -- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); -- } -+{ -+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); -+} - #endif - - X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) -- { -- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); -- } -+{ -+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); -+} - - int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) -- { -- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); -- } -+{ -+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); -+} - - #ifndef OPENSSL_NO_RSA - --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) -- { -- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); -- } -+{ -+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); -+} - - int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) -- { -- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); -- } -+{ -+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); -+} - - RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) -- { -- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); -- } -- -+{ -+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); -+} - - RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) -- { -- return ASN1_d2i_fp((void *(*)(void)) -- RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp, -- (void **)rsa); -- } -+{ -+ return ASN1_d2i_fp((void *(*)(void)) -+ RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp, -+ (void **)rsa); -+} - - int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) -- { -- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); -- } -+{ -+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); -+} - - int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) -- { -- return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa); -- } --#endif -+{ -+ return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); -+} -+# endif - - RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) -- { -- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); -- } -+{ -+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); -+} - - int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) -- { -- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); -- } -+{ -+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); -+} - - RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) -- { -- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); -- } -- -+{ -+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); -+} - - RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) -- { -- return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa); -- } -+{ -+ return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); -+} - - int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) -- { -- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); -- } -+{ -+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); -+} - - int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) -- { -- return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa); -- } -+{ -+ return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); -+} - #endif - - #ifndef OPENSSL_NO_DSA --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) -- { -- return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa); -- } -+{ -+ return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); -+} - - int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) -- { -- return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa); -- } -+{ -+ return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa); -+} - - DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) -- { -- return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa); -- } -+{ -+ return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); -+} - - int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) -- { -- return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa); -- } --#endif -+{ -+ return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); -+} -+# endif - - DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) -- { -- return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa --); -- } -+{ -+ return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa); -+} - - int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) -- { -- return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa); -- } -+{ -+ return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa); -+} - - DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) -- { -- return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa); -- } -+{ -+ return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); -+} - - int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) -- { -- return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa); -- } -+{ -+ return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); -+} - - #endif - - #ifndef OPENSSL_NO_EC --#ifndef OPENSSL_NO_FP_API -+# ifndef OPENSSL_NO_FP_API - EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) -- { -- return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey); -- } -- -+{ -+ return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); -+} -+ - int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) -- { -- return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey); -- } -+{ -+ return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); -+} - - EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) -- { -- return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey); -- } -- -+{ -+ return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey); -+} -+ - int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) -- { -- return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey); -- } --#endif -+{ -+ return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); -+} -+# endif - EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) -- { -- return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey); -- } -- -+{ -+ return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); -+} -+ - int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) -- { -- return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa); -- } -+{ -+ return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); -+} - - EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) -- { -- return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey); -- } -- -+{ -+ return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey); -+} -+ - int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) -- { -- return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey); -- } -+{ -+ return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey); -+} - #endif - -- --int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, -- unsigned int *len) -- { -- ASN1_BIT_STRING *key; -- key = X509_get0_pubkey_bitstr(data); -- if(!key) return 0; -- return EVP_Digest(key->data, key->length, md, len, type, NULL); -- } -+int X509_pubkey_digest(const X509 *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len) -+{ -+ ASN1_BIT_STRING *key; -+ key = X509_get0_pubkey_bitstr(data); -+ if (!key) -+ return 0; -+ return EVP_Digest(key->data, key->length, md, len, type, NULL); -+} - - int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, -- unsigned int *len) -- { -- return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len)); -- } -- --int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, -- unsigned int *len) -- { -- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len)); -- } -- --int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, -- unsigned int *len) -- { -- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len)); -- } -- --int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, -- unsigned int *len) -- { -- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len)); -- } -- --int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, -- unsigned char *md, unsigned int *len) -- { -- return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type, -- (char *)data,md,len)); -- } -+ unsigned int *len) -+{ -+ return (ASN1_item_digest -+ (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); -+} -+ -+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len) -+{ -+ return (ASN1_item_digest -+ (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); -+} - -+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len) -+{ -+ return (ASN1_item_digest -+ (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len)); -+} -+ -+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, -+ unsigned char *md, unsigned int *len) -+{ -+ return (ASN1_item_digest -+ (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len)); -+} -+ -+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, -+ const EVP_MD *type, unsigned char *md, -+ unsigned int *len) -+{ -+ return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, -+ (char *)data, md, len)); -+} - - #ifndef OPENSSL_NO_FP_API - X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) -- { -- return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8); -- } -+{ -+ return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); -+} - - int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) -- { -- return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8); -- } -+{ -+ return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8); -+} - #endif - - X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) -- { -- return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8); -- } -+{ -+ return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8); -+} - - int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) -- { -- return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8); -- } -+{ -+ return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); -+} - - #ifndef OPENSSL_NO_FP_API - PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, -- PKCS8_PRIV_KEY_INFO **p8inf) -- { -- return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, -- d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf); -- } -+ PKCS8_PRIV_KEY_INFO **p8inf) -+{ -+ return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, -+ d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); -+} - - int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) -- { -- return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp, -- p8inf); -- } -+{ -+ return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp, -+ p8inf); -+} - - int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) -- { -- PKCS8_PRIV_KEY_INFO *p8inf; -- int ret; -- p8inf = EVP_PKEY2PKCS8(key); -- if(!p8inf) return 0; -- ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); -- PKCS8_PRIV_KEY_INFO_free(p8inf); -- return ret; -- } -+{ -+ PKCS8_PRIV_KEY_INFO *p8inf; -+ int ret; -+ p8inf = EVP_PKEY2PKCS8(key); -+ if (!p8inf) -+ return 0; -+ ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); -+ PKCS8_PRIV_KEY_INFO_free(p8inf); -+ return ret; -+} - - int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) -- { -- return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey); -- } -+{ -+ return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); -+} - - EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) - { -- return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a); -+ return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a); - } - - int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) -- { -- return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey); -- } -+{ -+ return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); -+} - - EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) - { -- return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a); -+ return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); - } - - #endif - - PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, -- PKCS8_PRIV_KEY_INFO **p8inf) -- { -- return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, -- d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf); -- } -+ PKCS8_PRIV_KEY_INFO **p8inf) -+{ -+ return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, -+ d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); -+} - - int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) -- { -- return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp, -- p8inf); -- } -+{ -+ return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp, -+ p8inf); -+} - - int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) -- { -- PKCS8_PRIV_KEY_INFO *p8inf; -- int ret; -- p8inf = EVP_PKEY2PKCS8(key); -- if(!p8inf) return 0; -- ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); -- PKCS8_PRIV_KEY_INFO_free(p8inf); -- return ret; -- } -+{ -+ PKCS8_PRIV_KEY_INFO *p8inf; -+ int ret; -+ p8inf = EVP_PKEY2PKCS8(key); -+ if (!p8inf) -+ return 0; -+ ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); -+ PKCS8_PRIV_KEY_INFO_free(p8inf); -+ return ret; -+} - - int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) -- { -- return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey); -- } -+{ -+ return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey); -+} - - EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) -- { -- return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a); -- } -+{ -+ return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a); -+} - - int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) -- { -- return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey); -- } -+{ -+ return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); -+} - - EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) -- { -- return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a); -- } -+{ -+ return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c -index 1030931..1530cc8 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c -@@ -1,6 +1,7 @@ - /* pcy_cache.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,226 +63,208 @@ - - #include "pcy_int.h" - --static int policy_data_cmp(const X509_POLICY_DATA * const *a, -- const X509_POLICY_DATA * const *b); -+static int policy_data_cmp(const X509_POLICY_DATA *const *a, -+ const X509_POLICY_DATA *const *b); - static int policy_cache_set_int(long *out, ASN1_INTEGER *value); - --/* Set cache entry according to CertificatePolicies extension. -- * Note: this destroys the passed CERTIFICATEPOLICIES structure. -+/* -+ * Set cache entry according to CertificatePolicies extension. Note: this -+ * destroys the passed CERTIFICATEPOLICIES structure. - */ - - static int policy_cache_create(X509 *x, -- CERTIFICATEPOLICIES *policies, int crit) -- { -- int i; -- int ret = 0; -- X509_POLICY_CACHE *cache = x->policy_cache; -- X509_POLICY_DATA *data = NULL; -- POLICYINFO *policy; -- if (sk_POLICYINFO_num(policies) == 0) -- goto bad_policy; -- cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); -- if (!cache->data) -- goto bad_policy; -- for (i = 0; i < sk_POLICYINFO_num(policies); i++) -- { -- policy = sk_POLICYINFO_value(policies, i); -- data = policy_data_new(policy, NULL, crit); -- if (!data) -- goto bad_policy; -- /* Duplicate policy OIDs are illegal: reject if matches -- * found. -- */ -- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) -- { -- if (cache->anyPolicy) -- { -- ret = -1; -- goto bad_policy; -- } -- cache->anyPolicy = data; -- } -- else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) -- { -- ret = -1; -- goto bad_policy; -- } -- else if (!sk_X509_POLICY_DATA_push(cache->data, data)) -- goto bad_policy; -- data = NULL; -- } -- ret = 1; -- bad_policy: -- if (ret == -1) -- x->ex_flags |= EXFLAG_INVALID_POLICY; -- if (data) -- policy_data_free(data); -- sk_POLICYINFO_pop_free(policies, POLICYINFO_free); -- if (ret <= 0) -- { -- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); -- cache->data = NULL; -- } -- return ret; -- } -+ CERTIFICATEPOLICIES *policies, int crit) -+{ -+ int i; -+ int ret = 0; -+ X509_POLICY_CACHE *cache = x->policy_cache; -+ X509_POLICY_DATA *data = NULL; -+ POLICYINFO *policy; -+ if (sk_POLICYINFO_num(policies) == 0) -+ goto bad_policy; -+ cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); -+ if (!cache->data) -+ goto bad_policy; -+ for (i = 0; i < sk_POLICYINFO_num(policies); i++) { -+ policy = sk_POLICYINFO_value(policies, i); -+ data = policy_data_new(policy, NULL, crit); -+ if (!data) -+ goto bad_policy; -+ /* -+ * Duplicate policy OIDs are illegal: reject if matches found. -+ */ -+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { -+ if (cache->anyPolicy) { -+ ret = -1; -+ goto bad_policy; -+ } -+ cache->anyPolicy = data; -+ } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) { -+ ret = -1; -+ goto bad_policy; -+ } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) -+ goto bad_policy; -+ data = NULL; -+ } -+ ret = 1; -+ bad_policy: -+ if (ret == -1) -+ x->ex_flags |= EXFLAG_INVALID_POLICY; -+ if (data) -+ policy_data_free(data); -+ sk_POLICYINFO_pop_free(policies, POLICYINFO_free); -+ if (ret <= 0) { -+ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); -+ cache->data = NULL; -+ } -+ return ret; -+} - -- - static int policy_cache_new(X509 *x) -- { -- X509_POLICY_CACHE *cache; -- ASN1_INTEGER *ext_any = NULL; -- POLICY_CONSTRAINTS *ext_pcons = NULL; -- CERTIFICATEPOLICIES *ext_cpols = NULL; -- POLICY_MAPPINGS *ext_pmaps = NULL; -- int i; -- cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); -- if (!cache) -- return 0; -- cache->anyPolicy = NULL; -- cache->data = NULL; -- cache->maps = NULL; -- cache->any_skip = -1; -- cache->explicit_skip = -1; -- cache->map_skip = -1; -+{ -+ X509_POLICY_CACHE *cache; -+ ASN1_INTEGER *ext_any = NULL; -+ POLICY_CONSTRAINTS *ext_pcons = NULL; -+ CERTIFICATEPOLICIES *ext_cpols = NULL; -+ POLICY_MAPPINGS *ext_pmaps = NULL; -+ int i; -+ cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); -+ if (!cache) -+ return 0; -+ cache->anyPolicy = NULL; -+ cache->data = NULL; -+ cache->maps = NULL; -+ cache->any_skip = -1; -+ cache->explicit_skip = -1; -+ cache->map_skip = -1; - -- x->policy_cache = cache; -+ x->policy_cache = cache; - -- /* Handle requireExplicitPolicy *first*. Need to process this -- * even if we don't have any policies. -- */ -- ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); -+ /* -+ * Handle requireExplicitPolicy *first*. Need to process this even if we -+ * don't have any policies. -+ */ -+ ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); - -- if (!ext_pcons) -- { -- if (i != -1) -- goto bad_cache; -- } -- else -- { -- if (!ext_pcons->requireExplicitPolicy -- && !ext_pcons->inhibitPolicyMapping) -- goto bad_cache; -- if (!policy_cache_set_int(&cache->explicit_skip, -- ext_pcons->requireExplicitPolicy)) -- goto bad_cache; -- if (!policy_cache_set_int(&cache->map_skip, -- ext_pcons->inhibitPolicyMapping)) -- goto bad_cache; -- } -+ if (!ext_pcons) { -+ if (i != -1) -+ goto bad_cache; -+ } else { -+ if (!ext_pcons->requireExplicitPolicy -+ && !ext_pcons->inhibitPolicyMapping) -+ goto bad_cache; -+ if (!policy_cache_set_int(&cache->explicit_skip, -+ ext_pcons->requireExplicitPolicy)) -+ goto bad_cache; -+ if (!policy_cache_set_int(&cache->map_skip, -+ ext_pcons->inhibitPolicyMapping)) -+ goto bad_cache; -+ } - -- /* Process CertificatePolicies */ -+ /* Process CertificatePolicies */ - -- ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); -- /* If no CertificatePolicies extension or problem decoding then -- * there is no point continuing because the valid policies will be -- * NULL. -- */ -- if (!ext_cpols) -- { -- /* If not absent some problem with extension */ -- if (i != -1) -- goto bad_cache; -- return 1; -- } -+ ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); -+ /* -+ * If no CertificatePolicies extension or problem decoding then there is -+ * no point continuing because the valid policies will be NULL. -+ */ -+ if (!ext_cpols) { -+ /* If not absent some problem with extension */ -+ if (i != -1) -+ goto bad_cache; -+ return 1; -+ } - -- i = policy_cache_create(x, ext_cpols, i); -+ i = policy_cache_create(x, ext_cpols, i); - -- /* NB: ext_cpols freed by policy_cache_set_policies */ -+ /* NB: ext_cpols freed by policy_cache_set_policies */ - -- if (i <= 0) -- return i; -+ if (i <= 0) -+ return i; - -- ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); -+ ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); - -- if (!ext_pmaps) -- { -- /* If not absent some problem with extension */ -- if (i != -1) -- goto bad_cache; -- } -- else -- { -- i = policy_cache_set_mapping(x, ext_pmaps); -- if (i <= 0) -- goto bad_cache; -- } -+ if (!ext_pmaps) { -+ /* If not absent some problem with extension */ -+ if (i != -1) -+ goto bad_cache; -+ } else { -+ i = policy_cache_set_mapping(x, ext_pmaps); -+ if (i <= 0) -+ goto bad_cache; -+ } - -- ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); -+ ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); - -- if (!ext_any) -- { -- if (i != -1) -- goto bad_cache; -- } -- else if (!policy_cache_set_int(&cache->any_skip, ext_any)) -- goto bad_cache; -+ if (!ext_any) { -+ if (i != -1) -+ goto bad_cache; -+ } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) -+ goto bad_cache; - -- if (0) -- { -- bad_cache: -- x->ex_flags |= EXFLAG_INVALID_POLICY; -- } -+ if (0) { -+ bad_cache: -+ x->ex_flags |= EXFLAG_INVALID_POLICY; -+ } - -- if(ext_pcons) -- POLICY_CONSTRAINTS_free(ext_pcons); -+ if (ext_pcons) -+ POLICY_CONSTRAINTS_free(ext_pcons); - -- if (ext_any) -- ASN1_INTEGER_free(ext_any); -+ if (ext_any) -+ ASN1_INTEGER_free(ext_any); - -- return 1; -+ return 1; - -- - } - - void policy_cache_free(X509_POLICY_CACHE *cache) -- { -- if (!cache) -- return; -- if (cache->anyPolicy) -- policy_data_free(cache->anyPolicy); -- if (cache->data) -- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); -- OPENSSL_free(cache); -- } -+{ -+ if (!cache) -+ return; -+ if (cache->anyPolicy) -+ policy_data_free(cache->anyPolicy); -+ if (cache->data) -+ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); -+ OPENSSL_free(cache); -+} - - const X509_POLICY_CACHE *policy_cache_set(X509 *x) -- { -+{ - -- if (x->policy_cache == NULL) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_X509); -- policy_cache_new(x); -- CRYPTO_w_unlock(CRYPTO_LOCK_X509); -- } -+ if (x->policy_cache == NULL) { -+ CRYPTO_w_lock(CRYPTO_LOCK_X509); -+ policy_cache_new(x); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509); -+ } - -- return x->policy_cache; -+ return x->policy_cache; - -- } -+} - - X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, -- const ASN1_OBJECT *id) -- { -- int idx; -- X509_POLICY_DATA tmp; -- tmp.valid_policy = (ASN1_OBJECT *)id; -- idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); -- if (idx == -1) -- return NULL; -- return sk_X509_POLICY_DATA_value(cache->data, idx); -- } -+ const ASN1_OBJECT *id) -+{ -+ int idx; -+ X509_POLICY_DATA tmp; -+ tmp.valid_policy = (ASN1_OBJECT *)id; -+ idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); -+ if (idx == -1) -+ return NULL; -+ return sk_X509_POLICY_DATA_value(cache->data, idx); -+} - --static int policy_data_cmp(const X509_POLICY_DATA * const *a, -- const X509_POLICY_DATA * const *b) -- { -- return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); -- } -+static int policy_data_cmp(const X509_POLICY_DATA *const *a, -+ const X509_POLICY_DATA *const *b) -+{ -+ return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); -+} - - static int policy_cache_set_int(long *out, ASN1_INTEGER *value) -- { -- if (value == NULL) -- return 1; -- if (value->type == V_ASN1_NEG_INTEGER) -- return 0; -- *out = ASN1_INTEGER_get(value); -- return 1; -- } -+{ -+ if (value == NULL) -+ return 1; -+ if (value->type == V_ASN1_NEG_INTEGER) -+ return 0; -+ *out = ASN1_INTEGER_get(value); -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c -index fb392b9..0a6b83b 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c -@@ -1,6 +1,7 @@ - /* pcy_data.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -65,67 +66,62 @@ - /* Policy Node routines */ - - void policy_data_free(X509_POLICY_DATA *data) -- { -- ASN1_OBJECT_free(data->valid_policy); -- /* Don't free qualifiers if shared */ -- if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) -- sk_POLICYQUALINFO_pop_free(data->qualifier_set, -- POLICYQUALINFO_free); -- sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); -- OPENSSL_free(data); -- } -+{ -+ ASN1_OBJECT_free(data->valid_policy); -+ /* Don't free qualifiers if shared */ -+ if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) -+ sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free); -+ sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); -+ OPENSSL_free(data); -+} - --/* Create a data based on an existing policy. If 'id' is NULL use the -- * oid in the policy, otherwise use 'id'. This behaviour covers the two -- * types of data in RFC3280: data with from a CertificatePolcies extension -- * and additional data with just the qualifiers of anyPolicy and ID from -- * another source. -+/* -+ * Create a data based on an existing policy. If 'id' is NULL use the oid in -+ * the policy, otherwise use 'id'. This behaviour covers the two types of -+ * data in RFC3280: data with from a CertificatePolcies extension and -+ * additional data with just the qualifiers of anyPolicy and ID from another -+ * source. - */ - --X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) -- { -- X509_POLICY_DATA *ret; -- if (!policy && !id) -- return NULL; -- if (id) -- { -- id = OBJ_dup(id); -- if (!id) -- return NULL; -- } -- ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); -- if (!ret) -- return NULL; -- ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); -- if (!ret->expected_policy_set) -- { -- OPENSSL_free(ret); -- if (id) -- ASN1_OBJECT_free(id); -- return NULL; -- } -+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, -+ int crit) -+{ -+ X509_POLICY_DATA *ret; -+ if (!policy && !id) -+ return NULL; -+ if (id) { -+ id = OBJ_dup(id); -+ if (!id) -+ return NULL; -+ } -+ ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); -+ if (!ret) -+ return NULL; -+ ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); -+ if (!ret->expected_policy_set) { -+ OPENSSL_free(ret); -+ if (id) -+ ASN1_OBJECT_free(id); -+ return NULL; -+ } - -- if (crit) -- ret->flags = POLICY_DATA_FLAG_CRITICAL; -- else -- ret->flags = 0; -+ if (crit) -+ ret->flags = POLICY_DATA_FLAG_CRITICAL; -+ else -+ ret->flags = 0; - -- if (id) -- ret->valid_policy = id; -- else -- { -- ret->valid_policy = policy->policyid; -- policy->policyid = NULL; -- } -+ if (id) -+ ret->valid_policy = id; -+ else { -+ ret->valid_policy = policy->policyid; -+ policy->policyid = NULL; -+ } - -- if (policy) -- { -- ret->qualifier_set = policy->qualifiers; -- policy->qualifiers = NULL; -- } -- else -- ret->qualifier_set = NULL; -- -- return ret; -- } -+ if (policy) { -+ ret->qualifier_set = policy->qualifiers; -+ policy->qualifiers = NULL; -+ } else -+ ret->qualifier_set = NULL; - -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c -index 93bfd92..dbb2983 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c -@@ -1,6 +1,7 @@ - /* pcy_lib.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include "cryptlib.h" - #include - #include -@@ -68,100 +68,100 @@ - /* X509_POLICY_TREE stuff */ - - int X509_policy_tree_level_count(const X509_POLICY_TREE *tree) -- { -- if (!tree) -- return 0; -- return tree->nlevel; -- } -- --X509_POLICY_LEVEL * -- X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i) -- { -- if (!tree || (i < 0) || (i >= tree->nlevel)) -- return NULL; -- return tree->levels + i; -- } -- --STACK_OF(X509_POLICY_NODE) * -- X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree) -- { -- if (!tree) -- return NULL; -- return tree->auth_policies; -- } -- --STACK_OF(X509_POLICY_NODE) * -- X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree) -- { -- if (!tree) -- return NULL; -- if (tree->flags & POLICY_FLAG_ANY_POLICY) -- return tree->auth_policies; -- else -- return tree->user_policies; -- } -+{ -+ if (!tree) -+ return 0; -+ return tree->nlevel; -+} -+ -+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, -+ int i) -+{ -+ if (!tree || (i < 0) || (i >= tree->nlevel)) -+ return NULL; -+ return tree->levels + i; -+} -+ -+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const -+ X509_POLICY_TREE -+ *tree) -+{ -+ if (!tree) -+ return NULL; -+ return tree->auth_policies; -+} -+ -+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const -+ X509_POLICY_TREE -+ *tree) -+{ -+ if (!tree) -+ return NULL; -+ if (tree->flags & POLICY_FLAG_ANY_POLICY) -+ return tree->auth_policies; -+ else -+ return tree->user_policies; -+} - - /* X509_POLICY_LEVEL stuff */ - - int X509_policy_level_node_count(X509_POLICY_LEVEL *level) -- { -- int n; -- if (!level) -- return 0; -- if (level->anyPolicy) -- n = 1; -- else -- n = 0; -- if (level->nodes) -- n += sk_X509_POLICY_NODE_num(level->nodes); -- return n; -- } -+{ -+ int n; -+ if (!level) -+ return 0; -+ if (level->anyPolicy) -+ n = 1; -+ else -+ n = 0; -+ if (level->nodes) -+ n += sk_X509_POLICY_NODE_num(level->nodes); -+ return n; -+} - - X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i) -- { -- if (!level) -- return NULL; -- if (level->anyPolicy) -- { -- if (i == 0) -- return level->anyPolicy; -- i--; -- } -- return sk_X509_POLICY_NODE_value(level->nodes, i); -- } -+{ -+ if (!level) -+ return NULL; -+ if (level->anyPolicy) { -+ if (i == 0) -+ return level->anyPolicy; -+ i--; -+ } -+ return sk_X509_POLICY_NODE_value(level->nodes, i); -+} - - /* X509_POLICY_NODE stuff */ - - const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) -- { -- if (!node) -- return NULL; -- return node->data->valid_policy; -- } -+{ -+ if (!node) -+ return NULL; -+ return node->data->valid_policy; -+} - - #if 0 - int X509_policy_node_get_critical(const X509_POLICY_NODE *node) -- { -- if (node_critical(node)) -- return 1; -- return 0; -- } -+{ -+ if (node_critical(node)) -+ return 1; -+ return 0; -+} - #endif - --STACK_OF(POLICYQUALINFO) * -- X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) -- { -- if (!node) -- return NULL; -- return node->data->qualifier_set; -- } -- --const X509_POLICY_NODE * -- X509_policy_node_get0_parent(const X509_POLICY_NODE *node) -- { -- if (!node) -- return NULL; -- return node->parent; -- } -- -- -+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const -+ X509_POLICY_NODE -+ *node) -+{ -+ if (!node) -+ return NULL; -+ return node->data->qualifier_set; -+} -+ -+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE -+ *node) -+{ -+ if (!node) -+ return NULL; -+ return node->parent; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c -index acd2ede..0067c3d 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c -@@ -1,6 +1,7 @@ - /* pcy_map.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -63,126 +64,122 @@ - #include "pcy_int.h" - - static int ref_cmp(const X509_POLICY_REF * const *a, -- const X509_POLICY_REF * const *b) -- { -- return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); -- } -- --static void policy_map_free(X509_POLICY_REF *map) -- { -- OPENSSL_free(map); -- } -- --static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id) -- { -- X509_POLICY_REF tmp; -- int idx; -- tmp.subjectDomainPolicy = id; -- -- idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); -- if (idx == -1) -- return NULL; -- return sk_X509_POLICY_REF_value(cache->maps, idx); -- } -- --/* Set policy mapping entries in cache. -- * Note: this modifies the passed POLICY_MAPPINGS structure -+ const X509_POLICY_REF * const *b) -+{ -+ return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); -+} -+ -+static void policy_map_free(X509_POLICY_REF * map) -+{ -+ OPENSSL_free(map); -+} -+ -+static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, -+ ASN1_OBJECT *id) -+{ -+ X509_POLICY_REF tmp; -+ int idx; -+ tmp.subjectDomainPolicy = id; -+ -+ idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); -+ if (idx == -1) -+ return NULL; -+ return sk_X509_POLICY_REF_value(cache->maps, idx); -+} -+ -+/* -+ * Set policy mapping entries in cache. Note: this modifies the passed -+ * POLICY_MAPPINGS structure - */ - - int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) -- { -- POLICY_MAPPING *map; -- X509_POLICY_REF *ref = NULL; -- ASN1_OBJECT *subjectDomainPolicyRef; -- X509_POLICY_DATA *data; -- X509_POLICY_CACHE *cache = x->policy_cache; -- int i; -- int ret = 0; -- if (sk_POLICY_MAPPING_num(maps) == 0) -- { -- ret = -1; -- goto bad_mapping; -- } -- cache->maps = sk_X509_POLICY_REF_new(ref_cmp); -- for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) -- { -- map = sk_POLICY_MAPPING_value(maps, i); -- /* Reject if map to or from anyPolicy */ -- if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) -- || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) -- { -- ret = -1; -- goto bad_mapping; -- } -- -- /* If we've already mapped from this OID bad mapping */ -- if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) -- { -- ret = -1; -- goto bad_mapping; -- } -- -- /* Attempt to find matching policy data */ -- data = policy_cache_find_data(cache, map->issuerDomainPolicy); -- /* If we don't have anyPolicy can't map */ -- if (!data && !cache->anyPolicy) -- continue; -- -- /* Create a NODE from anyPolicy */ -- if (!data) -- { -- data = policy_data_new(NULL, map->issuerDomainPolicy, -- cache->anyPolicy->flags -- & POLICY_DATA_FLAG_CRITICAL); -- if (!data) -- goto bad_mapping; -- data->qualifier_set = cache->anyPolicy->qualifier_set; -- map->issuerDomainPolicy = NULL; -- data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; -- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -- if (!sk_X509_POLICY_DATA_push(cache->data, data)) -- { -- policy_data_free(data); -- goto bad_mapping; -- } -- } -- else -- data->flags |= POLICY_DATA_FLAG_MAPPED; -- -- if (!sk_ASN1_OBJECT_push(data->expected_policy_set, -- map->subjectDomainPolicy)) -- goto bad_mapping; -- /* map->subjectDomainPolicy will be freed when -- * cache->data is freed. Set it to NULL to avoid double-free. */ -- subjectDomainPolicyRef = map->subjectDomainPolicy; -- map->subjectDomainPolicy = NULL; -- -- ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); -- if (!ref) -- goto bad_mapping; -- -- ref->subjectDomainPolicy = subjectDomainPolicyRef; -- ref->data = data; -- -- if (!sk_X509_POLICY_REF_push(cache->maps, ref)) -- goto bad_mapping; -- -- ref = NULL; -- -- } -- -- ret = 1; -- bad_mapping: -- if (ret == -1) -- x->ex_flags |= EXFLAG_INVALID_POLICY; -- if (ref) -- policy_map_free(ref); -- if (ret <= 0) -- { -- sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); -- cache->maps = NULL; -- } -- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); -- return ret; -- -- } -+{ -+ POLICY_MAPPING *map; -+ X509_POLICY_REF *ref = NULL; -+ ASN1_OBJECT *subjectDomainPolicyRef; -+ X509_POLICY_DATA *data; -+ X509_POLICY_CACHE *cache = x->policy_cache; -+ int i; -+ int ret = 0; -+ if (sk_POLICY_MAPPING_num(maps) == 0) { -+ ret = -1; -+ goto bad_mapping; -+ } -+ cache->maps = sk_X509_POLICY_REF_new(ref_cmp); -+ for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) { -+ map = sk_POLICY_MAPPING_value(maps, i); -+ /* Reject if map to or from anyPolicy */ -+ if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) -+ || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) { -+ ret = -1; -+ goto bad_mapping; -+ } -+ -+ /* If we've already mapped from this OID bad mapping */ -+ if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) { -+ ret = -1; -+ goto bad_mapping; -+ } -+ -+ /* Attempt to find matching policy data */ -+ data = policy_cache_find_data(cache, map->issuerDomainPolicy); -+ /* If we don't have anyPolicy can't map */ -+ if (!data && !cache->anyPolicy) -+ continue; -+ -+ /* Create a NODE from anyPolicy */ -+ if (!data) { -+ data = policy_data_new(NULL, map->issuerDomainPolicy, -+ cache->anyPolicy->flags -+ & POLICY_DATA_FLAG_CRITICAL); -+ if (!data) -+ goto bad_mapping; -+ data->qualifier_set = cache->anyPolicy->qualifier_set; -+ map->issuerDomainPolicy = NULL; -+ data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; -+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -+ if (!sk_X509_POLICY_DATA_push(cache->data, data)) { -+ policy_data_free(data); -+ goto bad_mapping; -+ } -+ } else -+ data->flags |= POLICY_DATA_FLAG_MAPPED; -+ -+ if (!sk_ASN1_OBJECT_push(data->expected_policy_set, -+ map->subjectDomainPolicy)) -+ goto bad_mapping; -+ /* -+ * map->subjectDomainPolicy will be freed when cache->data is freed. -+ * Set it to NULL to avoid double-free. -+ */ -+ subjectDomainPolicyRef = map->subjectDomainPolicy; -+ map->subjectDomainPolicy = NULL; -+ -+ ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); -+ if (!ref) -+ goto bad_mapping; -+ -+ ref->subjectDomainPolicy = subjectDomainPolicyRef; -+ ref->data = data; -+ -+ if (!sk_X509_POLICY_REF_push(cache->maps, ref)) -+ goto bad_mapping; -+ -+ ref = NULL; -+ -+ } -+ -+ ret = 1; -+ bad_mapping: -+ if (ret == -1) -+ x->ex_flags |= EXFLAG_INVALID_POLICY; -+ if (ref) -+ policy_map_free(ref); -+ if (ret <= 0) { -+ sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); -+ cache->maps = NULL; -+ } -+ sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); -+ return ret; -+ -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c -index 6587cb0..438b49b 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c -@@ -1,6 +1,7 @@ - /* pcy_node.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,97 +63,90 @@ - - #include "pcy_int.h" - --static int node_cmp(const X509_POLICY_NODE * const *a, -- const X509_POLICY_NODE * const *b) -- { -- return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); -- } -+static int node_cmp(const X509_POLICY_NODE *const *a, -+ const X509_POLICY_NODE *const *b) -+{ -+ return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); -+} - - STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void) -- { -- return sk_X509_POLICY_NODE_new(node_cmp); -- } -+{ -+ return sk_X509_POLICY_NODE_new(node_cmp); -+} - - X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, -- const ASN1_OBJECT *id) -- { -- X509_POLICY_DATA n; -- X509_POLICY_NODE l; -- int idx; -+ const ASN1_OBJECT *id) -+{ -+ X509_POLICY_DATA n; -+ X509_POLICY_NODE l; -+ int idx; - -- n.valid_policy = (ASN1_OBJECT *)id; -- l.data = &n; -+ n.valid_policy = (ASN1_OBJECT *)id; -+ l.data = &n; - -- idx = sk_X509_POLICY_NODE_find(nodes, &l); -- if (idx == -1) -- return NULL; -+ idx = sk_X509_POLICY_NODE_find(nodes, &l); -+ if (idx == -1) -+ return NULL; - -- return sk_X509_POLICY_NODE_value(nodes, idx); -+ return sk_X509_POLICY_NODE_value(nodes, idx); - -- } -+} - - X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, -- const ASN1_OBJECT *id) -- { -- return tree_find_sk(level->nodes, id); -- } -+ const ASN1_OBJECT *id) -+{ -+ return tree_find_sk(level->nodes, id); -+} - - X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, -- X509_POLICY_DATA *data, -- X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree) -- { -- X509_POLICY_NODE *node; -- node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); -- if (!node) -- return NULL; -- node->data = data; -- node->parent = parent; -- node->nchild = 0; -- if (level) -- { -- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) -- { -- if (level->anyPolicy) -- goto node_error; -- level->anyPolicy = node; -- } -- else -- { -- -- if (!level->nodes) -- level->nodes = policy_node_cmp_new(); -- if (!level->nodes) -- goto node_error; -- if (!sk_X509_POLICY_NODE_push(level->nodes, node)) -- goto node_error; -- } -- } -- -- if (tree) -- { -- if (!tree->extra_data) -- tree->extra_data = sk_X509_POLICY_DATA_new_null(); -- if (!tree->extra_data) -- goto node_error; -- if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) -- goto node_error; -- } -- -- if (parent) -- parent->nchild++; -- -- return node; -- -- node_error: -- policy_node_free(node); -- return 0; -- -- } -+ X509_POLICY_DATA *data, -+ X509_POLICY_NODE *parent, -+ X509_POLICY_TREE *tree) -+{ -+ X509_POLICY_NODE *node; -+ node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); -+ if (!node) -+ return NULL; -+ node->data = data; -+ node->parent = parent; -+ node->nchild = 0; -+ if (level) { -+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { -+ if (level->anyPolicy) -+ goto node_error; -+ level->anyPolicy = node; -+ } else { -+ -+ if (!level->nodes) -+ level->nodes = policy_node_cmp_new(); -+ if (!level->nodes) -+ goto node_error; -+ if (!sk_X509_POLICY_NODE_push(level->nodes, node)) -+ goto node_error; -+ } -+ } -+ -+ if (tree) { -+ if (!tree->extra_data) -+ tree->extra_data = sk_X509_POLICY_DATA_new_null(); -+ if (!tree->extra_data) -+ goto node_error; -+ if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) -+ goto node_error; -+ } -+ -+ if (parent) -+ parent->nchild++; -+ -+ return node; -+ -+ node_error: -+ policy_node_free(node); -+ return 0; -+ -+} - - void policy_node_free(X509_POLICY_NODE *node) -- { -- OPENSSL_free(node); -- } -- -- -+{ -+ OPENSSL_free(node); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c -index 92ad0a2..9e506e9 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c -@@ -1,6 +1,7 @@ - /* pcy_tree.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2004. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2004. - */ - /* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,7 +63,8 @@ - - #include "pcy_int.h" - --/* Initialize policy tree. Return values: -+/*- -+ * Initialize policy tree. Return values: - * 0 Some internal error occured. - * -1 Inconsistent or invalid extensions in certificates. - * 1 Tree initialized OK. -@@ -72,626 +74,592 @@ - */ - - static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, -- unsigned int flags) -- { -- X509_POLICY_TREE *tree; -- X509_POLICY_LEVEL *level; -- const X509_POLICY_CACHE *cache; -- X509_POLICY_DATA *data = NULL; -- X509 *x; -- int ret = 1; -- int i, n; -- int explicit_policy; -- int any_skip; -- int map_skip; -- *ptree = NULL; -- n = sk_X509_num(certs); -- -- /* Disable policy mapping for now... */ -- flags |= X509_V_FLAG_INHIBIT_MAP; -- -- if (flags & X509_V_FLAG_EXPLICIT_POLICY) -- explicit_policy = 0; -- else -- explicit_policy = n + 1; -- -- if (flags & X509_V_FLAG_INHIBIT_ANY) -- any_skip = 0; -- else -- any_skip = n + 1; -- -- if (flags & X509_V_FLAG_INHIBIT_MAP) -- map_skip = 0; -- else -- map_skip = n + 1; -- -- /* Can't do anything with just a trust anchor */ -- if (n == 1) -- return 1; -- /* First setup policy cache in all certificates apart from the -- * trust anchor. Note any bad cache results on the way. Also can -- * calculate explicit_policy value at this point. -- */ -- for (i = n - 2; i >= 0; i--) -- { -- x = sk_X509_value(certs, i); -- X509_check_purpose(x, -1, -1); -- cache = policy_cache_set(x); -- /* If cache NULL something bad happened: return immediately */ -- if (cache == NULL) -- return 0; -- /* If inconsistent extensions keep a note of it but continue */ -- if (x->ex_flags & EXFLAG_INVALID_POLICY) -- ret = -1; -- /* Otherwise if we have no data (hence no CertificatePolicies) -- * and haven't already set an inconsistent code note it. -- */ -- else if ((ret == 1) && !cache->data) -- ret = 2; -- if (explicit_policy > 0) -- { -- if (!(x->ex_flags & EXFLAG_SI)) -- explicit_policy--; -- if ((cache->explicit_skip != -1) -- && (cache->explicit_skip < explicit_policy)) -- explicit_policy = cache->explicit_skip; -- } -- } -- -- if (ret != 1) -- { -- if (ret == 2 && !explicit_policy) -- return 6; -- return ret; -- } -- -- -- /* If we get this far initialize the tree */ -- -- tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); -- -- if (!tree) -- return 0; -- -- tree->flags = 0; -- tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); -- tree->nlevel = 0; -- tree->extra_data = NULL; -- tree->auth_policies = NULL; -- tree->user_policies = NULL; -- -- if (!tree->levels) -- { -- OPENSSL_free(tree); -- return 0; -- } -- -- memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); -- -- tree->nlevel = n; -- -- level = tree->levels; -- -- /* Root data: initialize to anyPolicy */ -- -- data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); -- -- if (!data || !level_add_node(level, data, NULL, tree)) -- goto bad_tree; -- -- for (i = n - 2; i >= 0; i--) -- { -- level++; -- x = sk_X509_value(certs, i); -- cache = policy_cache_set(x); -- -- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); -- level->cert = x; -- -- if (!cache->anyPolicy) -- level->flags |= X509_V_FLAG_INHIBIT_ANY; -- -- /* Determine inhibit any and inhibit map flags */ -- if (any_skip == 0) -- { -- /* Any matching allowed if certificate is self -- * issued and not the last in the chain. -- */ -- if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) -- level->flags |= X509_V_FLAG_INHIBIT_ANY; -- } -- else -- { -- if (!(x->ex_flags & EXFLAG_SI)) -- any_skip--; -- if ((cache->any_skip >= 0) -- && (cache->any_skip < any_skip)) -- any_skip = cache->any_skip; -- } -- -- if (map_skip == 0) -- level->flags |= X509_V_FLAG_INHIBIT_MAP; -- else -- { -- map_skip--; -- if ((cache->map_skip >= 0) -- && (cache->map_skip < map_skip)) -- map_skip = cache->map_skip; -- } -- -- -- } -- -- *ptree = tree; -- -- if (explicit_policy) -- return 1; -- else -- return 5; -- -- bad_tree: -- -- X509_policy_tree_free(tree); -- -- return 0; -- -- } -- --/* This corresponds to RFC3280 XXXX XXXXX: -- * link any data from CertificatePolicies onto matching parent -- * or anyPolicy if no match. -+ unsigned int flags) -+{ -+ X509_POLICY_TREE *tree; -+ X509_POLICY_LEVEL *level; -+ const X509_POLICY_CACHE *cache; -+ X509_POLICY_DATA *data = NULL; -+ X509 *x; -+ int ret = 1; -+ int i, n; -+ int explicit_policy; -+ int any_skip; -+ int map_skip; -+ *ptree = NULL; -+ n = sk_X509_num(certs); -+ -+ /* Disable policy mapping for now... */ -+ flags |= X509_V_FLAG_INHIBIT_MAP; -+ -+ if (flags & X509_V_FLAG_EXPLICIT_POLICY) -+ explicit_policy = 0; -+ else -+ explicit_policy = n + 1; -+ -+ if (flags & X509_V_FLAG_INHIBIT_ANY) -+ any_skip = 0; -+ else -+ any_skip = n + 1; -+ -+ if (flags & X509_V_FLAG_INHIBIT_MAP) -+ map_skip = 0; -+ else -+ map_skip = n + 1; -+ -+ /* Can't do anything with just a trust anchor */ -+ if (n == 1) -+ return 1; -+ /* -+ * First setup policy cache in all certificates apart from the trust -+ * anchor. Note any bad cache results on the way. Also can calculate -+ * explicit_policy value at this point. -+ */ -+ for (i = n - 2; i >= 0; i--) { -+ x = sk_X509_value(certs, i); -+ X509_check_purpose(x, -1, -1); -+ cache = policy_cache_set(x); -+ /* If cache NULL something bad happened: return immediately */ -+ if (cache == NULL) -+ return 0; -+ /* -+ * If inconsistent extensions keep a note of it but continue -+ */ -+ if (x->ex_flags & EXFLAG_INVALID_POLICY) -+ ret = -1; -+ /* -+ * Otherwise if we have no data (hence no CertificatePolicies) and -+ * haven't already set an inconsistent code note it. -+ */ -+ else if ((ret == 1) && !cache->data) -+ ret = 2; -+ if (explicit_policy > 0) { -+ if (!(x->ex_flags & EXFLAG_SI)) -+ explicit_policy--; -+ if ((cache->explicit_skip != -1) -+ && (cache->explicit_skip < explicit_policy)) -+ explicit_policy = cache->explicit_skip; -+ } -+ } -+ -+ if (ret != 1) { -+ if (ret == 2 && !explicit_policy) -+ return 6; -+ return ret; -+ } -+ -+ /* If we get this far initialize the tree */ -+ -+ tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); -+ -+ if (!tree) -+ return 0; -+ -+ tree->flags = 0; -+ tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); -+ tree->nlevel = 0; -+ tree->extra_data = NULL; -+ tree->auth_policies = NULL; -+ tree->user_policies = NULL; -+ -+ if (!tree->levels) { -+ OPENSSL_free(tree); -+ return 0; -+ } -+ -+ memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); -+ -+ tree->nlevel = n; -+ -+ level = tree->levels; -+ -+ /* Root data: initialize to anyPolicy */ -+ -+ data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); -+ -+ if (!data || !level_add_node(level, data, NULL, tree)) -+ goto bad_tree; -+ -+ for (i = n - 2; i >= 0; i--) { -+ level++; -+ x = sk_X509_value(certs, i); -+ cache = policy_cache_set(x); -+ -+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); -+ level->cert = x; -+ -+ if (!cache->anyPolicy) -+ level->flags |= X509_V_FLAG_INHIBIT_ANY; -+ -+ /* Determine inhibit any and inhibit map flags */ -+ if (any_skip == 0) { -+ /* -+ * Any matching allowed if certificate is self issued and not the -+ * last in the chain. -+ */ -+ if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) -+ level->flags |= X509_V_FLAG_INHIBIT_ANY; -+ } else { -+ if (!(x->ex_flags & EXFLAG_SI)) -+ any_skip--; -+ if ((cache->any_skip >= 0) -+ && (cache->any_skip < any_skip)) -+ any_skip = cache->any_skip; -+ } -+ -+ if (map_skip == 0) -+ level->flags |= X509_V_FLAG_INHIBIT_MAP; -+ else { -+ map_skip--; -+ if ((cache->map_skip >= 0) -+ && (cache->map_skip < map_skip)) -+ map_skip = cache->map_skip; -+ } -+ -+ } -+ -+ *ptree = tree; -+ -+ if (explicit_policy) -+ return 1; -+ else -+ return 5; -+ -+ bad_tree: -+ -+ X509_policy_tree_free(tree); -+ -+ return 0; -+ -+} -+ -+/* -+ * This corresponds to RFC3280 XXXX XXXXX: link any data from -+ * CertificatePolicies onto matching parent or anyPolicy if no match. - */ - - static int tree_link_nodes(X509_POLICY_LEVEL *curr, -- const X509_POLICY_CACHE *cache) -- { -- int i; -- X509_POLICY_LEVEL *last; -- X509_POLICY_DATA *data; -- X509_POLICY_NODE *parent; -- last = curr - 1; -- for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) -- { -- data = sk_X509_POLICY_DATA_value(cache->data, i); -- /* If a node is mapped any it doesn't have a corresponding -- * CertificatePolicies entry. -- * However such an identical node would be created -- * if anyPolicy matching is enabled because there would be -- * no match with the parent valid_policy_set. So we create -- * link because then it will have the mapping flags -- * right and we can prune it later. -- */ -- if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) -- && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) -- continue; -- /* Look for matching node in parent */ -- parent = level_find_node(last, data->valid_policy); -- /* If no match link to anyPolicy */ -- if (!parent) -- parent = last->anyPolicy; -- if (parent && !level_add_node(curr, data, parent, NULL)) -- return 0; -- } -- return 1; -- } -- --/* This corresponds to RFC3280 XXXX XXXXX: -- * Create new data for any unmatched policies in the parent and link -- * to anyPolicy. -+ const X509_POLICY_CACHE *cache) -+{ -+ int i; -+ X509_POLICY_LEVEL *last; -+ X509_POLICY_DATA *data; -+ X509_POLICY_NODE *parent; -+ last = curr - 1; -+ for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { -+ data = sk_X509_POLICY_DATA_value(cache->data, i); -+ /* -+ * If a node is mapped any it doesn't have a corresponding -+ * CertificatePolicies entry. However such an identical node would -+ * be created if anyPolicy matching is enabled because there would be -+ * no match with the parent valid_policy_set. So we create link -+ * because then it will have the mapping flags right and we can prune -+ * it later. -+ */ -+ if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) -+ && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) -+ continue; -+ /* Look for matching node in parent */ -+ parent = level_find_node(last, data->valid_policy); -+ /* If no match link to anyPolicy */ -+ if (!parent) -+ parent = last->anyPolicy; -+ if (parent && !level_add_node(curr, data, parent, NULL)) -+ return 0; -+ } -+ return 1; -+} -+ -+/* -+ * This corresponds to RFC3280 XXXX XXXXX: Create new data for any unmatched -+ * policies in the parent and link to anyPolicy. - */ - - static int tree_link_any(X509_POLICY_LEVEL *curr, -- const X509_POLICY_CACHE *cache, -- X509_POLICY_TREE *tree) -- { -- int i; -- X509_POLICY_DATA *data; -- X509_POLICY_NODE *node; -- X509_POLICY_LEVEL *last; -- -- last = curr - 1; -- -- for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) -- { -- node = sk_X509_POLICY_NODE_value(last->nodes, i); -- -- /* Skip any node with any children: we only want unmathced -- * nodes. -- * -- * Note: need something better for policy mapping -- * because each node may have multiple children -- */ -- if (node->nchild) -- continue; -- /* Create a new node with qualifiers from anyPolicy and -- * id from unmatched node. -- */ -- data = policy_data_new(NULL, node->data->valid_policy, -- node_critical(node)); -- -- if (data == NULL) -- return 0; -- /* Curr may not have anyPolicy */ -- data->qualifier_set = cache->anyPolicy->qualifier_set; -- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -- if (!level_add_node(curr, data, node, tree)) -- { -- policy_data_free(data); -- return 0; -- } -- } -- /* Finally add link to anyPolicy */ -- if (last->anyPolicy) -- { -- if (!level_add_node(curr, cache->anyPolicy, -- last->anyPolicy, NULL)) -- return 0; -- } -- return 1; -- } -- --/* Prune the tree: delete any child mapped child data on the current level -+ const X509_POLICY_CACHE *cache, -+ X509_POLICY_TREE *tree) -+{ -+ int i; -+ X509_POLICY_DATA *data; -+ X509_POLICY_NODE *node; -+ X509_POLICY_LEVEL *last; -+ -+ last = curr - 1; -+ -+ for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { -+ node = sk_X509_POLICY_NODE_value(last->nodes, i); -+ -+ /* -+ * Skip any node with any children: we only want unmathced nodes. -+ * Note: need something better for policy mapping because each node -+ * may have multiple children -+ */ -+ if (node->nchild) -+ continue; -+ /* -+ * Create a new node with qualifiers from anyPolicy and id from -+ * unmatched node. -+ */ -+ data = policy_data_new(NULL, node->data->valid_policy, -+ node_critical(node)); -+ -+ if (data == NULL) -+ return 0; -+ /* Curr may not have anyPolicy */ -+ data->qualifier_set = cache->anyPolicy->qualifier_set; -+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -+ if (!level_add_node(curr, data, node, tree)) { -+ policy_data_free(data); -+ return 0; -+ } -+ } -+ /* Finally add link to anyPolicy */ -+ if (last->anyPolicy) { -+ if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL)) -+ return 0; -+ } -+ return 1; -+} -+ -+/* -+ * Prune the tree: delete any child mapped child data on the current level - * then proceed up the tree deleting any data with no children. If we ever - * have no data on a level we can halt because the tree will be empty. - */ - - static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) -- { -- X509_POLICY_NODE *node; -- int i; -- for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) -- { -- node = sk_X509_POLICY_NODE_value(curr->nodes, i); -- /* Delete any mapped data: see RFC3280 XXXX */ -- if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) -- { -- node->parent->nchild--; -- OPENSSL_free(node); -- (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); -- } -- } -- -- for(;;) { -- --curr; -- for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) -- { -- node = sk_X509_POLICY_NODE_value(curr->nodes, i); -- if (node->nchild == 0) -- { -- node->parent->nchild--; -- OPENSSL_free(node); -- (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); -- } -- } -- if (curr->anyPolicy && !curr->anyPolicy->nchild) -- { -- if (curr->anyPolicy->parent) -- curr->anyPolicy->parent->nchild--; -- OPENSSL_free(curr->anyPolicy); -- curr->anyPolicy = NULL; -- } -- if (curr == tree->levels) -- { -- /* If we zapped anyPolicy at top then tree is empty */ -- if (!curr->anyPolicy) -- return 2; -- return 1; -- } -- } -- -- return 1; -- -- } -+{ -+ X509_POLICY_NODE *node; -+ int i; -+ for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) { -+ node = sk_X509_POLICY_NODE_value(curr->nodes, i); -+ /* Delete any mapped data: see RFC3280 XXXX */ -+ if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) { -+ node->parent->nchild--; -+ OPENSSL_free(node); -+ (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); -+ } -+ } -+ -+ for (;;) { -+ --curr; -+ for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) { -+ node = sk_X509_POLICY_NODE_value(curr->nodes, i); -+ if (node->nchild == 0) { -+ node->parent->nchild--; -+ OPENSSL_free(node); -+ (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); -+ } -+ } -+ if (curr->anyPolicy && !curr->anyPolicy->nchild) { -+ if (curr->anyPolicy->parent) -+ curr->anyPolicy->parent->nchild--; -+ OPENSSL_free(curr->anyPolicy); -+ curr->anyPolicy = NULL; -+ } -+ if (curr == tree->levels) { -+ /* If we zapped anyPolicy at top then tree is empty */ -+ if (!curr->anyPolicy) -+ return 2; -+ return 1; -+ } -+ } -+ -+ return 1; -+ -+} - - static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, -- X509_POLICY_NODE *pcy) -- { -- if (!*pnodes) -- { -- *pnodes = policy_node_cmp_new(); -- if (!*pnodes) -- return 0; -- } -- else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) -- return 1; -- -- if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) -- return 0; -- -- return 1; -- -- } -- --/* Calculate the authority set based on policy tree. -- * The 'pnodes' parameter is used as a store for the set of policy nodes -- * used to calculate the user set. If the authority set is not anyPolicy -- * then pnodes will just point to the authority set. If however the authority -- * set is anyPolicy then the set of valid policies (other than anyPolicy) -- * is store in pnodes. The return value of '2' is used in this case to indicate -- * that pnodes should be freed. -+ X509_POLICY_NODE *pcy) -+{ -+ if (!*pnodes) { -+ *pnodes = policy_node_cmp_new(); -+ if (!*pnodes) -+ return 0; -+ } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) -+ return 1; -+ -+ if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) -+ return 0; -+ -+ return 1; -+ -+} -+ -+/* -+ * Calculate the authority set based on policy tree. The 'pnodes' parameter -+ * is used as a store for the set of policy nodes used to calculate the user -+ * set. If the authority set is not anyPolicy then pnodes will just point to -+ * the authority set. If however the authority set is anyPolicy then the set -+ * of valid policies (other than anyPolicy) is store in pnodes. The return -+ * value of '2' is used in this case to indicate that pnodes should be freed. - */ - - static int tree_calculate_authority_set(X509_POLICY_TREE *tree, -- STACK_OF(X509_POLICY_NODE) **pnodes) -- { -- X509_POLICY_LEVEL *curr; -- X509_POLICY_NODE *node, *anyptr; -- STACK_OF(X509_POLICY_NODE) **addnodes; -- int i, j; -- curr = tree->levels + tree->nlevel - 1; -- -- /* If last level contains anyPolicy set is anyPolicy */ -- if (curr->anyPolicy) -- { -- if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) -- return 0; -- addnodes = pnodes; -- } -- else -- /* Add policies to authority set */ -- addnodes = &tree->auth_policies; -- -- curr = tree->levels; -- for (i = 1; i < tree->nlevel; i++) -- { -- /* If no anyPolicy node on this this level it can't -- * appear on lower levels so end search. -- */ -- if (!(anyptr = curr->anyPolicy)) -- break; -- curr++; -- for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) -- { -- node = sk_X509_POLICY_NODE_value(curr->nodes, j); -- if ((node->parent == anyptr) -- && !tree_add_auth_node(addnodes, node)) -- return 0; -- } -- } -- -- if (addnodes == pnodes) -- return 2; -- -- *pnodes = tree->auth_policies; -- -- return 1; -- } -+ STACK_OF(X509_POLICY_NODE) **pnodes) -+{ -+ X509_POLICY_LEVEL *curr; -+ X509_POLICY_NODE *node, *anyptr; -+ STACK_OF(X509_POLICY_NODE) **addnodes; -+ int i, j; -+ curr = tree->levels + tree->nlevel - 1; -+ -+ /* If last level contains anyPolicy set is anyPolicy */ -+ if (curr->anyPolicy) { -+ if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) -+ return 0; -+ addnodes = pnodes; -+ } else -+ /* Add policies to authority set */ -+ addnodes = &tree->auth_policies; -+ -+ curr = tree->levels; -+ for (i = 1; i < tree->nlevel; i++) { -+ /* -+ * If no anyPolicy node on this this level it can't appear on lower -+ * levels so end search. -+ */ -+ if (!(anyptr = curr->anyPolicy)) -+ break; -+ curr++; -+ for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { -+ node = sk_X509_POLICY_NODE_value(curr->nodes, j); -+ if ((node->parent == anyptr) -+ && !tree_add_auth_node(addnodes, node)) -+ return 0; -+ } -+ } -+ -+ if (addnodes == pnodes) -+ return 2; -+ -+ *pnodes = tree->auth_policies; -+ -+ return 1; -+} - - static int tree_calculate_user_set(X509_POLICY_TREE *tree, -- STACK_OF(ASN1_OBJECT) *policy_oids, -- STACK_OF(X509_POLICY_NODE) *auth_nodes) -- { -- int i; -- X509_POLICY_NODE *node; -- ASN1_OBJECT *oid; -- -- X509_POLICY_NODE *anyPolicy; -- X509_POLICY_DATA *extra; -- -- /* Check if anyPolicy present in authority constrained policy set: -- * this will happen if it is a leaf node. -- */ -- -- if (sk_ASN1_OBJECT_num(policy_oids) <= 0) -- return 1; -- -- anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy; -- -- for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) -- { -- oid = sk_ASN1_OBJECT_value(policy_oids, i); -- if (OBJ_obj2nid(oid) == NID_any_policy) -- { -- tree->flags |= POLICY_FLAG_ANY_POLICY; -- return 1; -- } -- } -- -- for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) -- { -- oid = sk_ASN1_OBJECT_value(policy_oids, i); -- node = tree_find_sk(auth_nodes, oid); -- if (!node) -- { -- if (!anyPolicy) -- continue; -- /* Create a new node with policy ID from user set -- * and qualifiers from anyPolicy. -- */ -- extra = policy_data_new(NULL, oid, -- node_critical(anyPolicy)); -- if (!extra) -- return 0; -- extra->qualifier_set = anyPolicy->data->qualifier_set; -- extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS -- | POLICY_DATA_FLAG_EXTRA_NODE; -- node = level_add_node(NULL, extra, anyPolicy->parent, -- tree); -- } -- if (!tree->user_policies) -- { -- tree->user_policies = sk_X509_POLICY_NODE_new_null(); -- if (!tree->user_policies) -- return 1; -- } -- if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) -- return 0; -- } -- return 1; -- -- } -+ STACK_OF(ASN1_OBJECT) *policy_oids, -+ STACK_OF(X509_POLICY_NODE) *auth_nodes) -+{ -+ int i; -+ X509_POLICY_NODE *node; -+ ASN1_OBJECT *oid; -+ -+ X509_POLICY_NODE *anyPolicy; -+ X509_POLICY_DATA *extra; -+ -+ /* -+ * Check if anyPolicy present in authority constrained policy set: this -+ * will happen if it is a leaf node. -+ */ -+ -+ if (sk_ASN1_OBJECT_num(policy_oids) <= 0) -+ return 1; -+ -+ anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy; -+ -+ for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) { -+ oid = sk_ASN1_OBJECT_value(policy_oids, i); -+ if (OBJ_obj2nid(oid) == NID_any_policy) { -+ tree->flags |= POLICY_FLAG_ANY_POLICY; -+ return 1; -+ } -+ } -+ -+ for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) { -+ oid = sk_ASN1_OBJECT_value(policy_oids, i); -+ node = tree_find_sk(auth_nodes, oid); -+ if (!node) { -+ if (!anyPolicy) -+ continue; -+ /* -+ * Create a new node with policy ID from user set and qualifiers -+ * from anyPolicy. -+ */ -+ extra = policy_data_new(NULL, oid, node_critical(anyPolicy)); -+ if (!extra) -+ return 0; -+ extra->qualifier_set = anyPolicy->data->qualifier_set; -+ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS -+ | POLICY_DATA_FLAG_EXTRA_NODE; -+ node = level_add_node(NULL, extra, anyPolicy->parent, tree); -+ } -+ if (!tree->user_policies) { -+ tree->user_policies = sk_X509_POLICY_NODE_new_null(); -+ if (!tree->user_policies) -+ return 1; -+ } -+ if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) -+ return 0; -+ } -+ return 1; -+ -+} - - static int tree_evaluate(X509_POLICY_TREE *tree) -- { -- int ret, i; -- X509_POLICY_LEVEL *curr = tree->levels + 1; -- const X509_POLICY_CACHE *cache; -+{ -+ int ret, i; -+ X509_POLICY_LEVEL *curr = tree->levels + 1; -+ const X509_POLICY_CACHE *cache; - -- for(i = 1; i < tree->nlevel; i++, curr++) -- { -- cache = policy_cache_set(curr->cert); -- if (!tree_link_nodes(curr, cache)) -- return 0; -+ for (i = 1; i < tree->nlevel; i++, curr++) { -+ cache = policy_cache_set(curr->cert); -+ if (!tree_link_nodes(curr, cache)) -+ return 0; - -- if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) -- && !tree_link_any(curr, cache, tree)) -- return 0; -- ret = tree_prune(tree, curr); -- if (ret != 1) -- return ret; -- } -+ if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) -+ && !tree_link_any(curr, cache, tree)) -+ return 0; -+ ret = tree_prune(tree, curr); -+ if (ret != 1) -+ return ret; -+ } - -- return 1; -+ return 1; - -- } -+} - - static void exnode_free(X509_POLICY_NODE *node) -- { -- if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE)) -- OPENSSL_free(node); -- } -- -+{ -+ if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE)) -+ OPENSSL_free(node); -+} - - void X509_policy_tree_free(X509_POLICY_TREE *tree) -- { -- X509_POLICY_LEVEL *curr; -- int i; -+{ -+ X509_POLICY_LEVEL *curr; -+ int i; - -- if (!tree) -- return; -+ if (!tree) -+ return; - -- sk_X509_POLICY_NODE_free(tree->auth_policies); -- sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); -+ sk_X509_POLICY_NODE_free(tree->auth_policies); -+ sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); - -- for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) -- { -- if (curr->cert) -- X509_free(curr->cert); -- if (curr->nodes) -- sk_X509_POLICY_NODE_pop_free(curr->nodes, -- policy_node_free); -- if (curr->anyPolicy) -- policy_node_free(curr->anyPolicy); -- } -+ for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { -+ if (curr->cert) -+ X509_free(curr->cert); -+ if (curr->nodes) -+ sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); -+ if (curr->anyPolicy) -+ policy_node_free(curr->anyPolicy); -+ } - -- if (tree->extra_data) -- sk_X509_POLICY_DATA_pop_free(tree->extra_data, -- policy_data_free); -+ if (tree->extra_data) -+ sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); - -- OPENSSL_free(tree->levels); -- OPENSSL_free(tree); -+ OPENSSL_free(tree->levels); -+ OPENSSL_free(tree); - -- } -+} - --/* Application policy checking function. -+/*- -+ * Application policy checking function. - * Return codes: -- * 0 Internal Error. -+ * 0 Internal Error. - * 1 Successful. - * -1 One or more certificates contain invalid or inconsistent extensions -- * -2 User constrained policy set empty and requireExplicit true. -+ * -2 User constrained policy set empty and requireExplicit true. - */ - - int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, -- STACK_OF(X509) *certs, -- STACK_OF(ASN1_OBJECT) *policy_oids, -- unsigned int flags) -- { -- int ret; -- X509_POLICY_TREE *tree = NULL; -- STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; -- *ptree = NULL; -+ STACK_OF(X509) *certs, -+ STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) -+{ -+ int ret; -+ X509_POLICY_TREE *tree = NULL; -+ STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; -+ *ptree = NULL; - -- *pexplicit_policy = 0; -- ret = tree_init(&tree, certs, flags); -+ *pexplicit_policy = 0; -+ ret = tree_init(&tree, certs, flags); - -+ switch (ret) { - -- switch (ret) -- { -+ /* Tree empty requireExplicit False: OK */ -+ case 2: -+ return 1; - -- /* Tree empty requireExplicit False: OK */ -- case 2: -- return 1; -+ /* Some internal error */ -+ case -1: -+ return -1; - -- /* Some internal error */ -- case -1: -- return -1; -+ /* Some internal error */ -+ case 0: -+ return 0; - -- /* Some internal error */ -- case 0: -- return 0; -+ /* Tree empty requireExplicit True: Error */ - -- /* Tree empty requireExplicit True: Error */ -+ case 6: -+ *pexplicit_policy = 1; -+ return -2; - -- case 6: -- *pexplicit_policy = 1; -- return -2; -+ /* Tree OK requireExplicit True: OK and continue */ -+ case 5: -+ *pexplicit_policy = 1; -+ break; - -- /* Tree OK requireExplicit True: OK and continue */ -- case 5: -- *pexplicit_policy = 1; -- break; -+ /* Tree OK: continue */ - -- /* Tree OK: continue */ -+ case 1: -+ if (!tree) -+ /* -+ * tree_init() returns success and a null tree -+ * if it's just looking at a trust anchor. -+ * I'm not sure that returning success here is -+ * correct, but I'm sure that reporting this -+ * as an internal error which our caller -+ * interprets as a malloc failure is wrong. -+ */ -+ return 1; -+ break; -+ } - -- case 1: -- if (!tree) -- /* -- * tree_init() returns success and a null tree -- * if it's just looking at a trust anchor. -- * I'm not sure that returning success here is -- * correct, but I'm sure that reporting this -- * as an internal error which our caller -- * interprets as a malloc failure is wrong. -- */ -- return 1; -- break; -- } -+ if (!tree) -+ goto error; -+ ret = tree_evaluate(tree); - -- if (!tree) goto error; -- ret = tree_evaluate(tree); -+ if (ret <= 0) -+ goto error; - -- if (ret <= 0) -- goto error; -+ /* Return value 2 means tree empty */ -+ if (ret == 2) { -+ X509_policy_tree_free(tree); -+ if (*pexplicit_policy) -+ return -2; -+ else -+ return 1; -+ } - -- /* Return value 2 means tree empty */ -- if (ret == 2) -- { -- X509_policy_tree_free(tree); -- if (*pexplicit_policy) -- return -2; -- else -- return 1; -- } -+ /* Tree is not empty: continue */ - -- /* Tree is not empty: continue */ -+ ret = tree_calculate_authority_set(tree, &auth_nodes); - -- ret = tree_calculate_authority_set(tree, &auth_nodes); -+ if (!ret) -+ goto error; - -- if (!ret) -- goto error; -+ if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) -+ goto error; - -- if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) -- goto error; -- -- if (ret == 2) -- sk_X509_POLICY_NODE_free(auth_nodes); -+ if (ret == 2) -+ sk_X509_POLICY_NODE_free(auth_nodes); - -- if (tree) -- *ptree = tree; -+ if (tree) -+ *ptree = tree; - -- if (*pexplicit_policy) -- { -- nodes = X509_policy_tree_get0_user_policies(tree); -- if (sk_X509_POLICY_NODE_num(nodes) <= 0) -- return -2; -- } -+ if (*pexplicit_policy) { -+ nodes = X509_policy_tree_get0_user_policies(tree); -+ if (sk_X509_POLICY_NODE_num(nodes) <= 0) -+ return -2; -+ } - -- return 1; -+ return 1; - -- error: -+ error: - -- X509_policy_tree_free(tree); -+ X509_policy_tree_free(tree); - -- return 0; -+ return 0; - -- } -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c -index c0e1d2d..e1911f2 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -95,9 +95,9 @@ ASN1_SEQUENCE(IPAddressFamily) = { - ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice) - } ASN1_SEQUENCE_END(IPAddressFamily) - --ASN1_ITEM_TEMPLATE(IPAddrBlocks) = -+ASN1_ITEM_TEMPLATE(IPAddrBlocks) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, -- IPAddrBlocks, IPAddressFamily) -+ IPAddrBlocks, IPAddressFamily) - ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) - - IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) -@@ -108,21 +108,21 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) - /* - * How much buffer space do we need for a raw address? - */ --#define ADDR_RAW_BUF_LEN 16 -+# define ADDR_RAW_BUF_LEN 16 - - /* - * What's the address length associated with this AFI? - */ - static int length_from_afi(const unsigned afi) - { -- switch (afi) { -- case IANA_AFI_IPV4: -- return 4; -- case IANA_AFI_IPV6: -- return 16; -- default: -- return 0; -- } -+ switch (afi) { -+ case IANA_AFI_IPV4: -+ return 4; -+ case IANA_AFI_IPV6: -+ return 16; -+ default: -+ return 0; -+ } - } - - /* -@@ -130,12 +130,10 @@ static int length_from_afi(const unsigned afi) - */ - unsigned int v3_addr_get_afi(const IPAddressFamily *f) - { -- return ((f != NULL && -- f->addressFamily != NULL && -- f->addressFamily->data != NULL) -- ? ((f->addressFamily->data[0] << 8) | -- (f->addressFamily->data[1])) -- : 0); -+ return ((f != NULL && -+ f->addressFamily != NULL && f->addressFamily->data != NULL) -+ ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) -+ : 0); - } - - /* -@@ -143,173 +141,170 @@ unsigned int v3_addr_get_afi(const IPAddressFamily *f) - * At the moment this is coded for simplicity, not speed. - */ - static int addr_expand(unsigned char *addr, -- const ASN1_BIT_STRING *bs, -- const int length, -- const unsigned char fill) -+ const ASN1_BIT_STRING *bs, -+ const int length, const unsigned char fill) - { -- if (bs->length < 0 || bs->length > length) -- return 0; -- if (bs->length > 0) { -- memcpy(addr, bs->data, bs->length); -- if ((bs->flags & 7) != 0) { -- unsigned char mask = 0xFF >> (8 - (bs->flags & 7)); -- if (fill == 0) -- addr[bs->length - 1] &= ~mask; -- else -- addr[bs->length - 1] |= mask; -+ if (bs->length < 0 || bs->length > length) -+ return 0; -+ if (bs->length > 0) { -+ memcpy(addr, bs->data, bs->length); -+ if ((bs->flags & 7) != 0) { -+ unsigned char mask = 0xFF >> (8 - (bs->flags & 7)); -+ if (fill == 0) -+ addr[bs->length - 1] &= ~mask; -+ else -+ addr[bs->length - 1] |= mask; -+ } - } -- } -- memset(addr + bs->length, fill, length - bs->length); -- return 1; -+ memset(addr + bs->length, fill, length - bs->length); -+ return 1; - } - - /* - * Extract the prefix length from a bitstring. - */ --#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) -+# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) - - /* - * i2r handler for one address bitstring. - */ - static int i2r_address(BIO *out, -- const unsigned afi, -- const unsigned char fill, -- const ASN1_BIT_STRING *bs) -+ const unsigned afi, -+ const unsigned char fill, const ASN1_BIT_STRING *bs) - { -- unsigned char addr[ADDR_RAW_BUF_LEN]; -- int i, n; -+ unsigned char addr[ADDR_RAW_BUF_LEN]; -+ int i, n; - -- if (bs->length < 0) -- return 0; -- switch (afi) { -- case IANA_AFI_IPV4: -- if (!addr_expand(addr, bs, 4, fill)) -- return 0; -- BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); -- break; -- case IANA_AFI_IPV6: -- if (!addr_expand(addr, bs, 16, fill)) -- return 0; -- for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) -- ; -- for (i = 0; i < n; i += 2) -- BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); -- if (i < 16) -- BIO_puts(out, ":"); -- if (i == 0) -- BIO_puts(out, ":"); -- break; -- default: -- for (i = 0; i < bs->length; i++) -- BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]); -- BIO_printf(out, "[%d]", (int) (bs->flags & 7)); -- break; -- } -- return 1; -+ if (bs->length < 0) -+ return 0; -+ switch (afi) { -+ case IANA_AFI_IPV4: -+ if (!addr_expand(addr, bs, 4, fill)) -+ return 0; -+ BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); -+ break; -+ case IANA_AFI_IPV6: -+ if (!addr_expand(addr, bs, 16, fill)) -+ return 0; -+ for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00; -+ n -= 2) ; -+ for (i = 0; i < n; i += 2) -+ BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1], -+ (i < 14 ? ":" : "")); -+ if (i < 16) -+ BIO_puts(out, ":"); -+ if (i == 0) -+ BIO_puts(out, ":"); -+ break; -+ default: -+ for (i = 0; i < bs->length; i++) -+ BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]); -+ BIO_printf(out, "[%d]", (int)(bs->flags & 7)); -+ break; -+ } -+ return 1; - } - - /* - * i2r handler for a sequence of addresses and ranges. - */ - static int i2r_IPAddressOrRanges(BIO *out, -- const int indent, -- const IPAddressOrRanges *aors, -- const unsigned afi) -+ const int indent, -+ const IPAddressOrRanges *aors, -+ const unsigned afi) - { -- int i; -- for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { -- const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i); -- BIO_printf(out, "%*s", indent, ""); -- switch (aor->type) { -- case IPAddressOrRange_addressPrefix: -- if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix)) -- return 0; -- BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix)); -- continue; -- case IPAddressOrRange_addressRange: -- if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min)) -- return 0; -- BIO_puts(out, "-"); -- if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max)) -- return 0; -- BIO_puts(out, "\n"); -- continue; -+ int i; -+ for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { -+ const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i); -+ BIO_printf(out, "%*s", indent, ""); -+ switch (aor->type) { -+ case IPAddressOrRange_addressPrefix: -+ if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix)) -+ return 0; -+ BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix)); -+ continue; -+ case IPAddressOrRange_addressRange: -+ if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min)) -+ return 0; -+ BIO_puts(out, "-"); -+ if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max)) -+ return 0; -+ BIO_puts(out, "\n"); -+ continue; -+ } - } -- } -- return 1; -+ return 1; - } - - /* - * i2r handler for an IPAddrBlocks extension. - */ - static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, -- void *ext, -- BIO *out, -- int indent) -+ void *ext, BIO *out, int indent) - { -- const IPAddrBlocks *addr = ext; -- int i; -- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -- const unsigned int afi = v3_addr_get_afi(f); -- switch (afi) { -- case IANA_AFI_IPV4: -- BIO_printf(out, "%*sIPv4", indent, ""); -- break; -- case IANA_AFI_IPV6: -- BIO_printf(out, "%*sIPv6", indent, ""); -- break; -- default: -- BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi); -- break; -+ const IPAddrBlocks *addr = ext; -+ int i; -+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -+ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -+ const unsigned int afi = v3_addr_get_afi(f); -+ switch (afi) { -+ case IANA_AFI_IPV4: -+ BIO_printf(out, "%*sIPv4", indent, ""); -+ break; -+ case IANA_AFI_IPV6: -+ BIO_printf(out, "%*sIPv6", indent, ""); -+ break; -+ default: -+ BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi); -+ break; -+ } -+ if (f->addressFamily->length > 2) { -+ switch (f->addressFamily->data[2]) { -+ case 1: -+ BIO_puts(out, " (Unicast)"); -+ break; -+ case 2: -+ BIO_puts(out, " (Multicast)"); -+ break; -+ case 3: -+ BIO_puts(out, " (Unicast/Multicast)"); -+ break; -+ case 4: -+ BIO_puts(out, " (MPLS)"); -+ break; -+ case 64: -+ BIO_puts(out, " (Tunnel)"); -+ break; -+ case 65: -+ BIO_puts(out, " (VPLS)"); -+ break; -+ case 66: -+ BIO_puts(out, " (BGP MDT)"); -+ break; -+ case 128: -+ BIO_puts(out, " (MPLS-labeled VPN)"); -+ break; -+ default: -+ BIO_printf(out, " (Unknown SAFI %u)", -+ (unsigned)f->addressFamily->data[2]); -+ break; -+ } -+ } -+ switch (f->ipAddressChoice->type) { -+ case IPAddressChoice_inherit: -+ BIO_puts(out, ": inherit\n"); -+ break; -+ case IPAddressChoice_addressesOrRanges: -+ BIO_puts(out, ":\n"); -+ if (!i2r_IPAddressOrRanges(out, -+ indent + 2, -+ f->ipAddressChoice-> -+ u.addressesOrRanges, afi)) -+ return 0; -+ break; -+ } - } -- if (f->addressFamily->length > 2) { -- switch (f->addressFamily->data[2]) { -- case 1: -- BIO_puts(out, " (Unicast)"); -- break; -- case 2: -- BIO_puts(out, " (Multicast)"); -- break; -- case 3: -- BIO_puts(out, " (Unicast/Multicast)"); -- break; -- case 4: -- BIO_puts(out, " (MPLS)"); -- break; -- case 64: -- BIO_puts(out, " (Tunnel)"); -- break; -- case 65: -- BIO_puts(out, " (VPLS)"); -- break; -- case 66: -- BIO_puts(out, " (BGP MDT)"); -- break; -- case 128: -- BIO_puts(out, " (MPLS-labeled VPN)"); -- break; -- default: -- BIO_printf(out, " (Unknown SAFI %u)", -- (unsigned) f->addressFamily->data[2]); -- break; -- } -- } -- switch (f->ipAddressChoice->type) { -- case IPAddressChoice_inherit: -- BIO_puts(out, ": inherit\n"); -- break; -- case IPAddressChoice_addressesOrRanges: -- BIO_puts(out, ":\n"); -- if (!i2r_IPAddressOrRanges(out, -- indent + 2, -- f->ipAddressChoice->u.addressesOrRanges, -- afi)) -- return 0; -- break; -- } -- } -- return 1; -+ return 1; - } - - /* -@@ -323,64 +318,63 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, - * for garbage input, tough noogies. - */ - static int IPAddressOrRange_cmp(const IPAddressOrRange *a, -- const IPAddressOrRange *b, -- const int length) -+ const IPAddressOrRange *b, const int length) - { -- unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; -- int prefixlen_a = 0; -- int prefixlen_b = 0; -- int r; -- -- switch (a->type) { -- case IPAddressOrRange_addressPrefix: -- if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) -- return -1; -- prefixlen_a = addr_prefixlen(a->u.addressPrefix); -- break; -- case IPAddressOrRange_addressRange: -- if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) -- return -1; -- prefixlen_a = length * 8; -- break; -- } -- -- switch (b->type) { -- case IPAddressOrRange_addressPrefix: -- if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) -- return -1; -- prefixlen_b = addr_prefixlen(b->u.addressPrefix); -- break; -- case IPAddressOrRange_addressRange: -- if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) -- return -1; -- prefixlen_b = length * 8; -- break; -- } -- -- if ((r = memcmp(addr_a, addr_b, length)) != 0) -- return r; -- else -- return prefixlen_a - prefixlen_b; -+ unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; -+ int prefixlen_a = 0; -+ int prefixlen_b = 0; -+ int r; -+ -+ switch (a->type) { -+ case IPAddressOrRange_addressPrefix: -+ if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) -+ return -1; -+ prefixlen_a = addr_prefixlen(a->u.addressPrefix); -+ break; -+ case IPAddressOrRange_addressRange: -+ if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) -+ return -1; -+ prefixlen_a = length * 8; -+ break; -+ } -+ -+ switch (b->type) { -+ case IPAddressOrRange_addressPrefix: -+ if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) -+ return -1; -+ prefixlen_b = addr_prefixlen(b->u.addressPrefix); -+ break; -+ case IPAddressOrRange_addressRange: -+ if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) -+ return -1; -+ prefixlen_b = length * 8; -+ break; -+ } -+ -+ if ((r = memcmp(addr_a, addr_b, length)) != 0) -+ return r; -+ else -+ return prefixlen_a - prefixlen_b; - } - - /* - * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparision routines are only allowed two arguments. - */ --static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a, -- const IPAddressOrRange * const *b) -+static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, -+ const IPAddressOrRange *const *b) - { -- return IPAddressOrRange_cmp(*a, *b, 4); -+ return IPAddressOrRange_cmp(*a, *b, 4); - } - - /* - * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparision routines are only allowed two arguments. - */ --static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a, -- const IPAddressOrRange * const *b) -+static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, -+ const IPAddressOrRange *const *b) - { -- return IPAddressOrRange_cmp(*a, *b, 16); -+ return IPAddressOrRange_cmp(*a, *b, 16); - } - - /* -@@ -388,69 +382,80 @@ static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a, - * See last paragraph of RFC 3779 2.2.3.7. - */ - static int range_should_be_prefix(const unsigned char *min, -- const unsigned char *max, -- const int length) -+ const unsigned char *max, const int length) - { -- unsigned char mask; -- int i, j; -- -- OPENSSL_assert(memcmp(min, max, length) <= 0); -- for (i = 0; i < length && min[i] == max[i]; i++) -- ; -- for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) -- ; -- if (i < j) -- return -1; -- if (i > j) -- return i * 8; -- mask = min[i] ^ max[i]; -- switch (mask) { -- case 0x01: j = 7; break; -- case 0x03: j = 6; break; -- case 0x07: j = 5; break; -- case 0x0F: j = 4; break; -- case 0x1F: j = 3; break; -- case 0x3F: j = 2; break; -- case 0x7F: j = 1; break; -- default: return -1; -- } -- if ((min[i] & mask) != 0 || (max[i] & mask) != mask) -- return -1; -- else -- return i * 8 + j; -+ unsigned char mask; -+ int i, j; -+ -+ OPENSSL_assert(memcmp(min, max, length) <= 0); -+ for (i = 0; i < length && min[i] == max[i]; i++) ; -+ for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ; -+ if (i < j) -+ return -1; -+ if (i > j) -+ return i * 8; -+ mask = min[i] ^ max[i]; -+ switch (mask) { -+ case 0x01: -+ j = 7; -+ break; -+ case 0x03: -+ j = 6; -+ break; -+ case 0x07: -+ j = 5; -+ break; -+ case 0x0F: -+ j = 4; -+ break; -+ case 0x1F: -+ j = 3; -+ break; -+ case 0x3F: -+ j = 2; -+ break; -+ case 0x7F: -+ j = 1; -+ break; -+ default: -+ return -1; -+ } -+ if ((min[i] & mask) != 0 || (max[i] & mask) != mask) -+ return -1; -+ else -+ return i * 8 + j; - } - - /* - * Construct a prefix. - */ - static int make_addressPrefix(IPAddressOrRange **result, -- unsigned char *addr, -- const int prefixlen) -+ unsigned char *addr, const int prefixlen) - { -- int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; -- IPAddressOrRange *aor = IPAddressOrRange_new(); -+ int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; -+ IPAddressOrRange *aor = IPAddressOrRange_new(); -+ -+ if (aor == NULL) -+ return 0; -+ aor->type = IPAddressOrRange_addressPrefix; -+ if (aor->u.addressPrefix == NULL && -+ (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) -+ goto err; -+ if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen)) -+ goto err; -+ aor->u.addressPrefix->flags &= ~7; -+ aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ if (bitlen > 0) { -+ aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen); -+ aor->u.addressPrefix->flags |= 8 - bitlen; -+ } - -- if (aor == NULL) -- return 0; -- aor->type = IPAddressOrRange_addressPrefix; -- if (aor->u.addressPrefix == NULL && -- (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) -- goto err; -- if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen)) -- goto err; -- aor->u.addressPrefix->flags &= ~7; -- aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; -- if (bitlen > 0) { -- aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen); -- aor->u.addressPrefix->flags |= 8 - bitlen; -- } -- -- *result = aor; -- return 1; -+ *result = aor; -+ return 1; - - err: -- IPAddressOrRange_free(aor); -- return 0; -+ IPAddressOrRange_free(aor); -+ return 0; - } - - /* -@@ -459,251 +464,242 @@ static int make_addressPrefix(IPAddressOrRange **result, - * the rest of the code considerably. - */ - static int make_addressRange(IPAddressOrRange **result, -- unsigned char *min, -- unsigned char *max, -- const int length) -+ unsigned char *min, -+ unsigned char *max, const int length) - { -- IPAddressOrRange *aor; -- int i, prefixlen; -+ IPAddressOrRange *aor; -+ int i, prefixlen; -+ -+ if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) -+ return make_addressPrefix(result, min, prefixlen); -+ -+ if ((aor = IPAddressOrRange_new()) == NULL) -+ return 0; -+ aor->type = IPAddressOrRange_addressRange; -+ OPENSSL_assert(aor->u.addressRange == NULL); -+ if ((aor->u.addressRange = IPAddressRange_new()) == NULL) -+ goto err; -+ if (aor->u.addressRange->min == NULL && -+ (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) -+ goto err; -+ if (aor->u.addressRange->max == NULL && -+ (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) -+ goto err; -+ -+ for (i = length; i > 0 && min[i - 1] == 0x00; --i) ; -+ if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) -+ goto err; -+ aor->u.addressRange->min->flags &= ~7; -+ aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ if (i > 0) { -+ unsigned char b = min[i - 1]; -+ int j = 1; -+ while ((b & (0xFFU >> j)) != 0) -+ ++j; -+ aor->u.addressRange->min->flags |= 8 - j; -+ } - -- if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) -- return make_addressPrefix(result, min, prefixlen); -+ for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ; -+ if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) -+ goto err; -+ aor->u.addressRange->max->flags &= ~7; -+ aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT; -+ if (i > 0) { -+ unsigned char b = max[i - 1]; -+ int j = 1; -+ while ((b & (0xFFU >> j)) != (0xFFU >> j)) -+ ++j; -+ aor->u.addressRange->max->flags |= 8 - j; -+ } - -- if ((aor = IPAddressOrRange_new()) == NULL) -- return 0; -- aor->type = IPAddressOrRange_addressRange; -- OPENSSL_assert(aor->u.addressRange == NULL); -- if ((aor->u.addressRange = IPAddressRange_new()) == NULL) -- goto err; -- if (aor->u.addressRange->min == NULL && -- (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) -- goto err; -- if (aor->u.addressRange->max == NULL && -- (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) -- goto err; -- -- for (i = length; i > 0 && min[i - 1] == 0x00; --i) -- ; -- if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) -- goto err; -- aor->u.addressRange->min->flags &= ~7; -- aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT; -- if (i > 0) { -- unsigned char b = min[i - 1]; -- int j = 1; -- while ((b & (0xFFU >> j)) != 0) -- ++j; -- aor->u.addressRange->min->flags |= 8 - j; -- } -- -- for (i = length; i > 0 && max[i - 1] == 0xFF; --i) -- ; -- if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) -- goto err; -- aor->u.addressRange->max->flags &= ~7; -- aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT; -- if (i > 0) { -- unsigned char b = max[i - 1]; -- int j = 1; -- while ((b & (0xFFU >> j)) != (0xFFU >> j)) -- ++j; -- aor->u.addressRange->max->flags |= 8 - j; -- } -- -- *result = aor; -- return 1; -+ *result = aor; -+ return 1; - - err: -- IPAddressOrRange_free(aor); -- return 0; -+ IPAddressOrRange_free(aor); -+ return 0; - } - - /* - * Construct a new address family or find an existing one. - */ - static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, -- const unsigned afi, -- const unsigned *safi) -+ const unsigned afi, -+ const unsigned *safi) - { -- IPAddressFamily *f; -- unsigned char key[3]; -- unsigned keylen; -- int i; -- -- key[0] = (afi >> 8) & 0xFF; -- key[1] = afi & 0xFF; -- if (safi != NULL) { -- key[2] = *safi & 0xFF; -- keylen = 3; -- } else { -- keylen = 2; -- } -- -- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -- f = sk_IPAddressFamily_value(addr, i); -- OPENSSL_assert(f->addressFamily->data != NULL); -- if (f->addressFamily->length == keylen && -- !memcmp(f->addressFamily->data, key, keylen)) -- return f; -- } -- -- if ((f = IPAddressFamily_new()) == NULL) -- goto err; -- if (f->ipAddressChoice == NULL && -- (f->ipAddressChoice = IPAddressChoice_new()) == NULL) -- goto err; -- if (f->addressFamily == NULL && -- (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) -- goto err; -- if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen)) -- goto err; -- if (!sk_IPAddressFamily_push(addr, f)) -- goto err; -- -- return f; -+ IPAddressFamily *f; -+ unsigned char key[3]; -+ unsigned keylen; -+ int i; -+ -+ key[0] = (afi >> 8) & 0xFF; -+ key[1] = afi & 0xFF; -+ if (safi != NULL) { -+ key[2] = *safi & 0xFF; -+ keylen = 3; -+ } else { -+ keylen = 2; -+ } -+ -+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -+ f = sk_IPAddressFamily_value(addr, i); -+ OPENSSL_assert(f->addressFamily->data != NULL); -+ if (f->addressFamily->length == keylen && -+ !memcmp(f->addressFamily->data, key, keylen)) -+ return f; -+ } -+ -+ if ((f = IPAddressFamily_new()) == NULL) -+ goto err; -+ if (f->ipAddressChoice == NULL && -+ (f->ipAddressChoice = IPAddressChoice_new()) == NULL) -+ goto err; -+ if (f->addressFamily == NULL && -+ (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) -+ goto err; -+ if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen)) -+ goto err; -+ if (!sk_IPAddressFamily_push(addr, f)) -+ goto err; -+ -+ return f; - - err: -- IPAddressFamily_free(f); -- return NULL; -+ IPAddressFamily_free(f); -+ return NULL; - } - - /* - * Add an inheritance element. - */ - int v3_addr_add_inherit(IPAddrBlocks *addr, -- const unsigned afi, -- const unsigned *safi) -+ const unsigned afi, const unsigned *safi) - { -- IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); -- if (f == NULL || -- f->ipAddressChoice == NULL || -- (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && -- f->ipAddressChoice->u.addressesOrRanges != NULL)) -- return 0; -- if (f->ipAddressChoice->type == IPAddressChoice_inherit && -- f->ipAddressChoice->u.inherit != NULL) -+ IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); -+ if (f == NULL || -+ f->ipAddressChoice == NULL || -+ (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && -+ f->ipAddressChoice->u.addressesOrRanges != NULL)) -+ return 0; -+ if (f->ipAddressChoice->type == IPAddressChoice_inherit && -+ f->ipAddressChoice->u.inherit != NULL) -+ return 1; -+ if (f->ipAddressChoice->u.inherit == NULL && -+ (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) -+ return 0; -+ f->ipAddressChoice->type = IPAddressChoice_inherit; - return 1; -- if (f->ipAddressChoice->u.inherit == NULL && -- (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) -- return 0; -- f->ipAddressChoice->type = IPAddressChoice_inherit; -- return 1; - } - - /* - * Construct an IPAddressOrRange sequence, or return an existing one. - */ - static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, -- const unsigned afi, -- const unsigned *safi) -+ const unsigned afi, -+ const unsigned *safi) - { -- IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); -- IPAddressOrRanges *aors = NULL; -- -- if (f == NULL || -- f->ipAddressChoice == NULL || -- (f->ipAddressChoice->type == IPAddressChoice_inherit && -- f->ipAddressChoice->u.inherit != NULL)) -- return NULL; -- if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) -- aors = f->ipAddressChoice->u.addressesOrRanges; -- if (aors != NULL) -+ IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); -+ IPAddressOrRanges *aors = NULL; -+ -+ if (f == NULL || -+ f->ipAddressChoice == NULL || -+ (f->ipAddressChoice->type == IPAddressChoice_inherit && -+ f->ipAddressChoice->u.inherit != NULL)) -+ return NULL; -+ if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) -+ aors = f->ipAddressChoice->u.addressesOrRanges; -+ if (aors != NULL) -+ return aors; -+ if ((aors = sk_IPAddressOrRange_new_null()) == NULL) -+ return NULL; -+ switch (afi) { -+ case IANA_AFI_IPV4: -+ (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); -+ break; -+ case IANA_AFI_IPV6: -+ (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); -+ break; -+ } -+ f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; -+ f->ipAddressChoice->u.addressesOrRanges = aors; - return aors; -- if ((aors = sk_IPAddressOrRange_new_null()) == NULL) -- return NULL; -- switch (afi) { -- case IANA_AFI_IPV4: -- (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); -- break; -- case IANA_AFI_IPV6: -- (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); -- break; -- } -- f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; -- f->ipAddressChoice->u.addressesOrRanges = aors; -- return aors; - } - - /* - * Add a prefix. - */ - int v3_addr_add_prefix(IPAddrBlocks *addr, -- const unsigned afi, -- const unsigned *safi, -- unsigned char *a, -- const int prefixlen) -+ const unsigned afi, -+ const unsigned *safi, -+ unsigned char *a, const int prefixlen) - { -- IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); -- IPAddressOrRange *aor; -- if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen)) -+ IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); -+ IPAddressOrRange *aor; -+ if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen)) -+ return 0; -+ if (sk_IPAddressOrRange_push(aors, aor)) -+ return 1; -+ IPAddressOrRange_free(aor); - return 0; -- if (sk_IPAddressOrRange_push(aors, aor)) -- return 1; -- IPAddressOrRange_free(aor); -- return 0; - } - - /* - * Add a range. - */ - int v3_addr_add_range(IPAddrBlocks *addr, -- const unsigned afi, -- const unsigned *safi, -- unsigned char *min, -- unsigned char *max) -+ const unsigned afi, -+ const unsigned *safi, -+ unsigned char *min, unsigned char *max) - { -- IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); -- IPAddressOrRange *aor; -- int length = length_from_afi(afi); -- if (aors == NULL) -- return 0; -- if (!make_addressRange(&aor, min, max, length)) -+ IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); -+ IPAddressOrRange *aor; -+ int length = length_from_afi(afi); -+ if (aors == NULL) -+ return 0; -+ if (!make_addressRange(&aor, min, max, length)) -+ return 0; -+ if (sk_IPAddressOrRange_push(aors, aor)) -+ return 1; -+ IPAddressOrRange_free(aor); - return 0; -- if (sk_IPAddressOrRange_push(aors, aor)) -- return 1; -- IPAddressOrRange_free(aor); -- return 0; - } - - /* - * Extract min and max values from an IPAddressOrRange. - */ - static int extract_min_max(IPAddressOrRange *aor, -- unsigned char *min, -- unsigned char *max, -- int length) -+ unsigned char *min, unsigned char *max, int length) - { -- if (aor == NULL || min == NULL || max == NULL) -+ if (aor == NULL || min == NULL || max == NULL) -+ return 0; -+ switch (aor->type) { -+ case IPAddressOrRange_addressPrefix: -+ return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && -+ addr_expand(max, aor->u.addressPrefix, length, 0xFF)); -+ case IPAddressOrRange_addressRange: -+ return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && -+ addr_expand(max, aor->u.addressRange->max, length, 0xFF)); -+ } - return 0; -- switch (aor->type) { -- case IPAddressOrRange_addressPrefix: -- return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && -- addr_expand(max, aor->u.addressPrefix, length, 0xFF)); -- case IPAddressOrRange_addressRange: -- return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && -- addr_expand(max, aor->u.addressRange->max, length, 0xFF)); -- } -- return 0; - } - - /* - * Public wrapper for extract_min_max(). - */ - int v3_addr_get_range(IPAddressOrRange *aor, -- const unsigned afi, -- unsigned char *min, -- unsigned char *max, -- const int length) -+ const unsigned afi, -+ unsigned char *min, -+ unsigned char *max, const int length) - { -- int afi_length = length_from_afi(afi); -- if (aor == NULL || min == NULL || max == NULL || -- afi_length == 0 || length < afi_length || -- (aor->type != IPAddressOrRange_addressPrefix && -- aor->type != IPAddressOrRange_addressRange) || -- !extract_min_max(aor, min, max, afi_length)) -- return 0; -- -- return afi_length; -+ int afi_length = length_from_afi(afi); -+ if (aor == NULL || min == NULL || max == NULL || -+ afi_length == 0 || length < afi_length || -+ (aor->type != IPAddressOrRange_addressPrefix && -+ aor->type != IPAddressOrRange_addressRange) || -+ !extract_min_max(aor, min, max, afi_length)) -+ return 0; -+ -+ return afi_length; - } - - /* -@@ -716,14 +712,14 @@ int v3_addr_get_range(IPAddressOrRange *aor, - * null-SAFI rule to apply only within a single AFI, which is what I - * would have expected and is what the following code implements. - */ --static int IPAddressFamily_cmp(const IPAddressFamily * const *a_, -- const IPAddressFamily * const *b_) -+static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, -+ const IPAddressFamily *const *b_) - { -- const ASN1_OCTET_STRING *a = (*a_)->addressFamily; -- const ASN1_OCTET_STRING *b = (*b_)->addressFamily; -- int len = ((a->length <= b->length) ? a->length : b->length); -- int cmp = memcmp(a->data, b->data, len); -- return cmp ? cmp : a->length - b->length; -+ const ASN1_OCTET_STRING *a = (*a_)->addressFamily; -+ const ASN1_OCTET_STRING *b = (*b_)->addressFamily; -+ int len = ((a->length <= b->length) ? a->length : b->length); -+ int cmp = memcmp(a->data, b->data, len); -+ return cmp ? cmp : a->length - b->length; - } - - /* -@@ -731,184 +727,182 @@ static int IPAddressFamily_cmp(const IPAddressFamily * const *a_, - */ - int v3_addr_is_canonical(IPAddrBlocks *addr) - { -- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; -- unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; -- IPAddressOrRanges *aors; -- int i, j, k; -- -- /* -- * Empty extension is cannonical. -- */ -- if (addr == NULL) -- return 1; -- -- /* -- * Check whether the top-level list is in order. -- */ -- for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { -- const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); -- const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); -- if (IPAddressFamily_cmp(&a, &b) >= 0) -- return 0; -- } -- -- /* -- * Top level's ok, now check each address family. -- */ -- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -- int length = length_from_afi(v3_addr_get_afi(f)); -+ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; -+ unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; -+ IPAddressOrRanges *aors; -+ int i, j, k; - - /* -- * Inheritance is canonical. Anything other than inheritance or -- * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something. -+ * Empty extension is cannonical. - */ -- if (f == NULL || f->ipAddressChoice == NULL) -- return 0; -- switch (f->ipAddressChoice->type) { -- case IPAddressChoice_inherit: -- continue; -- case IPAddressChoice_addressesOrRanges: -- break; -- default: -- return 0; -- } -+ if (addr == NULL) -+ return 1; - - /* -- * It's an IPAddressOrRanges sequence, check it. -+ * Check whether the top-level list is in order. - */ -- aors = f->ipAddressChoice->u.addressesOrRanges; -- if (sk_IPAddressOrRange_num(aors) == 0) -- return 0; -- for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) { -- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); -- IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); -- -- if (!extract_min_max(a, a_min, a_max, length) || -- !extract_min_max(b, b_min, b_max, length)) -- return 0; -- -- /* -- * Punt misordered list, overlapping start, or inverted range. -- */ -- if (memcmp(a_min, b_min, length) >= 0 || -- memcmp(a_min, a_max, length) > 0 || -- memcmp(b_min, b_max, length) > 0) -- return 0; -- -- /* -- * Punt if adjacent or overlapping. Check for adjacency by -- * subtracting one from b_min first. -- */ -- for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) -- ; -- if (memcmp(a_max, b_min, length) >= 0) -- return 0; -- -- /* -- * Check for range that should be expressed as a prefix. -- */ -- if (a->type == IPAddressOrRange_addressRange && -- range_should_be_prefix(a_min, a_max, length) >= 0) -- return 0; -+ for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { -+ const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); -+ const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); -+ if (IPAddressFamily_cmp(&a, &b) >= 0) -+ return 0; - } - - /* -- * Check range to see if it's inverted or should be a -- * prefix. -+ * Top level's ok, now check each address family. - */ -- j = sk_IPAddressOrRange_num(aors) - 1; -- { -- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); -- if (a != NULL && a->type == IPAddressOrRange_addressRange) { -- if (!extract_min_max(a, a_min, a_max, length)) -- return 0; -- if (memcmp(a_min, a_max, length) > 0 || -- range_should_be_prefix(a_min, a_max, length) >= 0) -- return 0; -- } -+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -+ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -+ int length = length_from_afi(v3_addr_get_afi(f)); -+ -+ /* -+ * Inheritance is canonical. Anything other than inheritance or -+ * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something. -+ */ -+ if (f == NULL || f->ipAddressChoice == NULL) -+ return 0; -+ switch (f->ipAddressChoice->type) { -+ case IPAddressChoice_inherit: -+ continue; -+ case IPAddressChoice_addressesOrRanges: -+ break; -+ default: -+ return 0; -+ } -+ -+ /* -+ * It's an IPAddressOrRanges sequence, check it. -+ */ -+ aors = f->ipAddressChoice->u.addressesOrRanges; -+ if (sk_IPAddressOrRange_num(aors) == 0) -+ return 0; -+ for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) { -+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); -+ IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); -+ -+ if (!extract_min_max(a, a_min, a_max, length) || -+ !extract_min_max(b, b_min, b_max, length)) -+ return 0; -+ -+ /* -+ * Punt misordered list, overlapping start, or inverted range. -+ */ -+ if (memcmp(a_min, b_min, length) >= 0 || -+ memcmp(a_min, a_max, length) > 0 || -+ memcmp(b_min, b_max, length) > 0) -+ return 0; -+ -+ /* -+ * Punt if adjacent or overlapping. Check for adjacency by -+ * subtracting one from b_min first. -+ */ -+ for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ; -+ if (memcmp(a_max, b_min, length) >= 0) -+ return 0; -+ -+ /* -+ * Check for range that should be expressed as a prefix. -+ */ -+ if (a->type == IPAddressOrRange_addressRange && -+ range_should_be_prefix(a_min, a_max, length) >= 0) -+ return 0; -+ } -+ -+ /* -+ * Check range to see if it's inverted or should be a -+ * prefix. -+ */ -+ j = sk_IPAddressOrRange_num(aors) - 1; -+ { -+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); -+ if (a != NULL && a->type == IPAddressOrRange_addressRange) { -+ if (!extract_min_max(a, a_min, a_max, length)) -+ return 0; -+ if (memcmp(a_min, a_max, length) > 0 || -+ range_should_be_prefix(a_min, a_max, length) >= 0) -+ return 0; -+ } -+ } - } -- } - -- /* -- * If we made it through all that, we're happy. -- */ -- return 1; -+ /* -+ * If we made it through all that, we're happy. -+ */ -+ return 1; - } - - /* - * Whack an IPAddressOrRanges into canonical form. - */ - static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, -- const unsigned afi) -+ const unsigned afi) - { -- int i, j, length = length_from_afi(afi); -- -- /* -- * Sort the IPAddressOrRanges sequence. -- */ -- sk_IPAddressOrRange_sort(aors); -- -- /* -- * Clean up representation issues, punt on duplicates or overlaps. -- */ -- for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) { -- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i); -- IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1); -- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; -- unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; -- -- if (!extract_min_max(a, a_min, a_max, length) || -- !extract_min_max(b, b_min, b_max, length)) -- return 0; -+ int i, j, length = length_from_afi(afi); - - /* -- * Punt inverted ranges. -+ * Sort the IPAddressOrRanges sequence. - */ -- if (memcmp(a_min, a_max, length) > 0 || -- memcmp(b_min, b_max, length) > 0) -- return 0; -+ sk_IPAddressOrRange_sort(aors); - - /* -- * Punt overlaps. -+ * Clean up representation issues, punt on duplicates or overlaps. - */ -- if (memcmp(a_max, b_min, length) >= 0) -- return 0; -+ for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) { -+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i); -+ IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1); -+ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; -+ unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; -+ -+ if (!extract_min_max(a, a_min, a_max, length) || -+ !extract_min_max(b, b_min, b_max, length)) -+ return 0; -+ -+ /* -+ * Punt inverted ranges. -+ */ -+ if (memcmp(a_min, a_max, length) > 0 || -+ memcmp(b_min, b_max, length) > 0) -+ return 0; -+ -+ /* -+ * Punt overlaps. -+ */ -+ if (memcmp(a_max, b_min, length) >= 0) -+ return 0; -+ -+ /* -+ * Merge if a and b are adjacent. We check for -+ * adjacency by subtracting one from b_min first. -+ */ -+ for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ; -+ if (memcmp(a_max, b_min, length) == 0) { -+ IPAddressOrRange *merged; -+ if (!make_addressRange(&merged, a_min, b_max, length)) -+ return 0; -+ sk_IPAddressOrRange_set(aors, i, merged); -+ (void)sk_IPAddressOrRange_delete(aors, i + 1); -+ IPAddressOrRange_free(a); -+ IPAddressOrRange_free(b); -+ --i; -+ continue; -+ } -+ } - - /* -- * Merge if a and b are adjacent. We check for -- * adjacency by subtracting one from b_min first. -+ * Check for inverted final range. - */ -- for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) -- ; -- if (memcmp(a_max, b_min, length) == 0) { -- IPAddressOrRange *merged; -- if (!make_addressRange(&merged, a_min, b_max, length)) -- return 0; -- sk_IPAddressOrRange_set(aors, i, merged); -- (void)sk_IPAddressOrRange_delete(aors, i + 1); -- IPAddressOrRange_free(a); -- IPAddressOrRange_free(b); -- --i; -- continue; -- } -- } -- -- /* -- * Check for inverted final range. -- */ -- j = sk_IPAddressOrRange_num(aors) - 1; -- { -- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); -- if (a != NULL && a->type == IPAddressOrRange_addressRange) { -- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; -- extract_min_max(a, a_min, a_max, length); -- if (memcmp(a_min, a_max, length) > 0) -- return 0; -+ j = sk_IPAddressOrRange_num(aors) - 1; -+ { -+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); -+ if (a != NULL && a->type == IPAddressOrRange_addressRange) { -+ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; -+ extract_min_max(a, a_min, a_max, length); -+ if (memcmp(a_min, a_max, length) > 0) -+ return 0; -+ } - } -- } - -- return 1; -+ return 1; - } - - /* -@@ -916,200 +910,208 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, - */ - int v3_addr_canonize(IPAddrBlocks *addr) - { -- int i; -- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -- if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && -- !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges, -- v3_addr_get_afi(f))) -- return 0; -- } -- (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); -- sk_IPAddressFamily_sort(addr); -- OPENSSL_assert(v3_addr_is_canonical(addr)); -- return 1; -+ int i; -+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -+ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -+ if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && -+ !IPAddressOrRanges_canonize(f->ipAddressChoice-> -+ u.addressesOrRanges, -+ v3_addr_get_afi(f))) -+ return 0; -+ } -+ (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); -+ sk_IPAddressFamily_sort(addr); -+ OPENSSL_assert(v3_addr_is_canonical(addr)); -+ return 1; - } - - /* - * v2i handler for the IPAddrBlocks extension. - */ - static void *v2i_IPAddrBlocks(struct v3_ext_method *method, -- struct v3_ext_ctx *ctx, -- STACK_OF(CONF_VALUE) *values) -+ struct v3_ext_ctx *ctx, -+ STACK_OF(CONF_VALUE) *values) - { -- static const char v4addr_chars[] = "0123456789."; -- static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; -- IPAddrBlocks *addr = NULL; -- char *s = NULL, *t; -- int i; -- -- if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- for (i = 0; i < sk_CONF_VALUE_num(values); i++) { -- CONF_VALUE *val = sk_CONF_VALUE_value(values, i); -- unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; -- unsigned afi, *safi = NULL, safi_; -- const char *addr_chars; -- int prefixlen, i1, i2, delim, length; -- -- if ( !name_cmp(val->name, "IPv4")) { -- afi = IANA_AFI_IPV4; -- } else if (!name_cmp(val->name, "IPv6")) { -- afi = IANA_AFI_IPV6; -- } else if (!name_cmp(val->name, "IPv4-SAFI")) { -- afi = IANA_AFI_IPV4; -- safi = &safi_; -- } else if (!name_cmp(val->name, "IPv6-SAFI")) { -- afi = IANA_AFI_IPV6; -- safi = &safi_; -- } else { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR); -- X509V3_conf_err(val); -- goto err; -+ static const char v4addr_chars[] = "0123456789."; -+ static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; -+ IPAddrBlocks *addr = NULL; -+ char *s = NULL, *t; -+ int i; -+ -+ if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -+ return NULL; - } - -- switch (afi) { -- case IANA_AFI_IPV4: -- addr_chars = v4addr_chars; -- break; -- case IANA_AFI_IPV6: -- addr_chars = v6addr_chars; -- break; -- } -- -- length = length_from_afi(afi); -- -- /* -- * Handle SAFI, if any, and BUF_strdup() so we can null-terminate -- * the other input values. -- */ -- if (safi != NULL) { -- *safi = strtoul(val->value, &t, 0); -- t += strspn(t, " \t"); -- if (*safi > 0xFF || *t++ != ':') { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI); -- X509V3_conf_err(val); -- goto err; -- } -- t += strspn(t, " \t"); -- s = BUF_strdup(t); -- } else { -- s = BUF_strdup(val->value); -- } -- if (s == NULL) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -- goto err; -+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { -+ CONF_VALUE *val = sk_CONF_VALUE_value(values, i); -+ unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; -+ unsigned afi, *safi = NULL, safi_; -+ const char *addr_chars; -+ int prefixlen, i1, i2, delim, length; -+ -+ if (!name_cmp(val->name, "IPv4")) { -+ afi = IANA_AFI_IPV4; -+ } else if (!name_cmp(val->name, "IPv6")) { -+ afi = IANA_AFI_IPV6; -+ } else if (!name_cmp(val->name, "IPv4-SAFI")) { -+ afi = IANA_AFI_IPV4; -+ safi = &safi_; -+ } else if (!name_cmp(val->name, "IPv6-SAFI")) { -+ afi = IANA_AFI_IPV6; -+ safi = &safi_; -+ } else { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, -+ X509V3_R_EXTENSION_NAME_ERROR); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ -+ switch (afi) { -+ case IANA_AFI_IPV4: -+ addr_chars = v4addr_chars; -+ break; -+ case IANA_AFI_IPV6: -+ addr_chars = v6addr_chars; -+ break; -+ } -+ -+ length = length_from_afi(afi); -+ -+ /* -+ * Handle SAFI, if any, and BUF_strdup() so we can null-terminate -+ * the other input values. -+ */ -+ if (safi != NULL) { -+ *safi = strtoul(val->value, &t, 0); -+ t += strspn(t, " \t"); -+ if (*safi > 0xFF || *t++ != ':') { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ t += strspn(t, " \t"); -+ s = BUF_strdup(t); -+ } else { -+ s = BUF_strdup(val->value); -+ } -+ if (s == NULL) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* -+ * Check for inheritance. Not worth additional complexity to -+ * optimize this (seldom-used) case. -+ */ -+ if (!strcmp(s, "inherit")) { -+ if (!v3_addr_add_inherit(addr, afi, safi)) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, -+ X509V3_R_INVALID_INHERITANCE); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ OPENSSL_free(s); -+ s = NULL; -+ continue; -+ } -+ -+ i1 = strspn(s, addr_chars); -+ i2 = i1 + strspn(s + i1, " \t"); -+ delim = s[i2++]; -+ s[i1] = '\0'; -+ -+ if (a2i_ipadd(min, s) != length) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ -+ switch (delim) { -+ case '/': -+ prefixlen = (int)strtoul(s + i2, &t, 10); -+ if (t == s + i2 || *t != '\0') { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, -+ X509V3_R_EXTENSION_VALUE_ERROR); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ break; -+ case '-': -+ i1 = i2 + strspn(s + i2, " \t"); -+ i2 = i1 + strspn(s + i1, addr_chars); -+ if (i1 == i2 || s[i2] != '\0') { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, -+ X509V3_R_EXTENSION_VALUE_ERROR); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ if (a2i_ipadd(max, s + i1) != length) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, -+ X509V3_R_INVALID_IPADDRESS); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ if (memcmp(min, max, length_from_afi(afi)) > 0) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, -+ X509V3_R_EXTENSION_VALUE_ERROR); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ if (!v3_addr_add_range(addr, afi, safi, min, max)) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ break; -+ case '\0': -+ if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ break; -+ default: -+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, -+ X509V3_R_EXTENSION_VALUE_ERROR); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ -+ OPENSSL_free(s); -+ s = NULL; - } - - /* -- * Check for inheritance. Not worth additional complexity to -- * optimize this (seldom-used) case. -+ * Canonize the result, then we're done. - */ -- if (!strcmp(s, "inherit")) { -- if (!v3_addr_add_inherit(addr, afi, safi)) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE); -- X509V3_conf_err(val); -- goto err; -- } -- OPENSSL_free(s); -- s = NULL; -- continue; -- } -- -- i1 = strspn(s, addr_chars); -- i2 = i1 + strspn(s + i1, " \t"); -- delim = s[i2++]; -- s[i1] = '\0'; -- -- if (a2i_ipadd(min, s) != length) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS); -- X509V3_conf_err(val); -- goto err; -- } -- -- switch (delim) { -- case '/': -- prefixlen = (int) strtoul(s + i2, &t, 10); -- if (t == s + i2 || *t != '\0') { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); -- X509V3_conf_err(val); -- goto err; -- } -- if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- break; -- case '-': -- i1 = i2 + strspn(s + i2, " \t"); -- i2 = i1 + strspn(s + i1, addr_chars); -- if (i1 == i2 || s[i2] != '\0') { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); -- X509V3_conf_err(val); -- goto err; -- } -- if (a2i_ipadd(max, s + i1) != length) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS); -- X509V3_conf_err(val); -- goto err; -- } -- if (memcmp(min, max, length_from_afi(afi)) > 0) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); -- X509V3_conf_err(val); -- goto err; -- } -- if (!v3_addr_add_range(addr, afi, safi, min, max)) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- break; -- case '\0': -- if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- break; -- default: -- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); -- X509V3_conf_err(val); -- goto err; -- } -- -- OPENSSL_free(s); -- s = NULL; -- } -- -- /* -- * Canonize the result, then we're done. -- */ -- if (!v3_addr_canonize(addr)) -- goto err; -- return addr; -+ if (!v3_addr_canonize(addr)) -+ goto err; -+ return addr; - - err: -- OPENSSL_free(s); -- sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); -- return NULL; -+ OPENSSL_free(s); -+ sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); -+ return NULL; - } - - /* - * OpenSSL dispatch - */ - const X509V3_EXT_METHOD v3_addr = { -- NID_sbgp_ipAddrBlock, /* nid */ -- 0, /* flags */ -- ASN1_ITEM_ref(IPAddrBlocks), /* template */ -- 0, 0, 0, 0, /* old functions, ignored */ -- 0, /* i2s */ -- 0, /* s2i */ -- 0, /* i2v */ -- v2i_IPAddrBlocks, /* v2i */ -- i2r_IPAddrBlocks, /* i2r */ -- 0, /* r2i */ -- NULL /* extension-specific data */ -+ NID_sbgp_ipAddrBlock, /* nid */ -+ 0, /* flags */ -+ ASN1_ITEM_ref(IPAddrBlocks), /* template */ -+ 0, 0, 0, 0, /* old functions, ignored */ -+ 0, /* i2s */ -+ 0, /* s2i */ -+ 0, /* i2v */ -+ v2i_IPAddrBlocks, /* v2i */ -+ i2r_IPAddrBlocks, /* i2r */ -+ 0, /* r2i */ -+ NULL /* extension-specific data */ - }; - - /* -@@ -1117,53 +1119,52 @@ const X509V3_EXT_METHOD v3_addr = { - */ - int v3_addr_inherits(IPAddrBlocks *addr) - { -- int i; -- if (addr == NULL) -+ int i; -+ if (addr == NULL) -+ return 0; -+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -+ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -+ if (f->ipAddressChoice->type == IPAddressChoice_inherit) -+ return 1; -+ } - return 0; -- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { -- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); -- if (f->ipAddressChoice->type == IPAddressChoice_inherit) -- return 1; -- } -- return 0; - } - - /* - * Figure out whether parent contains child. - */ - static int addr_contains(IPAddressOrRanges *parent, -- IPAddressOrRanges *child, -- int length) -+ IPAddressOrRanges *child, int length) - { -- unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN]; -- unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN]; -- int p, c; -- -- if (child == NULL || parent == child) -- return 1; -- if (parent == NULL) -- return 0; -- -- p = 0; -- for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { -- if (!extract_min_max(sk_IPAddressOrRange_value(child, c), -- c_min, c_max, length)) -- return -1; -- for (;; p++) { -- if (p >= sk_IPAddressOrRange_num(parent)) -- return 0; -- if (!extract_min_max(sk_IPAddressOrRange_value(parent, p), -- p_min, p_max, length)) -- return 0; -- if (memcmp(p_max, c_max, length) < 0) -- continue; -- if (memcmp(p_min, c_min, length) > 0) -- return 0; -- break; -+ unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN]; -+ unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN]; -+ int p, c; -+ -+ if (child == NULL || parent == child) -+ return 1; -+ if (parent == NULL) -+ return 0; -+ -+ p = 0; -+ for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { -+ if (!extract_min_max(sk_IPAddressOrRange_value(child, c), -+ c_min, c_max, length)) -+ return -1; -+ for (;; p++) { -+ if (p >= sk_IPAddressOrRange_num(parent)) -+ return 0; -+ if (!extract_min_max(sk_IPAddressOrRange_value(parent, p), -+ p_min, p_max, length)) -+ return 0; -+ if (memcmp(p_max, c_max, length) < 0) -+ continue; -+ if (memcmp(p_min, c_min, length) > 0) -+ return 0; -+ break; -+ } - } -- } - -- return 1; -+ return 1; - } - - /* -@@ -1171,150 +1172,156 @@ static int addr_contains(IPAddressOrRanges *parent, - */ - int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) - { -- int i; -- if (a == NULL || a == b) -+ int i; -+ if (a == NULL || a == b) -+ return 1; -+ if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) -+ return 0; -+ (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); -+ for (i = 0; i < sk_IPAddressFamily_num(a); i++) { -+ IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); -+ int j = sk_IPAddressFamily_find(b, fa); -+ IPAddressFamily *fb; -+ fb = sk_IPAddressFamily_value(b, j); -+ if (fb == NULL) -+ return 0; -+ if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, -+ fa->ipAddressChoice->u.addressesOrRanges, -+ length_from_afi(v3_addr_get_afi(fb)))) -+ return 0; -+ } - return 1; -- if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) -- return 0; -- (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); -- for (i = 0; i < sk_IPAddressFamily_num(a); i++) { -- IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); -- int j = sk_IPAddressFamily_find(b, fa); -- IPAddressFamily *fb; -- fb = sk_IPAddressFamily_value(b, j); -- if (fb == NULL) -- return 0; -- if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, -- fa->ipAddressChoice->u.addressesOrRanges, -- length_from_afi(v3_addr_get_afi(fb)))) -- return 0; -- } -- return 1; - } - - /* - * Validation error handling via callback. - */ --#define validation_err(_err_) \ -- do { \ -- if (ctx != NULL) { \ -- ctx->error = _err_; \ -- ctx->error_depth = i; \ -- ctx->current_cert = x; \ -- ret = ctx->verify_cb(0, ctx); \ -- } else { \ -- ret = 0; \ -- } \ -- if (!ret) \ -- goto done; \ -+# define validation_err(_err_) \ -+ do { \ -+ if (ctx != NULL) { \ -+ ctx->error = _err_; \ -+ ctx->error_depth = i; \ -+ ctx->current_cert = x; \ -+ ret = ctx->verify_cb(0, ctx); \ -+ } else { \ -+ ret = 0; \ -+ } \ -+ if (!ret) \ -+ goto done; \ - } while (0) - - /* - * Core code for RFC 3779 2.3 path validation. - */ - static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, -- STACK_OF(X509) *chain, -- IPAddrBlocks *ext) -+ STACK_OF(X509) *chain, -+ IPAddrBlocks *ext) - { -- IPAddrBlocks *child = NULL; -- int i, j, ret = 1; -- X509 *x = NULL; -- -- OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); -- OPENSSL_assert(ctx != NULL || ext != NULL); -- OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); -- -- /* -- * Figure out where to start. If we don't have an extension to -- * check, we're done. Otherwise, check canonical form and -- * set up for walking up the chain. -- */ -- if (ext != NULL) { -- i = -1; -- } else { -- i = 0; -- x = sk_X509_value(chain, i); -- OPENSSL_assert(x != NULL); -- if ((ext = x->rfc3779_addr) == NULL) -- goto done; -- } -- if (!v3_addr_is_canonical(ext)) -- validation_err(X509_V_ERR_INVALID_EXTENSION); -- (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); -- if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { -- X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); -- ret = 0; -- goto done; -- } -- -- /* -- * Now walk up the chain. No cert may list resources that its -- * parent doesn't list. -- */ -- for (i++; i < sk_X509_num(chain); i++) { -- x = sk_X509_value(chain, i); -- OPENSSL_assert(x != NULL); -- if (!v3_addr_is_canonical(x->rfc3779_addr)) -- validation_err(X509_V_ERR_INVALID_EXTENSION); -- if (x->rfc3779_addr == NULL) { -- for (j = 0; j < sk_IPAddressFamily_num(child); j++) { -- IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); -- if (fc->ipAddressChoice->type != IPAddressChoice_inherit) { -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- break; -- } -- } -- continue; -+ IPAddrBlocks *child = NULL; -+ int i, j, ret = 1; -+ X509 *x = NULL; -+ -+ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); -+ OPENSSL_assert(ctx != NULL || ext != NULL); -+ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); -+ -+ /* -+ * Figure out where to start. If we don't have an extension to -+ * check, we're done. Otherwise, check canonical form and -+ * set up for walking up the chain. -+ */ -+ if (ext != NULL) { -+ i = -1; -+ } else { -+ i = 0; -+ x = sk_X509_value(chain, i); -+ OPENSSL_assert(x != NULL); -+ if ((ext = x->rfc3779_addr) == NULL) -+ goto done; - } -- (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); -- for (j = 0; j < sk_IPAddressFamily_num(child); j++) { -- IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); -- int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); -- IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k); -- if (fp == NULL) { -- if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- break; -- } -- continue; -- } -- if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { -- if (fc->ipAddressChoice->type == IPAddressChoice_inherit || -- addr_contains(fp->ipAddressChoice->u.addressesOrRanges, -- fc->ipAddressChoice->u.addressesOrRanges, -- length_from_afi(v3_addr_get_afi(fc)))) -- sk_IPAddressFamily_set(child, j, fp); -- else -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- } -+ if (!v3_addr_is_canonical(ext)) -+ validation_err(X509_V_ERR_INVALID_EXTENSION); -+ (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); -+ if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { -+ X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, -+ ERR_R_MALLOC_FAILURE); -+ ret = 0; -+ goto done; - } -- } -- -- /* -- * Trust anchor can't inherit. -- */ -- if (x->rfc3779_addr != NULL) { -- for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { -- IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); -- if (fp->ipAddressChoice->type == IPAddressChoice_inherit && -- sk_IPAddressFamily_find(child, fp) >= 0) -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ -+ /* -+ * Now walk up the chain. No cert may list resources that its -+ * parent doesn't list. -+ */ -+ for (i++; i < sk_X509_num(chain); i++) { -+ x = sk_X509_value(chain, i); -+ OPENSSL_assert(x != NULL); -+ if (!v3_addr_is_canonical(x->rfc3779_addr)) -+ validation_err(X509_V_ERR_INVALID_EXTENSION); -+ if (x->rfc3779_addr == NULL) { -+ for (j = 0; j < sk_IPAddressFamily_num(child); j++) { -+ IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); -+ if (fc->ipAddressChoice->type != IPAddressChoice_inherit) { -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ break; -+ } -+ } -+ continue; -+ } -+ (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, -+ IPAddressFamily_cmp); -+ for (j = 0; j < sk_IPAddressFamily_num(child); j++) { -+ IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); -+ int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); -+ IPAddressFamily *fp = -+ sk_IPAddressFamily_value(x->rfc3779_addr, k); -+ if (fp == NULL) { -+ if (fc->ipAddressChoice->type == -+ IPAddressChoice_addressesOrRanges) { -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ break; -+ } -+ continue; -+ } -+ if (fp->ipAddressChoice->type == -+ IPAddressChoice_addressesOrRanges) { -+ if (fc->ipAddressChoice->type == IPAddressChoice_inherit -+ || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, -+ fc->ipAddressChoice->u.addressesOrRanges, -+ length_from_afi(v3_addr_get_afi(fc)))) -+ sk_IPAddressFamily_set(child, j, fp); -+ else -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ } -+ } -+ } -+ -+ /* -+ * Trust anchor can't inherit. -+ */ -+ if (x->rfc3779_addr != NULL) { -+ for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { -+ IPAddressFamily *fp = -+ sk_IPAddressFamily_value(x->rfc3779_addr, j); -+ if (fp->ipAddressChoice->type == IPAddressChoice_inherit -+ && sk_IPAddressFamily_find(child, fp) >= 0) -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ } - } -- } - - done: -- sk_IPAddressFamily_free(child); -- return ret; -+ sk_IPAddressFamily_free(child); -+ return ret; - } - --#undef validation_err -+# undef validation_err - - /* - * RFC 3779 2.3 path validation -- called from X509_verify_cert(). - */ - int v3_addr_validate_path(X509_STORE_CTX *ctx) - { -- return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); -+ return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); - } - - /* -@@ -1322,16 +1329,15 @@ int v3_addr_validate_path(X509_STORE_CTX *ctx) - * Test whether chain covers extension. - */ - int v3_addr_validate_resource_set(STACK_OF(X509) *chain, -- IPAddrBlocks *ext, -- int allow_inheritance) -+ IPAddrBlocks *ext, int allow_inheritance) - { -- if (ext == NULL) -- return 1; -- if (chain == NULL || sk_X509_num(chain) == 0) -- return 0; -- if (!allow_inheritance && v3_addr_inherits(ext)) -- return 0; -- return v3_addr_validate_path_internal(NULL, chain, ext); -+ if (ext == NULL) -+ return 1; -+ if (chain == NULL || sk_X509_num(chain) == 0) -+ return 0; -+ if (!allow_inheritance && v3_addr_inherits(ext)) -+ return 0; -+ return v3_addr_validate_path_internal(NULL, chain, ext); - } - --#endif /* OPENSSL_NO_RFC3779 */ -+#endif /* OPENSSL_NO_RFC3779 */ -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c -index c6b68ee..e920270 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c -@@ -1,6 +1,7 @@ - /* v3_akey.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,43 +65,47 @@ - #include - - static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, -- AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); -+ AUTHORITY_KEYID *akeyid, -+ STACK_OF(CONF_VALUE) -+ *extlist); - static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); -- --const X509V3_EXT_METHOD v3_akey_id = -- { -- NID_authority_key_identifier, -- X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), -- 0,0,0,0, -- 0,0, -- (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, -- (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, -- 0,0, -- NULL -- }; -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *values); -+ -+const X509V3_EXT_METHOD v3_akey_id = { -+ NID_authority_key_identifier, -+ X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), -+ 0, 0, 0, 0, -+ 0, 0, -+ (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID, -+ (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, -+ 0, 0, -+ NULL -+}; - - static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, -- AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) -+ AUTHORITY_KEYID *akeyid, -+ STACK_OF(CONF_VALUE) -+ *extlist) - { -- char *tmp; -- if(akeyid->keyid) { -- tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); -- X509V3_add_value("keyid", tmp, &extlist); -- OPENSSL_free(tmp); -- } -- if(akeyid->issuer) -- extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); -- if(akeyid->serial) { -- tmp = hex_to_string(akeyid->serial->data, -- akeyid->serial->length); -- X509V3_add_value("serial", tmp, &extlist); -- OPENSSL_free(tmp); -- } -- return extlist; -+ char *tmp; -+ if (akeyid->keyid) { -+ tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); -+ X509V3_add_value("keyid", tmp, &extlist); -+ OPENSSL_free(tmp); -+ } -+ if (akeyid->issuer) -+ extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); -+ if (akeyid->serial) { -+ tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); -+ X509V3_add_value("serial", tmp, &extlist); -+ OPENSSL_free(tmp); -+ } -+ return extlist; - } - --/* Currently two options: -+/*- -+ * Currently two options: - * keyid: use the issuers subject keyid, the value 'always' means its is - * an error if the issuer certificate doesn't have a key id. - * issuer: use the issuers cert issuer and serial number. The default is -@@ -109,100 +114,92 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - */ - - static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) -- { -- char keyid=0, issuer=0; -- int i; -- CONF_VALUE *cnf; -- ASN1_OCTET_STRING *ikeyid = NULL; -- X509_NAME *isname = NULL; -- GENERAL_NAMES * gens = NULL; -- GENERAL_NAME *gen = NULL; -- ASN1_INTEGER *serial = NULL; -- X509_EXTENSION *ext; -- X509 *cert; -- AUTHORITY_KEYID *akeyid; -- -- for(i = 0; i < sk_CONF_VALUE_num(values); i++) -- { -- cnf = sk_CONF_VALUE_value(values, i); -- if(!strcmp(cnf->name, "keyid")) -- { -- keyid = 1; -- if(cnf->value && !strcmp(cnf->value, "always")) -- keyid = 2; -- } -- else if(!strcmp(cnf->name, "issuer")) -- { -- issuer = 1; -- if(cnf->value && !strcmp(cnf->value, "always")) -- issuer = 2; -- } -- else -- { -- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); -- ERR_add_error_data(2, "name=", cnf->name); -- return NULL; -- } -- } -- -- if(!ctx || !ctx->issuer_cert) -- { -- if(ctx && (ctx->flags==CTX_TEST)) -- return AUTHORITY_KEYID_new(); -- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); -- return NULL; -- } -- -- cert = ctx->issuer_cert; -- -- if(keyid) -- { -- i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); -- if((i >= 0) && (ext = X509_get_ext(cert, i))) -- ikeyid = X509V3_EXT_d2i(ext); -- if(keyid==2 && !ikeyid) -- { -- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); -- return NULL; -- } -- } -- -- if((issuer && !ikeyid) || (issuer == 2)) -- { -- isname = X509_NAME_dup(X509_get_issuer_name(cert)); -- serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); -- if(!isname || !serial) -- { -- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); -- goto err; -- } -- } -- -- if(!(akeyid = AUTHORITY_KEYID_new())) goto err; -- -- if(isname) -- { -- if(!(gens = sk_GENERAL_NAME_new_null()) -- || !(gen = GENERAL_NAME_new()) -- || !sk_GENERAL_NAME_push(gens, gen)) -- { -- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- gen->type = GEN_DIRNAME; -- gen->d.dirn = isname; -- } -- -- akeyid->issuer = gens; -- akeyid->serial = serial; -- akeyid->keyid = ikeyid; -- -- return akeyid; -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *values) -+{ -+ char keyid = 0, issuer = 0; -+ int i; -+ CONF_VALUE *cnf; -+ ASN1_OCTET_STRING *ikeyid = NULL; -+ X509_NAME *isname = NULL; -+ GENERAL_NAMES *gens = NULL; -+ GENERAL_NAME *gen = NULL; -+ ASN1_INTEGER *serial = NULL; -+ X509_EXTENSION *ext; -+ X509 *cert; -+ AUTHORITY_KEYID *akeyid; -+ -+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { -+ cnf = sk_CONF_VALUE_value(values, i); -+ if (!strcmp(cnf->name, "keyid")) { -+ keyid = 1; -+ if (cnf->value && !strcmp(cnf->value, "always")) -+ keyid = 2; -+ } else if (!strcmp(cnf->name, "issuer")) { -+ issuer = 1; -+ if (cnf->value && !strcmp(cnf->value, "always")) -+ issuer = 2; -+ } else { -+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); -+ ERR_add_error_data(2, "name=", cnf->name); -+ return NULL; -+ } -+ } -+ -+ if (!ctx || !ctx->issuer_cert) { -+ if (ctx && (ctx->flags == CTX_TEST)) -+ return AUTHORITY_KEYID_new(); -+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, -+ X509V3_R_NO_ISSUER_CERTIFICATE); -+ return NULL; -+ } -+ -+ cert = ctx->issuer_cert; -+ -+ if (keyid) { -+ i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); -+ if ((i >= 0) && (ext = X509_get_ext(cert, i))) -+ ikeyid = X509V3_EXT_d2i(ext); -+ if (keyid == 2 && !ikeyid) { -+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, -+ X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); -+ return NULL; -+ } -+ } -+ -+ if ((issuer && !ikeyid) || (issuer == 2)) { -+ isname = X509_NAME_dup(X509_get_issuer_name(cert)); -+ serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); -+ if (!isname || !serial) { -+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, -+ X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); -+ goto err; -+ } -+ } -+ -+ if (!(akeyid = AUTHORITY_KEYID_new())) -+ goto err; -+ -+ if (isname) { -+ if (!(gens = sk_GENERAL_NAME_new_null()) -+ || !(gen = GENERAL_NAME_new()) -+ || !sk_GENERAL_NAME_push(gens, gen)) { -+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ gen->type = GEN_DIRNAME; -+ gen->d.dirn = isname; -+ } -+ -+ akeyid->issuer = gens; -+ akeyid->serial = serial; -+ akeyid->keyid = ikeyid; -+ -+ return akeyid; - - err: -- X509_NAME_free(isname); -- M_ASN1_INTEGER_free(serial); -- M_ASN1_OCTET_STRING_free(ikeyid); -- return NULL; -- } -+ X509_NAME_free(isname); -+ M_ASN1_INTEGER_free(serial); -+ M_ASN1_OCTET_STRING_free(ikeyid); -+ return NULL; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c -index 2c50f73..2cc85b7 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c -@@ -1,6 +1,7 @@ - /* v3_akey_asn1.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,9 +65,9 @@ - #include - - ASN1_SEQUENCE(AUTHORITY_KEYID) = { -- ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), -- ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), -- ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) -+ ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), -+ ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), -+ ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) - } ASN1_SEQUENCE_END(AUTHORITY_KEYID) - - IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c -index 69244e4..ea0e6be 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c -@@ -1,5 +1,6 @@ - /* v3_alt.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,525 +62,504 @@ - #include - #include - --static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); --static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval); -+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval); - static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); - static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); - static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); - static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); - - const X509V3_EXT_METHOD v3_alt[] = { --{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), --0,0,0,0, --0,0, --(X509V3_EXT_I2V)i2v_GENERAL_NAMES, --(X509V3_EXT_V2I)v2i_subject_alt, --NULL, NULL, NULL}, -- --{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), --0,0,0,0, --0,0, --(X509V3_EXT_I2V)i2v_GENERAL_NAMES, --(X509V3_EXT_V2I)v2i_issuer_alt, --NULL, NULL, NULL}, -+ {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), -+ 0, 0, 0, 0, -+ 0, 0, -+ (X509V3_EXT_I2V) i2v_GENERAL_NAMES, -+ (X509V3_EXT_V2I)v2i_subject_alt, -+ NULL, NULL, NULL}, -+ -+ {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), -+ 0, 0, 0, 0, -+ 0, 0, -+ (X509V3_EXT_I2V) i2v_GENERAL_NAMES, -+ (X509V3_EXT_V2I)v2i_issuer_alt, -+ NULL, NULL, NULL}, - }; - - STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, -- GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) -+ GENERAL_NAMES *gens, -+ STACK_OF(CONF_VALUE) *ret) - { -- int i; -- GENERAL_NAME *gen; -- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { -- gen = sk_GENERAL_NAME_value(gens, i); -- ret = i2v_GENERAL_NAME(method, gen, ret); -- } -- if(!ret) return sk_CONF_VALUE_new_null(); -- return ret; -+ int i; -+ GENERAL_NAME *gen; -+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { -+ gen = sk_GENERAL_NAME_value(gens, i); -+ ret = i2v_GENERAL_NAME(method, gen, ret); -+ } -+ if (!ret) -+ return sk_CONF_VALUE_new_null(); -+ return ret; - } - - STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, -- GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) -+ GENERAL_NAME *gen, -+ STACK_OF(CONF_VALUE) *ret) - { -- unsigned char *p; -- char oline[256], htmp[5]; -- int i; -- switch (gen->type) -- { -- case GEN_OTHERNAME: -- X509V3_add_value("othername","", &ret); -- break; -- -- case GEN_X400: -- X509V3_add_value("X400Name","", &ret); -- break; -- -- case GEN_EDIPARTY: -- X509V3_add_value("EdiPartyName","", &ret); -- break; -- -- case GEN_EMAIL: -- X509V3_add_value_uchar("email",gen->d.ia5->data, &ret); -- break; -- -- case GEN_DNS: -- X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret); -- break; -- -- case GEN_URI: -- X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret); -- break; -- -- case GEN_DIRNAME: -- X509_NAME_oneline(gen->d.dirn, oline, 256); -- X509V3_add_value("DirName",oline, &ret); -- break; -- -- case GEN_IPADD: -- p = gen->d.ip->data; -- if(gen->d.ip->length == 4) -- BIO_snprintf(oline, sizeof oline, -- "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); -- else if(gen->d.ip->length == 16) -- { -- oline[0] = 0; -- for (i = 0; i < 8; i++) -- { -- BIO_snprintf(htmp, sizeof htmp, -- "%X", p[0] << 8 | p[1]); -- p += 2; -- strcat(oline, htmp); -- if (i != 7) -- strcat(oline, ":"); -- } -- } -- else -- { -- X509V3_add_value("IP Address","", &ret); -- break; -- } -- X509V3_add_value("IP Address",oline, &ret); -- break; -- -- case GEN_RID: -- i2t_ASN1_OBJECT(oline, 256, gen->d.rid); -- X509V3_add_value("Registered ID",oline, &ret); -- break; -- } -- return ret; -+ unsigned char *p; -+ char oline[256], htmp[5]; -+ int i; -+ switch (gen->type) { -+ case GEN_OTHERNAME: -+ X509V3_add_value("othername", "", &ret); -+ break; -+ -+ case GEN_X400: -+ X509V3_add_value("X400Name", "", &ret); -+ break; -+ -+ case GEN_EDIPARTY: -+ X509V3_add_value("EdiPartyName", "", &ret); -+ break; -+ -+ case GEN_EMAIL: -+ X509V3_add_value_uchar("email", gen->d.ia5->data, &ret); -+ break; -+ -+ case GEN_DNS: -+ X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret); -+ break; -+ -+ case GEN_URI: -+ X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret); -+ break; -+ -+ case GEN_DIRNAME: -+ X509_NAME_oneline(gen->d.dirn, oline, 256); -+ X509V3_add_value("DirName", oline, &ret); -+ break; -+ -+ case GEN_IPADD: -+ p = gen->d.ip->data; -+ if (gen->d.ip->length == 4) -+ BIO_snprintf(oline, sizeof oline, -+ "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); -+ else if (gen->d.ip->length == 16) { -+ oline[0] = 0; -+ for (i = 0; i < 8; i++) { -+ BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]); -+ p += 2; -+ strcat(oline, htmp); -+ if (i != 7) -+ strcat(oline, ":"); -+ } -+ } else { -+ X509V3_add_value("IP Address", "", &ret); -+ break; -+ } -+ X509V3_add_value("IP Address", oline, &ret); -+ break; -+ -+ case GEN_RID: -+ i2t_ASN1_OBJECT(oline, 256, gen->d.rid); -+ X509V3_add_value("Registered ID", oline, &ret); -+ break; -+ } -+ return ret; - } - - int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) - { -- unsigned char *p; -- int i; -- switch (gen->type) -- { -- case GEN_OTHERNAME: -- BIO_printf(out, "othername:"); -- break; -- -- case GEN_X400: -- BIO_printf(out, "X400Name:"); -- break; -- -- case GEN_EDIPARTY: -- /* Maybe fix this: it is supported now */ -- BIO_printf(out, "EdiPartyName:"); -- break; -- -- case GEN_EMAIL: -- BIO_printf(out, "email:%s",gen->d.ia5->data); -- break; -- -- case GEN_DNS: -- BIO_printf(out, "DNS:%s",gen->d.ia5->data); -- break; -- -- case GEN_URI: -- BIO_printf(out, "URI:%s",gen->d.ia5->data); -- break; -- -- case GEN_DIRNAME: -- BIO_printf(out, "DirName: "); -- X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); -- break; -- -- case GEN_IPADD: -- p = gen->d.ip->data; -- if(gen->d.ip->length == 4) -- BIO_printf(out, "IP Address:%d.%d.%d.%d", -- p[0], p[1], p[2], p[3]); -- else if(gen->d.ip->length == 16) -- { -- BIO_printf(out, "IP Address"); -- for (i = 0; i < 8; i++) -- { -- BIO_printf(out, ":%X", p[0] << 8 | p[1]); -- p += 2; -- } -- BIO_puts(out, "\n"); -- } -- else -- { -- BIO_printf(out,"IP Address:"); -- break; -- } -- break; -- -- case GEN_RID: -- BIO_printf(out, "Registered ID"); -- i2a_ASN1_OBJECT(out, gen->d.rid); -- break; -- } -- return 1; -+ unsigned char *p; -+ int i; -+ switch (gen->type) { -+ case GEN_OTHERNAME: -+ BIO_printf(out, "othername:"); -+ break; -+ -+ case GEN_X400: -+ BIO_printf(out, "X400Name:"); -+ break; -+ -+ case GEN_EDIPARTY: -+ /* Maybe fix this: it is supported now */ -+ BIO_printf(out, "EdiPartyName:"); -+ break; -+ -+ case GEN_EMAIL: -+ BIO_printf(out, "email:%s", gen->d.ia5->data); -+ break; -+ -+ case GEN_DNS: -+ BIO_printf(out, "DNS:%s", gen->d.ia5->data); -+ break; -+ -+ case GEN_URI: -+ BIO_printf(out, "URI:%s", gen->d.ia5->data); -+ break; -+ -+ case GEN_DIRNAME: -+ BIO_printf(out, "DirName: "); -+ X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); -+ break; -+ -+ case GEN_IPADD: -+ p = gen->d.ip->data; -+ if (gen->d.ip->length == 4) -+ BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); -+ else if (gen->d.ip->length == 16) { -+ BIO_printf(out, "IP Address"); -+ for (i = 0; i < 8; i++) { -+ BIO_printf(out, ":%X", p[0] << 8 | p[1]); -+ p += 2; -+ } -+ BIO_puts(out, "\n"); -+ } else { -+ BIO_printf(out, "IP Address:"); -+ break; -+ } -+ break; -+ -+ case GEN_RID: -+ BIO_printf(out, "Registered ID"); -+ i2a_ASN1_OBJECT(out, gen->d.rid); -+ break; -+ } -+ return 1; - } - - static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval) - { -- GENERAL_NAMES *gens = NULL; -- CONF_VALUE *cnf; -- int i; -- if(!(gens = sk_GENERAL_NAME_new_null())) { -- X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- cnf = sk_CONF_VALUE_value(nval, i); -- if(!name_cmp(cnf->name, "issuer") && cnf->value && -- !strcmp(cnf->value, "copy")) { -- if(!copy_issuer(ctx, gens)) goto err; -- } else { -- GENERAL_NAME *gen; -- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) -- goto err; -- sk_GENERAL_NAME_push(gens, gen); -- } -- } -- return gens; -- err: -- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -- return NULL; -+ GENERAL_NAMES *gens = NULL; -+ CONF_VALUE *cnf; -+ int i; -+ if (!(gens = sk_GENERAL_NAME_new_null())) { -+ X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ cnf = sk_CONF_VALUE_value(nval, i); -+ if (!name_cmp(cnf->name, "issuer") && cnf->value && -+ !strcmp(cnf->value, "copy")) { -+ if (!copy_issuer(ctx, gens)) -+ goto err; -+ } else { -+ GENERAL_NAME *gen; -+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) -+ goto err; -+ sk_GENERAL_NAME_push(gens, gen); -+ } -+ } -+ return gens; -+ err: -+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -+ return NULL; - } - - /* Append subject altname of issuer to issuer alt name of subject */ - - static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) - { -- GENERAL_NAMES *ialt; -- GENERAL_NAME *gen; -- X509_EXTENSION *ext; -- int i; -- if(ctx && (ctx->flags == CTX_TEST)) return 1; -- if(!ctx || !ctx->issuer_cert) { -- X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS); -- goto err; -- } -- i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); -- if(i < 0) return 1; -- if(!(ext = X509_get_ext(ctx->issuer_cert, i)) || -- !(ialt = X509V3_EXT_d2i(ext)) ) { -- X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR); -- goto err; -- } -- -- for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { -- gen = sk_GENERAL_NAME_value(ialt, i); -- if(!sk_GENERAL_NAME_push(gens, gen)) { -- X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- sk_GENERAL_NAME_free(ialt); -- -- return 1; -- -- err: -- return 0; -- -+ GENERAL_NAMES *ialt; -+ GENERAL_NAME *gen; -+ X509_EXTENSION *ext; -+ int i; -+ if (ctx && (ctx->flags == CTX_TEST)) -+ return 1; -+ if (!ctx || !ctx->issuer_cert) { -+ X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS); -+ goto err; -+ } -+ i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); -+ if (i < 0) -+ return 1; -+ if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || -+ !(ialt = X509V3_EXT_d2i(ext))) { -+ X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR); -+ goto err; -+ } -+ -+ for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { -+ gen = sk_GENERAL_NAME_value(ialt, i); -+ if (!sk_GENERAL_NAME_push(gens, gen)) { -+ X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ sk_GENERAL_NAME_free(ialt); -+ -+ return 1; -+ -+ err: -+ return 0; -+ - } - - static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval) - { -- GENERAL_NAMES *gens = NULL; -- CONF_VALUE *cnf; -- int i; -- if(!(gens = sk_GENERAL_NAME_new_null())) { -- X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- cnf = sk_CONF_VALUE_value(nval, i); -- if(!name_cmp(cnf->name, "email") && cnf->value && -- !strcmp(cnf->value, "copy")) { -- if(!copy_email(ctx, gens, 0)) goto err; -- } else if(!name_cmp(cnf->name, "email") && cnf->value && -- !strcmp(cnf->value, "move")) { -- if(!copy_email(ctx, gens, 1)) goto err; -- } else { -- GENERAL_NAME *gen; -- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) -- goto err; -- sk_GENERAL_NAME_push(gens, gen); -- } -- } -- return gens; -- err: -- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -- return NULL; -+ GENERAL_NAMES *gens = NULL; -+ CONF_VALUE *cnf; -+ int i; -+ if (!(gens = sk_GENERAL_NAME_new_null())) { -+ X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ cnf = sk_CONF_VALUE_value(nval, i); -+ if (!name_cmp(cnf->name, "email") && cnf->value && -+ !strcmp(cnf->value, "copy")) { -+ if (!copy_email(ctx, gens, 0)) -+ goto err; -+ } else if (!name_cmp(cnf->name, "email") && cnf->value && -+ !strcmp(cnf->value, "move")) { -+ if (!copy_email(ctx, gens, 1)) -+ goto err; -+ } else { -+ GENERAL_NAME *gen; -+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) -+ goto err; -+ sk_GENERAL_NAME_push(gens, gen); -+ } -+ } -+ return gens; -+ err: -+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -+ return NULL; - } - --/* Copy any email addresses in a certificate or request to -- * GENERAL_NAMES -+/* -+ * Copy any email addresses in a certificate or request to GENERAL_NAMES - */ - - static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) - { -- X509_NAME *nm; -- ASN1_IA5STRING *email = NULL; -- X509_NAME_ENTRY *ne; -- GENERAL_NAME *gen = NULL; -- int i; -- if(ctx != NULL && ctx->flags == CTX_TEST) -- return 1; -- if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { -- X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); -- goto err; -- } -- /* Find the subject name */ -- if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert); -- else nm = X509_REQ_get_subject_name(ctx->subject_req); -- -- /* Now add any email address(es) to STACK */ -- i = -1; -- while((i = X509_NAME_get_index_by_NID(nm, -- NID_pkcs9_emailAddress, i)) >= 0) { -- ne = X509_NAME_get_entry(nm, i); -- email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); -- if (move_p) -- { -- X509_NAME_delete_entry(nm, i); -- X509_NAME_ENTRY_free(ne); -- i--; -- } -- if(!email || !(gen = GENERAL_NAME_new())) { -- X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- gen->d.ia5 = email; -- email = NULL; -- gen->type = GEN_EMAIL; -- if(!sk_GENERAL_NAME_push(gens, gen)) { -- X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- gen = NULL; -- } -- -- -- return 1; -- -- err: -- GENERAL_NAME_free(gen); -- M_ASN1_IA5STRING_free(email); -- return 0; -- -+ X509_NAME *nm; -+ ASN1_IA5STRING *email = NULL; -+ X509_NAME_ENTRY *ne; -+ GENERAL_NAME *gen = NULL; -+ int i; -+ if (ctx != NULL && ctx->flags == CTX_TEST) -+ return 1; -+ if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) { -+ X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS); -+ goto err; -+ } -+ /* Find the subject name */ -+ if (ctx->subject_cert) -+ nm = X509_get_subject_name(ctx->subject_cert); -+ else -+ nm = X509_REQ_get_subject_name(ctx->subject_req); -+ -+ /* Now add any email address(es) to STACK */ -+ i = -1; -+ while ((i = X509_NAME_get_index_by_NID(nm, -+ NID_pkcs9_emailAddress, i)) >= 0) { -+ ne = X509_NAME_get_entry(nm, i); -+ email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); -+ if (move_p) { -+ X509_NAME_delete_entry(nm, i); -+ X509_NAME_ENTRY_free(ne); -+ i--; -+ } -+ if (!email || !(gen = GENERAL_NAME_new())) { -+ X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ gen->d.ia5 = email; -+ email = NULL; -+ gen->type = GEN_EMAIL; -+ if (!sk_GENERAL_NAME_push(gens, gen)) { -+ X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ gen = NULL; -+ } -+ -+ return 1; -+ -+ err: -+ GENERAL_NAME_free(gen); -+ M_ASN1_IA5STRING_free(email); -+ return 0; -+ - } - - GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { -- GENERAL_NAME *gen; -- GENERAL_NAMES *gens = NULL; -- CONF_VALUE *cnf; -- int i; -- if(!(gens = sk_GENERAL_NAME_new_null())) { -- X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- cnf = sk_CONF_VALUE_value(nval, i); -- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; -- sk_GENERAL_NAME_push(gens, gen); -- } -- return gens; -- err: -- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -- return NULL; -+ GENERAL_NAME *gen; -+ GENERAL_NAMES *gens = NULL; -+ CONF_VALUE *cnf; -+ int i; -+ if (!(gens = sk_GENERAL_NAME_new_null())) { -+ X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ cnf = sk_CONF_VALUE_value(nval, i); -+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) -+ goto err; -+ sk_GENERAL_NAME_push(gens, gen); -+ } -+ return gens; -+ err: -+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -+ return NULL; - } - - GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -- CONF_VALUE *cnf) -- { -- return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); -- } -+ CONF_VALUE *cnf) -+{ -+ return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); -+} - - GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, -- X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -- CONF_VALUE *cnf, int is_nc) -- { -- char is_string = 0; -- int type; -- GENERAL_NAME *gen = NULL; -- -- char *name, *value; -- -- name = cnf->name; -- value = cnf->value; -- -- if(!value) -- { -- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); -- return NULL; -- } -- -- if (out) -- gen = out; -- else -- { -- gen = GENERAL_NAME_new(); -- if(gen == NULL) -- { -- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- } -- -- if(!name_cmp(name, "email")) -- { -- is_string = 1; -- type = GEN_EMAIL; -- } -- else if(!name_cmp(name, "URI")) -- { -- is_string = 1; -- type = GEN_URI; -- } -- else if(!name_cmp(name, "DNS")) -- { -- is_string = 1; -- type = GEN_DNS; -- } -- else if(!name_cmp(name, "RID")) -- { -- ASN1_OBJECT *obj; -- if(!(obj = OBJ_txt2obj(value,0))) -- { -- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT); -- ERR_add_error_data(2, "value=", value); -- goto err; -- } -- gen->d.rid = obj; -- type = GEN_RID; -- } -- else if(!name_cmp(name, "IP")) -- { -- if (is_nc) -- gen->d.ip = a2i_IPADDRESS_NC(value); -- else -- gen->d.ip = a2i_IPADDRESS(value); -- if(gen->d.ip == NULL) -- { -- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS); -- ERR_add_error_data(2, "value=", value); -- goto err; -- } -- type = GEN_IPADD; -- } -- else if(!name_cmp(name, "dirName")) -- { -- type = GEN_DIRNAME; -- if (!do_dirname(gen, value, ctx)) -- { -- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR); -- goto err; -- } -- } -- else if(!name_cmp(name, "otherName")) -- { -- if (!do_othername(gen, value, ctx)) -- { -- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR); -- goto err; -- } -- type = GEN_OTHERNAME; -- } -- else -- { -- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION); -- ERR_add_error_data(2, "name=", name); -- goto err; -- } -- -- if(is_string) -- { -- if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || -- !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, -- strlen(value))) -- { -- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- -- gen->type = type; -- -- return gen; -- -- err: -- if (!out) -- GENERAL_NAME_free(gen); -- return NULL; -- } -+ X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -+ CONF_VALUE *cnf, int is_nc) -+{ -+ char is_string = 0; -+ int type; -+ GENERAL_NAME *gen = NULL; -+ -+ char *name, *value; -+ -+ name = cnf->name; -+ value = cnf->value; -+ -+ if (!value) { -+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE); -+ return NULL; -+ } -+ -+ if (out) -+ gen = out; -+ else { -+ gen = GENERAL_NAME_new(); -+ if (gen == NULL) { -+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ } -+ -+ if (!name_cmp(name, "email")) { -+ is_string = 1; -+ type = GEN_EMAIL; -+ } else if (!name_cmp(name, "URI")) { -+ is_string = 1; -+ type = GEN_URI; -+ } else if (!name_cmp(name, "DNS")) { -+ is_string = 1; -+ type = GEN_DNS; -+ } else if (!name_cmp(name, "RID")) { -+ ASN1_OBJECT *obj; -+ if (!(obj = OBJ_txt2obj(value, 0))) { -+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_OBJECT); -+ ERR_add_error_data(2, "value=", value); -+ goto err; -+ } -+ gen->d.rid = obj; -+ type = GEN_RID; -+ } else if (!name_cmp(name, "IP")) { -+ if (is_nc) -+ gen->d.ip = a2i_IPADDRESS_NC(value); -+ else -+ gen->d.ip = a2i_IPADDRESS(value); -+ if (gen->d.ip == NULL) { -+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_IP_ADDRESS); -+ ERR_add_error_data(2, "value=", value); -+ goto err; -+ } -+ type = GEN_IPADD; -+ } else if (!name_cmp(name, "dirName")) { -+ type = GEN_DIRNAME; -+ if (!do_dirname(gen, value, ctx)) { -+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_DIRNAME_ERROR); -+ goto err; -+ } -+ } else if (!name_cmp(name, "otherName")) { -+ if (!do_othername(gen, value, ctx)) { -+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_OTHERNAME_ERROR); -+ goto err; -+ } -+ type = GEN_OTHERNAME; -+ } else { -+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION); -+ ERR_add_error_data(2, "name=", name); -+ goto err; -+ } -+ -+ if (is_string) { -+ if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || -+ !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, -+ strlen(value))) { -+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ -+ gen->type = type; -+ -+ return gen; -+ -+ err: -+ if (!out) -+ GENERAL_NAME_free(gen); -+ return NULL; -+} - - static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) -- { -- char *objtmp = NULL, *p; -- int objlen; -- if (!(p = strchr(value, ';'))) -- return 0; -- if (!(gen->d.otherName = OTHERNAME_new())) -- return 0; -- /* Free this up because we will overwrite it. -- * no need to free type_id because it is static -- */ -- ASN1_TYPE_free(gen->d.otherName->value); -- if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) -- return 0; -- objlen = p - value; -- objtmp = OPENSSL_malloc(objlen + 1); -- strncpy(objtmp, value, objlen); -- objtmp[objlen] = 0; -- gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); -- OPENSSL_free(objtmp); -- if (!gen->d.otherName->type_id) -- return 0; -- return 1; -- } -+{ -+ char *objtmp = NULL, *p; -+ int objlen; -+ if (!(p = strchr(value, ';'))) -+ return 0; -+ if (!(gen->d.otherName = OTHERNAME_new())) -+ return 0; -+ /* -+ * Free this up because we will overwrite it. no need to free type_id -+ * because it is static -+ */ -+ ASN1_TYPE_free(gen->d.otherName->value); -+ if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) -+ return 0; -+ objlen = p - value; -+ objtmp = OPENSSL_malloc(objlen + 1); -+ strncpy(objtmp, value, objlen); -+ objtmp[objlen] = 0; -+ gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); -+ OPENSSL_free(objtmp); -+ if (!gen->d.otherName->type_id) -+ return 0; -+ return 1; -+} - - static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) -- { -- int ret; -- STACK_OF(CONF_VALUE) *sk; -- X509_NAME *nm; -- if (!(nm = X509_NAME_new())) -- return 0; -- sk = X509V3_get_section(ctx, value); -- if (!sk) -- { -- X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); -- ERR_add_error_data(2, "section=", value); -- X509_NAME_free(nm); -- return 0; -- } -- /* FIXME: should allow other character types... */ -- ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); -- if (!ret) -- X509_NAME_free(nm); -- gen->d.dirn = nm; -- -- X509V3_section_free(ctx, sk); -- -- return ret; -- } -+{ -+ int ret; -+ STACK_OF(CONF_VALUE) *sk; -+ X509_NAME *nm; -+ if (!(nm = X509_NAME_new())) -+ return 0; -+ sk = X509V3_get_section(ctx, value); -+ if (!sk) { -+ X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND); -+ ERR_add_error_data(2, "section=", value); -+ X509_NAME_free(nm); -+ return 0; -+ } -+ /* FIXME: should allow other character types... */ -+ ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); -+ if (!ret) -+ X509_NAME_free(nm); -+ gen->d.dirn = nm; -+ -+ X509V3_section_free(ctx, sk); -+ -+ return ret; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c -index 11aad0b..c2a8393 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c -@@ -10,7 +10,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -104,93 +104,92 @@ IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers) - * i2r method for an ASIdentifierChoice. - */ - static int i2r_ASIdentifierChoice(BIO *out, -- ASIdentifierChoice *choice, -- int indent, -- const char *msg) -+ ASIdentifierChoice *choice, -+ int indent, const char *msg) - { -- int i; -- char *s; -- if (choice == NULL) -- return 1; -- BIO_printf(out, "%*s%s:\n", indent, "", msg); -- switch (choice->type) { -- case ASIdentifierChoice_inherit: -- BIO_printf(out, "%*sinherit\n", indent + 2, ""); -- break; -- case ASIdentifierChoice_asIdsOrRanges: -- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) { -- ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -- switch (aor->type) { -- case ASIdOrRange_id: -- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL) -- return 0; -- BIO_printf(out, "%*s%s\n", indent + 2, "", s); -- OPENSSL_free(s); -- break; -- case ASIdOrRange_range: -- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL) -- return 0; -- BIO_printf(out, "%*s%s-", indent + 2, "", s); -- OPENSSL_free(s); -- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL) -- return 0; -- BIO_printf(out, "%s\n", s); -- OPENSSL_free(s); -- break; -- default: -- return 0; -- } -+ int i; -+ char *s; -+ if (choice == NULL) -+ return 1; -+ BIO_printf(out, "%*s%s:\n", indent, "", msg); -+ switch (choice->type) { -+ case ASIdentifierChoice_inherit: -+ BIO_printf(out, "%*sinherit\n", indent + 2, ""); -+ break; -+ case ASIdentifierChoice_asIdsOrRanges: -+ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) { -+ ASIdOrRange *aor = -+ sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -+ switch (aor->type) { -+ case ASIdOrRange_id: -+ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL) -+ return 0; -+ BIO_printf(out, "%*s%s\n", indent + 2, "", s); -+ OPENSSL_free(s); -+ break; -+ case ASIdOrRange_range: -+ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL) -+ return 0; -+ BIO_printf(out, "%*s%s-", indent + 2, "", s); -+ OPENSSL_free(s); -+ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL) -+ return 0; -+ BIO_printf(out, "%s\n", s); -+ OPENSSL_free(s); -+ break; -+ default: -+ return 0; -+ } -+ } -+ break; -+ default: -+ return 0; - } -- break; -- default: -- return 0; -- } -- return 1; -+ return 1; - } - - /* - * i2r method for an ASIdentifier extension. - */ - static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method, -- void *ext, -- BIO *out, -- int indent) -+ void *ext, BIO *out, int indent) - { -- ASIdentifiers *asid = ext; -- return (i2r_ASIdentifierChoice(out, asid->asnum, indent, -- "Autonomous System Numbers") && -- i2r_ASIdentifierChoice(out, asid->rdi, indent, -- "Routing Domain Identifiers")); -+ ASIdentifiers *asid = ext; -+ return (i2r_ASIdentifierChoice(out, asid->asnum, indent, -+ "Autonomous System Numbers") && -+ i2r_ASIdentifierChoice(out, asid->rdi, indent, -+ "Routing Domain Identifiers")); - } - - /* - * Sort comparision function for a sequence of ASIdOrRange elements. - */ --static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, -- const ASIdOrRange * const *b_) -+static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, -+ const ASIdOrRange *const *b_) - { -- const ASIdOrRange *a = *a_, *b = *b_; -+ const ASIdOrRange *a = *a_, *b = *b_; - -- OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || -- (a->type == ASIdOrRange_range && a->u.range != NULL && -- a->u.range->min != NULL && a->u.range->max != NULL)); -+ OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || -+ (a->type == ASIdOrRange_range && a->u.range != NULL && -+ a->u.range->min != NULL && a->u.range->max != NULL)); - -- OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || -- (b->type == ASIdOrRange_range && b->u.range != NULL && -- b->u.range->min != NULL && b->u.range->max != NULL)); -+ OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || -+ (b->type == ASIdOrRange_range && b->u.range != NULL && -+ b->u.range->min != NULL && b->u.range->max != NULL)); - -- if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) -- return ASN1_INTEGER_cmp(a->u.id, b->u.id); -+ if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) -+ return ASN1_INTEGER_cmp(a->u.id, b->u.id); - -- if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) { -- int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min); -- return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max); -- } -+ if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) { -+ int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min); -+ return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, -+ b->u.range->max); -+ } - -- if (a->type == ASIdOrRange_id) -- return ASN1_INTEGER_cmp(a->u.id, b->u.range->min); -- else -- return ASN1_INTEGER_cmp(a->u.range->min, b->u.id); -+ if (a->type == ASIdOrRange_id) -+ return ASN1_INTEGER_cmp(a->u.id, b->u.range->min); -+ else -+ return ASN1_INTEGER_cmp(a->u.range->min, b->u.id); - } - - /* -@@ -198,104 +197,101 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, - */ - int v3_asid_add_inherit(ASIdentifiers *asid, int which) - { -- ASIdentifierChoice **choice; -- if (asid == NULL) -- return 0; -- switch (which) { -- case V3_ASID_ASNUM: -- choice = &asid->asnum; -- break; -- case V3_ASID_RDI: -- choice = &asid->rdi; -- break; -- default: -- return 0; -- } -- if (*choice == NULL) { -- if ((*choice = ASIdentifierChoice_new()) == NULL) -- return 0; -- OPENSSL_assert((*choice)->u.inherit == NULL); -- if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) -- return 0; -- (*choice)->type = ASIdentifierChoice_inherit; -- } -- return (*choice)->type == ASIdentifierChoice_inherit; -+ ASIdentifierChoice **choice; -+ if (asid == NULL) -+ return 0; -+ switch (which) { -+ case V3_ASID_ASNUM: -+ choice = &asid->asnum; -+ break; -+ case V3_ASID_RDI: -+ choice = &asid->rdi; -+ break; -+ default: -+ return 0; -+ } -+ if (*choice == NULL) { -+ if ((*choice = ASIdentifierChoice_new()) == NULL) -+ return 0; -+ OPENSSL_assert((*choice)->u.inherit == NULL); -+ if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) -+ return 0; -+ (*choice)->type = ASIdentifierChoice_inherit; -+ } -+ return (*choice)->type == ASIdentifierChoice_inherit; - } - - /* - * Add an ID or range to an ASIdentifierChoice. - */ - int v3_asid_add_id_or_range(ASIdentifiers *asid, -- int which, -- ASN1_INTEGER *min, -- ASN1_INTEGER *max) -+ int which, ASN1_INTEGER *min, ASN1_INTEGER *max) - { -- ASIdentifierChoice **choice; -- ASIdOrRange *aor; -- if (asid == NULL) -- return 0; -- switch (which) { -- case V3_ASID_ASNUM: -- choice = &asid->asnum; -- break; -- case V3_ASID_RDI: -- choice = &asid->rdi; -- break; -- default: -- return 0; -- } -- if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) -- return 0; -- if (*choice == NULL) { -- if ((*choice = ASIdentifierChoice_new()) == NULL) -- return 0; -- OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); -- (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); -- if ((*choice)->u.asIdsOrRanges == NULL) -- return 0; -- (*choice)->type = ASIdentifierChoice_asIdsOrRanges; -- } -- if ((aor = ASIdOrRange_new()) == NULL) -- return 0; -- if (max == NULL) { -- aor->type = ASIdOrRange_id; -- aor->u.id = min; -- } else { -- aor->type = ASIdOrRange_range; -- if ((aor->u.range = ASRange_new()) == NULL) -- goto err; -- ASN1_INTEGER_free(aor->u.range->min); -- aor->u.range->min = min; -- ASN1_INTEGER_free(aor->u.range->max); -- aor->u.range->max = max; -- } -- if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) -- goto err; -- return 1; -+ ASIdentifierChoice **choice; -+ ASIdOrRange *aor; -+ if (asid == NULL) -+ return 0; -+ switch (which) { -+ case V3_ASID_ASNUM: -+ choice = &asid->asnum; -+ break; -+ case V3_ASID_RDI: -+ choice = &asid->rdi; -+ break; -+ default: -+ return 0; -+ } -+ if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) -+ return 0; -+ if (*choice == NULL) { -+ if ((*choice = ASIdentifierChoice_new()) == NULL) -+ return 0; -+ OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); -+ (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); -+ if ((*choice)->u.asIdsOrRanges == NULL) -+ return 0; -+ (*choice)->type = ASIdentifierChoice_asIdsOrRanges; -+ } -+ if ((aor = ASIdOrRange_new()) == NULL) -+ return 0; -+ if (max == NULL) { -+ aor->type = ASIdOrRange_id; -+ aor->u.id = min; -+ } else { -+ aor->type = ASIdOrRange_range; -+ if ((aor->u.range = ASRange_new()) == NULL) -+ goto err; -+ ASN1_INTEGER_free(aor->u.range->min); -+ aor->u.range->min = min; -+ ASN1_INTEGER_free(aor->u.range->max); -+ aor->u.range->max = max; -+ } -+ if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) -+ goto err; -+ return 1; - - err: -- ASIdOrRange_free(aor); -- return 0; -+ ASIdOrRange_free(aor); -+ return 0; - } - - /* - * Extract min and max values from an ASIdOrRange. - */ - static void extract_min_max(ASIdOrRange *aor, -- ASN1_INTEGER **min, -- ASN1_INTEGER **max) -+ ASN1_INTEGER **min, ASN1_INTEGER **max) - { -- OPENSSL_assert(aor != NULL && min != NULL && max != NULL); -- switch (aor->type) { -- case ASIdOrRange_id: -- *min = aor->u.id; -- *max = aor->u.id; -- return; -- case ASIdOrRange_range: -- *min = aor->u.range->min; -- *max = aor->u.range->max; -- return; -- } -+ OPENSSL_assert(aor != NULL && min != NULL && max != NULL); -+ switch (aor->type) { -+ case ASIdOrRange_id: -+ *min = aor->u.id; -+ *max = aor->u.id; -+ return; -+ case ASIdOrRange_range: -+ *min = aor->u.range->min; -+ *max = aor->u.range->max; -+ return; -+ } - } - - /* -@@ -303,81 +299,82 @@ static void extract_min_max(ASIdOrRange *aor, - */ - static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) - { -- ASN1_INTEGER *a_max_plus_one = NULL; -- BIGNUM *bn = NULL; -- int i, ret = 0; -- -- /* -- * Empty element or inheritance is canonical. -- */ -- if (choice == NULL || choice->type == ASIdentifierChoice_inherit) -- return 1; -- -- /* -- * If not a list, or if empty list, it's broken. -- */ -- if (choice->type != ASIdentifierChoice_asIdsOrRanges || -- sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) -- return 0; -+ ASN1_INTEGER *a_max_plus_one = NULL; -+ BIGNUM *bn = NULL; -+ int i, ret = 0; - -- /* -- * It's a list, check it. -- */ -- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { -- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -- ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); -- ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; -- -- extract_min_max(a, &a_min, &a_max); -- extract_min_max(b, &b_min, &b_max); -+ /* -+ * Empty element or inheritance is canonical. -+ */ -+ if (choice == NULL || choice->type == ASIdentifierChoice_inherit) -+ return 1; - - /* -- * Punt misordered list, overlapping start, or inverted range. -+ * If not a list, or if empty list, it's broken. - */ -- if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || -- ASN1_INTEGER_cmp(a_min, a_max) > 0 || -- ASN1_INTEGER_cmp(b_min, b_max) > 0) -- goto done; -+ if (choice->type != ASIdentifierChoice_asIdsOrRanges || -+ sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) -+ return 0; - - /* -- * Calculate a_max + 1 to check for adjacency. -+ * It's a list, check it. - */ -- if ((bn == NULL && (bn = BN_new()) == NULL) || -- ASN1_INTEGER_to_BN(a_max, bn) == NULL || -- !BN_add_word(bn, 1) || -- (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { -- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, -- ERR_R_MALLOC_FAILURE); -- goto done; -+ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { -+ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -+ ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); -+ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; -+ -+ extract_min_max(a, &a_min, &a_max); -+ extract_min_max(b, &b_min, &b_max); -+ -+ /* -+ * Punt misordered list, overlapping start, or inverted range. -+ */ -+ if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || -+ ASN1_INTEGER_cmp(a_min, a_max) > 0 || -+ ASN1_INTEGER_cmp(b_min, b_max) > 0) -+ goto done; -+ -+ /* -+ * Calculate a_max + 1 to check for adjacency. -+ */ -+ if ((bn == NULL && (bn = BN_new()) == NULL) || -+ ASN1_INTEGER_to_BN(a_max, bn) == NULL || -+ !BN_add_word(bn, 1) || -+ (a_max_plus_one = -+ BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { -+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, -+ ERR_R_MALLOC_FAILURE); -+ goto done; -+ } -+ -+ /* -+ * Punt if adjacent or overlapping. -+ */ -+ if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0) -+ goto done; - } -- -+ - /* -- * Punt if adjacent or overlapping. -+ * Check for inverted range. - */ -- if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0) -- goto done; -- } -- -- /* -- * Check for inverted range. -- */ -- i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; -- { -- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -- ASN1_INTEGER *a_min, *a_max; -- if (a != NULL && a->type == ASIdOrRange_range) { -- extract_min_max(a, &a_min, &a_max); -- if (ASN1_INTEGER_cmp(a_min, a_max) > 0) -- goto done; -+ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; -+ { -+ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -+ ASN1_INTEGER *a_min, *a_max; -+ if (a != NULL && a->type == ASIdOrRange_range) { -+ extract_min_max(a, &a_min, &a_max); -+ if (ASN1_INTEGER_cmp(a_min, a_max) > 0) -+ goto done; -+ } - } -- } - -- ret = 1; -+ ret = 1; - - done: -- ASN1_INTEGER_free(a_max_plus_one); -- BN_free(bn); -- return ret; -+ ASN1_INTEGER_free(a_max_plus_one); -+ BN_free(bn); -+ return ret; - } - - /* -@@ -385,9 +382,9 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) - */ - int v3_asid_is_canonical(ASIdentifiers *asid) - { -- return (asid == NULL || -- (ASIdentifierChoice_is_canonical(asid->asnum) && -- ASIdentifierChoice_is_canonical(asid->rdi))); -+ return (asid == NULL || -+ (ASIdentifierChoice_is_canonical(asid->asnum) && -+ ASIdentifierChoice_is_canonical(asid->rdi))); - } - - /* -@@ -395,134 +392,136 @@ int v3_asid_is_canonical(ASIdentifiers *asid) - */ - static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) - { -- ASN1_INTEGER *a_max_plus_one = NULL; -- BIGNUM *bn = NULL; -- int i, ret = 0; -- -- /* -- * Nothing to do for empty element or inheritance. -- */ -- if (choice == NULL || choice->type == ASIdentifierChoice_inherit) -- return 1; -- -- /* -- * If not a list, or if empty list, it's broken. -- */ -- if (choice->type != ASIdentifierChoice_asIdsOrRanges || -- sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) { -- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, -- X509V3_R_EXTENSION_VALUE_ERROR); -- return 0; -- } -- -- /* -- * We have a non-empty list. Sort it. -- */ -- sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); -- -- /* -- * Now check for errors and suboptimal encoding, rejecting the -- * former and fixing the latter. -- */ -- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { -- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -- ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); -- ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; -- -- extract_min_max(a, &a_min, &a_max); -- extract_min_max(b, &b_min, &b_max); -+ ASN1_INTEGER *a_max_plus_one = NULL; -+ BIGNUM *bn = NULL; -+ int i, ret = 0; - - /* -- * Make sure we're properly sorted (paranoia). -+ * Nothing to do for empty element or inheritance. - */ -- OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); -+ if (choice == NULL || choice->type == ASIdentifierChoice_inherit) -+ return 1; - - /* -- * Punt inverted ranges. -+ * If not a list, or if empty list, it's broken. - */ -- if (ASN1_INTEGER_cmp(a_min, a_max) > 0 || -- ASN1_INTEGER_cmp(b_min, b_max) > 0) -- goto done; -+ if (choice->type != ASIdentifierChoice_asIdsOrRanges || -+ sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) { -+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, -+ X509V3_R_EXTENSION_VALUE_ERROR); -+ return 0; -+ } - - /* -- * Check for overlaps. -+ * We have a non-empty list. Sort it. - */ -- if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) { -- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, -- X509V3_R_EXTENSION_VALUE_ERROR); -- goto done; -- } -+ sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); - - /* -- * Calculate a_max + 1 to check for adjacency. -+ * Now check for errors and suboptimal encoding, rejecting the -+ * former and fixing the latter. - */ -- if ((bn == NULL && (bn = BN_new()) == NULL) || -- ASN1_INTEGER_to_BN(a_max, bn) == NULL || -- !BN_add_word(bn, 1) || -- (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { -- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); -- goto done; -+ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { -+ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -+ ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); -+ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; -+ -+ extract_min_max(a, &a_min, &a_max); -+ extract_min_max(b, &b_min, &b_max); -+ -+ /* -+ * Make sure we're properly sorted (paranoia). -+ */ -+ OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); -+ -+ /* -+ * Punt inverted ranges. -+ */ -+ if (ASN1_INTEGER_cmp(a_min, a_max) > 0 || -+ ASN1_INTEGER_cmp(b_min, b_max) > 0) -+ goto done; -+ -+ /* -+ * Check for overlaps. -+ */ -+ if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) { -+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, -+ X509V3_R_EXTENSION_VALUE_ERROR); -+ goto done; -+ } -+ -+ /* -+ * Calculate a_max + 1 to check for adjacency. -+ */ -+ if ((bn == NULL && (bn = BN_new()) == NULL) || -+ ASN1_INTEGER_to_BN(a_max, bn) == NULL || -+ !BN_add_word(bn, 1) || -+ (a_max_plus_one = -+ BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { -+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, -+ ERR_R_MALLOC_FAILURE); -+ goto done; -+ } -+ -+ /* -+ * If a and b are adjacent, merge them. -+ */ -+ if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) { -+ ASRange *r; -+ switch (a->type) { -+ case ASIdOrRange_id: -+ if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { -+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, -+ ERR_R_MALLOC_FAILURE); -+ goto done; -+ } -+ r->min = a_min; -+ r->max = b_max; -+ a->type = ASIdOrRange_range; -+ a->u.range = r; -+ break; -+ case ASIdOrRange_range: -+ ASN1_INTEGER_free(a->u.range->max); -+ a->u.range->max = b_max; -+ break; -+ } -+ switch (b->type) { -+ case ASIdOrRange_id: -+ b->u.id = NULL; -+ break; -+ case ASIdOrRange_range: -+ b->u.range->max = NULL; -+ break; -+ } -+ ASIdOrRange_free(b); -+ (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); -+ i--; -+ continue; -+ } - } -- -+ - /* -- * If a and b are adjacent, merge them. -+ * Check for final inverted range. - */ -- if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) { -- ASRange *r; -- switch (a->type) { -- case ASIdOrRange_id: -- if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { -- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, -- ERR_R_MALLOC_FAILURE); -- goto done; -- } -- r->min = a_min; -- r->max = b_max; -- a->type = ASIdOrRange_range; -- a->u.range = r; -- break; -- case ASIdOrRange_range: -- ASN1_INTEGER_free(a->u.range->max); -- a->u.range->max = b_max; -- break; -- } -- switch (b->type) { -- case ASIdOrRange_id: -- b->u.id = NULL; -- break; -- case ASIdOrRange_range: -- b->u.range->max = NULL; -- break; -- } -- ASIdOrRange_free(b); -- (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); -- i--; -- continue; -- } -- } -- -- /* -- * Check for final inverted range. -- */ -- i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; -- { -- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -- ASN1_INTEGER *a_min, *a_max; -- if (a != NULL && a->type == ASIdOrRange_range) { -- extract_min_max(a, &a_min, &a_max); -- if (ASN1_INTEGER_cmp(a_min, a_max) > 0) -- goto done; -+ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; -+ { -+ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); -+ ASN1_INTEGER *a_min, *a_max; -+ if (a != NULL && a->type == ASIdOrRange_range) { -+ extract_min_max(a, &a_min, &a_max); -+ if (ASN1_INTEGER_cmp(a_min, a_max) > 0) -+ goto done; -+ } - } -- } - -- OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ -+ OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ - -- ret = 1; -+ ret = 1; - - done: -- ASN1_INTEGER_free(a_max_plus_one); -- BN_free(bn); -- return ret; -+ ASN1_INTEGER_free(a_max_plus_one); -+ BN_free(bn); -+ return ret; - } - - /* -@@ -530,142 +529,147 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) - */ - int v3_asid_canonize(ASIdentifiers *asid) - { -- return (asid == NULL || -- (ASIdentifierChoice_canonize(asid->asnum) && -- ASIdentifierChoice_canonize(asid->rdi))); -+ return (asid == NULL || -+ (ASIdentifierChoice_canonize(asid->asnum) && -+ ASIdentifierChoice_canonize(asid->rdi))); - } - - /* - * v2i method for an ASIdentifier extension. - */ - static void *v2i_ASIdentifiers(struct v3_ext_method *method, -- struct v3_ext_ctx *ctx, -- STACK_OF(CONF_VALUE) *values) -+ struct v3_ext_ctx *ctx, -+ STACK_OF(CONF_VALUE) *values) - { -- ASN1_INTEGER *min = NULL, *max = NULL; -- ASIdentifiers *asid = NULL; -- int i; -- -- if ((asid = ASIdentifiers_new()) == NULL) { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- for (i = 0; i < sk_CONF_VALUE_num(values); i++) { -- CONF_VALUE *val = sk_CONF_VALUE_value(values, i); -- int i1, i2, i3, is_range, which; -+ ASN1_INTEGER *min = NULL, *max = NULL; -+ ASIdentifiers *asid = NULL; -+ int i; - -- /* -- * Figure out whether this is an AS or an RDI. -- */ -- if ( !name_cmp(val->name, "AS")) { -- which = V3_ASID_ASNUM; -- } else if (!name_cmp(val->name, "RDI")) { -- which = V3_ASID_RDI; -- } else { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR); -- X509V3_conf_err(val); -- goto err; -- } -- -- /* -- * Handle inheritance. -- */ -- if (!strcmp(val->value, "inherit")) { -- if (v3_asid_add_inherit(asid, which)) -- continue; -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE); -- X509V3_conf_err(val); -- goto err; -+ if ((asid = ASIdentifiers_new()) == NULL) { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -+ return NULL; - } - -- /* -- * Number, range, or mistake, pick it apart and figure out which. -- */ -- i1 = strspn(val->value, "0123456789"); -- if (val->value[i1] == '\0') { -- is_range = 0; -- } else { -- is_range = 1; -- i2 = i1 + strspn(val->value + i1, " \t"); -- if (val->value[i2] != '-') { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER); -- X509V3_conf_err(val); -- goto err; -- } -- i2++; -- i2 = i2 + strspn(val->value + i2, " \t"); -- i3 = i2 + strspn(val->value + i2, "0123456789"); -- if (val->value[i3] != '\0') { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE); -- X509V3_conf_err(val); -- goto err; -- } -+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { -+ CONF_VALUE *val = sk_CONF_VALUE_value(values, i); -+ int i1, i2, i3, is_range, which; -+ -+ /* -+ * Figure out whether this is an AS or an RDI. -+ */ -+ if (!name_cmp(val->name, "AS")) { -+ which = V3_ASID_ASNUM; -+ } else if (!name_cmp(val->name, "RDI")) { -+ which = V3_ASID_RDI; -+ } else { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, -+ X509V3_R_EXTENSION_NAME_ERROR); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ -+ /* -+ * Handle inheritance. -+ */ -+ if (!strcmp(val->value, "inherit")) { -+ if (v3_asid_add_inherit(asid, which)) -+ continue; -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, -+ X509V3_R_INVALID_INHERITANCE); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ -+ /* -+ * Number, range, or mistake, pick it apart and figure out which. -+ */ -+ i1 = strspn(val->value, "0123456789"); -+ if (val->value[i1] == '\0') { -+ is_range = 0; -+ } else { -+ is_range = 1; -+ i2 = i1 + strspn(val->value + i1, " \t"); -+ if (val->value[i2] != '-') { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, -+ X509V3_R_INVALID_ASNUMBER); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ i2++; -+ i2 = i2 + strspn(val->value + i2, " \t"); -+ i3 = i2 + strspn(val->value + i2, "0123456789"); -+ if (val->value[i3] != '\0') { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, -+ X509V3_R_INVALID_ASRANGE); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ } -+ -+ /* -+ * Syntax is ok, read and add it. -+ */ -+ if (!is_range) { -+ if (!X509V3_get_value_int(val, &min)) { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } else { -+ char *s = BUF_strdup(val->value); -+ if (s == NULL) { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ s[i1] = '\0'; -+ min = s2i_ASN1_INTEGER(NULL, s); -+ max = s2i_ASN1_INTEGER(NULL, s + i2); -+ OPENSSL_free(s); -+ if (min == NULL || max == NULL) { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (ASN1_INTEGER_cmp(min, max) > 0) { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, -+ X509V3_R_EXTENSION_VALUE_ERROR); -+ goto err; -+ } -+ } -+ if (!v3_asid_add_id_or_range(asid, which, min, max)) { -+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ min = max = NULL; - } - - /* -- * Syntax is ok, read and add it. -+ * Canonize the result, then we're done. - */ -- if (!is_range) { -- if (!X509V3_get_value_int(val, &min)) { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } else { -- char *s = BUF_strdup(val->value); -- if (s == NULL) { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- s[i1] = '\0'; -- min = s2i_ASN1_INTEGER(NULL, s); -- max = s2i_ASN1_INTEGER(NULL, s + i2); -- OPENSSL_free(s); -- if (min == NULL || max == NULL) { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- if (ASN1_INTEGER_cmp(min, max) > 0) { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR); -- goto err; -- } -- } -- if (!v3_asid_add_id_or_range(asid, which, min, max)) { -- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- min = max = NULL; -- } -- -- /* -- * Canonize the result, then we're done. -- */ -- if (!v3_asid_canonize(asid)) -- goto err; -- return asid; -+ if (!v3_asid_canonize(asid)) -+ goto err; -+ return asid; - - err: -- ASIdentifiers_free(asid); -- ASN1_INTEGER_free(min); -- ASN1_INTEGER_free(max); -- return NULL; -+ ASIdentifiers_free(asid); -+ ASN1_INTEGER_free(min); -+ ASN1_INTEGER_free(max); -+ return NULL; - } - - /* - * OpenSSL dispatch. - */ - const X509V3_EXT_METHOD v3_asid = { -- NID_sbgp_autonomousSysNum, /* nid */ -- 0, /* flags */ -- ASN1_ITEM_ref(ASIdentifiers), /* template */ -- 0, 0, 0, 0, /* old functions, ignored */ -- 0, /* i2s */ -- 0, /* s2i */ -- 0, /* i2v */ -- v2i_ASIdentifiers, /* v2i */ -- i2r_ASIdentifiers, /* i2r */ -- 0, /* r2i */ -- NULL /* extension-specific data */ -+ NID_sbgp_autonomousSysNum, /* nid */ -+ 0, /* flags */ -+ ASN1_ITEM_ref(ASIdentifiers), /* template */ -+ 0, 0, 0, 0, /* old functions, ignored */ -+ 0, /* i2s */ -+ 0, /* s2i */ -+ 0, /* i2v */ -+ v2i_ASIdentifiers, /* v2i */ -+ i2r_ASIdentifiers, /* i2r */ -+ 0, /* r2i */ -+ NULL /* extension-specific data */ - }; - - /* -@@ -673,11 +677,11 @@ const X509V3_EXT_METHOD v3_asid = { - */ - int v3_asid_inherits(ASIdentifiers *asid) - { -- return (asid != NULL && -- ((asid->asnum != NULL && -- asid->asnum->type == ASIdentifierChoice_inherit) || -- (asid->rdi != NULL && -- asid->rdi->type == ASIdentifierChoice_inherit))); -+ return (asid != NULL && -+ ((asid->asnum != NULL && -+ asid->asnum->type == ASIdentifierChoice_inherit) || -+ (asid->rdi != NULL && -+ asid->rdi->type == ASIdentifierChoice_inherit))); - } - - /* -@@ -685,30 +689,30 @@ int v3_asid_inherits(ASIdentifiers *asid) - */ - static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) - { -- ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; -- int p, c; -- -- if (child == NULL || parent == child) -- return 1; -- if (parent == NULL) -- return 0; -- -- p = 0; -- for (c = 0; c < sk_ASIdOrRange_num(child); c++) { -- extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max); -- for (;; p++) { -- if (p >= sk_ASIdOrRange_num(parent)) -- return 0; -- extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max); -- if (ASN1_INTEGER_cmp(p_max, c_max) < 0) -- continue; -- if (ASN1_INTEGER_cmp(p_min, c_min) > 0) -- return 0; -- break; -+ ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; -+ int p, c; -+ -+ if (child == NULL || parent == child) -+ return 1; -+ if (parent == NULL) -+ return 0; -+ -+ p = 0; -+ for (c = 0; c < sk_ASIdOrRange_num(child); c++) { -+ extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max); -+ for (;; p++) { -+ if (p >= sk_ASIdOrRange_num(parent)) -+ return 0; -+ extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max); -+ if (ASN1_INTEGER_cmp(p_max, c_max) < 0) -+ continue; -+ if (ASN1_INTEGER_cmp(p_min, c_min) > 0) -+ return 0; -+ break; -+ } - } -- } - -- return 1; -+ return 1; - } - - /* -@@ -716,156 +720,159 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) - */ - int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) - { -- return (a == NULL || -- a == b || -- (b != NULL && -- !v3_asid_inherits(a) && -- !v3_asid_inherits(b) && -- asid_contains(b->asnum->u.asIdsOrRanges, -- a->asnum->u.asIdsOrRanges) && -- asid_contains(b->rdi->u.asIdsOrRanges, -- a->rdi->u.asIdsOrRanges))); -+ return (a == NULL || -+ a == b || -+ (b != NULL && -+ !v3_asid_inherits(a) && -+ !v3_asid_inherits(b) && -+ asid_contains(b->asnum->u.asIdsOrRanges, -+ a->asnum->u.asIdsOrRanges) && -+ asid_contains(b->rdi->u.asIdsOrRanges, -+ a->rdi->u.asIdsOrRanges))); - } - - /* - * Validation error handling via callback. - */ --#define validation_err(_err_) \ -- do { \ -- if (ctx != NULL) { \ -- ctx->error = _err_; \ -- ctx->error_depth = i; \ -- ctx->current_cert = x; \ -- ret = ctx->verify_cb(0, ctx); \ -- } else { \ -- ret = 0; \ -- } \ -- if (!ret) \ -- goto done; \ -+# define validation_err(_err_) \ -+ do { \ -+ if (ctx != NULL) { \ -+ ctx->error = _err_; \ -+ ctx->error_depth = i; \ -+ ctx->current_cert = x; \ -+ ret = ctx->verify_cb(0, ctx); \ -+ } else { \ -+ ret = 0; \ -+ } \ -+ if (!ret) \ -+ goto done; \ - } while (0) - - /* - * Core code for RFC 3779 3.3 path validation. - */ - static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, -- STACK_OF(X509) *chain, -- ASIdentifiers *ext) -+ STACK_OF(X509) *chain, -+ ASIdentifiers *ext) - { -- ASIdOrRanges *child_as = NULL, *child_rdi = NULL; -- int i, ret = 1, inherit_as = 0, inherit_rdi = 0; -- X509 *x = NULL; -- -- OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); -- OPENSSL_assert(ctx != NULL || ext != NULL); -- OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); -- -- /* -- * Figure out where to start. If we don't have an extension to -- * check, we're done. Otherwise, check canonical form and -- * set up for walking up the chain. -- */ -- if (ext != NULL) { -- i = -1; -- } else { -- i = 0; -- x = sk_X509_value(chain, i); -- OPENSSL_assert(x != NULL); -- if ((ext = x->rfc3779_asid) == NULL) -- goto done; -- } -- if (!v3_asid_is_canonical(ext)) -- validation_err(X509_V_ERR_INVALID_EXTENSION); -- if (ext->asnum != NULL) { -- switch (ext->asnum->type) { -- case ASIdentifierChoice_inherit: -- inherit_as = 1; -- break; -- case ASIdentifierChoice_asIdsOrRanges: -- child_as = ext->asnum->u.asIdsOrRanges; -- break; -- } -- } -- if (ext->rdi != NULL) { -- switch (ext->rdi->type) { -- case ASIdentifierChoice_inherit: -- inherit_rdi = 1; -- break; -- case ASIdentifierChoice_asIdsOrRanges: -- child_rdi = ext->rdi->u.asIdsOrRanges; -- break; -- } -- } -- -- /* -- * Now walk up the chain. Extensions must be in canonical form, no -- * cert may list resources that its parent doesn't list. -- */ -- for (i++; i < sk_X509_num(chain); i++) { -- x = sk_X509_value(chain, i); -- OPENSSL_assert(x != NULL); -- if (x->rfc3779_asid == NULL) { -- if (child_as != NULL || child_rdi != NULL) -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- continue; -+ ASIdOrRanges *child_as = NULL, *child_rdi = NULL; -+ int i, ret = 1, inherit_as = 0, inherit_rdi = 0; -+ X509 *x = NULL; -+ -+ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); -+ OPENSSL_assert(ctx != NULL || ext != NULL); -+ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); -+ -+ /* -+ * Figure out where to start. If we don't have an extension to -+ * check, we're done. Otherwise, check canonical form and -+ * set up for walking up the chain. -+ */ -+ if (ext != NULL) { -+ i = -1; -+ } else { -+ i = 0; -+ x = sk_X509_value(chain, i); -+ OPENSSL_assert(x != NULL); -+ if ((ext = x->rfc3779_asid) == NULL) -+ goto done; - } -- if (!v3_asid_is_canonical(x->rfc3779_asid)) -- validation_err(X509_V_ERR_INVALID_EXTENSION); -- if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- child_as = NULL; -- inherit_as = 0; -+ if (!v3_asid_is_canonical(ext)) -+ validation_err(X509_V_ERR_INVALID_EXTENSION); -+ if (ext->asnum != NULL) { -+ switch (ext->asnum->type) { -+ case ASIdentifierChoice_inherit: -+ inherit_as = 1; -+ break; -+ case ASIdentifierChoice_asIdsOrRanges: -+ child_as = ext->asnum->u.asIdsOrRanges; -+ break; -+ } - } -- if (x->rfc3779_asid->asnum != NULL && -- x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) { -- if (inherit_as || -- asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) { -- child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges; -- inherit_as = 0; -- } else { -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- } -+ if (ext->rdi != NULL) { -+ switch (ext->rdi->type) { -+ case ASIdentifierChoice_inherit: -+ inherit_rdi = 1; -+ break; -+ case ASIdentifierChoice_asIdsOrRanges: -+ child_rdi = ext->rdi->u.asIdsOrRanges; -+ break; -+ } - } -- if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) { -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- child_rdi = NULL; -- inherit_rdi = 0; -+ -+ /* -+ * Now walk up the chain. Extensions must be in canonical form, no -+ * cert may list resources that its parent doesn't list. -+ */ -+ for (i++; i < sk_X509_num(chain); i++) { -+ x = sk_X509_value(chain, i); -+ OPENSSL_assert(x != NULL); -+ if (x->rfc3779_asid == NULL) { -+ if (child_as != NULL || child_rdi != NULL) -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ continue; -+ } -+ if (!v3_asid_is_canonical(x->rfc3779_asid)) -+ validation_err(X509_V_ERR_INVALID_EXTENSION); -+ if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ child_as = NULL; -+ inherit_as = 0; -+ } -+ if (x->rfc3779_asid->asnum != NULL && -+ x->rfc3779_asid->asnum->type == -+ ASIdentifierChoice_asIdsOrRanges) { -+ if (inherit_as -+ || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, -+ child_as)) { -+ child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges; -+ inherit_as = 0; -+ } else { -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ } -+ } -+ if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) { -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ child_rdi = NULL; -+ inherit_rdi = 0; -+ } -+ if (x->rfc3779_asid->rdi != NULL && -+ x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { -+ if (inherit_rdi || -+ asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, -+ child_rdi)) { -+ child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges; -+ inherit_rdi = 0; -+ } else { -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ } -+ } - } -- if (x->rfc3779_asid->rdi != NULL && -- x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { -- if (inherit_rdi || -- asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) { -- child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges; -- inherit_rdi = 0; -- } else { -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- } -+ -+ /* -+ * Trust anchor can't inherit. -+ */ -+ if (x->rfc3779_asid != NULL) { -+ if (x->rfc3779_asid->asnum != NULL && -+ x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); -+ if (x->rfc3779_asid->rdi != NULL && -+ x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) -+ validation_err(X509_V_ERR_UNNESTED_RESOURCE); - } -- } -- -- /* -- * Trust anchor can't inherit. -- */ -- if (x->rfc3779_asid != NULL) { -- if (x->rfc3779_asid->asnum != NULL && -- x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- if (x->rfc3779_asid->rdi != NULL && -- x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) -- validation_err(X509_V_ERR_UNNESTED_RESOURCE); -- } - - done: -- return ret; -+ return ret; - } - --#undef validation_err -+# undef validation_err - - /* - * RFC 3779 3.3 path validation -- called from X509_verify_cert(). - */ - int v3_asid_validate_path(X509_STORE_CTX *ctx) - { -- return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); -+ return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); - } - - /* -@@ -873,16 +880,15 @@ int v3_asid_validate_path(X509_STORE_CTX *ctx) - * Test whether chain covers extension. - */ - int v3_asid_validate_resource_set(STACK_OF(X509) *chain, -- ASIdentifiers *ext, -- int allow_inheritance) -+ ASIdentifiers *ext, int allow_inheritance) - { -- if (ext == NULL) -- return 1; -- if (chain == NULL || sk_X509_num(chain) == 0) -- return 0; -- if (!allow_inheritance && v3_asid_inherits(ext)) -- return 0; -- return v3_asid_validate_path_internal(NULL, chain, ext); -+ if (ext == NULL) -+ return 1; -+ if (chain == NULL || sk_X509_num(chain) == 0) -+ return 0; -+ if (!allow_inheritance && v3_asid_inherits(ext)) -+ return 0; -+ return v3_asid_validate_path_internal(NULL, chain, ext); - } - --#endif /* OPENSSL_NO_RFC3779 */ -+#endif /* OPENSSL_NO_RFC3779 */ -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c -index 82aa488..dc00b9c 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c -@@ -1,6 +1,7 @@ - /* v3_bcons.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include "cryptlib.h" - #include -@@ -64,61 +64,69 @@ - #include - #include - --static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); --static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); -+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, -+ BASIC_CONSTRAINTS *bcons, -+ STACK_OF(CONF_VALUE) -+ *extlist); -+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *values); - - const X509V3_EXT_METHOD v3_bcons = { --NID_basic_constraints, 0, --ASN1_ITEM_ref(BASIC_CONSTRAINTS), --0,0,0,0, --0,0, --(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, --(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, --NULL,NULL, --NULL -+ NID_basic_constraints, 0, -+ ASN1_ITEM_ref(BASIC_CONSTRAINTS), -+ 0, 0, 0, 0, -+ 0, 0, -+ (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS, -+ (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, -+ NULL, NULL, -+ NULL - }; - - ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { -- ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), -- ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) -+ ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), -+ ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) - } ASN1_SEQUENCE_END(BASIC_CONSTRAINTS) - - IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) - -- - static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, -- BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) -+ BASIC_CONSTRAINTS *bcons, -+ STACK_OF(CONF_VALUE) -+ *extlist) - { -- X509V3_add_value_bool("CA", bcons->ca, &extlist); -- X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); -- return extlist; -+ X509V3_add_value_bool("CA", bcons->ca, &extlist); -+ X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); -+ return extlist; - } - - static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *values) - { -- BASIC_CONSTRAINTS *bcons=NULL; -- CONF_VALUE *val; -- int i; -- if(!(bcons = BASIC_CONSTRAINTS_new())) { -- X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- for(i = 0; i < sk_CONF_VALUE_num(values); i++) { -- val = sk_CONF_VALUE_value(values, i); -- if(!strcmp(val->name, "CA")) { -- if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; -- } else if(!strcmp(val->name, "pathlen")) { -- if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; -- } else { -- X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); -- X509V3_conf_err(val); -- goto err; -- } -- } -- return bcons; -- err: -- BASIC_CONSTRAINTS_free(bcons); -- return NULL; -+ BASIC_CONSTRAINTS *bcons = NULL; -+ CONF_VALUE *val; -+ int i; -+ if (!(bcons = BASIC_CONSTRAINTS_new())) { -+ X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { -+ val = sk_CONF_VALUE_value(values, i); -+ if (!strcmp(val->name, "CA")) { -+ if (!X509V3_get_value_bool(val, &bcons->ca)) -+ goto err; -+ } else if (!strcmp(val->name, "pathlen")) { -+ if (!X509V3_get_value_int(val, &bcons->pathlen)) -+ goto err; -+ } else { -+ X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ } -+ return bcons; -+ err: -+ BASIC_CONSTRAINTS_free(bcons); -+ return NULL; - } -- -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c -index 058d0d4..b7bb3b5 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c -@@ -1,6 +1,7 @@ - /* v3_bitst.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,80 +63,80 @@ - #include - - static BIT_STRING_BITNAME ns_cert_type_table[] = { --{0, "SSL Client", "client"}, --{1, "SSL Server", "server"}, --{2, "S/MIME", "email"}, --{3, "Object Signing", "objsign"}, --{4, "Unused", "reserved"}, --{5, "SSL CA", "sslCA"}, --{6, "S/MIME CA", "emailCA"}, --{7, "Object Signing CA", "objCA"}, --{-1, NULL, NULL} -+ {0, "SSL Client", "client"}, -+ {1, "SSL Server", "server"}, -+ {2, "S/MIME", "email"}, -+ {3, "Object Signing", "objsign"}, -+ {4, "Unused", "reserved"}, -+ {5, "SSL CA", "sslCA"}, -+ {6, "S/MIME CA", "emailCA"}, -+ {7, "Object Signing CA", "objCA"}, -+ {-1, NULL, NULL} - }; - - static BIT_STRING_BITNAME key_usage_type_table[] = { --{0, "Digital Signature", "digitalSignature"}, --{1, "Non Repudiation", "nonRepudiation"}, --{2, "Key Encipherment", "keyEncipherment"}, --{3, "Data Encipherment", "dataEncipherment"}, --{4, "Key Agreement", "keyAgreement"}, --{5, "Certificate Sign", "keyCertSign"}, --{6, "CRL Sign", "cRLSign"}, --{7, "Encipher Only", "encipherOnly"}, --{8, "Decipher Only", "decipherOnly"}, --{-1, NULL, NULL} -+ {0, "Digital Signature", "digitalSignature"}, -+ {1, "Non Repudiation", "nonRepudiation"}, -+ {2, "Key Encipherment", "keyEncipherment"}, -+ {3, "Data Encipherment", "dataEncipherment"}, -+ {4, "Key Agreement", "keyAgreement"}, -+ {5, "Certificate Sign", "keyCertSign"}, -+ {6, "CRL Sign", "cRLSign"}, -+ {7, "Encipher Only", "encipherOnly"}, -+ {8, "Decipher Only", "decipherOnly"}, -+ {-1, NULL, NULL} - }; - -- -- --const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); --const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); -+const X509V3_EXT_METHOD v3_nscert = -+EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); -+const X509V3_EXT_METHOD v3_key_usage = -+EXT_BITSTRING(NID_key_usage, key_usage_type_table); - - STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, -- ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) -+ ASN1_BIT_STRING *bits, -+ STACK_OF(CONF_VALUE) *ret) - { -- BIT_STRING_BITNAME *bnam; -- for(bnam =method->usr_data; bnam->lname; bnam++) { -- if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) -- X509V3_add_value(bnam->lname, NULL, &ret); -- } -- return ret; -+ BIT_STRING_BITNAME *bnam; -+ for (bnam = method->usr_data; bnam->lname; bnam++) { -+ if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) -+ X509V3_add_value(bnam->lname, NULL, &ret); -+ } -+ return ret; - } -- -+ - ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval) - { -- CONF_VALUE *val; -- ASN1_BIT_STRING *bs; -- int i; -- BIT_STRING_BITNAME *bnam; -- if(!(bs = M_ASN1_BIT_STRING_new())) { -- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- val = sk_CONF_VALUE_value(nval, i); -- for(bnam = method->usr_data; bnam->lname; bnam++) { -- if(!strcmp(bnam->sname, val->name) || -- !strcmp(bnam->lname, val->name) ) { -- if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { -- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, -- ERR_R_MALLOC_FAILURE); -- M_ASN1_BIT_STRING_free(bs); -- return NULL; -- } -- break; -- } -- } -- if(!bnam->lname) { -- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, -- X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); -- X509V3_conf_err(val); -- M_ASN1_BIT_STRING_free(bs); -- return NULL; -- } -- } -- return bs; -+ CONF_VALUE *val; -+ ASN1_BIT_STRING *bs; -+ int i; -+ BIT_STRING_BITNAME *bnam; -+ if (!(bs = M_ASN1_BIT_STRING_new())) { -+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ val = sk_CONF_VALUE_value(nval, i); -+ for (bnam = method->usr_data; bnam->lname; bnam++) { -+ if (!strcmp(bnam->sname, val->name) || -+ !strcmp(bnam->lname, val->name)) { -+ if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { -+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, -+ ERR_R_MALLOC_FAILURE); -+ M_ASN1_BIT_STRING_free(bs); -+ return NULL; -+ } -+ break; -+ } -+ } -+ if (!bnam->lname) { -+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, -+ X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); -+ X509V3_conf_err(val); -+ M_ASN1_BIT_STRING_free(bs); -+ return NULL; -+ } -+ } -+ return bs; - } -- -- -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c -index 11eb6b7..b1c916f 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c -@@ -1,6 +1,7 @@ - /* v3_conf.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,8 +58,6 @@ - */ - /* extension creation utilities */ - -- -- - #include - #include - #include "cryptlib.h" -@@ -68,457 +67,466 @@ - - static int v3_check_critical(char **value); - static int v3_check_generic(char **value); --static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); --static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); -+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, -+ int crit, char *value); -+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, -+ int crit, int type, -+ X509V3_CTX *ctx); - static char *conf_lhash_get_string(void *db, char *section, char *value); - static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); - static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, -- int crit, void *ext_struc); --static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); -+ int crit, void *ext_struc); -+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, -+ long *ext_len); - /* CONF *conf: Config file */ - /* char *name: Name */ - /* char *value: Value */ - X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, -- char *value) -- { -- int crit; -- int ext_type; -- X509_EXTENSION *ret; -- crit = v3_check_critical(&value); -- if ((ext_type = v3_check_generic(&value))) -- return v3_generic_extension(name, value, crit, ext_type, ctx); -- ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); -- if (!ret) -- { -- X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); -- ERR_add_error_data(4,"name=", name, ", value=", value); -- } -- return ret; -- } -+ char *value) -+{ -+ int crit; -+ int ext_type; -+ X509_EXTENSION *ret; -+ crit = v3_check_critical(&value); -+ if ((ext_type = v3_check_generic(&value))) -+ return v3_generic_extension(name, value, crit, ext_type, ctx); -+ ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); -+ if (!ret) { -+ X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION); -+ ERR_add_error_data(4, "name=", name, ", value=", value); -+ } -+ return ret; -+} - - /* CONF *conf: Config file */ - /* char *value: Value */ - X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, -- char *value) -- { -- int crit; -- int ext_type; -- crit = v3_check_critical(&value); -- if ((ext_type = v3_check_generic(&value))) -- return v3_generic_extension(OBJ_nid2sn(ext_nid), -- value, crit, ext_type, ctx); -- return do_ext_nconf(conf, ctx, ext_nid, crit, value); -- } -+ char *value) -+{ -+ int crit; -+ int ext_type; -+ crit = v3_check_critical(&value); -+ if ((ext_type = v3_check_generic(&value))) -+ return v3_generic_extension(OBJ_nid2sn(ext_nid), -+ value, crit, ext_type, ctx); -+ return do_ext_nconf(conf, ctx, ext_nid, crit, value); -+} - - /* CONF *conf: Config file */ - /* char *value: Value */ - static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, -- int crit, char *value) -- { -- X509V3_EXT_METHOD *method; -- X509_EXTENSION *ext; -- STACK_OF(CONF_VALUE) *nval; -- void *ext_struc; -- if (ext_nid == NID_undef) -- { -- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); -- return NULL; -- } -- if (!(method = X509V3_EXT_get_nid(ext_nid))) -- { -- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); -- return NULL; -- } -- /* Now get internal extension representation based on type */ -- if (method->v2i) -- { -- if(*value == '@') nval = NCONF_get_section(conf, value + 1); -- else nval = X509V3_parse_list(value); -- if(sk_CONF_VALUE_num(nval) <= 0) -- { -- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); -- ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); -- return NULL; -- } -- ext_struc = method->v2i(method, ctx, nval); -- if(*value != '@') sk_CONF_VALUE_pop_free(nval, -- X509V3_conf_free); -- if(!ext_struc) return NULL; -- } -- else if(method->s2i) -- { -- if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; -- } -- else if(method->r2i) -- { -- if(!ctx->db || !ctx->db_meth) -- { -- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); -- return NULL; -- } -- if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; -- } -- else -- { -- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); -- ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); -- return NULL; -- } -- -- ext = do_ext_i2d(method, ext_nid, crit, ext_struc); -- if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); -- else method->ext_free(ext_struc); -- return ext; -- -- } -+ int crit, char *value) -+{ -+ X509V3_EXT_METHOD *method; -+ X509_EXTENSION *ext; -+ STACK_OF(CONF_VALUE) *nval; -+ void *ext_struc; -+ if (ext_nid == NID_undef) { -+ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); -+ return NULL; -+ } -+ if (!(method = X509V3_EXT_get_nid(ext_nid))) { -+ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); -+ return NULL; -+ } -+ /* Now get internal extension representation based on type */ -+ if (method->v2i) { -+ if (*value == '@') -+ nval = NCONF_get_section(conf, value + 1); -+ else -+ nval = X509V3_parse_list(value); -+ if (sk_CONF_VALUE_num(nval) <= 0) { -+ X509V3err(X509V3_F_DO_EXT_NCONF, -+ X509V3_R_INVALID_EXTENSION_STRING); -+ ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", -+ value); -+ return NULL; -+ } -+ ext_struc = method->v2i(method, ctx, nval); -+ if (*value != '@') -+ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); -+ if (!ext_struc) -+ return NULL; -+ } else if (method->s2i) { -+ if (!(ext_struc = method->s2i(method, ctx, value))) -+ return NULL; -+ } else if (method->r2i) { -+ if (!ctx->db || !ctx->db_meth) { -+ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); -+ return NULL; -+ } -+ if (!(ext_struc = method->r2i(method, ctx, value))) -+ return NULL; -+ } else { -+ X509V3err(X509V3_F_DO_EXT_NCONF, -+ X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); -+ ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); -+ return NULL; -+ } -+ -+ ext = do_ext_i2d(method, ext_nid, crit, ext_struc); -+ if (method->it) -+ ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); -+ else -+ method->ext_free(ext_struc); -+ return ext; -+ -+} - - static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, -- int crit, void *ext_struc) -- { -- unsigned char *ext_der; -- int ext_len; -- ASN1_OCTET_STRING *ext_oct; -- X509_EXTENSION *ext; -- /* Convert internal representation to DER */ -- if (method->it) -- { -- ext_der = NULL; -- ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); -- if (ext_len < 0) goto merr; -- } -- else -- { -- unsigned char *p; -- ext_len = method->i2d(ext_struc, NULL); -- if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr; -- p = ext_der; -- method->i2d(ext_struc, &p); -- } -- if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; -- ext_oct->data = ext_der; -- ext_oct->length = ext_len; -- -- ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); -- if (!ext) goto merr; -- M_ASN1_OCTET_STRING_free(ext_oct); -- -- return ext; -- -- merr: -- X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); -- return NULL; -- -- } -+ int crit, void *ext_struc) -+{ -+ unsigned char *ext_der; -+ int ext_len; -+ ASN1_OCTET_STRING *ext_oct; -+ X509_EXTENSION *ext; -+ /* Convert internal representation to DER */ -+ if (method->it) { -+ ext_der = NULL; -+ ext_len = -+ ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); -+ if (ext_len < 0) -+ goto merr; -+ } else { -+ unsigned char *p; -+ ext_len = method->i2d(ext_struc, NULL); -+ if (!(ext_der = OPENSSL_malloc(ext_len))) -+ goto merr; -+ p = ext_der; -+ method->i2d(ext_struc, &p); -+ } -+ if (!(ext_oct = M_ASN1_OCTET_STRING_new())) -+ goto merr; -+ ext_oct->data = ext_der; -+ ext_oct->length = ext_len; -+ -+ ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); -+ if (!ext) -+ goto merr; -+ M_ASN1_OCTET_STRING_free(ext_oct); -+ -+ return ext; -+ -+ merr: -+ X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ -+} - - /* Given an internal structure, nid and critical flag create an extension */ - - X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) -- { -- X509V3_EXT_METHOD *method; -- if (!(method = X509V3_EXT_get_nid(ext_nid))) { -- X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); -- return NULL; -- } -- return do_ext_i2d(method, ext_nid, crit, ext_struc); -+{ -+ X509V3_EXT_METHOD *method; -+ if (!(method = X509V3_EXT_get_nid(ext_nid))) { -+ X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); -+ return NULL; -+ } -+ return do_ext_i2d(method, ext_nid, crit, ext_struc); - } - - /* Check the extension string for critical flag */ - static int v3_check_critical(char **value) - { -- char *p = *value; -- if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; -- p+=9; -- while(isspace((unsigned char)*p)) p++; -- *value = p; -- return 1; -+ char *p = *value; -+ if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) -+ return 0; -+ p += 9; -+ while (isspace((unsigned char)*p)) -+ p++; -+ *value = p; -+ return 1; - } - - /* Check extension string for generic extension and return the type */ - static int v3_check_generic(char **value) - { -- int gen_type = 0; -- char *p = *value; -- if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) -- { -- p+=4; -- gen_type = 1; -- } -- else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) -- { -- p+=5; -- gen_type = 2; -- } -- else -- return 0; -- -- while (isspace((unsigned char)*p)) p++; -- *value = p; -- return gen_type; -+ int gen_type = 0; -+ char *p = *value; -+ if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { -+ p += 4; -+ gen_type = 1; -+ } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { -+ p += 5; -+ gen_type = 2; -+ } else -+ return 0; -+ -+ while (isspace((unsigned char)*p)) -+ p++; -+ *value = p; -+ return gen_type; - } - - /* Create a generic extension: for now just handle DER type */ - static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, -- int crit, int gen_type, X509V3_CTX *ctx) -- { -- unsigned char *ext_der=NULL; -- long ext_len; -- ASN1_OBJECT *obj=NULL; -- ASN1_OCTET_STRING *oct=NULL; -- X509_EXTENSION *extension=NULL; -- if (!(obj = OBJ_txt2obj(ext, 0))) -- { -- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); -- ERR_add_error_data(2, "name=", ext); -- goto err; -- } -- -- if (gen_type == 1) -- ext_der = string_to_hex(value, &ext_len); -- else if (gen_type == 2) -- ext_der = generic_asn1(value, ctx, &ext_len); -- -- if (ext_der == NULL) -- { -- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); -- ERR_add_error_data(2, "value=", value); -- goto err; -- } -- -- if (!(oct = M_ASN1_OCTET_STRING_new())) -- { -- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- oct->data = ext_der; -- oct->length = ext_len; -- ext_der = NULL; -- -- extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); -- -- err: -- ASN1_OBJECT_free(obj); -- M_ASN1_OCTET_STRING_free(oct); -- if(ext_der) OPENSSL_free(ext_der); -- return extension; -- -- } -- --static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) -- { -- ASN1_TYPE *typ; -- unsigned char *ext_der = NULL; -- typ = ASN1_generate_v3(value, ctx); -- if (typ == NULL) -- return NULL; -- *ext_len = i2d_ASN1_TYPE(typ, &ext_der); -- ASN1_TYPE_free(typ); -- return ext_der; -- } -- --/* This is the main function: add a bunch of extensions based on a config file -- * section to an extension STACK. -- */ -+ int crit, int gen_type, -+ X509V3_CTX *ctx) -+{ -+ unsigned char *ext_der = NULL; -+ long ext_len; -+ ASN1_OBJECT *obj = NULL; -+ ASN1_OCTET_STRING *oct = NULL; -+ X509_EXTENSION *extension = NULL; -+ if (!(obj = OBJ_txt2obj(ext, 0))) { -+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION, -+ X509V3_R_EXTENSION_NAME_ERROR); -+ ERR_add_error_data(2, "name=", ext); -+ goto err; -+ } -+ -+ if (gen_type == 1) -+ ext_der = string_to_hex(value, &ext_len); -+ else if (gen_type == 2) -+ ext_der = generic_asn1(value, ctx, &ext_len); -+ -+ if (ext_der == NULL) { -+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION, -+ X509V3_R_EXTENSION_VALUE_ERROR); -+ ERR_add_error_data(2, "value=", value); -+ goto err; -+ } -+ -+ if (!(oct = M_ASN1_OCTET_STRING_new())) { -+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ oct->data = ext_der; -+ oct->length = ext_len; -+ ext_der = NULL; -+ -+ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); -+ -+ err: -+ ASN1_OBJECT_free(obj); -+ M_ASN1_OCTET_STRING_free(oct); -+ if (ext_der) -+ OPENSSL_free(ext_der); -+ return extension; - -+} -+ -+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, -+ long *ext_len) -+{ -+ ASN1_TYPE *typ; -+ unsigned char *ext_der = NULL; -+ typ = ASN1_generate_v3(value, ctx); -+ if (typ == NULL) -+ return NULL; -+ *ext_len = i2d_ASN1_TYPE(typ, &ext_der); -+ ASN1_TYPE_free(typ); -+ return ext_der; -+} -+ -+/* -+ * This is the main function: add a bunch of extensions based on a config -+ * file section to an extension STACK. -+ */ - - int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, -- STACK_OF(X509_EXTENSION) **sk) -- { -- X509_EXTENSION *ext; -- STACK_OF(CONF_VALUE) *nval; -- CONF_VALUE *val; -- int i; -- if (!(nval = NCONF_get_section(conf, section))) return 0; -- for (i = 0; i < sk_CONF_VALUE_num(nval); i++) -- { -- val = sk_CONF_VALUE_value(nval, i); -- if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) -- return 0; -- if (sk) X509v3_add_ext(sk, ext, -1); -- X509_EXTENSION_free(ext); -- } -- return 1; -- } -- --/* Convenience functions to add extensions to a certificate, CRL and request */ -+ STACK_OF(X509_EXTENSION) **sk) -+{ -+ X509_EXTENSION *ext; -+ STACK_OF(CONF_VALUE) *nval; -+ CONF_VALUE *val; -+ int i; -+ if (!(nval = NCONF_get_section(conf, section))) -+ return 0; -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ val = sk_CONF_VALUE_value(nval, i); -+ if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) -+ return 0; -+ if (sk) -+ X509v3_add_ext(sk, ext, -1); -+ X509_EXTENSION_free(ext); -+ } -+ return 1; -+} -+ -+/* -+ * Convenience functions to add extensions to a certificate, CRL and request -+ */ - - int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, -- X509 *cert) -- { -- STACK_OF(X509_EXTENSION) **sk = NULL; -- if (cert) -- sk = &cert->cert_info->extensions; -- return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); -- } -+ X509 *cert) -+{ -+ STACK_OF(X509_EXTENSION) **sk = NULL; -+ if (cert) -+ sk = &cert->cert_info->extensions; -+ return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); -+} - - /* Same as above but for a CRL */ - - int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, -- X509_CRL *crl) -- { -- STACK_OF(X509_EXTENSION) **sk = NULL; -- if (crl) -- sk = &crl->crl->extensions; -- return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); -- } -+ X509_CRL *crl) -+{ -+ STACK_OF(X509_EXTENSION) **sk = NULL; -+ if (crl) -+ sk = &crl->crl->extensions; -+ return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); -+} - - /* Add extensions to certificate request */ - - int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, -- X509_REQ *req) -- { -- STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; -- int i; -- if (req) -- sk = &extlist; -- i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); -- if (!i || !sk) -- return i; -- i = X509_REQ_add_extensions(req, extlist); -- sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); -- return i; -- } -+ X509_REQ *req) -+{ -+ STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; -+ int i; -+ if (req) -+ sk = &extlist; -+ i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); -+ if (!i || !sk) -+ return i; -+ i = X509_REQ_add_extensions(req, extlist); -+ sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); -+ return i; -+} - - /* Config database functions */ - --char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) -- { -- if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) -- { -- X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); -- return NULL; -- } -- if (ctx->db_meth->get_string) -- return ctx->db_meth->get_string(ctx->db, name, section); -- return NULL; -- } -- --STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) -- { -- if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) -- { -- X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); -- return NULL; -- } -- if (ctx->db_meth->get_section) -- return ctx->db_meth->get_section(ctx->db, section); -- return NULL; -- } -+char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) -+{ -+ if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { -+ X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); -+ return NULL; -+ } -+ if (ctx->db_meth->get_string) -+ return ctx->db_meth->get_string(ctx->db, name, section); -+ return NULL; -+} -+ -+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) -+{ -+ if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { -+ X509V3err(X509V3_F_X509V3_GET_SECTION, -+ X509V3_R_OPERATION_NOT_DEFINED); -+ return NULL; -+ } -+ if (ctx->db_meth->get_section) -+ return ctx->db_meth->get_section(ctx->db, section); -+ return NULL; -+} - - void X509V3_string_free(X509V3_CTX *ctx, char *str) -- { -- if (!str) return; -- if (ctx->db_meth->free_string) -- ctx->db_meth->free_string(ctx->db, str); -- } -+{ -+ if (!str) -+ return; -+ if (ctx->db_meth->free_string) -+ ctx->db_meth->free_string(ctx->db, str); -+} - - void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) -- { -- if (!section) return; -- if (ctx->db_meth->free_section) -- ctx->db_meth->free_section(ctx->db, section); -- } -+{ -+ if (!section) -+ return; -+ if (ctx->db_meth->free_section) -+ ctx->db_meth->free_section(ctx->db, section); -+} - - static char *nconf_get_string(void *db, char *section, char *value) -- { -- return NCONF_get_string(db, section, value); -- } -+{ -+ return NCONF_get_string(db, section, value); -+} - - static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) -- { -- return NCONF_get_section(db, section); -- } -+{ -+ return NCONF_get_section(db, section); -+} - - static X509V3_CONF_METHOD nconf_method = { --nconf_get_string, --nconf_get_section, --NULL, --NULL -+ nconf_get_string, -+ nconf_get_section, -+ NULL, -+ NULL - }; - - void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) -- { -- ctx->db_meth = &nconf_method; -- ctx->db = conf; -- } -+{ -+ ctx->db_meth = &nconf_method; -+ ctx->db = conf; -+} - - void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, -- X509_CRL *crl, int flags) -- { -- ctx->issuer_cert = issuer; -- ctx->subject_cert = subj; -- ctx->crl = crl; -- ctx->subject_req = req; -- ctx->flags = flags; -- } -+ X509_CRL *crl, int flags) -+{ -+ ctx->issuer_cert = issuer; -+ ctx->subject_cert = subj; -+ ctx->crl = crl; -+ ctx->subject_req = req; -+ ctx->flags = flags; -+} - - /* Old conf compatibility functions */ - - X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, -- char *value) -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- return X509V3_EXT_nconf(&ctmp, ctx, name, value); -- } -+ char *value) -+{ -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ return X509V3_EXT_nconf(&ctmp, ctx, name, value); -+} - - /* LHASH *conf: Config file */ - /* char *value: Value */ - X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, -- char *value) -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); -- } -+ char *value) -+{ -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); -+} - - static char *conf_lhash_get_string(void *db, char *section, char *value) -- { -- return CONF_get_string(db, section, value); -- } -+{ -+ return CONF_get_string(db, section, value); -+} - - static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) -- { -- return CONF_get_section(db, section); -- } -+{ -+ return CONF_get_section(db, section); -+} - - static X509V3_CONF_METHOD conf_lhash_method = { --conf_lhash_get_string, --conf_lhash_get_section, --NULL, --NULL -+ conf_lhash_get_string, -+ conf_lhash_get_section, -+ NULL, -+ NULL - }; - - void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) -- { -- ctx->db_meth = &conf_lhash_method; -- ctx->db = lhash; -- } -+{ -+ ctx->db_meth = &conf_lhash_method; -+ ctx->db = lhash; -+} - - int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, -- X509 *cert) -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); -- } -+ X509 *cert) -+{ -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); -+} - - /* Same as above but for a CRL */ - - int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, -- X509_CRL *crl) -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); -- } -+ X509_CRL *crl) -+{ -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); -+} - - /* Add extensions to certificate request */ - - int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, -- X509_REQ *req) -- { -- CONF ctmp; -- CONF_set_nconf(&ctmp, conf); -- return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); -- } -+ X509_REQ *req) -+{ -+ CONF ctmp; -+ CONF_set_nconf(&ctmp, conf); -+ return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c -index ad0506d..3c26ac1 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c -@@ -1,6 +1,7 @@ - /* v3_cpols.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -67,35 +68,38 @@ - - /* Certificate policies extension support: this one is a bit complex... */ - --static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); --static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); --static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); -+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, -+ BIO *out, int indent); -+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, char *value); -+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, -+ int indent); - static void print_notice(BIO *out, USERNOTICE *notice, int indent); - static POLICYINFO *policy_section(X509V3_CTX *ctx, -- STACK_OF(CONF_VALUE) *polstrs, int ia5org); -+ STACK_OF(CONF_VALUE) *polstrs, int ia5org); - static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, -- STACK_OF(CONF_VALUE) *unot, int ia5org); -+ STACK_OF(CONF_VALUE) *unot, int ia5org); - static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); - - const X509V3_EXT_METHOD v3_cpols = { --NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), --0,0,0,0, --0,0, --0,0, --(X509V3_EXT_I2R)i2r_certpol, --(X509V3_EXT_R2I)r2i_certpol, --NULL -+ NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ (X509V3_EXT_I2R)i2r_certpol, -+ (X509V3_EXT_R2I)r2i_certpol, -+ NULL - }; - --ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) -+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) - ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) - - IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) - - ASN1_SEQUENCE(POLICYINFO) = { -- ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), -- ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) -+ ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), -+ ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) - } ASN1_SEQUENCE_END(POLICYINFO) - - IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) -@@ -103,352 +107,370 @@ IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) - ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); - - ASN1_ADB(POLICYQUALINFO) = { -- ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), -- ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) -+ ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), -+ ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) - } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); - - ASN1_SEQUENCE(POLICYQUALINFO) = { -- ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), -- ASN1_ADB_OBJECT(POLICYQUALINFO) -+ ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), -+ ASN1_ADB_OBJECT(POLICYQUALINFO) - } ASN1_SEQUENCE_END(POLICYQUALINFO) - - IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) - - ASN1_SEQUENCE(USERNOTICE) = { -- ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), -- ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) -+ ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), -+ ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) - } ASN1_SEQUENCE_END(USERNOTICE) - - IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) - - ASN1_SEQUENCE(NOTICEREF) = { -- ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), -- ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) -+ ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), -+ ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) - } ASN1_SEQUENCE_END(NOTICEREF) - - IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) - - static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, char *value) -+ X509V3_CTX *ctx, char *value) - { -- STACK_OF(POLICYINFO) *pols = NULL; -- char *pstr; -- POLICYINFO *pol; -- ASN1_OBJECT *pobj; -- STACK_OF(CONF_VALUE) *vals; -- CONF_VALUE *cnf; -- int i, ia5org; -- pols = sk_POLICYINFO_new_null(); -- if (pols == NULL) { -- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- vals = X509V3_parse_list(value); -- if (vals == NULL) { -- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); -- goto err; -- } -- ia5org = 0; -- for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { -- cnf = sk_CONF_VALUE_value(vals, i); -- if(cnf->value || !cnf->name ) { -- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); -- X509V3_conf_err(cnf); -- goto err; -- } -- pstr = cnf->name; -- if(!strcmp(pstr,"ia5org")) { -- ia5org = 1; -- continue; -- } else if(*pstr == '@') { -- STACK_OF(CONF_VALUE) *polsect; -- polsect = X509V3_get_section(ctx, pstr + 1); -- if(!polsect) { -- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); -- -- X509V3_conf_err(cnf); -- goto err; -- } -- pol = policy_section(ctx, polsect, ia5org); -- X509V3_section_free(ctx, polsect); -- if(!pol) goto err; -- } else { -- if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { -- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); -- X509V3_conf_err(cnf); -- goto err; -- } -- pol = POLICYINFO_new(); -- pol->policyid = pobj; -- } -- if (!sk_POLICYINFO_push(pols, pol)){ -- POLICYINFO_free(pol); -- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); -- goto err; -- } -- } -- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); -- return pols; -- err: -- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); -- sk_POLICYINFO_pop_free(pols, POLICYINFO_free); -- return NULL; -+ STACK_OF(POLICYINFO) *pols = NULL; -+ char *pstr; -+ POLICYINFO *pol; -+ ASN1_OBJECT *pobj; -+ STACK_OF(CONF_VALUE) *vals; -+ CONF_VALUE *cnf; -+ int i, ia5org; -+ pols = sk_POLICYINFO_new_null(); -+ if (pols == NULL) { -+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ vals = X509V3_parse_list(value); -+ if (vals == NULL) { -+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); -+ goto err; -+ } -+ ia5org = 0; -+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { -+ cnf = sk_CONF_VALUE_value(vals, i); -+ if (cnf->value || !cnf->name) { -+ X509V3err(X509V3_F_R2I_CERTPOL, -+ X509V3_R_INVALID_POLICY_IDENTIFIER); -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ pstr = cnf->name; -+ if (!strcmp(pstr, "ia5org")) { -+ ia5org = 1; -+ continue; -+ } else if (*pstr == '@') { -+ STACK_OF(CONF_VALUE) *polsect; -+ polsect = X509V3_get_section(ctx, pstr + 1); -+ if (!polsect) { -+ X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION); -+ -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ pol = policy_section(ctx, polsect, ia5org); -+ X509V3_section_free(ctx, polsect); -+ if (!pol) -+ goto err; -+ } else { -+ if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { -+ X509V3err(X509V3_F_R2I_CERTPOL, -+ X509V3_R_INVALID_OBJECT_IDENTIFIER); -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ pol = POLICYINFO_new(); -+ pol->policyid = pobj; -+ } -+ if (!sk_POLICYINFO_push(pols, pol)) { -+ POLICYINFO_free(pol); -+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ } -+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); -+ return pols; -+ err: -+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); -+ sk_POLICYINFO_pop_free(pols, POLICYINFO_free); -+ return NULL; - } - - static POLICYINFO *policy_section(X509V3_CTX *ctx, -- STACK_OF(CONF_VALUE) *polstrs, int ia5org) -+ STACK_OF(CONF_VALUE) *polstrs, int ia5org) - { -- int i; -- CONF_VALUE *cnf; -- POLICYINFO *pol; -- POLICYQUALINFO *qual; -- if(!(pol = POLICYINFO_new())) goto merr; -- for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { -- cnf = sk_CONF_VALUE_value(polstrs, i); -- if(!strcmp(cnf->name, "policyIdentifier")) { -- ASN1_OBJECT *pobj; -- if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { -- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); -- X509V3_conf_err(cnf); -- goto err; -- } -- pol->policyid = pobj; -- -- } else if(!name_cmp(cnf->name, "CPS")) { -- if(!pol->qualifiers) pol->qualifiers = -- sk_POLICYQUALINFO_new_null(); -- if(!(qual = POLICYQUALINFO_new())) goto merr; -- if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) -- goto merr; -- qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); -- qual->d.cpsuri = M_ASN1_IA5STRING_new(); -- if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, -- strlen(cnf->value))) goto merr; -- } else if(!name_cmp(cnf->name, "userNotice")) { -- STACK_OF(CONF_VALUE) *unot; -- if(*cnf->value != '@') { -- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); -- X509V3_conf_err(cnf); -- goto err; -- } -- unot = X509V3_get_section(ctx, cnf->value + 1); -- if(!unot) { -- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); -- -- X509V3_conf_err(cnf); -- goto err; -- } -- qual = notice_section(ctx, unot, ia5org); -- X509V3_section_free(ctx, unot); -- if(!qual) goto err; -- if(!pol->qualifiers) pol->qualifiers = -- sk_POLICYQUALINFO_new_null(); -- if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) -- goto merr; -- } else { -- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); -- -- X509V3_conf_err(cnf); -- goto err; -- } -- } -- if(!pol->policyid) { -- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); -- goto err; -- } -- -- return pol; -- -- merr: -- X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); -- -- err: -- POLICYINFO_free(pol); -- return NULL; -- -- -+ int i; -+ CONF_VALUE *cnf; -+ POLICYINFO *pol; -+ POLICYQUALINFO *qual; -+ if (!(pol = POLICYINFO_new())) -+ goto merr; -+ for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { -+ cnf = sk_CONF_VALUE_value(polstrs, i); -+ if (!strcmp(cnf->name, "policyIdentifier")) { -+ ASN1_OBJECT *pobj; -+ if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { -+ X509V3err(X509V3_F_POLICY_SECTION, -+ X509V3_R_INVALID_OBJECT_IDENTIFIER); -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ pol->policyid = pobj; -+ -+ } else if (!name_cmp(cnf->name, "CPS")) { -+ if (!pol->qualifiers) -+ pol->qualifiers = sk_POLICYQUALINFO_new_null(); -+ if (!(qual = POLICYQUALINFO_new())) -+ goto merr; -+ if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) -+ goto merr; -+ qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); -+ qual->d.cpsuri = M_ASN1_IA5STRING_new(); -+ if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, -+ strlen(cnf->value))) -+ goto merr; -+ } else if (!name_cmp(cnf->name, "userNotice")) { -+ STACK_OF(CONF_VALUE) *unot; -+ if (*cnf->value != '@') { -+ X509V3err(X509V3_F_POLICY_SECTION, -+ X509V3_R_EXPECTED_A_SECTION_NAME); -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ unot = X509V3_get_section(ctx, cnf->value + 1); -+ if (!unot) { -+ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION); -+ -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ qual = notice_section(ctx, unot, ia5org); -+ X509V3_section_free(ctx, unot); -+ if (!qual) -+ goto err; -+ if (!pol->qualifiers) -+ pol->qualifiers = sk_POLICYQUALINFO_new_null(); -+ if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) -+ goto merr; -+ } else { -+ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION); -+ -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ } -+ if (!pol->policyid) { -+ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER); -+ goto err; -+ } -+ -+ return pol; -+ -+ merr: -+ X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE); -+ -+ err: -+ POLICYINFO_free(pol); -+ return NULL; -+ - } - - static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, -- STACK_OF(CONF_VALUE) *unot, int ia5org) -+ STACK_OF(CONF_VALUE) *unot, int ia5org) - { -- int i, ret; -- CONF_VALUE *cnf; -- USERNOTICE *not; -- POLICYQUALINFO *qual; -- if(!(qual = POLICYQUALINFO_new())) goto merr; -- qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); -- if(!(not = USERNOTICE_new())) goto merr; -- qual->d.usernotice = not; -- for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { -- cnf = sk_CONF_VALUE_value(unot, i); -- if(!strcmp(cnf->name, "explicitText")) { -- not->exptext = M_ASN1_VISIBLESTRING_new(); -- if(!ASN1_STRING_set(not->exptext, cnf->value, -- strlen(cnf->value))) goto merr; -- } else if(!strcmp(cnf->name, "organization")) { -- NOTICEREF *nref; -- if(!not->noticeref) { -- if(!(nref = NOTICEREF_new())) goto merr; -- not->noticeref = nref; -- } else nref = not->noticeref; -- if(ia5org) nref->organization->type = V_ASN1_IA5STRING; -- else nref->organization->type = V_ASN1_VISIBLESTRING; -- if(!ASN1_STRING_set(nref->organization, cnf->value, -- strlen(cnf->value))) goto merr; -- } else if(!strcmp(cnf->name, "noticeNumbers")) { -- NOTICEREF *nref; -- STACK_OF(CONF_VALUE) *nos; -- if(!not->noticeref) { -- if(!(nref = NOTICEREF_new())) goto merr; -- not->noticeref = nref; -- } else nref = not->noticeref; -- nos = X509V3_parse_list(cnf->value); -- if(!nos || !sk_CONF_VALUE_num(nos)) { -- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); -- X509V3_conf_err(cnf); -- goto err; -- } -- ret = nref_nos(nref->noticenos, nos); -- sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); -- if (!ret) -- goto err; -- } else { -- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); -- X509V3_conf_err(cnf); -- goto err; -- } -- } -- -- if(not->noticeref && -- (!not->noticeref->noticenos || !not->noticeref->organization)) { -- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); -- goto err; -- } -- -- return qual; -- -- merr: -- X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); -- -- err: -- POLICYQUALINFO_free(qual); -- return NULL; -+ int i, ret; -+ CONF_VALUE *cnf; -+ USERNOTICE *not; -+ POLICYQUALINFO *qual; -+ if (!(qual = POLICYQUALINFO_new())) -+ goto merr; -+ qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); -+ if (!(not = USERNOTICE_new())) -+ goto merr; -+ qual->d.usernotice = not; -+ for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { -+ cnf = sk_CONF_VALUE_value(unot, i); -+ if (!strcmp(cnf->name, "explicitText")) { -+ not->exptext = M_ASN1_VISIBLESTRING_new(); -+ if (!ASN1_STRING_set(not->exptext, cnf->value, -+ strlen(cnf->value))) -+ goto merr; -+ } else if (!strcmp(cnf->name, "organization")) { -+ NOTICEREF *nref; -+ if (!not->noticeref) { -+ if (!(nref = NOTICEREF_new())) -+ goto merr; -+ not->noticeref = nref; -+ } else -+ nref = not->noticeref; -+ if (ia5org) -+ nref->organization->type = V_ASN1_IA5STRING; -+ else -+ nref->organization->type = V_ASN1_VISIBLESTRING; -+ if (!ASN1_STRING_set(nref->organization, cnf->value, -+ strlen(cnf->value))) -+ goto merr; -+ } else if (!strcmp(cnf->name, "noticeNumbers")) { -+ NOTICEREF *nref; -+ STACK_OF(CONF_VALUE) *nos; -+ if (!not->noticeref) { -+ if (!(nref = NOTICEREF_new())) -+ goto merr; -+ not->noticeref = nref; -+ } else -+ nref = not->noticeref; -+ nos = X509V3_parse_list(cnf->value); -+ if (!nos || !sk_CONF_VALUE_num(nos)) { -+ X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS); -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ ret = nref_nos(nref->noticenos, nos); -+ sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); -+ if (!ret) -+ goto err; -+ } else { -+ X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION); -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ } -+ -+ if (not->noticeref && -+ (!not->noticeref->noticenos || !not->noticeref->organization)) { -+ X509V3err(X509V3_F_NOTICE_SECTION, -+ X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); -+ goto err; -+ } -+ -+ return qual; -+ -+ merr: -+ X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE); -+ -+ err: -+ POLICYQUALINFO_free(qual); -+ return NULL; - } - - static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) - { -- CONF_VALUE *cnf; -- ASN1_INTEGER *aint; -- -- int i; -- -- for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { -- cnf = sk_CONF_VALUE_value(nos, i); -- if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { -- X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); -- goto err; -- } -- if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; -- } -- return 1; -- -- merr: -- X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); -- -- err: -- sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); -- return 0; -+ CONF_VALUE *cnf; -+ ASN1_INTEGER *aint; -+ -+ int i; -+ -+ for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { -+ cnf = sk_CONF_VALUE_value(nos, i); -+ if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { -+ X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); -+ goto err; -+ } -+ if (!sk_ASN1_INTEGER_push(nnums, aint)) -+ goto merr; -+ } -+ return 1; -+ -+ merr: -+ X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); -+ -+ err: -+ sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); -+ return 0; - } - -- - static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, -- BIO *out, int indent) -+ BIO *out, int indent) - { -- int i; -- POLICYINFO *pinfo; -- /* First print out the policy OIDs */ -- for(i = 0; i < sk_POLICYINFO_num(pol); i++) { -- pinfo = sk_POLICYINFO_value(pol, i); -- BIO_printf(out, "%*sPolicy: ", indent, ""); -- i2a_ASN1_OBJECT(out, pinfo->policyid); -- BIO_puts(out, "\n"); -- if(pinfo->qualifiers) -- print_qualifiers(out, pinfo->qualifiers, indent + 2); -- } -- return 1; -+ int i; -+ POLICYINFO *pinfo; -+ /* First print out the policy OIDs */ -+ for (i = 0; i < sk_POLICYINFO_num(pol); i++) { -+ pinfo = sk_POLICYINFO_value(pol, i); -+ BIO_printf(out, "%*sPolicy: ", indent, ""); -+ i2a_ASN1_OBJECT(out, pinfo->policyid); -+ BIO_puts(out, "\n"); -+ if (pinfo->qualifiers) -+ print_qualifiers(out, pinfo->qualifiers, indent + 2); -+ } -+ return 1; - } - - static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, -- int indent) -+ int indent) - { -- POLICYQUALINFO *qualinfo; -- int i; -- for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { -- qualinfo = sk_POLICYQUALINFO_value(quals, i); -- switch(OBJ_obj2nid(qualinfo->pqualid)) -- { -- case NID_id_qt_cps: -- BIO_printf(out, "%*sCPS: %s\n", indent, "", -- qualinfo->d.cpsuri->data); -- break; -- -- case NID_id_qt_unotice: -- BIO_printf(out, "%*sUser Notice:\n", indent, ""); -- print_notice(out, qualinfo->d.usernotice, indent + 2); -- break; -- -- default: -- BIO_printf(out, "%*sUnknown Qualifier: ", -- indent + 2, ""); -- -- i2a_ASN1_OBJECT(out, qualinfo->pqualid); -- BIO_puts(out, "\n"); -- break; -- } -- } -+ POLICYQUALINFO *qualinfo; -+ int i; -+ for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { -+ qualinfo = sk_POLICYQUALINFO_value(quals, i); -+ switch (OBJ_obj2nid(qualinfo->pqualid)) { -+ case NID_id_qt_cps: -+ BIO_printf(out, "%*sCPS: %s\n", indent, "", -+ qualinfo->d.cpsuri->data); -+ break; -+ -+ case NID_id_qt_unotice: -+ BIO_printf(out, "%*sUser Notice:\n", indent, ""); -+ print_notice(out, qualinfo->d.usernotice, indent + 2); -+ break; -+ -+ default: -+ BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, ""); -+ -+ i2a_ASN1_OBJECT(out, qualinfo->pqualid); -+ BIO_puts(out, "\n"); -+ break; -+ } -+ } - } - - static void print_notice(BIO *out, USERNOTICE *notice, int indent) - { -- int i; -- if(notice->noticeref) { -- NOTICEREF *ref; -- ref = notice->noticeref; -- BIO_printf(out, "%*sOrganization: %s\n", indent, "", -- ref->organization->data); -- BIO_printf(out, "%*sNumber%s: ", indent, "", -- sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); -- for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { -- ASN1_INTEGER *num; -- char *tmp; -- num = sk_ASN1_INTEGER_value(ref->noticenos, i); -- if(i) BIO_puts(out, ", "); -- tmp = i2s_ASN1_INTEGER(NULL, num); -- BIO_puts(out, tmp); -- OPENSSL_free(tmp); -- } -- BIO_puts(out, "\n"); -- } -- if(notice->exptext) -- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", -- notice->exptext->data); -+ int i; -+ if (notice->noticeref) { -+ NOTICEREF *ref; -+ ref = notice->noticeref; -+ BIO_printf(out, "%*sOrganization: %s\n", indent, "", -+ ref->organization->data); -+ BIO_printf(out, "%*sNumber%s: ", indent, "", -+ sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); -+ for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { -+ ASN1_INTEGER *num; -+ char *tmp; -+ num = sk_ASN1_INTEGER_value(ref->noticenos, i); -+ if (i) -+ BIO_puts(out, ", "); -+ tmp = i2s_ASN1_INTEGER(NULL, num); -+ BIO_puts(out, tmp); -+ OPENSSL_free(tmp); -+ } -+ BIO_puts(out, "\n"); -+ } -+ if (notice->exptext) -+ BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", -+ notice->exptext->data); - } - - void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) -- { -- const X509_POLICY_DATA *dat = node->data; -- -- BIO_printf(out, "%*sPolicy: ", indent, ""); -- -- i2a_ASN1_OBJECT(out, dat->valid_policy); -- BIO_puts(out, "\n"); -- BIO_printf(out, "%*s%s\n", indent + 2, "", -- node_data_critical(dat) ? "Critical" : "Non Critical"); -- if (dat->qualifier_set) -- print_qualifiers(out, dat->qualifier_set, indent + 2); -- else -- BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); -- } -- -+{ -+ const X509_POLICY_DATA *dat = node->data; -+ -+ BIO_printf(out, "%*sPolicy: ", indent, ""); -+ -+ i2a_ASN1_OBJECT(out, dat->valid_policy); -+ BIO_puts(out, "\n"); -+ BIO_printf(out, "%*s%s\n", indent + 2, "", -+ node_data_critical(dat) ? "Critical" : "Non Critical"); -+ if (dat->qualifier_set) -+ print_qualifiers(out, dat->qualifier_set, indent + 2); -+ else -+ BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); -+} -+ - IMPLEMENT_STACK_OF(X509_POLICY_NODE) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c -index 181a897..6c8ec98 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c -@@ -1,6 +1,7 @@ - /* v3_crld.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,99 +65,113 @@ - #include - - static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, -- STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist); -+ STACK_OF(DIST_POINT) *crld, -+ STACK_OF(CONF_VALUE) *extlist); - static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval); - - const X509V3_EXT_METHOD v3_crld = { --NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS), --0,0,0,0, --0,0, --(X509V3_EXT_I2V)i2v_crld, --(X509V3_EXT_V2I)v2i_crld, --0,0, --NULL -+ NID_crl_distribution_points, X509V3_EXT_MULTILINE, -+ ASN1_ITEM_ref(CRL_DIST_POINTS), -+ 0, 0, 0, 0, -+ 0, 0, -+ (X509V3_EXT_I2V) i2v_crld, -+ (X509V3_EXT_V2I)v2i_crld, -+ 0, 0, -+ NULL - }; - - static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, -- STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts) -+ STACK_OF(DIST_POINT) *crld, -+ STACK_OF(CONF_VALUE) *exts) - { -- DIST_POINT *point; -- int i; -- for(i = 0; i < sk_DIST_POINT_num(crld); i++) { -- point = sk_DIST_POINT_value(crld, i); -- if(point->distpoint) { -- if(point->distpoint->type == 0) -- exts = i2v_GENERAL_NAMES(NULL, -- point->distpoint->name.fullname, exts); -- else X509V3_add_value("RelativeName","", &exts); -- } -- if(point->reasons) -- X509V3_add_value("reasons","", &exts); -- if(point->CRLissuer) -- X509V3_add_value("CRLissuer","", &exts); -- } -- return exts; -+ DIST_POINT *point; -+ int i; -+ for (i = 0; i < sk_DIST_POINT_num(crld); i++) { -+ point = sk_DIST_POINT_value(crld, i); -+ if (point->distpoint) { -+ if (point->distpoint->type == 0) -+ exts = i2v_GENERAL_NAMES(NULL, -+ point->distpoint->name.fullname, -+ exts); -+ else -+ X509V3_add_value("RelativeName", "", &exts); -+ } -+ if (point->reasons) -+ X509V3_add_value("reasons", "", &exts); -+ if (point->CRLissuer) -+ X509V3_add_value("CRLissuer", "", &exts); -+ } -+ return exts; - } - - static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval) - { -- STACK_OF(DIST_POINT) *crld = NULL; -- GENERAL_NAMES *gens = NULL; -- GENERAL_NAME *gen = NULL; -- CONF_VALUE *cnf; -- int i; -- if(!(crld = sk_DIST_POINT_new_null())) goto merr; -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- DIST_POINT *point; -- cnf = sk_CONF_VALUE_value(nval, i); -- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; -- if(!(gens = GENERAL_NAMES_new())) goto merr; -- if(!sk_GENERAL_NAME_push(gens, gen)) goto merr; -- gen = NULL; -- if(!(point = DIST_POINT_new())) goto merr; -- if(!sk_DIST_POINT_push(crld, point)) { -- DIST_POINT_free(point); -- goto merr; -- } -- if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; -- point->distpoint->name.fullname = gens; -- point->distpoint->type = 0; -- gens = NULL; -- } -- return crld; -+ STACK_OF(DIST_POINT) *crld = NULL; -+ GENERAL_NAMES *gens = NULL; -+ GENERAL_NAME *gen = NULL; -+ CONF_VALUE *cnf; -+ int i; -+ if (!(crld = sk_DIST_POINT_new_null())) -+ goto merr; -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ DIST_POINT *point; -+ cnf = sk_CONF_VALUE_value(nval, i); -+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) -+ goto err; -+ if (!(gens = GENERAL_NAMES_new())) -+ goto merr; -+ if (!sk_GENERAL_NAME_push(gens, gen)) -+ goto merr; -+ gen = NULL; -+ if (!(point = DIST_POINT_new())) -+ goto merr; -+ if (!sk_DIST_POINT_push(crld, point)) { -+ DIST_POINT_free(point); -+ goto merr; -+ } -+ if (!(point->distpoint = DIST_POINT_NAME_new())) -+ goto merr; -+ point->distpoint->name.fullname = gens; -+ point->distpoint->type = 0; -+ gens = NULL; -+ } -+ return crld; - -- merr: -- X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); -- err: -- GENERAL_NAME_free(gen); -- GENERAL_NAMES_free(gens); -- sk_DIST_POINT_pop_free(crld, DIST_POINT_free); -- return NULL; -+ merr: -+ X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE); -+ err: -+ GENERAL_NAME_free(gen); -+ GENERAL_NAMES_free(gens); -+ sk_DIST_POINT_pop_free(crld, DIST_POINT_free); -+ return NULL; - } - - IMPLEMENT_STACK_OF(DIST_POINT) -+ - IMPLEMENT_ASN1_SET_OF(DIST_POINT) - - - ASN1_CHOICE(DIST_POINT_NAME) = { -- ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), -- ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) -+ ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), -+ ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) - } ASN1_CHOICE_END(DIST_POINT_NAME) - - IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) - - ASN1_SEQUENCE(DIST_POINT) = { -- ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), -- ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), -- ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) -+ ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), -+ ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), -+ ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) - } ASN1_SEQUENCE_END(DIST_POINT) - - IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) - --ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) -+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) - ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) - - IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c -index 36576ea..aa91c5d 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c -@@ -1,6 +1,7 @@ - /* v3_enum.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -61,34 +62,34 @@ - #include - - static ENUMERATED_NAMES crl_reasons[] = { --{0, "Unspecified", "unspecified"}, --{1, "Key Compromise", "keyCompromise"}, --{2, "CA Compromise", "CACompromise"}, --{3, "Affiliation Changed", "affiliationChanged"}, --{4, "Superseded", "superseded"}, --{5, "Cessation Of Operation", "cessationOfOperation"}, --{6, "Certificate Hold", "certificateHold"}, --{8, "Remove From CRL", "removeFromCRL"}, --{-1, NULL, NULL} -+ {0, "Unspecified", "unspecified"}, -+ {1, "Key Compromise", "keyCompromise"}, -+ {2, "CA Compromise", "CACompromise"}, -+ {3, "Affiliation Changed", "affiliationChanged"}, -+ {4, "Superseded", "superseded"}, -+ {5, "Cessation Of Operation", "cessationOfOperation"}, -+ {6, "Certificate Hold", "certificateHold"}, -+ {8, "Remove From CRL", "removeFromCRL"}, -+ {-1, NULL, NULL} - }; - --const X509V3_EXT_METHOD v3_crl_reason = { --NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), --0,0,0,0, --(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, --0, --0,0,0,0, --crl_reasons}; -- -+const X509V3_EXT_METHOD v3_crl_reason = { -+ NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), -+ 0, 0, 0, 0, -+ (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, -+ 0, -+ 0, 0, 0, 0, -+ crl_reasons -+}; - --char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, -- ASN1_ENUMERATED *e) -+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) - { -- ENUMERATED_NAMES *enam; -- long strval; -- strval = ASN1_ENUMERATED_get(e); -- for(enam = method->usr_data; enam->lname; enam++) { -- if(strval == enam->bitnum) return BUF_strdup(enam->lname); -- } -- return i2s_ASN1_ENUMERATED(method, e); -+ ENUMERATED_NAMES *enam; -+ long strval; -+ strval = ASN1_ENUMERATED_get(e); -+ for (enam = method->usr_data; enam->lname; enam++) { -+ if (strval == enam->bitnum) -+ return BUF_strdup(enam->lname); -+ } -+ return i2s_ASN1_ENUMERATED(method, e); - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c -index c0d1450..0220174 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c -@@ -1,6 +1,7 @@ - /* v3_extku.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include "cryptlib.h" - #include -@@ -64,79 +64,88 @@ - #include - - static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval); - static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, -- void *eku, STACK_OF(CONF_VALUE) *extlist); -+ void *eku, -+ STACK_OF(CONF_VALUE) -+ *extlist); - - const X509V3_EXT_METHOD v3_ext_ku = { -- NID_ext_key_usage, 0, -- ASN1_ITEM_ref(EXTENDED_KEY_USAGE), -- 0,0,0,0, -- 0,0, -- i2v_EXTENDED_KEY_USAGE, -- v2i_EXTENDED_KEY_USAGE, -- 0,0, -- NULL -+ NID_ext_key_usage, 0, -+ ASN1_ITEM_ref(EXTENDED_KEY_USAGE), -+ 0, 0, 0, 0, -+ 0, 0, -+ i2v_EXTENDED_KEY_USAGE, -+ v2i_EXTENDED_KEY_USAGE, -+ 0, 0, -+ NULL - }; - - /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ - const X509V3_EXT_METHOD v3_ocsp_accresp = { -- NID_id_pkix_OCSP_acceptableResponses, 0, -- ASN1_ITEM_ref(EXTENDED_KEY_USAGE), -- 0,0,0,0, -- 0,0, -- i2v_EXTENDED_KEY_USAGE, -- v2i_EXTENDED_KEY_USAGE, -- 0,0, -- NULL -+ NID_id_pkix_OCSP_acceptableResponses, 0, -+ ASN1_ITEM_ref(EXTENDED_KEY_USAGE), -+ 0, 0, 0, 0, -+ 0, 0, -+ i2v_EXTENDED_KEY_USAGE, -+ v2i_EXTENDED_KEY_USAGE, -+ 0, 0, -+ NULL - }; - --ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) -+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) - ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) - - IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) - - static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, -- void *a, STACK_OF(CONF_VALUE) *ext_list) -+ void *a, -+ STACK_OF(CONF_VALUE) -+ *ext_list) - { -- EXTENDED_KEY_USAGE *eku = a; -- int i; -- ASN1_OBJECT *obj; -- char obj_tmp[80]; -- for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { -- obj = sk_ASN1_OBJECT_value(eku, i); -- i2t_ASN1_OBJECT(obj_tmp, 80, obj); -- X509V3_add_value(NULL, obj_tmp, &ext_list); -- } -- return ext_list; -+ EXTENDED_KEY_USAGE *eku = a; -+ int i; -+ ASN1_OBJECT *obj; -+ char obj_tmp[80]; -+ for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { -+ obj = sk_ASN1_OBJECT_value(eku, i); -+ i2t_ASN1_OBJECT(obj_tmp, 80, obj); -+ X509V3_add_value(NULL, obj_tmp, &ext_list); -+ } -+ return ext_list; - } - - static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval) - { -- EXTENDED_KEY_USAGE *extku; -- char *extval; -- ASN1_OBJECT *objtmp; -- CONF_VALUE *val; -- int i; -+ EXTENDED_KEY_USAGE *extku; -+ char *extval; -+ ASN1_OBJECT *objtmp; -+ CONF_VALUE *val; -+ int i; - -- if(!(extku = sk_ASN1_OBJECT_new_null())) { -- X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -+ if (!(extku = sk_ASN1_OBJECT_new_null())) { -+ X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } - -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- val = sk_CONF_VALUE_value(nval, i); -- if(val->value) extval = val->value; -- else extval = val->name; -- if(!(objtmp = OBJ_txt2obj(extval, 0))) { -- sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); -- X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER); -- X509V3_conf_err(val); -- return NULL; -- } -- sk_ASN1_OBJECT_push(extku, objtmp); -- } -- return extku; -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ val = sk_CONF_VALUE_value(nval, i); -+ if (val->value) -+ extval = val->value; -+ else -+ extval = val->name; -+ if (!(objtmp = OBJ_txt2obj(extval, 0))) { -+ sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); -+ X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, -+ X509V3_R_INVALID_OBJECT_IDENTIFIER); -+ X509V3_conf_err(val); -+ return NULL; -+ } -+ sk_ASN1_OBJECT_push(extku, objtmp); -+ } -+ return extku; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c -index 84b4b1c..760b304 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c -@@ -1,6 +1,7 @@ - /* v3_genn.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include "cryptlib.h" - #include -@@ -64,38 +64,38 @@ - #include - - ASN1_SEQUENCE(OTHERNAME) = { -- ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), -- /* Maybe have a true ANY DEFINED BY later */ -- ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) -+ ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), -+ /* Maybe have a true ANY DEFINED BY later */ -+ ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) - } ASN1_SEQUENCE_END(OTHERNAME) - - IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) - - ASN1_SEQUENCE(EDIPARTYNAME) = { -- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), -- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) -+ ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), -+ ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) - } ASN1_SEQUENCE_END(EDIPARTYNAME) - - IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) - - ASN1_CHOICE(GENERAL_NAME) = { -- ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), -- ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), -- ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), -- /* Don't decode this */ -- ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), -- /* X509_NAME is a CHOICE type so use EXPLICIT */ -- ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), -- ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), -- ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), -- ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), -- ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) -+ ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), -+ ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), -+ ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), -+ /* Don't decode this */ -+ ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), -+ /* X509_NAME is a CHOICE type so use EXPLICIT */ -+ ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), -+ ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), -+ ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), -+ ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), -+ ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) - } ASN1_CHOICE_END(GENERAL_NAME) - - IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME) - --ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) -+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) - ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES) - - IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c -index 4ff12b5..c170a55 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c -@@ -1,6 +1,7 @@ - /* v3_ia5.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,61 +57,63 @@ - * - */ - -- - #include - #include "cryptlib.h" - #include - #include - #include - --static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); --static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); --const X509V3_EXT_METHOD v3_ns_ia5_list[] = { --EXT_IA5STRING(NID_netscape_base_url), --EXT_IA5STRING(NID_netscape_revocation_url), --EXT_IA5STRING(NID_netscape_ca_revocation_url), --EXT_IA5STRING(NID_netscape_renewal_url), --EXT_IA5STRING(NID_netscape_ca_policy_url), --EXT_IA5STRING(NID_netscape_ssl_server_name), --EXT_IA5STRING(NID_netscape_comment), --EXT_END -+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -+ ASN1_IA5STRING *ia5); -+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, char *str); -+const X509V3_EXT_METHOD v3_ns_ia5_list[] = { -+ EXT_IA5STRING(NID_netscape_base_url), -+ EXT_IA5STRING(NID_netscape_revocation_url), -+ EXT_IA5STRING(NID_netscape_ca_revocation_url), -+ EXT_IA5STRING(NID_netscape_renewal_url), -+ EXT_IA5STRING(NID_netscape_ca_policy_url), -+ EXT_IA5STRING(NID_netscape_ssl_server_name), -+ EXT_IA5STRING(NID_netscape_comment), -+ EXT_END - }; - -- - static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -- ASN1_IA5STRING *ia5) -+ ASN1_IA5STRING *ia5) - { -- char *tmp; -- if(!ia5 || !ia5->length) return NULL; -- if(!(tmp = OPENSSL_malloc(ia5->length + 1))) { -- X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- memcpy(tmp, ia5->data, ia5->length); -- tmp[ia5->length] = 0; -- return tmp; -+ char *tmp; -+ if (!ia5 || !ia5->length) -+ return NULL; -+ if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { -+ X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ memcpy(tmp, ia5->data, ia5->length); -+ tmp[ia5->length] = 0; -+ return tmp; - } - - static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, char *str) -+ X509V3_CTX *ctx, char *str) - { -- ASN1_IA5STRING *ia5; -- if(!str) { -- X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); -- return NULL; -- } -- if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; -- if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, -- strlen(str))) { -- M_ASN1_IA5STRING_free(ia5); -- goto err; -- } -+ ASN1_IA5STRING *ia5; -+ if (!str) { -+ X509V3err(X509V3_F_S2I_ASN1_IA5STRING, -+ X509V3_R_INVALID_NULL_ARGUMENT); -+ return NULL; -+ } -+ if (!(ia5 = M_ASN1_IA5STRING_new())) -+ goto err; -+ if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, -+ strlen(str))) { -+ M_ASN1_IA5STRING_free(ia5); -+ goto err; -+ } - #ifdef CHARSET_EBCDIC -- ebcdic2ascii(ia5->data, ia5->data, ia5->length); --#endif /*CHARSET_EBCDIC*/ -- return ia5; -- err: -- X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); -- return NULL; -+ ebcdic2ascii(ia5->data, ia5->data, ia5->length); -+#endif /* CHARSET_EBCDIC */ -+ return ia5; -+ err: -+ X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); -+ return NULL; - } -- -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c -index e1b8699..e052a34 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c -@@ -1,6 +1,7 @@ - /* v3_info.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -63,131 +64,147 @@ - #include - #include - --static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, -- AUTHORITY_INFO_ACCESS *ainfo, -- STACK_OF(CONF_VALUE) *ret); --static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD -+ *method, AUTHORITY_INFO_ACCESS -+ *ainfo, STACK_OF(CONF_VALUE) -+ *ret); -+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD -+ *method, -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) -+ *nval); - --const X509V3_EXT_METHOD v3_info = --{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), --0,0,0,0, --0,0, --(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, --(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, --0,0, --NULL}; -+const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE, -+ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), -+ 0, 0, 0, 0, -+ 0, 0, -+ (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS, -+ (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, -+ 0, 0, -+ NULL -+}; - --const X509V3_EXT_METHOD v3_sinfo = --{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), --0,0,0,0, --0,0, --(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, --(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, --0,0, --NULL}; -+const X509V3_EXT_METHOD v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE, -+ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), -+ 0, 0, 0, 0, -+ 0, 0, -+ (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS, -+ (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, -+ 0, 0, -+ NULL -+}; - - ASN1_SEQUENCE(ACCESS_DESCRIPTION) = { -- ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), -- ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) -+ ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), -+ ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) - } ASN1_SEQUENCE_END(ACCESS_DESCRIPTION) - - IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) - --ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) -+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) - ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) - - IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) - --static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, -- AUTHORITY_INFO_ACCESS *ainfo, -- STACK_OF(CONF_VALUE) *ret) -+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD -+ *method, AUTHORITY_INFO_ACCESS -+ *ainfo, STACK_OF(CONF_VALUE) -+ *ret) - { -- ACCESS_DESCRIPTION *desc; -- int i,nlen; -- char objtmp[80], *ntmp; -- CONF_VALUE *vtmp; -- for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { -- desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); -- ret = i2v_GENERAL_NAME(method, desc->location, ret); -- if(!ret) break; -- vtmp = sk_CONF_VALUE_value(ret, i); -- i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); -- nlen = strlen(objtmp) + strlen(vtmp->name) + 5; -- ntmp = OPENSSL_malloc(nlen); -- if(!ntmp) { -- X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, -- ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- BUF_strlcpy(ntmp, objtmp, nlen); -- BUF_strlcat(ntmp, " - ", nlen); -- BUF_strlcat(ntmp, vtmp->name, nlen); -- OPENSSL_free(vtmp->name); -- vtmp->name = ntmp; -- -- } -- if(!ret) return sk_CONF_VALUE_new_null(); -- return ret; -+ ACCESS_DESCRIPTION *desc; -+ int i, nlen; -+ char objtmp[80], *ntmp; -+ CONF_VALUE *vtmp; -+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { -+ desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); -+ ret = i2v_GENERAL_NAME(method, desc->location, ret); -+ if (!ret) -+ break; -+ vtmp = sk_CONF_VALUE_value(ret, i); -+ i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); -+ nlen = strlen(objtmp) + strlen(vtmp->name) + 5; -+ ntmp = OPENSSL_malloc(nlen); -+ if (!ntmp) { -+ X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, -+ ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ BUF_strlcpy(ntmp, objtmp, nlen); -+ BUF_strlcat(ntmp, " - ", nlen); -+ BUF_strlcat(ntmp, vtmp->name, nlen); -+ OPENSSL_free(vtmp->name); -+ vtmp->name = ntmp; -+ -+ } -+ if (!ret) -+ return sk_CONF_VALUE_new_null(); -+ return ret; - } - --static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD -+ *method, -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) -+ *nval) - { -- AUTHORITY_INFO_ACCESS *ainfo = NULL; -- CONF_VALUE *cnf, ctmp; -- ACCESS_DESCRIPTION *acc; -- int i, objlen; -- char *objtmp, *ptmp; -- if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { -- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- cnf = sk_CONF_VALUE_value(nval, i); -- if(!(acc = ACCESS_DESCRIPTION_new()) -- || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { -- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- ptmp = strchr(cnf->name, ';'); -- if(!ptmp) { -- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX); -- goto err; -- } -- objlen = ptmp - cnf->name; -- ctmp.name = ptmp + 1; -- ctmp.value = cnf->value; -- if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) -- goto err; -- if(!(objtmp = OPENSSL_malloc(objlen + 1))) { -- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- strncpy(objtmp, cnf->name, objlen); -- objtmp[objlen] = 0; -- acc->method = OBJ_txt2obj(objtmp, 0); -- if(!acc->method) { -- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT); -- ERR_add_error_data(2, "value=", objtmp); -- OPENSSL_free(objtmp); -- goto err; -- } -- OPENSSL_free(objtmp); -+ AUTHORITY_INFO_ACCESS *ainfo = NULL; -+ CONF_VALUE *cnf, ctmp; -+ ACCESS_DESCRIPTION *acc; -+ int i, objlen; -+ char *objtmp, *ptmp; -+ if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { -+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ cnf = sk_CONF_VALUE_value(nval, i); -+ if (!(acc = ACCESS_DESCRIPTION_new()) -+ || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { -+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ ptmp = strchr(cnf->name, ';'); -+ if (!ptmp) { -+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, -+ X509V3_R_INVALID_SYNTAX); -+ goto err; -+ } -+ objlen = ptmp - cnf->name; -+ ctmp.name = ptmp + 1; -+ ctmp.value = cnf->value; -+ if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) -+ goto err; -+ if (!(objtmp = OPENSSL_malloc(objlen + 1))) { -+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ strncpy(objtmp, cnf->name, objlen); -+ objtmp[objlen] = 0; -+ acc->method = OBJ_txt2obj(objtmp, 0); -+ if (!acc->method) { -+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, -+ X509V3_R_BAD_OBJECT); -+ ERR_add_error_data(2, "value=", objtmp); -+ OPENSSL_free(objtmp); -+ goto err; -+ } -+ OPENSSL_free(objtmp); - -- } -- return ainfo; -- err: -- sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); -- return NULL; -+ } -+ return ainfo; -+ err: -+ sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); -+ return NULL; - } - --int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a) -- { -- i2a_ASN1_OBJECT(bp, a->method); -+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) -+{ -+ i2a_ASN1_OBJECT(bp, a->method); - #ifdef UNDEF -- i2a_GENERAL_NAME(bp, a->location); -+ i2a_GENERAL_NAME(bp, a->location); - #endif -- return 2; -- } -+ return 2; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c -index 4bfd14c..8bfdb37 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c -@@ -1,6 +1,7 @@ - /* v3_int.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -60,30 +61,32 @@ - #include "cryptlib.h" - #include - --const X509V3_EXT_METHOD v3_crl_num = { -- NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), -- 0,0,0,0, -- (X509V3_EXT_I2S)i2s_ASN1_INTEGER, -- 0, -- 0,0,0,0, NULL}; -+const X509V3_EXT_METHOD v3_crl_num = { -+ NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), -+ 0, 0, 0, 0, -+ (X509V3_EXT_I2S)i2s_ASN1_INTEGER, -+ 0, -+ 0, 0, 0, 0, NULL -+}; - --const X509V3_EXT_METHOD v3_delta_crl = { -- NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), -- 0,0,0,0, -- (X509V3_EXT_I2S)i2s_ASN1_INTEGER, -- 0, -- 0,0,0,0, NULL}; -- --static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value) -- { -- return s2i_ASN1_INTEGER(meth, value); -- } -- --const X509V3_EXT_METHOD v3_inhibit_anyp = { -- NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), -- 0,0,0,0, -- (X509V3_EXT_I2S)i2s_ASN1_INTEGER, -- (X509V3_EXT_S2I)s2i_asn1_int, -- 0,0,0,0, NULL}; -+const X509V3_EXT_METHOD v3_delta_crl = { -+ NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), -+ 0, 0, 0, 0, -+ (X509V3_EXT_I2S)i2s_ASN1_INTEGER, -+ 0, -+ 0, 0, 0, 0, NULL -+}; - -+static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, -+ char *value) -+{ -+ return s2i_ASN1_INTEGER(meth, value); -+} - -+const X509V3_EXT_METHOD v3_inhibit_anyp = { -+ NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), -+ 0, 0, 0, 0, -+ (X509V3_EXT_I2S)i2s_ASN1_INTEGER, -+ (X509V3_EXT_S2I)s2i_asn1_int, -+ 0, 0, 0, 0, NULL -+}; -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c -index df3a48f..e0c0b04 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c -@@ -1,6 +1,7 @@ - /* v3_lib.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -66,111 +67,129 @@ - - static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; - --static int ext_cmp(const X509V3_EXT_METHOD * const *a, -- const X509V3_EXT_METHOD * const *b); -+static int ext_cmp(const X509V3_EXT_METHOD *const *a, -+ const X509V3_EXT_METHOD *const *b); - static void ext_list_free(X509V3_EXT_METHOD *ext); - - int X509V3_EXT_add(X509V3_EXT_METHOD *ext) - { -- if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { -- X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { -- X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- return 1; -+ if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { -+ X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { -+ X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ return 1; - } - --static int ext_cmp(const X509V3_EXT_METHOD * const *a, -- const X509V3_EXT_METHOD * const *b) -+static int ext_cmp(const X509V3_EXT_METHOD *const *a, -+ const X509V3_EXT_METHOD *const *b) - { -- return ((*a)->ext_nid - (*b)->ext_nid); -+ return ((*a)->ext_nid - (*b)->ext_nid); - } - - X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) - { -- X509V3_EXT_METHOD tmp, *t = &tmp, **ret; -- int idx; -- if(nid < 0) return NULL; -- tmp.ext_nid = nid; -- ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, -- (char *)standard_exts, STANDARD_EXTENSION_COUNT, -- sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp); -- if(ret) return *ret; -- if(!ext_list) return NULL; -- idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); -- if(idx == -1) return NULL; -- return sk_X509V3_EXT_METHOD_value(ext_list, idx); -+ X509V3_EXT_METHOD tmp, *t = &tmp, **ret; -+ int idx; -+ if (nid < 0) -+ return NULL; -+ tmp.ext_nid = nid; -+ ret = (X509V3_EXT_METHOD **)OBJ_bsearch((char *)&t, -+ (char *)standard_exts, -+ STANDARD_EXTENSION_COUNT, -+ sizeof(X509V3_EXT_METHOD *), -+ (int (*) -+ (const void *, -+ const void *))ext_cmp); -+ if (ret) -+ return *ret; -+ if (!ext_list) -+ return NULL; -+ idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); -+ if (idx == -1) -+ return NULL; -+ return sk_X509V3_EXT_METHOD_value(ext_list, idx); - } - - X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) - { -- int nid; -- if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; -- return X509V3_EXT_get_nid(nid); -+ int nid; -+ if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) -+ return NULL; -+ return X509V3_EXT_get_nid(nid); - } - -- - int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) - { -- for(;extlist->ext_nid!=-1;extlist++) -- if(!X509V3_EXT_add(extlist)) return 0; -- return 1; -+ for (; extlist->ext_nid != -1; extlist++) -+ if (!X509V3_EXT_add(extlist)) -+ return 0; -+ return 1; - } - - int X509V3_EXT_add_alias(int nid_to, int nid_from) - { -- X509V3_EXT_METHOD *ext, *tmpext; -- if(!(ext = X509V3_EXT_get_nid(nid_from))) { -- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); -- return 0; -- } -- if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { -- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- *tmpext = *ext; -- tmpext->ext_nid = nid_to; -- tmpext->ext_flags |= X509V3_EXT_DYNAMIC; -- return X509V3_EXT_add(tmpext); -+ X509V3_EXT_METHOD *ext, *tmpext; -+ if (!(ext = X509V3_EXT_get_nid(nid_from))) { -+ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, -+ X509V3_R_EXTENSION_NOT_FOUND); -+ return 0; -+ } -+ if (! -+ (tmpext = -+ (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { -+ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ *tmpext = *ext; -+ tmpext->ext_nid = nid_to; -+ tmpext->ext_flags |= X509V3_EXT_DYNAMIC; -+ return X509V3_EXT_add(tmpext); - } - - void X509V3_EXT_cleanup(void) - { -- sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); -- ext_list = NULL; -+ sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); -+ ext_list = NULL; - } - - static void ext_list_free(X509V3_EXT_METHOD *ext) - { -- if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext); -+ if (ext->ext_flags & X509V3_EXT_DYNAMIC) -+ OPENSSL_free(ext); - } - --/* Legacy function: we don't need to add standard extensions -- * any more because they are now kept in ext_dat.h. -+/* -+ * Legacy function: we don't need to add standard extensions any more because -+ * they are now kept in ext_dat.h. - */ - - int X509V3_add_standard_extensions(void) - { -- return 1; -+ return 1; - } - - /* Return an extension internal structure */ - - void *X509V3_EXT_d2i(X509_EXTENSION *ext) - { -- X509V3_EXT_METHOD *method; -- const unsigned char *p; -- -- if(!(method = X509V3_EXT_get(ext))) return NULL; -- p = ext->value->data; -- if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); -- return method->d2i(NULL, &p, ext->value->length); -+ X509V3_EXT_METHOD *method; -+ const unsigned char *p; -+ -+ if (!(method = X509V3_EXT_get(ext))) -+ return NULL; -+ p = ext->value->data; -+ if (method->it) -+ return ASN1_item_d2i(NULL, &p, ext->value->length, -+ ASN1_ITEM_ptr(method->it)); -+ return method->d2i(NULL, &p, ext->value->length); - } - --/* Get critical flag and decoded version of extension from a NID. -+/*- -+ * Get critical flag and decoded version of extension from a NID. - * The "idx" variable returns the last found extension and can - * be used to retrieve multiple extensions of the same NID. - * However multiple extensions with the same NID is usually -@@ -185,119 +204,136 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) - * -2 extension occurs more than once. - */ - --void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) -+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, -+ int *idx) - { -- int lastpos, i; -- X509_EXTENSION *ex, *found_ex = NULL; -- if(!x) { -- if(idx) *idx = -1; -- if(crit) *crit = -1; -- return NULL; -- } -- if(idx) lastpos = *idx + 1; -- else lastpos = 0; -- if(lastpos < 0) lastpos = 0; -- for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) -- { -- ex = sk_X509_EXTENSION_value(x, i); -- if(OBJ_obj2nid(ex->object) == nid) { -- if(idx) { -- *idx = i; -- found_ex = ex; -- break; -- } else if(found_ex) { -- /* Found more than one */ -- if(crit) *crit = -2; -- return NULL; -- } -- found_ex = ex; -- } -- } -- if(found_ex) { -- /* Found it */ -- if(crit) *crit = X509_EXTENSION_get_critical(found_ex); -- return X509V3_EXT_d2i(found_ex); -- } -- -- /* Extension not found */ -- if(idx) *idx = -1; -- if(crit) *crit = -1; -- return NULL; -+ int lastpos, i; -+ X509_EXTENSION *ex, *found_ex = NULL; -+ if (!x) { -+ if (idx) -+ *idx = -1; -+ if (crit) -+ *crit = -1; -+ return NULL; -+ } -+ if (idx) -+ lastpos = *idx + 1; -+ else -+ lastpos = 0; -+ if (lastpos < 0) -+ lastpos = 0; -+ for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { -+ ex = sk_X509_EXTENSION_value(x, i); -+ if (OBJ_obj2nid(ex->object) == nid) { -+ if (idx) { -+ *idx = i; -+ found_ex = ex; -+ break; -+ } else if (found_ex) { -+ /* Found more than one */ -+ if (crit) -+ *crit = -2; -+ return NULL; -+ } -+ found_ex = ex; -+ } -+ } -+ if (found_ex) { -+ /* Found it */ -+ if (crit) -+ *crit = X509_EXTENSION_get_critical(found_ex); -+ return X509V3_EXT_d2i(found_ex); -+ } -+ -+ /* Extension not found */ -+ if (idx) -+ *idx = -1; -+ if (crit) -+ *crit = -1; -+ return NULL; - } - --/* This function is a general extension append, replace and delete utility. -+/* -+ * This function is a general extension append, replace and delete utility. - * The precise operation is governed by the 'flags' value. The 'crit' and - * 'value' arguments (if relevant) are the extensions internal structure. - */ - - int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, -- int crit, unsigned long flags) -+ int crit, unsigned long flags) - { -- int extidx = -1; -- int errcode; -- X509_EXTENSION *ext, *extmp; -- unsigned long ext_op = flags & X509V3_ADD_OP_MASK; -- -- /* If appending we don't care if it exists, otherwise -- * look for existing extension. -- */ -- if(ext_op != X509V3_ADD_APPEND) -- extidx = X509v3_get_ext_by_NID(*x, nid, -1); -- -- /* See if extension exists */ -- if(extidx >= 0) { -- /* If keep existing, nothing to do */ -- if(ext_op == X509V3_ADD_KEEP_EXISTING) -- return 1; -- /* If default then its an error */ -- if(ext_op == X509V3_ADD_DEFAULT) { -- errcode = X509V3_R_EXTENSION_EXISTS; -- goto err; -- } -- /* If delete, just delete it */ -- if(ext_op == X509V3_ADD_DELETE) { -- if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1; -- return 1; -- } -- } else { -- /* If replace existing or delete, error since -- * extension must exist -- */ -- if((ext_op == X509V3_ADD_REPLACE_EXISTING) || -- (ext_op == X509V3_ADD_DELETE)) { -- errcode = X509V3_R_EXTENSION_NOT_FOUND; -- goto err; -- } -- } -- -- /* If we get this far then we have to create an extension: -- * could have some flags for alternative encoding schemes... -- */ -- -- ext = X509V3_EXT_i2d(nid, crit, value); -- -- if(!ext) { -- X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION); -- return 0; -- } -- -- /* If extension exists replace it.. */ -- if(extidx >= 0) { -- extmp = sk_X509_EXTENSION_value(*x, extidx); -- X509_EXTENSION_free(extmp); -- if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1; -- return 1; -- } -- -- if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1; -- if(!sk_X509_EXTENSION_push(*x, ext)) return -1; -- -- return 1; -- -- err: -- if(!(flags & X509V3_ADD_SILENT)) -- X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); -- return 0; -+ int extidx = -1; -+ int errcode; -+ X509_EXTENSION *ext, *extmp; -+ unsigned long ext_op = flags & X509V3_ADD_OP_MASK; -+ -+ /* -+ * If appending we don't care if it exists, otherwise look for existing -+ * extension. -+ */ -+ if (ext_op != X509V3_ADD_APPEND) -+ extidx = X509v3_get_ext_by_NID(*x, nid, -1); -+ -+ /* See if extension exists */ -+ if (extidx >= 0) { -+ /* If keep existing, nothing to do */ -+ if (ext_op == X509V3_ADD_KEEP_EXISTING) -+ return 1; -+ /* If default then its an error */ -+ if (ext_op == X509V3_ADD_DEFAULT) { -+ errcode = X509V3_R_EXTENSION_EXISTS; -+ goto err; -+ } -+ /* If delete, just delete it */ -+ if (ext_op == X509V3_ADD_DELETE) { -+ if (!sk_X509_EXTENSION_delete(*x, extidx)) -+ return -1; -+ return 1; -+ } -+ } else { -+ /* -+ * If replace existing or delete, error since extension must exist -+ */ -+ if ((ext_op == X509V3_ADD_REPLACE_EXISTING) || -+ (ext_op == X509V3_ADD_DELETE)) { -+ errcode = X509V3_R_EXTENSION_NOT_FOUND; -+ goto err; -+ } -+ } -+ -+ /* -+ * If we get this far then we have to create an extension: could have -+ * some flags for alternative encoding schemes... -+ */ -+ -+ ext = X509V3_EXT_i2d(nid, crit, value); -+ -+ if (!ext) { -+ X509V3err(X509V3_F_X509V3_ADD1_I2D, -+ X509V3_R_ERROR_CREATING_EXTENSION); -+ return 0; -+ } -+ -+ /* If extension exists replace it.. */ -+ if (extidx >= 0) { -+ extmp = sk_X509_EXTENSION_value(*x, extidx); -+ X509_EXTENSION_free(extmp); -+ if (!sk_X509_EXTENSION_set(*x, extidx, ext)) -+ return -1; -+ return 1; -+ } -+ -+ if (!*x && !(*x = sk_X509_EXTENSION_new_null())) -+ return -1; -+ if (!sk_X509_EXTENSION_push(*x, ext)) -+ return -1; -+ -+ return 1; -+ -+ err: -+ if (!(flags & X509V3_ADD_SILENT)) -+ X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); -+ return 0; - } - - IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c -index 624fe7e..24c1b66 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c -@@ -1,5 +1,6 @@ - /* v3_ncons.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include "cryptlib.h" - #include -@@ -64,156 +64,140 @@ - #include - - static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); --static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, -- void *a, BIO *bp, int ind); -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval); -+static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, void *a, BIO *bp, -+ int ind); - static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, -- STACK_OF(GENERAL_SUBTREE) *trees, -- BIO *bp, int ind, char *name); -+ STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, -+ int ind, char *name); - static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); - - const X509V3_EXT_METHOD v3_name_constraints = { -- NID_name_constraints, 0, -- ASN1_ITEM_ref(NAME_CONSTRAINTS), -- 0,0,0,0, -- 0,0, -- 0, v2i_NAME_CONSTRAINTS, -- i2r_NAME_CONSTRAINTS,0, -- NULL -+ NID_name_constraints, 0, -+ ASN1_ITEM_ref(NAME_CONSTRAINTS), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, v2i_NAME_CONSTRAINTS, -+ i2r_NAME_CONSTRAINTS, 0, -+ NULL - }; - - ASN1_SEQUENCE(GENERAL_SUBTREE) = { -- ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), -- ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), -- ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) -+ ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), -+ ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), -+ ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) - } ASN1_SEQUENCE_END(GENERAL_SUBTREE) - - ASN1_SEQUENCE(NAME_CONSTRAINTS) = { -- ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, -- GENERAL_SUBTREE, 0), -- ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, -- GENERAL_SUBTREE, 1), -+ ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, -+ GENERAL_SUBTREE, 0), -+ ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, -+ GENERAL_SUBTREE, 1), - } ASN1_SEQUENCE_END(NAME_CONSTRAINTS) -- -+ - - IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) - IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) - - static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -- { -- int i; -- CONF_VALUE tval, *val; -- STACK_OF(GENERAL_SUBTREE) **ptree = NULL; -- NAME_CONSTRAINTS *ncons = NULL; -- GENERAL_SUBTREE *sub = NULL; -- ncons = NAME_CONSTRAINTS_new(); -- if (!ncons) -- goto memerr; -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) -- { -- val = sk_CONF_VALUE_value(nval, i); -- if (!strncmp(val->name, "permitted", 9) && val->name[9]) -- { -- ptree = &ncons->permittedSubtrees; -- tval.name = val->name + 10; -- } -- else if (!strncmp(val->name, "excluded", 8) && val->name[8]) -- { -- ptree = &ncons->excludedSubtrees; -- tval.name = val->name + 9; -- } -- else -- { -- X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); -- goto err; -- } -- tval.value = val->value; -- sub = GENERAL_SUBTREE_new(); -- if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) -- goto err; -- if (!*ptree) -- *ptree = sk_GENERAL_SUBTREE_new_null(); -- if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) -- goto memerr; -- sub = NULL; -- } -- -- return ncons; -- -- memerr: -- X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); -- err: -- if (ncons) -- NAME_CONSTRAINTS_free(ncons); -- if (sub) -- GENERAL_SUBTREE_free(sub); -- -- return NULL; -- } -- -- -- -+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+{ -+ int i; -+ CONF_VALUE tval, *val; -+ STACK_OF(GENERAL_SUBTREE) **ptree = NULL; -+ NAME_CONSTRAINTS *ncons = NULL; -+ GENERAL_SUBTREE *sub = NULL; -+ ncons = NAME_CONSTRAINTS_new(); -+ if (!ncons) -+ goto memerr; -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ val = sk_CONF_VALUE_value(nval, i); -+ if (!strncmp(val->name, "permitted", 9) && val->name[9]) { -+ ptree = &ncons->permittedSubtrees; -+ tval.name = val->name + 10; -+ } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { -+ ptree = &ncons->excludedSubtrees; -+ tval.name = val->name + 9; -+ } else { -+ X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); -+ goto err; -+ } -+ tval.value = val->value; -+ sub = GENERAL_SUBTREE_new(); -+ if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) -+ goto err; -+ if (!*ptree) -+ *ptree = sk_GENERAL_SUBTREE_new_null(); -+ if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) -+ goto memerr; -+ sub = NULL; -+ } -+ -+ return ncons; -+ -+ memerr: -+ X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); -+ err: -+ if (ncons) -+ NAME_CONSTRAINTS_free(ncons); -+ if (sub) -+ GENERAL_SUBTREE_free(sub); -+ -+ return NULL; -+} - - static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, -- void *a, BIO *bp, int ind) -- { -- NAME_CONSTRAINTS *ncons = a; -- do_i2r_name_constraints(method, ncons->permittedSubtrees, -- bp, ind, "Permitted"); -- do_i2r_name_constraints(method, ncons->excludedSubtrees, -- bp, ind, "Excluded"); -- return 1; -- } -+ void *a, BIO *bp, int ind) -+{ -+ NAME_CONSTRAINTS *ncons = a; -+ do_i2r_name_constraints(method, ncons->permittedSubtrees, -+ bp, ind, "Permitted"); -+ do_i2r_name_constraints(method, ncons->excludedSubtrees, -+ bp, ind, "Excluded"); -+ return 1; -+} - - static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, -- STACK_OF(GENERAL_SUBTREE) *trees, -- BIO *bp, int ind, char *name) -- { -- GENERAL_SUBTREE *tree; -- int i; -- if (sk_GENERAL_SUBTREE_num(trees) > 0) -- BIO_printf(bp, "%*s%s:\n", ind, "", name); -- for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) -- { -- tree = sk_GENERAL_SUBTREE_value(trees, i); -- BIO_printf(bp, "%*s", ind + 2, ""); -- if (tree->base->type == GEN_IPADD) -- print_nc_ipadd(bp, tree->base->d.ip); -- else -- GENERAL_NAME_print(bp, tree->base); -- BIO_puts(bp, "\n"); -- } -- return 1; -- } -+ STACK_OF(GENERAL_SUBTREE) *trees, -+ BIO *bp, int ind, char *name) -+{ -+ GENERAL_SUBTREE *tree; -+ int i; -+ if (sk_GENERAL_SUBTREE_num(trees) > 0) -+ BIO_printf(bp, "%*s%s:\n", ind, "", name); -+ for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) { -+ tree = sk_GENERAL_SUBTREE_value(trees, i); -+ BIO_printf(bp, "%*s", ind + 2, ""); -+ if (tree->base->type == GEN_IPADD) -+ print_nc_ipadd(bp, tree->base->d.ip); -+ else -+ GENERAL_NAME_print(bp, tree->base); -+ BIO_puts(bp, "\n"); -+ } -+ return 1; -+} - - static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) -- { -- int i, len; -- unsigned char *p; -- p = ip->data; -- len = ip->length; -- BIO_puts(bp, "IP:"); -- if(len == 8) -- { -- BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", -- p[0], p[1], p[2], p[3], -- p[4], p[5], p[6], p[7]); -- } -- else if(len == 32) -- { -- for (i = 0; i < 16; i++) -- { -- BIO_printf(bp, "%X", p[0] << 8 | p[1]); -- p += 2; -- if (i == 7) -- BIO_puts(bp, "/"); -- else if (i != 15) -- BIO_puts(bp, ":"); -- } -- } -- else -- BIO_printf(bp, "IP Address:"); -- return 1; -- } -- -+{ -+ int i, len; -+ unsigned char *p; -+ p = ip->data; -+ len = ip->length; -+ BIO_puts(bp, "IP:"); -+ if (len == 8) { -+ BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", -+ p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); -+ } else if (len == 32) { -+ for (i = 0; i < 16; i++) { -+ BIO_printf(bp, "%X", p[0] << 8 | p[1]); -+ p += 2; -+ if (i == 7) -+ BIO_puts(bp, "/"); -+ else if (i != 15) -+ BIO_puts(bp, ":"); -+ } -+ } else -+ BIO_printf(bp, "IP Address:"); -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c -index 5c19cf4..e1b72f5 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c -@@ -1,6 +1,7 @@ - /* v3_ocsp.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -58,218 +59,253 @@ - - #ifndef OPENSSL_NO_OCSP - --#include --#include "cryptlib.h" --#include --#include --#include --#include -+# include -+# include "cryptlib.h" -+# include -+# include -+# include -+# include - --/* OCSP extensions and a couple of CRL entry extensions -+/* -+ * OCSP extensions and a couple of CRL entry extensions - */ - --static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); --static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); --static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent); -+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, -+ int indent); -+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, -+ int indent); -+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, -+ int indent); - - static void *ocsp_nonce_new(void); - static int i2d_ocsp_nonce(void *a, unsigned char **pp); - static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); - static void ocsp_nonce_free(void *a); --static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); -+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, -+ int indent); - --static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); --static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str); --static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); -+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, -+ BIO *out, int indent); -+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -+ const char *str); -+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, -+ int ind); - - const X509V3_EXT_METHOD v3_ocsp_crlid = { -- NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), -- 0,0,0,0, -- 0,0, -- 0,0, -- i2r_ocsp_crlid,0, -- NULL -+ NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_crlid, 0, -+ NULL - }; - - const X509V3_EXT_METHOD v3_ocsp_acutoff = { -- NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), -- 0,0,0,0, -- 0,0, -- 0,0, -- i2r_ocsp_acutoff,0, -- NULL -+ NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_acutoff, 0, -+ NULL - }; - - const X509V3_EXT_METHOD v3_crl_invdate = { -- NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), -- 0,0,0,0, -- 0,0, -- 0,0, -- i2r_ocsp_acutoff,0, -- NULL -+ NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_acutoff, 0, -+ NULL - }; - - const X509V3_EXT_METHOD v3_crl_hold = { -- NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), -- 0,0,0,0, -- 0,0, -- 0,0, -- i2r_object,0, -- NULL -+ NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_object, 0, -+ NULL - }; - - const X509V3_EXT_METHOD v3_ocsp_nonce = { -- NID_id_pkix_OCSP_Nonce, 0, NULL, -- ocsp_nonce_new, -- ocsp_nonce_free, -- d2i_ocsp_nonce, -- i2d_ocsp_nonce, -- 0,0, -- 0,0, -- i2r_ocsp_nonce,0, -- NULL -+ NID_id_pkix_OCSP_Nonce, 0, NULL, -+ ocsp_nonce_new, -+ ocsp_nonce_free, -+ d2i_ocsp_nonce, -+ i2d_ocsp_nonce, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_nonce, 0, -+ NULL - }; - - const X509V3_EXT_METHOD v3_ocsp_nocheck = { -- NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), -- 0,0,0,0, -- 0,s2i_ocsp_nocheck, -- 0,0, -- i2r_ocsp_nocheck,0, -- NULL -+ NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), -+ 0, 0, 0, 0, -+ 0, s2i_ocsp_nocheck, -+ 0, 0, -+ i2r_ocsp_nocheck, 0, -+ NULL - }; - - const X509V3_EXT_METHOD v3_ocsp_serviceloc = { -- NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), -- 0,0,0,0, -- 0,0, -- 0,0, -- i2r_ocsp_serviceloc,0, -- NULL -+ NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, 0, -+ i2r_ocsp_serviceloc, 0, -+ NULL - }; - --static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) -+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, -+ int ind) - { -- OCSP_CRLID *a = in; -- if (a->crlUrl) -- { -- if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err; -- if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; -- if (BIO_write(bp, "\n", 1) <= 0) goto err; -- } -- if (a->crlNum) -- { -- if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err; -- if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err; -- if (BIO_write(bp, "\n", 1) <= 0) goto err; -- } -- if (a->crlTime) -- { -- if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err; -- if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; -- if (BIO_write(bp, "\n", 1) <= 0) goto err; -- } -- return 1; -- err: -- return 0; -+ OCSP_CRLID *a = in; -+ if (a->crlUrl) { -+ if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) -+ goto err; -+ if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (a->crlNum) { -+ if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) -+ goto err; -+ if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ if (a->crlTime) { -+ if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) -+ goto err; -+ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) -+ goto err; -+ if (BIO_write(bp, "\n", 1) <= 0) -+ goto err; -+ } -+ return 1; -+ err: -+ return 0; - } - --static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind) -+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, -+ int ind) - { -- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; -- if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; -- return 1; -+ if (BIO_printf(bp, "%*s", ind, "") <= 0) -+ return 0; -+ if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) -+ return 0; -+ return 1; - } - -- - static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) - { -- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; -- if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0; -- return 1; -+ if (BIO_printf(bp, "%*s", ind, "") <= 0) -+ return 0; -+ if (i2a_ASN1_OBJECT(bp, oid) <= 0) -+ return 0; -+ return 1; - } - --/* OCSP nonce. This is needs special treatment because it doesn't have -- * an ASN1 encoding at all: it just contains arbitrary data. -+/* -+ * OCSP nonce. This is needs special treatment because it doesn't have an -+ * ASN1 encoding at all: it just contains arbitrary data. - */ - - static void *ocsp_nonce_new(void) - { -- return ASN1_OCTET_STRING_new(); -+ return ASN1_OCTET_STRING_new(); - } - - static int i2d_ocsp_nonce(void *a, unsigned char **pp) - { -- ASN1_OCTET_STRING *os = a; -- if(pp) { -- memcpy(*pp, os->data, os->length); -- *pp += os->length; -- } -- return os->length; -+ ASN1_OCTET_STRING *os = a; -+ if (pp) { -+ memcpy(*pp, os->data, os->length); -+ *pp += os->length; -+ } -+ return os->length; - } - - static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) - { -- ASN1_OCTET_STRING *os, **pos; -- pos = a; -- if(!pos || !*pos) os = ASN1_OCTET_STRING_new(); -- else os = *pos; -- if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; -+ ASN1_OCTET_STRING *os, **pos; -+ pos = a; -+ if (!pos || !*pos) -+ os = ASN1_OCTET_STRING_new(); -+ else -+ os = *pos; -+ if (!ASN1_OCTET_STRING_set(os, *pp, length)) -+ goto err; - -- *pp += length; -+ *pp += length; - -- if(pos) *pos = os; -- return os; -+ if (pos) -+ *pos = os; -+ return os; - -- err: -- if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os); -- OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); -- return NULL; -+ err: -+ if (os && (!pos || (*pos != os))) -+ M_ASN1_OCTET_STRING_free(os); -+ OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); -+ return NULL; - } - - static void ocsp_nonce_free(void *a) - { -- M_ASN1_OCTET_STRING_free(a); -+ M_ASN1_OCTET_STRING_free(a); - } - --static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent) -+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, -+ int indent) - { -- if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; -- if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; -- return 1; -+ if (BIO_printf(out, "%*s", indent, "") <= 0) -+ return 0; -+ if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) -+ return 0; -+ return 1; - } - - /* Nocheck is just a single NULL. Don't print anything and always set it */ - --static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent) -+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, -+ BIO *out, int indent) - { -- return 1; -+ return 1; - } - --static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) -+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -+ const char *str) - { -- return ASN1_NULL_new(); -+ return ASN1_NULL_new(); - } - --static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) -- { -- int i; -- OCSP_SERVICELOC *a = in; -- ACCESS_DESCRIPTION *ad; -+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, -+ int ind) -+{ -+ int i; -+ OCSP_SERVICELOC *a = in; -+ ACCESS_DESCRIPTION *ad; - -- if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err; -- if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err; -- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) -- { -- ad = sk_ACCESS_DESCRIPTION_value(a->locator,i); -- if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) -- goto err; -- if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err; -- if(BIO_puts(bp, " - ") <= 0) goto err; -- if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err; -- } -- return 1; --err: -- return 0; -- } -+ if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) -+ goto err; -+ if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) -+ goto err; -+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { -+ ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); -+ if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) -+ goto err; -+ if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) -+ goto err; -+ if (BIO_puts(bp, " - ") <= 0) -+ goto err; -+ if (GENERAL_NAME_print(bp, ad->location) <= 0) -+ goto err; -+ } -+ return 1; -+ err: -+ return 0; -+} - #endif -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c -index 823e9af..cd6b4b2 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c -@@ -1,6 +1,7 @@ - /* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */ --/* Contributed to the OpenSSL Project 2004 -- * by Richard Levitte (richard@levitte.org) -+/* -+ * Contributed to the OpenSSL Project 2004 by Richard Levitte -+ * (richard@levitte.org) - */ - /* Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). -@@ -40,289 +41,277 @@ - #include - - static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, -- BIO *out, int indent); -+ BIO *out, int indent); - static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, char *str); -+ X509V3_CTX *ctx, char *str); - - const X509V3_EXT_METHOD v3_pci = -- { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), -- 0,0,0,0, -- 0,0, -- NULL, NULL, -- (X509V3_EXT_I2R)i2r_pci, -- (X509V3_EXT_R2I)r2i_pci, -- NULL, -- }; -+ { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), -+ 0, 0, 0, 0, -+ 0, 0, -+ NULL, NULL, -+ (X509V3_EXT_I2R)i2r_pci, -+ (X509V3_EXT_R2I)r2i_pci, -+ NULL, -+}; - - static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, -- BIO *out, int indent) -- { -- BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); -- if (pci->pcPathLengthConstraint) -- i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); -- else -- BIO_printf(out, "infinite"); -- BIO_puts(out, "\n"); -- BIO_printf(out, "%*sPolicy Language: ", indent, ""); -- i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); -- BIO_puts(out, "\n"); -- if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) -- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", -- pci->proxyPolicy->policy->data); -- return 1; -- } -+ BIO *out, int indent) -+{ -+ BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); -+ if (pci->pcPathLengthConstraint) -+ i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); -+ else -+ BIO_printf(out, "infinite"); -+ BIO_puts(out, "\n"); -+ BIO_printf(out, "%*sPolicy Language: ", indent, ""); -+ i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); -+ BIO_puts(out, "\n"); -+ if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) -+ BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", -+ pci->proxyPolicy->policy->data); -+ return 1; -+} - - static int process_pci_value(CONF_VALUE *val, -- ASN1_OBJECT **language, ASN1_INTEGER **pathlen, -- ASN1_OCTET_STRING **policy) -- { -- int free_policy = 0; -+ ASN1_OBJECT **language, ASN1_INTEGER **pathlen, -+ ASN1_OCTET_STRING **policy) -+{ -+ int free_policy = 0; - -- if (strcmp(val->name, "language") == 0) -- { -- if (*language) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); -- X509V3_conf_err(val); -- return 0; -- } -- if (!(*language = OBJ_txt2obj(val->value, 0))) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER); -- X509V3_conf_err(val); -- return 0; -- } -- } -- else if (strcmp(val->name, "pathlen") == 0) -- { -- if (*pathlen) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); -- X509V3_conf_err(val); -- return 0; -- } -- if (!X509V3_get_value_int(val, pathlen)) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH); -- X509V3_conf_err(val); -- return 0; -- } -- } -- else if (strcmp(val->name, "policy") == 0) -- { -- unsigned char *tmp_data = NULL; -- long val_len; -- if (!*policy) -- { -- *policy = ASN1_OCTET_STRING_new(); -- if (!*policy) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); -- X509V3_conf_err(val); -- return 0; -- } -- free_policy = 1; -- } -- if (strncmp(val->value, "hex:", 4) == 0) -- { -- unsigned char *tmp_data2 = -- string_to_hex(val->value + 4, &val_len); -+ if (strcmp(val->name, "language") == 0) { -+ if (*language) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, -+ X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); -+ X509V3_conf_err(val); -+ return 0; -+ } -+ if (!(*language = OBJ_txt2obj(val->value, 0))) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, -+ X509V3_R_INVALID_OBJECT_IDENTIFIER); -+ X509V3_conf_err(val); -+ return 0; -+ } -+ } else if (strcmp(val->name, "pathlen") == 0) { -+ if (*pathlen) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, -+ X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); -+ X509V3_conf_err(val); -+ return 0; -+ } -+ if (!X509V3_get_value_int(val, pathlen)) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, -+ X509V3_R_POLICY_PATH_LENGTH); -+ X509V3_conf_err(val); -+ return 0; -+ } -+ } else if (strcmp(val->name, "policy") == 0) { -+ unsigned char *tmp_data = NULL; -+ long val_len; -+ if (!*policy) { -+ *policy = ASN1_OCTET_STRING_new(); -+ if (!*policy) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); -+ X509V3_conf_err(val); -+ return 0; -+ } -+ free_policy = 1; -+ } -+ if (strncmp(val->value, "hex:", 4) == 0) { -+ unsigned char *tmp_data2 = -+ string_to_hex(val->value + 4, &val_len); - -- if (!tmp_data2) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); -- X509V3_conf_err(val); -- goto err; -- } -+ if (!tmp_data2) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, -+ X509V3_R_ILLEGAL_HEX_DIGIT); -+ X509V3_conf_err(val); -+ goto err; -+ } - -- tmp_data = OPENSSL_realloc((*policy)->data, -- (*policy)->length + val_len + 1); -- if (tmp_data) -- { -- (*policy)->data = tmp_data; -- memcpy(&(*policy)->data[(*policy)->length], -- tmp_data2, val_len); -- (*policy)->length += val_len; -- (*policy)->data[(*policy)->length] = '\0'; -- } -- else -- { -- OPENSSL_free(tmp_data2); -- /* realloc failure implies the original data space is b0rked too! */ -- (*policy)->data = NULL; -- (*policy)->length = 0; -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); -- X509V3_conf_err(val); -- goto err; -- } -- OPENSSL_free(tmp_data2); -- } -- else if (strncmp(val->value, "file:", 5) == 0) -- { -- unsigned char buf[2048]; -- int n; -- BIO *b = BIO_new_file(val->value + 5, "r"); -- if (!b) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB); -- X509V3_conf_err(val); -- goto err; -- } -- while((n = BIO_read(b, buf, sizeof(buf))) > 0 -- || (n == 0 && BIO_should_retry(b))) -- { -- if (!n) continue; -+ tmp_data = OPENSSL_realloc((*policy)->data, -+ (*policy)->length + val_len + 1); -+ if (tmp_data) { -+ (*policy)->data = tmp_data; -+ memcpy(&(*policy)->data[(*policy)->length], -+ tmp_data2, val_len); -+ (*policy)->length += val_len; -+ (*policy)->data[(*policy)->length] = '\0'; -+ } else { -+ OPENSSL_free(tmp_data2); -+ /* -+ * realloc failure implies the original data space is b0rked -+ * too! -+ */ -+ (*policy)->data = NULL; -+ (*policy)->length = 0; -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ OPENSSL_free(tmp_data2); -+ } else if (strncmp(val->value, "file:", 5) == 0) { -+ unsigned char buf[2048]; -+ int n; -+ BIO *b = BIO_new_file(val->value + 5, "r"); -+ if (!b) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ while ((n = BIO_read(b, buf, sizeof(buf))) > 0 -+ || (n == 0 && BIO_should_retry(b))) { -+ if (!n) -+ continue; - -- tmp_data = OPENSSL_realloc((*policy)->data, -- (*policy)->length + n + 1); -+ tmp_data = OPENSSL_realloc((*policy)->data, -+ (*policy)->length + n + 1); - -- if (!tmp_data) -- break; -+ if (!tmp_data) -+ break; - -- (*policy)->data = tmp_data; -- memcpy(&(*policy)->data[(*policy)->length], -- buf, n); -- (*policy)->length += n; -- (*policy)->data[(*policy)->length] = '\0'; -- } -- BIO_free_all(b); -+ (*policy)->data = tmp_data; -+ memcpy(&(*policy)->data[(*policy)->length], buf, n); -+ (*policy)->length += n; -+ (*policy)->data[(*policy)->length] = '\0'; -+ } -+ BIO_free_all(b); - -- if (n < 0) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB); -- X509V3_conf_err(val); -- goto err; -- } -- } -- else if (strncmp(val->value, "text:", 5) == 0) -- { -- val_len = strlen(val->value + 5); -- tmp_data = OPENSSL_realloc((*policy)->data, -- (*policy)->length + val_len + 1); -- if (tmp_data) -- { -- (*policy)->data = tmp_data; -- memcpy(&(*policy)->data[(*policy)->length], -- val->value + 5, val_len); -- (*policy)->length += val_len; -- (*policy)->data[(*policy)->length] = '\0'; -- } -- else -- { -- /* realloc failure implies the original data space is b0rked too! */ -- (*policy)->data = NULL; -- (*policy)->length = 0; -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); -- X509V3_conf_err(val); -- goto err; -- } -- } -- else -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); -- X509V3_conf_err(val); -- goto err; -- } -- if (!tmp_data) -- { -- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); -- X509V3_conf_err(val); -- goto err; -- } -- } -- return 1; --err: -- if (free_policy) -- { -- ASN1_OCTET_STRING_free(*policy); -- *policy = NULL; -- } -- return 0; -- } -+ if (n < 0) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ } else if (strncmp(val->value, "text:", 5) == 0) { -+ val_len = strlen(val->value + 5); -+ tmp_data = OPENSSL_realloc((*policy)->data, -+ (*policy)->length + val_len + 1); -+ if (tmp_data) { -+ (*policy)->data = tmp_data; -+ memcpy(&(*policy)->data[(*policy)->length], -+ val->value + 5, val_len); -+ (*policy)->length += val_len; -+ (*policy)->data[(*policy)->length] = '\0'; -+ } else { -+ /* -+ * realloc failure implies the original data space is b0rked -+ * too! -+ */ -+ (*policy)->data = NULL; -+ (*policy)->length = 0; -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ } else { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, -+ X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ if (!tmp_data) { -+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ } -+ return 1; -+ err: -+ if (free_policy) { -+ ASN1_OCTET_STRING_free(*policy); -+ *policy = NULL; -+ } -+ return 0; -+} - - static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, char *value) -- { -- PROXY_CERT_INFO_EXTENSION *pci = NULL; -- STACK_OF(CONF_VALUE) *vals; -- ASN1_OBJECT *language = NULL; -- ASN1_INTEGER *pathlen = NULL; -- ASN1_OCTET_STRING *policy = NULL; -- int i, j; -+ X509V3_CTX *ctx, char *value) -+{ -+ PROXY_CERT_INFO_EXTENSION *pci = NULL; -+ STACK_OF(CONF_VALUE) *vals; -+ ASN1_OBJECT *language = NULL; -+ ASN1_INTEGER *pathlen = NULL; -+ ASN1_OCTET_STRING *policy = NULL; -+ int i, j; - -- vals = X509V3_parse_list(value); -- for (i = 0; i < sk_CONF_VALUE_num(vals); i++) -- { -- CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); -- if (!cnf->name || (*cnf->name != '@' && !cnf->value)) -- { -- X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING); -- X509V3_conf_err(cnf); -- goto err; -- } -- if (*cnf->name == '@') -- { -- STACK_OF(CONF_VALUE) *sect; -- int success_p = 1; -+ vals = X509V3_parse_list(value); -+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { -+ CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); -+ if (!cnf->name || (*cnf->name != '@' && !cnf->value)) { -+ X509V3err(X509V3_F_R2I_PCI, -+ X509V3_R_INVALID_PROXY_POLICY_SETTING); -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ if (*cnf->name == '@') { -+ STACK_OF(CONF_VALUE) *sect; -+ int success_p = 1; - -- sect = X509V3_get_section(ctx, cnf->name + 1); -- if (!sect) -- { -- X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION); -- X509V3_conf_err(cnf); -- goto err; -- } -- for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) -- { -- success_p = -- process_pci_value(sk_CONF_VALUE_value(sect, j), -- &language, &pathlen, &policy); -- } -- X509V3_section_free(ctx, sect); -- if (!success_p) -- goto err; -- } -- else -- { -- if (!process_pci_value(cnf, -- &language, &pathlen, &policy)) -- { -- X509V3_conf_err(cnf); -- goto err; -- } -- } -- } -+ sect = X509V3_get_section(ctx, cnf->name + 1); -+ if (!sect) { -+ X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION); -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) { -+ success_p = -+ process_pci_value(sk_CONF_VALUE_value(sect, j), -+ &language, &pathlen, &policy); -+ } -+ X509V3_section_free(ctx, sect); -+ if (!success_p) -+ goto err; -+ } else { -+ if (!process_pci_value(cnf, &language, &pathlen, &policy)) { -+ X509V3_conf_err(cnf); -+ goto err; -+ } -+ } -+ } - -- /* Language is mandatory */ -- if (!language) -- { -- X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); -- goto err; -- } -- i = OBJ_obj2nid(language); -- if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) -- { -- X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); -- goto err; -- } -+ /* Language is mandatory */ -+ if (!language) { -+ X509V3err(X509V3_F_R2I_PCI, -+ X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); -+ goto err; -+ } -+ i = OBJ_obj2nid(language); -+ if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) { -+ X509V3err(X509V3_F_R2I_PCI, -+ X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); -+ goto err; -+ } - -- pci = PROXY_CERT_INFO_EXTENSION_new(); -- if (!pci) -- { -- X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); -- goto err; -- } -+ pci = PROXY_CERT_INFO_EXTENSION_new(); -+ if (!pci) { -+ X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - -- pci->proxyPolicy->policyLanguage = language; language = NULL; -- pci->proxyPolicy->policy = policy; policy = NULL; -- pci->pcPathLengthConstraint = pathlen; pathlen = NULL; -- goto end; --err: -- if (language) { ASN1_OBJECT_free(language); language = NULL; } -- if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; } -- if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; } -- if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; } --end: -- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); -- return pci; -- } -+ pci->proxyPolicy->policyLanguage = language; -+ language = NULL; -+ pci->proxyPolicy->policy = policy; -+ policy = NULL; -+ pci->pcPathLengthConstraint = pathlen; -+ pathlen = NULL; -+ goto end; -+ err: -+ if (language) { -+ ASN1_OBJECT_free(language); -+ language = NULL; -+ } -+ if (pathlen) { -+ ASN1_INTEGER_free(pathlen); -+ pathlen = NULL; -+ } -+ if (policy) { -+ ASN1_OCTET_STRING_free(policy); -+ policy = NULL; -+ } -+ if (pci) { -+ PROXY_CERT_INFO_EXTENSION_free(pci); -+ pci = NULL; -+ } -+ end: -+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); -+ return pci; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c -index bb362e0..350b398 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c -@@ -1,6 +1,7 @@ - /* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */ --/* Contributed to the OpenSSL Project 2004 -- * by Richard Levitte (richard@levitte.org) -+/* -+ * Contributed to the OpenSSL Project 2004 by Richard Levitte -+ * (richard@levitte.org) - */ - /* Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). -@@ -39,17 +40,17 @@ - #include - - ASN1_SEQUENCE(PROXY_POLICY) = -- { -- ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), -- ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) -+ { -+ ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), -+ ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) - } ASN1_SEQUENCE_END(PROXY_POLICY) - - IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) - - ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = -- { -- ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), -- ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) -+ { -+ ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), -+ ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) - } ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) - - IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c -index 86c0ff7..6a5f337 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c -@@ -1,5 +1,6 @@ - /* v3_pcons.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include "cryptlib.h" - #include -@@ -65,72 +65,77 @@ - #include - - static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, -- void *bcons, STACK_OF(CONF_VALUE) *extlist); -+ void *bcons, -+ STACK_OF(CONF_VALUE) -+ *extlist); - static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *values); - - const X509V3_EXT_METHOD v3_policy_constraints = { --NID_policy_constraints, 0, --ASN1_ITEM_ref(POLICY_CONSTRAINTS), --0,0,0,0, --0,0, --i2v_POLICY_CONSTRAINTS, --v2i_POLICY_CONSTRAINTS, --NULL,NULL, --NULL -+ NID_policy_constraints, 0, -+ ASN1_ITEM_ref(POLICY_CONSTRAINTS), -+ 0, 0, 0, 0, -+ 0, 0, -+ i2v_POLICY_CONSTRAINTS, -+ v2i_POLICY_CONSTRAINTS, -+ NULL, NULL, -+ NULL - }; - - ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { -- ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), -- ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) -+ ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), -+ ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) - } ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) - - IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) - -- - static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, -- void *a, STACK_OF(CONF_VALUE) *extlist) -+ void *a, -+ STACK_OF(CONF_VALUE) -+ *extlist) - { -- POLICY_CONSTRAINTS *pcons = a; -- X509V3_add_value_int("Require Explicit Policy", -- pcons->requireExplicitPolicy, &extlist); -- X509V3_add_value_int("Inhibit Policy Mapping", -- pcons->inhibitPolicyMapping, &extlist); -- return extlist; -+ POLICY_CONSTRAINTS *pcons = a; -+ X509V3_add_value_int("Require Explicit Policy", -+ pcons->requireExplicitPolicy, &extlist); -+ X509V3_add_value_int("Inhibit Policy Mapping", -+ pcons->inhibitPolicyMapping, &extlist); -+ return extlist; - } - - static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) -+ X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *values) - { -- POLICY_CONSTRAINTS *pcons=NULL; -- CONF_VALUE *val; -- int i; -- if(!(pcons = POLICY_CONSTRAINTS_new())) { -- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- for(i = 0; i < sk_CONF_VALUE_num(values); i++) { -- val = sk_CONF_VALUE_value(values, i); -- if(!strcmp(val->name, "requireExplicitPolicy")) { -- if(!X509V3_get_value_int(val, -- &pcons->requireExplicitPolicy)) goto err; -- } else if(!strcmp(val->name, "inhibitPolicyMapping")) { -- if(!X509V3_get_value_int(val, -- &pcons->inhibitPolicyMapping)) goto err; -- } else { -- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); -- X509V3_conf_err(val); -- goto err; -- } -- } -- if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { -- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION); -- goto err; -- } -+ POLICY_CONSTRAINTS *pcons = NULL; -+ CONF_VALUE *val; -+ int i; -+ if (!(pcons = POLICY_CONSTRAINTS_new())) { -+ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { -+ val = sk_CONF_VALUE_value(values, i); -+ if (!strcmp(val->name, "requireExplicitPolicy")) { -+ if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) -+ goto err; -+ } else if (!strcmp(val->name, "inhibitPolicyMapping")) { -+ if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) -+ goto err; -+ } else { -+ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); -+ X509V3_conf_err(val); -+ goto err; -+ } -+ } -+ if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { -+ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, -+ X509V3_R_ILLEGAL_EMPTY_EXTENSION); -+ goto err; -+ } - -- return pcons; -- err: -- POLICY_CONSTRAINTS_free(pcons); -- return NULL; -+ return pcons; -+ err: -+ POLICY_CONSTRAINTS_free(pcons); -+ return NULL; - } -- -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c -index 076f3ff..dd01c44 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c -@@ -1,6 +1,7 @@ - /* v3_pku.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -62,42 +63,47 @@ - #include - #include - --static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); -+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, -+ PKEY_USAGE_PERIOD *usage, BIO *out, -+ int indent); - /* --static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); --*/ -+ * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, -+ * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); -+ */ - const X509V3_EXT_METHOD v3_pkey_usage_period = { --NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), --0,0,0,0, --0,0,0,0, --(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, --NULL -+ NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), -+ 0, 0, 0, 0, -+ 0, 0, 0, 0, -+ (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, -+ NULL - }; - - ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = { -- ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), -- ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) -+ ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), -+ ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) - } ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD) - - IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) - - static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, -- PKEY_USAGE_PERIOD *usage, BIO *out, int indent) -+ PKEY_USAGE_PERIOD *usage, BIO *out, -+ int indent) - { -- BIO_printf(out, "%*s", indent, ""); -- if(usage->notBefore) { -- BIO_write(out, "Not Before: ", 12); -- ASN1_GENERALIZEDTIME_print(out, usage->notBefore); -- if(usage->notAfter) BIO_write(out, ", ", 2); -- } -- if(usage->notAfter) { -- BIO_write(out, "Not After: ", 11); -- ASN1_GENERALIZEDTIME_print(out, usage->notAfter); -- } -- return 1; -+ BIO_printf(out, "%*s", indent, ""); -+ if (usage->notBefore) { -+ BIO_write(out, "Not Before: ", 12); -+ ASN1_GENERALIZEDTIME_print(out, usage->notBefore); -+ if (usage->notAfter) -+ BIO_write(out, ", ", 2); -+ } -+ if (usage->notAfter) { -+ BIO_write(out, "Not After: ", 11); -+ ASN1_GENERALIZEDTIME_print(out, usage->notAfter); -+ } -+ return 1; - } - --/* -+/*- - static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values) - X509V3_EXT_METHOD *method; - X509V3_CTX *ctx; -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c -index da03bbc..22e9e58 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c -@@ -1,5 +1,6 @@ - /* v3_pmaps.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,7 +57,6 @@ - * - */ - -- - #include - #include "cryptlib.h" - #include -@@ -64,90 +64,94 @@ - #include - - static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, -- void *pmps, STACK_OF(CONF_VALUE) *extlist); -+ void *pmps, -+ STACK_OF(CONF_VALUE) -+ *extlist); - - const X509V3_EXT_METHOD v3_policy_mappings = { -- NID_policy_mappings, 0, -- ASN1_ITEM_ref(POLICY_MAPPINGS), -- 0,0,0,0, -- 0,0, -- i2v_POLICY_MAPPINGS, -- v2i_POLICY_MAPPINGS, -- 0,0, -- NULL -+ NID_policy_mappings, 0, -+ ASN1_ITEM_ref(POLICY_MAPPINGS), -+ 0, 0, 0, 0, -+ 0, 0, -+ i2v_POLICY_MAPPINGS, -+ v2i_POLICY_MAPPINGS, -+ 0, 0, -+ NULL - }; - - ASN1_SEQUENCE(POLICY_MAPPING) = { -- ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), -- ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) -+ ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), -+ ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) - } ASN1_SEQUENCE_END(POLICY_MAPPING) - --ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = -- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, -- POLICY_MAPPING) -+ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = -+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, -+ POLICY_MAPPING) - ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) - - IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) - -- - static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, -- void *a, STACK_OF(CONF_VALUE) *ext_list) -+ void *a, STACK_OF(CONF_VALUE) -+ *ext_list) - { -- POLICY_MAPPINGS *pmaps = a; -- POLICY_MAPPING *pmap; -- int i; -- char obj_tmp1[80]; -- char obj_tmp2[80]; -- for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { -- pmap = sk_POLICY_MAPPING_value(pmaps, i); -- i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); -- i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); -- X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); -- } -- return ext_list; -+ POLICY_MAPPINGS *pmaps = a; -+ POLICY_MAPPING *pmap; -+ int i; -+ char obj_tmp1[80]; -+ char obj_tmp2[80]; -+ for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { -+ pmap = sk_POLICY_MAPPING_value(pmaps, i); -+ i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); -+ i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); -+ X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); -+ } -+ return ext_list; - } - - static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) - { -- POLICY_MAPPINGS *pmaps; -- POLICY_MAPPING *pmap; -- ASN1_OBJECT *obj1, *obj2; -- CONF_VALUE *val; -- int i; -+ POLICY_MAPPINGS *pmaps; -+ POLICY_MAPPING *pmap; -+ ASN1_OBJECT *obj1, *obj2; -+ CONF_VALUE *val; -+ int i; - -- if(!(pmaps = sk_POLICY_MAPPING_new_null())) { -- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -+ if (!(pmaps = sk_POLICY_MAPPING_new_null())) { -+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } - -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- val = sk_CONF_VALUE_value(nval, i); -- if(!val->value || !val->name) { -- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); -- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); -- X509V3_conf_err(val); -- return NULL; -- } -- obj1 = OBJ_txt2obj(val->name, 0); -- obj2 = OBJ_txt2obj(val->value, 0); -- if(!obj1 || !obj2) { -- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); -- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); -- X509V3_conf_err(val); -- return NULL; -- } -- pmap = POLICY_MAPPING_new(); -- if (!pmap) { -- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); -- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- pmap->issuerDomainPolicy = obj1; -- pmap->subjectDomainPolicy = obj2; -- sk_POLICY_MAPPING_push(pmaps, pmap); -- } -- return pmaps; -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ val = sk_CONF_VALUE_value(nval, i); -+ if (!val->value || !val->name) { -+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); -+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, -+ X509V3_R_INVALID_OBJECT_IDENTIFIER); -+ X509V3_conf_err(val); -+ return NULL; -+ } -+ obj1 = OBJ_txt2obj(val->name, 0); -+ obj2 = OBJ_txt2obj(val->value, 0); -+ if (!obj1 || !obj2) { -+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); -+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, -+ X509V3_R_INVALID_OBJECT_IDENTIFIER); -+ X509V3_conf_err(val); -+ return NULL; -+ } -+ pmap = POLICY_MAPPING_new(); -+ if (!pmap) { -+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); -+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ pmap->issuerDomainPolicy = obj1; -+ pmap->subjectDomainPolicy = obj2; -+ sk_POLICY_MAPPING_push(pmaps, pmap); -+ } -+ return pmaps; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c -index c1bb17f..4ae463e 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c -@@ -1,6 +1,7 @@ - /* v3_prn.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,171 +65,195 @@ - - /* Extension printing routines */ - --static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported); -+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, -+ unsigned long flag, int indent, int supported); - - /* Print out a name+value stack */ - --void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) -+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, -+ int ml) - { -- int i; -- CONF_VALUE *nval; -- if(!val) return; -- if(!ml || !sk_CONF_VALUE_num(val)) { -- BIO_printf(out, "%*s", indent, ""); -- if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "\n"); -- } -- for(i = 0; i < sk_CONF_VALUE_num(val); i++) { -- if(ml) BIO_printf(out, "%*s", indent, ""); -- else if(i > 0) BIO_printf(out, ", "); -- nval = sk_CONF_VALUE_value(val, i); -- if(!nval->name) BIO_puts(out, nval->value); -- else if(!nval->value) BIO_puts(out, nval->name); -+ int i; -+ CONF_VALUE *nval; -+ if (!val) -+ return; -+ if (!ml || !sk_CONF_VALUE_num(val)) { -+ BIO_printf(out, "%*s", indent, ""); -+ if (!sk_CONF_VALUE_num(val)) -+ BIO_puts(out, "\n"); -+ } -+ for (i = 0; i < sk_CONF_VALUE_num(val); i++) { -+ if (ml) -+ BIO_printf(out, "%*s", indent, ""); -+ else if (i > 0) -+ BIO_printf(out, ", "); -+ nval = sk_CONF_VALUE_value(val, i); -+ if (!nval->name) -+ BIO_puts(out, nval->value); -+ else if (!nval->value) -+ BIO_puts(out, nval->name); - #ifndef CHARSET_EBCDIC -- else BIO_printf(out, "%s:%s", nval->name, nval->value); -+ else -+ BIO_printf(out, "%s:%s", nval->name, nval->value); - #else -- else { -- int len; -- char *tmp; -- len = strlen(nval->value)+1; -- tmp = OPENSSL_malloc(len); -- if (tmp) -- { -- ascii2ebcdic(tmp, nval->value, len); -- BIO_printf(out, "%s:%s", nval->name, tmp); -- OPENSSL_free(tmp); -- } -- } -+ else { -+ int len; -+ char *tmp; -+ len = strlen(nval->value) + 1; -+ tmp = OPENSSL_malloc(len); -+ if (tmp) { -+ ascii2ebcdic(tmp, nval->value, len); -+ BIO_printf(out, "%s:%s", nval->name, tmp); -+ OPENSSL_free(tmp); -+ } -+ } - #endif -- if(ml) BIO_puts(out, "\n"); -- } -+ if (ml) -+ BIO_puts(out, "\n"); -+ } - } - - /* Main routine: print out a general extension */ - --int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent) -+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, -+ int indent) - { -- void *ext_str = NULL; -- char *value = NULL; -- const unsigned char *p; -- X509V3_EXT_METHOD *method; -- STACK_OF(CONF_VALUE) *nval = NULL; -- int ok = 1; -- -- if(!(method = X509V3_EXT_get(ext))) -- return unknown_ext_print(out, ext, flag, indent, 0); -- p = ext->value->data; -- if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); -- else ext_str = method->d2i(NULL, &p, ext->value->length); -- -- if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1); -- -- if(method->i2s) { -- if(!(value = method->i2s(method, ext_str))) { -- ok = 0; -- goto err; -- } -+ void *ext_str = NULL; -+ char *value = NULL; -+ const unsigned char *p; -+ X509V3_EXT_METHOD *method; -+ STACK_OF(CONF_VALUE) *nval = NULL; -+ int ok = 1; -+ -+ if (!(method = X509V3_EXT_get(ext))) -+ return unknown_ext_print(out, ext, flag, indent, 0); -+ p = ext->value->data; -+ if (method->it) -+ ext_str = -+ ASN1_item_d2i(NULL, &p, ext->value->length, -+ ASN1_ITEM_ptr(method->it)); -+ else -+ ext_str = method->d2i(NULL, &p, ext->value->length); -+ -+ if (!ext_str) -+ return unknown_ext_print(out, ext, flag, indent, 1); -+ -+ if (method->i2s) { -+ if (!(value = method->i2s(method, ext_str))) { -+ ok = 0; -+ goto err; -+ } - #ifndef CHARSET_EBCDIC -- BIO_printf(out, "%*s%s", indent, "", value); -+ BIO_printf(out, "%*s%s", indent, "", value); - #else -- { -- int len; -- char *tmp; -- len = strlen(value)+1; -- tmp = OPENSSL_malloc(len); -- if (tmp) -- { -- ascii2ebcdic(tmp, value, len); -- BIO_printf(out, "%*s%s", indent, "", tmp); -- OPENSSL_free(tmp); -- } -- } -+ { -+ int len; -+ char *tmp; -+ len = strlen(value) + 1; -+ tmp = OPENSSL_malloc(len); -+ if (tmp) { -+ ascii2ebcdic(tmp, value, len); -+ BIO_printf(out, "%*s%s", indent, "", tmp); -+ OPENSSL_free(tmp); -+ } -+ } - #endif -- } else if(method->i2v) { -- if(!(nval = method->i2v(method, ext_str, NULL))) { -- ok = 0; -- goto err; -- } -- X509V3_EXT_val_prn(out, nval, indent, -- method->ext_flags & X509V3_EXT_MULTILINE); -- } else if(method->i2r) { -- if(!method->i2r(method, ext_str, out, indent)) ok = 0; -- } else ok = 0; -- -- err: -- sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); -- if(value) OPENSSL_free(value); -- if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); -- else method->ext_free(ext_str); -- return ok; -+ } else if (method->i2v) { -+ if (!(nval = method->i2v(method, ext_str, NULL))) { -+ ok = 0; -+ goto err; -+ } -+ X509V3_EXT_val_prn(out, nval, indent, -+ method->ext_flags & X509V3_EXT_MULTILINE); -+ } else if (method->i2r) { -+ if (!method->i2r(method, ext_str, out, indent)) -+ ok = 0; -+ } else -+ ok = 0; -+ -+ err: -+ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); -+ if (value) -+ OPENSSL_free(value); -+ if (method->it) -+ ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); -+ else -+ method->ext_free(ext_str); -+ return ok; - } - --int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) -+int X509V3_extensions_print(BIO *bp, char *title, -+ STACK_OF(X509_EXTENSION) *exts, -+ unsigned long flag, int indent) - { -- int i, j; -- -- if(sk_X509_EXTENSION_num(exts) <= 0) return 1; -- -- if(title) -- { -- BIO_printf(bp,"%*s%s:\n",indent, "", title); -- indent += 4; -- } -- -- for (i=0; ivalue); -- } -- if (BIO_write(bp,"\n",1) <= 0) return 0; -- } -- return 1; -+ int i, j; -+ -+ if (sk_X509_EXTENSION_num(exts) <= 0) -+ return 1; -+ -+ if (title) { -+ BIO_printf(bp, "%*s%s:\n", indent, "", title); -+ indent += 4; -+ } -+ -+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { -+ ASN1_OBJECT *obj; -+ X509_EXTENSION *ex; -+ ex = sk_X509_EXTENSION_value(exts, i); -+ if (indent && BIO_printf(bp, "%*s", indent, "") <= 0) -+ return 0; -+ obj = X509_EXTENSION_get_object(ex); -+ i2a_ASN1_OBJECT(bp, obj); -+ j = X509_EXTENSION_get_critical(ex); -+ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) -+ return 0; -+ if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { -+ BIO_printf(bp, "%*s", indent + 4, ""); -+ M_ASN1_OCTET_STRING_print(bp, ex->value); -+ } -+ if (BIO_write(bp, "\n", 1) <= 0) -+ return 0; -+ } -+ return 1; - } - --static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported) -+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, -+ unsigned long flag, int indent, int supported) - { -- switch(flag & X509V3_EXT_UNKNOWN_MASK) { -- -- case X509V3_EXT_DEFAULT: -- return 0; -- -- case X509V3_EXT_ERROR_UNKNOWN: -- if(supported) -- BIO_printf(out, "%*s", indent, ""); -- else -- BIO_printf(out, "%*s", indent, ""); -- return 1; -- -- case X509V3_EXT_PARSE_UNKNOWN: -- return ASN1_parse_dump(out, -- ext->value->data, ext->value->length, indent, -1); -- case X509V3_EXT_DUMP_UNKNOWN: -- return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent); -- -- default: -- return 1; -- } -+ switch (flag & X509V3_EXT_UNKNOWN_MASK) { -+ -+ case X509V3_EXT_DEFAULT: -+ return 0; -+ -+ case X509V3_EXT_ERROR_UNKNOWN: -+ if (supported) -+ BIO_printf(out, "%*s", indent, ""); -+ else -+ BIO_printf(out, "%*s", indent, ""); -+ return 1; -+ -+ case X509V3_EXT_PARSE_UNKNOWN: -+ return ASN1_parse_dump(out, -+ ext->value->data, ext->value->length, indent, -+ -1); -+ case X509V3_EXT_DUMP_UNKNOWN: -+ return BIO_dump_indent(out, (char *)ext->value->data, -+ ext->value->length, indent); -+ -+ default: -+ return 1; -+ } - } -- - - #ifndef OPENSSL_NO_FP_API - int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) - { -- BIO *bio_tmp; -- int ret; -- if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; -- ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); -- BIO_free(bio_tmp); -- return ret; -+ BIO *bio_tmp; -+ int ret; -+ if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) -+ return 0; -+ ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); -+ BIO_free(bio_tmp); -+ return ret; - } - #endif -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c -index e18751e..6ff1521 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c -@@ -1,6 +1,7 @@ - /* v3_purp.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2001. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 2001. - */ - /* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -64,29 +65,42 @@ - static void x509v3_cache_extensions(X509 *x); - - static int check_ssl_ca(const X509 *x); --static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); --static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); --static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); -+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, -+ int ca); -+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, -+ int ca); -+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, -+ int ca); - static int purpose_smime(const X509 *x, int ca); --static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca); --static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca); --static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca); -+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, -+ int ca); -+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, -+ int ca); -+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, -+ int ca); - static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); - static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); - --static int xp_cmp(const X509_PURPOSE * const *a, -- const X509_PURPOSE * const *b); -+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b); - static void xptable_free(X509_PURPOSE *p); - - static X509_PURPOSE xstandard[] = { -- {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL}, -- {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL}, -- {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, -- {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, -- {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, -- {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, -- {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, -- {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL}, -+ {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, -+ check_purpose_ssl_client, "SSL client", "sslclient", NULL}, -+ {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, -+ check_purpose_ssl_server, "SSL server", "sslserver", NULL}, -+ {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, -+ check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, -+ {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, -+ "S/MIME signing", "smimesign", NULL}, -+ {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, -+ check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, -+ {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, -+ "CRL signing", "crlsign", NULL}, -+ {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", -+ NULL}, -+ {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, -+ "OCSP helper", "ocsphelper", NULL}, - }; - - #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) -@@ -95,348 +109,367 @@ IMPLEMENT_STACK_OF(X509_PURPOSE) - - static STACK_OF(X509_PURPOSE) *xptable = NULL; - --static int xp_cmp(const X509_PURPOSE * const *a, -- const X509_PURPOSE * const *b) -+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) - { -- return (*a)->purpose - (*b)->purpose; -+ return (*a)->purpose - (*b)->purpose; - } - --/* As much as I'd like to make X509_check_purpose use a "const" X509* -- * I really can't because it does recalculate hashes and do other non-const -- * things. */ -+/* -+ * As much as I'd like to make X509_check_purpose use a "const" X509* I -+ * really can't because it does recalculate hashes and do other non-const -+ * things. -+ */ - int X509_check_purpose(X509 *x, int id, int ca) - { -- int idx; -- const X509_PURPOSE *pt; -- if(!(x->ex_flags & EXFLAG_SET)) { -- CRYPTO_w_lock(CRYPTO_LOCK_X509); -- x509v3_cache_extensions(x); -- CRYPTO_w_unlock(CRYPTO_LOCK_X509); -- } -- if(id == -1) return 1; -- idx = X509_PURPOSE_get_by_id(id); -- if(idx == -1) return -1; -- pt = X509_PURPOSE_get0(idx); -- return pt->check_purpose(pt, x, ca); -+ int idx; -+ const X509_PURPOSE *pt; -+ if (!(x->ex_flags & EXFLAG_SET)) { -+ CRYPTO_w_lock(CRYPTO_LOCK_X509); -+ x509v3_cache_extensions(x); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509); -+ } -+ if (id == -1) -+ return 1; -+ idx = X509_PURPOSE_get_by_id(id); -+ if (idx == -1) -+ return -1; -+ pt = X509_PURPOSE_get0(idx); -+ return pt->check_purpose(pt, x, ca); - } - - int X509_PURPOSE_set(int *p, int purpose) - { -- if(X509_PURPOSE_get_by_id(purpose) == -1) { -- X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE); -- return 0; -- } -- *p = purpose; -- return 1; -+ if (X509_PURPOSE_get_by_id(purpose) == -1) { -+ X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE); -+ return 0; -+ } -+ *p = purpose; -+ return 1; - } - - int X509_PURPOSE_get_count(void) - { -- if(!xptable) return X509_PURPOSE_COUNT; -- return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; -+ if (!xptable) -+ return X509_PURPOSE_COUNT; -+ return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; - } - --X509_PURPOSE * X509_PURPOSE_get0(int idx) -+X509_PURPOSE *X509_PURPOSE_get0(int idx) - { -- if(idx < 0) return NULL; -- if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx; -- return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); -+ if (idx < 0) -+ return NULL; -+ if (idx < (int)X509_PURPOSE_COUNT) -+ return xstandard + idx; -+ return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); - } - - int X509_PURPOSE_get_by_sname(char *sname) - { -- int i; -- X509_PURPOSE *xptmp; -- for(i = 0; i < X509_PURPOSE_get_count(); i++) { -- xptmp = X509_PURPOSE_get0(i); -- if(!strcmp(xptmp->sname, sname)) return i; -- } -- return -1; -+ int i; -+ X509_PURPOSE *xptmp; -+ for (i = 0; i < X509_PURPOSE_get_count(); i++) { -+ xptmp = X509_PURPOSE_get0(i); -+ if (!strcmp(xptmp->sname, sname)) -+ return i; -+ } -+ return -1; - } - - int X509_PURPOSE_get_by_id(int purpose) - { -- X509_PURPOSE tmp; -- int idx; -- if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) -- return purpose - X509_PURPOSE_MIN; -- tmp.purpose = purpose; -- if(!xptable) return -1; -- idx = sk_X509_PURPOSE_find(xptable, &tmp); -- if(idx == -1) return -1; -- return idx + X509_PURPOSE_COUNT; -+ X509_PURPOSE tmp; -+ int idx; -+ if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) -+ return purpose - X509_PURPOSE_MIN; -+ tmp.purpose = purpose; -+ if (!xptable) -+ return -1; -+ idx = sk_X509_PURPOSE_find(xptable, &tmp); -+ if (idx == -1) -+ return -1; -+ return idx + X509_PURPOSE_COUNT; - } - - int X509_PURPOSE_add(int id, int trust, int flags, -- int (*ck)(const X509_PURPOSE *, const X509 *, int), -- char *name, char *sname, void *arg) -+ int (*ck) (const X509_PURPOSE *, const X509 *, int), -+ char *name, char *sname, void *arg) - { -- int idx; -- X509_PURPOSE *ptmp; -- /* This is set according to what we change: application can't set it */ -- flags &= ~X509_PURPOSE_DYNAMIC; -- /* This will always be set for application modified trust entries */ -- flags |= X509_PURPOSE_DYNAMIC_NAME; -- /* Get existing entry if any */ -- idx = X509_PURPOSE_get_by_id(id); -- /* Need a new entry */ -- if(idx == -1) { -- if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { -- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- ptmp->flags = X509_PURPOSE_DYNAMIC; -- } else ptmp = X509_PURPOSE_get0(idx); -- -- /* OPENSSL_free existing name if dynamic */ -- if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { -- OPENSSL_free(ptmp->name); -- OPENSSL_free(ptmp->sname); -- } -- /* dup supplied name */ -- ptmp->name = BUF_strdup(name); -- ptmp->sname = BUF_strdup(sname); -- if(!ptmp->name || !ptmp->sname) { -- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- /* Keep the dynamic flag of existing entry */ -- ptmp->flags &= X509_PURPOSE_DYNAMIC; -- /* Set all other flags */ -- ptmp->flags |= flags; -- -- ptmp->purpose = id; -- ptmp->trust = trust; -- ptmp->check_purpose = ck; -- ptmp->usr_data = arg; -- -- /* If its a new entry manage the dynamic table */ -- if(idx == -1) { -- if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { -- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- if (!sk_X509_PURPOSE_push(xptable, ptmp)) { -- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); -- return 0; -- } -- } -- return 1; -+ int idx; -+ X509_PURPOSE *ptmp; -+ /* -+ * This is set according to what we change: application can't set it -+ */ -+ flags &= ~X509_PURPOSE_DYNAMIC; -+ /* This will always be set for application modified trust entries */ -+ flags |= X509_PURPOSE_DYNAMIC_NAME; -+ /* Get existing entry if any */ -+ idx = X509_PURPOSE_get_by_id(id); -+ /* Need a new entry */ -+ if (idx == -1) { -+ if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { -+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ ptmp->flags = X509_PURPOSE_DYNAMIC; -+ } else -+ ptmp = X509_PURPOSE_get0(idx); -+ -+ /* OPENSSL_free existing name if dynamic */ -+ if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { -+ OPENSSL_free(ptmp->name); -+ OPENSSL_free(ptmp->sname); -+ } -+ /* dup supplied name */ -+ ptmp->name = BUF_strdup(name); -+ ptmp->sname = BUF_strdup(sname); -+ if (!ptmp->name || !ptmp->sname) { -+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ /* Keep the dynamic flag of existing entry */ -+ ptmp->flags &= X509_PURPOSE_DYNAMIC; -+ /* Set all other flags */ -+ ptmp->flags |= flags; -+ -+ ptmp->purpose = id; -+ ptmp->trust = trust; -+ ptmp->check_purpose = ck; -+ ptmp->usr_data = arg; -+ -+ /* If its a new entry manage the dynamic table */ -+ if (idx == -1) { -+ if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { -+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ if (!sk_X509_PURPOSE_push(xptable, ptmp)) { -+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ } -+ return 1; - } - - static void xptable_free(X509_PURPOSE *p) -- { -- if(!p) return; -- if (p->flags & X509_PURPOSE_DYNAMIC) -- { -- if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { -- OPENSSL_free(p->name); -- OPENSSL_free(p->sname); -- } -- OPENSSL_free(p); -- } -- } -+{ -+ if (!p) -+ return; -+ if (p->flags & X509_PURPOSE_DYNAMIC) { -+ if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { -+ OPENSSL_free(p->name); -+ OPENSSL_free(p->sname); -+ } -+ OPENSSL_free(p); -+ } -+} - - void X509_PURPOSE_cleanup(void) - { -- unsigned int i; -- sk_X509_PURPOSE_pop_free(xptable, xptable_free); -- for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); -- xptable = NULL; -+ unsigned int i; -+ sk_X509_PURPOSE_pop_free(xptable, xptable_free); -+ for (i = 0; i < X509_PURPOSE_COUNT; i++) -+ xptable_free(xstandard + i); -+ xptable = NULL; - } - - int X509_PURPOSE_get_id(X509_PURPOSE *xp) - { -- return xp->purpose; -+ return xp->purpose; - } - - char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) - { -- return xp->name; -+ return xp->name; - } - - char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) - { -- return xp->sname; -+ return xp->sname; - } - - int X509_PURPOSE_get_trust(X509_PURPOSE *xp) - { -- return xp->trust; -+ return xp->trust; - } - - static int nid_cmp(int *a, int *b) -- { -- return *a - *b; -- } -+{ -+ return *a - *b; -+} - - int X509_supported_extension(X509_EXTENSION *ex) -- { -- /* This table is a list of the NIDs of supported extensions: -- * that is those which are used by the verify process. If -- * an extension is critical and doesn't appear in this list -- * then the verify process will normally reject the certificate. -- * The list must be kept in numerical order because it will be -- * searched using bsearch. -- */ -- -- static int supported_nids[] = { -- NID_netscape_cert_type, /* 71 */ -- NID_key_usage, /* 83 */ -- NID_subject_alt_name, /* 85 */ -- NID_basic_constraints, /* 87 */ -- NID_certificate_policies, /* 89 */ -- NID_ext_key_usage, /* 126 */ -+{ -+ /* -+ * This table is a list of the NIDs of supported extensions: that is -+ * those which are used by the verify process. If an extension is -+ * critical and doesn't appear in this list then the verify process will -+ * normally reject the certificate. The list must be kept in numerical -+ * order because it will be searched using bsearch. -+ */ -+ -+ static int supported_nids[] = { -+ NID_netscape_cert_type, /* 71 */ -+ NID_key_usage, /* 83 */ -+ NID_subject_alt_name, /* 85 */ -+ NID_basic_constraints, /* 87 */ -+ NID_certificate_policies, /* 89 */ -+ NID_ext_key_usage, /* 126 */ - #ifndef OPENSSL_NO_RFC3779 -- NID_sbgp_ipAddrBlock, /* 290 */ -- NID_sbgp_autonomousSysNum, /* 291 */ -+ NID_sbgp_ipAddrBlock, /* 290 */ -+ NID_sbgp_autonomousSysNum, /* 291 */ - #endif -- NID_policy_constraints, /* 401 */ -- NID_proxyCertInfo, /* 661 */ -- NID_inhibit_any_policy /* 748 */ -- }; -+ NID_policy_constraints, /* 401 */ -+ NID_proxyCertInfo, /* 661 */ -+ NID_inhibit_any_policy /* 748 */ -+ }; - -- int ex_nid; -+ int ex_nid; - -- ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); -+ ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); - -- if (ex_nid == NID_undef) -- return 0; -+ if (ex_nid == NID_undef) -+ return 0; - -- if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, -- sizeof(supported_nids)/sizeof(int), sizeof(int), -- (int (*)(const void *, const void *))nid_cmp)) -- return 1; -- return 0; -- } -- -+ if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, -+ sizeof(supported_nids) / sizeof(int), sizeof(int), -+ (int (*)(const void *, const void *))nid_cmp)) -+ return 1; -+ return 0; -+} - - static void x509v3_cache_extensions(X509 *x) - { -- BASIC_CONSTRAINTS *bs; -- PROXY_CERT_INFO_EXTENSION *pci; -- ASN1_BIT_STRING *usage; -- ASN1_BIT_STRING *ns; -- EXTENDED_KEY_USAGE *extusage; -- X509_EXTENSION *ex; -- -- int i; -- if(x->ex_flags & EXFLAG_SET) return; -+ BASIC_CONSTRAINTS *bs; -+ PROXY_CERT_INFO_EXTENSION *pci; -+ ASN1_BIT_STRING *usage; -+ ASN1_BIT_STRING *ns; -+ EXTENDED_KEY_USAGE *extusage; -+ X509_EXTENSION *ex; -+ -+ int i; -+ if (x->ex_flags & EXFLAG_SET) -+ return; - #ifndef OPENSSL_NO_SHA -- X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); -+ X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); - #endif -- /* Does subject name match issuer ? */ -- if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) -- x->ex_flags |= EXFLAG_SI; -- /* V1 should mean no extensions ... */ -- if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; -- /* Handle basic constraints */ -- if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { -- if(bs->ca) x->ex_flags |= EXFLAG_CA; -- if(bs->pathlen) { -- if((bs->pathlen->type == V_ASN1_NEG_INTEGER) -- || !bs->ca) { -- x->ex_flags |= EXFLAG_INVALID; -- x->ex_pathlen = 0; -- } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); -- } else x->ex_pathlen = -1; -- BASIC_CONSTRAINTS_free(bs); -- x->ex_flags |= EXFLAG_BCONS; -- } -- /* Handle proxy certificates */ -- if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { -- if (x->ex_flags & EXFLAG_CA -- || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 -- || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { -- x->ex_flags |= EXFLAG_INVALID; -- } -- if (pci->pcPathLengthConstraint) { -- x->ex_pcpathlen = -- ASN1_INTEGER_get(pci->pcPathLengthConstraint); -- } else x->ex_pcpathlen = -1; -- PROXY_CERT_INFO_EXTENSION_free(pci); -- x->ex_flags |= EXFLAG_PROXY; -- } -- /* Handle key usage */ -- if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { -- if(usage->length > 0) { -- x->ex_kusage = usage->data[0]; -- if(usage->length > 1) -- x->ex_kusage |= usage->data[1] << 8; -- } else x->ex_kusage = 0; -- x->ex_flags |= EXFLAG_KUSAGE; -- ASN1_BIT_STRING_free(usage); -- } -- x->ex_xkusage = 0; -- if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { -- x->ex_flags |= EXFLAG_XKUSAGE; -- for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { -- switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) { -- case NID_server_auth: -- x->ex_xkusage |= XKU_SSL_SERVER; -- break; -- -- case NID_client_auth: -- x->ex_xkusage |= XKU_SSL_CLIENT; -- break; -- -- case NID_email_protect: -- x->ex_xkusage |= XKU_SMIME; -- break; -- -- case NID_code_sign: -- x->ex_xkusage |= XKU_CODE_SIGN; -- break; -- -- case NID_ms_sgc: -- case NID_ns_sgc: -- x->ex_xkusage |= XKU_SGC; -- break; -- -- case NID_OCSP_sign: -- x->ex_xkusage |= XKU_OCSP_SIGN; -- break; -- -- case NID_time_stamp: -- x->ex_xkusage |= XKU_TIMESTAMP; -- break; -- -- case NID_dvcs: -- x->ex_xkusage |= XKU_DVCS; -- break; -- } -- } -- sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); -- } -- -- if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { -- if(ns->length > 0) x->ex_nscert = ns->data[0]; -- else x->ex_nscert = 0; -- x->ex_flags |= EXFLAG_NSCERT; -- ASN1_BIT_STRING_free(ns); -- } -- x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); -- x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); -+ /* Does subject name match issuer ? */ -+ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) -+ x->ex_flags |= EXFLAG_SI; -+ /* V1 should mean no extensions ... */ -+ if (!X509_get_version(x)) -+ x->ex_flags |= EXFLAG_V1; -+ /* Handle basic constraints */ -+ if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { -+ if (bs->ca) -+ x->ex_flags |= EXFLAG_CA; -+ if (bs->pathlen) { -+ if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) -+ || !bs->ca) { -+ x->ex_flags |= EXFLAG_INVALID; -+ x->ex_pathlen = 0; -+ } else -+ x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); -+ } else -+ x->ex_pathlen = -1; -+ BASIC_CONSTRAINTS_free(bs); -+ x->ex_flags |= EXFLAG_BCONS; -+ } -+ /* Handle proxy certificates */ -+ if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { -+ if (x->ex_flags & EXFLAG_CA -+ || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 -+ || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { -+ x->ex_flags |= EXFLAG_INVALID; -+ } -+ if (pci->pcPathLengthConstraint) { -+ x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint); -+ } else -+ x->ex_pcpathlen = -1; -+ PROXY_CERT_INFO_EXTENSION_free(pci); -+ x->ex_flags |= EXFLAG_PROXY; -+ } -+ /* Handle key usage */ -+ if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { -+ if (usage->length > 0) { -+ x->ex_kusage = usage->data[0]; -+ if (usage->length > 1) -+ x->ex_kusage |= usage->data[1] << 8; -+ } else -+ x->ex_kusage = 0; -+ x->ex_flags |= EXFLAG_KUSAGE; -+ ASN1_BIT_STRING_free(usage); -+ } -+ x->ex_xkusage = 0; -+ if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { -+ x->ex_flags |= EXFLAG_XKUSAGE; -+ for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { -+ switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { -+ case NID_server_auth: -+ x->ex_xkusage |= XKU_SSL_SERVER; -+ break; -+ -+ case NID_client_auth: -+ x->ex_xkusage |= XKU_SSL_CLIENT; -+ break; -+ -+ case NID_email_protect: -+ x->ex_xkusage |= XKU_SMIME; -+ break; -+ -+ case NID_code_sign: -+ x->ex_xkusage |= XKU_CODE_SIGN; -+ break; -+ -+ case NID_ms_sgc: -+ case NID_ns_sgc: -+ x->ex_xkusage |= XKU_SGC; -+ break; -+ -+ case NID_OCSP_sign: -+ x->ex_xkusage |= XKU_OCSP_SIGN; -+ break; -+ -+ case NID_time_stamp: -+ x->ex_xkusage |= XKU_TIMESTAMP; -+ break; -+ -+ case NID_dvcs: -+ x->ex_xkusage |= XKU_DVCS; -+ break; -+ } -+ } -+ sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); -+ } -+ -+ if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { -+ if (ns->length > 0) -+ x->ex_nscert = ns->data[0]; -+ else -+ x->ex_nscert = 0; -+ x->ex_flags |= EXFLAG_NSCERT; -+ ASN1_BIT_STRING_free(ns); -+ } -+ x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); -+ x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); - #ifndef OPENSSL_NO_RFC3779 -- x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); -- x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, -- NULL, NULL); -+ x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); -+ x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, -+ NULL, NULL); - #endif -- for (i = 0; i < X509_get_ext_count(x); i++) -- { -- ex = X509_get_ext(x, i); -- if (!X509_EXTENSION_get_critical(ex)) -- continue; -- if (!X509_supported_extension(ex)) -- { -- x->ex_flags |= EXFLAG_CRITICAL; -- break; -- } -- } -- x->ex_flags |= EXFLAG_SET; -+ for (i = 0; i < X509_get_ext_count(x); i++) { -+ ex = X509_get_ext(x, i); -+ if (!X509_EXTENSION_get_critical(ex)) -+ continue; -+ if (!X509_supported_extension(ex)) { -+ x->ex_flags |= EXFLAG_CRITICAL; -+ break; -+ } -+ } -+ x->ex_flags |= EXFLAG_SET; - } - --/* CA checks common to all purposes -+/*- -+ * CA checks common to all purposes - * return codes: - * 0 not a CA - * 1 is a CA -@@ -447,159 +480,202 @@ static void x509v3_cache_extensions(X509 *x) - - #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) - #define ku_reject(x, usage) \ -- (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -+ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) - #define xku_reject(x, usage) \ -- (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) -+ (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) - #define ns_reject(x, usage) \ -- (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) -+ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) - - static int check_ca(const X509 *x) - { -- /* keyUsage if present should allow cert signing */ -- if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; -- if(x->ex_flags & EXFLAG_BCONS) { -- if(x->ex_flags & EXFLAG_CA) return 1; -- /* If basicConstraints says not a CA then say so */ -- else return 0; -- } else { -- /* we support V1 roots for... uh, I don't really know why. */ -- if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; -- /* If key usage present it must have certSign so tolerate it */ -- else if (x->ex_flags & EXFLAG_KUSAGE) return 4; -- /* Older certificates could have Netscape-specific CA types */ -- else if (x->ex_flags & EXFLAG_NSCERT -- && x->ex_nscert & NS_ANY_CA) return 5; -- /* can this still be regarded a CA certificate? I doubt it */ -- return 0; -- } -+ /* keyUsage if present should allow cert signing */ -+ if (ku_reject(x, KU_KEY_CERT_SIGN)) -+ return 0; -+ if (x->ex_flags & EXFLAG_BCONS) { -+ if (x->ex_flags & EXFLAG_CA) -+ return 1; -+ /* If basicConstraints says not a CA then say so */ -+ else -+ return 0; -+ } else { -+ /* we support V1 roots for... uh, I don't really know why. */ -+ if ((x->ex_flags & V1_ROOT) == V1_ROOT) -+ return 3; -+ /* -+ * If key usage present it must have certSign so tolerate it -+ */ -+ else if (x->ex_flags & EXFLAG_KUSAGE) -+ return 4; -+ /* Older certificates could have Netscape-specific CA types */ -+ else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA) -+ return 5; -+ /* can this still be regarded a CA certificate? I doubt it */ -+ return 0; -+ } - } - - int X509_check_ca(X509 *x) - { -- if(!(x->ex_flags & EXFLAG_SET)) { -- CRYPTO_w_lock(CRYPTO_LOCK_X509); -- x509v3_cache_extensions(x); -- CRYPTO_w_unlock(CRYPTO_LOCK_X509); -- } -+ if (!(x->ex_flags & EXFLAG_SET)) { -+ CRYPTO_w_lock(CRYPTO_LOCK_X509); -+ x509v3_cache_extensions(x); -+ CRYPTO_w_unlock(CRYPTO_LOCK_X509); -+ } - -- return check_ca(x); -+ return check_ca(x); - } - - /* Check SSL CA: common checks for SSL client and server */ - static int check_ssl_ca(const X509 *x) - { -- int ca_ret; -- ca_ret = check_ca(x); -- if(!ca_ret) return 0; -- /* check nsCertType if present */ -- if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret; -- else return 0; -+ int ca_ret; -+ ca_ret = check_ca(x); -+ if (!ca_ret) -+ return 0; -+ /* check nsCertType if present */ -+ if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA) -+ return ca_ret; -+ else -+ return 0; - } - -- --static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) -+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, -+ int ca) - { -- if(xku_reject(x,XKU_SSL_CLIENT)) return 0; -- if(ca) return check_ssl_ca(x); -- /* We need to do digital signatures with it */ -- if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; -- /* nsCertType if present should allow SSL client use */ -- if(ns_reject(x, NS_SSL_CLIENT)) return 0; -- return 1; -+ if (xku_reject(x, XKU_SSL_CLIENT)) -+ return 0; -+ if (ca) -+ return check_ssl_ca(x); -+ /* We need to do digital signatures with it */ -+ if (ku_reject(x, KU_DIGITAL_SIGNATURE)) -+ return 0; -+ /* nsCertType if present should allow SSL client use */ -+ if (ns_reject(x, NS_SSL_CLIENT)) -+ return 0; -+ return 1; - } - --static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) -+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, -+ int ca) - { -- if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; -- if(ca) return check_ssl_ca(x); -+ if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC)) -+ return 0; -+ if (ca) -+ return check_ssl_ca(x); - -- if(ns_reject(x, NS_SSL_SERVER)) return 0; -- /* Now as for keyUsage: we'll at least need to sign OR encipher */ -- if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0; -- -- return 1; -+ if (ns_reject(x, NS_SSL_SERVER)) -+ return 0; -+ /* Now as for keyUsage: we'll at least need to sign OR encipher */ -+ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT)) -+ return 0; -+ -+ return 1; - - } - --static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) -+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, -+ int ca) - { -- int ret; -- ret = check_purpose_ssl_server(xp, x, ca); -- if(!ret || ca) return ret; -- /* We need to encipher or Netscape complains */ -- if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; -- return ret; -+ int ret; -+ ret = check_purpose_ssl_server(xp, x, ca); -+ if (!ret || ca) -+ return ret; -+ /* We need to encipher or Netscape complains */ -+ if (ku_reject(x, KU_KEY_ENCIPHERMENT)) -+ return 0; -+ return ret; - } - - /* common S/MIME checks */ - static int purpose_smime(const X509 *x, int ca) - { -- if(xku_reject(x,XKU_SMIME)) return 0; -- if(ca) { -- int ca_ret; -- ca_ret = check_ca(x); -- if(!ca_ret) return 0; -- /* check nsCertType if present */ -- if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret; -- else return 0; -- } -- if(x->ex_flags & EXFLAG_NSCERT) { -- if(x->ex_nscert & NS_SMIME) return 1; -- /* Workaround for some buggy certificates */ -- if(x->ex_nscert & NS_SSL_CLIENT) return 2; -- return 0; -- } -- return 1; -+ if (xku_reject(x, XKU_SMIME)) -+ return 0; -+ if (ca) { -+ int ca_ret; -+ ca_ret = check_ca(x); -+ if (!ca_ret) -+ return 0; -+ /* check nsCertType if present */ -+ if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) -+ return ca_ret; -+ else -+ return 0; -+ } -+ if (x->ex_flags & EXFLAG_NSCERT) { -+ if (x->ex_nscert & NS_SMIME) -+ return 1; -+ /* Workaround for some buggy certificates */ -+ if (x->ex_nscert & NS_SSL_CLIENT) -+ return 2; -+ return 0; -+ } -+ return 1; - } - --static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) -+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, -+ int ca) - { -- int ret; -- ret = purpose_smime(x, ca); -- if(!ret || ca) return ret; -- if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0; -- return ret; -+ int ret; -+ ret = purpose_smime(x, ca); -+ if (!ret || ca) -+ return ret; -+ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)) -+ return 0; -+ return ret; - } - --static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) -+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, -+ int ca) - { -- int ret; -- ret = purpose_smime(x, ca); -- if(!ret || ca) return ret; -- if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; -- return ret; -+ int ret; -+ ret = purpose_smime(x, ca); -+ if (!ret || ca) -+ return ret; -+ if (ku_reject(x, KU_KEY_ENCIPHERMENT)) -+ return 0; -+ return ret; - } - --static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) -+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, -+ int ca) - { -- if(ca) { -- int ca_ret; -- if((ca_ret = check_ca(x)) != 2) return ca_ret; -- else return 0; -- } -- if(ku_reject(x, KU_CRL_SIGN)) return 0; -- return 1; -+ if (ca) { -+ int ca_ret; -+ if ((ca_ret = check_ca(x)) != 2) -+ return ca_ret; -+ else -+ return 0; -+ } -+ if (ku_reject(x, KU_CRL_SIGN)) -+ return 0; -+ return 1; - } - --/* OCSP helper: this is *not* a full OCSP check. It just checks that -- * each CA is valid. Additional checks must be made on the chain. -+/* -+ * OCSP helper: this is *not* a full OCSP check. It just checks that each CA -+ * is valid. Additional checks must be made on the chain. - */ - - static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) - { -- /* Must be a valid CA. Should we really support the "I don't know" -- value (2)? */ -- if(ca) return check_ca(x); -- /* leaf certificate is checked in OCSP_verify() */ -- return 1; -+ /* -+ * Must be a valid CA. Should we really support the "I don't know" value -+ * (2)? -+ */ -+ if (ca) -+ return check_ca(x); -+ /* leaf certificate is checked in OCSP_verify() */ -+ return 1; - } - - static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) - { -- return 1; -+ return 1; - } - --/* Various checks to see if one certificate issued the second. -+/*- -+ * Various checks to see if one certificate issued the second. - * This can be used to prune a set of possible issuer certificates - * which have been looked up using some simple method such as by - * subject name. -@@ -613,51 +689,48 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) - - int X509_check_issued(X509 *issuer, X509 *subject) - { -- if(X509_NAME_cmp(X509_get_subject_name(issuer), -- X509_get_issuer_name(subject))) -- return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; -- x509v3_cache_extensions(issuer); -- x509v3_cache_extensions(subject); -- if(subject->akid) { -- /* Check key ids (if present) */ -- if(subject->akid->keyid && issuer->skid && -- ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) ) -- return X509_V_ERR_AKID_SKID_MISMATCH; -- /* Check serial number */ -- if(subject->akid->serial && -- ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), -- subject->akid->serial)) -- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; -- /* Check issuer name */ -- if(subject->akid->issuer) { -- /* Ugh, for some peculiar reason AKID includes -- * SEQUENCE OF GeneralName. So look for a DirName. -- * There may be more than one but we only take any -- * notice of the first. -- */ -- GENERAL_NAMES *gens; -- GENERAL_NAME *gen; -- X509_NAME *nm = NULL; -- int i; -- gens = subject->akid->issuer; -- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { -- gen = sk_GENERAL_NAME_value(gens, i); -- if(gen->type == GEN_DIRNAME) { -- nm = gen->d.dirn; -- break; -- } -- } -- if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) -- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; -- } -- } -- if(subject->ex_flags & EXFLAG_PROXY) -- { -- if(ku_reject(issuer, KU_DIGITAL_SIGNATURE)) -- return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; -- } -- else if(ku_reject(issuer, KU_KEY_CERT_SIGN)) -- return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; -- return X509_V_OK; -+ if (X509_NAME_cmp(X509_get_subject_name(issuer), -+ X509_get_issuer_name(subject))) -+ return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; -+ x509v3_cache_extensions(issuer); -+ x509v3_cache_extensions(subject); -+ if (subject->akid) { -+ /* Check key ids (if present) */ -+ if (subject->akid->keyid && issuer->skid && -+ ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid)) -+ return X509_V_ERR_AKID_SKID_MISMATCH; -+ /* Check serial number */ -+ if (subject->akid->serial && -+ ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), -+ subject->akid->serial)) -+ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; -+ /* Check issuer name */ -+ if (subject->akid->issuer) { -+ /* -+ * Ugh, for some peculiar reason AKID includes SEQUENCE OF -+ * GeneralName. So look for a DirName. There may be more than one -+ * but we only take any notice of the first. -+ */ -+ GENERAL_NAMES *gens; -+ GENERAL_NAME *gen; -+ X509_NAME *nm = NULL; -+ int i; -+ gens = subject->akid->issuer; -+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { -+ gen = sk_GENERAL_NAME_value(gens, i); -+ if (gen->type == GEN_DIRNAME) { -+ nm = gen->d.dirn; -+ break; -+ } -+ } -+ if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) -+ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; -+ } -+ } -+ if (subject->ex_flags & EXFLAG_PROXY) { -+ if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) -+ return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; -+ } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) -+ return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; -+ return X509_V_OK; - } -- -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c -index 202c9e4..70c2795 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c -@@ -1,6 +1,7 @@ - /* v3_skey.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -56,89 +57,92 @@ - * - */ - -- - #include - #include "cryptlib.h" - #include - --static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); --const X509V3_EXT_METHOD v3_skey_id = { --NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), --0,0,0,0, --(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, --(X509V3_EXT_S2I)s2i_skey_id, --0,0,0,0, --NULL}; -- --char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, -- ASN1_OCTET_STRING *oct) -+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, -+ X509V3_CTX *ctx, char *str); -+const X509V3_EXT_METHOD v3_skey_id = { -+ NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), -+ 0, 0, 0, 0, -+ (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, -+ (X509V3_EXT_S2I)s2i_skey_id, -+ 0, 0, 0, 0, -+ NULL -+}; -+ -+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) - { -- return hex_to_string(oct->data, oct->length); -+ return hex_to_string(oct->data, oct->length); - } - - ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, char *str) -+ X509V3_CTX *ctx, char *str) - { -- ASN1_OCTET_STRING *oct; -- long length; -+ ASN1_OCTET_STRING *oct; -+ long length; - -- if(!(oct = M_ASN1_OCTET_STRING_new())) { -- X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -+ if (!(oct = M_ASN1_OCTET_STRING_new())) { -+ X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } - -- if(!(oct->data = string_to_hex(str, &length))) { -- M_ASN1_OCTET_STRING_free(oct); -- return NULL; -- } -+ if (!(oct->data = string_to_hex(str, &length))) { -+ M_ASN1_OCTET_STRING_free(oct); -+ return NULL; -+ } - -- oct->length = length; -+ oct->length = length; - -- return oct; -+ return oct; - - } - - static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, -- X509V3_CTX *ctx, char *str) -+ X509V3_CTX *ctx, char *str) - { -- ASN1_OCTET_STRING *oct; -- ASN1_BIT_STRING *pk; -- unsigned char pkey_dig[EVP_MAX_MD_SIZE]; -- unsigned int diglen; -- -- if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); -- -- if(!(oct = M_ASN1_OCTET_STRING_new())) { -- X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- -- if(ctx && (ctx->flags == CTX_TEST)) return oct; -- -- if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { -- X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); -- goto err; -- } -- -- if(ctx->subject_req) -- pk = ctx->subject_req->req_info->pubkey->public_key; -- else pk = ctx->subject_cert->cert_info->key->public_key; -- -- if(!pk) { -- X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); -- goto err; -- } -- -- EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); -- -- if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { -- X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); -- goto err; -- } -- -- return oct; -- -- err: -- M_ASN1_OCTET_STRING_free(oct); -- return NULL; -+ ASN1_OCTET_STRING *oct; -+ ASN1_BIT_STRING *pk; -+ unsigned char pkey_dig[EVP_MAX_MD_SIZE]; -+ unsigned int diglen; -+ -+ if (strcmp(str, "hash")) -+ return s2i_ASN1_OCTET_STRING(method, ctx, str); -+ -+ if (!(oct = M_ASN1_OCTET_STRING_new())) { -+ X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ if (ctx && (ctx->flags == CTX_TEST)) -+ return oct; -+ -+ if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) { -+ X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); -+ goto err; -+ } -+ -+ if (ctx->subject_req) -+ pk = ctx->subject_req->req_info->pubkey->public_key; -+ else -+ pk = ctx->subject_cert->cert_info->key->public_key; -+ -+ if (!pk) { -+ X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); -+ goto err; -+ } -+ -+ EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); -+ -+ if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { -+ X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ return oct; -+ -+ err: -+ M_ASN1_OCTET_STRING_free(oct); -+ return NULL; - } -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c -index 2a6bf11..a4e6a93 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c -@@ -1,6 +1,7 @@ - /* v3_sxnet.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 1999. -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project -+ * 1999. - */ - /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -67,196 +68,206 @@ - - #define SXNET_TEST - --static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent); -+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, -+ int indent); - #ifdef SXNET_TEST --static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -- STACK_OF(CONF_VALUE) *nval); -+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval); - #endif - const X509V3_EXT_METHOD v3_sxnet = { --NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), --0,0,0,0, --0,0, --0, -+ NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), -+ 0, 0, 0, 0, -+ 0, 0, -+ 0, - #ifdef SXNET_TEST --(X509V3_EXT_V2I)sxnet_v2i, -+ (X509V3_EXT_V2I)sxnet_v2i, - #else --0, -+ 0, - #endif --(X509V3_EXT_I2R)sxnet_i2r, --0, --NULL -+ (X509V3_EXT_I2R)sxnet_i2r, -+ 0, -+ NULL - }; - - ASN1_SEQUENCE(SXNETID) = { -- ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), -- ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) -+ ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), -+ ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) - } ASN1_SEQUENCE_END(SXNETID) - - IMPLEMENT_ASN1_FUNCTIONS(SXNETID) - - ASN1_SEQUENCE(SXNET) = { -- ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), -- ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) -+ ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), -+ ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) - } ASN1_SEQUENCE_END(SXNET) - - IMPLEMENT_ASN1_FUNCTIONS(SXNET) - - static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, -- int indent) -+ int indent) - { -- long v; -- char *tmp; -- SXNETID *id; -- int i; -- v = ASN1_INTEGER_get(sx->version); -- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); -- for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { -- id = sk_SXNETID_value(sx->ids, i); -- tmp = i2s_ASN1_INTEGER(NULL, id->zone); -- BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); -- OPENSSL_free(tmp); -- M_ASN1_OCTET_STRING_print(out, id->user); -- } -- return 1; -+ long v; -+ char *tmp; -+ SXNETID *id; -+ int i; -+ v = ASN1_INTEGER_get(sx->version); -+ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); -+ for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { -+ id = sk_SXNETID_value(sx->ids, i); -+ tmp = i2s_ASN1_INTEGER(NULL, id->zone); -+ BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); -+ OPENSSL_free(tmp); -+ M_ASN1_OCTET_STRING_print(out, id->user); -+ } -+ return 1; - } - - #ifdef SXNET_TEST - --/* NBB: this is used for testing only. It should *not* be used for anything -+/* -+ * NBB: this is used for testing only. It should *not* be used for anything - * else because it will just take static IDs from the configuration file and - * they should really be separate values for each user. - */ - -- --static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -- STACK_OF(CONF_VALUE) *nval) -+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, -+ STACK_OF(CONF_VALUE) *nval) - { -- CONF_VALUE *cnf; -- SXNET *sx = NULL; -- int i; -- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { -- cnf = sk_CONF_VALUE_value(nval, i); -- if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) -- return NULL; -- } -- return sx; -+ CONF_VALUE *cnf; -+ SXNET *sx = NULL; -+ int i; -+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { -+ cnf = sk_CONF_VALUE_value(nval, i); -+ if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) -+ return NULL; -+ } -+ return sx; - } -- -- -+ - #endif - - /* Strong Extranet utility functions */ - - /* Add an id given the zone as an ASCII number */ - --int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, -- int userlen) -+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) - { -- ASN1_INTEGER *izone = NULL; -- if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { -- X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); -- return 0; -- } -- return SXNET_add_id_INTEGER(psx, izone, user, userlen); -+ ASN1_INTEGER *izone = NULL; -+ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { -+ X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); -+ return 0; -+ } -+ return SXNET_add_id_INTEGER(psx, izone, user, userlen); - } - - /* Add an id given the zone as an unsigned long */ - - int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, -- int userlen) -+ int userlen) - { -- ASN1_INTEGER *izone = NULL; -- if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { -- X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); -- M_ASN1_INTEGER_free(izone); -- return 0; -- } -- return SXNET_add_id_INTEGER(psx, izone, user, userlen); -- -+ ASN1_INTEGER *izone = NULL; -+ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { -+ X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); -+ M_ASN1_INTEGER_free(izone); -+ return 0; -+ } -+ return SXNET_add_id_INTEGER(psx, izone, user, userlen); -+ - } - --/* Add an id given the zone as an ASN1_INTEGER. -- * Note this version uses the passed integer and doesn't make a copy so don't -- * free it up afterwards. -+/* -+ * Add an id given the zone as an ASN1_INTEGER. Note this version uses the -+ * passed integer and doesn't make a copy so don't free it up afterwards. - */ - - int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, -- int userlen) -+ int userlen) - { -- SXNET *sx = NULL; -- SXNETID *id = NULL; -- if(!psx || !zone || !user) { -- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT); -- return 0; -- } -- if(userlen == -1) userlen = strlen(user); -- if(userlen > 64) { -- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG); -- return 0; -- } -- if(!*psx) { -- if(!(sx = SXNET_new())) goto err; -- if(!ASN1_INTEGER_set(sx->version, 0)) goto err; -- *psx = sx; -- } else sx = *psx; -- if(SXNET_get_id_INTEGER(sx, zone)) { -- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID); -- return 0; -- } -+ SXNET *sx = NULL; -+ SXNETID *id = NULL; -+ if (!psx || !zone || !user) { -+ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, -+ X509V3_R_INVALID_NULL_ARGUMENT); -+ return 0; -+ } -+ if (userlen == -1) -+ userlen = strlen(user); -+ if (userlen > 64) { -+ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); -+ return 0; -+ } -+ if (!*psx) { -+ if (!(sx = SXNET_new())) -+ goto err; -+ if (!ASN1_INTEGER_set(sx->version, 0)) -+ goto err; -+ *psx = sx; -+ } else -+ sx = *psx; -+ if (SXNET_get_id_INTEGER(sx, zone)) { -+ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID); -+ return 0; -+ } - -- if(!(id = SXNETID_new())) goto err; -- if(userlen == -1) userlen = strlen(user); -- -- if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; -- if(!sk_SXNETID_push(sx->ids, id)) goto err; -- id->zone = zone; -- return 1; -- -- err: -- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE); -- SXNETID_free(id); -- SXNET_free(sx); -- *psx = NULL; -- return 0; -+ if (!(id = SXNETID_new())) -+ goto err; -+ if (userlen == -1) -+ userlen = strlen(user); -+ -+ if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) -+ goto err; -+ if (!sk_SXNETID_push(sx->ids, id)) -+ goto err; -+ id->zone = zone; -+ return 1; -+ -+ err: -+ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE); -+ SXNETID_free(id); -+ SXNET_free(sx); -+ *psx = NULL; -+ return 0; - } - - ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) - { -- ASN1_INTEGER *izone = NULL; -- ASN1_OCTET_STRING *oct; -- if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { -- X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); -- return NULL; -- } -- oct = SXNET_get_id_INTEGER(sx, izone); -- M_ASN1_INTEGER_free(izone); -- return oct; -+ ASN1_INTEGER *izone = NULL; -+ ASN1_OCTET_STRING *oct; -+ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { -+ X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); -+ return NULL; -+ } -+ oct = SXNET_get_id_INTEGER(sx, izone); -+ M_ASN1_INTEGER_free(izone); -+ return oct; - } - - ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) - { -- ASN1_INTEGER *izone = NULL; -- ASN1_OCTET_STRING *oct; -- if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { -- X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); -- M_ASN1_INTEGER_free(izone); -- return NULL; -- } -- oct = SXNET_get_id_INTEGER(sx, izone); -- M_ASN1_INTEGER_free(izone); -- return oct; -+ ASN1_INTEGER *izone = NULL; -+ ASN1_OCTET_STRING *oct; -+ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { -+ X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); -+ M_ASN1_INTEGER_free(izone); -+ return NULL; -+ } -+ oct = SXNET_get_id_INTEGER(sx, izone); -+ M_ASN1_INTEGER_free(izone); -+ return oct; - } - - ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) - { -- SXNETID *id; -- int i; -- for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { -- id = sk_SXNETID_value(sx->ids, i); -- if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; -- } -- return NULL; -+ SXNETID *id; -+ int i; -+ for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { -+ id = sk_SXNETID_value(sx->ids, i); -+ if (!M_ASN1_INTEGER_cmp(id->zone, zone)) -+ return id->user; -+ } -+ return NULL; - } - - IMPLEMENT_STACK_OF(SXNETID) -+ - IMPLEMENT_ASN1_SET_OF(SXNETID) -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c -index 7a45216..ff32afe 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c -@@ -1,5 +1,6 @@ - /* v3_utl.c */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+/* -+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ - /* ==================================================================== -@@ -10,7 +11,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -57,7 +58,6 @@ - */ - /* X509 v3 extension utilities */ - -- - #include - #include - #include "cryptlib.h" -@@ -66,10 +66,10 @@ - #include - - static char *strip_spaces(char *name); --static int sk_strcmp(const char * const *a, const char * const *b); -+static int sk_strcmp(const char *const *a, const char *const *b); - static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); - static void str_free(void *str); --static int append_ia5(STACK **sk, ASN1_IA5STRING *email); -+static int append_ia5(STACK ** sk, ASN1_IA5STRING *email); - - static int ipv4_from_asc(unsigned char *v4, const char *in); - static int ipv6_from_asc(unsigned char *v6, const char *in); -@@ -79,793 +79,832 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); - /* Add a CONF_VALUE name value pair to stack */ - - int X509V3_add_value(const char *name, const char *value, -- STACK_OF(CONF_VALUE) **extlist) --{ -- CONF_VALUE *vtmp = NULL; -- char *tname = NULL, *tvalue = NULL; -- if(name && !(tname = BUF_strdup(name))) goto err; -- if(value && !(tvalue = BUF_strdup(value))) goto err; -- if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err; -- if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; -- vtmp->section = NULL; -- vtmp->name = tname; -- vtmp->value = tvalue; -- if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; -- return 1; -- err: -- X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); -- if(vtmp) OPENSSL_free(vtmp); -- if(tname) OPENSSL_free(tname); -- if(tvalue) OPENSSL_free(tvalue); -- return 0; -+ STACK_OF(CONF_VALUE) **extlist) -+{ -+ CONF_VALUE *vtmp = NULL; -+ char *tname = NULL, *tvalue = NULL; -+ if (name && !(tname = BUF_strdup(name))) -+ goto err; -+ if (value && !(tvalue = BUF_strdup(value))) -+ goto err; -+ if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) -+ goto err; -+ if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) -+ goto err; -+ vtmp->section = NULL; -+ vtmp->name = tname; -+ vtmp->value = tvalue; -+ if (!sk_CONF_VALUE_push(*extlist, vtmp)) -+ goto err; -+ return 1; -+ err: -+ X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); -+ if (vtmp) -+ OPENSSL_free(vtmp); -+ if (tname) -+ OPENSSL_free(tname); -+ if (tvalue) -+ OPENSSL_free(tvalue); -+ return 0; - } - - int X509V3_add_value_uchar(const char *name, const unsigned char *value, -- STACK_OF(CONF_VALUE) **extlist) -- { -- return X509V3_add_value(name,(const char *)value,extlist); -- } -+ STACK_OF(CONF_VALUE) **extlist) -+{ -+ return X509V3_add_value(name, (const char *)value, extlist); -+} - - /* Free function for STACK_OF(CONF_VALUE) */ - - void X509V3_conf_free(CONF_VALUE *conf) - { -- if(!conf) return; -- if(conf->name) OPENSSL_free(conf->name); -- if(conf->value) OPENSSL_free(conf->value); -- if(conf->section) OPENSSL_free(conf->section); -- OPENSSL_free(conf); -+ if (!conf) -+ return; -+ if (conf->name) -+ OPENSSL_free(conf->name); -+ if (conf->value) -+ OPENSSL_free(conf->value); -+ if (conf->section) -+ OPENSSL_free(conf->section); -+ OPENSSL_free(conf); - } - - int X509V3_add_value_bool(const char *name, int asn1_bool, -- STACK_OF(CONF_VALUE) **extlist) -+ STACK_OF(CONF_VALUE) **extlist) - { -- if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); -- return X509V3_add_value(name, "FALSE", extlist); -+ if (asn1_bool) -+ return X509V3_add_value(name, "TRUE", extlist); -+ return X509V3_add_value(name, "FALSE", extlist); - } - - int X509V3_add_value_bool_nf(char *name, int asn1_bool, -- STACK_OF(CONF_VALUE) **extlist) -+ STACK_OF(CONF_VALUE) **extlist) - { -- if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); -- return 1; -+ if (asn1_bool) -+ return X509V3_add_value(name, "TRUE", extlist); -+ return 1; - } - -- - char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) - { -- BIGNUM *bntmp = NULL; -- char *strtmp = NULL; -- if(!a) return NULL; -- if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || -- !(strtmp = BN_bn2dec(bntmp)) ) -- X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); -- BN_free(bntmp); -- return strtmp; -+ BIGNUM *bntmp = NULL; -+ char *strtmp = NULL; -+ if (!a) -+ return NULL; -+ if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || -+ !(strtmp = BN_bn2dec(bntmp))) -+ X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); -+ BN_free(bntmp); -+ return strtmp; - } - - char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) - { -- BIGNUM *bntmp = NULL; -- char *strtmp = NULL; -- if(!a) return NULL; -- if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || -- !(strtmp = BN_bn2dec(bntmp)) ) -- X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); -- BN_free(bntmp); -- return strtmp; -+ BIGNUM *bntmp = NULL; -+ char *strtmp = NULL; -+ if (!a) -+ return NULL; -+ if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || -+ !(strtmp = BN_bn2dec(bntmp))) -+ X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); -+ BN_free(bntmp); -+ return strtmp; - } - - ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) - { -- BIGNUM *bn = NULL; -- ASN1_INTEGER *aint; -- int isneg, ishex; -- int ret; -- if (!value) { -- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); -- return 0; -- } -- bn = BN_new(); -- if (value[0] == '-') { -- value++; -- isneg = 1; -- } else isneg = 0; -- -- if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { -- value += 2; -- ishex = 1; -- } else ishex = 0; -- -- if (ishex) ret = BN_hex2bn(&bn, value); -- else ret = BN_dec2bn(&bn, value); -- -- if (!ret || value[ret]) { -- BN_free(bn); -- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); -- return 0; -- } -- -- if (isneg && BN_is_zero(bn)) isneg = 0; -- -- aint = BN_to_ASN1_INTEGER(bn, NULL); -- BN_free(bn); -- if (!aint) { -- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); -- return 0; -- } -- if (isneg) aint->type |= V_ASN1_NEG; -- return aint; -+ BIGNUM *bn = NULL; -+ ASN1_INTEGER *aint; -+ int isneg, ishex; -+ int ret; -+ if (!value) { -+ X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); -+ return 0; -+ } -+ bn = BN_new(); -+ if (value[0] == '-') { -+ value++; -+ isneg = 1; -+ } else -+ isneg = 0; -+ -+ if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { -+ value += 2; -+ ishex = 1; -+ } else -+ ishex = 0; -+ -+ if (ishex) -+ ret = BN_hex2bn(&bn, value); -+ else -+ ret = BN_dec2bn(&bn, value); -+ -+ if (!ret || value[ret]) { -+ BN_free(bn); -+ X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); -+ return 0; -+ } -+ -+ if (isneg && BN_is_zero(bn)) -+ isneg = 0; -+ -+ aint = BN_to_ASN1_INTEGER(bn, NULL); -+ BN_free(bn); -+ if (!aint) { -+ X509V3err(X509V3_F_S2I_ASN1_INTEGER, -+ X509V3_R_BN_TO_ASN1_INTEGER_ERROR); -+ return 0; -+ } -+ if (isneg) -+ aint->type |= V_ASN1_NEG; -+ return aint; - } - - int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, -- STACK_OF(CONF_VALUE) **extlist) -+ STACK_OF(CONF_VALUE) **extlist) - { -- char *strtmp; -- int ret; -- if(!aint) return 1; -- if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; -- ret = X509V3_add_value(name, strtmp, extlist); -- OPENSSL_free(strtmp); -- return ret; -+ char *strtmp; -+ int ret; -+ if (!aint) -+ return 1; -+ if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) -+ return 0; -+ ret = X509V3_add_value(name, strtmp, extlist); -+ OPENSSL_free(strtmp); -+ return ret; - } - - int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) - { -- char *btmp; -- if(!(btmp = value->value)) goto err; -- if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") -- || !strcmp(btmp, "Y") || !strcmp(btmp, "y") -- || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { -- *asn1_bool = 0xff; -- return 1; -- } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") -- || !strcmp(btmp, "N") || !strcmp(btmp, "n") -- || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { -- *asn1_bool = 0; -- return 1; -- } -- err: -- X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING); -- X509V3_conf_err(value); -- return 0; -+ char *btmp; -+ if (!(btmp = value->value)) -+ goto err; -+ if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") -+ || !strcmp(btmp, "Y") || !strcmp(btmp, "y") -+ || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { -+ *asn1_bool = 0xff; -+ return 1; -+ } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") -+ || !strcmp(btmp, "N") || !strcmp(btmp, "n") -+ || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { -+ *asn1_bool = 0; -+ return 1; -+ } -+ err: -+ X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL, -+ X509V3_R_INVALID_BOOLEAN_STRING); -+ X509V3_conf_err(value); -+ return 0; - } - - int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) - { -- ASN1_INTEGER *itmp; -- if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { -- X509V3_conf_err(value); -- return 0; -- } -- *aint = itmp; -- return 1; -+ ASN1_INTEGER *itmp; -+ if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { -+ X509V3_conf_err(value); -+ return 0; -+ } -+ *aint = itmp; -+ return 1; - } - --#define HDR_NAME 1 --#define HDR_VALUE 2 -+#define HDR_NAME 1 -+#define HDR_VALUE 2 - --/*#define DEBUG*/ -+/* -+ * #define DEBUG -+ */ - - STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) - { -- char *p, *q, c; -- char *ntmp, *vtmp; -- STACK_OF(CONF_VALUE) *values = NULL; -- char *linebuf; -- int state; -- /* We are going to modify the line so copy it first */ -- linebuf = BUF_strdup(line); -- state = HDR_NAME; -- ntmp = NULL; -- /* Go through all characters */ -- for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { -- -- switch(state) { -- case HDR_NAME: -- if(c == ':') { -- state = HDR_VALUE; -- *p = 0; -- ntmp = strip_spaces(q); -- if(!ntmp) { -- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); -- goto err; -- } -- q = p + 1; -- } else if(c == ',') { -- *p = 0; -- ntmp = strip_spaces(q); -- q = p + 1; -+ char *p, *q, c; -+ char *ntmp, *vtmp; -+ STACK_OF(CONF_VALUE) *values = NULL; -+ char *linebuf; -+ int state; -+ /* We are going to modify the line so copy it first */ -+ linebuf = BUF_strdup(line); -+ state = HDR_NAME; -+ ntmp = NULL; -+ /* Go through all characters */ -+ for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n'); -+ p++) { -+ -+ switch (state) { -+ case HDR_NAME: -+ if (c == ':') { -+ state = HDR_VALUE; -+ *p = 0; -+ ntmp = strip_spaces(q); -+ if (!ntmp) { -+ X509V3err(X509V3_F_X509V3_PARSE_LIST, -+ X509V3_R_INVALID_NULL_NAME); -+ goto err; -+ } -+ q = p + 1; -+ } else if (c == ',') { -+ *p = 0; -+ ntmp = strip_spaces(q); -+ q = p + 1; - #if 0 -- printf("%s\n", ntmp); -+ printf("%s\n", ntmp); - #endif -- if(!ntmp) { -- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); -- goto err; -- } -- X509V3_add_value(ntmp, NULL, &values); -- } -- break ; -- -- case HDR_VALUE: -- if(c == ',') { -- state = HDR_NAME; -- *p = 0; -- vtmp = strip_spaces(q); -+ if (!ntmp) { -+ X509V3err(X509V3_F_X509V3_PARSE_LIST, -+ X509V3_R_INVALID_NULL_NAME); -+ goto err; -+ } -+ X509V3_add_value(ntmp, NULL, &values); -+ } -+ break; -+ -+ case HDR_VALUE: -+ if (c == ',') { -+ state = HDR_NAME; -+ *p = 0; -+ vtmp = strip_spaces(q); - #if 0 -- printf("%s\n", ntmp); -+ printf("%s\n", ntmp); - #endif -- if(!vtmp) { -- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); -- goto err; -- } -- X509V3_add_value(ntmp, vtmp, &values); -- ntmp = NULL; -- q = p + 1; -- } -- -- } -- } -- -- if(state == HDR_VALUE) { -- vtmp = strip_spaces(q); -+ if (!vtmp) { -+ X509V3err(X509V3_F_X509V3_PARSE_LIST, -+ X509V3_R_INVALID_NULL_VALUE); -+ goto err; -+ } -+ X509V3_add_value(ntmp, vtmp, &values); -+ ntmp = NULL; -+ q = p + 1; -+ } -+ -+ } -+ } -+ -+ if (state == HDR_VALUE) { -+ vtmp = strip_spaces(q); - #if 0 -- printf("%s=%s\n", ntmp, vtmp); -+ printf("%s=%s\n", ntmp, vtmp); - #endif -- if(!vtmp) { -- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); -- goto err; -- } -- X509V3_add_value(ntmp, vtmp, &values); -- } else { -- ntmp = strip_spaces(q); -+ if (!vtmp) { -+ X509V3err(X509V3_F_X509V3_PARSE_LIST, -+ X509V3_R_INVALID_NULL_VALUE); -+ goto err; -+ } -+ X509V3_add_value(ntmp, vtmp, &values); -+ } else { -+ ntmp = strip_spaces(q); - #if 0 -- printf("%s\n", ntmp); -+ printf("%s\n", ntmp); - #endif -- if(!ntmp) { -- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); -- goto err; -- } -- X509V3_add_value(ntmp, NULL, &values); -- } --OPENSSL_free(linebuf); --return values; -+ if (!ntmp) { -+ X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); -+ goto err; -+ } -+ X509V3_add_value(ntmp, NULL, &values); -+ } -+ OPENSSL_free(linebuf); -+ return values; - --err: --OPENSSL_free(linebuf); --sk_CONF_VALUE_pop_free(values, X509V3_conf_free); --return NULL; -+ err: -+ OPENSSL_free(linebuf); -+ sk_CONF_VALUE_pop_free(values, X509V3_conf_free); -+ return NULL; - - } - - /* Delete leading and trailing spaces from a string */ - static char *strip_spaces(char *name) - { -- char *p, *q; -- /* Skip over leading spaces */ -- p = name; -- while(*p && isspace((unsigned char)*p)) p++; -- if(!*p) return NULL; -- q = p + strlen(p) - 1; -- while((q != p) && isspace((unsigned char)*q)) q--; -- if(p != q) q[1] = 0; -- if(!*p) return NULL; -- return p; -+ char *p, *q; -+ /* Skip over leading spaces */ -+ p = name; -+ while (*p && isspace((unsigned char)*p)) -+ p++; -+ if (!*p) -+ return NULL; -+ q = p + strlen(p) - 1; -+ while ((q != p) && isspace((unsigned char)*q)) -+ q--; -+ if (p != q) -+ q[1] = 0; -+ if (!*p) -+ return NULL; -+ return p; - } - - /* hex string utilities */ - --/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its -- * hex representation -- * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) -+/* -+ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its -+ * hex representation @@@ (Contents of buffer are always kept in ASCII, also -+ * on EBCDIC machines) - */ - - char *hex_to_string(unsigned char *buffer, long len) - { -- char *tmp, *q; -- unsigned char *p; -- int i; -- const static char hexdig[] = "0123456789ABCDEF"; -- if(!buffer || !len) return NULL; -- if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { -- X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); -- return NULL; -- } -- q = tmp; -- for(i = 0, p = buffer; i < len; i++,p++) { -- *q++ = hexdig[(*p >> 4) & 0xf]; -- *q++ = hexdig[*p & 0xf]; -- *q++ = ':'; -- } -- q[-1] = 0; -+ char *tmp, *q; -+ unsigned char *p; -+ int i; -+ const static char hexdig[] = "0123456789ABCDEF"; -+ if (!buffer || !len) -+ return NULL; -+ if (!(tmp = OPENSSL_malloc(len * 3 + 1))) { -+ X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ q = tmp; -+ for (i = 0, p = buffer; i < len; i++, p++) { -+ *q++ = hexdig[(*p >> 4) & 0xf]; -+ *q++ = hexdig[*p & 0xf]; -+ *q++ = ':'; -+ } -+ q[-1] = 0; - #ifdef CHARSET_EBCDIC -- ebcdic2ascii(tmp, tmp, q - tmp - 1); -+ ebcdic2ascii(tmp, tmp, q - tmp - 1); - #endif - -- return tmp; -+ return tmp; - } - --/* Give a string of hex digits convert to -- * a buffer -+/* -+ * Give a string of hex digits convert to a buffer - */ - - unsigned char *string_to_hex(char *str, long *len) - { -- unsigned char *hexbuf, *q; -- unsigned char ch, cl, *p; -- if(!str) { -- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); -- return NULL; -- } -- if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; -- for(p = (unsigned char *)str, q = hexbuf; *p;) { -- ch = *p++; -+ unsigned char *hexbuf, *q; -+ unsigned char ch, cl, *p; -+ if (!str) { -+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT); -+ return NULL; -+ } -+ if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) -+ goto err; -+ for (p = (unsigned char *)str, q = hexbuf; *p;) { -+ ch = *p++; - #ifdef CHARSET_EBCDIC -- ch = os_toebcdic[ch]; -+ ch = os_toebcdic[ch]; - #endif -- if(ch == ':') continue; -- cl = *p++; -+ if (ch == ':') -+ continue; -+ cl = *p++; - #ifdef CHARSET_EBCDIC -- cl = os_toebcdic[cl]; -+ cl = os_toebcdic[cl]; - #endif -- if(!cl) { -- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); -- OPENSSL_free(hexbuf); -- return NULL; -- } -- if(isupper(ch)) ch = tolower(ch); -- if(isupper(cl)) cl = tolower(cl); -- -- if((ch >= '0') && (ch <= '9')) ch -= '0'; -- else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; -- else goto badhex; -- -- if((cl >= '0') && (cl <= '9')) cl -= '0'; -- else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; -- else goto badhex; -- -- *q++ = (ch << 4) | cl; -- } -+ if (!cl) { -+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS); -+ OPENSSL_free(hexbuf); -+ return NULL; -+ } -+ if (isupper(ch)) -+ ch = tolower(ch); -+ if (isupper(cl)) -+ cl = tolower(cl); -+ -+ if ((ch >= '0') && (ch <= '9')) -+ ch -= '0'; -+ else if ((ch >= 'a') && (ch <= 'f')) -+ ch -= 'a' - 10; -+ else -+ goto badhex; -+ -+ if ((cl >= '0') && (cl <= '9')) -+ cl -= '0'; -+ else if ((cl >= 'a') && (cl <= 'f')) -+ cl -= 'a' - 10; -+ else -+ goto badhex; -+ -+ *q++ = (ch << 4) | cl; -+ } - -- if(len) *len = q - hexbuf; -+ if (len) -+ *len = q - hexbuf; - -- return hexbuf; -+ return hexbuf; - -- err: -- if(hexbuf) OPENSSL_free(hexbuf); -- X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); -- return NULL; -+ err: -+ if (hexbuf) -+ OPENSSL_free(hexbuf); -+ X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE); -+ return NULL; - -- badhex: -- OPENSSL_free(hexbuf); -- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); -- return NULL; -+ badhex: -+ OPENSSL_free(hexbuf); -+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT); -+ return NULL; - - } - --/* V2I name comparison function: returns zero if 'name' matches -- * cmp or cmp.* -+/* -+ * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* - */ - - int name_cmp(const char *name, const char *cmp) - { -- int len, ret; -- char c; -- len = strlen(cmp); -- if((ret = strncmp(name, cmp, len))) return ret; -- c = name[len]; -- if(!c || (c=='.')) return 0; -- return 1; -+ int len, ret; -+ char c; -+ len = strlen(cmp); -+ if ((ret = strncmp(name, cmp, len))) -+ return ret; -+ c = name[len]; -+ if (!c || (c == '.')) -+ return 0; -+ return 1; - } - --static int sk_strcmp(const char * const *a, const char * const *b) -+static int sk_strcmp(const char *const *a, const char *const *b) - { -- return strcmp(*a, *b); -+ return strcmp(*a, *b); - } - - STACK *X509_get1_email(X509 *x) - { -- GENERAL_NAMES *gens; -- STACK *ret; -- gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); -- ret = get_email(X509_get_subject_name(x), gens); -- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -- return ret; -+ GENERAL_NAMES *gens; -+ STACK *ret; -+ gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); -+ ret = get_email(X509_get_subject_name(x), gens); -+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -+ return ret; - } - - STACK *X509_get1_ocsp(X509 *x) - { -- AUTHORITY_INFO_ACCESS *info; -- STACK *ret = NULL; -- int i; -- info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); -- if (!info) -- return NULL; -- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) -- { -- ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); -- if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) -- { -- if (ad->location->type == GEN_URI) -- { -- if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) -- break; -- } -- } -- } -- AUTHORITY_INFO_ACCESS_free(info); -- return ret; -+ AUTHORITY_INFO_ACCESS *info; -+ STACK *ret = NULL; -+ int i; -+ info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); -+ if (!info) -+ return NULL; -+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { -+ ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); -+ if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) { -+ if (ad->location->type == GEN_URI) { -+ if (!append_ia5 -+ (&ret, ad->location->d.uniformResourceIdentifier)) -+ break; -+ } -+ } -+ } -+ AUTHORITY_INFO_ACCESS_free(info); -+ return ret; - } - - STACK *X509_REQ_get1_email(X509_REQ *x) - { -- GENERAL_NAMES *gens; -- STACK_OF(X509_EXTENSION) *exts; -- STACK *ret; -- exts = X509_REQ_get_extensions(x); -- gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); -- ret = get_email(X509_REQ_get_subject_name(x), gens); -- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); -- return ret; -+ GENERAL_NAMES *gens; -+ STACK_OF(X509_EXTENSION) *exts; -+ STACK *ret; -+ exts = X509_REQ_get_extensions(x); -+ gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); -+ ret = get_email(X509_REQ_get_subject_name(x), gens); -+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); -+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); -+ return ret; - } - -- - static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) - { -- STACK *ret = NULL; -- X509_NAME_ENTRY *ne; -- ASN1_IA5STRING *email; -- GENERAL_NAME *gen; -- int i; -- /* Now add any email address(es) to STACK */ -- i = -1; -- /* First supplied X509_NAME */ -- while((i = X509_NAME_get_index_by_NID(name, -- NID_pkcs9_emailAddress, i)) >= 0) { -- ne = X509_NAME_get_entry(name, i); -- email = X509_NAME_ENTRY_get_data(ne); -- if(!append_ia5(&ret, email)) return NULL; -- } -- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) -- { -- gen = sk_GENERAL_NAME_value(gens, i); -- if(gen->type != GEN_EMAIL) continue; -- if(!append_ia5(&ret, gen->d.ia5)) return NULL; -- } -- return ret; -+ STACK *ret = NULL; -+ X509_NAME_ENTRY *ne; -+ ASN1_IA5STRING *email; -+ GENERAL_NAME *gen; -+ int i; -+ /* Now add any email address(es) to STACK */ -+ i = -1; -+ /* First supplied X509_NAME */ -+ while ((i = X509_NAME_get_index_by_NID(name, -+ NID_pkcs9_emailAddress, i)) >= 0) { -+ ne = X509_NAME_get_entry(name, i); -+ email = X509_NAME_ENTRY_get_data(ne); -+ if (!append_ia5(&ret, email)) -+ return NULL; -+ } -+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { -+ gen = sk_GENERAL_NAME_value(gens, i); -+ if (gen->type != GEN_EMAIL) -+ continue; -+ if (!append_ia5(&ret, gen->d.ia5)) -+ return NULL; -+ } -+ return ret; - } - - static void str_free(void *str) - { -- OPENSSL_free(str); -+ OPENSSL_free(str); - } - --static int append_ia5(STACK **sk, ASN1_IA5STRING *email) -+static int append_ia5(STACK ** sk, ASN1_IA5STRING *email) - { -- char *emtmp; -- /* First some sanity checks */ -- if(email->type != V_ASN1_IA5STRING) return 1; -- if(!email->data || !email->length) return 1; -- if(!*sk) *sk = sk_new(sk_strcmp); -- if(!*sk) return 0; -- /* Don't add duplicates */ -- if(sk_find(*sk, (char *)email->data) != -1) return 1; -- emtmp = BUF_strdup((char *)email->data); -- if(!emtmp || !sk_push(*sk, emtmp)) { -- X509_email_free(*sk); -- *sk = NULL; -- return 0; -- } -- return 1; -+ char *emtmp; -+ /* First some sanity checks */ -+ if (email->type != V_ASN1_IA5STRING) -+ return 1; -+ if (!email->data || !email->length) -+ return 1; -+ if (!*sk) -+ *sk = sk_new(sk_strcmp); -+ if (!*sk) -+ return 0; -+ /* Don't add duplicates */ -+ if (sk_find(*sk, (char *)email->data) != -1) -+ return 1; -+ emtmp = BUF_strdup((char *)email->data); -+ if (!emtmp || !sk_push(*sk, emtmp)) { -+ X509_email_free(*sk); -+ *sk = NULL; -+ return 0; -+ } -+ return 1; - } - --void X509_email_free(STACK *sk) -+void X509_email_free(STACK * sk) - { -- sk_pop_free(sk, str_free); -+ sk_pop_free(sk, str_free); - } - --/* Convert IP addresses both IPv4 and IPv6 into an -- * OCTET STRING compatible with RFC3280. -+/* -+ * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible -+ * with RFC3280. - */ - - ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) -- { -- unsigned char ipout[16]; -- ASN1_OCTET_STRING *ret; -- int iplen; -+{ -+ unsigned char ipout[16]; -+ ASN1_OCTET_STRING *ret; -+ int iplen; - -- /* If string contains a ':' assume IPv6 */ -+ /* If string contains a ':' assume IPv6 */ - -- iplen = a2i_ipadd(ipout, ipasc); -+ iplen = a2i_ipadd(ipout, ipasc); - -- if (!iplen) -- return NULL; -+ if (!iplen) -+ return NULL; - -- ret = ASN1_OCTET_STRING_new(); -- if (!ret) -- return NULL; -- if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) -- { -- ASN1_OCTET_STRING_free(ret); -- return NULL; -- } -- return ret; -- } -+ ret = ASN1_OCTET_STRING_new(); -+ if (!ret) -+ return NULL; -+ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { -+ ASN1_OCTET_STRING_free(ret); -+ return NULL; -+ } -+ return ret; -+} - - ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) -- { -- ASN1_OCTET_STRING *ret = NULL; -- unsigned char ipout[32]; -- char *iptmp = NULL, *p; -- int iplen1, iplen2; -- p = strchr(ipasc,'/'); -- if (!p) -- return NULL; -- iptmp = BUF_strdup(ipasc); -- if (!iptmp) -- return NULL; -- p = iptmp + (p - ipasc); -- *p++ = 0; -- -- iplen1 = a2i_ipadd(ipout, iptmp); -- -- if (!iplen1) -- goto err; -- -- iplen2 = a2i_ipadd(ipout + iplen1, p); -- -- OPENSSL_free(iptmp); -- iptmp = NULL; -- -- if (!iplen2 || (iplen1 != iplen2)) -- goto err; -- -- ret = ASN1_OCTET_STRING_new(); -- if (!ret) -- goto err; -- if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) -- goto err; -- -- return ret; -- -- err: -- if (iptmp) -- OPENSSL_free(iptmp); -- if (ret) -- ASN1_OCTET_STRING_free(ret); -- return NULL; -- } -- -+{ -+ ASN1_OCTET_STRING *ret = NULL; -+ unsigned char ipout[32]; -+ char *iptmp = NULL, *p; -+ int iplen1, iplen2; -+ p = strchr(ipasc, '/'); -+ if (!p) -+ return NULL; -+ iptmp = BUF_strdup(ipasc); -+ if (!iptmp) -+ return NULL; -+ p = iptmp + (p - ipasc); -+ *p++ = 0; -+ -+ iplen1 = a2i_ipadd(ipout, iptmp); -+ -+ if (!iplen1) -+ goto err; -+ -+ iplen2 = a2i_ipadd(ipout + iplen1, p); -+ -+ OPENSSL_free(iptmp); -+ iptmp = NULL; -+ -+ if (!iplen2 || (iplen1 != iplen2)) -+ goto err; -+ -+ ret = ASN1_OCTET_STRING_new(); -+ if (!ret) -+ goto err; -+ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) -+ goto err; -+ -+ return ret; -+ -+ err: -+ if (iptmp) -+ OPENSSL_free(iptmp); -+ if (ret) -+ ASN1_OCTET_STRING_free(ret); -+ return NULL; -+} - - int a2i_ipadd(unsigned char *ipout, const char *ipasc) -- { -- /* If string contains a ':' assume IPv6 */ -- -- if (strchr(ipasc, ':')) -- { -- if (!ipv6_from_asc(ipout, ipasc)) -- return 0; -- return 16; -- } -- else -- { -- if (!ipv4_from_asc(ipout, ipasc)) -- return 0; -- return 4; -- } -- } -+{ -+ /* If string contains a ':' assume IPv6 */ -+ -+ if (strchr(ipasc, ':')) { -+ if (!ipv6_from_asc(ipout, ipasc)) -+ return 0; -+ return 16; -+ } else { -+ if (!ipv4_from_asc(ipout, ipasc)) -+ return 0; -+ return 4; -+ } -+} - - static int ipv4_from_asc(unsigned char *v4, const char *in) -- { -- int a0, a1, a2, a3; -- if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) -- return 0; -- if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) -- || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) -- return 0; -- v4[0] = a0; -- v4[1] = a1; -- v4[2] = a2; -- v4[3] = a3; -- return 1; -- } -+{ -+ int a0, a1, a2, a3; -+ if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) -+ return 0; -+ if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) -+ || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) -+ return 0; -+ v4[0] = a0; -+ v4[1] = a1; -+ v4[2] = a2; -+ v4[3] = a3; -+ return 1; -+} - - typedef struct { -- /* Temporary store for IPV6 output */ -- unsigned char tmp[16]; -- /* Total number of bytes in tmp */ -- int total; -- /* The position of a zero (corresponding to '::') */ -- int zero_pos; -- /* Number of zeroes */ -- int zero_cnt; -- } IPV6_STAT; -- -+ /* Temporary store for IPV6 output */ -+ unsigned char tmp[16]; -+ /* Total number of bytes in tmp */ -+ int total; -+ /* The position of a zero (corresponding to '::') */ -+ int zero_pos; -+ /* Number of zeroes */ -+ int zero_cnt; -+} IPV6_STAT; - - static int ipv6_from_asc(unsigned char *v6, const char *in) -- { -- IPV6_STAT v6stat; -- v6stat.total = 0; -- v6stat.zero_pos = -1; -- v6stat.zero_cnt = 0; -- /* Treat the IPv6 representation as a list of values -- * separated by ':'. The presence of a '::' will parse -- * as one, two or three zero length elements. -- */ -- if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) -- return 0; -- -- /* Now for some sanity checks */ -- -- if (v6stat.zero_pos == -1) -- { -- /* If no '::' must have exactly 16 bytes */ -- if (v6stat.total != 16) -- return 0; -- } -- else -- { -- /* If '::' must have less than 16 bytes */ -- if (v6stat.total == 16) -- return 0; -- /* More than three zeroes is an error */ -- if (v6stat.zero_cnt > 3) -- return 0; -- /* Can only have three zeroes if nothing else present */ -- else if (v6stat.zero_cnt == 3) -- { -- if (v6stat.total > 0) -- return 0; -- } -- /* Can only have two zeroes if at start or end */ -- else if (v6stat.zero_cnt == 2) -- { -- if ((v6stat.zero_pos != 0) -- && (v6stat.zero_pos != v6stat.total)) -- return 0; -- } -- else -- /* Can only have one zero if *not* start or end */ -- { -- if ((v6stat.zero_pos == 0) -- || (v6stat.zero_pos == v6stat.total)) -- return 0; -- } -- } -- -- /* Format result */ -- -- if (v6stat.zero_pos >= 0) -- { -- /* Copy initial part */ -- memcpy(v6, v6stat.tmp, v6stat.zero_pos); -- /* Zero middle */ -- memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); -- /* Copy final part */ -- if (v6stat.total != v6stat.zero_pos) -- memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, -- v6stat.tmp + v6stat.zero_pos, -- v6stat.total - v6stat.zero_pos); -- } -- else -- memcpy(v6, v6stat.tmp, 16); -- -- return 1; -- } -+{ -+ IPV6_STAT v6stat; -+ v6stat.total = 0; -+ v6stat.zero_pos = -1; -+ v6stat.zero_cnt = 0; -+ /* -+ * Treat the IPv6 representation as a list of values separated by ':'. -+ * The presence of a '::' will parse as one, two or three zero length -+ * elements. -+ */ -+ if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) -+ return 0; -+ -+ /* Now for some sanity checks */ -+ -+ if (v6stat.zero_pos == -1) { -+ /* If no '::' must have exactly 16 bytes */ -+ if (v6stat.total != 16) -+ return 0; -+ } else { -+ /* If '::' must have less than 16 bytes */ -+ if (v6stat.total == 16) -+ return 0; -+ /* More than three zeroes is an error */ -+ if (v6stat.zero_cnt > 3) -+ return 0; -+ /* Can only have three zeroes if nothing else present */ -+ else if (v6stat.zero_cnt == 3) { -+ if (v6stat.total > 0) -+ return 0; -+ } -+ /* Can only have two zeroes if at start or end */ -+ else if (v6stat.zero_cnt == 2) { -+ if ((v6stat.zero_pos != 0) -+ && (v6stat.zero_pos != v6stat.total)) -+ return 0; -+ } else -+ /* Can only have one zero if *not* start or end */ -+ { -+ if ((v6stat.zero_pos == 0) -+ || (v6stat.zero_pos == v6stat.total)) -+ return 0; -+ } -+ } -+ -+ /* Format result */ -+ -+ if (v6stat.zero_pos >= 0) { -+ /* Copy initial part */ -+ memcpy(v6, v6stat.tmp, v6stat.zero_pos); -+ /* Zero middle */ -+ memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); -+ /* Copy final part */ -+ if (v6stat.total != v6stat.zero_pos) -+ memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, -+ v6stat.tmp + v6stat.zero_pos, -+ v6stat.total - v6stat.zero_pos); -+ } else -+ memcpy(v6, v6stat.tmp, 16); -+ -+ return 1; -+} - - static int ipv6_cb(const char *elem, int len, void *usr) -- { -- IPV6_STAT *s = usr; -- /* Error if 16 bytes written */ -- if (s->total == 16) -- return 0; -- if (len == 0) -- { -- /* Zero length element, corresponds to '::' */ -- if (s->zero_pos == -1) -- s->zero_pos = s->total; -- /* If we've already got a :: its an error */ -- else if (s->zero_pos != s->total) -- return 0; -- s->zero_cnt++; -- } -- else -- { -- /* If more than 4 characters could be final a.b.c.d form */ -- if (len > 4) -- { -- /* Need at least 4 bytes left */ -- if (s->total > 12) -- return 0; -- /* Must be end of string */ -- if (elem[len]) -- return 0; -- if (!ipv4_from_asc(s->tmp + s->total, elem)) -- return 0; -- s->total += 4; -- } -- else -- { -- if (!ipv6_hex(s->tmp + s->total, elem, len)) -- return 0; -- s->total += 2; -- } -- } -- return 1; -- } -- --/* Convert a string of up to 4 hex digits into the corresponding -- * IPv6 form. -+{ -+ IPV6_STAT *s = usr; -+ /* Error if 16 bytes written */ -+ if (s->total == 16) -+ return 0; -+ if (len == 0) { -+ /* Zero length element, corresponds to '::' */ -+ if (s->zero_pos == -1) -+ s->zero_pos = s->total; -+ /* If we've already got a :: its an error */ -+ else if (s->zero_pos != s->total) -+ return 0; -+ s->zero_cnt++; -+ } else { -+ /* If more than 4 characters could be final a.b.c.d form */ -+ if (len > 4) { -+ /* Need at least 4 bytes left */ -+ if (s->total > 12) -+ return 0; -+ /* Must be end of string */ -+ if (elem[len]) -+ return 0; -+ if (!ipv4_from_asc(s->tmp + s->total, elem)) -+ return 0; -+ s->total += 4; -+ } else { -+ if (!ipv6_hex(s->tmp + s->total, elem, len)) -+ return 0; -+ s->total += 2; -+ } -+ } -+ return 1; -+} -+ -+/* -+ * Convert a string of up to 4 hex digits into the corresponding IPv6 form. - */ - - static int ipv6_hex(unsigned char *out, const char *in, int inlen) -- { -- unsigned char c; -- unsigned int num = 0; -- if (inlen > 4) -- return 0; -- while(inlen--) -- { -- c = *in++; -- num <<= 4; -- if ((c >= '0') && (c <= '9')) -- num |= c - '0'; -- else if ((c >= 'A') && (c <= 'F')) -- num |= c - 'A' + 10; -- else if ((c >= 'a') && (c <= 'f')) -- num |= c - 'a' + 10; -- else -- return 0; -- } -- out[0] = num >> 8; -- out[1] = num & 0xff; -- return 1; -- } -- -- --int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, -- unsigned long chtype) -- { -- CONF_VALUE *v; -- int i, mval; -- char *p, *type; -- if (!nm) -- return 0; -- -- for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) -- { -- v=sk_CONF_VALUE_value(dn_sk,i); -- type=v->name; -- /* Skip past any leading X. X: X, etc to allow for -- * multiple instances -- */ -- for(p = type; *p ; p++) -+{ -+ unsigned char c; -+ unsigned int num = 0; -+ if (inlen > 4) -+ return 0; -+ while (inlen--) { -+ c = *in++; -+ num <<= 4; -+ if ((c >= '0') && (c <= '9')) -+ num |= c - '0'; -+ else if ((c >= 'A') && (c <= 'F')) -+ num |= c - 'A' + 10; -+ else if ((c >= 'a') && (c <= 'f')) -+ num |= c - 'a' + 10; -+ else -+ return 0; -+ } -+ out[0] = num >> 8; -+ out[1] = num & 0xff; -+ return 1; -+} -+ -+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, -+ unsigned long chtype) -+{ -+ CONF_VALUE *v; -+ int i, mval; -+ char *p, *type; -+ if (!nm) -+ return 0; -+ -+ for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { -+ v = sk_CONF_VALUE_value(dn_sk, i); -+ type = v->name; -+ /* -+ * Skip past any leading X. X: X, etc to allow for multiple instances -+ */ -+ for (p = type; *p; p++) - #ifndef CHARSET_EBCDIC -- if ((*p == ':') || (*p == ',') || (*p == '.')) -+ if ((*p == ':') || (*p == ',') || (*p == '.')) - #else -- if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) -+ if ((*p == os_toascii[':']) || (*p == os_toascii[',']) -+ || (*p == os_toascii['.'])) - #endif -- { -- p++; -- if(*p) type = p; -- break; -- } -+ { -+ p++; -+ if (*p) -+ type = p; -+ break; -+ } - #ifndef CHARSET_EBCDIC -- if (*type == '+') -+ if (*type == '+') - #else -- if (*type == os_toascii['+']) -+ if (*type == os_toascii['+']) - #endif -- { -- mval = -1; -- type++; -- } -- else -- mval = 0; -- if (!X509_NAME_add_entry_by_txt(nm,type, chtype, -- (unsigned char *) v->value,-1,-1,mval)) -- return 0; -- -- } -- return 1; -- } -+ { -+ mval = -1; -+ type++; -+ } else -+ mval = 0; -+ if (!X509_NAME_add_entry_by_txt(nm, type, chtype, -+ (unsigned char *)v->value, -1, -1, -+ mval)) -+ return 0; -+ -+ } -+ return 1; -+} -diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c -index d538ad8..40b0076 100644 ---- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c -+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c -@@ -7,7 +7,7 @@ - * are met: - * - * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -+ * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in -@@ -53,7 +53,8 @@ - * - */ - --/* NOTE: this file was auto generated by the mkerr.pl script: any changes -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ -@@ -65,155 +66,174 @@ - /* BEGIN ERROR CODES */ - #ifndef OPENSSL_NO_ERR - --#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0) --#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) - --static ERR_STRING_DATA X509V3_str_functs[]= -- { --{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), "ASIDENTIFIERCHOICE_CANONIZE"}, --{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIDENTIFIERCHOICE_IS_CANONICAL"}, --{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, --{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, --{ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, --{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, --{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, --{ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, --{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, --{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, --{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, --{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, --{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, --{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"}, --{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, --{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, --{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, --{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, --{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, --{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, --{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, --{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, --{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, --{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, --{ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, --{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, --{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, --{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, --{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, --{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, --{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, --{ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, --{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, --{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"}, --{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, --{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, --{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, --{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, --{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, --{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, --{ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, --{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, --{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, --{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, --{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, --{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, --{ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), "V3_ADDR_VALIDATE_PATH_INTERNAL"}, --{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, --{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, --{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, --{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, --{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, --{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, --{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, --{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, --{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, --{ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, --{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, --{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, --{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, --{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, --{0,NULL} -- }; -+static ERR_STRING_DATA X509V3_str_functs[] = { -+ {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), -+ "ASIDENTIFIERCHOICE_CANONIZE"}, -+ {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), -+ "ASIDENTIFIERCHOICE_IS_CANONICAL"}, -+ {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, -+ {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, -+ {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, -+ {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, -+ {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, -+ {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, -+ {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, -+ {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, -+ {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, -+ {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, -+ {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, -+ {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), -+ "I2V_AUTHORITY_INFO_ACCESS"}, -+ {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, -+ {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, -+ {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, -+ {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, -+ {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, -+ {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, -+ {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, -+ {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, -+ {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, -+ {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, -+ {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, -+ {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, -+ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, -+ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, -+ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, -+ {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, -+ {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, -+ {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, -+ {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, -+ {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), -+ "V2I_AUTHORITY_INFO_ACCESS"}, -+ {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, -+ {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, -+ {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, -+ {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, -+ {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, -+ {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, -+ {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, -+ {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, -+ {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, -+ {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, -+ {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, -+ {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, -+ {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), -+ "V3_ADDR_VALIDATE_PATH_INTERNAL"}, -+ {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, -+ {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, -+ {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, -+ {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, -+ {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, -+ {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, -+ {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, -+ {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, -+ {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, -+ {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, -+ {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, -+ {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, -+ {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, -+ {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, -+ {0, NULL} -+}; - --static ERR_STRING_DATA X509V3_str_reasons[]= -- { --{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"}, --{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"}, --{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"}, --{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"}, --{ERR_REASON(X509V3_R_DIRNAME_ERROR) ,"dirname error"}, --{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"}, --{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"}, --{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"}, --{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"}, --{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"}, --{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"}, --{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"}, --{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"}, --{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"}, --{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"}, --{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"}, --{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"}, --{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"}, --{ERR_REASON(X509V3_R_INVALID_ASNUMBER) ,"invalid asnumber"}, --{ERR_REASON(X509V3_R_INVALID_ASRANGE) ,"invalid asrange"}, --{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"}, --{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"}, --{ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"}, --{ERR_REASON(X509V3_R_INVALID_IPADDRESS) ,"invalid ipaddress"}, --{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"}, --{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, --{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"}, --{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"}, --{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"}, --{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"}, --{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"}, --{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"}, --{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"}, --{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"}, --{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"}, --{ERR_REASON(X509V3_R_INVALID_SAFI) ,"invalid safi"}, --{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"}, --{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"}, --{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"}, --{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"}, --{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"}, --{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"}, --{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"}, --{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"}, --{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"}, --{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"}, --{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"}, --{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"}, --{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"}, --{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"}, --{ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"}, --{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"}, --{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"}, --{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"}, --{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"}, --{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"}, --{ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"}, --{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"}, --{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"}, --{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"}, --{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"}, --{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"}, --{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"}, --{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"}, --{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"}, --{0,NULL} -- }; -+static ERR_STRING_DATA X509V3_str_reasons[] = { -+ {ERR_REASON(X509V3_R_BAD_IP_ADDRESS), "bad ip address"}, -+ {ERR_REASON(X509V3_R_BAD_OBJECT), "bad object"}, -+ {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, -+ {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), -+ "bn to asn1 integer error"}, -+ {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, -+ {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, -+ {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"}, -+ {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION), -+ "error creating extension"}, -+ {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION), "error in extension"}, -+ {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"}, -+ {ERR_REASON(X509V3_R_EXTENSION_EXISTS), "extension exists"}, -+ {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"}, -+ {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"}, -+ {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), -+ "extension setting not supported"}, -+ {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, -+ {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, -+ {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, -+ {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), -+ "incorrect policy syntax tag"}, -+ {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, -+ {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"}, -+ {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"}, -+ {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING), -+ "invalid extension string"}, -+ {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"}, -+ {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"}, -+ {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"}, -+ {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, -+ {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"}, -+ {ERR_REASON(X509V3_R_INVALID_NULL_VALUE), "invalid null value"}, -+ {ERR_REASON(X509V3_R_INVALID_NUMBER), "invalid number"}, -+ {ERR_REASON(X509V3_R_INVALID_NUMBERS), "invalid numbers"}, -+ {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER), -+ "invalid object identifier"}, -+ {ERR_REASON(X509V3_R_INVALID_OPTION), "invalid option"}, -+ {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER), -+ "invalid policy identifier"}, -+ {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING), -+ "invalid proxy policy setting"}, -+ {ERR_REASON(X509V3_R_INVALID_PURPOSE), "invalid purpose"}, -+ {ERR_REASON(X509V3_R_INVALID_SAFI), "invalid safi"}, -+ {ERR_REASON(X509V3_R_INVALID_SECTION), "invalid section"}, -+ {ERR_REASON(X509V3_R_INVALID_SYNTAX), "invalid syntax"}, -+ {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"}, -+ {ERR_REASON(X509V3_R_MISSING_VALUE), "missing value"}, -+ {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), -+ "need organization and numbers"}, -+ {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE), "no config database"}, -+ {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"}, -+ {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS), "no issuer details"}, -+ {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"}, -+ {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), -+ "no proxy cert policy language defined"}, -+ {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"}, -+ {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"}, -+ {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, -+ {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, -+ {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, -+ {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED), -+ "policy language alreadty defined"}, -+ {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, -+ {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED), -+ "policy path length alreadty defined"}, -+ {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), -+ "policy syntax not currently supported"}, -+ {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), -+ "policy when proxy language requires no policy"}, -+ {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"}, -+ {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), -+ "unable to get issuer details"}, -+ {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), -+ "unable to get issuer keyid"}, -+ {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), -+ "unknown bit string argument"}, -+ {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION), "unknown extension"}, -+ {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"}, -+ {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"}, -+ {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"}, -+ {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"}, -+ {0, NULL} -+}; - - #endif - - void ERR_load_X509V3_strings(void) -- { -+{ - #ifndef OPENSSL_NO_ERR - -- if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) -- { -- ERR_load_strings(0,X509V3_str_functs); -- ERR_load_strings(0,X509V3_str_reasons); -- } -+ if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, X509V3_str_functs); -+ ERR_load_strings(0, X509V3_str_reasons); -+ } - #endif -- } -+} -diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h -index cc90f5e..4a85a9c 100644 ---- a/Cryptlib/OpenSSL/e_os.h -+++ b/Cryptlib/OpenSSL/e_os.h -@@ -5,21 +5,21 @@ - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. -- * -+ * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -+ * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. -- * -+ * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: -@@ -34,10 +34,10 @@ - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -+ * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -+ * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -@@ -49,7 +49,7 @@ - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. -- * -+ * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence -@@ -57,333 +57,354 @@ - */ - - #ifndef HEADER_E_OS_H --#define HEADER_E_OS_H -+# define HEADER_E_OS_H - --#include -+# include - --#include --/* contains what we can justify to make visible -- * to the outside; this file e_os.h is not part of the exported -- * interface. */ -+# include -+/* -+ * contains what we can justify to make visible to the -+ * outside; this file e_os.h is not part of the exported interface. -+ */ - - #ifdef __cplusplus - extern "C" { - #endif - - /* Used to checking reference counts, most while doing perl5 stuff :-) */ --#ifdef REF_PRINT --#undef REF_PRINT --#define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a) --#endif -+# ifdef REF_PRINT -+# undef REF_PRINT -+# define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a) -+# endif - --#ifndef DEVRANDOM --/* set this to a comma-separated list of 'random' device files to try out. -- * My default, we will try to read at least one of these files */ --#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" --#endif --#ifndef DEVRANDOM_EGD --/* set this to a comma-seperated list of 'egd' sockets to try out. These -- * sockets will be tried in the order listed in case accessing the device files -- * listed in DEVRANDOM did not return enough entropy. */ --#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" --#endif -+# ifndef DEVRANDOM -+/* -+ * set this to a comma-separated list of 'random' device files to try out. My -+ * default, we will try to read at least one of these files -+ */ -+# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" -+# endif -+# ifndef DEVRANDOM_EGD -+/* -+ * set this to a comma-seperated list of 'egd' sockets to try out. These -+ * sockets will be tried in the order listed in case accessing the device -+ * files listed in DEVRANDOM did not return enough entropy. -+ */ -+# define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" -+# endif - --#if defined(OPENSSL_SYS_VXWORKS) -+# if defined(OPENSSL_SYS_VXWORKS) - # define NO_SYS_PARAM_H - # define NO_CHMOD - # define NO_SYSLOG --#endif -- --#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) --# if macintosh==1 --# ifndef MAC_OS_GUSI_SOURCE -+# endif -+ -+# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) -+# if macintosh==1 -+# ifndef MAC_OS_GUSI_SOURCE - # define MAC_OS_pre_X - # define NO_SYS_TYPES_H -- typedef long ssize_t; -+typedef long ssize_t; -+# endif -+# define NO_SYS_PARAM_H -+# define NO_CHMOD -+# define NO_SYSLOG -+# undef DEVRANDOM -+# define GETPID_IS_MEANINGLESS - # endif --# define NO_SYS_PARAM_H --# define NO_CHMOD --# define NO_SYSLOG --# undef DEVRANDOM --# define GETPID_IS_MEANINGLESS - # endif --#endif - - /******************************************************************** - The Microsoft section - ********************************************************************/ --/* The following is used becaue of the small stack in some -- * Microsoft operating systems */ --#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) --# define MS_STATIC static --#else -+/* -+ * The following is used becaue of the small stack in some Microsoft -+ * operating systems -+ */ -+# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) -+# define MS_STATIC static -+# else - # define MS_STATIC --#endif -+# endif - --#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) -+# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) - # define WIN32 --#endif --#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16) -+# endif -+# if defined(OPENSSL_SYS_WIN16) && !defined(WIN16) - # define WIN16 --#endif --#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) -+# endif -+# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) - # define WINDOWS --#endif --#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS) -+# endif -+# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS) - # define MSDOS --#endif -+# endif - --#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS) -+# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS) - # define GETPID_IS_MEANINGLESS --#endif -+# endif - --#ifdef WIN32 --#define get_last_sys_error() GetLastError() --#define clear_sys_error() SetLastError(0) --#if !defined(WINNT) --#define WIN_CONSOLE_BUG --#endif --#else --#define get_last_sys_error() errno --#define clear_sys_error() errno=0 --#endif -+# ifdef WIN32 -+# define get_last_sys_error() GetLastError() -+# define clear_sys_error() SetLastError(0) -+# if !defined(WINNT) -+# define WIN_CONSOLE_BUG -+# endif -+# else -+# define get_last_sys_error() errno -+# define clear_sys_error() errno=0 -+# endif - --#if defined(WINDOWS) --#define get_last_socket_error() WSAGetLastError() --#define clear_socket_error() WSASetLastError(0) --#define readsocket(s,b,n) recv((s),(b),(n),0) --#define writesocket(s,b,n) send((s),(b),(n),0) --#elif defined(__DJGPP__) --#define WATT32 --#define get_last_socket_error() errno --#define clear_socket_error() errno=0 --#define closesocket(s) close_s(s) --#define readsocket(s,b,n) read_s(s,b,n) --#define writesocket(s,b,n) send(s,b,n,0) --#elif defined(MAC_OS_pre_X) --#define get_last_socket_error() errno --#define clear_socket_error() errno=0 --#define closesocket(s) MacSocket_close(s) --#define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) --#define writesocket(s,b,n) MacSocket_send((s),(b),(n)) --#elif defined(OPENSSL_SYS_VMS) --#define get_last_socket_error() errno --#define clear_socket_error() errno=0 --#define ioctlsocket(a,b,c) ioctl(a,b,c) --#define closesocket(s) close(s) --#define readsocket(s,b,n) recv((s),(b),(n),0) --#define writesocket(s,b,n) send((s),(b),(n),0) --#elif defined(OPENSSL_SYS_VXWORKS) --#define get_last_socket_error() errno --#define clear_socket_error() errno=0 --#define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) --#define closesocket(s) close(s) --#define readsocket(s,b,n) read((s),(b),(n)) --#define writesocket(s,b,n) write((s),(char *)(b),(n)) --#elif defined(OPENSSL_SYS_NETWARE) --#if defined(NETWARE_BSDSOCK) --#define get_last_socket_error() errno --#define clear_socket_error() errno=0 --#define closesocket(s) close(s) --#define ioctlsocket(a,b,c) ioctl(a,b,c) --#if defined(NETWARE_LIBC) --#define readsocket(s,b,n) recv((s),(b),(n),0) --#define writesocket(s,b,n) send((s),(b),(n),0) --#else --#define readsocket(s,b,n) recv((s),(char*)(b),(n),0) --#define writesocket(s,b,n) send((s),(char*)(b),(n),0) --#endif --#else --#define get_last_socket_error() WSAGetLastError() --#define clear_socket_error() WSASetLastError(0) --#define readsocket(s,b,n) recv((s),(b),(n),0) --#define writesocket(s,b,n) send((s),(b),(n),0) --#endif --#else --#define get_last_socket_error() errno --#define clear_socket_error() errno=0 --#define ioctlsocket(a,b,c) ioctl(a,b,c) --#define closesocket(s) close(s) --#define readsocket(s,b,n) read((s),(b),(n)) --#define writesocket(s,b,n) write((s),(b),(n)) --#endif -+# if defined(WINDOWS) -+# define get_last_socket_error() WSAGetLastError() -+# define clear_socket_error() WSASetLastError(0) -+# define readsocket(s,b,n) recv((s),(b),(n),0) -+# define writesocket(s,b,n) send((s),(b),(n),0) -+# elif defined(__DJGPP__) -+# define WATT32 -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define closesocket(s) close_s(s) -+# define readsocket(s,b,n) read_s(s,b,n) -+# define writesocket(s,b,n) send(s,b,n,0) -+# elif defined(MAC_OS_pre_X) -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define closesocket(s) MacSocket_close(s) -+# define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) -+# define writesocket(s,b,n) MacSocket_send((s),(b),(n)) -+# elif defined(OPENSSL_SYS_VMS) -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define ioctlsocket(a,b,c) ioctl(a,b,c) -+# define closesocket(s) close(s) -+# define readsocket(s,b,n) recv((s),(b),(n),0) -+# define writesocket(s,b,n) send((s),(b),(n),0) -+# elif defined(OPENSSL_SYS_VXWORKS) -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) -+# define closesocket(s) close(s) -+# define readsocket(s,b,n) read((s),(b),(n)) -+# define writesocket(s,b,n) write((s),(char *)(b),(n)) -+# elif defined(OPENSSL_SYS_NETWARE) -+# if defined(NETWARE_BSDSOCK) -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define closesocket(s) close(s) -+# define ioctlsocket(a,b,c) ioctl(a,b,c) -+# if defined(NETWARE_LIBC) -+# define readsocket(s,b,n) recv((s),(b),(n),0) -+# define writesocket(s,b,n) send((s),(b),(n),0) -+# else -+# define readsocket(s,b,n) recv((s),(char*)(b),(n),0) -+# define writesocket(s,b,n) send((s),(char*)(b),(n),0) -+# endif -+# else -+# define get_last_socket_error() WSAGetLastError() -+# define clear_socket_error() WSASetLastError(0) -+# define readsocket(s,b,n) recv((s),(b),(n),0) -+# define writesocket(s,b,n) send((s),(b),(n),0) -+# endif -+# else -+# define get_last_socket_error() errno -+# define clear_socket_error() errno=0 -+# define ioctlsocket(a,b,c) ioctl(a,b,c) -+# define closesocket(s) close(s) -+# define readsocket(s,b,n) read((s),(b),(n)) -+# define writesocket(s,b,n) write((s),(b),(n)) -+# endif - --#ifdef WIN16 --# define MS_CALLBACK _far _loadds --# define MS_FAR _far --#else -+# ifdef WIN16 -+# define MS_CALLBACK _far _loadds -+# define MS_FAR _far -+# else - # define MS_CALLBACK - # define MS_FAR --#endif -+# endif - --#ifdef OPENSSL_NO_STDIO -+# ifdef OPENSSL_NO_STDIO - # undef OPENSSL_NO_FP_API - # define OPENSSL_NO_FP_API --#endif -+# endif - --#if (defined(WINDOWS) || defined(MSDOS)) -+# if (defined(WINDOWS) || defined(MSDOS)) - - # ifdef __DJGPP__ --# include --# include --# include --# include --# include --# define _setmode setmode --# define _O_TEXT O_TEXT --# define _O_BINARY O_BINARY --# undef DEVRANDOM --# define DEVRANDOM "/dev/urandom\x24" --# endif /* __DJGPP__ */ -+# include -+# include -+# include -+# include -+# include -+# define _setmode setmode -+# define _O_TEXT O_TEXT -+# define _O_BINARY O_BINARY -+# undef DEVRANDOM -+# define DEVRANDOM "/dev/urandom\x24" -+# endif /* __DJGPP__ */ - - # ifndef S_IFDIR --# define S_IFDIR _S_IFDIR -+# define S_IFDIR _S_IFDIR - # endif - - # ifndef S_IFMT --# define S_IFMT _S_IFMT -+# define S_IFMT _S_IFMT - # endif - - # if !defined(WINNT) && !defined(__DJGPP__) --# define NO_SYSLOG -+# define NO_SYSLOG - # endif - # define NO_DIRENT - - # ifdef WINDOWS --# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) -+# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) - /* -- * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." -- * Most notably we ought to check for availability of each specific -- * routine with GetProcAddress() and/or quard NT-specific calls with -- * GetVersion() < 0x80000000. One can argue that in latter "or" case -- * we ought to /DELAYLOAD some .DLLs in order to protect ourselves -- * against run-time link errors. This doesn't seem to be necessary, -- * because it turned out that already Windows 95, first non-NT Win32 -- * implementation, is equipped with at least NT 3.51 stubs, dummy -- * routines with same name, but which do nothing. Meaning that it's -- * apparently appropriate to guard generic NT calls with GetVersion -- * alone, while NT 4.0 and above calls ought to be additionally -- * checked upon with GetProcAddress. -- */ --# define _WIN32_WINNT 0x0400 --# endif --# include --# include --# include --# include --# include --# ifdef _WIN64 --# define strlen(s) _strlen31(s) -+ * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." -+ * Most notably we ought to check for availability of each specific -+ * routine with GetProcAddress() and/or quard NT-specific calls with -+ * GetVersion() < 0x80000000. One can argue that in latter "or" case -+ * we ought to /DELAYLOAD some .DLLs in order to protect ourselves -+ * against run-time link errors. This doesn't seem to be necessary, -+ * because it turned out that already Windows 95, first non-NT Win32 -+ * implementation, is equipped with at least NT 3.51 stubs, dummy -+ * routines with same name, but which do nothing. Meaning that it's -+ * apparently appropriate to guard generic NT calls with GetVersion -+ * alone, while NT 4.0 and above calls ought to be additionally -+ * checked upon with GetProcAddress. -+ */ -+# define _WIN32_WINNT 0x0400 -+# endif -+# include -+# include -+# include -+# include -+# include -+# ifdef _WIN64 -+# define strlen(s) _strlen31(s) - /* cut strings to 2GB */ --static unsigned int _strlen31(const char *str) -- { -- unsigned int len=0; -- while (*str && len<0x80000000U) str++, len++; -- return len&0x7FFFFFFF; -- } --# endif --# include --# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) -+static __inline unsigned int _strlen31(const char *str) -+{ -+ unsigned int len = 0; -+ while (*str && len < 0x80000000U) -+ str++, len++; -+ return len & 0x7FFFFFFF; -+} -+# endif -+# include -+# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) - /* compensate for bug in VC6 ctype.h */ --# undef isspace --# undef isdigit --# undef isalnum --# undef isupper --# undef isxdigit --# endif --# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin) --# if _MSC_VER>=1300 --# undef stdin --# undef stdout --# undef stderr -- FILE *__iob_func(); --# define stdin (&__iob_func()[0]) --# define stdout (&__iob_func()[1]) --# define stderr (&__iob_func()[2]) --# elif defined(I_CAN_LIVE_WITH_LNK4049) --# undef stdin --# undef stdout --# undef stderr -- /* pre-1300 has __p__iob(), but it's available only in msvcrt.lib, -- * or in other words with /MD. Declaring implicit import, i.e. -- * with _imp_ prefix, works correctly with all compiler options, -- * but without /MD results in LINK warning LNK4049: -- * 'locally defined symbol "__iob" imported'. -+# undef isspace -+# undef isdigit -+# undef isalnum -+# undef isupper -+# undef isxdigit -+# endif -+# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin) -+# if _MSC_VER>=1300 -+# undef stdin -+# undef stdout -+# undef stderr -+FILE *__iob_func(); -+# define stdin (&__iob_func()[0]) -+# define stdout (&__iob_func()[1]) -+# define stderr (&__iob_func()[2]) -+# elif defined(I_CAN_LIVE_WITH_LNK4049) -+# undef stdin -+# undef stdout -+# undef stderr -+ /* -+ * pre-1300 has __p__iob(), but it's available only in msvcrt.lib, -+ * or in other words with /MD. Declaring implicit import, i.e. with -+ * _imp_ prefix, works correctly with all compiler options, but -+ * without /MD results in LINK warning LNK4049: 'locally defined -+ * symbol "__iob" imported'. - */ -- extern FILE *_imp___iob; --# define stdin (&_imp___iob[0]) --# define stdout (&_imp___iob[1]) --# define stderr (&_imp___iob[2]) --# endif -+extern FILE *_imp___iob; -+# define stdin (&_imp___iob[0]) -+# define stdout (&_imp___iob[1]) -+# define stderr (&_imp___iob[2]) - # endif -+# endif - # endif - # include - # include - - # ifdef OPENSSL_SYS_WINCE --# include -+# include - # endif - - # define ssize_t long - - # if defined (__BORLANDC__) --# define _setmode setmode --# define _O_TEXT O_TEXT --# define _O_BINARY O_BINARY --# define _int64 __int64 --# define _kbhit kbhit -+# define _setmode setmode -+# define _O_TEXT O_TEXT -+# define _O_BINARY O_BINARY -+# define _int64 __int64 -+# define _kbhit kbhit - # endif - - # if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST) --# define EXIT(n) _wsetexit(_WINEXITNOPERSIST) --# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) -+# define EXIT(n) _wsetexit(_WINEXITNOPERSIST) -+# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) - # else --# define EXIT(n) exit(n) -+# define EXIT(n) exit(n) - # endif - # define LIST_SEPARATOR_CHAR ';' - # ifndef X_OK --# define X_OK 0 -+# define X_OK 0 - # endif - # ifndef W_OK --# define W_OK 2 -+# define W_OK 2 - # endif - # ifndef R_OK --# define R_OK 4 -+# define R_OK 4 - # endif --# define OPENSSL_CONF "openssl.cnf" --# define SSLEAY_CONF OPENSSL_CONF --# define NUL_DEV "nul" --# define RFILE ".rnd" -+# define OPENSSL_CONF "openssl.cnf" -+# define SSLEAY_CONF OPENSSL_CONF -+# define NUL_DEV "nul" -+# define RFILE ".rnd" - # ifdef OPENSSL_SYS_WINCE --# define DEFAULT_HOME "" -+# define DEFAULT_HOME "" - # else --# define DEFAULT_HOME "C:" -+# define DEFAULT_HOME "C:" - # endif - --#else /* The non-microsoft world world */ -+/* Avoid Visual Studio 13 GetVersion deprecated problems */ -+# if defined(_MSC_VER) && _MSC_VER>=1800 -+# define check_winnt() (1) -+# define check_win_minplat(x) (1) -+# else -+# define check_winnt() (GetVersion() < 0x80000000) -+# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) -+# endif -+ -+# else /* The non-microsoft world */ - - # ifdef OPENSSL_SYS_VMS --# define VMS 1 -- /* some programs don't include stdlib, so exit() and others give implicit -- function warnings */ --# include --# if defined(__DECC) --# include --# else --# include --# endif --# define OPENSSL_CONF "openssl.cnf" --# define SSLEAY_CONF OPENSSL_CONF --# define RFILE ".rnd" --# define LIST_SEPARATOR_CHAR ',' --# define NUL_DEV "NLA0:" -+# define VMS 1 -+ /* -+ * some programs don't include stdlib, so exit() and others give implicit -+ * function warnings -+ */ -+# include -+# if defined(__DECC) -+# include -+# else -+# include -+# endif -+# define OPENSSL_CONF "openssl.cnf" -+# define SSLEAY_CONF OPENSSL_CONF -+# define RFILE ".rnd" -+# define LIST_SEPARATOR_CHAR ',' -+# define NUL_DEV "NLA0:" - /* We don't have any well-defined random devices on VMS, yet... */ --# undef DEVRANDOM -- /* We need to do this since VMS has the following coding on status codes: -+# undef DEVRANDOM -+ /*- -+ We need to do this since VMS has the following coding on status codes: - - Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ... - The important thing to know is that odd numbers are considered -- good, while even ones are considered errors. -+ good, while even ones are considered errors. - Bits 3-15: actual status number - Bits 16-27: facility number. 0 is considered "unknown" - Bits 28-31: control bits. If bit 28 is set, the shell won't try to -@@ -394,317 +415,340 @@ static unsigned int _strlen31(const char *str) - the status is tagged as an error, which I believe is what is wanted here. - -- Richard Levitte - */ --# define EXIT(n) do { int __VMS_EXIT = n; \ -+# define EXIT(n) do { int __VMS_EXIT = n; \ - if (__VMS_EXIT == 0) \ -- __VMS_EXIT = 1; \ -- else \ -- __VMS_EXIT = (n << 3) | 2; \ -+ __VMS_EXIT = 1; \ -+ else \ -+ __VMS_EXIT = (n << 3) | 2; \ - __VMS_EXIT |= 0x10000000; \ -- exit(__VMS_EXIT); } while(0) --# define NO_SYS_PARAM_H -+ exit(__VMS_EXIT); } while(0) -+# define NO_SYS_PARAM_H - - # elif defined(OPENSSL_SYS_NETWARE) --# include --# include --# define NO_SYS_TYPES_H --# undef DEVRANDOM --# ifdef NETWARE_CLIB --# define getpid GetThreadID -- extern int GetThreadID(void); -+# include -+# include -+# define NO_SYS_TYPES_H -+# undef DEVRANDOM -+# ifdef NETWARE_CLIB -+# define getpid GetThreadID -+extern int GetThreadID(void); - /* # include */ -- extern int kbhit(void); -- extern void delay(unsigned milliseconds); --# else --# include --# endif --# define NO_SYSLOG --# define _setmode setmode --# define _kbhit kbhit --# define _O_TEXT O_TEXT --# define _O_BINARY O_BINARY --# define OPENSSL_CONF "openssl.cnf" --# define SSLEAY_CONF OPENSSL_CONF --# define RFILE ".rnd" --# define LIST_SEPARATOR_CHAR ';' --# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } -+extern int kbhit(void); -+extern void delay(unsigned milliseconds); -+# else -+# include -+# endif -+# define NO_SYSLOG -+# define _setmode setmode -+# define _kbhit kbhit -+# define _O_TEXT O_TEXT -+# define _O_BINARY O_BINARY -+# define OPENSSL_CONF "openssl.cnf" -+# define SSLEAY_CONF OPENSSL_CONF -+# define RFILE ".rnd" -+# define LIST_SEPARATOR_CHAR ';' -+# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } - - # else - /* !defined VMS */ --# ifdef OPENSSL_SYS_MPE --# define NO_SYS_PARAM_H --# endif --# ifdef OPENSSL_UNISTD --# include OPENSSL_UNISTD --# else --# include --# endif --# ifndef NO_SYS_TYPES_H --# include --# endif --# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) --# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP -- * (unless when compiling with -D_POSIX_SOURCE, -- * which doesn't work for us) */ --# endif --# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) --# define ssize_t int /* ditto */ --# endif --# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ --# define setvbuf(a, b, c, d) setbuffer((a), (b), (d)) -- typedef unsigned long clock_t; --# endif -- --# define OPENSSL_CONF "openssl.cnf" --# define SSLEAY_CONF OPENSSL_CONF --# define RFILE ".rnd" --# define LIST_SEPARATOR_CHAR ':' --# define NUL_DEV "/dev/null" --# define EXIT(n) exit(n) -+# ifdef OPENSSL_SYS_MPE -+# define NO_SYS_PARAM_H -+# endif -+# ifdef OPENSSL_UNISTD -+# include OPENSSL_UNISTD -+# else -+# include -+# endif -+# ifndef NO_SYS_TYPES_H -+# include -+# endif -+# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) -+# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP -+ * (unless when compiling with -+ * -D_POSIX_SOURCE, which doesn't work for -+ * us) */ -+# endif -+# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) -+# define ssize_t int /* ditto */ -+# endif -+# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ -+# define setvbuf(a, b, c, d) setbuffer((a), (b), (d)) -+typedef unsigned long clock_t; -+# endif -+ -+# define OPENSSL_CONF "openssl.cnf" -+# define SSLEAY_CONF OPENSSL_CONF -+# define RFILE ".rnd" -+# define LIST_SEPARATOR_CHAR ':' -+# define NUL_DEV "/dev/null" -+# define EXIT(n) exit(n) - # endif - --# define SSLeay_getpid() getpid() -- --#endif -+# define SSLeay_getpid() getpid() - -+# endif - - /*************/ - --#ifdef USE_SOCKETS -+# ifdef USE_SOCKETS - # if defined(WINDOWS) || defined(MSDOS) - /* windows world */ - --# ifdef OPENSSL_NO_SOCK --# define SSLeay_Write(a,b,c) (-1) --# define SSLeay_Read(a,b,c) (-1) --# define SHUTDOWN(fd) close(fd) --# define SHUTDOWN2(fd) close(fd) --# elif !defined(__DJGPP__) --# include -+# ifdef OPENSSL_NO_SOCK -+# define SSLeay_Write(a,b,c) (-1) -+# define SSLeay_Read(a,b,c) (-1) -+# define SHUTDOWN(fd) close(fd) -+# define SHUTDOWN2(fd) close(fd) -+# elif !defined(__DJGPP__) -+# include - extern HINSTANCE _hInstance; --# ifdef _WIN64 -+# ifdef _WIN64 - /* - * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because - * the value constitutes an index in per-process table of limited size - * and not a real pointer. - */ --# define socket(d,t,p) ((int)socket(d,t,p)) --# define accept(s,f,l) ((int)accept(s,f,l)) --# endif --# define SSLeay_Write(a,b,c) send((a),(b),(c),0) --# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) --# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } --# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } --# else --# define SSLeay_Write(a,b,c) write_s(a,b,c,0) --# define SSLeay_Read(a,b,c) read_s(a,b,c) --# define SHUTDOWN(fd) close_s(fd) --# define SHUTDOWN2(fd) close_s(fd) -+# define socket(d,t,p) ((int)socket(d,t,p)) -+# define accept(s,f,l) ((int)accept(s,f,l)) - # endif -+# define SSLeay_Write(a,b,c) send((a),(b),(c),0) -+# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) -+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } -+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } -+# else -+# define SSLeay_Write(a,b,c) write_s(a,b,c,0) -+# define SSLeay_Read(a,b,c) read_s(a,b,c) -+# define SHUTDOWN(fd) close_s(fd) -+# define SHUTDOWN2(fd) close_s(fd) -+# endif - - # elif defined(MAC_OS_pre_X) - --# include "MacSocket.h" --# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c)) --# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true) --# define SHUTDOWN(fd) MacSocket_close(fd) --# define SHUTDOWN2(fd) MacSocket_close(fd) -+# include "MacSocket.h" -+# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c)) -+# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true) -+# define SHUTDOWN(fd) MacSocket_close(fd) -+# define SHUTDOWN2(fd) MacSocket_close(fd) - - # elif defined(OPENSSL_SYS_NETWARE) -- /* NetWare uses the WinSock2 interfaces by default, but can be configured for BSD -- */ --# if defined(NETWARE_BSDSOCK) --# include --# include --# include --# if defined(NETWARE_CLIB) --# include --# else --# include --# endif --# define INVALID_SOCKET (int)(~0) --# else --# include --# endif --# define SSLeay_Write(a,b,c) send((a),(b),(c),0) --# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) --# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } --# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } -- --# else -- --# ifndef NO_SYS_PARAM_H --# include --# endif --# ifdef OPENSSL_SYS_VXWORKS --# include --# elif !defined(OPENSSL_SYS_MPE) --# include /* Needed under linux for FD_XXX */ --# endif -- --# include --# if defined(OPENSSL_SYS_VMS_NODECC) --# include --# include --# include -+ /* -+ * NetWare uses the WinSock2 interfaces by default, but can be -+ * configured for BSD -+ */ -+# if defined(NETWARE_BSDSOCK) -+# include -+# include -+# include -+# if defined(NETWARE_CLIB) -+# include - # else --# include --# ifdef FILIO_H --# include /* Added for FIONBIO under unixware */ --# endif --# include --# include --# endif -- --# if defined(NeXT) || defined(_NEXT_SOURCE) --# include --# include -+# include - # endif -+# define INVALID_SOCKET (int)(~0) -+# else -+# include -+# endif -+# define SSLeay_Write(a,b,c) send((a),(b),(c),0) -+# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) -+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } -+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } - --# ifdef OPENSSL_SYS_AIX --# include --# endif -+# else - --# ifdef __QNX__ --# include -+# ifndef NO_SYS_PARAM_H -+# include -+# endif -+# ifdef OPENSSL_SYS_VXWORKS -+# include -+# elif !defined(OPENSSL_SYS_MPE) -+# include /* Needed under linux for FD_XXX */ -+# endif -+ -+# include -+# if defined(OPENSSL_SYS_VMS_NODECC) -+# include -+# include -+# include -+# else -+# include -+# ifdef FILIO_H -+# include /* Added for FIONBIO under unixware */ - # endif -- --# if defined(sun) --# include -+# include -+# include -+# endif -+ -+# if defined(NeXT) || defined(_NEXT_SOURCE) -+# include -+# include -+# endif -+ -+# ifdef OPENSSL_SYS_AIX -+# include -+# endif -+ -+# ifdef __QNX__ -+# include -+# endif -+ -+# if defined(sun) -+# include -+# else -+# ifndef VMS -+# include - # else --# ifndef VMS --# include --# else -- /* ioctl is only in VMS > 7.0 and when socketshr is not used */ --# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) --# include --# endif --# endif -+ /* ioctl is only in VMS > 7.0 and when socketshr is not used */ -+# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) -+# include -+# endif - # endif -+# endif - --# ifdef VMS --# include --# if defined(TCPIP_TYPE_SOCKETSHR) --# include --# endif -+# ifdef VMS -+# include -+# if defined(TCPIP_TYPE_SOCKETSHR) -+# include - # endif -- --# define SSLeay_Read(a,b,c) read((a),(b),(c)) --# define SSLeay_Write(a,b,c) write((a),(b),(c)) --# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); } --# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } --# ifndef INVALID_SOCKET --# define INVALID_SOCKET (-1) --# endif /* INVALID_SOCKET */ -+# endif -+ -+# define SSLeay_Read(a,b,c) read((a),(b),(c)) -+# define SSLeay_Write(a,b,c) write((a),(b),(c)) -+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); } -+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } -+# ifndef INVALID_SOCKET -+# define INVALID_SOCKET (-1) -+# endif /* INVALID_SOCKET */ - # endif --#endif -+# endif - --#if defined(__ultrix) -+# if defined(__ultrix) - # ifndef ssize_t --# define ssize_t int -+# define ssize_t int - # endif --#endif -+# endif - --#if defined(sun) && !defined(__svr4__) && !defined(__SVR4) -+# if defined(sun) && !defined(__svr4__) && !defined(__SVR4) - /* include headers first, so our defines don't break it */ --#include --#include -+# include -+# include - /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */ --# define memmove(s1,s2,n) bcopy((s2),(s1),(n)) --# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b))) --extern char *sys_errlist[]; extern int sys_nerr; --# define strerror(errnum) \ -- (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) -+# define memmove(s1,s2,n) bcopy((s2),(s1),(n)) -+# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b))) -+extern char *sys_errlist[]; -+extern int sys_nerr; -+# define strerror(errnum) \ -+ (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) - /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */ --#include "crypto/o_str.h" --# define memcmp OPENSSL_memcmp --#endif -+# include "crypto/o_str.h" -+# define memcmp OPENSSL_memcmp -+# endif - --#ifndef OPENSSL_EXIT --# if defined(MONOLITH) && !defined(OPENSSL_C) --# define OPENSSL_EXIT(n) return(n) --# else --# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0) -+# ifndef OPENSSL_EXIT -+# if defined(MONOLITH) && !defined(OPENSSL_C) -+# define OPENSSL_EXIT(n) return(n) -+# else -+# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0) -+# endif - # endif --#endif - - /***********************************************/ - --/* do we need to do this for getenv. -- * Just define getenv for use under windows */ -+/* -+ * do we need to do this for getenv. Just define getenv for use under windows -+ */ - --#ifdef WIN16 -+# ifdef WIN16 - /* How to do this needs to be thought out a bit more.... */ --/*char *GETENV(char *); --#define Getenv GETENV*/ --#define Getenv getenv --#else --#define Getenv getenv --#endif -+/* -+ * char *GETENV(char *); #define Getenv GETENV -+ */ -+# define Getenv getenv -+# else -+# define Getenv getenv -+# endif - --#define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ -+# define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ - --#ifdef sgi --#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ --#endif --#ifdef OPENSSL_SYS_SNI --#define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/ --#endif -+# ifdef sgi -+# define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ -+# endif -+# ifdef OPENSSL_SYS_SNI -+# define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from -+ * the same bug. */ -+# endif - --#if defined(OPENSSL_SYS_WINDOWS) -+# if defined(OPENSSL_SYS_WINDOWS) - # define strcasecmp _stricmp - # define strncasecmp _strnicmp --#elif defined(OPENSSL_SYS_VMS) -+# elif defined(OPENSSL_SYS_VMS) - /* VMS below version 7.0 doesn't have strcasecmp() */ - # include "o_str.h" - # define strcasecmp OPENSSL_strcasecmp - # define strncasecmp OPENSSL_strncasecmp - # define OPENSSL_IMPLEMENTS_strncasecmp --#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) -+# elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) - # define strcasecmp stricmp - # define strncasecmp strnicmp --#elif defined(OPENSSL_SYS_NETWARE) -+# elif defined(OPENSSL_SYS_NETWARE) - # include - # if defined(NETWARE_CLIB) --# define strcasecmp stricmp --# define strncasecmp strnicmp --# endif /* NETWARE_CLIB */ --#endif -+# define strcasecmp stricmp -+# define strncasecmp strnicmp -+# endif /* NETWARE_CLIB */ -+# endif - --#if defined(OPENSSL_SYS_OS2) && defined(__EMX__) --# include --# include --# define NO_SYSLOG --#endif -+# if defined(OPENSSL_SYS_OS2) && defined(__EMX__) -+# include -+# include -+# define NO_SYSLOG -+# endif - - /* vxworks */ --#if defined(OPENSSL_SYS_VXWORKS) --#include --#include --#include -+# if defined(OPENSSL_SYS_VXWORKS) -+# include -+# include -+# include - --#define TTY_STRUCT int -+# define TTY_STRUCT int - --#define sleep(a) taskDelay((a) * sysClkRateGet()) -+# define sleep(a) taskDelay((a) * sysClkRateGet()) - --#include --#include --#include -+# include -+# include -+# include - --#define getpid taskIdSelf -+# define getpid taskIdSelf - --/* NOTE: these are implemented by helpers in database app! -- * if the database is not linked, we need to implement them -- * elswhere */ -+/* -+ * NOTE: these are implemented by helpers in database app! if the database is -+ * not linked, we need to implement them elswhere -+ */ - struct hostent *gethostbyname(const char *name); - struct hostent *gethostbyaddr(const char *addr, int length, int type); - struct servent *getservbyname(const char *name, const char *proto); - --#endif -+# endif - /* end vxworks */ - -+# if !defined(inline) && !defined(__cplusplus) -+# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L -+ /* do nothing, inline works */ -+# elif defined(__GNUC__) && __GNUC__>=2 -+# define inline __inline__ -+# elif defined(_MSC_VER) -+ /* -+ * Visual Studio: inline is available in C++ only, however -+ * __inline is available for C, see -+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx -+ */ -+# define inline __inline -+# else -+# define inline -+# endif -+# endif -+ - #ifdef __cplusplus - } - #endif - - #endif -- -diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh -index 897ef2d..89ccd84 100755 ---- a/Cryptlib/OpenSSL/update.sh -+++ b/Cryptlib/OpenSSL/update.sh -@@ -1,8 +1,9 @@ - #/bin/sh - DIR=$1 --version="0.9.8zb" -+version="0.9.8zf" - - install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h -+install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/constant_time_locl.h crypto/constant_time_locl.h - install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c - install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dyn_lck.c crypto/dyn_lck.c - install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c -diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c -index 7b8bca5..4ce2b06 100644 ---- a/Cryptlib/Pk/CryptAuthenticode.c -+++ b/Cryptlib/Pk/CryptAuthenticode.c -@@ -9,7 +9,7 @@ - AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for - data structure. - --Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -123,7 +123,7 @@ AuthenticodeVerify ( - // Un-matched SPC_INDIRECT_DATA_OBJID. - // - goto _Exit; -- } -+ } - - - SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data); -@@ -135,16 +135,27 @@ AuthenticodeVerify ( - - if ((Asn1Byte & 0x80) == 0) { - // -- // Short Form of Length Encoding -+ // Short Form of Length Encoding (Length < 128) - // - ContentSize = (UINTN) (Asn1Byte & 0x7F); - // - // Skip the SEQUENCE Tag; - // - SpcIndirectDataContent += 2; -+ -+ } else if ((Asn1Byte & 0x81) == 0x81) { -+ // -+ // Long Form of Length Encoding (128 <= Length < 255, Single Octet) -+ // -+ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2)); -+ // -+ // Skip the SEQUENCE Tag; -+ // -+ SpcIndirectDataContent += 3; -+ - } else if ((Asn1Byte & 0x82) == 0x82) { - // -- // Long Form of Length Encoding, only support two bytes. -+ // Long Form of Length Encoding (Length > 255, Two Octet) - // - ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2)); - ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3)); -@@ -152,6 +163,7 @@ AuthenticodeVerify ( - // Skip the SEQUENCE Tag; - // - SpcIndirectDataContent += 4; -+ - } else { - goto _Exit; - } -diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c -index 05c3f87..a9665d5 100644 ---- a/Cryptlib/Pk/CryptPkcs7Verify.c -+++ b/Cryptlib/Pk/CryptPkcs7Verify.c -@@ -10,7 +10,7 @@ - WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated - Variable and will do basic check for data structure. - --Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -123,7 +123,7 @@ X509VerifyCb ( - @param[in] P7Length Length of the PKCS#7 message in bytes. - @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise - return FALSE. -- @param[out] WrapData If return status of this function is TRUE: -+ @param[out] WrapData If return status of this function is TRUE: - 1) when WrapFlag is TRUE, pointer to P7Data. - 2) when WrapFlag is FALSE, pointer to a new ContentInfo - structure. It's caller's responsibility to free this -@@ -227,7 +227,7 @@ WrapPkcs7Data ( - @param[in] X509Stack Pointer to a X509 stack object. - @param[out] Cert Pointer to a X509 certificate. - @param[out] CertSize Length of output X509 certificate in bytes. -- -+ - @retval TRUE The X509 stack pop succeeded. - @retval FALSE The pop operation failed. - -@@ -359,7 +359,7 @@ Pkcs7GetSigners ( - (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) { - return FALSE; - } -- -+ - Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); - if (!Status) { - return Status; -@@ -410,7 +410,7 @@ Pkcs7GetSigners ( - // - BufferSize = sizeof (UINT8); - OldSize = BufferSize; -- -+ - for (Index = 0; ; Index++) { - Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize); - if (!Status) { -@@ -455,7 +455,7 @@ Pkcs7GetSigners ( - *CertStack = CertBuf; - *StackLength = BufferSize; - Status = TRUE; -- } -+ } - - _Exit: - // -@@ -485,7 +485,7 @@ _Exit: - if (OldBuf != NULL) { - free (OldBuf); - } -- -+ - return Status; - } - -@@ -556,11 +556,11 @@ Pkcs7Verify ( - // - // Check input parameters. - // -- if (P7Data == NULL || TrustedCert == NULL || InData == NULL || -+ if (P7Data == NULL || TrustedCert == NULL || InData == NULL || - P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) { - return FALSE; - } -- -+ - Pkcs7 = NULL; - DataBio = NULL; - Cert = NULL; -@@ -578,18 +578,23 @@ Pkcs7Verify ( - if (EVP_add_digest (EVP_sha256 ()) == 0) { - return FALSE; - } -+ if (EVP_add_digest (EVP_sha384 ()) == 0) { -+ return FALSE; -+ } -+ if (EVP_add_digest (EVP_sha512 ()) == 0) { -+ return FALSE; -+ } - if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) { - return FALSE; - } - -- - Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); - if (!Status) { - return Status; - } - - Status = FALSE; -- -+ - // - // Retrieve PKCS#7 Data (DER encoding) - // -@@ -674,4 +679,4 @@ _Exit: - } - - return Status; --} -+} -\ No newline at end of file -diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c -index 5abe970..29efc42 100644 ---- a/Cryptlib/Pk/CryptX509.c -+++ b/Cryptlib/Pk/CryptX509.c -@@ -1,7 +1,7 @@ - /** @file - X.509 Certificate Handler Wrapper Implementation over OpenSSL. - --Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
-+Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -484,3 +484,79 @@ _Exit: - - return Status; - } -+ -+/** -+ Retrieve the TBSCertificate from one given X.509 certificate. -+ -+ @param[in] Cert Pointer to the given DER-encoded X509 certificate. -+ @param[in] CertSize Size of the X509 certificate in bytes. -+ @param[out] TBSCert DER-Encoded To-Be-Signed certificate. -+ @param[out] TBSCertSize Size of the TBS certificate in bytes. -+ -+ If Cert is NULL, then return FALSE. -+ If TBSCert is NULL, then return FALSE. -+ If TBSCertSize is NULL, then return FALSE. -+ -+ @retval TRUE The TBSCertificate was retrieved successfully. -+ @retval FALSE Invalid X.509 certificate. -+ -+**/ -+BOOLEAN -+EFIAPI -+X509GetTBSCert ( -+ IN CONST UINT8 *Cert, -+ IN UINTN CertSize, -+ OUT UINT8 **TBSCert, -+ OUT UINTN *TBSCertSize -+ ) -+{ -+ CONST UINT8 *Temp; -+ INTN Asn1Tag; -+ INTN ObjClass; -+ UINTN Length; -+ -+ // -+ // Check input parameters. -+ // -+ if ((Cert == NULL) || (TBSCert == NULL) || (TBSCertSize == NULL)) { -+ return FALSE; -+ } -+ -+ // -+ // An X.509 Certificate is: (defined in RFC3280) -+ // Certificate ::= SEQUENCE { -+ // tbsCertificate TBSCertificate, -+ // signatureAlgorithm AlgorithmIdentifier, -+ // signature BIT STRING } -+ // -+ // and -+ // -+ // TBSCertificate ::= SEQUENCE { -+ // version [0] Version DEFAULT v1, -+ // ... -+ // } -+ // -+ // So we can just ASN1-parse the x.509 DER-encoded data. If we strip -+ // the first SEQUENCE, the second SEQUENCE is the TBSCertificate. -+ // -+ Temp = Cert; -+ ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); -+ -+ if (Asn1Tag != V_ASN1_SEQUENCE) { -+ return FALSE; -+ } -+ -+ *TBSCert = (UINT8 *)Temp; -+ -+ ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); -+ // -+ // Verify the parsed TBSCertificate is one correct SEQUENCE data. -+ // -+ if (Asn1Tag != V_ASN1_SEQUENCE) { -+ return FALSE; -+ } -+ -+ *TBSCertSize = Length + (Temp - *TBSCert); -+ -+ return TRUE; -+} --- -2.1.4 - diff --git a/shim.changes b/shim.changes index 4b09725..158d6cb 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Jul 6 09:06:02 UTC 2015 - glin@suse.com + +- Update to 0.9 +- Refresh patches + + shim-fix-gnu-efi-30w.patch + + shim-fix-mokmanager-sections.patch + + shim-opensuse-cert-prompt.patch +- Drop upstreamed patches + + shim-bsc920515-fix-fallback-buffer-length.patch + + shim-mokx-support.patch + + shim-update-cryptlib.patch +- Drop shim-bsc919675-uninstall-shim-protocols.patch since + upstream fixed the bug in another way. +- Drop shim-gcc5.patch which was fixed in another way + ------------------------------------------------------------------- Wed Apr 8 07:10:39 UTC 2015 - glin@suse.com diff --git a/shim.spec b/shim.spec index c4b096c..6864532 100644 --- a/shim.spec +++ b/shim.spec @@ -19,7 +19,7 @@ # needssslcertforbuild Name: shim -Version: 0.8 +Version: 0.9 Release: 0 Summary: UEFI shim loader License: BSD-2-Clause @@ -40,23 +40,14 @@ Source9: openSUSE-UEFI-CA-Certificate-4096.crt Source10: timestamp.pl Source11: strip_signature.sh Source12: signature-sles.asc -# PATCH-FIX-UPSTREAM shim-mokx-support.patch glin@suse.com -- Support MOK blacklist -Patch1: shim-mokx-support.patch # PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c -Patch2: shim-only-os-name.patch +Patch1: shim-only-os-name.patch # PATCH-FIX-UPSTREAM shim-fix-gnu-efi-30w.patch glin@suse.com -- Adapt the change in gnu-efi 3.0w -Patch3: shim-fix-gnu-efi-30w.patch +Patch2: shim-fix-gnu-efi-30w.patch # PATCH-FIX-UPSTREAM shim-fix-mokmanager-sections.patch glin@suse.com -- Fix the objcopy parameters for the EFI files -Patch4: shim-fix-mokmanager-sections.patch -# PATCH-FIX-UPSTREAM shim-bsc919675-uninstall-shim-protocols.patch bsc#919675 glin@suse.com -- Uinstall the shim protocols at Exit -Patch5: shim-bsc919675-uninstall-shim-protocols.patch -# PATCH-FIX-UPSTREAM shim-bsc920515-fix-fallback-buffer-length.patch bsc#920515 glin@suse.com -- Fix the buffer size for the boot options -Patch6: shim-bsc920515-fix-fallback-buffer-length.patch -# PATCH-FIX-UPSTREAM shim-update-cryptlib.patch glin@suse.com -- Update Cryptlib and openssl -Patch7: shim-update-cryptlib.patch +Patch3: shim-fix-mokmanager-sections.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not Patch100: shim-opensuse-cert-prompt.patch -Patch101: shim-gcc5.patch BuildRequires: gnu-efi >= 3.0t BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8 @@ -83,16 +74,11 @@ Authors: %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 %patch100 -p1 -%patch101 -p1 %build # first, build MokManager and fallback as they don't depend on a # specific certificate -make EFI_PATH=/usr/lib64 MokManager.efi fallback.efi 2>/dev/null +make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi 2>/dev/null # now build variants of shim that embed different certificates default='' @@ -147,7 +133,7 @@ for suffix in "${suffixes[@]}"; do cp $cert2 shim.crt fi # make sure cast warnings don't trigger post build check - make EFI_PATH=/usr/lib64 VENDOR_CERT_FILE=shim-$suffix.der shim.efi 2>/dev/null + make EFI_PATH=/usr/lib64 RELEASE=0 VENDOR_CERT_FILE=shim-$suffix.der shim.efi 2>/dev/null # # assert correct certificate embedded grep -q "$verify" shim.efi